add support for using Tilt for local development (guacsec#1021)

* add support for using Tilt for local development: * add K8S manifests for basic stack * enable the use of environment variables in Viper: prefixed with GUAC_ * add an HTTP based healthcheck to the GQL service * integrate Tilt with Kind in GHA for CI Signed-off-by: Jesse White <jwhite08@gmail.com> * remove reference to branch Signed-off-by: Jesse White <jwhite08@gmail.com> * enable the graphql playground and expose 8080 on the service by default Signed-off-by: Jesse White <jwhite08@gmail.com> * move helm chart values to k8s/ folder Signed-off-by: Jesse White <jwhite08@gmail.com> * increase default nats limit to 64MB to be consistent with docker compose deployment Signed-off-by: Jesse White <jwhite08@gmail.com> --------- Signed-off-by: Jesse White <jwhite08@gmail.com>
mrizzi · Jul 18, 2023 · 0fec13b · 0fec13b
1 parent 4181c17
commit 0fec13b
Show file tree

Hide file tree

Showing 10 changed files with 318 additions and 0 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -122,3 +122,85 @@ jobs:
       with:
         python-version: '3.10'
     - run: ./internal/testing/e2e/e2e
+
+  tilt-ci:
+    name: Run 'tilt ci'
+    runs-on:
+      labels: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Install tools
+        shell: bash
+        run: |
+          sudo apt-get install -y git uuid-runtime
+
+          # tilt -- https://raw.githubusercontent.com/tilt-dev/tilt/master/scripts/install.sh
+          case $(uname -m) in
+              aarch64) ARCH=arm64;;
+              armv7l)  ARCH=arm;;
+              *)       ARCH=$(uname -m);;
+          esac
+          VERSION=0.32.0
+          curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v$VERSION/tilt.$VERSION.linux.$ARCH.tar.gz | tar -xzvC /usr/local/bin tilt
+
+          # helm
+          case $(uname -m) in
+              aarch64) ARCH=arm64;;
+              armv7l)  ARCH=arm;;
+              x86_64)  ARCH=amd64;;
+              *)       ARCH=$(uname -m);;
+          esac
+          VERSION=3.12.0
+          curl -fsSL https://get.helm.sh/helm-v$VERSION-linux-$ARCH.tar.gz | tar --strip-components=1 -xzvC /usr/local/bin linux-$ARCH/helm
+
+          # ctlptl - https://github.com/tilt-dev/ctlptl/blob/main/INSTALL.md
+          CTLPTL_VERSION="0.8.19"
+          curl -fsSL https://github.com/tilt-dev/ctlptl/releases/download/v$CTLPTL_VERSION/ctlptl.$CTLPTL_VERSION.linux.x86_64.tar.gz | sudo tar -xzv -C /usr/local/bin ctlptl
+
+          # kind - https://kind.sigs.k8s.io/docs/user/quick-start/#installing-from-release-binaries
+          # For AMD64 / x86_64
+          [ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.19.0/kind-linux-amd64
+          # For ARM64
+          [ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.19.0/kind-linux-arm64
+          chmod +x ./kind
+          sudo mv ./kind /usr/local/bin/kind
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
+        with:
+          install-only: true
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3
+      - name: setup-go
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # tag=v3.2.1
+        with:
+          go-version: '1.19'
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+      - name: Setup the project
+        run: go mod download
+      - name: Setup kind cluster
+        shell: bash
+        run: |
+          ctlptl create cluster kind --registry=ctlptl-registry
+      - name: Run 'tilt ci'
+        shell: bash
+        run: |
+          tilt ci
+      - name: Diag after failure
+        if: ${{ failure() }}
+        shell: bash
+        run: |
+            echo "K8S CLUSTER STATUS"
+            kubectl get all
+
+            echo ""
+
+            for pod in $(kubectl get pod | awk '$1 != "NAME" { print $1; }')
+            do
+                echo ""
+                echo "=== DIAG POD ${pod} ==="
+                echo ""
+                kubectl describe "pod/${pod#pod/}" | sed 's,^,    ,'
+            done
diff --git a/.tiltignore b/.tiltignore
@@ -0,0 +1,4 @@
+**/.entc
+**/ent/
+pkg/assembler/clients/generated/
+pkg/assembler/graphql/
diff --git a/Tiltfile b/Tiltfile
@@ -0,0 +1,20 @@
+allow_k8s_contexts('kind-kind')
+analytics_settings(enable=False)
+
+load('ext://helm_remote', 'helm_remote')
+helm_remote('nats', repo_url='https://nats-io.github.io/k8s/helm/charts/', repo_name='nats', values='k8s/tilt-nats-values.yaml')
+
+custom_build('local-organic-guac', "export GUAC_IMAGE=\"$EXPECTED_IMAGE\" && make container", deps='pkg/', tag="latest")
+k8s_yaml('k8s/k8s.yaml')
+
+k8s_resource(
+    workload='guac-collectsub',
+    resource_deps=['nats']
+)
+
+k8s_resource(
+   workload='guac-graphql',
+   port_forwards=[
+      port_forward(8080, 8080, name='graphql')
+   ]
+)
diff --git a/cmd/guaccollect/cmd/root.go b/cmd/guaccollect/cmd/root.go
@@ -18,6 +18,7 @@ package cmd
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/guacsec/guac/pkg/cli"
 	"github.com/guacsec/guac/pkg/version"
@@ -39,6 +40,10 @@ func init() {
 		fmt.Fprintf(os.Stderr, "failed to bind flags: %v", err)
 		os.Exit(1)
 	}
+
+	viper.SetEnvPrefix("GUAC")
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+	viper.AutomaticEnv()
 }
 
 var rootCmd = &cobra.Command{

diff --git a/cmd/guacgql/cmd/root.go b/cmd/guacgql/cmd/root.go
@@ -18,6 +18,7 @@ package cmd
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/guacsec/guac/pkg/cli"
 	"github.com/guacsec/guac/pkg/version"
@@ -85,6 +86,10 @@ func init() {
 		fmt.Fprintf(os.Stderr, "failed to bind flags: %v", err)
 		os.Exit(1)
 	}
+
+	viper.SetEnvPrefix("GUAC")
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+	viper.AutomaticEnv()
 }
 
 func Execute() {

diff --git a/cmd/guacgql/cmd/server.go b/cmd/guacgql/cmd/server.go
@@ -64,6 +64,8 @@ func startServer(cmd *cobra.Command) {
 		srv.Use(tracer)
 	}
 
+	http.HandleFunc("/healthz", healthHandler)
+
 	http.Handle("/query", srv)
 	if flags.debug {
 		http.Handle("/", playground.Handler("GraphQL playground", "/query"))
@@ -157,3 +159,8 @@ func getGraphqlServer(ctx context.Context) (*handler.Server, error) {
 
 	return srv, nil
 }
+
+func healthHandler(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(http.StatusOK)
+	_, _ = fmt.Fprint(w, "Server is healthy")
+}
diff --git a/cmd/guacingest/cmd/root.go b/cmd/guacingest/cmd/root.go
@@ -18,6 +18,7 @@ package cmd
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/guacsec/guac/pkg/cli"
 	"github.com/guacsec/guac/pkg/version"
@@ -39,6 +40,10 @@ func init() {
 		fmt.Fprintf(os.Stderr, "failed to bind flags: %v", err)
 		os.Exit(1)
 	}
+
+	viper.SetEnvPrefix("GUAC")
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+	viper.AutomaticEnv()
 }
 
 var rootCmd = &cobra.Command{

diff --git a/cmd/guacone/cmd/root.go b/cmd/guacone/cmd/root.go
@@ -18,6 +18,7 @@ package cmd
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/guacsec/guac/pkg/cli"
 	"github.com/guacsec/guac/pkg/version"
@@ -39,6 +40,10 @@ func init() {
 		fmt.Fprintf(os.Stderr, "failed to bind flags: %v", err)
 		os.Exit(1)
 	}
+
+	viper.SetEnvPrefix("GUAC")
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+	viper.AutomaticEnv()
 }
 
 var rootCmd = &cobra.Command{

diff --git a/k8s/k8s.yaml b/k8s/k8s.yaml
@@ -0,0 +1,167 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: guac-collectsub
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: guac-collectsub
+  template:
+    metadata:
+      labels:
+        app: guac-collectsub
+    spec:
+      containers:
+        - name: guac-collectsub
+          image: local-organic-guac
+          command: ["/opt/guac/guaccsub"]
+          workingDir: /tmp
+          ports:
+            - containerPort: 2782
+          readinessProbe:
+            exec:
+              command:
+                - wget
+                - --spider
+                - http://localhost:2782
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: guac-collectsub
+spec:
+  selector:
+    app: guac-collectsub
+  ports:
+    - protocol: TCP
+      port: 2782
+      targetPort: 2782
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: guac-graphql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: guac-graphql
+  template:
+    metadata:
+      labels:
+        app: guac-graphql
+    spec:
+      containers:
+        - name: guac-graphql
+          image: local-organic-guac
+          command: ["/opt/guac/guacgql"]
+          workingDir: /tmp
+          env:
+            - name: GUAC_GQL_DEBUG
+              value: "true"
+          ports:
+            - name: http-port
+              containerPort: 8080
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: http-port
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: guac-graphql
+spec:
+  selector:
+    app: guac-graphql
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: guac-ingestor
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: guac-ingestor
+  template:
+    metadata:
+      labels:
+        app: guac-ingestor
+    spec:
+      containers:
+        - name: guac-ingestor
+          image: local-organic-guac
+          command: ["/opt/guac/guacingest"]
+          workingDir: /tmp
+          env:
+            - name: GUAC_NATS_ADDR
+              value: nats://nats:4222
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: oci-collector
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: oci-collector
+  template:
+    metadata:
+      labels:
+        app: oci-collector
+    spec:
+      containers:
+        - name: oci-collector
+          image: local-organic-guac
+          command: ["/opt/guac/guaccollect", "image"]
+          workingDir: /tmp
+          env:
+            - name: GUAC_NATS_ADDR
+              value: nats://nats:4222
+            - name: GUAC_CSUB_ADDR
+              value: guac-collectsub:2782
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: depsdev-collector
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: depsdev-collector
+  template:
+    metadata:
+      labels:
+        app: depsdev-collector
+    spec:
+      containers:
+        - name: depsdev-collector
+          image: local-organic-guac
+          command: ["/opt/guac/guaccollect", "deps_dev"]
+          workingDir: /tmp
+          env:
+            - name: GUAC_NATS_ADDR
+              value: nats://nats:4222
+            - name: GUAC_CSUB_ADDR
+              value: guac-collectsub:2782
diff --git a/k8s/tilt-nats-values.yaml b/k8s/tilt-nats-values.yaml
@@ -0,0 +1,18 @@
+nats:
+  image: nats:alpine
+
+  limits:
+    maxPayload: "64MB"
+
+  jetstream:
+    enabled: true
+
+    memStorage:
+      enabled: true
+      size: "128MB"
+
+    fileStorage:
+      enabled: false
+
+cluster:
+  enabled: false