fix: replicate BRRTRouter's Kind registry setup verbatim

casibbald · casibbald · commit 4f3385681d4e · 2026-01-10T01:25:35.000+02:00
- Update kind-config.yaml to mirror localhost:5001 to kind-registry:5001
- Update registry startup to use -p 5001:5001 with REGISTRY_HTTP_ADDR
- Simplify Tiltfile to use localhost:5001 everywhere (containerd handles mirroring)
- Remove REGISTRY_CLUSTER and use single registry reference pattern
- Remove separate containerd configuration step (handled by kind-config.yaml)

This matches BRRTRouter's working implementation exactly.
diff --git a/.github/workflows/tilt-ci.yaml b/.github/workflows/tilt-ci.yaml
@@ -89,48 +89,12 @@ jobs:
 
       - name: Start local registry for Kind (localhost:5001)
         run: |
-          # Use BRRTRouter's approach: always remove and recreate to prevent cached images
-          # This ensures a clean registry for each CI run
-          # Using port 5001 to avoid conflict with macOS AirPlay Receiver (port 5000)
-          echo "Checking for existing kind-registry container..."
-          if docker ps -a --format '{{.Names}}' | grep -q '^kind-registry$'; then
-            echo "Removing existing kind-registry container..."
-            docker rm -f kind-registry || true
-            # Wait for port to be released
-            echo "Waiting for port 5001 to be released..."
-            sleep 3
+          docker ps -a
+          RUNNING=$(docker inspect -f '{{.State.Running}}' kind-registry 2>/dev/null || echo "false")
+          if [ "$RUNNING" != "true" ]; then
+            docker rm -f kind-registry 2>/dev/null || true
+            docker run -d --restart=always -p 5001:5001 -e REGISTRY_HTTP_ADDR=0.0.0.0:5001 --name kind-registry registry:2
           fi
-          
-          # Try to start registry
-          # Docker will fail with a clear error if port is unavailable
-          echo "Starting registry on port 5001..."
-          if ! docker run -d --restart=always -p 5001:5001 -e REGISTRY_HTTP_ADDR=0.0.0.0:5001 --name kind-registry registry:2; then
-            echo "❌ Failed to start registry on port 5001"
-            echo "Checking for containers using port 5001:"
-            docker ps --format "table {{.Names}}\t{{.Ports}}" | grep 5001 || echo "No Docker containers found using port 5001"
-            echo ""
-            echo "Possible solutions:"
-            echo "  1. Stop any service using port 5001"
-            exit 1
-          fi
-          
-          # Verify registry is running and accessible
-          echo "Verifying registry is running..."
-          sleep 2
-          if ! docker ps --format '{{.Names}}' | grep -q '^kind-registry$'; then
-            echo "❌ Registry container started but is not running"
-            echo "Container logs:"
-            docker logs kind-registry || true
-            exit 1
-          fi
-          
-          # Test registry accessibility
-          if ! curl -s http://127.0.0.1:5001/v2/ >/dev/null 2>&1; then
-            echo "⚠️  Warning: Registry started but may not be accessible yet"
-            echo "This is often normal - registry may need a moment to initialize"
-          fi
-          
-          echo "✅ Registry 'kind-registry' created and running on port 5001 (fresh, no cached images)"
 
       - name: Create Kind cluster (with local registry mirror)
         run: |
@@ -157,32 +121,10 @@ jobs:
 
       - name: Connect registry to kind network
         run: |
-          # Use BRRTRouter's approach: simple connect (idempotent)
           docker network connect kind kind-registry 2>/dev/null || true
           kubectl get nodes
           kubectl get pods -A || true
 
-      - name: Configure containerd registry mirror
-        env:
-          REGISTRY_NAME: kind-registry
-        run: python3 scripts/configure_containerd_registry.py
-
-      - name: Verify registry accessibility from Kind nodes
-        run: |
-          # Simple verification: test registry API from a Kind node
-          NODE_NAME=$(kubectl get nodes -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || echo "")
-          if [ -z "$NODE_NAME" ]; then
-            echo "⚠️  No Kind nodes found (cluster may still be starting)"
-            exit 0
-          fi
-          
-          # Test registry API via container name (Docker DNS resolves kind-registry)
-          if docker exec $NODE_NAME sh -c "curl -s --connect-timeout 5 http://kind-registry:5001/v2/" 2>&1 | grep -q "{}"; then
-            echo "✅ Registry is accessible from Kind nodes"
-          else
-            echo "⚠️  Registry may not be immediately accessible (containerd config will handle it)"
-          fi
-
       - name: Verify cluster
         run: |
           echo "=== Cluster Info ==="
diff --git a/Tiltfile b/Tiltfile
@@ -32,14 +32,9 @@
 allow_k8s_contexts(['kind-kube-startup-cpu-boost'])
 
 # Configure default registry for Kind cluster
-# Explicitly set registry to avoid auto-detection from ConfigMap
-# The registry is set up by scripts/setup_kind.py as 'kind-registry' on localhost:5001
-# host_from_cluster uses the container name 'kind-registry:5001' which Docker DNS resolves
-# Note: Both host and container use port 5001 to avoid conflict with macOS AirPlay Receiver (port 5000)
-default_registry(
-    'localhost:5001',           # Registry host as seen from local machine (port 5001)
-    host_from_cluster='kind-registry:5001'  # Registry host as seen from within Kind cluster (container port 5001)
-)
+# Containerd mirrors localhost:5001 to kind-registry:5000 automatically
+# We use localhost:5001 everywhere - containerd handles the translation
+default_registry('localhost:5001')
 
 # Suppress warning for custom_build image that uses full registry path
 # We use custom_build with explicit registry path, so Tilt won't find the image name in manifests
@@ -115,15 +110,13 @@ local_resource(
 BINARY_PATH = 'bin/manager'
 IMAGE_NAME = 'kube-startup-cpu-boost'
 # Registry as seen from host (for docker push)
+# Containerd will mirror localhost:5001 to kind-registry:5000 automatically
 REGISTRY_HOST = 'localhost:5001'
-# Registry as seen from inside Kind cluster (for Kubernetes image pull)
-REGISTRY_CLUSTER = 'kind-registry:5001'
-FULL_IMAGE_NAME_HOST = '%s/%s' % (REGISTRY_HOST, IMAGE_NAME)
-FULL_IMAGE_NAME_CLUSTER = '%s/%s' % (REGISTRY_CLUSTER, IMAGE_NAME)
+FULL_IMAGE_NAME = '%s/%s' % (REGISTRY_HOST, IMAGE_NAME)
 # Use unique tag per build to prevent Kubernetes from using cached images
 # Git hash ensures each build has a unique image tag
 IMAGE_TAG = 'tilt-' + str(local('git rev-parse --short HEAD 2>/dev/null || echo unknown')).strip()
-IMAGE_REF = '%s:%s' % (FULL_IMAGE_NAME_HOST, IMAGE_TAG)
+IMAGE_REF = '%s:%s' % (FULL_IMAGE_NAME, IMAGE_TAG)
 
 # Build and push Docker image using local_resource
 # This explicitly builds and pushes the image, ensuring it's available before deployment
@@ -207,7 +200,7 @@ custom_build(
 # which matches the kustomize-to-helm conversion that helmify performs.
 # The chart structure is compatible with both helmify generation and manual helm template usage.
 k8s_yaml(
-    local('helm template kube-startup-cpu-boost %s/charts/kube-startup-cpu-boost --namespace kube-startup-cpu-boost-system --set controllerManager.manager.image.repository=%s --set controllerManager.manager.image.tag=%s' % (PROJECT_DIR, FULL_IMAGE_NAME_CLUSTER, IMAGE_TAG))
+    local('helm template kube-startup-cpu-boost %s/charts/kube-startup-cpu-boost --namespace kube-startup-cpu-boost-system --set controllerManager.manager.image.repository=%s --set controllerManager.manager.image.tag=%s' % (PROJECT_DIR, FULL_IMAGE_NAME, IMAGE_TAG))
 )
 
 # Configure controller manager resource
@@ -256,11 +249,10 @@ local_resource(
 # Build Docker image for the demo Java app
 # Uses the Dockerfile in demo-app directory
 DEMO_APP_IMAGE_NAME = 'spring-demo-app'
-DEMO_APP_FULL_IMAGE_NAME_HOST = '%s/%s' % (REGISTRY_HOST, DEMO_APP_IMAGE_NAME)
-DEMO_APP_FULL_IMAGE_NAME_CLUSTER = '%s/%s' % (REGISTRY_CLUSTER, DEMO_APP_IMAGE_NAME)
+DEMO_APP_FULL_IMAGE_NAME = '%s/%s' % (REGISTRY_HOST, DEMO_APP_IMAGE_NAME)
 # Use unique tag per build
 DEMO_APP_IMAGE_TAG = 'tilt-' + str(local('git rev-parse --short HEAD 2>/dev/null || echo unknown')).strip()
-DEMO_APP_IMAGE_REF = '%s:%s' % (DEMO_APP_FULL_IMAGE_NAME_HOST, DEMO_APP_IMAGE_TAG)
+DEMO_APP_IMAGE_REF = '%s:%s' % (DEMO_APP_FULL_IMAGE_NAME, DEMO_APP_IMAGE_TAG)
 
 # Build and push Docker image for demo app
 local_resource(
@@ -287,7 +279,7 @@ local_resource(
 # Note: We don't add resource_deps here because custom_build doesn't support it
 # Instead, the k8s_resource for spring-demo-app has resource_deps that includes docker-build-demo-app
 custom_build(
-    DEMO_APP_FULL_IMAGE_NAME_HOST,
+    DEMO_APP_FULL_IMAGE_NAME,
     'docker tag %s $EXPECTED_REF && docker push $EXPECTED_REF' % DEMO_APP_IMAGE_REF,
     deps=[],  # No file deps - image is already built by docker-build-demo-app
     tag=DEMO_APP_IMAGE_TAG,
@@ -315,7 +307,7 @@ custom_build(
 # deployment waits for docker-build-demo-app, even if YAML is generated early
 # The image tag is computed at Tiltfile load time, so it will be consistent
 k8s_yaml(
-    local('kubectl kustomize %s/demo-app | python3 -c \'import sys, yaml; docs = list(yaml.safe_load_all(sys.stdin)); filtered = [d for d in docs if d.get("kind") != "StartupCPUBoost"]; print(yaml.dump_all(filtered, default_flow_style=False))\' | sed "s|ghcr.io/google/spring-demo-app:latest|%s:%s|g"' % (PROJECT_DIR, DEMO_APP_FULL_IMAGE_NAME_CLUSTER, DEMO_APP_IMAGE_TAG)),
+    local('kubectl kustomize %s/demo-app | python3 -c \'import sys, yaml; docs = list(yaml.safe_load_all(sys.stdin)); filtered = [d for d in docs if d.get("kind") != "StartupCPUBoost"]; print(yaml.dump_all(filtered, default_flow_style=False))\' | sed "s|ghcr.io/google/spring-demo-app:latest|%s:%s|g"' % (PROJECT_DIR, DEMO_APP_FULL_IMAGE_NAME, DEMO_APP_IMAGE_TAG)),
 )
 
 # Wait for webhook service to be ready
diff --git a/kind-config.yaml b/kind-config.yaml
@@ -1,52 +1,32 @@
-# Copyright 2023 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
+# kind cluster configuration for kube-startup-cpu-boost local development
+# Creates a single-node cluster with port mappings for services
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 name: kube-startup-cpu-boost
-# Configure containerd to use local registry mirror
-# This maps localhost:5001 to kind-registry:5001 (container name, Docker DNS resolves it)
-# Note: Both host and container use port 5001 to avoid conflict with macOS AirPlay Receiver (port 5000)
+# Use stable Kubernetes version (v1.33.1 may have issues on some systems)
+# Uncomment to use a specific version:
+# nodes:
+#   - role: control-plane
+#     image: kindest/node:v1.29.2
+# Enable local registry support for project images
+# See: https://kind.sigs.k8s.io/docs/user/local-registry/
 containerdConfigPatches:
   - |-
     [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5001"]
       endpoint = ["http://kind-registry:5001"]
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."kind-registry:5001"]
-      endpoint = ["http://kind-registry:5001"]
-    [plugins."io.containerd.grpc.v1.cri".registry.configs."kind-registry:5001"]
-      [plugins."io.containerd.grpc.v1.cri".registry.configs."kind-registry:5001".tls]
-        insecure_skip_verify = true
-    [plugins."io.containerd.grpc.v1.cri".registry.configs."localhost:5001"]
-      [plugins."io.containerd.grpc.v1.cri".registry.configs."localhost:5001".tls]
-        insecure_skip_verify = true
 nodes:
-- role: control-plane
-  image: kindest/node:v1.34.0@sha256:7416a61b42b1662ca6ca89f02028ac133a309a2a30ba309614e8ec94d976dc5a
-  kubeadmConfigPatches:
-  # Explicitly use v1beta3 for Kubernetes 1.34.3 (v1beta4 expected for 1.36+)
-  - |
-    kind: InitConfiguration
-    apiVersion: kubeadm.k8s.io/v1beta3
-    nodeRegistration:
-      kubeletExtraArgs:
-        node-labels: "ingress-ready=true"
-networking:
-  # Use unique pod and service subnets to avoid conflicts with other Kind clusters
-  # Allocation: kube-startup-cpu-boost cluster
-  # - Pod Subnet: 10.206.0.0/16 (unique, avoids default 10.244.0.0/16, dcops 10.204.0.0/16)
-  # - Service Subnet: 10.207.0.0/16 (unique, avoids default 10.96.0.0/12, dcops 10.205.0.0/16)
-  podSubnet: "10.206.0.0/16"
-  serviceSubnet: "10.207.0.0/16"
-featureGates:
-  InPlacePodVerticalScaling: true
+  - role: control-plane
+    # Resource limits for local development
+    kubeadmConfigPatches:
+      - |
+        kind: ClusterConfiguration
+        apiVersion: kubeadm.k8s.io/v1beta3
+        apiServer:
+          extraArgs:
+            # Increase API server timeout for debugging
+            request-timeout: "300s"
+        controllerManager:
+          extraArgs:
+            # Faster reconciliation for development
+            node-monitor-period: "2s"
+            node-monitor-grace-period: "16s"
