118 lines
3.3 KiB
YAML
118 lines
3.3 KiB
YAML
|
---
|
||
|
version: "3"
|
||
|
|
||
|
vars:
|
||
|
KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes"
|
||
|
CLUSTER_SECRETS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-secrets.sops.env"
|
||
|
CLUSTER_SETTINGS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-settings.env"
|
||
|
|
||
|
env:
|
||
|
KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig"
|
||
|
SOPS_AGE_KEY_FILE: "{{.ROOT_DIR}}/age.key"
|
||
|
PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH"
|
||
|
K8S_AUTH_KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig"
|
||
|
|
||
|
includes:
|
||
|
volsync: .taskfiles/VolSync/Tasks.yaml
|
||
|
precommit: .taskfiles/PreCommit/Tasks.yaml
|
||
|
k8s: .taskfiles/k8s/Taskfile.yaml
|
||
|
rook:
|
||
|
taskfile: ".taskfiles/rook"
|
||
|
dir: .taskfiles/rook
|
||
|
flux:
|
||
|
dir: .taskfiles/flux
|
||
|
taskfile: .taskfiles/flux
|
||
|
|
||
|
tasks:
|
||
|
default:
|
||
|
silent: true
|
||
|
cmds: ["task -l"]
|
||
|
|
||
|
init:
|
||
|
desc: Initialize workstation dependencies with Brew
|
||
|
cmds:
|
||
|
- brew install {{.DEPS}} {{.CLI_ARGS}}
|
||
|
preconditions:
|
||
|
- sh: command -v brew
|
||
|
msg: |
|
||
|
Homebrew is not installed. Using MacOS, Linux or WSL?
|
||
|
Head over to https://brew.sh to get up and running.
|
||
|
vars:
|
||
|
DEPS: >-
|
||
|
age
|
||
|
ansible
|
||
|
direnv
|
||
|
derailed/k9s/k9s
|
||
|
fluxcd/tap/flux
|
||
|
go-task/tap/go-task
|
||
|
helm
|
||
|
ipcalc
|
||
|
jq
|
||
|
kubernetes-cli
|
||
|
kustomize
|
||
|
pre-commit
|
||
|
prettier
|
||
|
sops
|
||
|
stern
|
||
|
terraform
|
||
|
tflint
|
||
|
weaveworks/tap/gitops
|
||
|
yamllint
|
||
|
yq
|
||
|
|
||
|
sync-secrets:
|
||
|
desc: Sync ExternalSecret resources
|
||
|
vars:
|
||
|
secret: '{{ .secret | default ""}}'
|
||
|
namespace: '{{.namespace | default "default"}}'
|
||
|
cmd: |
|
||
|
{{if eq .secret ""}}
|
||
|
kubectl get externalsecret.external-secrets.io --all-namespaces --no-headers -A | awk '{print $1, $2}' \
|
||
|
| xargs --max-procs=4 -l bash -c 'kubectl -n $0 annotate externalsecret.external-secrets.io $1 force-sync=$(date +%s) --overwrite'
|
||
|
{{else}}
|
||
|
kubectl -n {{.namespace}} annotate externalsecret.external-secrets.io {{.secret}} force-sync=$(date +%s) --overwrite
|
||
|
{{end}}
|
||
|
preconditions:
|
||
|
- kubectl -n {{.namespace}} get externalsecret {{.secret}}
|
||
|
|
||
|
mount-volume:
|
||
|
desc: Mount a PersistentVolumeClaim to a temporary pod
|
||
|
interactive: true
|
||
|
vars:
|
||
|
claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}'
|
||
|
namespace: '{{.namespace | default "default"}}'
|
||
|
cmd: |
|
||
|
kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides='
|
||
|
{
|
||
|
"apiVersion": "v1",
|
||
|
"spec": {
|
||
|
"containers": [
|
||
|
{
|
||
|
"name": "debug",
|
||
|
"image": "ghcr.io/onedr0p/alpine:rolling",
|
||
|
"command": ["/bin/bash"],
|
||
|
"stdin": true,
|
||
|
"stdinOnce": true,
|
||
|
"tty": true,
|
||
|
"volumeMounts": [
|
||
|
{
|
||
|
"name": "config",
|
||
|
"mountPath": "/config"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"volumes": [
|
||
|
{
|
||
|
"name": "config",
|
||
|
"persistentVolumeClaim": {
|
||
|
"claimName": "{{.claim}}"
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
"restartPolicy": "Never"
|
||
|
}
|
||
|
}'
|
||
|
preconditions:
|
||
|
- kubectl -n {{.namespace}} get pvc {{.claim}}
|