forked from projectcalico/cni-plugin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
354 lines (305 loc) · 15.8 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
# Disable make's implicit rules, which are not useful for golang, and slow down the build
# considerably.
.SUFFIXES:
SRCFILES=calico.go $(wildcard utils/*.go) $(wildcard k8s/*.go) ipam/calico-ipam.go
TEST_SRCFILES=$(wildcard test_utils/*.go) $(wildcard calico_cni_*.go)
LOCAL_IP_ENV?=$(shell ip route get 8.8.8.8 | head -1 | awk '{print $$7}')
# fail if unable to download
CURL=curl -sSf
K8S_VERSION=1.6.1
CNI_VERSION=v0.6.0
CALICO_CNI_VERSION?=$(shell git describe --tags --dirty)
# By default set the CNI_SPEC_VERSION to 0.3.1 for tests.
CNI_SPEC_VERSION?=0.3.1
# Ensure that the dist directory is always created
MAKE_SURE_DIST_EXIST := $(shell mkdir -p dist)
CALICO_BUILD?=calico/go-build:v0.9
DEPLOY_CONTAINER_NAME=calico/cni
DEPLOY_CONTAINER_MARKER=cni_deploy_container.created
LIBCALICOGO_PATH?=none
DATASTORE_TYPE?=etcdv3
LOCAL_USER_ID?=$(shell id -u $$USER)
.PHONY: all binary plugin ipam
default: all
all: vendor build-containerized test-containerized
binary: plugin ipam
plugin: dist/calico
ipam: dist/calico-ipam
docker-image: $(DEPLOY_CONTAINER_MARKER)
.PHONY: clean
clean:
rm -rf dist vendor $(DEPLOY_CONTAINER_MARKER) .go-pkg-cache k8s-install/scripts/install_cni.test
release: clean
ifndef VERSION
$(error VERSION is undefined - run using make release VERSION=vX.Y.Z)
endif
git tag $(VERSION)
$(MAKE) build-containerized $(DEPLOY_CONTAINER_MARKER)
# Check that the version output appears on a line of its own (the -x option to grep).
# Tests that the "git tag" makes it into the binary. Main point is to catch "-dirty" builds
@echo "Checking if the tag made it into the binary"
docker run --rm $(DEPLOY_CONTAINER_NAME) calico -v | grep -x $(VERSION) || ( echo "Reported version:" `docker run --rm $(DEPLOY_CONTAINER_NAME) calico -v` "\nExpected version: $(VERSION)" && exit 1 )
docker run --rm $(DEPLOY_CONTAINER_NAME) calico-ipam -v | grep -x $(VERSION) || ( echo "Reported version:" `docker run --rm $(DEPLOY_CONTAINER_NAME) calico-ipam -v | grep -x $(VERSION)` "\nExpected version: $(VERSION)" && exit 1 )
docker tag $(DEPLOY_CONTAINER_NAME) $(DEPLOY_CONTAINER_NAME):$(VERSION)
docker tag $(DEPLOY_CONTAINER_NAME) quay.io/$(DEPLOY_CONTAINER_NAME):$(VERSION)
docker tag $(DEPLOY_CONTAINER_NAME) quay.io/$(DEPLOY_CONTAINER_NAME):latest
@echo ""
@echo "Push the git tag."
@echo ""
@echo " git push origin $(VERSION)"
@echo ""
@echo "Then create a release on Github and attach the dist/calico and dist/calico-ipam binaries"
@echo ""
@echo "Push the versioned release images."
@echo ""
@echo " docker push calico/cni:$(VERSION)"
@echo " docker push quay.io/calico/cni:$(VERSION)"
@echo ""
@echo "If this is a stable release, push the latest images as well."
@echo ""
@echo " docker push calico/cni:latest"
@echo " docker push quay.io/calico/cni:latest"
# To update upstream dependencies, delete the glide.lock file first.
## Use this to populate the vendor directory after checking out the repository.
vendor: glide.yaml
# To build without Docker just run "glide install -strip-vendor"
-mkdir -p ~/.glide
if [ "$(LIBCALICOGO_PATH)" != "none" ]; then \
EXTRA_DOCKER_BIND="-v $(LIBCALICOGO_PATH):/go/src/github.com/projectcalico/libcalico-go:ro"; \
fi; \
docker run --rm \
-v $(CURDIR):/go/src/github.com/projectcalico/cni-plugin:rw $$EXTRA_DOCKER_BIND \
-v $(HOME)/.glide:/home/user/.glide:rw \
-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
$(CALICO_BUILD) /bin/sh -c ' \
cd /go/src/github.com/projectcalico/cni-plugin && \
glide install -strip-vendor'
## Build the Calico network plugin
dist/calico: $(SRCFILES) vendor
mkdir -p $(@D)
CGO_ENABLED=0 go build -v -i -o dist/calico \
-ldflags "-X main.VERSION=$(CALICO_CNI_VERSION) -s -w" calico.go
## Build the Calico ipam plugin
dist/calico-ipam: $(SRCFILES) vendor
mkdir -p $(@D)
CGO_ENABLED=0 go build -v -i -o dist/calico-ipam \
-ldflags "-X main.VERSION=$(CALICO_CNI_VERSION) -s -w" ipam/calico-ipam.go
.PHONY: test
## Run the unit tests.
test: dist/calico dist/calico-ipam dist/host-local run-etcd run-k8s-apiserver test-install-cni
# The tests need to run as root
sudo CGO_ENABLED=0 ETCD_IP=127.0.0.1 PLUGIN=calico GOPATH=$(GOPATH) $(shell which ginkgo)
.PHONY: test-watch
## Run the unit tests, watching for changes.
test-watch: dist/calico dist/calico-ipam run-etcd run-k8s-apiserver
# The tests need to run as root
sudo CGO_ENABLED=0 ETCD_IP=127.0.0.1 PLUGIN=calico GOPATH=$(GOPATH) $(shell which ginkgo) watch
$(DEPLOY_CONTAINER_MARKER): Dockerfile build-containerized fetch-cni-bins
docker build -f Dockerfile -t $(DEPLOY_CONTAINER_NAME) .
touch $@
.PHONY: fetch-cni-bins
fetch-cni-bins: dist/flannel dist/loopback dist/host-local dist/portmap
dist/flannel dist/loopback dist/host-local dist/portmap:
mkdir -p dist
$(CURL) -L --retry 5 https://github.com/containernetworking/plugins/releases/download/$(CNI_VERSION)/cni-plugins-amd64-$(CNI_VERSION).tgz | tar -xz -C dist ./flannel ./loopback ./host-local ./portmap
# Useful for CI but currently slow for local development because the
# .go-pkg-cache can't be used (since tests run as root)
.PHONY: test-containerized
## Run the tests in a container (as root)
test-containerized: run-etcd run-k8s-apiserver build-containerized dist/host-local
docker run --rm --privileged --net=host \
-e ETCD_IP=$(LOCAL_IP_ENV) \
-e LOCAL_USER_ID=0 \
-e PLUGIN=calico \
-e CNI_SPEC_VERSION=$(CNI_SPEC_VERSION) \
-e DATASTORE_TYPE=$(DATASTORE_TYPE) \
-e ETCD_ENDPOINTS=http://$(LOCAL_IP_ENV):2379 \
-v $(CURDIR):/go/src/github.com/projectcalico/cni-plugin:rw \
$(CALICO_BUILD) sh -c '\
cd /go/src/github.com/projectcalico/cni-plugin && \
ginkgo'
make stop-etcd
# This does not currently work, kubernetes needs additional configuration
# before the tests will run correctly.
.PHONY: test-containerized-all-datastore
test-containerized-all-datastore:
for datastore in "etcdv3" "kubernetes" ; do \
make test-containerized DATASTORE_TYPE=$$datastore; \
done
# We pre-build the test binary so that we can run it outside a container and allow it
# to interact with docker.
k8s-install/scripts/install_cni.test: vendor
-mkdir -p .go-pkg-cache
docker run --rm \
-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
-v $(CURDIR):/go/src/github.com/projectcalico/cni-plugin:rw \
-v $(CURDIR)/.go-pkg-cache:/go/pkg/:rw \
$(CALICO_BUILD) sh -c '\
cd /go/src/github.com/projectcalico/cni-plugin && \
go test ./k8s-install/scripts -c --tags install_cni_test -o ./k8s-install/scripts/install_cni.test'
.PHONY: test-install-cni
## Test the install-cni.sh script
test-install-cni: docker-image k8s-install/scripts/install_cni.test
cd k8s-install/scripts && ./install_cni.test
run-test-containerized-without-building: run-etcd run-k8s-apiserver
docker run --rm --privileged --net=host \
-e ETCD_IP=$(LOCAL_IP_ENV) \
-e LOCAL_USER_ID=0 \
-e PLUGIN=calico \
-e CNI_SPEC_VERSION=$(CNI_SPEC_VERSION) \
-e DATASTORE_TYPE=$(DATASTORE_TYPE) \
-e ETCD_ENDPOINTS=http://$(LOCAL_IP_ENV):2379 \
-v $(CURDIR):/go/src/github.com/projectcalico/cni-plugin:rw \
$(CALICO_BUILD) sh -c '\
cd /go/src/github.com/projectcalico/cni-plugin && \
ginkgo'
make stop-etcd
## Run the tests in a container (as root) for different CNI spec versions
## to make sure we don't break backwards compatiblity.
.PHONY: test-containerized-cni-versions
test-containerized-cni-versions: build-containerized dist/host-local;
for cniversion in "0.2.0" "0.3.1" ; do \
make run-test-containerized-without-building CNI_SPEC_VERSION=$$cniversion; \
done
.PHONY: build-containerized
## Run the build in a container. Useful for CI
build-containerized: vendor
-mkdir -p dist
-mkdir -p .go-pkg-cache
docker run --rm \
-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
-v $(CURDIR):/go/src/github.com/projectcalico/cni-plugin:ro \
-v $(CURDIR)/dist:/go/src/github.com/projectcalico/cni-plugin/dist \
-v $(CURDIR)/.go-pkg-cache:/go/pkg/:rw \
$(CALICO_BUILD) sh -c '\
cd /go/src/github.com/projectcalico/cni-plugin && \
make binary'
## Etcd is used by the tests
run-etcd: stop-etcd
docker run --detach \
-p 2379:2379 \
--name calico-etcd quay.io/coreos/etcd \
etcd \
--advertise-client-urls "http://$(LOCAL_IP_ENV):2379,http://127.0.0.1:2379,http://$(LOCAL_IP_ENV):4001,http://127.0.0.1:4001" \
--listen-client-urls "http://0.0.0.0:2379,http://0.0.0.0:4001"
## Etcd is used by the kubernetes
run-etcd-host: stop-etcd
docker run --detach \
--net=host \
--name calico-etcd quay.io/coreos/etcd \
etcd \
--advertise-client-urls "http://$(LOCAL_IP_ENV):2379,http://127.0.0.1:2379,http://$(LOCAL_IP_ENV):4001,http://127.0.0.1:4001" \
--listen-client-urls "http://0.0.0.0:2379,http://0.0.0.0:4001"
## Stops calico-etcd containers
stop-etcd:
@-docker rm -f calico-etcd
## Kubernetes apiserver used for tests
run-k8s-apiserver: stop-k8s-apiserver
docker run --detach --net=host \
--name calico-k8s-apiserver \
gcr.io/google_containers/hyperkube-amd64:v$(K8S_VERSION) \
/hyperkube apiserver --etcd-servers=http://$(LOCAL_IP_ENV):2379 \
--service-cluster-ip-range=10.101.0.0/16
## Stop Kubernetes apiserver
stop-k8s-apiserver:
@-docker rm -f calico-k8s-apiserver
.PHONY: static-checks
## Perform static checks on the code. The golint checks are allowed to fail, the others must pass.
static-checks: vendor
docker run --rm \
-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
-v $(CURDIR):/go/src/github.com/projectcalico/cni-plugin \
calico/go-build sh -c '\
cd /go/src/github.com/projectcalico/cni-plugin && \
gometalinter --deadline=300s --disable-all --enable=goimports --enable=vet --enable=errcheck --vendor -s test_utils ./...'
install:
CGO_ENABLED=0 go install github.com/projectcalico/cni-plugin
## Retrieve an old version of the Python CNI plugin for use in tests
dist/calico-python:
$(CURL) -L https://github.com/projectcalico/cni-plugin/releases/download/v1.3.1/calico -o $@
chmod +x $@
## Retrieve an old version of the Python CNI plugin for use in tests
dist/calico-ipam-python:
$(CURL) -L https://github.com/projectcalico/cni-plugin/releases/download/v1.3.1/calico-ipam -o $@
chmod +x $@
# Copy the plugin into place
deploy-rkt: binary
cp dist/calico /etc/rkt/net.d
cp dist/calico-ipam /etc/rkt/net.d
echo '{"name": "prod","log_level":"warning","type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"host-local","subnet": "10.10.0.0/8"}}' >/etc/rkt/net.d/calico-warning.conf
echo '{"name": "mtu","mtu":999,"type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"host-local","subnet": "10.10.0.0/8"}}' >/etc/rkt/net.d/calico-mtu.conf
echo '{"name": "dev", "log_level":"info","type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"calico-ipam"}}' >/etc/rkt/net.d/calico-info.conf
echo '{"name": "debug", "log_level":"debug","type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"calico-ipam"}}' >/etc/rkt/net.d/calico-debug.conf
echo '{"name": "ipv6", "log_level":"info","type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"calico-ipam", "assign_ipv6":"true"}}' >/etc/rkt/net.d/calico-ipv6.conf
echo '{"name": "secure", "log_level":"debug","type":"calico","etcd_endpoints":"https://etcd-authority-ssl:2379","etcd_key_file":"/etc/calico/client-key.pem","etcd_cert_file":"/etc/calico/client.pem","etcd_ca_cert_file":"/etc/calico/ca.pem", "ipam":{"type":"calico-ipam"}}' >/etc/rkt/net.d/calico-secure.conf
@echo ""
@echo Now create containers using rkt e.g.
@echo sudo rkt run quay.io/coreos/alpine-sh --exec ifconfig --net=prod
@echo sudo rkt run quay.io/coreos/alpine-sh --exec ifconfig --net=dev
@echo sudo rkt run quay.io/coreos/alpine-sh --exec ifconfig --net=prod --net=dev
## Run kubernetes master
run-kubernetes-master: stop-kubernetes-master run-etcd-host binary
echo Get kubectl from http://storage.googleapis.com/kubernetes-release/release/v$(K8S_VERSION)/bin/linux/amd64/kubectl
mkdir -p net.d
#echo '{"name": "k8s","type": "calico","etcd_authority": "${LOCAL_IP_ENV}:2379", "kubernetes":{"node_name":"127.0.0.1"}, "policy": {"type": "k8s"},"ipam": {"type": "host-local", "subnet": "usePodCidr"}}' >net.d/10-calico.conf
#echo '{"log_level":"DEBUG", "name": "k8s","type": "calico","etcd_authority": "${LOCAL_IP_ENV}:2379", "kubernetes":{"node_name":"127.0.0.1"}, "policy": {"type": "k8s"},"ipam": {"type": "host-local", "subnet": "10.101.0.0/16"}}' >net.d/10-calico.conf
echo '{"log_level":"DEBUG","name": "k8s","type": "calico","etcd_authority": "${LOCAL_IP_ENV}:2379", "kubernetes":{"node_name":"127.0.0.1", "kubeconfig":"/etc/cni/net.d/kubeconfig"}, "policy": {"type": "k8s"},"ipam": {"type": "host-local", "subnet": "usePodCidr"}}' >net.d/10-calico.conf
# echo '{"log_level":"DEBUG","name": "k8s","type": "calico","etcd_authority": "${LOCAL_IP_ENV}:2379", "kubernetes":{"node_name":"127.0.0.1"}, "policy": {"k8s_insecure_skip_tls_verify":true,"type": "k8s", "k8s_api_root":"https://10.7.50.75:6443", "k8s_auth_token":"YcFKOZdGR2c1XagRzhT6E5dHjNlbzmO9"},"ipam": {"type": "host-local", "subnet": "usePodCidr"}}' >net.d/10-calico.conf
# echo '{"log_level":"DEBUG","name": "k8s","type": "calico","etcd_authority": "${LOCAL_IP_ENV}:2379", "kubernetes":{"node_name":"127.0.0.1"}, "policy": {"k8s_insecure_skip_tls_verify":true,"type": "k8s", "k8s_api_root":"https://10.7.50.75:6443", "k8s_username":"admin", "k8s_password":"admin"},"ipam": {"type": "host-local", "subnet": "usePodCidr"}}' >net.d/10-calico.conf
#echo '{"log_level":"DEBUG","name": "k8s","type": "calico","etcd_authority": "${LOCAL_IP_ENV}:2379", "ipam": {"type": "host-local", "subnet": "10.13.0.0/16"}}' >net.d/10-calico.conf
# Run the kubelet which will launch the master components in a pod.
docker run \
--volume=/:/rootfs:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:rw \
--volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
--volume=`pwd`/dist:/opt/cni/bin \
--volume=`pwd`/net.d:/etc/cni/net.d \
--volume=/var/run:/var/run:rw \
--net=host \
--pid=host \
--privileged=true \
--name calico-kubelet-master \
-d \
gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
/hyperkube kubelet \
--containerized \
--hostname-override="127.0.0.1" \
--address="0.0.0.0" \
--api-servers=http://localhost:8080 \
--config=/etc/kubernetes/manifests-multi \
--cluster-dns=10.0.0.10 \
--network-plugin=cni \
--network-plugin-dir=/etc/cni/net.d \
--cluster-domain=cluster.local \
--allow-privileged=true --v=2
@echo "Now manually start a calico-node container"
## Stop kubernetes master
stop-kubernetes-master:
# Stop any existing kubelet that we started
-docker rm -f calico-kubelet-master
# Remove any pods that the old kubelet may have started.
-docker rm -f $$(docker ps | grep k8s_ | awk '{print $$1}')
# Remove any left over volumes
-docker volume ls -qf dangling=true | xargs -r docker volume rm
-mount |grep kubelet | awk '{print $$3}' |sudo xargs umount
## Run kube-proxy
run-kube-proxy:
-docker rm -f calico-kube-proxy
docker run --name calico-kube-proxy -d --net=host --privileged gcr.io/google_containers/hyperkube:v$(K8S_VERSION) /hyperkube proxy --master=http://127.0.0.1:8080 --v=2
ci: clean static-checks test-containerized-cni-versions docker-image test-install-cni
.PHONY: help
help: # Some kind of magic from https://gist.github.com/rcmachado/af3db315e31383502660
$(info Available targets)
@awk '/^[a-zA-Z\-\_0-9\/]+:/ { \
nb = sub( /^## /, "", helpMsg ); \
if(nb == 0) { \
helpMsg = $$0; \
nb = sub( /^[^:]*:.* ## /, "", helpMsg ); \
} \
if (nb) \
printf "\033[1;31m%-" width "s\033[0m %s\n", $$1, helpMsg; \
} \
{ helpMsg = $$0 }' \
width=20 \
$(MAKEFILE_LIST)