SOURCES := $(shell find . -name '*.go') BINARY := kube-bench DOCKER_ORG ?= aquasec VERSION ?= $(shell git rev-parse --short=7 HEAD) KUBEBENCH_VERSION ?= $(shell git describe --tags --abbrev=0) IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION) IMAGE_NAME_UBI ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)-ubi GOOS ?= linux BUILD_OS := linux uname := $(shell uname -s) BUILDX_PLATFORM ?= linux/amd64,linux/arm64,linux/arm,linux/ppc64le,linux/s390x DOCKER_ORGS ?= aquasec public.ecr.aws/aquasecurity GOARCH ?= $@ ifneq ($(findstring Microsoft,$(shell uname -r)),) BUILD_OS := windows else ifeq ($(uname),Linux) BUILD_OS := linux else ifeq ($(uname),Darwin) BUILD_OS := darwin endif # kind cluster name to use KIND_PROFILE ?= kube-bench KIND_CONTAINER_NAME=$(KIND_PROFILE)-control-plane KIND_IMAGE ?= kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6 # build a multi-arch image and push to Docker hub .PHONY: docker docker: set -xe; \ for org in $(DOCKER_ORGS); do \ docker buildx build --tag $${org}/kube-bench:${VERSION} \ --platform $(BUILDX_PLATFORM) --push . ; \ done build: $(BINARY) $(BINARY): $(SOURCES) GOOS=$(GOOS) CGO_ENABLED=0 go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) . build-fips: GOOS=$(GOOS) CGO_ENABLED=0 GOEXPERIMENT=boringcrypto go build -tags fipsonly -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=$(KUBEBENCH_VERSION)" -o $(BINARY) . # builds the current dev docker version build-docker: docker build --build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \ --build-arg VCS_REF=$(VERSION) \ --build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \ -t $(IMAGE_NAME) . build-docker-ubi: docker build -f Dockerfile.ubi --build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \ --build-arg VCS_REF=$(VERSION) \ --build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \ -t $(IMAGE_NAME_UBI) . # unit tests tests: GO111MODULE=on go test -vet all -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./... integration-test: kind-test-cluster kind-run # creates a kind cluster to be used for development. HAS_KIND := $(shell command -v kind;) kind-test-cluster: ifndef HAS_KIND go get -u sigs.k8s.io/kind endif @if [ -z $$(kind get clusters | grep $(KIND_PROFILE)) ]; then\ echo "Could not find $(KIND_PROFILE) cluster. Creating...";\ kind create cluster --name $(KIND_PROFILE) --image $(KIND_IMAGE) --wait 5m;\ fi # pushes the current dev version to the kind cluster. kind-push: build-docker kind load docker-image $(IMAGE_NAME) --name $(KIND_PROFILE) # runs the current version on kind using a job and follow logs kind-run: KUBECONFIG = "./kubeconfig.kube-bench" kind-run: kind-push sed "s/\$${VERSION}/$(VERSION)/" ./hack/kind.yaml > ./hack/kind.test.yaml kind get kubeconfig --name="$(KIND_PROFILE)" > $(KUBECONFIG) -KUBECONFIG=$(KUBECONFIG) \ kubectl delete job kube-bench KUBECONFIG=$(KUBECONFIG) \ kubectl apply -f ./hack/kind.test.yaml && \ kubectl wait --for=condition=complete job.batch/kube-bench --timeout=60s && \ kubectl logs job/kube-bench > ./test.data && \ diff ./test.data integration/testdata/Expected_output.data kind-run-stig: KUBECONFIG = "./kubeconfig.kube-bench" kind-run-stig: kind-push sed "s/\$${VERSION}/$(VERSION)/" ./hack/kind-stig.yaml > ./hack/kind-stig.test.yaml kind get kubeconfig --name="$(KIND_PROFILE)" > $(KUBECONFIG) -KUBECONFIG=$(KUBECONFIG) \ kubectl delete job kube-bench KUBECONFIG=$(KUBECONFIG) \ kubectl apply -f ./hack/kind-stig.test.yaml && \ kubectl wait --for=condition=complete job.batch/kube-bench --timeout=60s && \ kubectl logs job/kube-bench > ./test.data && \ diff ./test.data integration/testdata/Expected_output_stig.data