|
@@ -19,34 +19,47 @@ settings.update(read_yaml(
|
|
|
tilt_file,
|
|
tilt_file,
|
|
|
default = {},
|
|
default = {},
|
|
|
))
|
|
))
|
|
|
|
|
+
|
|
|
# set up the development environment
|
|
# set up the development environment
|
|
|
|
|
|
|
|
-# Update the root security group. Tilt requires root access to update the
|
|
|
|
|
-# running process.
|
|
|
|
|
|
|
+# Split the YAML into CRDs and other resources
|
|
|
objects = decode_yaml_stream(read_file('bin/deploy/manifests/external-secrets.yaml'))
|
|
objects = decode_yaml_stream(read_file('bin/deploy/manifests/external-secrets.yaml'))
|
|
|
|
|
+
|
|
|
|
|
+crds = []
|
|
|
|
|
+other_resources = []
|
|
|
|
|
+
|
|
|
for o in objects:
|
|
for o in objects:
|
|
|
|
|
+ if o.get('kind') == 'CustomResourceDefinition':
|
|
|
|
|
+ crds.append(o)
|
|
|
|
|
+ else:
|
|
|
|
|
+ other_resources.append(o)
|
|
|
|
|
+
|
|
|
|
|
+# Process deployments for development
|
|
|
|
|
+for o in other_resources:
|
|
|
if o.get('kind') == 'Deployment' and o.get('metadata').get('name') in ['external-secrets-cert-controller', 'external-secrets', 'external-secrets-webhook']:
|
|
if o.get('kind') == 'Deployment' and o.get('metadata').get('name') in ['external-secrets-cert-controller', 'external-secrets', 'external-secrets-webhook']:
|
|
|
o['spec']['template']['spec']['containers'][0]['securityContext'] = {'runAsNonRoot': False, 'readOnlyRootFilesystem': False}
|
|
o['spec']['template']['spec']['containers'][0]['securityContext'] = {'runAsNonRoot': False, 'readOnlyRootFilesystem': False}
|
|
|
o['spec']['template']['spec']['containers'][0]['imagePullPolicy'] = 'Always'
|
|
o['spec']['template']['spec']['containers'][0]['imagePullPolicy'] = 'Always'
|
|
|
if settings.get('debug').get('enabled') and o.get('metadata').get('name') == 'external-secrets':
|
|
if settings.get('debug').get('enabled') and o.get('metadata').get('name') == 'external-secrets':
|
|
|
o['spec']['template']['spec']['containers'][0]['ports'] = [{'containerPort': 30000}]
|
|
o['spec']['template']['spec']['containers'][0]['ports'] = [{'containerPort': 30000}]
|
|
|
|
|
|
|
|
-
|
|
|
|
|
-updated_install = encode_yaml_stream(objects)
|
|
|
|
|
-
|
|
|
|
|
-# Apply the updated yaml to the cluster.
|
|
|
|
|
-# Create the directory and write the file
|
|
|
|
|
|
|
+# Create the directory
|
|
|
local('mkdir -p .tilt-tmp')
|
|
local('mkdir -p .tilt-tmp')
|
|
|
-local('cat > .tilt-tmp/external-secrets-modified.yaml', stdin=updated_install)
|
|
|
|
|
-
|
|
|
|
|
-# Now use k8s_custom_deploy to apply it
|
|
|
|
|
-k8s_custom_deploy(
|
|
|
|
|
- 'external-secrets',
|
|
|
|
|
- apply_cmd='kubectl apply --server-side -f .tilt-tmp/external-secrets-modified.yaml -o yaml',
|
|
|
|
|
- delete_cmd='kubectl delete --ignore-not-found -f .tilt-tmp/external-secrets-modified.yaml',
|
|
|
|
|
- deps=['bin/deploy/manifests/external-secrets.yaml'],
|
|
|
|
|
- image_deps=['oci.external-secrets.io/external-secrets/external-secrets']
|
|
|
|
|
-)
|
|
|
|
|
|
|
+
|
|
|
|
|
+# Apply CRDs with server-side apply (handles large CRDs)
|
|
|
|
|
+if crds:
|
|
|
|
|
+ crd_yaml = encode_yaml_stream(crds)
|
|
|
|
|
+ local('cat > .tilt-tmp/external-secrets-crds.yaml', stdin=crd_yaml)
|
|
|
|
|
+ local_resource(
|
|
|
|
|
+ 'apply-crds',
|
|
|
|
|
+ 'kubectl apply --server-side -f .tilt-tmp/external-secrets-crds.yaml',
|
|
|
|
|
+ deps=['bin/deploy/manifests/external-secrets.yaml']
|
|
|
|
|
+ )
|
|
|
|
|
+
|
|
|
|
|
+# Use regular k8s_yaml for deployments (Tilt will handle image substitution)
|
|
|
|
|
+if other_resources:
|
|
|
|
|
+ deployments_yaml = encode_yaml_stream(other_resources)
|
|
|
|
|
+ local('cat > .tilt-tmp/external-secrets-deployments.yaml', stdin=deployments_yaml)
|
|
|
|
|
+ k8s_yaml('.tilt-tmp/external-secrets-deployments.yaml')
|
|
|
|
|
|
|
|
load('ext://restart_process', 'docker_build_with_restart')
|
|
load('ext://restart_process', 'docker_build_with_restart')
|
|
|
|
|
|
|
@@ -73,7 +86,6 @@ local_resource(
|
|
|
],
|
|
],
|
|
|
)
|
|
)
|
|
|
|
|
|
|
|
-
|
|
|
|
|
# Build the docker image for our controller. We use a specific Dockerfile
|
|
# Build the docker image for our controller. We use a specific Dockerfile
|
|
|
# since tilt can't run on a scratch container.
|
|
# since tilt can't run on a scratch container.
|
|
|
# `only` here is important, otherwise, the container will get updated
|
|
# `only` here is important, otherwise, the container will get updated
|
|
@@ -89,7 +101,6 @@ if settings.get('debug').get('enabled'):
|
|
|
entrypoint = ['/dlv', '--listen=:30000', '--api-version=2', '--continue=true', '--accept-multiclient=true', '--headless=true', 'exec', '/external-secrets', '--']
|
|
entrypoint = ['/dlv', '--listen=:30000', '--api-version=2', '--continue=true', '--accept-multiclient=true', '--headless=true', 'exec', '/external-secrets', '--']
|
|
|
dockerfile = 'tilt.debug.dockerfile'
|
|
dockerfile = 'tilt.debug.dockerfile'
|
|
|
|
|
|
|
|
-
|
|
|
|
|
docker_build_with_restart(
|
|
docker_build_with_restart(
|
|
|
'oci.external-secrets.io/external-secrets/external-secrets',
|
|
'oci.external-secrets.io/external-secrets/external-secrets',
|
|
|
'.',
|
|
'.',
|
Gergely Brautigam