# Service names SERVICES := web-portal api-controller metrics-service dns-manager billing-service # Container image settings REGISTRY ?= container-mom TAG ?= latest # Development settings DEV_NAMESPACE := container-mom KUBECONFIG ?= ~/.kube/config .PHONY: all build push deploy-dev deploy-prod clean test all: build # Generate shard.lock files $(addprefix deps-,$(SERVICES)): cd src/$(@:deps-%=%) && shards install # Build all service images build: $(addprefix deps-,$(SERVICES)) $(addprefix build-,$(SERVICES)) $(addprefix build-,$(SERVICES)): @echo "Building $(@:build-%=%)..." podman build -t $(REGISTRY)/$(@:build-%=%):$(TAG) src/$(@:build-%=%) || \ (echo "Failed to build $(@:build-%=%)" && exit 1) # Push all images to registry push: $(addprefix push-,$(SERVICES)) $(addprefix push-,$(SERVICES)): @echo "Pushing $(@:push-%=%)..." podman push $(REGISTRY)/$(@:push-%=%):$(TAG) || \ (echo "Failed to push $(@:push-%=%)" && exit 1) # Development deployment deploy-dev: @echo "Deploying to development environment..." kubectl apply -k deploy/overlays/development kubectl rollout status deployment -n $(DEV_NAMESPACE) -l app.kubernetes.io/part-of=container-mom --timeout=300s # Production deployment deploy-prod: @echo "Deploying to production environment..." kubectl apply -k deploy/overlays/production kubectl rollout status deployment -n $(DEV_NAMESPACE) -l app.kubernetes.io/part-of=container-mom --timeout=300s # Clean up development environment clean: kubectl delete -k deploy/overlays/development || true podman pod rm -f container-mom-dev || true podman volume prune -f # Run tests for all services test: $(addprefix test-,$(SERVICES)) $(addprefix test-,$(SERVICES)): @echo "Testing $(@:test-%=%)..." cd src/$(@:test-%=%) && crystal spec || \ (echo "Tests failed for $(@:test-%=%)" && exit 1) # Development environment setup dev-setup: kubectl create namespace $(DEV_NAMESPACE) || true kubectl config set-context --current --namespace=$(DEV_NAMESPACE) podman pod create --name container-mom-dev -p 3000:3000 -p 9090:9090 # Generate Kubernetes manifests (useful for debugging) manifests: kubectl kustomize deploy/overlays/development > deploy-dev.yaml kubectl kustomize deploy/overlays/production > deploy-prod.yaml # Build and deploy to development dev: build deploy-dev # Build and deploy to production prod: build push deploy-prod # Show status of all services status: @echo "=== Pods ===" kubectl get pods @echo "\n=== Services ===" kubectl get services @echo "\n=== Ingresses ===" kubectl get ingresses @echo "\n=== Podman Containers ===" podman ps -a --pod # Port forward to access services locally port-forward: kubectl port-forward svc/web-portal 3000:80 & kubectl port-forward svc/metrics-service 9090:9090 & # Stop port forwarding stop-forward: pkill -f "kubectl port-forward" # Database operations db-migrate: cd src/db && crystal run migrations.cr db-rollback: cd src/db && crystal run migrations.cr -- rollback # Local development with Podman dev-local: $(addprefix deps-,$(SERVICES)) @echo "Starting local development environment..." podman pod start container-mom-dev || podman pod create --name container-mom-dev -p 3000:3000 -p 9090:9090 @echo "Starting PostgreSQL..." podman run -d --pod container-mom-dev --name postgres-dev \ -e POSTGRES_DB=container_mom_development \ -e POSTGRES_USER=postgres \ -e POSTGRES_PASSWORD=postgres \ -v postgres-data:/var/lib/postgresql/data \ postgres:15-alpine || true @echo "Starting services..." for service in $(SERVICES); do \ echo "Starting $$service..."; \ podman run -d --pod container-mom-dev --name $$service-dev \ -v $$PWD/src/$$service:/app/src \ --restart unless-stopped \ $(REGISTRY)/$$service:$(TAG) || true; \ done # Stop local development environment dev-local-stop: podman pod stop container-mom-dev # Security check for container permissions security-check: @echo "Checking container security settings..." @for service in $(SERVICES); do \ echo "\nChecking $$service..."; \ podman inspect $(REGISTRY)/$$service:$(TAG) --format='{{.Config.User}}' | grep -q '^appuser$$' || \ (echo "ERROR: $$service is not running as appuser" && exit 1); \ echo "✓ Running as non-root user"; \ podman inspect $(REGISTRY)/$$service:$(TAG) --format='{{.Config.Volumes}}' | grep -q "map\\[/app:{}\\]" || \ echo "WARNING: $$service does not have restricted volume permissions"; \ done @echo "\nSecurity check completed" # Help target help: @echo "Available targets:" @echo " build - Build all service images with Podman" @echo " push - Push all images to registry" @echo " deploy-dev - Deploy to development environment" @echo " deploy-prod - Deploy to production environment" @echo " clean - Clean up development environment" @echo " test - Run tests for all services" @echo " dev-setup - Set up development environment" @echo " manifests - Generate Kubernetes manifests" @echo " dev - Build and deploy to development" @echo " dev-local - Run services locally with Podman" @echo " prod - Build and deploy to production" @echo " status - Show status of all services" @echo " port-forward - Forward ports for local access" @echo " stop-forward - Stop port forwarding" @echo " db-migrate - Run database migrations" @echo " db-rollback - Rollback database migrations" @echo " security-check- Check container security settings"