7.5 KiB
7.5 KiB
Skaffold vs Tilt - Which to Use?
Quick Decision Guide
🏆 Recommendation: Use Tilt
For the Bakery IA platform with the new security features, Tilt is recommended for local development.
📊 Comparison
| Feature | Tilt | Skaffold |
|---|---|---|
| Security Setup | ✅ Automatic local resource | ✅ Pre-deployment hooks |
| Speed | ⚡ Faster (selective rebuilds) | 🐢 Slower (full rebuilds) |
| Live Updates | ✅ Hot reload (no rebuild) | ⚠️ Full rebuild only |
| UI Dashboard | ✅ Built-in (localhost:10350) | ❌ None (CLI only) |
| Resource Grouping | ✅ Labels (databases, services, etc.) | ❌ Flat list |
| TLS Verification | ✅ Built-in verification step | ❌ Manual verification |
| PVC Verification | ✅ Built-in verification step | ❌ Manual verification |
| Debugging | ✅ Easy (visual dashboard) | ⚠️ Harder (CLI only) |
| Learning Curve | 🟢 Easy | 🟢 Easy |
| Memory Usage | 🟡 Moderate | 🟢 Light |
| Python Hot Reload | ✅ Instant (kill -HUP) | ❌ Full rebuild |
| Shared Code Sync | ✅ Automatic | ❌ Full rebuild |
| CI/CD Ready | ⚠️ Not recommended | ✅ Yes |
🚀 Use Tilt When:
- ✅ Local development (daily work)
- ✅ Frequent code changes (hot reload saves time)
- ✅ Working on multiple services (visual dashboard helps)
- ✅ Debugging (easier to see what's happening)
- ✅ Security testing (built-in verification)
Commands:
# Start development
tilt up -f Tiltfile.secure
# View dashboard
open http://localhost:10350
# Work on specific services only
tilt up auth-service inventory-service
🏗️ Use Skaffold When:
- ✅ CI/CD pipelines (automation)
- ✅ Production-like testing (full rebuilds ensure consistency)
- ✅ Integration testing (end-to-end flows)
- ✅ Resource-constrained environments (uses less memory)
- ✅ Minimal tooling (no dashboard needed)
Commands:
# Development mode
skaffold dev -f skaffold-secure.yaml
# Production build
skaffold run -f skaffold-secure.yaml -p prod
# Debug mode with port forwarding
skaffold dev -f skaffold-secure.yaml -p debug
📈 Performance Comparison
Tilt (Secure Mode)
First Start:
- Security setup: ~5 seconds
- Database pods: ~30 seconds
- Services: ~60 seconds
- Total: ~95 seconds
Code Change (Python):
- Sync code: instant
- Restart uvicorn: 1-2 seconds
- Total: ~2 seconds ✅
Shared Library Change:
- Sync to all services: instant
- Restart all services: 5-10 seconds
- Total: ~10 seconds ✅
Skaffold (Secure Mode)
First Start:
- Security hooks: ~5 seconds
- Build all images: ~5 minutes
- Deploy: ~60 seconds
- Total: ~6 minutes
Code Change (Python):
- Rebuild image: ~30 seconds
- Redeploy: ~15 seconds
- Total: ~45 seconds 🐢
Shared Library Change:
- Rebuild all services: ~5 minutes
- Redeploy: ~60 seconds
- Total: ~6 minutes 🐢
🎯 Real-World Scenarios
Scenario 1: Fixing a Bug in Auth Service
With Tilt:
1. Edit services/auth/app/api/endpoints/login.py
2. Save file
3. Wait 2 seconds for hot reload
4. Test in browser
✅ Total time: 2 seconds
With Skaffold:
1. Edit services/auth/app/api/endpoints/login.py
2. Save file
3. Wait 30 seconds for rebuild
4. Wait 15 seconds for deployment
5. Test in browser
⏱️ Total time: 45 seconds
Scenario 2: Adding Feature to Shared Library
With Tilt:
1. Edit shared/database/base.py
2. Save file
3. All services reload automatically (10 seconds)
4. Test across services
✅ Total time: 10 seconds
With Skaffold:
1. Edit shared/database/base.py
2. Save file
3. All services rebuild (5 minutes)
4. All services redeploy (1 minute)
5. Test across services
⏱️ Total time: 6 minutes
Scenario 3: Testing TLS Configuration
With Tilt:
1. Start Tilt: tilt up -f Tiltfile.secure
2. View dashboard
3. Check "security-setup" resource (green = success)
4. Check "verify-tls" resource (manual trigger)
5. See verification results in UI
✅ Visual feedback at every step
With Skaffold:
1. Start Skaffold: skaffold dev -f skaffold-secure.yaml
2. Watch terminal output
3. Manually run: kubectl exec ... (to test TLS)
4. Check logs manually
⏱️ More manual steps, no visual feedback
🔐 Security Features Comparison
Tilt (Tiltfile.secure)
Security Setup:
# Automatic local resource runs first
local_resource('security-setup',
cmd='kubectl apply -f infrastructure/kubernetes/base/secrets.yaml ...',
labels=['security'],
auto_init=True)
# All databases depend on security-setup
k8s_resource('auth-db', resource_deps=['security-setup'], ...)
Built-in Verification:
# Automatic TLS verification
local_resource('verify-tls',
cmd='Check if TLS certs are mounted...',
resource_deps=['auth-db', 'redis'])
# Automatic PVC verification
local_resource('verify-pvcs',
cmd='Check if PVCs are bound...')
Benefits:
- ✅ Security runs before anything else
- ✅ Visual confirmation in dashboard
- ✅ Automatic verification
- ✅ Grouped by labels (security, databases, services)
Skaffold (skaffold-secure.yaml)
Security Setup:
deploy:
kubectl:
hooks:
before:
- host:
command: ["kubectl", "apply", "-f", "secrets.yaml"]
# ... more hooks
Verification:
- ⚠️ Manual verification required
- ⚠️ No built-in checks
- ⚠️ Rely on CLI output
Benefits:
- ✅ Runs before deployment
- ✅ Simple hook system
- ✅ CI/CD friendly
💡 Best of Both Worlds
Recommended Workflow:
-
Daily Development: Use Tilt
tilt up -f Tiltfile.secure -
Integration Testing: Use Skaffold
skaffold run -f skaffold-secure.yaml -
CI/CD: Use Skaffold
skaffold run -f skaffold-secure.yaml -p prod
📝 Migration Guide
Switching from Skaffold to Tilt
Current setup:
skaffold dev
New setup:
# Install Tilt (if not already)
brew install tilt-dev/tap/tilt # macOS
# or download from: https://tilt.dev
# Use secure Tiltfile
tilt up -f Tiltfile.secure
# View dashboard
open http://localhost:10350
No code changes needed! Both use the same Kubernetes manifests.
Keeping Skaffold for CI/CD
# .github/workflows/deploy.yml
- name: Deploy to staging
run: |
skaffold run -f skaffold-secure.yaml -p prod
🎓 Learning Resources
Tilt
- Documentation: https://docs.tilt.dev
- Tutorial: https://docs.tilt.dev/tutorial.html
- Examples: https://github.com/tilt-dev/tilt-example-python
Skaffold
- Documentation: https://skaffold.dev/docs/
- Tutorial: https://skaffold.dev/docs/tutorials/
- Examples: https://github.com/GoogleContainerTools/skaffold/tree/main/examples
🏁 Conclusion
For Bakery IA development:
| Use Case | Tool | Reason |
|---|---|---|
| Daily development | Tilt | Fast hot reload, visual dashboard |
| Quick fixes | Tilt | 2-second updates vs 45-second rebuilds |
| Multi-service work | Tilt | Labels and visual grouping |
| Security testing | Tilt | Built-in verification steps |
| CI/CD | Skaffold | Simpler, more predictable |
| Production builds | Skaffold | Industry standard for CI/CD |
Bottom line: Use Tilt for development, Skaffold for CI/CD.
Last Updated: October 18, 2025