--- version: "3" vars: PYTHON_BIN: python3 ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible" KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" TERRAFORM_DIR: "{{.ROOT_DIR}}/terraform" CLUSTER_SECRETS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-secrets.sops.env" CLUSTER_SETTINGS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-settings.env" env: KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig" SOPS_AGE_KEY_FILE: "{{.ROOT_DIR}}/age.key" PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH" VIRTUAL_ENV: "{{.ROOT_DIR}}/.venv" ANSIBLE_COLLECTIONS_PATH: "{{.ROOT_DIR}}/.venv/galaxy" ANSIBLE_ROLES_PATH: "{{.ROOT_DIR}}/.venv/galaxy/ansible_roles" ANSIBLE_VARS_ENABLED: "host_group_vars,community.sops.sops" K8S_AUTH_KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig" includes: ansible: .taskfiles/Ansible/Taskfile.yaml volsync: .taskfiles/VolSync/Tasks.yaml precommit: .taskfiles/PreCommit/Tasks.yaml k8s: .taskfiles/k8s/Taskfile.yaml rook: taskfile: ".taskfiles/rook" dir: .taskfiles/rook flux: dir: .taskfiles/flux taskfile: .taskfiles/flux tasks: default: silent: true cmds: ["task -l"] init: desc: Initialize workstation dependencies with Brew cmds: - brew install {{.DEPS}} {{.CLI_ARGS}} preconditions: - sh: command -v brew msg: | Homebrew is not installed. Using MacOS, Linux or WSL? Head over to https://brew.sh to get up and running. vars: DEPS: >- age ansible direnv derailed/k9s/k9s fluxcd/tap/flux go-task/tap/go-task helm ipcalc jq kubernetes-cli kustomize pre-commit prettier sops stern terraform tflint weaveworks/tap/gitops yamllint yq configure-venv: desc: Install or upgrade the Python virtual env cmds: - "{{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv" - .venv/bin/python3 -m pip install --upgrade pip setuptools wheel - .venv/bin/python3 -m pip install --upgrade --requirement "{{.ROOT_DIR}}/requirements.txt" - .venv/bin/ansible-galaxy install --role-file "{{.ROOT_DIR}}/requirements.yaml" --force flux-apply: desc: Apply a resource path that contains Flux substitution variables dotenv: ['{{.CLUSTER_SETTINGS_FILE}}'] vars: ks: '{{ or .ks (fail "Missing path (`ks` var)") }}' cmd: | sops exec-env {{.CLUSTER_SECRETS_FILE}} \ "kustomize build --load-restrictor=LoadRestrictionsNone {{.ks}} | \ envsubst | kubectl apply --server-side --field-manager=kustomize-controller -f -" preconditions: - sh: test -f {{.CLUSTER_SECRETS_FILE}} - sh: test -f {{.CLUSTER_SETTINGS_FILE}} sync-secrets: desc: Sync ExternalSecret resources vars: secret: '{{ .secret | default ""}}' namespace: '{{.namespace | default "default"}}' cmd: | {{if eq .secret ""}} kubectl get externalsecret.external-secrets.io --all-namespaces --no-headers -A | awk '{print $1, $2}' \ | xargs --max-procs=4 -l bash -c 'kubectl -n $0 annotate externalsecret.external-secrets.io $1 force-sync=$(date +%s) --overwrite' {{else}} kubectl -n {{.namespace}} annotate externalsecret.external-secrets.io {{.secret}} force-sync=$(date +%s) --overwrite {{end}} preconditions: - kubectl -n {{.namespace}} get externalsecret {{.secret}} mount-volume: desc: Mount a PersistentVolumeClaim to a temporary pod interactive: true vars: claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}' namespace: '{{.namespace | default "default"}}' cmd: | kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides=' { "apiVersion": "v1", "spec": { "containers": [ { "name": "debug", "image": "ghcr.io/onedr0p/alpine:rolling", "command": ["/bin/bash"], "stdin": true, "stdinOnce": true, "tty": true, "volumeMounts": [ { "name": "config", "mountPath": "/config" } ] } ], "volumes": [ { "name": "config", "persistentVolumeClaim": { "claimName": "{{.claim}}" } } ], "restartPolicy": "Never" } }' preconditions: - kubectl -n {{.namespace}} get pvc {{.claim}} # https://github.com/fluxcd/helm-controller/issues/644 "644": cmds: - kubectl -n {{.namespace}} delete secret -l owner=helm,name={{.release}},status=pending-upgrade - flux -n {{.namespace}} reconcile hr {{.release}} vars: release: '{{ or .release (fail "HelmRelease `release` is required") }}' namespace: '{{.namespace | default "default"}}' preconditions: - flux -n {{.namespace}} get hr {{.release}}