Google Git
Sign in
apache / dubbo-go-pixiu / de9f1befd6a6e38513ea5e704a5488ed608df7d5 / . / tools / packaging / packaging.mk
blob: 8c2521c5ce06d7f08d3e8b2f234155ec13284a70 [file] [log] [blame]
#remove leading characters since package version expects to start with digit
PACKAGE_VERSION ?= $(shell echo $(VERSION) | sed 's/^[a-z]*-//' | sed 's/-//')
# Creates the 2 packages. BUILD_WITH_CONTAINER=1 or in CI/CD (BUILD_WITH_CONTAINER=0)
#
# Development/manual testing:
# make deb - builds debian packaging
# make deb/docker - builds a test docker image
deb: ${TARGET_OUT_LINUX}/release/istio-sidecar.deb ${TARGET_OUT_LINUX}/release/istio.deb
# fpm likes to add extremely high levels of compression. This is fine for release, but for local runs
# where we are just pushing to a local registry (compressed again!), it adds ~1min to builds.
ifneq ($(FAST_VM_BUILDS),)
DEB_COMPRESSION=--deb-compression=none
RPM_COMPRESSION=--rpm-compression=none
endif
# Base directory for istio binaries. Likely to change !
ISTIO_DEB_BIN=/usr/local/bin
# Home directory of istio-proxy user. It is symlinked /etc/istio --> /var/lib/istio
ISTIO_PROXY_HOME=/var/lib/istio
ISTIO_DEB_DEPS:=pilot-discovery istioctl
ISTIO_FILES:=
$(foreach DEP,$(ISTIO_DEB_DEPS),\
$(eval ${TARGET_OUT_LINUX}/release/istio.deb: $(TARGET_OUT_LINUX)/$(DEP)) \
$(eval ISTIO_FILES+=$(TARGET_OUT_LINUX)/$(DEP)=$(ISTIO_DEB_BIN)/$(DEP)) )
SIDECAR_DEB_DEPS:=envoy pilot-agent
SIDECAR_FILES:=
$(foreach DEP,$(SIDECAR_DEB_DEPS),\
$(eval ${TARGET_OUT_LINUX}/release/istio-sidecar.deb: $(TARGET_OUT_LINUX)/$(DEP)) \
$(eval ${TARGET_OUT_LINUX}/release/istio-sidecar.rpm: $(TARGET_OUT_LINUX)/$(DEP)) \
$(eval SIDECAR_FILES+=$(TARGET_OUT_LINUX)/$(DEP)=$(ISTIO_DEB_BIN)/$(DEP)) )
${TARGET_OUT_LINUX}/release/istio-sidecar-centos-7.rpm: $(TARGET_OUT_LINUX)/envoy-centos
${TARGET_OUT_LINUX}/release/istio-sidecar-centos-7.rpm: $(TARGET_OUT_LINUX)/pilot-agent
SIDECAR_CENTOS_7_FILES:=$(TARGET_OUT_LINUX)/envoy-centos=$(ISTIO_DEB_BIN)/envoy
SIDECAR_CENTOS_7_FILES+=$(TARGET_OUT_LINUX)/pilot-agent=$(ISTIO_DEB_BIN)/pilot-agent
ISTIO_DEB_DEST:=${ISTIO_DEB_BIN}/istio-start.sh \
/lib/systemd/system/istio.service \
/var/lib/istio/envoy/sidecar.env
$(foreach DEST,$(ISTIO_DEB_DEST),\
$(eval ${TARGET_OUT_LINUX}/istio-sidecar.deb: tools/packaging/common/$(notdir $(DEST))) \
$(eval SIDECAR_FILES+=${REPO_ROOT}/tools/packaging/common/$(notdir $(DEST))=$(DEST)) \
$(eval SIDECAR_CENTOS_7_FILES+=${REPO_ROOT}/tools/packaging/common/$(notdir $(DEST))=$(DEST)))
SIDECAR_FILES+=${REPO_ROOT}/tools/packaging/common/envoy_bootstrap.json=/var/lib/istio/envoy/envoy_bootstrap_tmpl.json
SIDECAR_CENTOS_7_FILES+=${REPO_ROOT}/tools/packaging/common/envoy_bootstrap.json=/var/lib/istio/envoy/envoy_bootstrap_tmpl.json
ISTIO_EXTENSIONS:=stats-filter.wasm \
stats-filter.compiled.wasm \
metadata-exchange-filter.wasm \
metadata-exchange-filter.compiled.wasm
$(foreach EXT,$(ISTIO_EXTENSIONS),\
$(eval SIDECAR_FILES+=${ISTIO_ENVOY_LINUX_RELEASE_DIR}/$(EXT)=$(ISTIO_PROXY_HOME)/extensions/$(EXT)) \
$(eval SIDECAR_CENTOS_7_FILES+=${ISTIO_ENVOY_LINUX_RELEASE_DIR}/$(EXT)=$(ISTIO_PROXY_HOME)/extensions/$(EXT)))
# original name used in 0.2 - will be updated to 'istio.deb' since it now includes all istio binaries.
SIDECAR_PACKAGE_NAME ?= istio-sidecar
# TODO: rename istio-sidecar.deb to istio.deb
# Note: adding --deb-systemd ${REPO_ROOT}/tools/packaging/common/istio.service will result in
# a /etc/systemd/system/multi-user.target.wants/istio.service and auto-start. Currently not used
# since we need configuration.
# --iteration 1 adds a "-1" suffix to the version that didn't exist before
${TARGET_OUT_LINUX}/release/istio-sidecar.deb: | ${TARGET_OUT_LINUX} deb/fpm
${TARGET_OUT_LINUX}/release/istio-sidecar.rpm: | ${TARGET_OUT_LINUX} rpm/fpm
${TARGET_OUT_LINUX}/release/istio-sidecar-centos-7.rpm: | ${TARGET_OUT_LINUX} rpm-7/fpm
# Package the sidecar rpm file.
rpm/fpm:
rm -f ${TARGET_OUT_LINUX}/release/istio-sidecar.rpm
fpm -s dir -t rpm -n ${SIDECAR_PACKAGE_NAME} -p ${TARGET_OUT_LINUX}/release/istio-sidecar.rpm --version $(PACKAGE_VERSION) -f \
--url http://istio.io \
--license Apache \
--vendor istio.io \
--maintainer istio@istio.io \
--after-install tools/packaging/postinst.sh \
--config-files /var/lib/istio/envoy/envoy_bootstrap_tmpl.json \
--config-files /var/lib/istio/envoy/sidecar.env \
--description "Istio Sidecar" \
--depends iproute \
--depends iptables \
--depends sudo \
$(RPM_COMPRESSION) \
$(SIDECAR_FILES)
# Centos 7 compatible RPM
rpm-7/fpm:
rm -f ${TARGET_OUT_LINUX}/release/istio-sidecar-centos-7.rpm
fpm -s dir -t rpm -n ${SIDECAR_PACKAGE_NAME} -p ${TARGET_OUT_LINUX}/release/istio-sidecar-centos-7.rpm --version $(PACKAGE_VERSION) -f \
--url http://istio.io \
--license Apache \
--vendor istio.io \
--maintainer istio@istio.io \
--after-install tools/packaging/postinst.sh \
--config-files /var/lib/istio/envoy/envoy_bootstrap_tmpl.json \
--config-files /var/lib/istio/envoy/sidecar.env \
--description "Istio Sidecar" \
--depends iproute \
--depends iptables \
--depends sudo \
$(RPM_COMPRESSION) \
$(SIDECAR_CENTOS_7_FILES)
# Package the sidecar deb file.
deb/fpm:
rm -f ${TARGET_OUT_LINUX}/release/istio-sidecar.deb
fpm -s dir -t deb -n ${SIDECAR_PACKAGE_NAME} -p ${TARGET_OUT_LINUX}/release/istio-sidecar.deb --version $(PACKAGE_VERSION) -f \
--url http://istio.io \
--license Apache \
--vendor istio.io \
--maintainer istio@istio.io \
--after-install tools/packaging/postinst.sh \
--config-files /var/lib/istio/envoy/envoy_bootstrap_tmpl.json \
--config-files /var/lib/istio/envoy/sidecar.env \
--description "Istio Sidecar" \
--depends iproute2 \
--depends iptables \
--depends sudo \
$(DEB_COMPRESSION) \
$(SIDECAR_FILES)
${TARGET_OUT_LINUX}/release/istio.deb:
rm -f ${TARGET_OUT_LINUX}/release/istio.deb
fpm -s dir -t deb -n istio -p ${TARGET_OUT_LINUX}/release/istio.deb --version $(PACKAGE_VERSION) -f \
--url http://istio.io \
--license Apache \
--vendor istio.io \
--maintainer istio@istio.io \
--description "Istio" \
$(ISTIO_FILES)
# TODO: use k8s style - /etc/pki/istio/...
PKI_DIR ?= tests/testdata/certs/cacerts
VM_PKI_DIR ?= tests/testdata/certs/vm
testcert-gen: ${GEN_CERT}
mkdir -p ${PKI_DIR}
mkdir -p ${VM_PKI_DIR}
${GEN_CERT} -ca --out-priv ${PKI_DIR}/ca-key.pem --out-cert ${PKI_DIR}/ca-cert.pem -organization "istio ca"
cp ${PKI_DIR}/ca-cert.pem ${PKI_DIR}/root-cert.pem
cp ${PKI_DIR}/ca-cert.pem ${PKI_DIR}/cert-chain.pem
${GEN_CERT} -signer-cert ${PKI_DIR}/ca-cert.pem -signer-priv ${PKI_DIR}/ca-key.pem \
-out-cert ${VM_PKI_DIR}/cert-chain.pem -out-priv ${VM_PKI_DIR}/key.pem \
-host spiffe://cluster.local/ns/vmtest/sa/default --mode signer
cp ${PKI_DIR}/ca-cert.pem ${VM_PKI_DIR}/root-cert.pem
# Install the deb in a docker image, for testing the install process.
# Will use a minimal base image, install all that is needed.
deb/docker: testcert-gen
mkdir -p ${TARGET_OUT_LINUX}/deb
cp tools/packaging/deb/Dockerfile tools/packaging/deb/deb_test.sh ${TARGET_OUT_LINUX}/deb
# Istio configs, for testing istiod running in the VM.
cp tests/testdata/config/*.yaml ${TARGET_OUT_LINUX}/deb
# Test case uses a cert that is not available
# TODO: use a valid path or copy some certificate
rm ${TARGET_OUT_LINUX}/deb/se-example.yaml
# Test certificates - can be used to verify connection with an istiod running on the host or
# in a separate container.
cp -a tests/testdata/certs ${TARGET_OUT_LINUX}/deb
cp ${TARGET_OUT_LINUX}/release/istio-sidecar.deb ${TARGET_OUT_LINUX}/deb/istio-sidecar.deb
cp ${TARGET_OUT_LINUX}/release/istio.deb ${TARGET_OUT_LINUX}/deb/istio.deb
docker build -t istio_deb -f ${TARGET_OUT_LINUX}/deb/Dockerfile ${TARGET_OUT_LINUX}/deb/
# For the test, by default use a local pilot.
# Set it to 172.18.0.1 to run against a pilot running in IDE.
# You may need to enable 15007 in the local machine firewall for this to work.
DEB_PILOT_IP ?= 127.0.0.1
DEB_CMD ?= /bin/bash
ISTIO_NET ?= 172.18
DEB_IP ?= ${ISTIO_NET}.0.3
DEB_PORT_PREFIX ?= 1600
# TODO: docker compose ?
# Run the docker image including the installed debian, with access to all source
# code. Useful for debugging/experiments with iptables.
#
# Before running:
# docker network create --subnet=172.18.0.0/16 istiotest
# The IP of the docker matches the byon-docker service entry in the static configs, if testing without k8s.
#
# On host, run istiod (can be standalone), using Kind or real K8S cluster:
#
# export TOKEN_ISSUER=https://localhost # Dummy, to ignore missing token. Can be real OIDC server.
# export MASTER_ELECTION=false
# istiod discovery -n dubbo-system
#
deb/run/docker:
docker run --cap-add=NET_ADMIN --rm \
-v ${GO_TOP}:${GO_TOP} \
-w ${PWD} \
--mount type=bind,source="$(HOME)/.kube",destination="/home/.kube" \
--mount type=bind,source="$(GOPATH)",destination="/ws" \
--net istiotest --ip ${DEB_IP} \
--add-host echo:10.1.1.1 \
--add-host byon.test.istio.io:10.1.1.2 \
--add-host byon-docker.test.istio.io:10.1.1.2 \
--add-host istiod.dubbo-system.svc:${DEB_PILOT_IP} \
${DEB_ENV} -e ISTIO_SERVICE_CIDR=10.1.1.0/24 \
-e ISTIO_INBOUND_PORTS=7070,7072,7073,7074,7075 \
-e PILOT_CERT_DIR=/var/lib/istio/pilot \
-p 127.0.0.1:${DEB_PORT_PREFIX}1:15007 \
-p 127.0.0.1:${DEB_PORT_PREFIX}2:7070 \
-p 127.0.0.1:${DEB_PORT_PREFIX}3:7072 \
-p 127.0.0.1:${DEB_PORT_PREFIX}4:7073 \
-p 127.0.0.1:${DEB_PORT_PREFIX}5:7074 \
-p 127.0.0.1:${DEB_PORT_PREFIX}6:7075 \
-p 127.0.0.1:${DEB_PORT_PREFIX}7:15012 \
-p 127.0.0.1:${DEB_PORT_PREFIX}8:15010 \
-e GOPATH=${GOPATH} \
-it istio_deb ${DEB_CMD}
deb/test:
$(MAKE) deb/run/docker DEB_CMD="deb_test.sh test"
deb/run/debug:
$(MAKE) deb/run/docker DEB_ENV="-e DEB_PILOT_IP=172.18.0.1"
deb/run/mtls:
$(MAKE) deb/run/docker DEB_PORT_PREFIX=1620 -e DEB_PILOT_IP=172.18.0.1 DEB_IP=172.18.0.5 DEB_ENV="-e ISTIO_PILOT_PORT=15005 -e ISTIO_CP_AUTH=MUTUAL_TLS"
#
deb/docker-run: deb/docker deb/run/docker
.PHONY: \
deb \
deb/build-in-docker \
deb/docker \
deb/docker-run \
deb/run/docker \
deb/fpm \
deb/test \
sidecar.deb