refactor: make tilt friendlier

Previously we had a bunch of yaml files under `config/`, sometimes they
become outdated because no one updated them. With the new `Tiltfile`, on
`tilt up` it will use the helm chart from `charts/tf-controller`.

What it does:

1. Builds the controller image.
2. Builds the branch planner image.
3. Builds the runner image.
4. Update Helm chart dependencies.
5. Deploys the helm chart with `config/tilt/helm/dev-values.yaml`.
5. Creates a `terraform` namespace.
6. Creates a `ConfigMap` to watch `Terraform` objects in the `terraform`
   namespace.
7. Creates a `Secret` from the `GITHUB_TOKEN` environment variable.

If there is a `Tiltfile.local`, it will source that file too. This file
is ignored by git, if you need to add things specific to your local
environment, you can add those in that file.

If there is a `config/tilt/helm/dev-values-local.yaml` file, it will use
that file to feed values to the helm deployment as an addition to
`config/tilt/helm/dev-values.yaml`.

Closes #770

== Additional changes

**Add `RUNTIME_NAMESPACE` to branch planner**

```
❯ kubectl describe pod -n flux-system chart-tf-controller-planner-6858b948fc-qrdch | grep RUNTIME_NAMESPACE
      RUNTIME_NAMESPACE:  flux-system (v1:metadata.namespace)
```

Closes #762

**Add build tags to dockerfiles**

None of the dockerfiles used `BUILD_VERSION` and `BUILD_SHA` to build
the go application. Now they do.

References:
* #770
* #762

Signed-off-by: Balazs Nadasdi <[email protected]>

.gitignore

@@ -42,3 +42,7 @@ example/
 
 # OS files
 **/.DS_Store
+
+# Local dev files
+Tiltfile.local
+/config/tilt/helm/dev-values-local.yaml

Dockerfile

@@ -2,6 +2,8 @@
 FROM golang:1.20 as builder
 
 ARG TARGETARCH
+ARG BUILD_SHA
+ARG BUILD_VERSION
 
 RUN apt-get update && apt-get install -y unzip
 
@@ -26,7 +28,10 @@ COPY runner/ runner/
 COPY utils/ utils/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -gcflags=all="-N -l" -a -o tf-controller cmd/manager/main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
+      go build -gcflags=all="-N -l" \
+        -ldflags "-X main.BuildSHA='${BUILD_SHA}' -X main.BuildVersion='${BUILD_VERSION}'" \
+        -a -o tf-controller cmd/manager/main.go
 
 FROM alpine:3.18
 

Tiltfile

@@ -1,35 +1,82 @@
-local('kubectl apply --server-side -k config/tilt/base')
+load('ext://restart_process', 'docker_build_with_restart')
+load('ext://helm_remote', 'helm_remote')
+load('ext://secret', 'secret_from_dict')
+load('ext://namespace', 'namespace_create', 'namespace_inject')
 
-k8s_yaml(kustomize('config/tilt/manager'))
-k8s_yaml(kustomize('config/tilt/branch-planner'))
+namespace       = "flux-system"
+tfNamespace     = "terraform"
+buildSHA        = str(local('git rev-parse --short HEAD')).rstrip('\n')
+buildVersionRef = str(local('git rev-list --tags --max-count=1')).rstrip('\n')
+buildVersion    = str(local("git describe --tags ${buildVersionRef}")).rstrip('\n')
 
+if os.path.exists('Tiltfile.local'):
+   include('Tiltfile.local')
+
+namespace_create(tfNamespace)
+
+# Download chart deps
+local_resource("helm-dep-update", "helm dep update charts/tf-controller", trigger_mode=TRIGGER_MODE_MANUAL, auto_init=True)
+
+# Define resources
+k8s_resource('chart-tf-controller',
+  labels=["deployments"],
+  new_name='controller')
+
+k8s_resource('chart-tf-controller-planner',
+  labels=["deployments"],
+  new_name='branch-planner')
+
+helm_values = ['config/tilt/helm/dev-values.yaml']
+if os.path.exists('config/tilt/helm/dev-values-local.yaml'):
+   helm_values.append('config/tilt/helm/dev-values-local.yaml')
+
+k8s_yaml(helm(
+   "charts/tf-controller",
+   namespace=namespace,
+   values=helm_values,
+))
+
+# Add Example
+k8s_yaml("./config/tilt/test/tf-dev-subject.yaml")
+
+# Add Secrets
+if not os.getenv('GITHUB_TOKEN'):
+   fail("You need to set GITHUB_TOKEN in your terminal before running this")
+
+k8s_yaml(namespace_inject(secret_from_dict("bbp-token", inputs = {
+    'token' : os.getenv('GITHUB_TOKEN')
+}), namespace))
+
+# Add configMap
+k8s_yaml(namespace_inject("./config/tilt/configMap.yaml", namespace))
+
+# Images
 docker_build(
-    'weaveworks/tf-controller',
-    context='.',
-    dockerfile='Dockerfile',
-)
+  "ghcr.io/weaveworks/tf-controller",
+  "",
+  dockerfile="Dockerfile",
+  build_args={
+    'BUILD_SHA': buildSHA,
+    'BUILD_VERSION': buildVersion,
+  })
 
-custom_build(
-    'localhost:5000/weaveworks/tf-runner',
-    'make docker-dev-runner RUNNER_IMG=localhost:5000/weaveworks/tf-runner TAG=$EXPECTED_TAG',
-    deps=['runner/', 'runner.Dockerfile'],
-)
+docker_build(
+  "ghcr.io/weaveworks/branch-planner",
+  "",
+  dockerfile="planner.Dockerfile",
+  build_args={
+    'BUILD_SHA': buildSHA,
+    'BUILD_VERSION': buildVersion,
+  })
 
+# There are no resources using this image when tilt starts, but we still need
+# this image.
+update_settings(suppress_unused_image_warnings=["ghcr.io/weaveworks/tf-runner"])
 docker_build(
-    'weaveworks/branch-planner',
-    context='.',
-    dockerfile='planner.Dockerfile',
-)
-
-### this is a group of resources that are deployed together
-k8s_yaml(
-    'config/tilt/test/tf-dev-subject.yaml',
-)
-k8s_kind('Terraform', image_json_path='{.spec.runnerPodTemplate.spec.image}', pod_readiness='ignore')
-
-k8s_resource(
-  objects=['helloworld:GitRepository:flux-system','helloworld-tf:Secret:flux-system'],
-  workload='helloworld-tf',
-  extra_pod_selectors={'instance': 'helloworld-tf'},
-  pod_readiness='ignore',
-)
+  'ghcr.io/weaveworks/tf-runner',
+  '',
+  dockerfile='runner.Dockerfile',
+  build_args={
+    'BUILD_SHA': buildSHA,
+    'BUILD_VERSION': buildVersion,
+  })

charts/tf-controller/templates/_helpers.tpl

@@ -127,3 +127,13 @@ Selector labels
 app.kubernetes.io/name: {{ include "planner.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+Inject pod namespace
+*/}}
+{{- define "pod-namespace" }}
+- name: RUNTIME_NAMESPACE
+  valueFrom:
+    fieldRef:
+      fieldPath: metadata.namespace
+{{- end }}

charts/tf-controller/templates/deployment.yaml

@@ -49,10 +49,7 @@ spec:
         - --
         - tf-controller
         env:
-        - name: RUNTIME_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
+          {{- include "pod-namespace" . | indent 8 }}
         - name: RUNNER_POD_IMAGE
           value: "{{ .Values.runner.image.repository }}:{{ default .Chart.AppVersion .Values.runner.image.tag }}"
         {{- range $key, $value := .Values.extraEnv }}

charts/tf-controller/templates/planner-deployment.yaml

@@ -31,24 +31,13 @@ spec:
       containers:
       - args: []
         env:
-        # Update the env variables according to your new deployment
+          {{- include "pod-namespace" . | indent 8 }}
         image: "{{ .Values.branchPlanner.image.repository }}:{{ default .Chart.AppVersion .Values.branchPlanner.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: healthz
         name: {{ .Chart.Name }}
         ports:
         - containerPort: 8080
           name: http-prom
-        - containerPort: 9440
-          name: healthz
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: healthz
         securityContext:
           {{- toYaml .Values.securityContext | nindent 10 }}
       securityContext: