load('ext://restart_process', 'docker_build_with_restart') disable_snapshots() analytics_settings(False) update_settings(max_parallel_updates=8) os.putenv('CGO_ENABLED', '0') os.putenv('GOOS', 'linux') os.putenv('GOARCH', 'amd64') os.putenv('CGO_ENABLED', '0') os.putenv('KUBE_GIT_VERSION', 'v0.0.0') ##################################################################################################### # Compile all of our ./cmd/... binaries. # local_resource( 'compile', 'cd ../../../ && mkdir -p ./hack/lib/tilt/build && go build -v -ldflags "$(hack/get-ldflags.sh)" -o ./hack/lib/tilt/build ./cmd/...', deps=['../../../cmd', '../../../internal', '../../../pkg', '../../../generated'], ) ##################################################################################################### # Test IDP (Dex + cert generation + squid proxy) # # Render the IDP installation manifest using ytt. k8s_yaml(local(['ytt','--file', '../../../test/deploy/dex'])) # Tell tilt to watch all of those files for changes. watch_file('../../../test/deploy/dex') k8s_resource(objects=['dex:namespace'], new_name='dex-ns') k8s_resource(workload='cert-issuer', resource_deps=['dex-ns'], objects=[ 'cert-issuer:serviceaccount', 'cert-issuer:role', 'cert-issuer:rolebinding', ]) k8s_resource(workload='proxy', resource_deps=['dex-ns']) k8s_resource(workload='dex', resource_deps=['dex-ns', 'cert-issuer'], objects=[ 'dex-config:configmap', ]) ##################################################################################################### # Local-user-authenticator app # # Build a container image for local-user-authenticator, with live-update enabled. docker_build_with_restart('image/local-user-auth', '.', dockerfile='local-user-authenticator.Dockerfile', entrypoint=['/usr/local/bin/local-user-authenticator'], live_update=[sync('./build/local-user-authenticator', '/usr/local/bin/local-user-authenticator')], only=['./build/local-user-authenticator'], ) # Render the local-user-authenticator installation manifest using ytt. k8s_yaml(local([ 'ytt', '--file', '../../../deploy/local-user-authenticator', '--data-value', 'image_repo=image/local-user-auth', '--data-value', 'image_tag=tilt-dev', ])) # Tell tilt to watch all of those files for changes. watch_file('../../../deploy/local-user-authenticator') # Collect all the deployed local-user-authenticator resources under a "local-user-auth" resource tab. k8s_resource( workload='local-user-authenticator', # this is the deployment name new_name='local-user-auth', # this is the name that will appear in the tilt UI objects=[ # these are the objects that would otherwise appear in the "uncategorized" tab in the tilt UI 'local-user-authenticator:namespace', 'local-user-authenticator:serviceaccount', 'local-user-authenticator:role', 'local-user-authenticator:rolebinding', ], ) ##################################################################################################### # Supervisor app # # Build a container image for supervisor, with live-update enabled. docker_build_with_restart('image/supervisor', '.', dockerfile='supervisor.Dockerfile', entrypoint=['/usr/local/bin/pinniped-supervisor'], live_update=[sync('./build/pinniped-supervisor', '/usr/local/bin/pinniped-supervisor')], only=['./build/pinniped-supervisor'], ) # Render the supervisor installation manifest using ytt. # # 31234 and 31243 are the same port numbers hardcoded in the port forwarding of our kind configuration. # Don't think that you can just change this! k8s_yaml(local([ 'ytt', '--file', '../../../deploy/supervisor', '--data-value', 'app_name=pinniped-supervisor', '--data-value', 'namespace=supervisor', '--data-value', 'image_repo=image/supervisor', '--data-value', 'image_tag=tilt-dev', '--data-value', 'log_level=debug', '--data-value-yaml', 'replicas=1', '--data-value-yaml', 'service_http_nodeport_port=80', '--data-value-yaml', 'service_http_nodeport_nodeport=31234', '--data-value-yaml', 'service_https_nodeport_port=443', '--data-value-yaml', 'service_https_nodeport_nodeport=31243', '--data-value-yaml', 'service_https_clusterip_port=443', '--data-value-yaml', 'custom_labels={mySupervisorCustomLabelName: mySupervisorCustomLabelValue}', ])) # Tell tilt to watch all of those files for changes. watch_file('../../../deploy/supervisor') # Collect all the deployed supervisor resources under a "supervisor" resource tab. k8s_resource( workload='pinniped-supervisor', # this is the deployment name new_name='supervisor', # this is the name that will appear in the tilt UI objects=[ # these are the objects that would otherwise appear in the "uncategorized" tab in the tilt UI 'oidcproviders.config.supervisor.pinniped.dev:customresourcedefinition', 'upstreamoidcproviders.idp.supervisor.pinniped.dev:customresourcedefinition', 'pinniped-supervisor-static-config:configmap', 'supervisor:namespace', 'pinniped-supervisor:role', 'pinniped-supervisor:rolebinding', 'pinniped-supervisor:serviceaccount', ], ) # Build a container image for the Concierge server, with live-update enabled. docker_build_with_restart('image/concierge', '.', dockerfile='concierge.Dockerfile', entrypoint=['/usr/local/bin/pinniped-concierge'], live_update=[sync('./build/pinniped-concierge', '/usr/local/bin/pinniped-concierge')], only=['./build/pinniped-concierge'], ) ##################################################################################################### # Concierge app # # Render the Concierge server installation manifest using ytt. k8s_yaml(local([ 'sh', '-c', 'ytt --file ../../../deploy/concierge ' + '--data-value app_name=pinniped-concierge ' + '--data-value namespace=concierge ' + '--data-value image_repo=image/concierge ' + '--data-value image_tag=tilt-dev ' + '--data-value kube_cert_agent_image=debian:10.6-slim ' + '--data-value discovery_url=$(TERM=dumb kubectl cluster-info | awk \'/Kubernetes master/ {print $NF}\') ' + '--data-value log_level=debug ' + '--data-value-yaml replicas=1 ' + '--data-value-yaml "custom_labels={myConciergeCustomLabelName: myConciergeCustomLabelValue}"' ])) # Tell tilt to watch all of those files for changes. watch_file('../../../deploy/concierge') # Collect all the deployed local-user-authenticator resources under a "concierge" resource tab. k8s_resource( workload='pinniped-concierge', # this is the deployment name new_name='concierge', # this is the name that will appear in the tilt UI objects=[ # these are the objects that would otherwise appear in the "uncategorized" tab in the tilt UI 'concierge:namespace', 'pinniped-concierge-aggregated-api-server:clusterrole', 'pinniped-concierge-aggregated-api-server:clusterrolebinding', 'pinniped-concierge-aggregated-api-server:role', 'pinniped-concierge-aggregated-api-server:rolebinding', 'pinniped-concierge-cluster-info-lister-watcher:role', 'pinniped-concierge-cluster-info-lister-watcher:rolebinding', 'pinniped-concierge-config:configmap', 'pinniped-concierge-create-token-credential-requests:clusterrole', 'pinniped-concierge-create-token-credential-requests:clusterrolebinding', 'pinniped-concierge-extension-apiserver-authentication-reader:rolebinding', 'pinniped-concierge-kube-system-pod-read:role', 'pinniped-concierge-kube-system-pod-read:rolebinding', 'pinniped-concierge:clusterrolebinding', 'pinniped-concierge:serviceaccount', 'credentialissuers.config.concierge.pinniped.dev:customresourcedefinition', 'webhookauthenticators.authentication.concierge.pinniped.dev:customresourcedefinition', 'v1alpha1.login.concierge.pinniped.dev:apiservice', ], ) ##################################################################################################### # Finish setting up cluster and creating integration test env file # # Collect environment variables needed to run our integration test suite. local_resource( 'test-env', 'TILT_MODE=yes ../../prepare-for-integration-tests.sh', resource_deps=['local-user-auth', 'concierge', 'supervisor', 'dex', 'proxy'], deps=['../../prepare-for-integration-tests.sh'], )