theshire/Taskfile.yaml

---
version: "3"

vars:
  PYTHON_BIN: python3
  ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible"
  KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes"
  TERRAFORM_DIR: "{{.ROOT_DIR}}/terraform"
  CLUSTER_SECRETS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-secrets.sops.env"
  CLUSTER_SETTINGS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-settings.env"

env:
  KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig"
  SOPS_AGE_KEY_FILE: "{{.ROOT_DIR}}/age.key"
  PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH"
  VIRTUAL_ENV: "{{.ROOT_DIR}}/.venv"
  ANSIBLE_COLLECTIONS_PATH: "{{.ROOT_DIR}}/.venv/galaxy"
  ANSIBLE_ROLES_PATH: "{{.ROOT_DIR}}/.venv/galaxy/ansible_roles"
  ANSIBLE_VARS_ENABLED: "host_group_vars,community.sops.sops"
  K8S_AUTH_KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig"

includes:
  ansible: .taskfiles/Ansible/Taskfile.yaml
  volsync: .taskfiles/VolSync/Tasks.yaml
  precommit: .taskfiles/PreCommit/Tasks.yaml
  k8s: .taskfiles/k8s/Taskfile.yaml
  rook:
    taskfile: ".taskfiles/rook"
    dir: .taskfiles/rook
  flux:
    dir: .taskfiles/flux
    taskfile: .taskfiles/flux

tasks:

  default:
    silent: true
    cmds: ["task -l"]

  init:
    desc: Initialize workstation dependencies with Brew
    cmds:
      - brew install {{.DEPS}} {{.CLI_ARGS}}
    preconditions:
      - sh: command -v brew
        msg: |
          Homebrew is not installed. Using MacOS, Linux or WSL?
          Head over to https://brew.sh to get up and running.
    vars:
      DEPS: >-
        age
        ansible
        direnv
        derailed/k9s/k9s
        fluxcd/tap/flux
        go-task/tap/go-task
        helm
        ipcalc
        jq
        kubernetes-cli
        kustomize
        pre-commit
        prettier
        sops
        stern
        terraform
        tflint
        weaveworks/tap/gitops
        yamllint
        yq

  configure-venv:
    desc: Install or upgrade the Python virtual env
    cmds:
      - "{{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv"
      - .venv/bin/python3 -m pip install --upgrade pip setuptools wheel
      - .venv/bin/python3 -m pip install --upgrade --requirement "{{.ROOT_DIR}}/requirements.txt"
      - .venv/bin/ansible-galaxy install --role-file "{{.ANSIBLE_DIR}}/requirements.yaml" --force

  flux-apply:
    desc: Apply a resource path that contains Flux substitution variables
    dotenv: ['{{.CLUSTER_SETTINGS_FILE}}']
    vars:
      ks: '{{ or .ks (fail "Missing path (`ks` var)") }}'
    cmd: |
      sops exec-env {{.CLUSTER_SECRETS_FILE}} \
        "kustomize build --load-restrictor=LoadRestrictionsNone {{.ks}} | \
          envsubst | kubectl apply --server-side --field-manager=kustomize-controller -f -"
    preconditions:
      - sh: test -f {{.CLUSTER_SECRETS_FILE}}
      - sh: test -f {{.CLUSTER_SETTINGS_FILE}}

  sync-secrets:
    desc: Sync ExternalSecret resources
    vars:
      secret: '{{ .secret | default ""}}'
      namespace: '{{.namespace | default "default"}}'
    cmd: |
      {{if eq .secret ""}}
        kubectl get externalsecret.external-secrets.io --all-namespaces --no-headers -A | awk '{print $1, $2}' \
          | xargs --max-procs=4 -l bash -c 'kubectl -n $0 annotate externalsecret.external-secrets.io $1 force-sync=$(date +%s) --overwrite'
      {{else}}
        kubectl -n {{.namespace}} annotate externalsecret.external-secrets.io {{.secret}} force-sync=$(date +%s) --overwrite
      {{end}}
    preconditions:
      - kubectl -n {{.namespace}} get externalsecret {{.secret}}

  mount-volume:
    desc: Mount a PersistentVolumeClaim to a temporary pod
    interactive: true
    vars:
      claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}'
      namespace: '{{.namespace | default "default"}}'
    cmd: |
      kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides='
        {
          "apiVersion": "v1",
          "spec": {
            "containers": [
              {
                "name": "debug",
                "image": "ghcr.io/onedr0p/alpine:rolling",
                "command": ["/bin/bash"],
                "stdin": true,
                "stdinOnce": true,
                "tty": true,
                "volumeMounts": [
                  {
                    "name": "config",
                    "mountPath": "/config"
                  }
                ]
              }
            ],
            "volumes": [
              {
                "name": "config",
                "persistentVolumeClaim": {
                  "claimName": "{{.claim}}"
                }
              }
            ],
            "restartPolicy": "Never"
          }
        }'
    preconditions:
      - kubectl -n {{.namespace}} get pvc {{.claim}}

  # https://github.com/fluxcd/helm-controller/issues/644
  "644":
    cmds:
      - kubectl -n {{.namespace}} delete secret -l owner=helm,name={{.release}},status=pending-upgrade
      - flux -n {{.namespace}} reconcile hr {{.release}}
    vars:
      release: '{{ or .release (fail "HelmRelease `release` is required") }}'
      namespace: '{{.namespace | default "default"}}'
    preconditions:
      - flux -n {{.namespace}} get hr {{.release}}
Homelab 2024-01-11 15:03:54 -06:00			`---`
			`version: "3"`

			`vars:`
			`PYTHON_BIN: python3`
			`ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible"`
			`KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes"`
			`TERRAFORM_DIR: "{{.ROOT_DIR}}/terraform"`
			`CLUSTER_SECRETS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-secrets.sops.env"`
			`CLUSTER_SETTINGS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-settings.env"`

			`env:`
			`KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig"`
			`SOPS_AGE_KEY_FILE: "{{.ROOT_DIR}}/age.key"`
			`PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH"`
			`VIRTUAL_ENV: "{{.ROOT_DIR}}/.venv"`
			`ANSIBLE_COLLECTIONS_PATH: "{{.ROOT_DIR}}/.venv/galaxy"`
			`ANSIBLE_ROLES_PATH: "{{.ROOT_DIR}}/.venv/galaxy/ansible_roles"`
			`ANSIBLE_VARS_ENABLED: "host_group_vars,community.sops.sops"`
			`K8S_AUTH_KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig"`

			`includes:`
			`ansible: .taskfiles/Ansible/Taskfile.yaml`
			`volsync: .taskfiles/VolSync/Tasks.yaml`
			`precommit: .taskfiles/PreCommit/Tasks.yaml`
			`k8s: .taskfiles/k8s/Taskfile.yaml`
			`rook:`
			`taskfile: ".taskfiles/rook"`
			`dir: .taskfiles/rook`
			`flux:`
			`dir: .taskfiles/flux`
			`taskfile: .taskfiles/flux`

			`tasks:`

			`default:`
			`silent: true`
			`cmds: ["task -l"]`

			`init:`
			`desc: Initialize workstation dependencies with Brew`
			`cmds:`
			`- brew install {{.DEPS}} {{.CLI_ARGS}}`
			`preconditions:`
			`- sh: command -v brew`
			`msg: \|`
			`Homebrew is not installed. Using MacOS, Linux or WSL?`
			`Head over to https://brew.sh to get up and running.`
			`vars:`
			`DEPS: >-`
			`age`
			`ansible`
			`direnv`
			`derailed/k9s/k9s`
			`fluxcd/tap/flux`
			`go-task/tap/go-task`
			`helm`
			`ipcalc`
			`jq`
			`kubernetes-cli`
			`kustomize`
			`pre-commit`
			`prettier`
			`sops`
			`stern`
			`terraform`
			`tflint`
			`weaveworks/tap/gitops`
			`yamllint`
			`yq`

			`configure-venv:`
			`desc: Install or upgrade the Python virtual env`
			`cmds:`
			`- "{{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv"`
			`- .venv/bin/python3 -m pip install --upgrade pip setuptools wheel`
			`- .venv/bin/python3 -m pip install --upgrade --requirement "{{.ROOT_DIR}}/requirements.txt"`
Update python requirements location. 2024-02-01 13:37:32 -06:00			`- .venv/bin/ansible-galaxy install --role-file "{{.ANSIBLE_DIR}}/requirements.yaml" --force`
Homelab 2024-01-11 15:03:54 -06:00
			`flux-apply:`
			`desc: Apply a resource path that contains Flux substitution variables`
			`dotenv: ['{{.CLUSTER_SETTINGS_FILE}}']`
			`vars:`
			ks: '{{ or .ks (fail "Missing path (`ks` var)") }}'
			`cmd: \|`
			`sops exec-env {{.CLUSTER_SECRETS_FILE}} \`
			`"kustomize build --load-restrictor=LoadRestrictionsNone {{.ks}} \| \`
			`envsubst \| kubectl apply --server-side --field-manager=kustomize-controller -f -"`
			`preconditions:`
			`- sh: test -f {{.CLUSTER_SECRETS_FILE}}`
			`- sh: test -f {{.CLUSTER_SETTINGS_FILE}}`

			`sync-secrets:`
			`desc: Sync ExternalSecret resources`
			`vars:`
			`secret: '{{ .secret \| default ""}}'`
			`namespace: '{{.namespace \| default "default"}}'`
			`cmd: \|`
			`{{if eq .secret ""}}`
			`kubectl get externalsecret.external-secrets.io --all-namespaces --no-headers -A \| awk '{print $1, $2}' \`
			`\| xargs --max-procs=4 -l bash -c 'kubectl -n $0 annotate externalsecret.external-secrets.io $1 force-sync=$(date +%s) --overwrite'`
			`{{else}}`
			`kubectl -n {{.namespace}} annotate externalsecret.external-secrets.io {{.secret}} force-sync=$(date +%s) --overwrite`
			`{{end}}`
			`preconditions:`
			`- kubectl -n {{.namespace}} get externalsecret {{.secret}}`

			`mount-volume:`
			`desc: Mount a PersistentVolumeClaim to a temporary pod`
			`interactive: true`
			`vars:`
			claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}'
			`namespace: '{{.namespace \| default "default"}}'`
			`cmd: \|`
			`kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides='`
			`{`
			`"apiVersion": "v1",`
			`"spec": {`
			`"containers": [`
			`{`
			`"name": "debug",`
			`"image": "ghcr.io/onedr0p/alpine:rolling",`
			`"command": ["/bin/bash"],`
			`"stdin": true,`
			`"stdinOnce": true,`
			`"tty": true,`
			`"volumeMounts": [`
			`{`
			`"name": "config",`
			`"mountPath": "/config"`
			`}`
			`]`
			`}`
			`],`
			`"volumes": [`
			`{`
			`"name": "config",`
			`"persistentVolumeClaim": {`
			`"claimName": "{{.claim}}"`
			`}`
			`}`
			`],`
			`"restartPolicy": "Never"`
			`}`
			`}'`
			`preconditions:`
			`- kubectl -n {{.namespace}} get pvc {{.claim}}`

			`# https://github.com/fluxcd/helm-controller/issues/644`
			`"644":`
			`cmds:`
			`- kubectl -n {{.namespace}} delete secret -l owner=helm,name={{.release}},status=pending-upgrade`
			`- flux -n {{.namespace}} reconcile hr {{.release}}`
			`vars:`
			release: '{{ or .release (fail "HelmRelease `release` is required") }}'
			`namespace: '{{.namespace \| default "default"}}'`
			`preconditions:`
			`- flux -n {{.namespace}} get hr {{.release}}`