devel(sorcerer): Run tilt on rossby

README.md

@@ -17,8 +17,8 @@ Some setup is required:
 
 ### Kubernetes Access
 
-To run our application on the kubernetes cluster, Tilt needs access.
-You need to authenticate with `oidc`, using your microsoft account.
+To run our application on the Kubernetes cluster, Tilt needs access.
+You need to authenticate with `oidc`, using your Microsoft account.
 Authentication configuration must be added to your `~/.kube/config`:
 
 ```yaml
@@ -46,10 +46,10 @@ Next, configure the required contexts to use `oidc` (also in your `~/.kube/confi
 ```yaml
 ---
 - context:
-    cluster: ekman
+    cluster: ekman # or rossby
     namespace: sorcerer
     user: oidc
-  name: ekman
+  name: ekman # or rossby
 - context:
     cluster: oceanbox
     namespace: atlantis
@@ -91,7 +91,7 @@ Some DNS masking is required. Add the following to your NixOS configuration:
 
 ### NuGet
 
-To retrieve packages from the private Oceanbox nuget registry, configure it with credentials in your `~/.nuget/NuGet/NuGet.Config`:
+To retrieve packages from the private Oceanbox Nuget registry, configure it with credentials in your `~/.nuget/NuGet/NuGet.Config`:
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -121,7 +121,7 @@ for `dotnet-tools` we use nix, so entering the shell using `nix-shell` or `diren
 
 ### Mkcert
 
-To generate certificates correctly, vite needs the `mkcert` binary in a predefined path in our home directory.
+To generate certificates correctly, Vite needs the `mkcert` binary in a predefined path in our home directory.
 `mkcert` is included in our dev shell, so we can create a symlink to its location in the nix store:
 
 ```fish
@@ -132,8 +132,8 @@ which mkcert | xargs -I{} ln -s {} ~/.vite-plugin-mkcert
 
 ### Docker Login
 
-In order for Tilt to push the images it builds to the oceanbox registry, we must use `docker login` to authenticate with it.
-First, create a personal access token in your gitlab account. It should have the `read_registry` and `write_registry` scopes set.
+In order for Tilt to push the images it builds to the Oceanbox registry, we must use `docker login` to authenticate with it.
+First, create a personal access token in your GitLab account. It should have the `read_registry` and `write_registry` scopes set.
 
 ```fish
 set -x TOKEN glpat-xxxx
@@ -145,7 +145,7 @@ Then, supply it to `docker login`:
 echo "$TOKEN" | docker login gitlab.com -u <user> --password-stdin
 ```
 
-When prompted, authenticate with your gitlab username and the PAT you just created.
+When prompted, authenticate with your GitLab username and the PAT you just created.
 
 ### Create k8s Namespace
 
@@ -172,7 +172,7 @@ You should now be able to access the Atlantis client (with HMR) on <atlantis.loc
 
 In order for your browser to allow you to access the web application, you must add the root certificate generated by `mkcert` to the list of trusted authorities in your browser:
 
-1. In firefox, navigate to settings and search for _"Certificates"._
+1. In Firefox, navigate to settings and search for _"Certificates"._
 2. Click on _"View Certificates",_ then _"Import..."_ in the _"Authorities"_ tab.
 3. Select the root certificate; `~/.vite-plugin-mkcert/certs/rootCA.pem`.
     - Make sure to check _"This certificate can identify websites"._

src/Atlantis/tilt/tilt/appsettings.json

@@ -59,7 +59,7 @@
     "redis": "<x>-atlantis-redis:6379",
     "objectStore": "https://atlantis.blob.core.windows.net",
     "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
-    "sorcerer" : "https://<x>-sorcerer.ekman.oceanbox.io",
+    "sorcerer" : "https://<x>-sorcerer.adm.vtn.obx",
     "allowedOrigins": [
         "https://atlantis.beta.oceanbox.io",
         "https://<x>-atlantis.dev.oceanbox.io",

src/Sorcerer/Tiltfile

@@ -1,7 +1,8 @@
 name='sorcerer'
 # repository='registry.gitlab.com/oceanbox/{name}/tilt'.format(name=name)
 repository='yolo-registry.dev.oceanbox.io/{name}'.format(name=name)
-cluster='ekman'
+# cluster='ekman'
+cluster='rossby'
 
 namespace=os.getenv('APP_NAMESPACE')
 env=os.getenv('APP_ENV')

src/Sorcerer/tilt/tilt/appsettings.json

@@ -56,8 +56,8 @@
         "https://sorcerer.local.oceanbox.io:8080",
         "https://atlantis.local.oceanbox.io:8080",
         "https://<x>-atlantis.dev.oceanbox.io",
-        "https://<x>-sorcerer.ekman.oceanbox.io",
-        "http://<x>-sorcerer.ekman.oceanbox.io"
+        "https://<x>-sorcerer.adm.vtn.obx",
+        "http://<x>-sorcerer.adm.vtn.obx"
     ],
     "appName": "sorcerer",
     "appEnv": "<x>",

src/Sorcerer/tilt/tilt/pv.yaml

@@ -8,12 +8,12 @@ spec:
   capacity:
     storage: 1Gi
   csi:
-    driver: rook-ceph.cephfs.csi.ceph.com
+    driver: cephfs.csi.ceph.com
     nodeStageSecretRef:
-      name: rook-csi-cephfs-node
-      namespace: rook-ceph
+      name: csi-cephfs-secret
+      namespace: ceph-csi-operator-system
     volumeAttributes:
-      clusterID: rook-ceph
+      clusterID: storage
       fsName: data
       rootPath: /
       staticVolume: "true"

src/Sorcerer/tilt/tilt/redis.yaml

@@ -1,29 +0,0 @@
-architecture: standalone
-
-# NOTE(mrtz): Hack for working with legacy registry
-global:
-  security:
-    allowInsecureImages: true
-image:
-  repository: bitnamilegacy/redis
-
-replica:
-  replicaCount: 1
-
-auth:
-  enabled: true
-  sentinel: true
-  password: ""
-  usePasswordFiles: false
-  existingSecretPasswordKey: ""
-  existingSecret: <x>-sorcerer-redis
-
-master:
-  resources:
-    limits:
-      ephemeral-storage: 1024Mi
-      memory: 192Mi
-    requests:
-      cpu: 150m
-      ephemeral-storage: 50Mi
-      memory: 128Mi

src/Sorcerer/tilt/values.yaml

@@ -39,9 +39,9 @@ ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-staging
     nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.100.64.0/12
   hosts:
-    - host: <x>-sorcerer.ekman.oceanbox.io
+    - host: <x>-sorcerer.adm.vtn.obx
       paths:
         - path: /
           pathType: ImplementationSpecific
@@ -58,7 +58,7 @@ ingress:
           pathType: ImplementationSpecific
   tls:
     - hosts:
-       - <x>-sorcerer.ekman.oceanbox.io
+       - <x>-sorcerer.adm.vtn.obx
       secretName: <x>-sorcerer-tls
 
 persistence:
@@ -73,28 +73,28 @@ securityContext:
   runAsNonRoot: false
   runAsUser: 0
 
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-        - matchExpressions:
-            - key: "topology.kubernetes.io/group"
-              operator: In
-              values:
-                - srv
-  podAntiAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      - labelSelector:
-          matchExpressions:
-            - key: "app.kubernetes.io/name"
-              operator: In
-              values:
-                - sorcerer
-            - key: "app.kubernetes.io/instance"
-              operator: In
-              values:
-                - <x>-sorcerer
-        topologyKey: "kubernetes.io/hostname"
+# affinity:
+#   nodeAffinity:
+#     requiredDuringSchedulingIgnoredDuringExecution:
+#       nodeSelectorTerms:
+#         - matchExpressions:
+#             - key: "topology.kubernetes.io/group"
+#               operator: In
+#               values:
+#                 - srv
+#   podAntiAffinity:
+#     requiredDuringSchedulingIgnoredDuringExecution:
+#       - labelSelector:
+#           matchExpressions:
+#             - key: "app.kubernetes.io/name"
+#               operator: In
+#               values:
+#                 - sorcerer
+#             - key: "app.kubernetes.io/instance"
+#               operator: In
+#               values:
+#                 - <x>-sorcerer
+#         topologyKey: "kubernetes.io/hostname"
 
 redis:
   enabled: true