--- version: "3" vars: KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" CLUSTER_SECRETS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-secrets.sops.env" CLUSTER_SETTINGS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-settings.env" env: KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig" SOPS_AGE_KEY_FILE: "{{.ROOT_DIR}}/age.key" PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH" K8S_AUTH_KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig" includes: volsync: .taskfiles/VolSync/Tasks.yaml precommit: .taskfiles/PreCommit/Tasks.yaml k8s: .taskfiles/k8s/Taskfile.yaml rook: taskfile: ".taskfiles/rook" dir: .taskfiles/rook flux: dir: .taskfiles/flux taskfile: .taskfiles/flux tasks: default: silent: true cmds: ["task -l"] init: desc: Initialize workstation dependencies with Brew cmds: - brew install {{.DEPS}} {{.CLI_ARGS}} preconditions: - sh: command -v brew msg: | Homebrew is not installed. Using MacOS, Linux or WSL? Head over to https://brew.sh to get up and running. vars: DEPS: >- age ansible direnv derailed/k9s/k9s fluxcd/tap/flux go-task/tap/go-task helm ipcalc jq kubernetes-cli kustomize pre-commit prettier sops stern yamllint yq sync-secrets: desc: Sync ExternalSecret resources vars: secret: '{{ .secret | default ""}}' namespace: '{{.namespace | default "default"}}' cmd: | {{if eq .secret ""}} kubectl get externalsecret.external-secrets.io --all-namespaces --no-headers -A | awk '{print $1, $2}' \ | xargs --max-procs=4 -l bash -c 'kubectl -n $0 annotate externalsecret.external-secrets.io $1 force-sync=$(date +%s) --overwrite' {{else}} kubectl -n {{.namespace}} annotate externalsecret.external-secrets.io {{.secret}} force-sync=$(date +%s) --overwrite {{end}} preconditions: - kubectl -n {{.namespace}} get externalsecret {{.secret}} mount-volume: desc: Mount a PersistentVolumeClaim to a temporary pod interactive: true vars: claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}' namespace: '{{.namespace | default "default"}}' cmd: | kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides=' { "apiVersion": "v1", "spec": { "containers": [ { "name": "debug", "image": "ghcr.io/onedr0p/alpine:rolling", "command": ["/bin/bash"], "stdin": true, "stdinOnce": true, "tty": true, "volumeMounts": [ { "name": "config", "mountPath": "/config" } ] } ], "volumes": [ { "name": "config", "persistentVolumeClaim": { "claimName": "{{.claim}}" } } ], "restartPolicy": "Never" } }' preconditions: - kubectl -n {{.namespace}} get pvc {{.claim}}