forked from projectcalico/calico
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
303 lines (254 loc) · 13 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
include ../metadata.mk
PACKAGE_NAME = github.com/projectcalico/calico/cni-plugin
# Name of the images.
# e.g., <registry>/<name>:<tag>
CNI_PLUGIN_IMAGE ?=cni
WINDOWS_IMAGE ?=cni-windows
BUILD_IMAGES ?=$(CNI_PLUGIN_IMAGE)
###############################################################################
# Download and include ../lib.Makefile
# Additions to EXTRA_DOCKER_ARGS need to happen before the include since
# that variable is evaluated when we declare DOCKER_RUN and siblings.
###############################################################################
include ../lib.Makefile
###############################################################################
LDFLAGS = -X main.VERSION=$(GIT_VERSION)
SRC_FILES=$(shell find pkg cmd internal -name '*.go')
TEST_SRC_FILES=$(shell find tests -name '*.go')
WINFV_SRCFILES=$(shell find win_tests -name '*.go')
# fail if unable to download
CURL=curl -C - -sSf
# Use forked CNI plugin URL and corresponding tagged artifacts.
CNI_VERSION=v1.1.1-calico+go-1.21.4
CNI_ARTIFACTS_URL=https://github.com/projectcalico/containernetworking-plugins/releases/download
FLANNEL_VERSION=v1.2.0
# By default set the CNI_SPEC_VERSION to 0.3.1 for tests.
CNI_SPEC_VERSION?=0.3.1
# Markers for various images we produce.
DEPLOY_CONTAINER_STATIC_MARKER=cni_deploy_container-$(ARCH).created
DEPLOY_CONTAINER_FIPS_MARKER=cni_deploy_container-$(ARCH)-fips.created
# Set FIPS to true to enable a FIPS compliant build using BoringSSL and CGO.
# Note that this produces binaries that are dynamically linked, and so have dependencies
# on the host machine.
FIPS ?= false
ifeq ($(FIPS),true)
BIN=bin/$(ARCH)-fips
DEPLOY_CONTAINER_MARKER=$(DEPLOY_CONTAINER_FIPS_MARKER)
VALIDARCHES=amd64
else
BIN=bin/$(ARCH)
DEPLOY_CONTAINER_MARKER=$(DEPLOY_CONTAINER_STATIC_MARKER)
endif
.PHONY: clean clean-windows
clean: clean-windows
# Clean .created files which indicate images / releases have been built.
find . -name '.*.created*' -type f -delete
find . -name '.*.published*' -type f -delete
rm -f *.created
rm -rf bin $(DEPLOY_CONTAINER_MARKER) pkg/install/install.test
rm -rf config/ dist/
-docker image rm -f $$(docker images $(CNI_PLUGIN_IMAGE) -a -q)
clean-windows: clean-windows-builder
rm -rf $(WINDOWS_BIN) $(WINDOWS_DIST)
###############################################################################
# Building the binary
###############################################################################
.PHONY: build
build: $(BIN)/install $(BIN)/calico $(BIN)/calico-ipam
ifeq ($(ARCH),amd64)
# Go only supports amd64 for Windows builds.
WINDOWS_BIN=bin/windows
build: $(WINDOWS_BIN)/install.exe $(WINDOWS_BIN)/calico.exe $(WINDOWS_BIN)/calico-ipam.exe
endif
build-all: $(addprefix sub-build-,$(VALIDARCHES))
sub-build-%:
$(MAKE) build ARCH=$*
## Build the Calico installation binary for the network and ipam plugins
$(BIN)/install binary: $(SRC_FILES)
ifeq ($(FIPS),true)
$(call build_cgo_boring_binary, $(PACKAGE_NAME)/cmd/install, $@)
else
$(call build_binary, $(PACKAGE_NAME)/cmd/install, $@)
endif
## Build the Calico network and ipam plugins
$(BIN)/calico: $(SRC_FILES)
ifeq ($(FIPS), true)
$(call build_cgo_boring_binary, $(PACKAGE_NAME)/cmd/calico, $@)
else
$(call build_binary, $(PACKAGE_NAME)/cmd/calico, $@)
endif
$(BIN)/calico-ipam: $(BIN)/calico
cp "$<" "$@"
## Build the Calico network and ipam plugins for Windows
$(WINDOWS_BIN)/install.exe: $(SRC_FILES)
mkdir -p $(WINDOWS_BIN)
$(call build_windows_binary, $(PACKAGE_NAME)/cmd/install, $@)
$(WINDOWS_BIN)/calico.exe: $(SRC_FILES)
mkdir -p $(WINDOWS_BIN)
$(call build_windows_binary, $(PACKAGE_NAME)/cmd/calico, $@)
$(WINDOWS_BIN)/calico-ipam.exe: $(WINDOWS_BIN)/calico.exe
cp "$<" "$@"
# NOTE: WINDOWS_IMAGE_REQS must be defined with the requirements to build the windows
# image. These must be added as reqs to 'image-windows' (originally defined in
# lib.Makefile) on the specific package Makefile otherwise they are not correctly
# recognized.
WINDOWS_IMAGE_REQS := Dockerfile-windows build fetch-win-cni-bins
image-windows: $(WINDOWS_IMAGE_REQS)
###############################################################################
# Building the image
###############################################################################
image: $(DEPLOY_CONTAINER_MARKER)
image-all: $(addprefix sub-image-,$(VALIDARCHES)) sub-image-fips-amd64
sub-image-%:
$(MAKE) image ARCH=$*
sub-image-fips-%:
$(MAKE) image FIPS=true ARCH=$*
# Builds the statically compiled binaries into a container.
$(DEPLOY_CONTAINER_STATIC_MARKER): Dockerfile build fetch-cni-bins
$(DOCKER_BUILD) --build-arg BIN_DIR=$(BIN) -t $(CNI_PLUGIN_IMAGE):latest-$(ARCH) -f Dockerfile .
$(MAKE) retag-build-images-with-registries VALIDARCHES=$(ARCH) IMAGETAG=latest
touch $@
# Builds the FIPS binaries into a container.
$(DEPLOY_CONTAINER_FIPS_MARKER): Dockerfile build fetch-cni-bins
$(DOCKER_BUILD) --build-arg BIN_DIR=$(BIN) -t $(CNI_PLUGIN_IMAGE):latest-fips-$(ARCH) -f Dockerfile .
$(MAKE) retag-build-images-with-registries VALIDARCHES=$(ARCH) IMAGETAG=latest-fips LATEST_IMAGE_TAG=latest-fips
touch $@
.PHONY: fetch-cni-bins fetch-win-cni-bins
fetch-cni-bins: $(BIN)/flannel $(BIN)/loopback $(BIN)/host-local $(BIN)/portmap $(BIN)/tuning $(BIN)/bandwidth
fetch-win-cni-bins: $(WINDOWS_BIN)/flannel.exe
$(BIN)/loopback $(BIN)/host-local $(BIN)/portmap $(BIN)/tuning $(BIN)/bandwidth:
-mkdir -p $(BIN)
$(CURL) -L --retry 5 $(CNI_ARTIFACTS_URL)/$(CNI_VERSION)/cni-plugins-linux-$(subst v7,,$(ARCH))-$(CNI_VERSION).tgz | tar -xz -C $(BIN) ./loopback ./host-local ./portmap ./tuning ./bandwidth
$(BIN)/flannel:
-mkdir -p $(BIN)
$(CURL) -L --retry 5 https://github.com/flannel-io/cni-plugin/releases/download/$(FLANNEL_VERSION)/cni-plugin-flannel-linux-$(subst v7,,$(ARCH))-$(FLANNEL_VERSION).tgz | tar -xz -C $(BIN) flannel-$(subst v7,,$(ARCH))
mv $(BIN)/flannel-$(subst v7,,$(ARCH)) $@
$(WINDOWS_BIN)/flannel.exe:
-mkdir -p $(WINDOWS_BIN)
$(CURL) -L --retry 5 https://github.com/flannel-io/cni-plugin/releases/download/$(FLANNEL_VERSION)/cni-plugin-flannel-windows-amd64-$(FLANNEL_VERSION).tgz | tar -xz -C $(WINDOWS_BIN) flannel-amd64.exe
mv $(WINDOWS_BIN)/flannel-amd64.exe $@
###############################################################################
# Unit Tests
###############################################################################
## Run the unit tests.
ut: run-k8s-controller-manager $(BIN)/install $(BIN)/host-local $(BIN)/calico-ipam $(BIN)/calico
$(MAKE) ut-datastore DATASTORE_TYPE=etcdv3
$(MAKE) ut-datastore DATASTORE_TYPE=kubernetes
ut-datastore:
# The tests need to run as root
docker run --rm -t --privileged --net=host \
$(EXTRA_DOCKER_ARGS) \
-e ETCD_IP=$(LOCAL_IP_ENV) \
-e RUN_AS_ROOT=true \
-e ARCH=$(ARCH) \
-e PLUGIN=calico \
-e BIN=/go/src/$(PACKAGE_NAME)/$(BIN) \
-e CNI_SPEC_VERSION=$(CNI_SPEC_VERSION) \
-e DATASTORE_TYPE=$(DATASTORE_TYPE) \
-e ETCD_ENDPOINTS=http://$(LOCAL_IP_ENV):2379 \
-e KUBECONFIG=/home/user/certs/kubeconfig \
-v $(CURDIR)/../:/go/src/github.com/projectcalico/calico:rw \
-v $(CERTS_PATH):/home/user/certs \
$(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) \
cd /go/src/$(PACKAGE_NAME) && \
ginkgo -cover -r -skipPackage pkg/install $(GINKGO_ARGS)'
ut-etcd: run-k8s-controller-manager build $(BIN)/host-local
$(MAKE) ut-datastore DATASTORE_TYPE=etcdv3
make stop-etcd
make stop-k8s-controller
ut-kdd: run-k8s-controller-manager build $(BIN)/host-local
$(MAKE) ut-datastore DATASTORE_TYPE=kubernetes
make stop-etcd
make stop-k8s-controller
## Run the tests in a container (as root) for different CNI spec versions
## to make sure we don't break backwards compatibility.
.PHONY: test-cni-versions
test-cni-versions:
for cniversion in "0.2.0" "0.3.1" ; do \
if make ut CNI_SPEC_VERSION=$$cniversion; then \
echo "CNI version $$cniversion PASSED"; \
else \
echo "CNI version $$cniversion FAILED"; \
exit 1; \
fi; \
done
###############################################################################
# Install test
###############################################################################
# We pre-build the test binary so that we can run it outside a container and allow it
# to interact with docker.
pkg/install/install.test: pkg/install/*.go
$(DOCKER_RUN) $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) \
cd /go/src/$(PACKAGE_NAME) && \
go test ./pkg/install -c --tags install_test -o ./pkg/install/install.test'
.PHONY: test-install-cni
## Test the install
test-install-cni: run-k8s-apiserver image pkg/install/install.test
cd pkg/install && CONTAINER_NAME=$(CNI_PLUGIN_IMAGE):latest-$(ARCH) CERTS_PATH=$(CERTS_PATH) ./install.test
###############################################################################
# CI/CD
###############################################################################
.PHONY: ci
ci: clean mod-download build static-checks test-cni-versions image-all test-install-cni
## Deploys images to registry
cd: image-all cd-common
## Build fv binary for Windows
$(WINDOWS_BIN)/win-fv.exe: $(WINFV_SRCFILES)
$(DOCKER_RUN) -e GOOS=windows $(CALICO_BUILD) sh -c '$(GIT_CONFIG_SSH) go test ./win_tests -c -o $(WINDOWS_BIN)/win-fv.exe'
###############################################################################
# Release
###############################################################################
## Produces a clean build of release artifacts at the specified version.
release-build: .release-$(VERSION).created
.release-$(VERSION).created:
$(MAKE) clean image-all RELEASE=true
$(MAKE) retag-build-images-with-registries RELEASE=true IMAGETAG=$(VERSION)
$(MAKE) retag-build-images-with-registries RELEASE=true IMAGETAG=latest
$(MAKE) FIPS=true retag-build-images-with-registries RELEASE=true IMAGETAG=$(VERSION)-fips LATEST_IMAGE_TAG=latest-fips
$(MAKE) FIPS=true retag-build-images-with-registries RELEASE=true IMAGETAG=latest-fips LATEST_IMAGE_TAG=latest-fips
$(MAKE) release-verify
touch $@
## Verifies the release artifacts produces by `make release-build` are correct.
release-verify: release-prereqs
# Check the reported version is correct for each release artifact.
$(MAKE) release-verify-version IMAGE=calico/cni:$(VERSION)-$(ARCH)
$(MAKE) release-verify-version IMAGE=calico/cni:$(VERSION)-fips-$(ARCH)
$(MAKE) release-verify-version IMAGE=quay.io/calico/cni:$(VERSION)-$(ARCH)
$(MAKE) release-verify-version IMAGE=quay.io/calico/cni:$(VERSION)-fips-$(ARCH)
# Check that the FIPS binaries have the correct symbols.
$(MAKE) release-verify-fips IMAGE=calico/cni:$(VERSION)-fips-$(ARCH)
$(MAKE) release-verify-fips IMAGE=quay.io/calico/cni:$(VERSION)-fips-$(ARCH)
release-verify-version:
docker run --rm $(IMAGE) calico -v | grep -x $(VERSION) || ( echo "Reported version does not match" && exit 1 )
docker run --rm $(IMAGE) calico-ipam -v | grep -x $(VERSION) || ( echo "Reported version does not match" && exit 1 )
release-verify-fips:
rm -rf .tmp && mkdir -p .tmp
# Copy binaries from the image so we can analyze them.
sh -c "docker create --name calico-cni-verify $(IMAGE); docker cp calico-cni-verify:/opt/cni/bin/install .tmp/calico; docker rm -f calico-cni-verify"
go tool nm .tmp/calico | grep '_Cfunc__goboringcrypto_' 1> /dev/null || echo "ERROR: Binary in image '$(IMAGE)' is missing expected goboring symbols"
rm -rf .tmp
release-publish: release-prereqs .release-$(VERSION).published
.release-$(VERSION).published:
$(MAKE) push-images-to-registries push-manifests IMAGETAG=$(VERSION) RELEASE=$(RELEASE) CONFIRM=$(CONFIRM)
$(MAKE) FIPS=true push-images-to-registries push-manifests IMAGETAG=$(VERSION)-fips RELEASE=$(RELEASE) CONFIRM=$(CONFIRM)
# Push Windows images.
$(MAKE) release-windows IMAGETAG=$(VERSION) CONFIRM=$(CONFIRM)
touch $@
# WARNING: Only run this target if this release is the latest stable release. Do NOT
# run this target for alpha / beta / release candidate builds, or patches to earlier Calico versions.
## Pushes `latest` release images. WARNING: Only run this for latest stable releases.
release-publish-latest: release-prereqs
# Check latest versions match.
if ! docker run $(CNI_PLUGIN_IMAGE):latest-$(ARCH) calico -v | grep '^$(VERSION)$$'; then echo "Reported version:" `docker run $(CNI_PLUGIN_IMAGE):latest-$(ARCH) calico -v` "\nExpected version: $(VERSION)"; false; else echo "\nVersion check passed\n"; fi
if ! docker run quay.io/$(CNI_PLUGIN_IMAGE):latest-$(ARCH) calico -v | grep '^$(VERSION)$$'; then echo "Reported version:" `docker run quay.io/$(CNI_PLUGIN_IMAGE):latest-$(ARCH) calico -v` "\nExpected version: $(VERSION)"; false; else echo "\nVersion check passed\n"; fi
$(MAKE) push-images-to-registries push-manifests RELEASE=true IMAGETAG=latest RELEASE=$(RELEASE) CONFIRM=$(CONFIRM)
# Push Windows images.
$(MAKE) release-windows IMAGETAG=latest CONFIRM=$(CONFIRM)
###############################################################################
# Developer helper scripts (not used by build or test)
###############################################################################
.PHONY: test-watch
## Run the unit tests, watching for changes.
test-watch: $(BIN)/install run-etcd run-k8s-apiserver
# The tests need to run as root
CGO_ENABLED=0 ETCD_IP=127.0.0.1 PLUGIN=calico GOPATH=$(GOPATH) $(shell which ginkgo) watch -skipPackage pkg/install