This repository has been archived by the owner on Oct 31, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Makefile.local
481 lines (417 loc) · 22.4 KB
/
Makefile.local
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
LOCAL_DIR=$(PWD)/local
LOCAL_CERTS = $(LOCAL_DIR)/certs
PATH:=$(LOCAL_BIN):$(PATH) # Use our local stuff first
# Tools used to run the application locally
JQ=$(LOCAL_BIN)/jq
KUBECTL=minikube kubectl --
YQ=$(LOCAL_BIN)/yq
VAULT=vault
PGO=$(LOCAL_BIN)/pgo
# This is the domain that is used for local development. You can change it to anything you want here and run init-mini
# and everything will be provisioned and setup on your development machine for that domain.
LOCAL_DOMAIN=monetr.mini
SUBDOMAINS=kms mail work pgadmin pghero vault ngrok registry app api
VALUES=$(PWD)/values.local.yaml
LOGIN_JWT_SECRET=$(LOCAL_DIR)/login_jwt_secret.txt
REGISTER_JWT_SECRET=$(LOCAL_DIR)/register_jwt_secret.txt
LOCAL_REST_API_DEPLOY=$(LOCAL_DIR)/rest-api-yaml
REST_API_IMAGE_NAME=rest-api
$(LOCAL_DIR):
mkdir -p $(LOCAL_DIR)
info:
$(call infoMsg,Creating a minikube cluster for local development at: https://$(LOCAL_DOMAIN))
$(call infoMsg,OS: $(OS))
$(call infoMsg,ARCH: $(ARCH))
stop-mini: $(HOSTESS)
$(call infoMsg,Stoppping the minikube cluster)
minikube stop || true
$(call infoMsg,Removing our hostnames from /etc/hosts)
for subdomain in $(SUBDOMAINS); do sudo $(HOSTESS) rm $$subdomain.$(LOCAL_DOMAIN) || true; done
clean-mini: stop-mini clean-certificates
$(call infoMsg,Deleting the contents of the stopped cluster; makes sure our environment is clean the next time)
minikube delete || true
rm -rf $(VALUES) || true
rm -rf $(PWD)/local || true
rm -rf $(LOCAL_TMP) || true
rm -rf $(LOCAL_BIN) || true
$(MAKE) clean
init-mini: info
$(call infoMsg,Setting stuff up)
$(MAKE) setup-certificates
(minikube status | grep "minikube start") && $(MAKE) start-minikube
$(MAKE) setup-hosts
$(MAKE) update-coredns
$(MAKE) deploy-certmanager
$(MAKE) deploy-certificate-authority
$(MAKE) setup-registry
$(MAKE) deploy-redis
$(MAKE) deploy-postgres
$(MAKE) vault-mini
$(MAKE) mail-mini
$(MAKE) deploy-mini-application
$(MAKE) vault-token
$(call infoMsg,Local environment is setup; you should be able to access the API at: https://api.$(LOCAL_DOMAIN))
MINIKUBE_NAMESPACE=default
MINIKUBE_CPUS=4 # 4 CPU cores, could be reduced to 2.
MINIKUBE_MEMORY=8192 # 8GB of memory. Reduce if this is too high for your computer. Could be reduced to 2GB
MINIKUBE_DRIVER=hyperkit # I'm on macOS, so this will vary wildly.
KUBERNETES_VERSION=v1.19.0
start-minikube:
$(info Starting minikube)
minikube start \
--addons=ingress \
--cpus=$(MINIKUBE_CPUS) \
--memory=$(MINIKUBE_MEMORY) \
--delete-on-failure \
--driver=$(MINIKUBE_DRIVER) \
--kubernetes-version=$(KUBERNETES_VERSION) \
--embed-certs
setup-etc-hosts: $(HOSTESS)
$(call infoMsg,Registering hosts with your /etc/hosts file; these are removed upon running: make clean-mini)
$(eval MINIKUBE_IP = $(shell minikube ip))
for subdomain in $(SUBDOMAINS); do sudo $(HOSTESS) add $$subdomain.$(LOCAL_DOMAIN) $(MINIKUBE_IP); done
setup-hosts: MINIKUBE_IP=$(shell minikube ip)
setup-hosts: MINIKUBE_SSH_KEY=$(shell minikube ssh-key)
setup-hosts: setup-etc-hosts
@sleep 5
$(call infoMsg,Adding 'registry.$(LOCAL_DOMAIN)' to minikube's VM's /etc/hosts file )
ssh -o "IdentitiesOnly=yes" \
-o "StrictHostKeyChecking no" \
-i $(MINIKUBE_SSH_KEY) docker@$(MINIKUBE_IP) \
'sudo chown docker /etc/hosts && echo "$(MINIKUBE_IP) registry.$(LOCAL_DOMAIN)" >> /etc/hosts'
$(MAKE) deploy-certificate
KEY_PATH=$(LOCAL_CERTS)/$(LOCAL_DOMAIN).key
CERT_PATH=$(LOCAL_CERTS)/$(LOCAL_DOMAIN).crt
clean-certificates:
$(call infoMsg,Checking to see if our TLS certificate is in the trusted keychain)
rm -rf $(LOCAL_CERTS) || true
rm -rf $(HOME)/.minikube/certs/$(LOCAL_DOMAIN).pem || true
NGINX_DEPLOYMENT=ingress-nginx-controller
TLS_SECRET_NAME=monetr-tls
setup-certificates: $(LOCAL_DIR) $(MKCERT)
mkdir -p $(LOCAL_CERTS)
$(MKCERT) -install
$(MKCERT) -key-file $(KEY_PATH) -cert-file $(CERT_PATH) $(LOCAL_DOMAIN) *.$(LOCAL_DOMAIN)
$(call infoMsg,Adding the certificate authority to the trusted certificate keychain; this can be undone by running: make clean-certificate)
mkdir -p $(HOME)/.minikube/certs
$(call infoMsg,Generating a TLS certificate from the authority for: $(LOCAL_DOMAIN))
openssl x509 -inform PEM -in $(CERT_PATH) > $(HOME)/.minikube/certs/$(LOCAL_DOMAIN).pem
deploy-certificate: $(JQ) $(YQ)
deploy-certificate: NGINX_NAMESPACE=$(shell $(KUBECTL) get deploy --all-namespaces --field-selector "metadata.name"=$(NGINX_DEPLOYMENT) -o yaml | $(YQ) e '.items[0].metadata.namespace' -)
deploy-certificate: _deploy-certificate
_deploy-certificate:
rm -rf $(LOCAL_TMP)/nginx-*.json || true
$(call infoMsg,Tweaking the nginx ingress controller to use the TLS certificate we generated by default)
$(KUBECTL) -n $(NGINX_NAMESPACE) create secret tls $(TLS_SECRET_NAME) --key $(KEY_PATH) --cert $(CERT_PATH) \
--dry-run=client \
-o yaml | $(KUBECTL) apply -f -
$(KUBECTL) rollout status deploy/$(NGINX_DEPLOYMENT) --namespace=$(NGINX_NAMESPACE) --timeout=90s
$(KUBECTL) get deploy/$(NGINX_DEPLOYMENT) \
--namespace=$(NGINX_NAMESPACE) -o json > $(LOCAL_TMP)/nginx-args.json
$(JQ) '.spec.template.spec.containers[0].args |= . + ["--default-ssl-certificate=$$(POD_NAMESPACE)/$(TLS_SECRET_NAME)"]' \
$(LOCAL_TMP)/nginx-args.json > $(LOCAL_TMP)/nginx-new.json
cat $(LOCAL_TMP)/nginx-new.json | $(KUBECTL) apply -f -
$(KUBECTL) rollout status deploy/$(NGINX_DEPLOYMENT) --namespace=$(NGINX_NAMESPACE) --timeout=90s
rm -rf $(LOCAL_TMP)/nginx-*.json || true
setup-registry:
$(call infoMsg,Deploying a container registry into the minikube cluster to store built images easily)
$(KUBECTL) apply -f $(PWD)/minikube/registry.yaml
$(KUBECTL) rollout status deploy/registry
$(LOGIN_JWT_SECRET): $(LOCAL_DIR)
if [ -f "$(LOGIN_JWT_SECRET)" ]; then exit 0; fi
$(call infoMsg,Login JWT secret has not been generated, creating it now)
sleep 1 && (date | md5 > $(LOGIN_JWT_SECRET))
$(REGISTER_JWT_SECRET): $(LOCAL_DIR)
if [ ! -f "$(REGISTER_JWT_SECRET)" ]; then echo "Register JWT secret has not been generated, creating now" && sleep 1 && (date | md5 > $(REGISTER_JWT_SECRET)); fi
# We want to check and see if the values file exists or is up to date.
$(VALUES):
if [ ! -f "$(VALUES)" ]; then $(MAKE) init-mini-values; fi
init-mini-values: REST_API_IMAGE_REPO=registry.$(LOCAL_DOMAIN)/$(REST_API_IMAGE_NAME)
init-mini-values: $(LOGIN_JWT_SECRET) $(REGISTER_JWT_SECRET)
init-mini-values: LOGIN_JWT_SECRET_VALUE=$(shell cat $(LOGIN_JWT_SECRET))
init-mini-values: REGISTER_JWT_SECRET_VALUE=$(shell cat $(REGISTER_JWT_SECRET))
init-mini-values: $(YQ) $(HELM)
$(call infoMsg,Setting up a basic helm values file for running the API locally)
if [ ! -f "$(VALUES)" ]; then $(HELM) show values $(PWD) > $(VALUES); fi
$(YQ) e '.image.repository = "$(REST_API_IMAGE_REPO)"' -i $(VALUES)
$(YQ) e '.ingress.enabled = true' -i $(VALUES)
$(YQ) e '.ingress.annotations."kubernetes.io/ingress.class" = "nginx"' -i $(VALUES)
$(YQ) e '.ingress.hosts[0].host = "api.$(LOCAL_DOMAIN)"' -i $(VALUES)
$(YQ) e '.ingress.hosts[0].paths[0] = {"path": "/"}' -i $(VALUES)
$(YQ) e '.service.port = 4000' -i $(VALUES)
$(YQ) e '.api.includeSecrets = true' -i $(VALUES)
$(YQ) e '.api.uiDomainName = "app.$(LOCAL_DOMAIN)"' -i $(VALUES)
$(YQ) e '.api.apiDomainName = "api.$(LOCAL_DOMAIN)"' -i $(VALUES)
$(YQ) e '.api.jwt.loginJwtSecret = "$(LOGIN_JWT_SECRET_VALUE)"' -i $(VALUES)
$(YQ) e '.api.jwt.registrationJwtSecret = "$(REGISTER_JWT_SECRET_VALUE)"' -i $(VALUES)
$(YQ) e '.api.postgreSql.address = "postgres.$(MINIKUBE_NAMESPACE).svc.cluster.local"' -i $(VALUES)
$(YQ) e '.api.redis.address = "redis.$(MINIKUBE_NAMESPACE).svc.cluster.local"' -i $(VALUES)
$(YQ) e '.api.cors.allowedOrigins[0] = "https://app.$(LOCAL_DOMAIN)"' -i $(VALUES)
$(YQ) e '.api.cors.debug = false' -i $(VALUES)
$(YQ) e '.serviceAccountName = "rest-api"' -i $(VALUES)
pg-tls-values: $(YQ)
$(YQ) e '.api.postgreSql.caCertificatePath = "/tls/ca.crt"' -i $(VALUES)
$(YQ) e '.api.postgreSql.certificatePath = "/tls/tls.crt"' -i $(VALUES)
$(YQ) e '.api.postgreSql.keyPath = "/tls/tls.key"' -i $(VALUES)
$(YQ) e '.extraVolumes[0].name = "ssl"' -i $(VALUES)
$(YQ) e '.extraVolumes[0].secret.secretName = "postgres-api-tls"' -i $(VALUES)
$(YQ) e '.extraVolumeMounts[0].name = "ssl"' -i $(VALUES)
$(YQ) e '.extraVolumeMounts[0].mountPath = "/tls"' -i $(VALUES)
$(YQ) e '.api.customEnv[0].name = "MONETR_PG_PASSWORD"' -i $(VALUES)
$(YQ) e '.api.customEnv[0].valueFrom.secretKeyRef.key = "password"' -i $(VALUES)
$(YQ) e '.api.customEnv[0].valueFrom.secretKeyRef.name = "postgres-postgres-secret"' -i $(VALUES)
MINIKUBE_VERSION=latest
dependencies-minikube:
rm -rf $(PWD)/minikube-$(OS)-$(ARCH) || true
curl -LO https://storage.googleapis.com/minikube/releases/$(MINIKUBE_VERSION)/minikube-$(OS)-$(ARCH)
sudo install minikube-$(OS)-$(ARCH) $(LOCAL_BIN)/minikube
rm -rf $(PWD)/minikube-$(OS)-$(ARCH)
ifeq ($(OS),darwin)
JQ_OS=osx
else
JQ_OS=linux
endif
JQ_URL=https://github.com/stedolan/jq/releases/download/jq-1.6/jq-$(JQ_OS)-$(ARCH)
JQ_DIR=$(LOCAL_TMP)/jq
$(JQ):
@if [ ! -f "$(JQ)" ]; then make install-$(JQ); fi
install-$(JQ): $(LOCAL_BIN) $(LOCAL_TMP)
$(call infoMsg,Installing $(JQ))
rm -rf $(JQ) || true
curl -L $(JQ_URL) -o $(JQ)
sudo chmod +x $(JQ)
YQ_VERSION=v4.7.1
YQ_BINARY=yq_$(OS)_$(ARCH)
YQ_URL=https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/$(YQ_BINARY).tar.gz
YQ_DIR=$(LOCAL_TMP)/yq
$(YQ):
@if [ ! -f "$(YQ)" ]; then make install-$(YQ); fi
install-$(YQ): $(LOCAL_BIN) $(LOCAL_TMP)
$(call infoMsg,Installing yq to $(YQ))
rm -rf $(YQ_DIR) || true
mkdir -p $(YQ_DIR)
curl -L $(YQ_URL) -o $(YQ_DIR).tar.gz
tar -xzf $(YQ_DIR).tar.gz -C $(YQ_DIR)
mv $(YQ_DIR)/yq_$(OS)_$(ARCH) $(YQ)
rm -rf $(YQ_DIR) || true
update-coredns:
$(call infoMsg,Updating CoreDNS config)
$(KUBECTL) apply -f $(PWD)/minikube/coredns-config.yaml --namespace=kube-system
$(KUBECTL) rollout restart deploy/coredns --namespace=kube-system
$(KUBECTL) rollout status deploy/coredns --namespace=kube-system --timeout=180s
CERT_MANAGER_VERSION=v1.3.1
CERT_MANAGER_URL=https://github.com/jetstack/cert-manager/releases/download/$(CERT_MANAGER_VERSION)/cert-manager.yaml
CERT_MANAGER_NAMESPACE=cert-manager
deploy-certmanager:
$(call infoMsg,Deploying cert-manager)
$(KUBECTL) apply -f $(CERT_MANAGER_URL)
$(KUBECTL) rollout status deploy/cert-manager --namespace $(CERT_MANAGER_NAMESPACE) --timeout=60s
$(KUBECTL) rollout status deploy/cert-manager-cainjector --namespace $(CERT_MANAGER_NAMESPACE) --timeout=60s
$(KUBECTL) rollout status deploy/cert-manager-webhook --namespace $(CERT_MANAGER_NAMESPACE) --timeout=60s
ROOT_CA_KEY=$(LOCAL_DIR)/root.key
$(ROOT_CA_KEY):
@if [ ! -f "$(ROOT_CA_KEY)" ]; then make _generate-$(ROOT_CA_KEY); fi
_generate-$(ROOT_CA_KEY): $(LOCAL_DIR)
$(call infoMsg,Generating new root CA key)
openssl ecparam -genkey -name secp521r1 -noout -out $(ROOT_CA_KEY)
ROOT_CA_CRT=$(LOCAL_DIR)/root.crt
$(ROOT_CA_CRT):
@if [ ! -f "$(ROOT_CA_CRT)" ]; then make _generate-$(ROOT_CA_CRT); fi
_generate-$(ROOT_CA_CRT): $(LOCAL_DIR) $(ROOT_CA_KEY)
$(call infoMsg,Generating new root CA certificate)
openssl req -x509 -new -SHA256 -nodes \
-key $(ROOT_CA_KEY) \
-days 365 \
-out $(ROOT_CA_CRT) \
-subj "/C=US/ST=Minnesota/L=Lindstrom/O=monetr LLC/OU=Engineering/CN=monetr.in"
deploy-certificate-authority: $(ROOT_CA_KEY) $(ROOT_CA_CRT)
$(call infoMsg,Installing custom certificate authority)
$(KUBECTL) create secret generic monetr-ca \
--from-file=tls.crt=$(ROOT_CA_CRT) \
--from-file=tls.key=$(ROOT_CA_KEY) \
--namespace=$(MINIKUBE_NAMESPACE) \
--dry-run=client -o yaml | $(KUBECTL) apply -f -
$(KUBECTL) create secret generic monetr-ca-crt \
--from-file=ca.crt=$(ROOT_CA_CRT) \
--namespace=$(MINIKUBE_NAMESPACE) \
--dry-run=client -o yaml | $(KUBECTL) apply -f -
$(KUBECTL) apply -f $(PWD)/minikube/ca-issuer.yaml --namespace=$(MINIKUBE_NAMESPACE)
$(MAKE) postgres-certificates
postgres-certificates:
$(call infoMsg,Generating PostgreSQL TLS certificates)
$(KUBECTL) apply -f $(PWD)/minikube/postgres-certificate.yaml --namespace $(MINIKUBE_NAMESPACE)
deploy-crunchy:
$(call infoMsg,Deploying crunchy data postgres operator)
$(KUBECTL) apply -f $(PWD)/minikube/crunchy.yaml --namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) wait --for=condition=complete job/pgo-deploy --timeout=180s -n $(MINIKUBE_NAMESPACE)
deploy-redis:
$(call infoMsg,Deploying redis into the minikube cluster)
$(KUBECTL) apply -f $(PWD)/minikube/redis.yaml --namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) rollout status deploy/redis --namespace $(MINIKUBE_NAMESPACE) --timeout=30s
deploy-postgres:
$(call infoMsg,Deploying Crunchy Data PostgreSQL to the minikube cluster)
$(KUBECTL) apply -f $(PWD)/minikube/postgres.yaml -n $(MINIKUBE_NAMESPACE)
#$(KUBECTL) apply -f $(PWD)/minikube/crunchy-postgres.yaml -n $(MINIKUBE_NAMESPACE)
SHELL_IMAGE=ghcr.io/elliotcourant/dotfiles/ubuntu:latest
shell:
$(KUBECTL) run shell-$(shell date +%Y%m%d%H%M%s) \
--image-pull-policy=Always \
--rm -ti --image=$(SHELL_IMAGE) \
-n $(MINIKUBE_NAMESPACE) --
$(LOCAL_REST_API_DEPLOY):
mkdir -p $(LOCAL_REST_API_DEPLOY)
GO_HASH=$(shell find -s $(PWD)/pkg -type f -exec shasum {} \; | shasum | cut -d " " -f 1)
BASE_IMAGE_NAME = registry.$(LOCAL_DOMAIN)/$(REST_API_IMAGE_NAME)
IMAGE_NAME = $(BASE_IMAGE_NAME):$(GO_HASH)
LOCAL_RELEASE_STR=$(shell printf "LOCAL-%s-%s" $$(date -u +%Y.%m.%d.%H.%M) $$(git config user.email))
build-rest-api-mini: wait-for-docker $(YQ)
eval $$(minikube docker-env) && docker build \
--cache-from=$(BASE_IMAGE_NAME):latest \
--build-arg REVISION=$(RELEASE_REVISION) \
--build-arg BUILD_TIME=$(BUILD_TIME) \
--build-arg RELEASE=$(LOCAL_RELEASE_STR) \
-t $(IMAGE_NAME) \
-t $(BASE_IMAGE_NAME):latest \
-f Dockerfile . && \
docker push $(IMAGE_NAME) && \
docker push $(BASE_IMAGE_NAME):latest
$(YQ) e '.image.tag = "$(GO_HASH)"' -i $(VALUES)
deploy-mini-application: $(VALUES)
deploy-mini-application: CONFIG_HASH=$(shell md5 -q $(VALUES))
deploy-mini-application: $(HELM) $(LOCAL_REST_API_DEPLOY) build-rest-api-mini $(YQ) $(SPLIT_YAML)
$(YQ) e '.podAnnotations.configHash = "$(CONFIG_HASH)"' -i $(VALUES)
$(HELM) template $(REST_API_IMAGE_NAME) $(PWD) \
--dry-run \
--values=$(VALUES) | $(SPLIT_YAML) --outdir $(LOCAL_REST_API_DEPLOY) -
$(KUBECTL) delete svc/$(REST_API_IMAGE_NAME) --namespace $(MINIKUBE_NAMESPACE) || true
$(KUBECTL) apply -f $(LOCAL_REST_API_DEPLOY) --namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) rollout status deploy/rest-api --namespace $(MINIKUBE_NAMESPACE) --timeout=30s
local-postgres-certs:
mkdir -p $(LOCAL_DIR)/postgres
$(KUBECTL) get secret postgres-api-tls -o jsonpath='{.data.ca\.crt}' -n $(MINIKUBE_NAMESPACE) | base64 -d > $(LOCAL_DIR)/postgres/ca.crt
$(KUBECTL) get secret postgres-api-tls -o jsonpath='{.data.tls\.crt}' -n $(MINIKUBE_NAMESPACE) | base64 -d > $(LOCAL_DIR)/postgres/tls.crt
$(KUBECTL) get secret postgres-api-tls -o jsonpath='{.data.tls\.key}' -n $(MINIKUBE_NAMESPACE) | base64 -d > $(LOCAL_DIR)/postgres/tls.key
###################### DEBUGGING THE REST API ##################################
local-api: LOCAL_IP=$(shell ifconfig | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $$2 }' | cut -f2 -d: | head -n1)
local-api: $(YQ)
LOCAL_IP=$(LOCAL_IP) $(YQ) e '.subsets[0].addresses[0].ip = strenv(LOCAL_IP)' $(PWD)/minikube/api-endpoint.yaml | $(KUBECTL) apply -f -
$(KUBECTL) get svc/$(REST_API_IMAGE_NAME) -n $(MINIKUBE_NAMESPACE) -o yaml | $(YQ) e 'del(.spec.selector)' - | $(KUBECTL) apply -f -
$(KUBECTL) scale deploy/$(REST_API_IMAGE_NAME) --replicas=0 -n $(MINIKUBE_NAMESPACE)
ifdef TMUX # If the user is already in tmux then just spawn a new session and switch to it.
tmux new -s local-api -d 'minikube tunnel --cleanup' && tmux switch -t local-api || true
else # If the user is not, start a new session and then enter tmux to attach.
tmux new -s local-api -d 'minikube tunnel --cleanup' && tmux attach -t local-api || true
endif
$(KUBECTL) delete svc/$(REST_API_IMAGE_NAME) --namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) apply -f $(LOCAL_REST_API_DEPLOY) --namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) scale deploy/$(REST_API_IMAGE_NAME) --replicas=1 -n $(MINIKUBE_NAMESPACE)
$(KUBECTL) rollout status deploy/$(REST_API_IMAGE_NAME) --namespace $(MINIKUBE_NAMESPACE) --timeout=60s
###################### WORKING ON WEBHOOKS LOCALLY ##################################
webhooks-mini:
ifndef NGROK_AUTH
$(error Must specify NGROK_AUTH to setup webhooks)
exit 100
endif
$(KUBECTL) create secret generic ngrok-auth-secret \
--from-literal=NGROK_AUTH=$(NGROK_AUTH) \
--dry-run=client -o yaml | $(KUBECTL) apply -f - \
--namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) apply -f $(PWD)/minikube/ngrok.yaml \
--namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) rollout status deploy/ngrok \
--namespace $(MINIKUBE_NAMESPACE) --timeout=60s
@sleep 15 # Wait for ngrok to setup its public url.
@echo "\033[0;31m#################################################################################\033[0m"
@echo "ngrok inspector is now accessible at: https://ngrok.$(LOCAL_DOMAIN)"
@echo "run: make reconfigure-webhooks"
@echo "to apply config changes for the ngrok url"
@echo "\033[0;31m#################################################################################\033[0m"
configure-stripe-webhooks:
$(YQ) e '.api.stripe.webhooksEnabled = true' -i $(VALUES)
$(MAKE) deploy-mini-application
reconfigure-webhooks: $(JQ)
reconfigure-webhooks: WEBHOOKS_DOMAIN = $(shell curl -s "https://ngrok.$(LOCAL_DOMAIN)/api/tunnels" | $(JQ) '.tunnels[0].public_url' - -r)
reconfigure-webhooks: $(YQ)
$(YQ) e '.api.plaid.webhooksDomain = "$(WEBHOOKS_DOMAIN)"' -i $(VALUES) && \
$(YQ) e '.api.stripe.webhooksDomain = "$(WEBHOOKS_DOMAIN)"' -i $(VALUES)
$(YQ) e '.api.stripe.webhooksEnabled = true' -i $(VALUES)
$(YQ) e '.api.plaid.webhooksEnabled = true' -i $(VALUES)
$(MAKE) deploy-mini-application
disable-webhooks-mini: $(YQ)
$(YQ) e '.api.plaid.webhooksEnabled = false' -i $(VALUES)
$(YQ) e '.api.stripe.webhooksEnabled = false' -i $(VALUES)
$(MAKE) deploy-mini-application
$(KUBECTL) delete deploy/ngrok --namespace $(MINIKUBE_NAMESPACE)
###################### POSTGRESQL ANALYTICS ##################################
pghero-mini:
$(KUBECTL) apply -f $(PWD)/minikube/pghero.yaml \
--namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) rollout status deploy/pghero \
--namespace $(MINIKUBE_NAMESPACE) --timeout=60s
@echo "\033[0;31m#################################################################################\033[0m"
@echo "pghero dashboard is now accessible at: https://pghero.$(LOCAL_DOMAIN)"
@echo "\033[0;31m#################################################################################\033[0m"
###################### VAULT SECRETS ##################################
VAULT_JSON=$(LOCAL_DIR)/vault-keys.json
vault-mini:
$(KUBECTL) apply -f $(PWD)/minikube/vault.yaml \
--namespace $(MINIKUBE_NAMESPACE)
$(MAKE) unseal-vault-mini
$(KUBECTL) rollout status deploy/vault \
--namespace $(MINIKUBE_NAMESPACE) --timeout=60s
$(MAKE) vault-terraform
$(MAKE) vault-token
vault-token: $(VAULT_JSON) $(JQ)
@echo "\033[0;31m#################################################################################\033[0m"
@echo "vault is now accessible at: https://vault.$(LOCAL_DOMAIN)"
@echo "root token: $$(cat $(VAULT_JSON) | $(JQ) -r '.root_token')"
@echo "\033[0;31m#################################################################################\033[0m"
vault-terraform: $(VAULT_JSON) $(wildcard $(PWD)/minikube/vault/*.tf) $(JQ)
export VAULT_TOKEN=$$(cat $(VAULT_JSON) | $(JQ) -r '.root_token') && \
export TF_VAR_kubernetes_address=https://$$(minikube ip):8443 && \
export TF_VAR_kubernetes_certificate_b64=$$($(KUBECTL) config view --raw -o json | $(JQ) -r '.clusters[] | select(.name == "'$(shell $(KUBECTL) config current-context)'") | .cluster."certificate-authority-data"') && \
export TF_VAR_kubernetes_reviewer_jwt=$$($(KUBECTL) get secret $(shell $(KUBECTL) get serviceaccount vault-authentication -o yaml | $(LOCAL_BIN)/$(YQ) e '.secrets[0].name' -) -o yaml | $(LOCAL_BIN)/$(YQ) e '.data.token' - | base64 -d) && \
cd $(PWD)/minikube/vault && terraform init -upgrade && terraform apply -auto-approve=true
define waitForContainer
while [[ $$($(KUBECTL) get pod $$($(KUBECTL) get pod -l $1 --namespace $(MINIKUBE_NAMESPACE) -o 'jsonpath={.items[0].metadata.name}') -o 'jsonpath={.status.phase}') != "Running" ]]; do echo "Waiting for container..." && sleep 5; done
endef
$(VAULT_JSON):
$(call infoMsg,Waiting for vault to be running.)
$(call waitForContainer,app.kubernetes.io/name=vault,vault)
$(call infoMsg,Initializing vault.)
$(KUBECTL) exec deploy/vault --namespace $(MINIKUBE_NAMESPACE) -- vault operator init -key-shares=1 -key-threshold=1 --tls-skip-verify -format=json > $(VAULT_JSON)
unseal-vault-mini: $(VAULT_JSON) $(JQ)
$(eval VAULT_UNSEAL_KEY = $(shell cat $(VAULT_JSON) | $(JQ) -r ".unseal_keys_b64[]"))
$(KUBECTL) exec deploy/vault -- vault status --tls-skip-verify || $(KUBECTL) exec deploy/vault -- vault operator unseal --tls-skip-verify $(VAULT_UNSEAL_KEY)
clean-vault-mini:
rm -rf $(VAULT_JSON)
$(KUBECTL) delete -f $(PWD)/minikube/vault.yaml -n $(MINIKUBE_NAMESPACE)
###################### gocraft/work UI ##################################
WORK_IMAGE_NAME=registry.$(LOCAL_DOMAIN)/work
work-mini:
eval $$(minikube docker-env) && docker build \
--cache-from=$(WORK_IMAGE_NAME):latest \
-t $(WORK_IMAGE_NAME):latest \
-f Dockerfile.work . && \
docker push $(WORK_IMAGE_NAME):latest
$(KUBECTL) apply -f $(PWD)/minikube/work.yaml \
--namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) rollout status deploy/work \
--namespace $(MINIKUBE_NAMESPACE) --timeout=60s
@echo "\033[0;31m#################################################################################\033[0m"
@echo "gocraft/work dashboard is now accessible at: https://work.$(LOCAL_DOMAIN)"
@echo "\033[0;31m#################################################################################\033[0m"
###################### Mailhog UI ##################################
mail-mini: $(VALUES) $(YQ)
$(KUBECTL) apply -f $(PWD)/minikube/mailhog.yaml \
--namespace $(MINIKUBE_NAMESPACE)
$(KUBECTL) rollout status deploy/mail \
--namespace $(MINIKUBE_NAMESPACE) --timeout=60s
$(YQ) e '.api.smtp.enabled = true' -i $(VALUES)
$(YQ) e '.api.smtp.username = "restapi"' -i $(VALUES)
$(YQ) e '.api.smtp.password = "mailPassword"' -i $(VALUES)
$(YQ) e '.api.smtp.host = "mail.default.svc.cluster.local"' -i $(VALUES)
$(YQ) e '.api.smtp.port = 1025' -i $(VALUES)
@echo "\033[0;31m#################################################################################\033[0m"
@echo "mailhog is now accessible at: https://mail.$(LOCAL_DOMAIN)"
@echo "\033[0;31m#################################################################################\033[0m"