-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathMakefile.local
More file actions
309 lines (253 loc) · 15.7 KB
/
Makefile.local
File metadata and controls
309 lines (253 loc) · 15.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
# Copyright 2023 TV 2 DANMARK A/S
#
# Licensed under the Apache License, Version 2.0 (the "License") with the
# following modification to section 6. Trademarks:
#
# Section 6. Trademarks is deleted and replaced by the following wording:
#
# 6. Trademarks. This License does not grant permission to use the trademarks and
# trade names of TV 2 DANMARK A/S, including but not limited to the TV 2® logo and
# word mark, except (a) as required for reasonable and customary use in describing
# the origin of the Work, e.g. as described in section 4(c) of the License, and
# (b) to reproduce the content of the NOTICE file. Any reference to the Licensor
# must be made by making a reference to "TV 2 DANMARK A/S", written in capitalized
# letters as in this example, unless the format in which the reference is made,
# requires lower case letters.
#
# You may not use this software except in compliance with the License and the
# modifications set out above.
#
# You may obtain a copy of the license at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################
.PHONY: setup-e2e-test-cluster
setup-e2e-test-cluster: create-cluster deploy-gateway-api setup-external-dns-test
#################
.PHONY: setup-external-dns-test
setup-external-dns-test: deploy-etcd deploy-coredns deploy-external-dns deploy-multitool
.PHONY: wait-ready-external-dns-test
wait-ready-external-dns-test:
until kubectl wait pods -l app.kubernetes.io/instance=etcd-test-only --for condition=Ready --timeout=120s ; do echo "."; sleep 1; done
until kubectl wait pods -l app.kubernetes.io/instance=coredns-test-only --for condition=Ready --timeout=120s; do echo "."; sleep 1; done
until kubectl wait pods -l app=multitool --for condition=Ready --timeout=120s ; do echo "."; sleep 1; done
until kubectl wait pods -l app.kubernetes.io/instance=external-dns --for condition=Ready --timeout=120s ; do echo "."; sleep 1; done
#################
GATEWAY_API_VERSION ?= v1.5.1
.PHONY: gateway-api-upstream-get
gateway-api-upstream-get:
mkdir upstream-gateway-api
curl -sL https://github.com/kubernetes-sigs/gateway-api/releases/download/$(GATEWAY_API_VERSION)/standard-install.yaml > upstream-gateway-api/crds.yaml
.PHONY: deploy-gateway-api
deploy-gateway-api:
kubectl apply -f upstream-gateway-api/
#################
.PHONY: create-cluster
create-cluster:
cat test-data/kind-config.yaml_tpl | k8s_ver=1.32.0 envsubst > test-data/kind-config.yaml
kind create cluster --name $(KIND_CLUSTER_NAME) --config test-data/kind-config.yaml
.PHONY: delete-cluster
delete-cluster:
kind delete cluster --name $(KIND_CLUSTER_NAME)
#################
ISTIO_VERSION ?= 1.24.2
.PHONY: deploy-istio
deploy-istio:
helm upgrade -i --repo https://istio-release.storage.googleapis.com/charts base base --version ${ISTIO_VERSION} -n istio-system --create-namespace
helm upgrade -i --repo https://istio-release.storage.googleapis.com/charts istiod istiod --version ${ISTIO_VERSION} -n istio-system
.PHONY: undeploy-istio
undeploy-istio:
helm uninstall -n istio-system istiod
#################
.PHONY: deploy-etcd
deploy-etcd:
helm upgrade -i etcd-test-only oci://registry-1.docker.io/bitnamicharts/etcd --version 12.0.18 --set auth.rbac.create=false,image.repository=bitnamilegacy/etcd,image.tag=3.6.4-debian-12-r4,global.security.allowInsecureImages=true
#################
.PHONY: deploy-coredns
deploy-coredns:
helm upgrade -i --repo https://coredns.github.io/helm coredns-test-only coredns --version 1.19.7 --values test-data/coredns-test-values.yaml
#################
.PHONY: deploy-multitool
deploy-multitool:
kubectl create deploy multitool --image praqma/network-multitool
#################
.PHONY: deploy-external-dns
deploy-external-dns:
helm upgrade -i --repo https://kubernetes-sigs.github.io/external-dns external-dns external-dns --version 1.12.2 --values test-data/external-dns-values.yaml
#################
.PHONY: deploy-prometheus-operator-crds
deploy-prometheus-operator-crds:
helm upgrade -i --repo https://prometheus-community.github.io/helm-charts prometheus-operator-crds prometheus-operator-crds --version 4.0.2
#################
.PHONY: deploy-prometheus
deploy-prometheus:
helm upgrade -i --repo https://prometheus-community.github.io/helm-charts kube-prometheus-stack kube-prometheus-stack --version 46.8.0 -n default --values test-data/kube-prometheus-stack-values.yaml
#################
.PHONY: deploy-metrics-server
deploy-metrics-server:
helm upgrade -i --repo https://kubernetes-sigs.github.io/metrics-server metrics-server metrics-server --version 3.8.3 -n kube-system --set args={--kubelet-insecure-tls}
#################
.PHONY: deploy-kube-state-metrics
deploy-kube-state-metrics:
helm upgrade -i --repo https://prometheus-community.github.io/helm-charts kube-state-metrics kube-state-metrics --version 5.7.0 -n kube-system --values test-data/kube-state-metrics-values.yaml
#################
# https://kind.sigs.k8s.io/docs/user/loadbalancer/
.PHONY: deploy-metallb
deploy-metallb:
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.8/config/manifests/metallb-native.yaml
sleep 5
kubectl wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s
scripts/kind-metallb-configure.sh
#################
.PHONY: deploy-contour
deploy-contour:
helm upgrade -i --repo https://projectcontour.github.io/helm-charts/ contour contour -n projectcontour --version 0.2.0 --create-namespace
# To allow contour to provision from gateway resources
.PHONY: deploy-contour-provisioner
deploy-contour-provisioner:
kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.30/examples/gateway-provisioner/00-common.yaml
kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.30/examples/gateway-provisioner/01-roles.yaml
kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.30/examples/gateway-provisioner/02-rolebindings.yaml
kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-1.30/examples/gateway-provisioner/03-gateway-provisioner.yaml
kubectl apply -f test-data/contour-gatewayclass.yaml
#################
.PHONY: deploy-cert-manager
deploy-cert-manager: create-ca-cert ca-cert-secret-create
helm upgrade -i --repo https://charts.jetstack.io cert-manager cert-manager --version v1.10.1 -n cert-manager --set installCRDs=true
kubectl apply -f test-data/getting-started/cert-manager-issuer.yaml
.PHONY: create-ca-cert
create-ca-cert:
scripts/openssl.sh req -x509 -nodes -subj '/C=DK/ST=ACMEprov/L=ACMEloc/O=ACMEcompany/OU=ACMEorg/CN=foo.example.com' -nodes -days 365 -newkey rsa:2048 -keyout foo-example-com.key -out foo-example-com.crt
chmod 644 foo-example-com.crt
chmod 600 foo-example-com.key
scripts/openssl.sh x509 -in foo-example-com.crt -text -noout
.PHONY: ca-cert-secret-create
ca-cert-secret-create:
kubectl create ns cert-manager
kubectl -n cert-manager create secret tls ca-key-pair --cert=foo-example-com.crt --key=foo-example-com.key
#################
AWS_LOAD_BALANCER_CONTROLLER_VERSION ?= v2.4.5
AWS_LOAD_BALANCER_CONTROLLER_CHART_VERSION ?= v1.4.6
# Note, template also require CLUSTERNAME and AWS_LOAD_BALANCER_CONTROLLER_IAM_ROLE_ARN
.PHONY: deploy-aws-load-balancer-controller-crds
deploy-aws-load-balancer-controller-crds:
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/${AWS_LOAD_BALANCER_CONTROLLER_VERSION}/helm/aws-load-balancer-controller/crds/crds.yaml
.PHONY: deploy-aws-load-balancer-controller
deploy-aws-load-balancer-controller:
cat test-data/aws-load-balancer-controller-values.yaml_tpl | AWS_LOAD_BALANCER_CONTROLLER_IAM_ROLE_ARN=${AWS_LOAD_BALANCER_CONTROLLER_IAM_ROLE_ARN} envsubst > aws-load-balancer-controller-values.yaml
helm upgrade -i --repo https://aws.github.io/eks-charts aws-load-balancer-controller aws-load-balancer-controller --version ${AWS_LOAD_BALANCER_CONTROLLER_CHART_VERSION} -n kube-system --set installCRDs=false --values aws-load-balancer-controller-values.yaml
.PHONY: undeploy-aws-load-balancer-controller
undeploy-aws-load-balancer-controller:
helm uninstall -n kube-system aws-load-balancer-controller
#################
CROSSPLANE_VERSION ?= v1.12.2
.PHONY: deploy-crossplane
deploy-crossplane:
helm upgrade -i --repo https://charts.crossplane.io/stable crossplane crossplane --version ${CROSSPLANE_VERSION} -n crossplane-system --create-namespace
.PHONY: undeploy-crossplane
undeploy-crossplane:
helm uninstall crossplane -n crossplane-system
CROSSPLANE_AWS_PROVIDER_VERSION ?= v0.36.0
# Note, templates also require CROSSPLANE_INITIAL_IAM_ROLE_ARN and CROSSPLANE_IAM_ROLE_ARN
.PHONY: deploy-crossplane-aws-provider
deploy-crossplane-aws-provider:
cat test-data/crossplane-aws-provider.yaml_tpl | CROSSPLANE_AWS_PROVIDER_VERSION=${CROSSPLANE_AWS_PROVIDER_VERSION} CROSSPLANE_INITIAL_IAM_ROLE_ARN=${CROSSPLANE_INITIAL_IAM_ROLE_ARN} envsubst > crossplane-aws-provider.yaml
cat test-data/crossplane-aws-provider-config.yaml_tpl | CROSSPLANE_IAM_ROLE_ARN=${CROSSPLANE_IAM_ROLE_ARN} envsubst > crossplane-aws-provider-config.yaml
kubectl apply -f crossplane-aws-provider.yaml
kubectl wait "providers.pkg.crossplane.io/provider-family-aws" --for=condition=Installed --timeout=180s
kubectl wait "providers.pkg.crossplane.io/provider-family-aws" --for=condition=Healthy --timeout=180s
kubectl apply -f crossplane-aws-provider-config.yaml
.PHONY: undeploy-crossplane-aws-provider
undeploy-crossplane-aws-provider:
kubectl delete -f crossplane-aws-provider-config.yaml
kubectl delete -f crossplane-aws-provider.yaml
#################
BIFROST_VERSION ?= 0.1.6
.PHONY: deploy-controller-helm
deploy-controller-helm:
helm upgrade -i bifrost-gateway-controller-helm oci://ghcr.io/tv2/bifrost-gateway-controller-helm --version ${BIFROST_VERSION} --values charts/bifrost-gateway-controller/ci/gatewayclassblueprint-contour-istio-values.yaml -n bifrost-gateway-controller-system --create-namespace
.PHONY: deploy-controller-local-helm
deploy-controller-local-helm:
helm upgrade -i bifrost-gateway-controller-helm charts/bifrost-gateway-controller --values charts/bifrost-gateway-controller/ci/gatewayclassblueprint-contour-istio-values.yaml -n bifrost-gateway-controller-system --create-namespace --set prometheus.monitor.enabled=true
.PHONY: deploy-controller-aws-helm
deploy-controller-aws-helm:
helm upgrade -i bifrost-gateway-controller-helm oci://ghcr.io/tv2/bifrost-gateway-controller-helm --version ${BIFROST_VERSION} --values charts/bifrost-gateway-controller/ci/gatewayclassblueprint-crossplane-aws-alb-values.yaml -n bifrost-gateway-controller-system --create-namespace
.PHONY: undeploy-controller-helm
undeploy-controller-helm:
helm uninstall -n bifrost-gateway-controller-system bifrost-gateway-controller-helm
#################
BIFROST_BLUEPRINTS_VERSION ?= 0.0.21
.PHONY: deploy-controller-blueprint
setup-getting-started-controller-blueprint:
kubectl apply -f https://github.com/tv2/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclassblueprint-contour-istio-cert.yaml
kubectl apply -f https://github.com/tv2/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclass-contour-istio-cert.yaml
.PHONY: deploy-controller-blueprint-local
deploy-controller-blueprint-local:
kubectl apply -f blueprints/contour-istio/gatewayclassblueprint-contour-istio-cert.yaml -f blueprints/contour-istio/gatewayclass-contour-istio-cert.yaml
.PHONY: deploy-aws-istio-blueprint
deploy-aws-istio-blueprint:
kubectl apply -f https://github.com/tv2/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclassblueprint-aws-alb-crossplane.yaml
kubectl apply -f https://github.com/tv2/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclass-aws-alb-crossplane.yaml
.PHONY: undeploy-aws-istio-blueprint
undeploy-aws-istio-blueprint:
kubectl delete -f https://github.com/tv2/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclassblueprint-aws-alb-crossplane.yaml
kubectl delete -f https://github.com/tv2/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclass-aws-alb-crossplane.yaml
.PHONY: deploy-aws-istio-blueprint-local
deploy-aws-istio-blueprint-local:
kubectl apply -f blueprints/aws-alb-crossplane/gatewayclassblueprint-aws-alb-crossplane.yaml -f blueprints/aws-alb-crossplane/gatewayclass-aws-alb-crossplane.yaml
.PHONY: undeploy-aws-istio-blueprint-local
undeploy-aws-istio-blueprint-local:
kubectl delete -f blueprints/gatewayclassblueprint-aws-alb-crossplane.yaml -f blueprints/gatewayclass-aws-alb-crossplane.yaml
#################
# See 'doc/getting-started.md'
.PHONY: setup-getting-started
setup-getting-started: setup-getting-started-cluster setup-getting-started-controller deploy-controller-blueprint-local deploy-getting-started-usecase
.PHONY: setup-getting-started-cluster
setup-getting-started-cluster:
make create-cluster deploy-gateway-api
make deploy-metallb
make deploy-metrics-server
make deploy-istio
make deploy-contour deploy-contour-provisioner
make setup-external-dns-test
make deploy-cert-manager
.PHONY: setup-getting-started-controller
setup-getting-started-controller:
# Using 'Deploy from Local-build and YAML Artifacts' method
KO_DOCKER_REPO=kind.local make build container
make deploy
GATEWAY_CLASS_NAME ?= contour-istio-cert
DOMAIN ?= foo.example.com
.PHONY: deploy-getting-started-usecase
deploy-getting-started-usecase:
kubectl apply -f test-data/getting-started/foo-namespaces.yaml
cat test-data/getting-started/foo-gateway.yaml | GATEWAY_CLASS_NAME=${GATEWAY_CLASS_NAME} DOMAIN=${DOMAIN} envsubst | kubectl apply -f -
kubectl -n foo-site apply -f test-data/getting-started/app-foo-site.yaml
kubectl -n foo-site apply -f test-data/getting-started/foo-site-httproute.yaml
kubectl -n foo-store apply -f test-data/getting-started/app-foo-store-v1.yaml
kubectl -n foo-store apply -f test-data/getting-started/app-foo-store-v2.yaml
kubectl -n foo-store apply -f test-data/getting-started/foo-store-httproute.yaml
.PHONY: undeploy-getting-started-usecase
undeploy-getting-started-usecase:
kubectl delete -f test-data/getting-started/foo-namespaces.yaml
.PHONY: deploy-namespace-gatewayclassconfig
deploy-namespace-gatewayclassconfig:
kubectl apply -f test-data/getting-started/foo-namespaces.yaml
cat hack/demo/namespace-gatewayclassconfig.yaml | CERTIFICATE_ARN=${CERTIFICATE_ARN} envsubst | kubectl apply -f -
.PHONY: wait-ready-getting-started-usecase
wait-ready-getting-started-usecase:
$(eval GATEWAY_IP=$(shell kubectl -n foo-infra get gateway foo-gateway -o jsonpath='{.status.addresses[0].value}'))
scripts/waitfor.sh scripts/curl.sh -s --connect-timeout 1 --fail --resolve foo.example.com:80:$(GATEWAY_IP) http://foo.example.com/site
.PHONY: tryout-getting-started-usecase
tryout-getting-started-usecase:
$(eval GATEWAY_IP=$(shell kubectl -n foo-infra get gateway foo-gateway -o jsonpath='{.status.addresses[0].value}'))
scripts/curl.sh -s --resolve foo.example.com:80:$(GATEWAY_IP) http://foo.example.com/site | grep Welcome-to-foo-site
scripts/curl.sh -s --cacert foo-example-com.crt --resolve foo.example.com:443:$(GATEWAY_IP) https://foo.example.com/site | grep Welcome-to-foo-site
scripts/curl.sh -s --resolve foo.example.com:80:$(GATEWAY_IP) http://foo.example.com/store | grep -e 'Welcome-to-foo-store-v[12]'
scripts/curl.sh -s --cacert foo-example-com.crt --resolve foo.example.com:443:$(GATEWAY_IP) https://foo.example.com/store| grep -e 'Welcome-to-foo-store-v[12]'