Workload Image (#598)

* Add .dockerignore to reduce docker context

* Initial Tiltfile for local development

* Tiltfile: Auto-generate liberator charts on changes

* Tiltfile: Ensure naiserator stays in the context from tilt (re)load

* Get Image from external Image resource if not present in spec (WIP)

* Tiltfile: Hardcode single directory to avoid creating new tempdir all the time

* Tiltfile: Make naiserator startup optional

This allows for running naiserator in debugger instead of managed by tilt

* Add mise to project and set up tilt tasks

* Allow for long timeouts when running with tilt

This allows for slow stepping through debugger etc.

* Use image from Image resource if no image on Application/Naisjob

If there is no image on the resource when reconciling, look for a matching Image resource
and use the image from there.
The chosen image is set on Status.EffectiveImage when resource is saved to the cluster.

* Improve mise tilt tasks

* Add synchronizer test for applications with external image

* Use liberator from workload-image branch

* Latest liberator on main

* A bit too long for tests to run ...

* Avoid sync for apps that have not been synced with effective image yet

When this feature goes out, all apps will have an empty effective image, and would have been considered changed with the code as it was before.
This is unfortunate, as we only want to sync when there is an actual change, and in these cases we can wait for the hash to change before syncing and setting effective image.

* Give controller runtime a logger

Author: mortenlj

.dockerignore

@@ -0,0 +1,14 @@
+.idea/
+naiserator.iml
+vendor/
+cover.out
+./naiserator
+/bin/
+*.proto
+/.testbin/
+*.DS_Store
+.direnv
+hack
+charts
+.github
+README.md

.mise-tasks/tilt/_default

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+#MISE description="Launch tilt for local development, confined to selected context"
+#USAGE flag "-p --product <product>" help="The product used to launch local kubernetes" default="kind" { choices "kind" "minikube" "docker-desktop" "k3d" }
+#USAGE flag "-n --namespace <namespace>" help="The namespace to use" default="default"
+
+# shellcheck disable=SC2154
+
+context_name="${usage_product}-tilt-naiserator"
+
+ctlptl create cluster "${usage_product}" --registry=ctlptl-registry --name "${context_name}"
+
+kubie exec "${context_name}" "${usage_namespace}" tilt up --stream

.mise-tasks/tilt/cleanup

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+#MISE description="Launch tilt for local development, confined to selected context"
+#USAGE flag "-p --product <product>" help="The product used to launch local kubernetes" default="kind" { choices "kind" "minikube" "docker-desktop" "k3d" }
+#USAGE flag "-n --namespace <namespace>" help="The namespace to use" default="default"
+
+# shellcheck disable=SC2154
+
+context_name="${usage_product}-tilt-naiserator"
+
+kubie exec "${context_name}" "${usage_namespace}" tilt down
+
+ctlptl delete cluster "${context_name}"

.mise-tasks/tilt/down

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#MISE description="Launch tilt for local development, confined to selected context"
+#USAGE flag "-p --product <product>" help="The product used to launch local kubernetes" default="kind" { choices "kind" "minikube" "docker-desktop" "k3d" }
+#USAGE flag "-n --namespace <namespace>" help="The namespace to use" default="default"
+
+# shellcheck disable=SC2154
+
+context_name="${usage_product}-tilt-naiserator"
+
+kubie exec "${context_name}" "${usage_namespace}" tilt down

Tiltfile

@@ -0,0 +1,82 @@
+load('ext://cert_manager', 'deploy_cert_manager')
+load('ext://helm_resource', 'helm_resource', 'helm_repo')
+load('ext://local_output', 'local_output')
+
+APP_NAME = "naiserator"
+
+
+def ignore_rules():
+    return str(read_file(".dockerignore")).split("\n")
+
+
+deploy_cert_manager()
+
+helm_repo('aiven', 'https://aiven.github.io/aiven-charts')
+helm_resource('aiven-operator-crds', 'aiven/aiven-operator-crds', resource_deps=['aiven'], pod_readiness="ignore")
+
+helm_repo('prometheus', 'https://prometheus-community.github.io/helm-charts')
+helm_resource('prometheus-operator-crds', 'prometheus/prometheus-operator-crds', resource_deps=['prometheus'],
+              pod_readiness="ignore")
+
+# Load liberator charts, assuming liberator checked out next to naiserator
+# Automatically generate updated CRDs from the liberator code when the apis change, and apply them to the cluster
+local_resource(
+    "liberator-chart",
+    cmd="make generate",
+    dir="../liberator",
+    ignore=["../liberator/**/zz_generated.deepcopy.go"],
+    deps=["../liberator/pkg/apis"],
+)
+k8s_yaml(helm("../liberator/charts", name="nais-crds"))
+liberator_objects = [
+    "aivenapplications.aiven.nais.io:CustomResourceDefinition:default",
+    "bigquerydatasets.google.nais.io:CustomResourceDefinition:default",
+    "streams.kafka.nais.io:CustomResourceDefinition:default",
+    "topics.kafka.nais.io:CustomResourceDefinition:default",
+    "applications.nais.io:CustomResourceDefinition:default",
+    "azureadapplications.nais.io:CustomResourceDefinition:default",
+    "idportenclients.nais.io:CustomResourceDefinition:default",
+    "images.nais.io:CustomResourceDefinition:default",
+    "jwkers.nais.io:CustomResourceDefinition:default",
+    "maskinportenclients.nais.io:CustomResourceDefinition:default",
+    "naisjobs.nais.io:CustomResourceDefinition:default",
+]
+k8s_resource(
+    new_name="nais-crds",
+    objects=liberator_objects,
+    resource_deps=["liberator-chart"],
+)
+
+# Create a tempdir for naiserator configs
+naiserator_dir = "/tmp/tilt-naiserator"
+local("mkdir -p {}".format(naiserator_dir))
+
+# Copy tilt spesific naiserator config to tempdir for naiserator to use
+local_resource(
+    "naiserator-config",
+    cmd="cp ./hack/tilt-naiserator-config.yaml {}/naiserator.yaml".format(naiserator_dir),
+    deps=["hack/tilt-naiserator-config.yaml"],
+)
+
+# Ensure we save the current kube context to a file for naiserator
+# This is so we don't accidentally switch context if other tools change the current context after startup
+# Falls apart if the Tiltfile is updated, as that copies the kubeconfig again.
+# See https://github.com/tilt-dev/tilt/issues/6295
+local_resource(
+    "naiserator-kubeconfig",
+    cmd="kubectl config view --minify --flatten > {}/kubeconfig".format(naiserator_dir),
+)
+
+# Start naiserator locally, so changes are detected and rebuilt automatically
+local_resource(
+    "naiserator",
+    cmd="go build -o cmd/naiserator/naiserator ./cmd/naiserator",
+    serve_cmd="{}/cmd/naiserator/naiserator --kubeconfig={}/kubeconfig".format(config.main_dir, naiserator_dir),
+    deps=["cmd/naiserator/naiserator.go", "go.mod", "go.sum", "pkg", "/tmp/naiserator.yaml"],
+    resource_deps=["nais-crds", "aiven-operator-crds", "prometheus-operator-crds", "naiserator-config",
+                   "naiserator-kubeconfig"],
+    ignore=ignore_rules(),
+    serve_dir=naiserator_dir,
+    auto_init=False,
+    trigger_mode=TRIGGER_MODE_MANUAL,
+)

cmd/naiserator/main.go

@@ -26,6 +26,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	ctrl_log "sigs.k8s.io/controller-runtime/pkg/log"
 	kubemetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 )
@@ -122,6 +123,7 @@ func run() error {
 
 	metrics.Register(kubemetrics.Registry)
 	logSink := &logrus2logr.Logrus2Logr{Logger: log.StandardLogger()}
+	ctrl_log.SetLogger(logr.New(logSink))
 	mgr, err := ctrl.NewManager(kconfig, ctrl.Options{
 		Cache: cache.Options{
 			SyncPeriod: &cfg.Informer.FullSyncInterval,

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/magiconair/properties v1.8.9
 	github.com/mitchellh/hashstructure v1.1.0
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/nais/liberator v0.0.0-20250219141329-f224bfab7a8d
+	github.com/nais/liberator v0.0.0-20250314120052-1cb863cb99a7
 	github.com/novln/docker-parser v1.0.0
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0
 	github.com/prometheus/client_golang v1.21.0
@@ -34,18 +34,21 @@ require (
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/chigopher/pathlib v0.19.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/eapache/go-resiliency v1.3.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20230111030713-bf00bc1b83b6 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/gobuffalo/flect v1.0.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
@@ -54,45 +57,57 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/huandu/xstrings v1.4.0 // indirect
+	github.com/iancoleman/strcase v0.3.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
 	github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
 	github.com/jcmturner/gofork v1.7.6 // indirect
 	github.com/jcmturner/gokrb5/v8 v8.4.4 // indirect
 	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
+	github.com/jinzhu/copier v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.11 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/onsi/ginkgo/v2 v2.22.1 // indirect
 	github.com/onsi/gomega v1.36.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pierrec/lz4/v4 v4.1.17 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
-	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/rs/zerolog v1.33.0 // indirect
+	github.com/sagikazarmark/locafero v0.7.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.11.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/afero v1.12.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
+	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/vektra/mockery/v2 v2.53.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect
+	golang.org/x/mod v0.23.0 // indirect
+	golang.org/x/net v0.36.0 // indirect
 	golang.org/x/oauth2 v0.26.0 // indirect
 	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/term v0.29.0 // indirect
 	golang.org/x/text v0.22.0 // indirect
 	golang.org/x/time v0.10.0 // indirect
+	golang.org/x/tools v0.30.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
@@ -101,6 +116,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.32.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
+	sigs.k8s.io/controller-tools v0.17.2 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect