-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathMakefile
174 lines (144 loc) · 6.1 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
# Multi-arch docker container instance of the open-source kubearmor project intended for Open Horizon Linux edge nodes
export DOCKER_IMAGE_BASE ?= kubearmor/kubearmor
export DOCKER_IMAGE_NAME ?= kubearmor
export DOCKER_IMAGE_VERSION ?= stable
export DOCKER_VOLUME_NAME ?= kubearmor_config
# DockerHub ID of the third party providing the image (usually yours if building and pushing)
export DOCKER_HUB_ID ?= kubearmor
# The Open Horizon organization ID namespace where you will be publishing the service definition file
export HZN_ORG_ID ?= examples
# Open Horizon settings for publishing metadata about the service
export DEPLOYMENT_POLICY_NAME ?= deployment-policy-kubearmor
export NODE_POLICY_NAME ?= node-policy-kubearmor
export SERVICE_NAME ?= service-kubearmor
export SERVICE_VERSION ?= 0.0.1
# Default ARCH to the architecture of this machine (assumes hzn CLI installed)
export ARCH ?= amd64
# Detect Operating System running Make
OS := $(shell uname -s)
default: init run
check:
@echo "====================="
@echo "ENVIRONMENT VARIABLES"
@echo "====================="
@echo "DOCKER_IMAGE_BASE default: kubearmor/kubearmor actual: ${DOCKER_IMAGE_BASE}"
@echo "DOCKER_IMAGE_NAME default: kubearmor actual: ${DOCKER_IMAGE_NAME}"
@echo "DOCKER_IMAGE_VERSION default: stable actual: ${DOCKER_IMAGE_VERSION}"
@echo "DOCKER_VOLUME_NAME default: kubearmor_config actual: ${DOCKER_VOLUME_NAME}"
@echo "DOCKER_HUB_ID default: kubearmor actual: ${DOCKER_HUB_ID}"
@echo "HZN_ORG_ID default: examples actual: ${HZN_ORG_ID}"
@echo "MY_TIME_ZONE default: America/New_York actual: ${MY_TIME_ZONE}"
@echo "DEPLOYMENT_POLICY_NAME default: deployment-policy-kubearmor actual: ${DEPLOYMENT_POLICY_NAME}"
@echo "NODE_POLICY_NAME default: node-policy-kubearmor actual: ${NODE_POLICY_NAME}"
@echo "SERVICE_NAME default: service-kubearmor actual: ${SERVICE_NAME}"
@echo "SERVICE_VERSION default: 0.0.1 actual: ${SERVICE_VERSION}"
@echo "ARCH default: amd64 actual: ${ARCH}"
@echo ""
@echo "=================="
@echo "SERVICE DEFINITION"
@echo "=================="
@cat service.definition.json | envsubst
@echo ""
stop:
@docker rm -f $(DOCKER_IMAGE_NAME) >/dev/null 2>&1 || :
init:
@docker volume create $(DOCKER_VOLUME_NAME)
run: stop
@docker run -v /tmp/:/opt/kubearmor/BPF --privileged kubearmor/kubearmor-init:latest
@docker run -d \
--name $(DOCKER_IMAGE_NAME) \
--restart=unless-stopped \
-e TZ=$(MY_TIME_ZONE) \
-v $(DOCKER_VOLUME_NAME):/config \
-p 32767:32767 \
-v /tmp/:/opt/kubearmor/BPF \
-v /sys/fs/bpf:/sys/fs/bpf \
-v /sys/kernel/security:/sys/kernel/security \
-v /sys/kernel/debug:/sys/kernel/debug \
-v /etc/apparmor.d:/etc/apparmor.d \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /run/docker:/run/docker \
-v /var/lib/docker:/var/lib/docker \
--privileged \
--pid=host \
--ipc=host \
$(DOCKER_IMAGE_BASE):$(DOCKER_IMAGE_VERSION) \
-k8s=false
dev: run attach
attach:
@docker exec -it \
`docker ps -aqf "name=$(DOCKER_IMAGE_NAME)"` \
/bin/bash
test:
@curl -sS http://127.0.0.1:8123
clean: stop
@docker rmi -f $(DOCKER_IMAGE_BASE):$(DOCKER_IMAGE_VERSION) >/dev/null 2>&1 || :
@docker volume rm $(DOCKER_VOLUME_NAME)
distclean: agent-stop remove-deployment-policy remove-service-policy remove-service clean
build:
@echo "There is no Docker image build process since this container is provided by a third-party from official sources."
push:
@echo "There is no Docker image push process since this container is provided by a third-party from official sources."
publish: publish-service publish-service-policy publish-deployment-policy agent-run
# Pull, not push, Docker image since provided by third party
publish-service:
@echo "=================="
@echo "PUBLISHING SERVICE"
@echo "=================="
@hzn exchange service publish -O -P --json-file=service.definition.json
@echo ""
remove-service:
@echo "=================="
@echo "REMOVING SERVICE"
@echo "=================="
@hzn exchange service remove -f $(HZN_ORG_ID)/$(SERVICE_NAME)_$(SERVICE_VERSION)_$(ARCH)
@echo ""
publish-service-policy:
@echo "========================="
@echo "PUBLISHING SERVICE POLICY"
@echo "========================="
@hzn exchange service addpolicy -f service.policy.json $(HZN_ORG_ID)/$(SERVICE_NAME)_$(SERVICE_VERSION)_$(ARCH)
@echo ""
remove-service-policy:
@echo "======================="
@echo "REMOVING SERVICE POLICY"
@echo "======================="
@hzn exchange service removepolicy -f $(HZN_ORG_ID)/$(SERVICE_NAME)_$(SERVICE_VERSION)_$(ARCH)
@echo ""
publish-deployment-policy:
@echo "============================"
@echo "PUBLISHING DEPLOYMENT POLICY"
@echo "============================"
@hzn exchange deployment addpolicy -f deployment.policy.json $(HZN_ORG_ID)/policy-$(SERVICE_NAME)_$(SERVICE_VERSION)
@echo ""
remove-deployment-policy:
@echo "=========================="
@echo "REMOVING DEPLOYMENT POLICY"
@echo "=========================="
@hzn exchange deployment removepolicy -f $(HZN_ORG_ID)/policy-$(SERVICE_NAME)_$(SERVICE_VERSION)
@echo ""
agent-run:
@echo "================"
@echo "REGISTERING NODE"
@echo "================"
@hzn register --policy=node.policy.json
@watch hzn agreement list
agent-stop:
@echo "==================="
@echo "UN-REGISTERING NODE"
@echo "==================="
@hzn unregister -f
@echo ""
deploy-check:
@hzn deploycheck all -t device -B deployment.policy.json --service=service.definition.json --service-pol=service.policy.json --node-pol=node.policy.json
log:
@echo "========="
@echo "EVENT LOG"
@echo "========="
@hzn eventlog list
@echo ""
@echo "==========="
@echo "SERVICE LOG"
@echo "==========="
@hzn service log -f $(SERVICE_NAME)
.PHONY: default stop init run dev test clean build push attach publish publish-service publish-service-policy publish-deployment-policy publish-pattern agent-run distclean deploy-check check log remove-deployment-policy remove-service-policy remove-service