Move custom tekton resources to flux (TraceMachina#1446)

.github/workflows/lre.yaml

@@ -144,6 +144,13 @@ jobs:
           kubectl apply -k . &&
           rm kustomization.yaml'
 
+      - name: Wait for Tekton resources
+        run: >
+          nix develop --impure --command
+          bash -c "flux reconcile kustomization -n default \
+            --timeout=15m \
+            nativelink-tekton-resources"
+
       - name: Wait for Tekton pipelines
         run: >
           nix develop --impure --command

kubernetes/components/operator/flux-config.yaml

@@ -108,3 +108,22 @@ spec:
         name: nativelink-image-tags
   dependsOn:
     - name: nativelink-configmaps
+    - name: nativelink-tekton-resources
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: nativelink-tekton-resources
+  namespace: default
+spec:
+  interval: 2m
+  path: "./kubernetes/components/tekton-resources"
+  prune: true
+  force: true
+  retryInterval: 20s
+  targetNamespace: default
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: nativelink
+    namespace: default

native-cli/components/embedded/kustomization.yaml → kubernetes/components/tekton-resources/kustomization.yaml

@@ -1,13 +1,13 @@
 ---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
 resources:
+  - cosign-verify.yaml
   - nix2container-copyto.yaml
+  - nix2container-image-info.yaml
   - rebuild-nativelink.yaml
-  - skopeo-copy.yaml
-  - cosign-verify.yaml
   - skopeo-check-hashlocked-url.yaml
-  - nix2container-image-info.yaml
+  - skopeo-copy.yaml
   - trigger.yaml
   - update-image-tags.yaml
-  - capacitor.yaml
-  # - nativelink-gateways.yaml  # Gateways are handled in Pulumi via the
-                                # NativeLinkGateways resource.

native-cli/components/capacitor.go

@@ -0,0 +1,40 @@
+package components
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/yaml"
+	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
+)
+
+type Capacitor struct {
+	Dependencies []pulumi.Resource
+}
+
+// These are vendored yaml files which we don't port to Pulumi so that we can
+// potentially adjust/reuse them in more generic contexts. We embed them in the
+// executable to keep the cli portable.
+//
+//go:embed embedded/capacitor.yaml
+var capacitorYaml string
+
+// Install sets up the Capacitor dashboard.
+func (component *Capacitor) Install(
+	ctx *pulumi.Context,
+	name string,
+) ([]pulumi.Resource, error) {
+	capacitor, err := yaml.NewConfigGroup(
+		ctx,
+		name,
+		&yaml.ConfigGroupArgs{
+			YAML: []string{capacitorYaml},
+		},
+		pulumi.DependsOn(component.Dependencies),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %w", errPulumi, err)
+	}
+
+	return []pulumi.Resource{capacitor}, nil
+}

native-cli/default.nix

@@ -7,9 +7,9 @@
 }:
 buildGoModule {
   pname = "native-cli";
-  version = "0.4.0";
+  version = "0.5.3";
   src = ./.;
-  vendorHash = "sha256-ASmQhGHplG4ayeezhhM4R01pZLBLjYcqEuKVVxNADX0=";
+  vendorHash = "sha256-F6nEK/KylCcNvBscXnNYDSwOHiKLpSlCWv19GistNpI=";
   buildInputs = [makeWrapper];
   ldflags = ["-s -w"];
   installPhase = ''

native-cli/programs/local.go

@@ -32,31 +32,23 @@ func ProgramForLocalCluster(ctx *pulumi.Context) error {
 		os.Exit(1)
 	}
 
-	localSources, err := components.AddComponent(
+	components.Check(components.AddComponent(
 		ctx,
 		"local-sources",
 		&components.LocalPVAndPVC{
 			Size:     "50Mi",
 			HostPath: "/mnt",
 		},
-	)
-	if err != nil {
-		log.Println(err)
-		os.Exit(1)
-	}
+	))
 
-	nixStore, err := components.AddComponent(
+	components.Check(components.AddComponent(
 		ctx,
 		"nix-store",
 		&components.LocalPVAndPVC{
 			Size:     "10Gi",
 			HostPath: "/nix",
 		},
-	)
-	if err != nil {
-		log.Println(err)
-		os.Exit(1)
-	}
+	))
 
 	flux, err := components.AddComponent(
 		ctx,
@@ -68,6 +60,16 @@ func ProgramForLocalCluster(ctx *pulumi.Context) error {
 		os.Exit(1)
 	}
 
+	components.Check(components.AddComponent(
+		ctx,
+		"capacitor",
+		&components.Capacitor{
+			Dependencies: slices.Concat(
+				flux,
+			),
+		},
+	))
+
 	tektonPipelines, err := components.AddComponent(
 		ctx,
 		"tekton-pipelines",
@@ -106,21 +108,6 @@ func ProgramForLocalCluster(ctx *pulumi.Context) error {
 		},
 	))
 
-	components.Check(components.AddComponent(
-		ctx,
-		"rebuild-nativelink",
-		&components.RebuildNativeLink{
-			Dependencies: slices.Concat(
-				cilium,
-				tektonPipelines,
-				tektonTriggers,
-				localSources,
-				nixStore,
-				flux,
-			),
-		},
-	))
-
 	nativeLinkGateways, err := components.AddComponent(
 		ctx,
 		"nativelink-gatways",