From 5b74df05ac15448f132e2f69103455869f825912 Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Thu, 27 Feb 2025 00:43:05 +0100 Subject: [PATCH 01/12] feat(dev): initial tilt config Signed-off-by: Alessio Pragliola --- devenv/Makefile | 2 + devenv/Tiltfile | 74 +++++++++++++++++++ .../configs/tiltfiles/cert-manager.tiltfile | 21 ++++++ devenv/configs/tiltfiles/setup.tiltfile | 4 + devenv/tilt_config.json | 5 ++ workspaces/controller/.dockerignore | 2 +- workspaces/controller/tilt.dockerfile | 7 ++ 7 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 devenv/Makefile create mode 100644 devenv/Tiltfile create mode 100644 devenv/configs/tiltfiles/cert-manager.tiltfile create mode 100644 devenv/configs/tiltfiles/setup.tiltfile create mode 100644 devenv/tilt_config.json create mode 100644 workspaces/controller/tilt.dockerfile diff --git a/devenv/Makefile b/devenv/Makefile new file mode 100644 index 00000000..eb2f88e8 --- /dev/null +++ b/devenv/Makefile @@ -0,0 +1,2 @@ +tilt-up: + DOCKER_BUILDKIT=0 tilt up diff --git a/devenv/Tiltfile b/devenv/Tiltfile new file mode 100644 index 00000000..cf508dc2 --- /dev/null +++ b/devenv/Tiltfile @@ -0,0 +1,74 @@ +load_dynamic("./configs/tiltfiles/setup.tiltfile") + +config.define_string_list("services") + +parsed_config = config.parse() + +for service in parsed_config.get("services", []): + load_dynamic("./configs/tiltfiles/%s.tiltfile" % (service)) + +manifests = kustomize("../workspaces/controller/config/default") + +objects = decode_yaml_stream(manifests) + +for o in objects: + if o["kind"] == "Deployment" and o.get("metadata").get("name") in ["workspace-controller-controller-manager"]: + o["spec"]["template"]["spec"]["securityContext"] = {"runAsNonRoot": False, "readOnlyRootFilesystem": False} + o["spec"]["template"]["spec"]["containers"][0]["imagePullPolicy"] = "Always" + +overridden_manifests = encode_yaml_stream(objects) + +k8s_yaml(overridden_manifests, allow_duplicates=True) + +k8s_resource( + workload="workspace-controller-controller-manager", + objects=[ + "workspace-controller-system:namespace", + "workspacekinds.kubeflow.org:customresourcedefinition", + "workspaces.kubeflow.org:customresourcedefinition", + "workspace-controller-controller-manager:serviceaccount", + "workspace-controller-leader-election-role:role", + "workspace-controller-manager-role:clusterrole", + "workspace-controller-workspace-editor-role:clusterrole", + "workspace-controller-workspace-viewer-role:clusterrole", + "workspace-controller-workspacekind-editor-role:clusterrole", + "workspace-controller-workspacekind-viewer-role:clusterrole", + "workspace-controller-leader-election-rolebinding:rolebinding", + "workspace-controller-manager-rolebinding:clusterrolebinding", + "workspace-controller-serving-cert:certificate", + "workspace-controller-selfsigned-issuer:issuer", + "workspace-controller-validating-webhook-configuration:validatingwebhookconfiguration" + ], + labels="controller", + resource_deps=[ + "cert-manager" + ] +) + +load("ext://restart_process", "docker_build_with_restart") + +local_resource( + "manager", + "CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/manager cmd/main.go", + dir = "../workspaces/controller", + deps = [ + "../workspaces/controller/cmd", + "../workspaces/controller/internal", + "../workspaces/controller/go.mod", + "../workspaces/controller/go.sum", + ], + labels="controller", +) + +docker_build_with_restart( + "ghcr.io/kubeflow/notebooks/workspace-controller", + context = "../workspaces/controller", + dockerfile = "../workspaces/controller/tilt.dockerfile", + entrypoint = ["/manager"], + only=[ + "bin/", + ], + live_update = [ + sync("../workspaces/controller/bin/manager", "/manager"), + ], +) diff --git a/devenv/configs/tiltfiles/cert-manager.tiltfile b/devenv/configs/tiltfiles/cert-manager.tiltfile new file mode 100644 index 00000000..7a7d77ae --- /dev/null +++ b/devenv/configs/tiltfiles/cert-manager.tiltfile @@ -0,0 +1,21 @@ +load("ext://helm_resource", "helm_repo", "helm_resource") +load("ext://namespace", "namespace_create") + +namespace_create("cert-manager") + +helm_repo( + name="jetstack", + url="https://charts.jetstack.io", + resource_name="jetstack-repo", + labels=["common"] +) + +helm_resource( + name="cert-manager", + chart="jetstack/cert-manager", + release_name="cert-manager", + namespace="cert-manager", + flags=["--version=v1.17.0", "--set", "crds.enabled=true"], + deps=["namespaces", "cert-manager"], + labels=["common"] +) diff --git a/devenv/configs/tiltfiles/setup.tiltfile b/devenv/configs/tiltfiles/setup.tiltfile new file mode 100644 index 00000000..2bed6f56 --- /dev/null +++ b/devenv/configs/tiltfiles/setup.tiltfile @@ -0,0 +1,4 @@ +# Disable analytics +analytics_settings(False) + +update_settings(k8s_upsert_timeout_secs = 120) diff --git a/devenv/tilt_config.json b/devenv/tilt_config.json new file mode 100644 index 00000000..82ab5ed6 --- /dev/null +++ b/devenv/tilt_config.json @@ -0,0 +1,5 @@ +{ + "services": [ + "cert-manager" + ] +} diff --git a/workspaces/controller/.dockerignore b/workspaces/controller/.dockerignore index a3aab7af..cdd26a81 100644 --- a/workspaces/controller/.dockerignore +++ b/workspaces/controller/.dockerignore @@ -1,3 +1,3 @@ # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file # Ignore build and test binaries. -bin/ +# bin/ diff --git a/workspaces/controller/tilt.dockerfile b/workspaces/controller/tilt.dockerfile new file mode 100644 index 00000000..a49ee054 --- /dev/null +++ b/workspaces/controller/tilt.dockerfile @@ -0,0 +1,7 @@ +FROM alpine:3.12 + +WORKDIR / + +COPY bin/manager /manager + +ENTRYPOINT ["/manager"] From 443f5a9588e6188d9485cb38dbb30d8f7d923f9c Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Thu, 27 Feb 2025 16:27:27 +0100 Subject: [PATCH 02/12] fix(devenv): CRDs got deleted when forcing a reload Signed-off-by: Alessio Pragliola --- devenv/.gitignore | 1 + devenv/Makefile | 34 +++++++++++++++++-- devenv/README.md | 35 ++++++++++++++++++++ devenv/Tiltfile | 44 ++++++++++++++++--------- devenv/configs/tiltfiles/setup.tiltfile | 4 +++ 5 files changed, 101 insertions(+), 17 deletions(-) create mode 100644 devenv/.gitignore create mode 100644 devenv/README.md diff --git a/devenv/.gitignore b/devenv/.gitignore new file mode 100644 index 00000000..36f971e3 --- /dev/null +++ b/devenv/.gitignore @@ -0,0 +1 @@ +bin/* diff --git a/devenv/Makefile b/devenv/Makefile index eb2f88e8..7050f80e 100644 --- a/devenv/Makefile +++ b/devenv/Makefile @@ -1,2 +1,32 @@ -tilt-up: - DOCKER_BUILDKIT=0 tilt up +detected_OS := $(shell uname -s) +real_OS := $(detected_OS) +arch := $(shell uname -m) +ifeq ($(detected_OS),Darwin) + detected_OS := mac + real_OS := darwin +endif +ifeq ($(detected_OS),Linux) + detected_OS := linux + real_OS := linux +endif + + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +TILT ?= $(LOCALBIN)/tilt + +## Tool Versions +TILT_VERSION := 0.33.22 + +.PHONY: tilt +.PHONY: $(TILT) +tilt: $(TILT) ## Download tilt locally if necessary. Architecture is locked at x86_64. +$(TILT): $(LOCALBIN) + test -s $(LOCALBIN)/tilt || curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v$(TILT_VERSION)/tilt.$(TILT_VERSION).$(detected_OS).$(arch).tar.gz | tar -xz -C $(LOCALBIN) tilt + +tilt-up: tilt + $(LOCALBIN)/tilt up diff --git a/devenv/README.md b/devenv/README.md new file mode 100644 index 00000000..7903503b --- /dev/null +++ b/devenv/README.md @@ -0,0 +1,35 @@ +# Kubeflow Notebooks -- Dev Environment + +## Requirements + +- Go >= 1.22 +- Helm >= 3.16.1 + +## Tilt + +This project uses [Tilt](https://tilt.dev/) to manage the development environment. Tilt will watch for changes in the project and automatically rebuild the Docker image and redeploy the application in the current Kubernetes context. + +See this example using a kind cluster: + +```bash +kind create cluster +``` + +then: + +```bash +make tilt-up +``` + +Hit `space` to open the Tilt dashboard in your browser and here you can see the logs and status of every resource deployed. + + +## Troubleshooting + +### "Build Failed: failed to dial gRPC: unable to upgrade to h2c, received 404" + +If you see the following error message when tilt builds the image, try setting `DOCKER_BUILDKIT=0`: + +```bash +DOCKER_BUILDKIT=0 make tilt-up +``` diff --git a/devenv/Tiltfile b/devenv/Tiltfile index cf508dc2..90b9c109 100644 --- a/devenv/Tiltfile +++ b/devenv/Tiltfile @@ -22,23 +22,37 @@ k8s_yaml(overridden_manifests, allow_duplicates=True) k8s_resource( workload="workspace-controller-controller-manager", + new_name="controller", + labels="controller", + resource_deps=[ + "cert-manager" + ] +) + +k8s_resource( + # workload="workspace-controller-controller-manager", + new_name="controller-certs", objects=[ - "workspace-controller-system:namespace", - "workspacekinds.kubeflow.org:customresourcedefinition", - "workspaces.kubeflow.org:customresourcedefinition", - "workspace-controller-controller-manager:serviceaccount", - "workspace-controller-leader-election-role:role", - "workspace-controller-manager-role:clusterrole", - "workspace-controller-workspace-editor-role:clusterrole", - "workspace-controller-workspace-viewer-role:clusterrole", - "workspace-controller-workspacekind-editor-role:clusterrole", - "workspace-controller-workspacekind-viewer-role:clusterrole", - "workspace-controller-leader-election-rolebinding:rolebinding", - "workspace-controller-manager-rolebinding:clusterrolebinding", - "workspace-controller-serving-cert:certificate", - "workspace-controller-selfsigned-issuer:issuer", - "workspace-controller-validating-webhook-configuration:validatingwebhookconfiguration" + "workspace-controller-serving-cert:certificate", + "workspace-controller-selfsigned-issuer:issuer" ], + # objects=[ + # "workspace-controller-system:namespace", + # "workspacekinds.kubeflow.org:customresourcedefinition", + # "workspaces.kubeflow.org:customresourcedefinition", + # "workspace-controller-controller-manager:serviceaccount", + # "workspace-controller-leader-election-role:role", + # "workspace-controller-manager-role:clusterrole", + # "workspace-controller-workspace-editor-role:clusterrole", + # "workspace-controller-workspace-viewer-role:clusterrole", + # "workspace-controller-workspacekind-editor-role:clusterrole", + # "workspace-controller-workspacekind-viewer-role:clusterrole", + # "workspace-controller-leader-election-rolebinding:rolebinding", + # "workspace-controller-manager-rolebinding:clusterrolebinding", + # "workspace-controller-serving-cert:certificate", + # "workspace-controller-selfsigned-issuer:issuer", + # "workspace-controller-validating-webhook-configuration:validatingwebhookconfiguration" + # ], labels="controller", resource_deps=[ "cert-manager" diff --git a/devenv/configs/tiltfiles/setup.tiltfile b/devenv/configs/tiltfiles/setup.tiltfile index 2bed6f56..abaac572 100644 --- a/devenv/configs/tiltfiles/setup.tiltfile +++ b/devenv/configs/tiltfiles/setup.tiltfile @@ -1,4 +1,8 @@ +load("ext://namespace", "namespace_create") + # Disable analytics analytics_settings(False) update_settings(k8s_upsert_timeout_secs = 120) + +namespace_create("workspace-controller-system") From f23771535b7e299dee75184d101fc5077b4e4273 Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Thu, 27 Feb 2025 16:30:08 +0100 Subject: [PATCH 03/12] chore(devenv): remove commented code Signed-off-by: Alessio Pragliola --- devenv/Tiltfile | 18 ------------------ workspaces/controller/.dockerignore | 1 - 2 files changed, 19 deletions(-) diff --git a/devenv/Tiltfile b/devenv/Tiltfile index 90b9c109..542aab7a 100644 --- a/devenv/Tiltfile +++ b/devenv/Tiltfile @@ -30,29 +30,11 @@ k8s_resource( ) k8s_resource( - # workload="workspace-controller-controller-manager", new_name="controller-certs", objects=[ "workspace-controller-serving-cert:certificate", "workspace-controller-selfsigned-issuer:issuer" ], - # objects=[ - # "workspace-controller-system:namespace", - # "workspacekinds.kubeflow.org:customresourcedefinition", - # "workspaces.kubeflow.org:customresourcedefinition", - # "workspace-controller-controller-manager:serviceaccount", - # "workspace-controller-leader-election-role:role", - # "workspace-controller-manager-role:clusterrole", - # "workspace-controller-workspace-editor-role:clusterrole", - # "workspace-controller-workspace-viewer-role:clusterrole", - # "workspace-controller-workspacekind-editor-role:clusterrole", - # "workspace-controller-workspacekind-viewer-role:clusterrole", - # "workspace-controller-leader-election-rolebinding:rolebinding", - # "workspace-controller-manager-rolebinding:clusterrolebinding", - # "workspace-controller-serving-cert:certificate", - # "workspace-controller-selfsigned-issuer:issuer", - # "workspace-controller-validating-webhook-configuration:validatingwebhookconfiguration" - # ], labels="controller", resource_deps=[ "cert-manager" diff --git a/workspaces/controller/.dockerignore b/workspaces/controller/.dockerignore index cdd26a81..1d1bdf66 100644 --- a/workspaces/controller/.dockerignore +++ b/workspaces/controller/.dockerignore @@ -1,3 +1,2 @@ # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file # Ignore build and test binaries. -# bin/ From 3bd03c80ceb34071a3c71a0fa7a7ca84ec082b65 Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Tue, 11 Mar 2025 18:31:00 +0100 Subject: [PATCH 04/12] feat(devenv): move to controller folder and remove reqs Signed-off-by: Alessio Pragliola --- devenv/.gitignore | 1 - devenv/Makefile | 32 ----- devenv/Tiltfile | 70 ---------- .../configs/tiltfiles/cert-manager.tiltfile | 21 --- devenv/tilt_config.json | 5 - workspaces/controller/devenv/.gitignore | 2 + workspaces/controller/devenv/Makefile | 60 +++++++++ .../controller/devenv}/README.md | 0 workspaces/controller/devenv/Tiltfile | 122 ++++++++++++++++++ .../devenv/configs/tiltfiles/Tiltfile.setup | 4 - 10 files changed, 184 insertions(+), 133 deletions(-) delete mode 100644 devenv/.gitignore delete mode 100644 devenv/Makefile delete mode 100644 devenv/Tiltfile delete mode 100644 devenv/configs/tiltfiles/cert-manager.tiltfile delete mode 100644 devenv/tilt_config.json create mode 100644 workspaces/controller/devenv/.gitignore create mode 100644 workspaces/controller/devenv/Makefile rename {devenv => workspaces/controller/devenv}/README.md (100%) create mode 100644 workspaces/controller/devenv/Tiltfile rename devenv/configs/tiltfiles/setup.tiltfile => workspaces/controller/devenv/configs/tiltfiles/Tiltfile.setup (50%) diff --git a/devenv/.gitignore b/devenv/.gitignore deleted file mode 100644 index 36f971e3..00000000 --- a/devenv/.gitignore +++ /dev/null @@ -1 +0,0 @@ -bin/* diff --git a/devenv/Makefile b/devenv/Makefile deleted file mode 100644 index 7050f80e..00000000 --- a/devenv/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -detected_OS := $(shell uname -s) -real_OS := $(detected_OS) -arch := $(shell uname -m) -ifeq ($(detected_OS),Darwin) - detected_OS := mac - real_OS := darwin -endif -ifeq ($(detected_OS),Linux) - detected_OS := linux - real_OS := linux -endif - - -## Location to install dependencies to -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) - -## Tool Binaries -TILT ?= $(LOCALBIN)/tilt - -## Tool Versions -TILT_VERSION := 0.33.22 - -.PHONY: tilt -.PHONY: $(TILT) -tilt: $(TILT) ## Download tilt locally if necessary. Architecture is locked at x86_64. -$(TILT): $(LOCALBIN) - test -s $(LOCALBIN)/tilt || curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v$(TILT_VERSION)/tilt.$(TILT_VERSION).$(detected_OS).$(arch).tar.gz | tar -xz -C $(LOCALBIN) tilt - -tilt-up: tilt - $(LOCALBIN)/tilt up diff --git a/devenv/Tiltfile b/devenv/Tiltfile deleted file mode 100644 index 542aab7a..00000000 --- a/devenv/Tiltfile +++ /dev/null @@ -1,70 +0,0 @@ -load_dynamic("./configs/tiltfiles/setup.tiltfile") - -config.define_string_list("services") - -parsed_config = config.parse() - -for service in parsed_config.get("services", []): - load_dynamic("./configs/tiltfiles/%s.tiltfile" % (service)) - -manifests = kustomize("../workspaces/controller/config/default") - -objects = decode_yaml_stream(manifests) - -for o in objects: - if o["kind"] == "Deployment" and o.get("metadata").get("name") in ["workspace-controller-controller-manager"]: - o["spec"]["template"]["spec"]["securityContext"] = {"runAsNonRoot": False, "readOnlyRootFilesystem": False} - o["spec"]["template"]["spec"]["containers"][0]["imagePullPolicy"] = "Always" - -overridden_manifests = encode_yaml_stream(objects) - -k8s_yaml(overridden_manifests, allow_duplicates=True) - -k8s_resource( - workload="workspace-controller-controller-manager", - new_name="controller", - labels="controller", - resource_deps=[ - "cert-manager" - ] -) - -k8s_resource( - new_name="controller-certs", - objects=[ - "workspace-controller-serving-cert:certificate", - "workspace-controller-selfsigned-issuer:issuer" - ], - labels="controller", - resource_deps=[ - "cert-manager" - ] -) - -load("ext://restart_process", "docker_build_with_restart") - -local_resource( - "manager", - "CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/manager cmd/main.go", - dir = "../workspaces/controller", - deps = [ - "../workspaces/controller/cmd", - "../workspaces/controller/internal", - "../workspaces/controller/go.mod", - "../workspaces/controller/go.sum", - ], - labels="controller", -) - -docker_build_with_restart( - "ghcr.io/kubeflow/notebooks/workspace-controller", - context = "../workspaces/controller", - dockerfile = "../workspaces/controller/tilt.dockerfile", - entrypoint = ["/manager"], - only=[ - "bin/", - ], - live_update = [ - sync("../workspaces/controller/bin/manager", "/manager"), - ], -) diff --git a/devenv/configs/tiltfiles/cert-manager.tiltfile b/devenv/configs/tiltfiles/cert-manager.tiltfile deleted file mode 100644 index 7a7d77ae..00000000 --- a/devenv/configs/tiltfiles/cert-manager.tiltfile +++ /dev/null @@ -1,21 +0,0 @@ -load("ext://helm_resource", "helm_repo", "helm_resource") -load("ext://namespace", "namespace_create") - -namespace_create("cert-manager") - -helm_repo( - name="jetstack", - url="https://charts.jetstack.io", - resource_name="jetstack-repo", - labels=["common"] -) - -helm_resource( - name="cert-manager", - chart="jetstack/cert-manager", - release_name="cert-manager", - namespace="cert-manager", - flags=["--version=v1.17.0", "--set", "crds.enabled=true"], - deps=["namespaces", "cert-manager"], - labels=["common"] -) diff --git a/devenv/tilt_config.json b/devenv/tilt_config.json deleted file mode 100644 index 82ab5ed6..00000000 --- a/devenv/tilt_config.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "services": [ - "cert-manager" - ] -} diff --git a/workspaces/controller/devenv/.gitignore b/workspaces/controller/devenv/.gitignore new file mode 100644 index 00000000..7c51d2be --- /dev/null +++ b/workspaces/controller/devenv/.gitignore @@ -0,0 +1,2 @@ +bin/* +tilt_config.json diff --git a/workspaces/controller/devenv/Makefile b/workspaces/controller/devenv/Makefile new file mode 100644 index 00000000..df8f4d83 --- /dev/null +++ b/workspaces/controller/devenv/Makefile @@ -0,0 +1,60 @@ +detected_OS := $(shell uname -s) +real_OS := $(detected_OS) +arch := $(shell uname -m) +goarch := $(shell go env GOARCH) +ifeq ($(detected_OS),Darwin) + detected_OS := mac + real_OS := darwin +endif +ifeq ($(detected_OS),Linux) + detected_OS := linux + real_OS := linux +endif + +## Cleanup targets + +.PHONY: cleanup-crds +cleanup-crds: + @echo "Cleaning up CRDs..." + @kubectl delete -f ../config/crd/bases/ || true + +## Requirements + +CERT_MANAGER_VERSION := 1.17.1 + +.PHONY: cmctl check-cert-manager +check-cert-manager: + @echo "Checking if cert-manager is installed and ready..." + @$(LOCALBIN)/cmctl check api > /dev/null 2>&1 || (printf "cert-manager is not installed or is not ready yet, please install cert-manager first or wait for it to be ready.\nYou can install cert-manager by running the following command:\n\nkubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v$(CERT_MANAGER_VERSION)/cert-manager.yaml\n\n" && exit 1) + @echo "cert-manager is installed and ready." + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +TILT ?= $(LOCALBIN)/tilt +CMCTL ?= $(LOCALBIN)/cmctl + +## Tool Versions +TILT_VERSION := 0.33.22 +CMCTL_VERSION := 2.1.1 + +.PHONY: cmctl +.PHONY: $(CMCTL) +cmctl: $(CMCTL) +$(CMCTL): $(LOCALBIN) + test -s $(LOCALBIN)/cmctl || curl -fsSL https://github.com/cert-manager/cmctl/releases/download/v$(CMCTL_VERSION)/cmctl_$(detected_OS)_$(goarch).tar.gz | tar -xz -C $(LOCALBIN) cmctl + +.PHONY: tilt +.PHONY: $(TILT) +tilt: $(TILT) +$(TILT): $(LOCALBIN) + test -s $(LOCALBIN)/tilt || curl -fsSL https://github.com/tilt-dev/tilt/releases/download/v$(TILT_VERSION)/tilt.$(TILT_VERSION).$(detected_OS).$(arch).tar.gz | tar -xz -C $(LOCALBIN) tilt + +tilt-up: tilt check-cert-manager + $(LOCALBIN)/tilt up + +tilt-down: tilt cleanup-crds + $(LOCALBIN)/tilt down diff --git a/devenv/README.md b/workspaces/controller/devenv/README.md similarity index 100% rename from devenv/README.md rename to workspaces/controller/devenv/README.md diff --git a/workspaces/controller/devenv/Tiltfile b/workspaces/controller/devenv/Tiltfile new file mode 100644 index 00000000..f8f18483 --- /dev/null +++ b/workspaces/controller/devenv/Tiltfile @@ -0,0 +1,122 @@ +load("ext://restart_process", "docker_build_with_restart") + +load_dynamic("./configs/tiltfiles/Tiltfile.setup") + +config.define_string_list("services") + +parsed_config = config.parse() + +for service in parsed_config.get("services", []): + load_dynamic("./configs/tiltfiles/Tiltfile.%s" % (service)) + +manifests = kustomize("../config/default") + +objects = decode_yaml_stream(manifests) + +for o in objects: + if o["kind"] == "Deployment" and o.get("metadata").get("name") in ["workspace-controller-controller-manager"]: + o["spec"]["template"]["spec"]["securityContext"] = {"runAsNonRoot": False, "readOnlyRootFilesystem": False} + o["spec"]["template"]["spec"]["containers"][0]["imagePullPolicy"] = "Always" + +overridden_manifests = encode_yaml_stream(objects) + +k8s_yaml(overridden_manifests, allow_duplicates=True) + +local_resource( + "cert-manager-req-check", + serve_cmd="sleep infinity", + labels="requirements", + readiness_probe=probe( + exec=exec_action( + command=["/bin/sh", "-c", "./bin/cmctl check api"] + ), initial_delay_secs=5, timeout_secs=60 + ) +) + +k8s_resource( + new_name="certs", + objects=[ + "workspace-controller-serving-cert:certificate", + "workspace-controller-selfsigned-issuer:issuer" + ], + labels="controller", + resource_deps=[ + "controller-namespace", + "cert-manager-req-check" + ] +) + +k8s_resource( + new_name="reqs", + objects=[ + "workspace-controller-controller-manager:serviceaccount", + "workspace-controller-leader-election-role:role", + "workspace-controller-manager-role:clusterrole", + "workspace-controller-workspace-editor-role:clusterrole", + "workspace-controller-workspace-viewer-role:clusterrole", + "workspace-controller-workspacekind-editor-role:clusterrole", + "workspace-controller-workspacekind-viewer-role:clusterrole", + "workspace-controller-leader-election-rolebinding:rolebinding", + "workspace-controller-manager-rolebinding:clusterrolebinding", + "workspace-controller-validating-webhook-configuration:validatingwebhookconfiguration" + ], + labels="controller", + resource_deps=[ + "controller-namespace" + ] +) + +k8s_resource( + new_name="crds", + objects=[ + "workspacekinds.kubeflow.org:customresourcedefinition", + "workspaces.kubeflow.org:customresourcedefinition" + ], + labels="controller", + resource_deps=[ + "controller-namespace", + ] +) + +k8s_resource( + new_name="controller-namespace", + objects=["workspace-controller-system:Namespace:default"], + labels="requirements" +) + +k8s_resource( + workload="workspace-controller-controller-manager", + new_name="controller", + labels="controller", + resource_deps=[ + "controller-namespace", + "cert-manager-req-check", + "certs" + ] +) + +local_resource( + "manager-bin", + "CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/manager cmd/main.go", + dir = "../", + deps = [ + "../cmd", + "../internal", + "../go.mod", + "../go.sum", + ], + labels="controller", +) + +docker_build_with_restart( + "ghcr.io/kubeflow/notebooks/workspace-controller", + context = "../", + dockerfile = "../tilt.dockerfile", + entrypoint = ["/manager"], + only=[ + "bin/", + ], + live_update = [ + sync("../bin/manager", "/manager"), + ], +) diff --git a/devenv/configs/tiltfiles/setup.tiltfile b/workspaces/controller/devenv/configs/tiltfiles/Tiltfile.setup similarity index 50% rename from devenv/configs/tiltfiles/setup.tiltfile rename to workspaces/controller/devenv/configs/tiltfiles/Tiltfile.setup index abaac572..2bed6f56 100644 --- a/devenv/configs/tiltfiles/setup.tiltfile +++ b/workspaces/controller/devenv/configs/tiltfiles/Tiltfile.setup @@ -1,8 +1,4 @@ -load("ext://namespace", "namespace_create") - # Disable analytics analytics_settings(False) update_settings(k8s_upsert_timeout_secs = 120) - -namespace_create("workspace-controller-system") From bc76a4e8bad525bdf1c15dc3526ce245bee620d6 Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Tue, 11 Mar 2025 18:49:44 +0100 Subject: [PATCH 05/12] feat(devenv): added DEVELOPMENT.md file Signed-off-by: Alessio Pragliola --- workspaces/controller/DEVELOPMENT.md | 74 ++++++++++++++++++++++++++ workspaces/controller/devenv/README.md | 35 ------------ 2 files changed, 74 insertions(+), 35 deletions(-) create mode 100644 workspaces/controller/DEVELOPMENT.md delete mode 100644 workspaces/controller/devenv/README.md diff --git a/workspaces/controller/DEVELOPMENT.md b/workspaces/controller/DEVELOPMENT.md new file mode 100644 index 00000000..dec6575a --- /dev/null +++ b/workspaces/controller/DEVELOPMENT.md @@ -0,0 +1,74 @@ +# Development Guide + +## Table of Contents + +- [Development Guide](#development-guide) + - [Table of Contents](#table-of-contents) + - [Introduction](#introduction) + - [Prerequisites](#prerequisites) + - [Getting Started](#getting-started) + - [In an existing cluster](#in-an-existing-cluster) + - [Using kind](#using-kind) + - [Teardown](#teardown) + - [Troubleshooting](#troubleshooting) + - ["Build Failed: failed to dial gRPC: unable to upgrade to h2c, received 404"](#build-failed-failed-to-dial-grpc-unable-to-upgrade-to-h2c-received-404) + +## Introduction + +This guide will help you set up a development environment for the Kubeflow Notebooks project. + +## Prerequisites + +- Go >= 1.22 +- Kubectl >= 1.22 +- A Kubernetes cluster (e.g. [kind](https://kind.sigs.k8s.io/)) +- Cert-manager installed in the cluster, see [cert-manager installation guide](https://cert-manager.io/docs/installation/#default-static-install) + +## Getting Started + +This project uses [Tilt](https://tilt.dev/) to manage the development environment. Tilt will watch for changes in the project and automatically rebuild the Docker image and redeploy the application in the **current Kubernetes context**. + +### In an existing cluster + +1. Make sure you have a Kubernetes cluster running and `kubectl` is configured to use it. +2. Run the following command to start Tilt: + +```bash +make -C devenv tilt-up +``` + +3. Hit `space` to open the Tilt dashboard in your browser and here you can see the logs and status of every resource deployed. + +### Using kind + +1. Create a kind cluster: + +```bash +kind create cluster +``` + +2. Run the following command to start Tilt: + +```bash +make -C devenv tilt-up +``` + +3. Hit `space` to open the Tilt dashboard in your browser and here you can see the logs and status of every resource deployed. + +## Teardown + +To stop Tilt and remove all resources created by it, run: + +```bash +make -C devenv tilt-down +``` + +## Troubleshooting + +### "Build Failed: failed to dial gRPC: unable to upgrade to h2c, received 404" + +If you see the following error message when tilt builds the image, try setting `DOCKER_BUILDKIT=0`: + +```bash +DOCKER_BUILDKIT=0 make -C devenv tilt-up +``` diff --git a/workspaces/controller/devenv/README.md b/workspaces/controller/devenv/README.md deleted file mode 100644 index 7903503b..00000000 --- a/workspaces/controller/devenv/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Kubeflow Notebooks -- Dev Environment - -## Requirements - -- Go >= 1.22 -- Helm >= 3.16.1 - -## Tilt - -This project uses [Tilt](https://tilt.dev/) to manage the development environment. Tilt will watch for changes in the project and automatically rebuild the Docker image and redeploy the application in the current Kubernetes context. - -See this example using a kind cluster: - -```bash -kind create cluster -``` - -then: - -```bash -make tilt-up -``` - -Hit `space` to open the Tilt dashboard in your browser and here you can see the logs and status of every resource deployed. - - -## Troubleshooting - -### "Build Failed: failed to dial gRPC: unable to upgrade to h2c, received 404" - -If you see the following error message when tilt builds the image, try setting `DOCKER_BUILDKIT=0`: - -```bash -DOCKER_BUILDKIT=0 make tilt-up -``` From 01e29956d6f356c29aa2307f1e2399d90508b0ed Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Fri, 21 Mar 2025 22:36:41 +0100 Subject: [PATCH 06/12] fix(devenv): missing cmctl in make target Signed-off-by: Alessio Pragliola --- workspaces/controller/devenv/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workspaces/controller/devenv/Makefile b/workspaces/controller/devenv/Makefile index df8f4d83..71ff1959 100644 --- a/workspaces/controller/devenv/Makefile +++ b/workspaces/controller/devenv/Makefile @@ -22,8 +22,8 @@ cleanup-crds: CERT_MANAGER_VERSION := 1.17.1 -.PHONY: cmctl check-cert-manager -check-cert-manager: +.PHONY: check-cert-manager +check-cert-manager: cmctl @echo "Checking if cert-manager is installed and ready..." @$(LOCALBIN)/cmctl check api > /dev/null 2>&1 || (printf "cert-manager is not installed or is not ready yet, please install cert-manager first or wait for it to be ready.\nYou can install cert-manager by running the following command:\n\nkubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v$(CERT_MANAGER_VERSION)/cert-manager.yaml\n\n" && exit 1) @echo "cert-manager is installed and ready." From ce0479f47784a3ac387735afa5c5b8d0e8488948 Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Fri, 21 Mar 2025 22:45:44 +0100 Subject: [PATCH 07/12] chore(devenv): change cert-manager missing text in Makefile Signed-off-by: Alessio Pragliola --- workspaces/controller/devenv/Makefile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/workspaces/controller/devenv/Makefile b/workspaces/controller/devenv/Makefile index 71ff1959..568786f7 100644 --- a/workspaces/controller/devenv/Makefile +++ b/workspaces/controller/devenv/Makefile @@ -20,12 +20,10 @@ cleanup-crds: ## Requirements -CERT_MANAGER_VERSION := 1.17.1 - .PHONY: check-cert-manager check-cert-manager: cmctl - @echo "Checking if cert-manager is installed and ready..." - @$(LOCALBIN)/cmctl check api > /dev/null 2>&1 || (printf "cert-manager is not installed or is not ready yet, please install cert-manager first or wait for it to be ready.\nYou can install cert-manager by running the following command:\n\nkubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v$(CERT_MANAGER_VERSION)/cert-manager.yaml\n\n" && exit 1) + @echo "Verifying cert-manager installation..." + @$(LOCALBIN)/cmctl check api > /dev/null 2>&1 || (printf "cert-manager is either not installed or not ready. Please install cert-manager or wait until it becomes ready.\nInstallation instructions can be found here: https://cert-manager.io/docs/installation/\n\n" && exit 1) @echo "cert-manager is installed and ready." ## Location to install dependencies to From 3063ce31d700d7e81a8ff35407d5e493da217d8b Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Fri, 21 Mar 2025 22:47:16 +0100 Subject: [PATCH 08/12] chore(devenv): change kind installation link Signed-off-by: Alessio Pragliola --- workspaces/controller/DEVELOPMENT.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workspaces/controller/DEVELOPMENT.md b/workspaces/controller/DEVELOPMENT.md index dec6575a..5ae3ce71 100644 --- a/workspaces/controller/DEVELOPMENT.md +++ b/workspaces/controller/DEVELOPMENT.md @@ -21,7 +21,7 @@ This guide will help you set up a development environment for the Kubeflow Noteb - Go >= 1.22 - Kubectl >= 1.22 -- A Kubernetes cluster (e.g. [kind](https://kind.sigs.k8s.io/)) +- A Kubernetes cluster (e.g. [kind](https://kind.sigs.k8s.io/#installation-and-usage)) - Cert-manager installed in the cluster, see [cert-manager installation guide](https://cert-manager.io/docs/installation/#default-static-install) ## Getting Started From d582a12b9c9472b210bd4c7e0d468a20cb8a93cb Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Mon, 24 Mar 2025 21:49:05 +0100 Subject: [PATCH 09/12] fix(devenv): OS in cmctl make target Signed-off-by: Alessio Pragliola --- workspaces/controller/devenv/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workspaces/controller/devenv/Makefile b/workspaces/controller/devenv/Makefile index 568786f7..ae54603e 100644 --- a/workspaces/controller/devenv/Makefile +++ b/workspaces/controller/devenv/Makefile @@ -43,7 +43,7 @@ CMCTL_VERSION := 2.1.1 .PHONY: $(CMCTL) cmctl: $(CMCTL) $(CMCTL): $(LOCALBIN) - test -s $(LOCALBIN)/cmctl || curl -fsSL https://github.com/cert-manager/cmctl/releases/download/v$(CMCTL_VERSION)/cmctl_$(detected_OS)_$(goarch).tar.gz | tar -xz -C $(LOCALBIN) cmctl + test -s $(LOCALBIN)/cmctl || curl -fsSL https://github.com/cert-manager/cmctl/releases/download/v$(CMCTL_VERSION)/cmctl_$(real_OS)_$(goarch).tar.gz | tar -xz -C $(LOCALBIN) cmctl .PHONY: tilt .PHONY: $(TILT) From efb3377ab47dc93ae79350b5c3646f2e434ffdb4 Mon Sep 17 00:00:00 2001 From: Andy Stoneberg Date: Tue, 1 Apr 2025 16:16:05 -0400 Subject: [PATCH 10/12] wording changes Signed-off-by: Alessio Pragliola --- workspaces/controller/DEVELOPMENT.md | 29 +++++++++++++--------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/workspaces/controller/DEVELOPMENT.md b/workspaces/controller/DEVELOPMENT.md index 5ae3ce71..57e37b99 100644 --- a/workspaces/controller/DEVELOPMENT.md +++ b/workspaces/controller/DEVELOPMENT.md @@ -28,32 +28,27 @@ This guide will help you set up a development environment for the Kubeflow Noteb This project uses [Tilt](https://tilt.dev/) to manage the development environment. Tilt will watch for changes in the project and automatically rebuild the Docker image and redeploy the application in the **current Kubernetes context**. -### In an existing cluster +### Cluster Selection -1. Make sure you have a Kubernetes cluster running and `kubectl` is configured to use it. -2. Run the following command to start Tilt: +Make sure you have a Kubernetes cluster running and `kubectl` is configured to use it. + * `kubectl config current-context` will report which context Tilt will interact with -```bash -make -C devenv tilt-up -``` +💡 For development purposes, you may find using `kind` to be beneficial. You can create your own local cluster with the following command: +- `kind create cluster` + - This command will also change the `current-context` of `kubectl` to the `kind` cluster that is created -3. Hit `space` to open the Tilt dashboard in your browser and here you can see the logs and status of every resource deployed. +### Running Tilt -### Using kind - -1. Create a kind cluster: +1. Run the following command to start Tilt: ```bash -kind create cluster +make -C devenv tilt-up ``` -2. Run the following command to start Tilt: +ℹ️ Please make sure you are in the `workspaces/controller` directory when executing the command. -```bash -make -C devenv tilt-up -``` +2. Hit `space` to open the Tilt dashboard in your browser and here you can see the logs and status of every resource deployed. -3. Hit `space` to open the Tilt dashboard in your browser and here you can see the logs and status of every resource deployed. ## Teardown @@ -63,6 +58,8 @@ To stop Tilt and remove all resources created by it, run: make -C devenv tilt-down ``` +ℹ️ Please make sure you are in the `workspaces/controller` directory when executing the command. + ## Troubleshooting ### "Build Failed: failed to dial gRPC: unable to upgrade to h2c, received 404" From 2c096e2d8291c51bec5ebb288dde82c68ed59a87 Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Mon, 28 Apr 2025 18:09:41 +0200 Subject: [PATCH 11/12] fix(devenv): make sleep compatible with other systems Signed-off-by: Alessio Pragliola --- workspaces/controller/devenv/Tiltfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workspaces/controller/devenv/Tiltfile b/workspaces/controller/devenv/Tiltfile index f8f18483..f6dc968e 100644 --- a/workspaces/controller/devenv/Tiltfile +++ b/workspaces/controller/devenv/Tiltfile @@ -24,7 +24,7 @@ k8s_yaml(overridden_manifests, allow_duplicates=True) local_resource( "cert-manager-req-check", - serve_cmd="sleep infinity", + serve_cmd="while true; do sleep 86400; done", labels="requirements", readiness_probe=probe( exec=exec_action( From 7879d29eb332bcfb715aa390da50517819b8b69b Mon Sep 17 00:00:00 2001 From: Alessio Pragliola Date: Mon, 28 Apr 2025 18:31:41 +0200 Subject: [PATCH 12/12] feat(devenv): add info about best practices to use before opening PRs Signed-off-by: Alessio Pragliola --- workspaces/controller/DEVELOPMENT.md | 38 +++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/workspaces/controller/DEVELOPMENT.md b/workspaces/controller/DEVELOPMENT.md index 57e37b99..f567829d 100644 --- a/workspaces/controller/DEVELOPMENT.md +++ b/workspaces/controller/DEVELOPMENT.md @@ -10,6 +10,8 @@ - [In an existing cluster](#in-an-existing-cluster) - [Using kind](#using-kind) - [Teardown](#teardown) + - [Pull Request Checklist](#pull-request-checklist) + - [Best Practices](#best-practices) - [Troubleshooting](#troubleshooting) - ["Build Failed: failed to dial gRPC: unable to upgrade to h2c, received 404"](#build-failed-failed-to-dial-grpc-unable-to-upgrade-to-h2c-received-404) @@ -49,7 +51,6 @@ make -C devenv tilt-up 2. Hit `space` to open the Tilt dashboard in your browser and here you can see the logs and status of every resource deployed. - ## Teardown To stop Tilt and remove all resources created by it, run: @@ -60,6 +61,41 @@ make -C devenv tilt-down ℹ️ Please make sure you are in the `workspaces/controller` directory when executing the command. +## Pull Request Checklist + +Before raising a PR, ensure you run the following checks to maintain code quality and reliability: + +1. **Linting** + ```bash + make lint + ``` + - This runs static code analysis to ensure code style consistency + - Fix any linting errors before proceeding + +2. **Unit Tests** + ```bash + make test + ``` + - Runs all unit tests in the project + - Ensure all tests pass before submitting changes + - Consider adding new tests for any new functionality + +3. **End-to-End Tests** + ```bash + make test-e2e + ``` + - Validates the complete workflow of the application + - Requires a running Kubernetes cluster + +### Best Practices + +- Run tests locally before pushing changes +- Write meaningful commit messages +- Keep PRs focused and small +- Update documentation if you change functionality +- Consider adding new tests for new features +- Run all checks in sequence before final submission + ## Troubleshooting ### "Build Failed: failed to dial gRPC: unable to upgrade to h2c, received 404"