feat: polish Makefile details to enable applying Kubernetes manifests (#50)

* refactor: clarify manifest application for specific DIR (not APP)

* fix: allow proper application of several manifests

* If several manifests are found for `apply-namespaces`, xargs will process only one file at a time.
* The flag `--recursive` allows `apply-all` to recurse through dirs instead of providing it with single files.

* feat: print token of given secret name

* feat: skip dirs when applying Kubernetes manifests

* feat: print CA cert and API server for getting necessary CI secrets

The three prints of this Makefile now allow us to extract the necesaary secrets to let service accounts authenticate on CI agents.
This assumes that we print thos details in a authenticated `kubectl` env.

Author: felix-seifert

kubernetes/Makefile

@@ -1,32 +1,53 @@
 KUBECTL ?= kubectl
 K8S_RESOURCES_DIR := .
 
-# Arg APP is used to define applying resources only for specific app/subdir
-ifdef APP
-  TARGET_DIR := $(K8S_RESOURCES_DIR)/$(APP)
+# Arg DIR is used to define applying resources only for specific app/subdir
+ifdef DIR
+  TARGET_DIR := $(K8S_RESOURCES_DIR)/$(DIR)
 else
   TARGET_DIR := $(K8S_RESOURCES_DIR)
 endif
 
-.PHONY: apply-namespaces apply-all apply update-image
+empty :=
+space := $(empty) $(empty)
+comma := ,
+
+define replace_commas_with_spaces
+  $(subst $(comma),$(space),$(strip $(1)))
+endef
+
+# SKIP_DIR (optional) - comma-separated list of dirs to skip under TARGET_DIR
+SKIP_DIRS := $(strip $(SKIP_DIR))
+SPACE_SEPARATED_SKIP_DIRS := $(call replace_commas_with_spaces,$(SKIP_DIRS))
+
+define generate_skip_dirs_through_prune
+	$(foreach dir,$(SPACE_SEPARATED_SKIP_DIRS),-path $(TARGET_DIR)/$(dir) -o) -false
+endef
+
+.PHONY: apply-namespaces apply-all apply update-image print-decoded-token help
 
 .DEFAULT_GOAL := help
 
-apply-namespaces: ## Apply all namespaces defined in YAML files (of specific APP if specified)
-	@echo "Applying all manifests with kind Namespace from $(TARGET_DIR)/..."
-	@find $(TARGET_DIR) -type f -name "*.yaml" -o -name "*.yml" \
+apply-namespaces: ## Apply all namespaces defined in YAML files (of specific DIR if specified)
+	@echo "Applying all manifests with kind Namespace from $(TARGET_DIR)/ (excluding SKIP_DIRS $(SKIP_DIRS))..."
+	@find $(TARGET_DIR) \
+		\( $(call generate_skip_dirs_through_prune) \) -prune -o \
+		\( -type f \( -name "*.yaml" -o -name "*.yml" \) \) -print \
 		| xargs grep --files-with-matches "^kind: *Namespace" \
-		| xargs --no-run-if-empty $(KUBECTL) apply --filename
+		| xargs --no-run-if-empty --max-args=1 $(KUBECTL) apply --filename
 
-apply-all: ## Apply all resources (also namespaces) defined in YAML files (of specific APP if specified)
-	@echo "Applying all Kubernetes manifests from $(TARGET_DIR)/..."
-	@$(KUBECTL) apply --filename $(TARGET_DIR)
+apply-all: ## Apply all resources (also namespaces) defined in YAML files (of specific DIR if specified)
+	@echo "Applying all Kubernetes manifests from $(TARGET_DIR)/ (excluding SKIP_DIRS $(SKIP_DIRS))..."
+	@find $(TARGET_DIR) \
+		\( $(call generate_skip_dirs_through_prune) \) -prune -o \
+		\( -type f \( -name "*.yaml" -o -name "*.yml" \) \) -print \
+		| xargs --no-run-if-empty --max-args=1 $(KUBECTL) apply --filename
 
-apply: apply-namespaces apply-all ## Apply first namespaces and then all resources defined in YAML files (of specific APP if specified)
+apply: apply-namespaces apply-all ## Apply first namespaces and then all resources defined in YAML files (of specific DIR if specified)
 
-update-image: ## Update tag of given IMAGE to TAG of all resources defined in YAML files (of specific APP if specified)
+update-image: ## Update tag of given IMAGE to TAG of all resources defined in YAML files (of specific DIR if specified)
 	@if [ -z "$(IMAGE)" ] || [ -z "$(TAG)" ]; then \
-		echo "Usage: make update-image IMAGE=<image> TAG=<tag> [APP=<app>]"; \
+		echo "Usage: make update-image IMAGE=<image> TAG=<tag> [DIR=<subdirectory>]"; \
 		exit 1; \
 	fi
 	@echo "Updating image '$(IMAGE)' to tag '$(TAG)' in $(TARGET_DIR)/..."
@@ -48,5 +69,40 @@ update-image: ## Update tag of given IMAGE to TAG of all resources defined in YA
 			fi; \
 		done
 
+print-decoded-token: ## Print base64 decoded token of secret which is passed as SECRET_NAME
+	@if [ -z "$(SECRET_NAME)" ]; then \
+		echo "Usage: make print-decoded-token SECRET_NAME=<secret-name>"; \
+		exit 1; \
+	fi
+	@NAME=$(SECRET_NAME) ; \
+	NAMESPACE=$$(kubectl get secrets --all-namespaces --output jsonpath='{range .items[?(@.metadata.name=="'"$$NAME"'")]}{.metadata.namespace}{"\n"}{end}') ; \
+	if [ -z "$$NAMESPACE" ]; then \
+		echo "Secret $$NAME not found in any namespace." >&2 ; exit 1 ; \
+	fi ; \
+	TOKEN=$$(kubectl get secret $$NAME -n $$NAMESPACE -o jsonpath='{.data.token}' | base64 --decode) ; \
+	if [ -z "$$TOKEN" ]; then \
+		echo "Token not found in secret $$NAME in namespace $$NAMESPACE." >&2 ; exit 1 ; \
+	fi ; \
+	echo $$TOKEN
+
+print-ca-cert: ## Print base64 encoded CA cert data of secret which is passed as SECRET_NAME
+	@if [ -z "$(SECRET_NAME)" ]; then \
+		echo "Usage: make print-ca-cert SECRET_NAME=<secret-name>"; \
+		exit 1; \
+    fi
+	@NAME=$(SECRET_NAME) ; \
+	NAMESPACE=$$(kubectl get secrets --all-namespaces --output jsonpath='{range .items[?(@.metadata.name=="'"$$NAME"'")]}{.metadata.namespace}{"\n"}{end}') ; \
+	if [ -z "$$NAMESPACE" ]; then \
+		echo "Secret $$NAME not found in any namespace." >&2 ; exit 1 ; \
+	fi ; \
+	CA_CERT_DATA=$$(kubectl get secret $$NAME -n $$NAMESPACE -o jsonpath='{.data.ca\.crt}') ; \
+	if [ -z "$$CA_CERT_DATA" ]; then \
+		echo "Token not found in secret $$NAME in namespace $$NAMESPACE." >&2 ; exit 1 ; \
+	fi ; \
+	echo $$CA_CERT_DATA
+
+print-api-url: ## Print URL of Kubernetes API server from `kubectl config view`
+	@echo $$($(KUBECTL) config view --minify -o jsonpath='{.clusters[0].cluster.server}')
+
 help: ## Show this help
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z0-9._-]+:.*?## / {printf "\033[1m\033[36m%-24s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)