-
Notifications
You must be signed in to change notification settings - Fork 862
Expand file tree
/
Copy pathMakefile
More file actions
425 lines (324 loc) · 15.6 KB
/
Makefile
File metadata and controls
425 lines (324 loc) · 15.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
SHELL := /bin/bash
VERSION ?= $(shell cat ../version.txt)
# Image URL to use all building/pushing image targets
DOCKER_REGISTRY ?= seldonio
IMAGE_NAME_BASE=seldon-core-operator
SELDON_OPERATOR_IMG ?= ${DOCKER_REGISTRY}/${IMAGE_NAME_BASE}:${VERSION}
SUPPORTED_K8S_VERSIONS := 1.23 1.24 1.25 1.26 1.27 1.28 1.29 1.30 1.31 1.32 1.33 1.34
KIND_NAME ?= kind
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
else
GOBIN=$(shell go env GOBIN)
endif
# Setting SHELL to bash allows bash commands to be executed by recipes.
# This is a requirement for 'setup-envtest.sh' in the test target.
# Options are set to exit when a recipe line exits non-zero or a piped command fails.
#SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec
.PHONY:show_image
show_image:
echo ${SELDON_OPERATOR_IMG}
all: manager
.PHONY: lint
lint: licenses/dep.txt
# Check if licenses have changed
git \
--no-pager diff \
--exit-code \
./licenses
# Run tests
test: generate fmt vet manifests_all generate-resources envtest
@export ACK_GINKGO_RC=true; \
export ACK_GINKGO_DEPRECATIONS=1.16.4; \
failed_versions=""; \
for k8s_version in $(SUPPORTED_K8S_VERSIONS); do \
printf "Testing K8s %s\n" "$$k8s_version"; \
if KUBEBUILDER_ASSETS="$$($(ENVTEST) use $$k8s_version -p path)" go test -v ./controllers/... ./utils/... ./apis/... -coverprofile=cover_$$k8s_version.out; then \
echo "✓ K8s $$k8s_version passed"; \
else \
echo "✗ K8s $$k8s_version FAILED"; \
failed_versions="$$failed_versions $$k8s_version"; \
fi; \
done; \
if [ -n "$$failed_versions" ]; then \
echo ""; \
echo "================================================"; \
echo "FAILED: Tests failed for K8s versions:$$failed_versions"; \
echo "================================================"; \
exit 1; \
else \
echo ""; \
echo "✓ All tests passed for all K8s versions!"; \
fi
# Build manager binary
manager: generate fmt vet
go build -o bin/manager main.go
# Run against the configured Kubernetes cluster in ~/.kube/config
run: generate fmt vet manifests_all
go run ./main.go --webhook-port=9000
install-cert-manager:
kubectl create namespace cert-manager || echo "Namespace cert-manager-exists"
kubectl label namespace cert-manager cert-manager.io/disable-validation=true || echo "namespace cert-manager-already labelled"
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml
kubectl rollout status deployment.apps/cert-manager -n cert-manager
kubectl rollout status deployment.apps/cert-manager-cainjector -n cert-manager
kubectl rollout status deployment.apps/cert-manager-webhook -n cert-manager
manifests_all: manifests manifests_v1_small
# Install CRDs into a cluster
# Note use of create to stop too long annotation being created. See https://github.com/kubernetes-sigs/kubebuilder/issues/1140
install: manifests
go tool kustomize build config/crd | kubectl create -f -
# Install CRDs into a cluster
uninstall: manifests
go tool kustomize build config/crd | kubectl delete -f -
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
deploy: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/default | kubectl apply -f - --force-conflicts=true --server-side=true
undeploy: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/default | kubectl delete -f -
undeploy-namespaced1: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/namespaced1 | kubectl delete -f -
undeploy-namespaced2: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/namespaced2 | kubectl delete -f -
undeploy-controllerid: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/controllerid | kubectl delete -f -
undeploy-lite: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/lite | kubectl delete -f -
deploy-local: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/local | kubectl apply -f -
deploy-namespaced1: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/namespaced1 | kubectl apply -f -
deploy-namespaced2: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/namespaced2 | kubectl apply -f -
deploy-controllerid: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/controllerid | kubectl apply -f -
deploy-cert: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/cert | kubectl apply -f -
deploy-lite: manifests
cd config/manager && kustomize edit set image controller=${SELDON_OPERATOR_IMG}
go tool kustomize build config/lite | kubectl apply -f -
# Generate manifests e.g. CRD, RBAC etc.
# Commented out alternative is looking ahead to issue that on Openshift our v1 CRD is too large
# to be installed. This may also affect operator-sdk community operators.
# See https://github.com/operator-framework/operator-registry/issues/385
# Solution may be to drop v1alpha2 and v1alpha3 versions to decrease size by 2/3
manifests: controller-gen
go tool controller-gen rbac:roleName=manager-role webhook paths="./apis/machinelearning.seldon.io/..." output:crd:artifacts:config=config/crd/bases crd:crdVersions=v1
manifests_v1_small: controller-gen
go tool controller-gen rbac:roleName=manager-role paths="./apis/machinelearning.seldon.io/v1" output:crd:artifacts:config=config/crd_v1_small/bases crd:crdVersions=v1
# Run go fmt against code
fmt:
go fmt ./...
# Run go vet against code
vet:
go vet ./...
# Generate code
generate: controller-gen
go tool controller-gen object:headerFile=./hack/boilerplate.go.txt paths="./apis/machinelearning.seldon.io/..."
# Generate Clientset
create-client: test
./hack/update-codegen.sh
# Build the docker image
docker-build: generate-resources
docker build . -t ${SELDON_OPERATOR_IMG}
docker-push:
docker push ${SELDON_OPERATOR_IMG}
# Installing Images in Kind CLusters
kind-image-install: docker-build
kind load -v 3 docker-image ${SELDON_OPERATOR_IMG} --name ${KIND_NAME}
# find or download controller-gn
# download controller-gen if necessary
.PHONY: controller-gen
controller-gen: ## Download controller-gen locally if necessary.
go mod tidy
ENVTEST = go tool setup-envtest
.PHONY: envtest
envtest: ## Download envtest-setup locally if necessary.
go mod tidy
WEBHOOK_DIR=/tmp/k8s-webhook-server/serving-certs
tls-extract:
mkdir -p ${WEBHOOK_DIR}
kubectl get secrets -n seldon-system seldon-webhook-server-cert -o 'go-template={{index .data "tls.key"}}' | base64 -d > ${WEBHOOK_DIR}/tls.key
kubectl get secrets -n seldon-system seldon-webhook-server-cert -o 'go-template={{index .data "tls.crt"}}' | base64 -d > ${WEBHOOK_DIR}/tls.crt
.PHONY: self-signed-cert
self-signed-cert:
mkdir -p self-signed-cert
./generate-keys.sh self-signed-cert
clean-cert:
rm -r self-signed-cert
install-dev:
# Tool to generate license info
pip install \
'git+https://github.com/seldonio/kubeflow-testing#egg=go-license-tools&subdirectory=py/kubeflow/testing/go-license-tools'
.PHONY: licenses/dep.txt
licenses/dep.txt:
go list -m all | cut -d ' ' -f 1 > licenses/dep.txt
.PHONY: licenses
licenses: licenses/dep.txt
# NOTE: You need to create a file in ~/.github_api_token with a GitHub token.
get-github-repo \
-o licenses/repo.txt \
--manual-dep-repo-mapping ../licenses/dep_repo.manual.csv \
licenses/dep.txt
get-github-license-info -o licenses/license_info.csv licenses/repo.txt
python -m 'patch_additional_license_info' \
licenses/license_info.csv \
../licenses/additional_license_info.csv
concatenate-license -o licenses/license.txt licenses/license_info.csv
generate-resources:
rm -rf generated
mkdir generated
go tool kustomize build config/default/ -o generated
cp generated/apiextensions.k8s.io_v1_customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml testing/machinelearning.seldon.io_seldondeployments.yaml
config/crd/patches/graph_children.yaml:
python hack/create_graph_openapi_schema.py hack/graph_patch.tmpl.yaml config/crd/patches/graph_children.yaml
###################################
#
# Openshift community
#
###################################
OPENSHIFT_VERSIONS=v4.8-v4.11
.PHONY: bundle
recreate_bundle:
rm -fr bundle
go tool kustomize build config/manifests | operator-sdk --verbose generate bundle --default-channel stable --version ${VERSION} --channels stable
python hack/csv_hack.py bundle/manifests/seldon-operator.clusterserviceversion.yaml ${VERSION}
echo ' com.redhat.openshift.versions: "${OPENSHIFT_VERSIONS}"' >> bundle/metadata/annotations.yaml
echo 'LABEL com.redhat.openshift.versions=${OPENSHIFT_VERSIONS}' >> bundle.Dockerfile
create_bundle_image:
docker build . -f bundle.Dockerfile -t quay.io/seldon/seldon-operator:v${VERSION}
push_bundle_image:
docker push quay.io/seldon/seldon-operator:v${VERSION}
.PHONY: validate_bundle_image
validate_bundle_image:
operator-sdk bundle validate quay.io/seldon/seldon-operator:v${VERSION}
# Only index up to 1.2.2 as we have removed "replaces" in 1.2.2 to stop chain there for testing
.PHONY: opm_index
opm_index:
opm index add -c docker --bundles quay.io/seldon/seldon-operator:v${VERSION} --mode replaces --tag quay.io/seldon/test-catalog:latest
opm_push:
docker push quay.io/seldon/test-catalog:latest
.PHONY: update_openshift
update_openshift: recreate_bundle create_bundle_image push_bundle_image validate_bundle_image opm_index opm_push
#
# Scorecard
#
scorecard:
operator-sdk scorecard --kubeconfig ~/.kube/config quay.io/seldon/seldon-operator:v${VERSION}
#
# Community and Upstream Operators
#
# Change to local checkout
# This should be paths to forks of
# - https://github.com/k8s-operatorhub/community-operators
# - https://github.com/redhat-openshift-ecosystem/community-operators-prod
COMMUNITY_OPERATORS_FOLDER=~/work/red-hat/community-operators
UPSTREAM_OPERATORS_FOLDER=~/work/red-hat/community-operators-prod
update_community:
cp -r bundle/. ${COMMUNITY_OPERATORS_FOLDER}/operators/seldon-operator/${VERSION}
# Presently fails
test_community:
cd ${COMMUNITY_OPERATORS_FOLDER} && export OP_TEST_DEBUG=3 && bash <(curl -sL https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp.sh) kiwi,lemon,orange operators/seldon-operator/${VERSION}
update_upstream:
cp -r bundle/. ${UPSTREAM_OPERATORS_FOLDER}/operators/seldon-operator/${VERSION}
###################################
#
# Openshift Certified
#
###################################
create_certified_bundle:
rm -rf bundle-certified/manifests
cp -r bundle/manifests bundle-certified
mv bundle-certified/manifests/seldon-operator.clusterserviceversion.yaml bundle-certified/manifests/seldon-operator-certified.clusterserviceversion.yaml
./hack/update-openshift-certified.sh ${VERSION}
cp bundle.Dockerfile bundle-certified.Dockerfile
sed -i 's|COPY bundle/manifests|COPY bundle-certified/manifests|g' bundle-certified.Dockerfile
sed -i 's|COPY bundle/manifests|COPY bundle-certified/manifests|g' bundle-certified.Dockerfile
create_certified_bundle_image:
docker build . -f bundle-certified.Dockerfile -t quay.io/seldon/seldon-operator-certified:v${VERSION}
push_certified_bundle_image:
docker push quay.io/seldon/seldon-operator-certified:v${VERSION}
validate_certified_bundle_image:
operator-sdk bundle validate quay.io/seldon/seldon-operator-certified:v${VERSION}
opm_index_certified:
opm index add -c docker --bundles quay.io/seldon/seldon-operator-certified:v${VERSION} --mode replaces --tag quay.io/seldon/test-catalog-certified:latest
opm_push_certified:
docker push quay.io/seldon/test-catalog-certified:latest
# this does not include "create_certified_bundle" target to not affect manual pinning of images
update_openshift_certified: create_certified_bundle_image push_certified_bundle_image validate_certified_bundle_image opm_index_certified opm_push_certified
# password can be found at: https://connect.redhat.com/projects/5e6352370307ea9e345f6084/overview
project=5e6352370307ea9e345f6084
redhat-image-scan:
docker pull ${SELDON_OPERATOR_IMG}
source ~/.config/seldon/seldon-core/redhat-image-passwords.sh && \
echo $${rh_password_operator} | docker login -u redhat-isv-containers+${project}-robot quay.io --password-stdin
docker tag ${SELDON_OPERATOR_IMG} quay.io/redhat-isv-containers/${project}:${VERSION}
docker push quay.io/redhat-isv-containers/${project}:${VERSION}
source ~/.config/seldon/seldon-core/redhat-image-passwords.sh && \
preflight check container quay.io/redhat-isv-containers/${project}:${VERSION} --docker-config=${HOME}/.docker/config.json --certification-project-id=${project} --pyxis-api-token=$${pyxis_api_token} --submit
CERTIFIED_OPERATORS_FOLDER=~/work/red-hat/certified-operators
#need to rename package in annotations.yaml to seldon-operator-certified
update_certified:
cp -r bundle-certified/. ${CERTIFIED_OPERATORS_FOLDER}/operators/seldon-operator-certified/${VERSION}
GIT_REPO_URL=git@github.com:rafalskolasinski/certified-operators.git
BUNDLE_PATH=operators/seldon-operator-certified/${VERSION}
OPENSHIFT_PIPELINES_FOLDER=~/work/red-hat/operator-pipelines
run_certified_pipeline_basic:
cd ${OPENSHIFT_PIPELINES_FOLDER} && tkn pipeline start operator-ci-pipeline \
--param git_repo_url=${GIT_REPO_URL} \
--param git_branch=${VERSION} \
--param bundle_path=${BUNDLE_PATH} \
--param env=stage \
--workspace name=pipeline,volumeClaimTemplateFile=templates/workspace-template.yml \
--workspace name=ssh-dir,secret=github-ssh-credentials \
--showlog
# Run to pin images - presently will fail at later step but a new branch <version>-pinned will
# have been created which can be used in next step or fo rmanually creating PR
run_certified_pipeline_pinning:
cd ${OPENSHIFT_PIPELINES_FOLDER} && tkn pipeline start operator-ci-pipeline \
--param git_repo_url=${GIT_REPO_URL} \
--param git_branch=${VERSION} \
--param bundle_path=${BUNDLE_PATH} \
--param env=stage \
--param pin_digests=true \
--param git_username=${GIT_USERNAME} \
--param git_email=${GIT_EMAIL} \
--param registry=registry.connect.redhat.com \
--param image_namespace=seldonio \
--workspace name=pipeline,volumeClaimTemplateFile=templates/workspace-template.yml \
--workspace name=ssh-dir,secret=github-ssh-credentials \
--workspace name=registry-credentials,secret=registry-dockerconfig-secret \
--showlog
# Does not work at present
run_certified_pipeline_submit:
cd ${OPENSHIFT_PIPELINES_FOLDER} && tkn pipeline start operator-ci-pipeline \
--param git_repo_url=${GIT_REPO_URL} \
--param git_branch=${VERSION}-pinned \
--param bundle_path=${BUNDLE_PATH} \
--param env=stage \
--param pin_digests=false \
--param git_username=${GIT_USERNAME} \
--param git_email=${GIT_EMAIL} \
--param upstream_repo_name=redhat-openshift-ecosystem/certified-operators \
--param submit=true \
--param image_namespace=seldonio \
--workspace name=pipeline,volumeClaimTemplateFile=templates/workspace-template.yml \
--workspace name=ssh-dir,secret=github-ssh-credentials \
--showlog
# Run last to prepare for future release
PREV_VERSION=1.12.0
update_config:
sed -i s#${PREV_VERSION}#${VERSION}# config/manifests/bases/seldon-operator.clusterserviceversion.yaml