forked from operator-framework/operator-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.tilt-support
151 lines (129 loc) · 6.4 KB
/
.tilt-support
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
load('ext://restart_process', 'docker_build_with_restart')
load('ext://cert_manager', 'deploy_cert_manager')
def deploy_cert_manager_if_needed():
cert_manager_var = '__CERT_MANAGER__'
if os.getenv(cert_manager_var) != '1':
deploy_cert_manager(version="v1.15.3")
os.putenv(cert_manager_var, '1')
# Set up our build helper image that has delve in it. We use a helper so parallel image builds don't all simultaneously
# install delve. Instead, they all wait for this build to complete, and then proceed in parallel.
docker_build(
ref='helper',
context='.',
build_args={'GO_VERSION': '1.23'},
dockerfile_contents='''
ARG GO_VERSION
FROM golang:${GO_VERSION}
ARG GO_VERSION
RUN CGO_ENABLED=0 go install github.com/go-delve/delve/cmd/dlv@v${GO_VERSION}
'''
)
def build_binary(repo, binary, deps, image, tags="", debug=True):
gcflags = ''
if debug:
gcflags = "-gcflags 'all=-N -l'"
# Treat the main binary as a local resource, so we can automatically rebuild it when any of the deps change. This
# builds it locally, targeting linux, so it can run in a linux container.
binary_name = binary.split("/")[-1]
local_resource(
'{}_{}_binary'.format(repo, binary_name),
cmd='''
mkdir -p .tiltbuild/bin
CGO_ENABLED=0 GOOS=linux go build {tags} {gcflags} -o .tiltbuild/bin/{binary_name} {binary}
'''.format(repo=repo, binary_name=binary_name, binary=binary, gcflags=gcflags, tags=tags),
deps=deps
)
entrypoint = ['/{}'.format(binary_name)]
if debug:
entrypoint = ['/dlv', '--accept-multiclient', '--api-version=2', '--headless=true', '--listen', ':30000', 'exec', '--continue', '--'] + entrypoint
# Configure our image build. If the file in live_update.sync (.tiltbuild/bin/$binary) changes, Tilt
# copies it to the running container and restarts it.
docker_build_with_restart(
# This has to match an image in the k8s_yaml we call below, so Tilt knows to use this image for our Deployment,
# instead of the actual image specified in the yaml.
ref='{image}:{binary_name}'.format(image=image, binary_name=binary_name),
# This is the `docker build` context, and because we're only copying in the binary we've already had Tilt build
# locally, we set the context to the directory containing the binary.
context='.tiltbuild/bin',
# We use a slimmed-down Dockerfile that only has $binary in it.
dockerfile_contents='''
FROM gcr.io/distroless/static:debug
WORKDIR /
COPY --from=helper /go/bin/dlv /
COPY {} /
'''.format(binary_name),
# The set of files Tilt should include in the build. In this case, it's just the binary we built above.
only=binary_name,
# If .tiltbuild/bin/$binary changes, Tilt will copy it into the running container and restart the process.
live_update=[
sync('.tiltbuild/bin/{}'.format(binary_name), '/{}'.format(binary_name)),
],
# The command to run in the container.
entrypoint=entrypoint,
)
def process_yaml(yaml):
if type(yaml) == 'string':
objects = read_yaml_stream(yaml)
elif type(yaml) == 'blob':
objects = decode_yaml_stream(yaml)
else:
fail('expected a string or blob, got: {}'.format(type(yaml)))
for o in objects:
# For Tilt's live_update functionality to work, we have to run the container as root. Remove any PSA labels
# to allow this.
if o['kind'] == 'Namespace' and 'labels' in o['metadata']:
labels_to_delete = [label for label in o['metadata']['labels'] if label.startswith('pod-security.kubernetes.io')]
for label in labels_to_delete:
o['metadata']['labels'].pop(label)
if o['kind'] != 'Deployment':
# We only need to modify Deployments, so we can skip this
continue
# For Tilt's live_update functionality to work, we have to run the container as root. Otherwise, Tilt won't
# be able to untar the updated binary in the container's file system (this is how live update
# works). If there are any securityContexts, remove them.
if "securityContext" in o['spec']['template']['spec']:
o['spec']['template']['spec'].pop('securityContext')
for c in o['spec']['template']['spec']['containers']:
if "securityContext" in c:
c.pop('securityContext')
# If multiple Deployment manifests all use the same image but use different entrypoints to change the binary,
# we have to adjust each Deployment to use a different image. Tilt needs each Deployment's image to be
# unique. We replace the tag with what is effectively :$binary, e.g. :helm.
for c in o['spec']['template']['spec']['containers']:
if c['name'] == 'kube-rbac-proxy':
continue
command = c['command'][0]
if command.startswith('./'):
command = command.removeprefix('./')
elif command.startswith('/'):
command = command.removeprefix('/')
image_without_tag = c['image'].rsplit(':', 1)[0]
# Update the image so instead of :$tag it's :$binary
c['image'] = '{}:{}'.format(image_without_tag, command)
# Now apply all the yaml
# We are using allow_duplicates=True here as both
# operator-controller and catalogd will be installed in the same
# namespace "olmv1-system" as of https://github.com/operator-framework/operator-controller/pull/888
# and https://github.com/operator-framework/catalogd/pull/283
k8s_yaml(encode_yaml_stream(objects), allow_duplicates=True)
# data format:
# {
# 'image': 'quay.io/operator-framework/rukpak',
# 'yaml': 'manifests/overlays/cert-manager',
# 'binaries': {
# 'core': 'core',
# 'crdvalidator': 'crd-validation-webhook',
# 'helm': 'helm-provisioner',
# 'webhooks': 'rukpak-webhooks',
# },
# 'deps': ['api', 'cmd/binary_name', 'internal', 'pkg'],
# },
def deploy_repo(repo, data, tags="", debug=True):
print('Deploying repo {}'.format(repo))
deploy_cert_manager_if_needed()
local_port = data['starting_debug_port']
for binary, deployment in data['binaries'].items():
build_binary(repo, binary, data['deps'], data['image'], tags, debug)
k8s_resource(deployment, port_forwards=['{}:30000'.format(local_port)])
local_port += 1
process_yaml(kustomize(data['yaml']))