2020-09-08 16:29:34 +00:00
|
|
|
load('ext://restart_process', 'docker_build_with_restart')
|
|
|
|
disable_snapshots()
|
|
|
|
analytics_settings(False)
|
|
|
|
update_settings(max_parallel_updates=8)
|
|
|
|
os.putenv('CGO_ENABLED', '0')
|
|
|
|
os.putenv('GOOS', 'linux')
|
|
|
|
os.putenv('GOARCH', 'amd64')
|
|
|
|
os.putenv('CGO_ENABLED', '0')
|
|
|
|
os.putenv('KUBE_GIT_VERSION', 'v0.0.0')
|
|
|
|
|
2020-10-09 23:00:11 +00:00
|
|
|
#####################################################################################################
|
2020-09-08 16:29:34 +00:00
|
|
|
# Compile all of our ./cmd/... binaries.
|
2020-10-09 23:00:11 +00:00
|
|
|
#
|
|
|
|
|
2020-09-08 16:29:34 +00:00
|
|
|
local_resource(
|
|
|
|
'compile',
|
|
|
|
'cd ../../../ && mkdir -p ./hack/lib/tilt/build && go build -v -ldflags "$(hack/get-ldflags.sh)" -o ./hack/lib/tilt/build ./cmd/...',
|
|
|
|
deps=['../../../cmd', '../../../internal', '../../../pkg', '../../../generated'],
|
|
|
|
)
|
|
|
|
|
2020-10-13 21:09:13 +00:00
|
|
|
#####################################################################################################
|
2020-11-17 18:21:15 +00:00
|
|
|
# Test IDP (Dex + cert generation + squid proxy)
|
2020-10-13 21:09:13 +00:00
|
|
|
#
|
|
|
|
|
2020-11-17 18:21:15 +00:00
|
|
|
# Render the IDP installation manifest using ytt.
|
2020-12-03 18:45:56 +00:00
|
|
|
k8s_yaml(local(['ytt',
|
|
|
|
'--file', '../../../test/deploy/dex',
|
|
|
|
'--data-value', 'supervisor_redirect_uri=https://pinniped-supervisor-clusterip.supervisor.svc.cluster.local/some/path/callback',
|
|
|
|
]))
|
2020-10-14 23:21:40 +00:00
|
|
|
# Tell tilt to watch all of those files for changes.
|
|
|
|
watch_file('../../../test/deploy/dex')
|
2020-10-13 21:09:13 +00:00
|
|
|
|
2020-11-17 18:21:15 +00:00
|
|
|
k8s_resource(objects=['dex:namespace'], new_name='dex-ns')
|
|
|
|
k8s_resource(workload='cert-issuer', resource_deps=['dex-ns'], objects=[
|
|
|
|
'cert-issuer:serviceaccount',
|
|
|
|
'cert-issuer:role',
|
|
|
|
'cert-issuer:rolebinding',
|
|
|
|
])
|
|
|
|
k8s_resource(workload='proxy', resource_deps=['dex-ns'])
|
|
|
|
k8s_resource(workload='dex', resource_deps=['dex-ns', 'cert-issuer'], objects=[
|
|
|
|
'dex-config:configmap',
|
|
|
|
])
|
2020-11-17 17:24:38 +00:00
|
|
|
|
2020-10-13 21:09:13 +00:00
|
|
|
|
2020-10-09 23:00:11 +00:00
|
|
|
#####################################################################################################
|
|
|
|
# Local-user-authenticator app
|
2020-10-09 21:25:34 +00:00
|
|
|
#
|
|
|
|
|
2020-09-08 16:29:34 +00:00
|
|
|
# Build a container image for local-user-authenticator, with live-update enabled.
|
|
|
|
docker_build_with_restart('image/local-user-auth', '.',
|
|
|
|
dockerfile='local-user-authenticator.Dockerfile',
|
|
|
|
entrypoint=['/usr/local/bin/local-user-authenticator'],
|
|
|
|
live_update=[sync('./build/local-user-authenticator', '/usr/local/bin/local-user-authenticator')],
|
|
|
|
only=['./build/local-user-authenticator'],
|
|
|
|
)
|
|
|
|
|
|
|
|
# Render the local-user-authenticator installation manifest using ytt.
|
|
|
|
k8s_yaml(local([
|
|
|
|
'ytt',
|
2020-10-09 17:00:22 +00:00
|
|
|
'--file', '../../../deploy/local-user-authenticator',
|
2020-09-08 16:29:34 +00:00
|
|
|
'--data-value', 'image_repo=image/local-user-auth',
|
|
|
|
'--data-value', 'image_tag=tilt-dev',
|
|
|
|
]))
|
2020-10-14 23:21:40 +00:00
|
|
|
# Tell tilt to watch all of those files for changes.
|
|
|
|
watch_file('../../../deploy/local-user-authenticator')
|
2020-09-08 16:29:34 +00:00
|
|
|
|
|
|
|
# Collect all the deployed local-user-authenticator resources under a "local-user-auth" resource tab.
|
|
|
|
k8s_resource(
|
2020-10-09 23:00:11 +00:00
|
|
|
workload='local-user-authenticator', # this is the deployment name
|
|
|
|
new_name='local-user-auth', # this is the name that will appear in the tilt UI
|
2020-09-08 16:29:34 +00:00
|
|
|
objects=[
|
2020-10-09 23:00:11 +00:00
|
|
|
# these are the objects that would otherwise appear in the "uncategorized" tab in the tilt UI
|
2020-09-08 16:29:34 +00:00
|
|
|
'local-user-authenticator:namespace',
|
|
|
|
'local-user-authenticator:serviceaccount',
|
|
|
|
'local-user-authenticator:role',
|
2020-10-09 23:00:11 +00:00
|
|
|
'local-user-authenticator:rolebinding',
|
2020-09-08 16:29:34 +00:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2020-10-09 23:00:11 +00:00
|
|
|
#####################################################################################################
|
2020-10-09 21:25:34 +00:00
|
|
|
# Supervisor app
|
|
|
|
#
|
|
|
|
|
|
|
|
# Build a container image for supervisor, with live-update enabled.
|
|
|
|
docker_build_with_restart('image/supervisor', '.',
|
|
|
|
dockerfile='supervisor.Dockerfile',
|
|
|
|
entrypoint=['/usr/local/bin/pinniped-supervisor'],
|
|
|
|
live_update=[sync('./build/pinniped-supervisor', '/usr/local/bin/pinniped-supervisor')],
|
|
|
|
only=['./build/pinniped-supervisor'],
|
2020-09-08 16:29:34 +00:00
|
|
|
)
|
|
|
|
|
2020-10-09 21:25:34 +00:00
|
|
|
# Render the supervisor installation manifest using ytt.
|
2020-10-22 21:53:40 +00:00
|
|
|
#
|
2020-10-27 00:03:26 +00:00
|
|
|
# 31234 and 31243 are the same port numbers hardcoded in the port forwarding of our kind configuration.
|
2020-10-22 21:53:40 +00:00
|
|
|
# Don't think that you can just change this!
|
2020-10-09 21:25:34 +00:00
|
|
|
k8s_yaml(local([
|
|
|
|
'ytt',
|
|
|
|
'--file', '../../../deploy/supervisor',
|
2020-10-09 23:00:11 +00:00
|
|
|
'--data-value', 'app_name=pinniped-supervisor',
|
|
|
|
'--data-value', 'namespace=supervisor',
|
2020-10-09 21:25:34 +00:00
|
|
|
'--data-value', 'image_repo=image/supervisor',
|
|
|
|
'--data-value', 'image_tag=tilt-dev',
|
2020-11-11 12:51:51 +00:00
|
|
|
'--data-value', 'log_level=debug',
|
2020-10-09 23:00:11 +00:00
|
|
|
'--data-value-yaml', 'replicas=1',
|
2020-10-27 00:03:26 +00:00
|
|
|
'--data-value-yaml', 'service_http_nodeport_port=80',
|
|
|
|
'--data-value-yaml', 'service_http_nodeport_nodeport=31234',
|
|
|
|
'--data-value-yaml', 'service_https_nodeport_port=443',
|
|
|
|
'--data-value-yaml', 'service_https_nodeport_nodeport=31243',
|
2020-12-02 16:47:01 +00:00
|
|
|
'--data-value-yaml', 'service_https_clusterip_port=443',
|
2020-10-15 17:14:23 +00:00
|
|
|
'--data-value-yaml', 'custom_labels={mySupervisorCustomLabelName: mySupervisorCustomLabelValue}',
|
2020-10-09 21:25:34 +00:00
|
|
|
]))
|
2020-10-14 23:21:40 +00:00
|
|
|
# Tell tilt to watch all of those files for changes.
|
|
|
|
watch_file('../../../deploy/supervisor')
|
2020-10-09 21:25:34 +00:00
|
|
|
|
|
|
|
# Collect all the deployed supervisor resources under a "supervisor" resource tab.
|
|
|
|
k8s_resource(
|
2020-10-09 23:00:11 +00:00
|
|
|
workload='pinniped-supervisor', # this is the deployment name
|
|
|
|
new_name='supervisor', # this is the name that will appear in the tilt UI
|
2020-10-09 21:25:34 +00:00
|
|
|
objects=[
|
2020-10-09 23:00:11 +00:00
|
|
|
# these are the objects that would otherwise appear in the "uncategorized" tab in the tilt UI
|
2020-11-02 22:24:55 +00:00
|
|
|
'oidcproviders.config.supervisor.pinniped.dev:customresourcedefinition',
|
2020-10-23 02:03:46 +00:00
|
|
|
'upstreamoidcproviders.idp.supervisor.pinniped.dev:customresourcedefinition',
|
2020-10-09 21:25:34 +00:00
|
|
|
'pinniped-supervisor-static-config:configmap',
|
2020-10-09 23:00:11 +00:00
|
|
|
'supervisor:namespace',
|
2020-10-09 21:25:34 +00:00
|
|
|
'pinniped-supervisor:role',
|
|
|
|
'pinniped-supervisor:rolebinding',
|
|
|
|
'pinniped-supervisor:serviceaccount',
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
# Build a container image for the Concierge server, with live-update enabled.
|
|
|
|
docker_build_with_restart('image/concierge', '.',
|
|
|
|
dockerfile='concierge.Dockerfile',
|
|
|
|
entrypoint=['/usr/local/bin/pinniped-concierge'],
|
|
|
|
live_update=[sync('./build/pinniped-concierge', '/usr/local/bin/pinniped-concierge')],
|
|
|
|
only=['./build/pinniped-concierge'],
|
|
|
|
)
|
|
|
|
|
2020-10-09 23:00:11 +00:00
|
|
|
#####################################################################################################
|
2020-10-09 21:25:34 +00:00
|
|
|
# Concierge app
|
|
|
|
#
|
|
|
|
|
|
|
|
# Render the Concierge server installation manifest using ytt.
|
2020-09-08 16:29:34 +00:00
|
|
|
k8s_yaml(local([
|
|
|
|
'sh', '-c',
|
2020-10-09 17:00:22 +00:00
|
|
|
'ytt --file ../../../deploy/concierge ' +
|
2020-10-09 21:25:34 +00:00
|
|
|
'--data-value app_name=pinniped-concierge ' +
|
2020-10-09 23:00:11 +00:00
|
|
|
'--data-value namespace=concierge ' +
|
2020-10-09 21:25:34 +00:00
|
|
|
'--data-value image_repo=image/concierge ' +
|
2020-09-08 16:29:34 +00:00
|
|
|
'--data-value image_tag=tilt-dev ' +
|
2020-11-03 00:17:15 +00:00
|
|
|
'--data-value kube_cert_agent_image=debian:10.6-slim ' +
|
2020-09-08 16:29:34 +00:00
|
|
|
'--data-value discovery_url=$(TERM=dumb kubectl cluster-info | awk \'/Kubernetes master/ {print $NF}\') ' +
|
2020-11-11 12:51:51 +00:00
|
|
|
'--data-value log_level=debug ' +
|
2020-10-15 17:14:23 +00:00
|
|
|
'--data-value-yaml replicas=1 ' +
|
|
|
|
'--data-value-yaml "custom_labels={myConciergeCustomLabelName: myConciergeCustomLabelValue}"'
|
2020-09-08 16:29:34 +00:00
|
|
|
]))
|
2020-10-14 23:21:40 +00:00
|
|
|
# Tell tilt to watch all of those files for changes.
|
|
|
|
watch_file('../../../deploy/concierge')
|
2020-09-08 16:29:34 +00:00
|
|
|
|
2020-10-09 21:25:34 +00:00
|
|
|
# Collect all the deployed local-user-authenticator resources under a "concierge" resource tab.
|
2020-09-08 16:29:34 +00:00
|
|
|
k8s_resource(
|
2020-10-09 23:00:11 +00:00
|
|
|
workload='pinniped-concierge', # this is the deployment name
|
|
|
|
new_name='concierge', # this is the name that will appear in the tilt UI
|
2020-09-08 16:29:34 +00:00
|
|
|
objects=[
|
2020-10-09 23:00:11 +00:00
|
|
|
# these are the objects that would otherwise appear in the "uncategorized" tab in the tilt UI
|
|
|
|
'concierge:namespace',
|
2020-10-09 21:25:34 +00:00
|
|
|
'pinniped-concierge-aggregated-api-server:clusterrole',
|
|
|
|
'pinniped-concierge-aggregated-api-server:clusterrolebinding',
|
|
|
|
'pinniped-concierge-aggregated-api-server:role',
|
|
|
|
'pinniped-concierge-aggregated-api-server:rolebinding',
|
|
|
|
'pinniped-concierge-cluster-info-lister-watcher:role',
|
|
|
|
'pinniped-concierge-cluster-info-lister-watcher:rolebinding',
|
|
|
|
'pinniped-concierge-config:configmap',
|
|
|
|
'pinniped-concierge-create-token-credential-requests:clusterrole',
|
|
|
|
'pinniped-concierge-create-token-credential-requests:clusterrolebinding',
|
|
|
|
'pinniped-concierge-extension-apiserver-authentication-reader:rolebinding',
|
|
|
|
'pinniped-concierge-kube-system-pod-read:role',
|
|
|
|
'pinniped-concierge-kube-system-pod-read:rolebinding',
|
|
|
|
'pinniped-concierge:clusterrolebinding',
|
|
|
|
'pinniped-concierge:serviceaccount',
|
2020-11-02 21:39:43 +00:00
|
|
|
'credentialissuers.config.concierge.pinniped.dev:customresourcedefinition',
|
2020-10-30 16:39:26 +00:00
|
|
|
'webhookauthenticators.authentication.concierge.pinniped.dev:customresourcedefinition',
|
2020-10-30 14:34:43 +00:00
|
|
|
'v1alpha1.login.concierge.pinniped.dev:apiservice',
|
2020-09-08 16:29:34 +00:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2020-10-09 23:00:11 +00:00
|
|
|
#####################################################################################################
|
2020-10-09 21:25:34 +00:00
|
|
|
# Finish setting up cluster and creating integration test env file
|
|
|
|
#
|
|
|
|
|
2020-09-08 16:29:34 +00:00
|
|
|
# Collect environment variables needed to run our integration test suite.
|
|
|
|
local_resource(
|
|
|
|
'test-env',
|
|
|
|
'TILT_MODE=yes ../../prepare-for-integration-tests.sh',
|
2020-11-17 18:21:15 +00:00
|
|
|
resource_deps=['local-user-auth', 'concierge', 'supervisor', 'dex', 'proxy'],
|
2020-09-08 16:29:34 +00:00
|
|
|
deps=['../../prepare-for-integration-tests.sh'],
|
|
|
|
)
|