fengqi-dev/Makefile

## Makefile
NAMESPACE = $(shell yq -r '.namespace // "default"' ./config/default/kustomization.yaml)
NAME_PREFIX = $(shell yq -r '.namePrefix // ""' ./config/default/kustomization.yaml)

.PHONY: gen-certs
gen-certs:
	mkdir -p certs; \
	if [ -f certs/tls.key ] && [ -f certs/tls.crt ]; then \
		echo "certs already exist: certs/tls.key, certs/tls.crt (skip)"; \
		exit 0; \
	fi; \
	SVC_NS="$(NAMESPACE)"; \
	SVC_NAME="$(NAME_PREFIX)webhook-service"; \
	openssl req -x509 -nodes -days 3650 \
		-newkey rsa:2048 \
		-keyout certs/tls.key \
		-out certs/tls.crt \
		-subj "/CN=$$SVC_NAME" \
		-addext "subjectAltName=DNS:$$SVC_NAME.$$SVC_NS.svc,DNS:$$SVC_NAME.$$SVC_NS.svc.cluster.local";
	cp certs/tls.crt certs/ca.crt

.PHONY: install
install: manifests kustomize gen-certs ## Install CRDs into the K8s cluster specified in ~/.kube/config.
	@set -euo pipefail; \
	out="$$( "$(KUSTOMIZE)" build config/default )"; \
	if [ -n "$$out" ]; then echo "$$out" | "$(KUBECTL)" apply -f -; else echo "No CRDs to install; skipping."; exit 0; fi; \
	CA_BUNDLE="$$(base64 < certs/ca.crt | tr -d '\n')"; \
	for kind in validating mutating; do \
		name="$(NAME_PREFIX)$${kind}-webhook-configuration"; \
		"$(KUBECTL)" patch "$${kind}webhookconfiguration.admissionregistration.k8s.io/$$name" \
			--type='json' \
			-p="[{\"op\":\"replace\",\"path\":\"/webhooks/0/clientConfig/caBundle\",\"value\":\"$$CA_BUNDLE\"}]" \
		|| "$(KUBECTL)" patch "$${kind}webhookconfiguration.admissionregistration.k8s.io/$$name" \
			--type='json' \
			-p="[{\"op\":\"add\",\"path\":\"/webhooks/0/clientConfig/caBundle\",\"value\":\"$$CA_BUNDLE\"}]"; \
	done
	NAMESPACE = $(shell yq -r '.namespace // "default"' ./config/default/kustomization.yaml)
	NAME_PREFIX = $(shell yq -r '.namePrefix // ""' ./config/default/kustomization.yaml)

	.PHONY: gen-certs
	gen-certs:
	mkdir -p certs; \
	if [ -f certs/tls.key ] && [ -f certs/tls.crt ]; then \
	echo "certs already exist: certs/tls.key, certs/tls.crt (skip)"; \
	exit 0; \
	fi; \
	SVC_NS="$(NAMESPACE)"; \
	SVC_NAME="$(NAME_PREFIX)webhook-service"; \
	openssl req -x509 -nodes -days 3650 \
	-newkey rsa:2048 \
	-keyout certs/tls.key \
	-out certs/tls.crt \
	-subj "/CN=$$SVC_NAME" \
	-addext "subjectAltName=DNS:$$SVC_NAME.$$SVC_NS.svc,DNS:$$SVC_NAME.$$SVC_NS.svc.cluster.local";
	cp certs/tls.crt certs/ca.crt

	.PHONY: install
	install: manifests kustomize gen-certs ## Install CRDs into the K8s cluster specified in ~/.kube/config.
	@set -euo pipefail; \
	out="$$( "$(KUSTOMIZE)" build config/default )"; \
	if [ -n "$$out" ]; then echo "$$out" \| "$(KUBECTL)" apply -f -; else echo "No CRDs to install; skipping."; exit 0; fi; \
	CA_BUNDLE="$$(base64 < certs/ca.crt \| tr -d '\n')"; \
	for kind in validating mutating; do \
	name="$(NAME_PREFIX)$${kind}-webhook-configuration"; \
	"$(KUBECTL)" patch "$${kind}webhookconfiguration.admissionregistration.k8s.io/$$name" \
	--type='json' \
	-p="[{\"op\":\"replace\",\"path\":\"/webhooks/0/clientConfig/caBundle\",\"value\":\"$$CA_BUNDLE\"}]" \
	\|\| "$(KUBECTL)" patch "$${kind}webhookconfiguration.admissionregistration.k8s.io/$$name" \
	--type='json' \
	-p="[{\"op\":\"add\",\"path\":\"/webhooks/0/clientConfig/caBundle\",\"value\":\"$$CA_BUNDLE\"}]"; \
	done
No results found