mirror of
https://github.com/costinm/ugate.git
synced 2024-07-06 23:52:40 +08:00
216 lines
6.4 KiB
Makefile
216 lines
6.4 KiB
Makefile
ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
|
|
OUT=${ROOT_DIR}/../out/ugate
|
|
|
|
#IMAGE ?= gcr.io/dmeshgate/ugate
|
|
REPO ?= ghcr.io/costinm/ugate
|
|
IMAGE ?= ${REPO}/ugate
|
|
KO_DOCKER_REPO ?= gcr.io/dmeshgate/ugate
|
|
#KO_DOCKER_REPO ?= costinm/ugate
|
|
export KO_DOCKER_REPO
|
|
|
|
all/cr: docker/dev push/dev push/ko run/cloudrun
|
|
|
|
deploy: deploy/cloudrun deploy/helm
|
|
|
|
deploy/cloudrun: docker push/ugate run/cloudrun
|
|
|
|
|
|
deploy/helm: docker push/ugate run/helm
|
|
|
|
docker:
|
|
docker build -t ${IMAGE}:latest .
|
|
|
|
docker/dev:
|
|
docker build -t ${IMAGE}-dev:latest -f tools/dev/Dockerfile.devbase \
|
|
tools/dev
|
|
|
|
docker/dev-istio:
|
|
#docker pull gcr.io/istio-testing/build-tools:master-latest
|
|
docker build -t ${IMAGE}-dev-istio:latest -f tools/dev/Dockerfile.istio-dev \
|
|
tools/dev
|
|
docker push ${IMAGE}-dev-istio:latest
|
|
|
|
push/dev:
|
|
docker push ${IMAGE}-dev:latest
|
|
|
|
run/dev:
|
|
docker run -it --entrypoint /bin/bash gcr.io/dmeshgate/ugate-dev:latest
|
|
|
|
docker/devui:
|
|
#docker pull golang:latest
|
|
docker build -t ${IMAGE}-dev:cinamon-latest -f tools/dev/Dockerfile.cinamon tools/dev
|
|
|
|
push/devui:
|
|
docker push ${IMAGE}-dev:cinamon-latest
|
|
|
|
run/devui:
|
|
docker run -it \
|
|
--entrypoint /bin/bash \
|
|
--rm --name dev \
|
|
-p 18080:8080 -p 32000:22000 -p 8444:8444 \
|
|
-v /x/sync/dmesh-src/ugate-ws:/work \
|
|
${IMAGE}-dev:cinamon-latest
|
|
|
|
run/docker-image:
|
|
docker run -P -v /ws/dmesh-src/work/s1:/var/lib/istio \
|
|
-v ${ROOT_DIR}:/ws \
|
|
--name ugate \
|
|
--cap-add NET_ADMIN \
|
|
-p 443:9999 \
|
|
${IMAGE}:latest
|
|
|
|
run/docker-test:
|
|
docker stop ugate || true
|
|
docker rm ugate || true
|
|
docker run -P -v /ws/dmesh-src/work/s1:/var/lib/istio \
|
|
-v ${ROOT_DIR}:/ws \
|
|
--name ugate \
|
|
--cap-add NET_ADMIN \
|
|
-p 443:9999 \
|
|
${IMAGE}:latest \
|
|
/ws/build/run.sh
|
|
|
|
|
|
push/docker.ugate: docker push/ugate
|
|
|
|
push/ugate:
|
|
docker push ${IMAGE}:latest
|
|
|
|
cm-install:
|
|
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.8.0/cert-manager.yaml
|
|
#kubectl -n istio-system apply -f manifests/istio-issuer.yaml
|
|
|
|
deploy/kiali:
|
|
helm install \
|
|
--namespace istio-system \
|
|
--set auth.strategy="anonymous" \
|
|
--repo https://kiali.org/helm-charts \
|
|
kiali-server \
|
|
kiali-server
|
|
|
|
fw/kiali:
|
|
kubectl port-forward svc/kiali 20001:20001 -n istio-system&
|
|
|
|
# Using Intellij plugin: missing manifest features
|
|
# Build with buildpack: 30 sec to deploy
|
|
# Build with docker: 26 sec
|
|
# Both use skaffold
|
|
# Faster than docker.
|
|
#push/ko:
|
|
# (cd cmd/ugate && ko publish . --bare)
|
|
#
|
|
#deps/ko:
|
|
# go install github.com/google/ko@latest
|
|
|
|
# Run ugate in cloudrun.
|
|
# Storage: Env variables, GCP resources (buckets,secrets,k8s)
|
|
# Real cert, OIDC tokens via metadata server.
|
|
# https://ugate-yydsuf6tpq-uc.a.run.app
|
|
run/cloudrun: #push/docker.ugate
|
|
gcloud beta run services replace manifests/knative-ugate.yaml --platform managed --project dmeshgate --region us-central1
|
|
gcloud run services update-traffic ugate --to-latest --platform managed --project dmeshgate --region us-central1
|
|
|
|
run/cloudrun2: #push/docker.ugate
|
|
gcloud beta run services replace manifests/knative-ugate.yaml --platform managed --project dmeshgate --region us-central1
|
|
gcloud run services update-traffic ugate --to-latest --platform managed --project dmeshgate --region us-central1
|
|
|
|
run/cloudrun3:
|
|
gcloud alpha run deploy ugatevm --sandbox=minivm --platform managed --project dmeshgate \
|
|
--region us-central1 --image gcr.io/dmeshgate/ugate:latest --command /usr/local/bin/run.sh --allow-unauthenticated --use-http2 --set-env-vars="SSH_AUTH=$(cat ~/.ssh/id_ecdsa.pub)" --use-http2
|
|
|
|
run/sshcr:
|
|
ssh -v -o StrictHostKeyChecking=no -o ProxyCommand='hbone https://ugatevm-yydsuf6tpq-uc.a.run.app:443/dm/127.0.0.1:22' \
|
|
root@ugate-yydsuf6tpq-uc.a.run.app:443
|
|
|
|
run/helm:
|
|
helm upgrade --install --create-namespace ugate \
|
|
--namespace ugate manifests/charts/ugate/
|
|
|
|
run/helm-istio-system:
|
|
helm upgrade --install --create-namespace ugate-istio-system \
|
|
--namespace istio-system manifests/charts/ugate/
|
|
|
|
test/run-iptables:
|
|
docker run -P \
|
|
-v ${ROOT_DIR}:/ws \
|
|
--rm \
|
|
-w /ws \
|
|
--entrypoint /bin/sh \
|
|
--cap-add NET_ADMIN \
|
|
${IMAGE}:latest \
|
|
-c "make test/iptables"
|
|
|
|
|
|
# Should be run in docker, as root
|
|
test/iptables:
|
|
mkdir build
|
|
./cmd/ugate/iptables.sh
|
|
iptables-save |grep ISTIO > ${OUT}/iptables_def.out
|
|
diff ${OUT}/iptables_def.out cmd/ugate/testdata/iptables/iptables_def.out
|
|
|
|
INBOUND_PORTS_EXCLUDE=1000,1001 OUTBOUND_PORTS_EXCLUDE=2000,2001 ./cmd/ugate/iptables.sh
|
|
iptables-save |grep ISTIO > ${OUT}/iptables_ex.out
|
|
diff ${OUT}/iptables_ex.out cmd/ugate/testdata/iptables/iptables_ex.out
|
|
|
|
IN=443 ./cmd/ugate/iptables.sh
|
|
iptables-save |grep ISTIO > ${OUT}/iptables_443.out
|
|
diff ${OUT}/iptables_443.out cmd/ugate/testdata/iptables/iptables_443.out
|
|
|
|
IN=80,443 OUT=5201,5202 ./cmd/ugate/iptables.sh
|
|
iptables-save |grep ISTIO > ${OUT}/iptables_443_5201.out
|
|
diff ${OUT}/iptables_443_5201.out cmd/ugate/testdata/iptables/iptables_443_5201.out
|
|
|
|
HOSTS=c1 home
|
|
|
|
## For debug
|
|
run/home:
|
|
HOST=ugate $(MAKE) remote/_run
|
|
|
|
run/c1:
|
|
HOST=v $(MAKE) remote/_run
|
|
|
|
build:
|
|
(cd ./cmd/ugate; CGO_ENABLED=0 go build -o ${OUT}/ugate .)
|
|
|
|
# Must have a $HOME/ugate dir
|
|
remote/_run: build
|
|
ssh ${HOST} pkill ugate || true
|
|
scp ${OUT}/ugate ${HOST}:/x/ugate
|
|
ssh ${HOST} "cd /x/ugate; HOME=/x/ugate /x/ugate/ugate"
|
|
|
|
update:
|
|
# yq -j < cmd/ugate/testdata/ugate.yaml > cmd/ugate/testdata/ugate.json
|
|
|
|
|
|
deps:
|
|
go install github.com/bufbuild/buf/cmd/buf@latest
|
|
go install istio.io/tools/cmd/protoc-gen-docs@latest
|
|
go install istio.io/tools/cmd/protoc-gen-crds@latest
|
|
|
|
go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest
|
|
go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
|
|
go install github.com/bufbuild/connect-go/cmd/protoc-gen-connect-go@latest
|
|
go install github.com/mikefarah/yq/v4@latest
|
|
|
|
# debug tool for std grpc - need http/tcp equivalent
|
|
go install -v github.com/grpc-ecosystem/grpcdebug@latest
|
|
# Test tool
|
|
go install github.com/bojand/ghz/cmd/ghz@latest
|
|
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
|
|
chmod +x ./kubectl
|
|
mv ./kubectl /usr/local/bin
|
|
|
|
go install github.com/knusbaum/go9p/cmd/mount9p@latest
|
|
go install github.com/knusbaum/go9p/cmd/export9p@latest
|
|
go install github.com/knusbaum/go9p/cmd/import9p@latest
|
|
|
|
|
|
|
|
proto-gen: PATH:=${HOME}/go/bin:${PATH}
|
|
proto-gen:
|
|
cd proto && buf generate
|
|
|
|
|
|
# Other options:
|
|
# GOEXPERIMENT=boringcrypto and "-tags boringcrypto"
|