Dat feat awsmp sleek rebase

Makefile

@@ -1,33 +1,135 @@
-start-watch:
-	gow run -tags $(or $(datree_build_env),staging) -ldflags="-X github.com/datreeio/admission-webhook-datree/pkg/config.WebhookVersion=0.0.1" main.go
-
-start:
-	go run -tags $(or $(datree_build_env),staging) -ldflags="-X github.com/datreeio/admission-webhook-datree/pkg/config.WebhookVersion=0.0.1" main.go
-start-dev:
-	make datree_build_env=dev start
-start-staging:
-	make datree_build_env=staging start
-start-production:
-	make datree_build_env=main start
-
-build:
-	go build -tags $(or $(datree_build_env),staging) -ldflags="-X github.com/datreeio/admission-webhook-datree/pkg/config.WebhookVersion=0.0.1" -o webhook-datree
-build-dev:
-	make datree_build_env=dev build
-build-staging:
-	make datree_build_env=staging build
-build-production:
-	make datree_build_env=main build
 
-test:
-	DATREE_ENFORCE="true" go test ./...
+#################
+#    DEFAULTS   #
+#################
 
-deploy-in-minikube:
-	bash ./scripts/deploy-in-minikube.sh
+CMD_DIR        := ./cmd
+INIT_WEBHOOK_DIR    := $(CMD_DIR)/init-webhook
+CERT_GENERATOR_DIR := $(CMD_DIR)/cert-generator
+WEBHOOK_SERVER_DIR := $(CMD_DIR)/webhook-server
+WEBHOOK_VERSION := 0.0.1
+LD_FLAGS := "-X github.com/datreeio/admission-webhook-datree/pkg/config.WebhookVersion=$(WEBHOOK_VERSION)"
+BUILD_ARGS_ENV ?= staging
+BUILD_ARGS_DIR ?= $(WEBHOOK_SERVER_DIR)
+BUILD_ARGS_OUTPUT ?= webhook-server
+
+
+#################
+#      RUN      #
+#################
+
+_runner: 
+	go run -tags ${BUILD_ARGS_ENV} -ldflags=$(LD_FLAGS) $(BUILD_ARGS_DIR)
+
+run-cert-generator-%:
+	 $(MAKE) _runner \
+		-e BUILD_ARGS_DIR=$(CERT_GENERATOR_DIR) \
+		-e BUILD_ARGS_ENV="$*"
+
+run-init-webhook-%:
+	 $(MAKE) _runner \
+  		-e BUILD_ARGS_DIR=$(INIT_WEBHOOK_DIR) \
+  		-e BUILD_ARGS_ENV="$*"
+
+run-webhook-server-%:
+	 $(MAKE) _runner \
+  		-e BUILD_ARGS_DIR=$(WEBHOOK_SERVER_DIR) \
+  		-e BUILD_ARGS_ENV="$*"
+
+.PHONY: run-in-minikube
 run-in-minikube:
 	bash ./scripts/run-in-minikube.sh
+
+#################
+#      TEST     #
+#################
+
+test:
+	DATREE_ENFORCE="true" go test ./...
+
+.PHONY: test-in-minikube
 test-in-minikube:
 	bash ./scripts/test-in-minikube.sh
+
+##################
+#   BUILD  #
+##################
+_builder:
+	docker build -t ${BUILD_ARGS_OUTPUT} -f $(BUILD_ARGS_DIR)/Dockerfile . --build-arg BUILD_ENVIRONMENT=${BUILD_ARGS_ENV}
+
+build-cert-generator-%:
+	 $(MAKE) _builder \
+  		-e BUILD_ARGS_DIR=$(CERT_GENERATOR_DIR) \
+  		-e BUILD_ARGS_ENV="$*"	 \
+		-e BUILD_ARGS_OUTPUT="cert-generator"
+
+build-init-webhook-%:
+	 $(MAKE) _builder \
+  		-e BUILD_ARGS_DIR=$(INIT_WEBHOOK_DIR) \
+  		-e BUILD_ARGS_ENV="$*"	 \
+		-e BUILD_ARGS_OUTPUT="init-webhook"
+
+build-webhook-server-%:
+	 $(MAKE) _builder \
+  		-e BUILD_ARGS_DIR=$(WEBHOOK_SERVER_DIR) \
+  		-e BUILD_ARGS_ENV="$*"	 \
+		-e BUILD_ARGS_OUTPUT="webhook-server"		
+
+#################
+#    DEPLOY     #
+#################
+
+.PHONY: deploy-in-minikube
+deploy-in-minikube:
+	bash ./scripts/deploy-in-minikube.sh
+
+
+deploy-webhook-server: 
+	$(eval IMAGE_TAG := $(shell yq '.image.tag' ./charts/datree-admission-webhook-awsmp/values.yaml | awk -F. '{$$NF = $$NF + 1;} 1' | sed 's/ /./g'))
+	$(MAKE) build-webhook-server-awsmp
+	docker tag webhook-server 709825985650.dkr.ecr.us-east-1.amazonaws.com/datree/datree-admission-webhook:$(IMAGE_TAG)
+	aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
+	docker push 709825985650.dkr.ecr.us-east-1.amazonaws.com/datree/datree-admission-webhook:${IMAGE_TAG}
+	tag=${IMAGE_TAG} yq e --inplace '.image."tag" |= strenv(tag)' ./charts/datree-admission-webhook-awsmp/values.yaml
+
+
+deploy-init-webhook:
+	$(eval IMAGE_TAG := $(shell yq '.imageWebhook.tag' ./charts/datree-admission-webhook-awsmp/values.yaml | awk -F. '{$$NF = $$NF + 1;} 1' | sed 's/ /./g'))
+	$(MAKE) build-init-webhook-awsmp
+	docker tag init-webhook 709825985650.dkr.ecr.us-east-1.amazonaws.com/datree/init-webhook:$(IMAGE_TAG)
+	aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
+	docker push 709825985650.dkr.ecr.us-east-1.amazonaws.com/datree/init-webhook:${IMAGE_TAG}
+	tag=${IMAGE_TAG} yq e --inplace '.imageWebhook."tag" |= strenv(tag)' ./charts/datree-admission-webhook-awsmp/values.yaml
+
+deploy-cert-generator:
+	$(eval IMAGE_TAG := $(shell yq '.initContainer.tag' ./charts/datree-admission-webhook-awsmp/values.yaml | awk -F. '{$$NF = $$NF + 1;} 1' | sed 's/ /./g'))
+	$(MAKE) build-cert-generator-awsmp
+	docker tag cert-generator 709825985650.dkr.ecr.us-east-1.amazonaws.com/datree/cert-generator:$(IMAGE_TAG)
+	aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
+	docker push 709825985650.dkr.ecr.us-east-1.amazonaws.com/datree/cert-generator:${IMAGE_TAG}
+	tag=${IMAGE_TAG} yq e --inplace '.initContainer."tag" |= strenv(tag)' ./charts/datree-admission-webhook-awsmp/values.yaml
+
+deploy-datree-awsmp:
+	$(MAKE) deploy-cert-generator
+	$(MAKE) deploy-init-webhook
+	$(MAKE) deploy-webhook-server
+
+# verify that the chart is valid
+	helm lint ./charts/datree-admission-webhook-awsmp
+
+# bump Helm Chart version 
+	$(eval HELM_CHART_VERSION=$(shell yq '.version' ./charts/datree-admission-webhook-awsmp/Chart.yaml | awk -F. '{$$NF = $$NF + 1;} 1' | sed 's/ /./g'))
+	version=${HELM_CHART_VERSION} yq e --inplace '."version" |= strenv(version)' ./charts/datree-admission-webhook-awsmp/Chart.yaml
+
+# helm push chart to ECR
+	helm package ./charts/datree-admission-webhook-awsmp
+	aws ecr get-login-password --region us-east-1 | helm login --username AWS --password-stdin 000000000000.dkr.ecr.us-east-1.amazonaws.com
+	helm push datree-admission-webhook-awsmp-${HELM_CHART_VERSION}.tgz 000000000000.dkr.ecr.us-east-1.amazonaws.com
+
+
+#################
+#    HELM     #
+#################
 
 helm-install-local-in-minikube:
 	eval $(minikube docker-env) && \
@@ -42,4 +144,4 @@ helm-uninstall:
 
 helm-install-staging:
 	helm install -n datree datree-webhook ./charts/datree-admission-webhook --set datree.token="${DATREE_TOKEN}" --set scan_job.image.repository="datree/scan-job-staging" \
-	--set scan_job.image.tag="latest" --set image.repository="datree/webhook-staging" --set image.tag="latest"
+	--set scan_job.image.tag="latest" --set image.repository="datree/webhook-staging" --set image.tag="latest"

charts/datree-admission-webhook-awsmp/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: datree-lib
+  repository: file://../datree-lib
+  version: 0.1.1
+digest: sha256:a65b157f4e3e466bfc9a80df08a319a3f61abdb84e4a29dfbe18127dd11edac6
+generated: "2022-10-18T15:06:55.309464+03:00"

charts/datree-admission-webhook-awsmp/Chart.yaml

@@ -0,0 +1,31 @@
+apiVersion: v2
+name: datree-admission-webhook-awsmp
+description: A Helm chart for Datree admission webhook for Kubernetes clusters
+icon: https://github.com/datreeio/admission-webhook-datree/blob/main/internal/images/diagram.png
+type: application
+keywords:
+  - datree-admission-webhook
+  - policy agent
+  - validating webhook
+  - admissions controller
+home: datree.io
+sources:
+  - https://github.com/datreeio/admission-webhook-datree
+
+kubeVersion: ">=1.16.0-0"
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.2-rc.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.24-rc.2"
+
+dependencies:
+  - name: datree-lib
+    version: 0.1.1
+    repository: file://../datree-lib

charts/datree-admission-webhook-awsmp/templates/_helpers.tpl

@@ -0,0 +1,25 @@
+{{/* Create chart name and version as used by the chart label. */}}
+{{- define "datree.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/* Helm and Kubernetes required labels */}}
+{{- define "datree.labels" -}}
+app.kubernetes.io/name: {{.Chart.Name}}
+app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+app.kubernetes.io/instance: {{ .Release.Name | quote }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/part-of: "datree"
+meta.helm.sh/release-name: "{{ .Chart.Name }}"
+meta.helm.sh/release-namespace: "{{ .Release.Namespace}}" 
+helm.sh/chart: {{ template "datree.chart" . }}
+    {{- if .Values.customLabels -}}
+        {{ toYaml .Values.customLabels }}
+    {{- end -}}
+{{- end -}}
+
+{{/* The namespace name. */}}
+{{- define "datree.namespace" -}}
+{{- default .Release.Namespace .Values.namespace  -}}
+{{- end -}}

charts/datree-admission-webhook-awsmp/templates/cleanup-pre-delete.yaml

@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: datree-cleanup-namespaces-hook-pre-delete
+  labels: {{include "datree.labels" . | nindent 4}}
+  namespace: {{template "datree.namespace" .}}
+  annotations: 
+    "helm.sh/hook": pre-delete, pre-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+  {{- if .Values.customAnnotations }}
+    {{- toYaml .Values.customAnnotations }}
+  {{- end }}
+spec:
+  template:
+    metadata:
+      labels: {{include "datree.labels" . | nindent 8}}
+      {{- if .Values.customAnnotations }}
+      annotations: {{- toYaml .Values.customAnnotations | nindent 4 }}
+      {{- end }}
+    spec:
+      restartPolicy: OnFailure
+      serviceAccount: datree-cleanup-namespaces-hook-pre-delete
+      nodeSelector:
+        kubernetes.io/os: linux
+      containers:
+        - name: kubectl-label
+          image: "{{ .Values.hooks.image.repository }}@{{ .Values.hooks.image.sha }}"
+          imagePullPolicy: {{.Values.hooks.image.pullPolicy}}
+          command:
+            - sh
+            - "-c"
+            - >-
+              kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n {{template "datree.namespace" .}};
+              kubectl delete deployment datree-webhook-server -n {{template "datree.namespace" .}};
+              kubectl label ns kube-system {{template "datree.namespace" .}} datree.io/skip-;

charts/datree-admission-webhook-awsmp/templates/clusterrole.yaml

@@ -0,0 +1 @@
+{{- include "datree-lib.clusterrole" .}}

charts/datree-admission-webhook-awsmp/templates/clusterrolebinding.yaml

@@ -0,0 +1 @@
+{{- include "datree-lib.clusterrolebinding" .}}