This repository has been archived by the owner on Mar 1, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathMakefile
123 lines (110 loc) · 4.43 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Copyright 2020 Darkbit.io
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
SHELL := /usr/bin/env bash
IMAGENAME=mkit
IMAGEREPO=darkbitio/$(IMAGENAME)
IMAGEPATH=$(IMAGEREPO):latest
HOMEDIR=/home/node
WORKDIR=${HOMEDIR}/audit
LOCALDIR=$(abspath $(dir ../))
CHECKK8S="k8s.sh"
CHECKGKE="gke.sh"
CHECKAKS="aks.sh"
CHECKEKS="eks.sh"
NDEF = $(if $(value $(1)),,$(error $(1) not set))
DOCKERBUILD=docker build -t $(IMAGEREPO):latest .
COMMAND=docker run --rm -it -p8000:8000 -v "$(PWD)/support/input.yaml":$(WORKDIR)/input.yaml
GKEDEVMOUNT=-v $(LOCALDIR)/inspec-profile-gke:$(HOMEDIR)/profiles/inspec-profile-gke \
-v $(LOCALDIR)/inspec-profile-k8s:$(HOMEDIR)/profiles/inspec-profile-k8s
GKECOMMAND=$(COMMAND) \
-v $(HOME)/.config/gcloud:$(HOMEDIR)/.config/gcloud \
-e GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS=true
GKEINSPECRUN=$(GKECOMMAND) --entrypoint $(WORKDIR)/$(CHECKGKE) $(IMAGEPATH) "$(project_id)" "$(location)" "$(clustername)"
AKSDEVMOUNT=-v $(LOCALDIR)/inspec-profile-aks:$(HOMEDIR)/profiles/inspec-profile-aks \
-v $(LOCALDIR)/inspec-profile-k8s:$(HOMEDIR)/profiles/inspec-profile-k8s
AKSCOMMAND=$(COMMAND) \
-e AZURE_CLIENT_ID \
-e AZURE_TENANT_ID \
-e AZURE_CLIENT_SECRET \
-e AZURE_SUBSCRIPTION_ID
AKSINSPECRUN=$(AKSCOMMAND) --entrypoint $(WORKDIR)/$(CHECKAKS) $(IMAGEPATH) "$(resourcegroup)" "$(clustername)"
EKSDEVMOUNT=-v $(LOCALDIR)/inspec-profile-eks:$(HOMEDIR)/profiles/inspec-profile-eks \
-v $(LOCALDIR)/inspec-profile-k8s:$(HOMEDIR)/profiles/inspec-profile-k8s
EKSCOMMAND=$(COMMAND) \
-v $(HOME)/.aws:${HOMEDIR}/.aws:ro \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-e AWS_SECURITY_TOKEN \
-e AWS_SESSION_EXPIRATION
EKSINSPECRUN=$(EKSCOMMAND) --entrypoint $(WORKDIR)/$(CHECKEKS) $(IMAGEPATH) "$(awsregion)" "$(clustername)"
K8SDEVMOUNT=-v $(LOCALDIR)/inspec-profile-k8s:$(HOMEDIR)/profiles/inspec-profile-k8s
K8SKUBECONFIG=$(or ${KUBECONFIG},${KUBECONFIG},$(HOME)/.kube/config)
K8SCOMMAND=$(COMMAND) \
-v $(K8SKUBECONFIG):/${HOMEDIR}/.kube/config:ro
K8SINSPECRUN=$(K8SCOMMAND) --entrypoint $(WORKDIR)/$(CHECKK8S) $(IMAGEPATH)
.PHONY: build run-k8s run-gke run-aks run-eks shell shell-k8s dev-k8s shell-gke dev-gke shell-aks dev-aks shell-eks dev-eks
build:
@echo "Building $(IMAGEREPO):latest"
@$(DOCKERBUILD)
run-k8s:
@echo "Running in $(IMAGEREPO):latest: $(WORKDIR)/$(CHECKK8S)"
@$(K8SINSPECRUN) || exit 0
run-gke:
$(call NDEF,project_id)
$(call NDEF,location)
$(call NDEF,clustername)
@echo "Running in $(IMAGEREPO):latest: $(WORKDIR)/$(CHECKGKE)"
@$(GKEINSPECRUN) || exit 0
run-aks:
$(call NDEF,AZURE_CLIENT_ID)
$(call NDEF,AZURE_TENANT_ID)
$(call NDEF,AZURE_CLIENT_SECRET)
$(call NDEF,AZURE_SUBSCRIPTION_ID)
$(call NDEF,resourcegroup)
$(call NDEF,clustername)
@echo "Running in $(IMAGEREPO):latest: $(WORKDIR)/$(CHECKAKS)"
@$(AKSINSPECRUN) || exit 0
run-eks:
$(call NDEF,awsregion)
$(call NDEF,clustername)
@echo "Running in $(IMAGEREPO):latest: $(WORKDIR)/$(CHECKEKS)"
@$(EKSINSPECRUN) || exit 0
shell:
@echo "Running a shell inside the container"
@$(COMMAND) $(IMAGEPATH) || exit 0
shell-k8s:
@echo "Running a shell inside the container for K8s"
@$(K8SCOMMAND) $(IMAGEPATH) || exit 0
dev-k8s:
@echo "Running a profile dev shell inside the container for K8s"
@$(K8SCOMMAND) $(K8SDEVMOUNT) $(IMAGEPATH) || exit 0
shell-gke:
@echo "Running a shell inside the container for GKE"
@$(GKECOMMAND) $(IMAGEPATH) || exit 0
dev-gke:
@echo "Running a profile dev shell inside the container for GKE"
@$(GKECOMMAND) $(GKEDEVMOUNT) $(IMAGEPATH) || exit 0
shell-aks:
@echo "Running a shell inside the container for AKS"
@$(AKSCOMMAND) $(IMAGEPATH) || exit 0
dev-aks:
@echo "Running a profile dev shell inside the container for AKS"
@$(AKSCOMMAND) $(AKSDEVMOUNT) $(IMAGEPATH) || exit 0
shell-eks:
@echo "Running a shell inside the container for EKS"
@$(EKSCOMMAND) $(IMAGEPATH) || exit 0
dev-eks:
@echo "Running a profile dev shell inside the container for EKS"
@$(EKSCOMMAND) $(EKSDEVMOUNT) $(IMAGEPATH) || exit 0