115 lines
3.2 KiB
YAML
115 lines
3.2 KiB
YAML
---
|
|
version: "3"
|
|
|
|
vars:
|
|
KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes"
|
|
CLUSTER_SECRETS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-secrets.sops.env"
|
|
CLUSTER_SETTINGS_FILE: "{{.CLUSTER_DIR}}/flux/vars/cluster-settings.env"
|
|
|
|
env:
|
|
KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig"
|
|
SOPS_AGE_KEY_FILE: "{{.ROOT_DIR}}/age.key"
|
|
PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH"
|
|
K8S_AUTH_KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig"
|
|
|
|
includes:
|
|
volsync: .taskfiles/VolSync/Tasks.yaml
|
|
precommit: .taskfiles/PreCommit/Tasks.yaml
|
|
k8s: .taskfiles/k8s/Taskfile.yaml
|
|
rook:
|
|
taskfile: ".taskfiles/rook"
|
|
dir: .taskfiles/rook
|
|
flux:
|
|
dir: .taskfiles/flux
|
|
taskfile: .taskfiles/flux
|
|
|
|
tasks:
|
|
default:
|
|
silent: true
|
|
cmds: ["task -l"]
|
|
|
|
init:
|
|
desc: Initialize workstation dependencies with Brew
|
|
cmds:
|
|
- brew install {{.DEPS}} {{.CLI_ARGS}}
|
|
preconditions:
|
|
- sh: command -v brew
|
|
msg: |
|
|
Homebrew is not installed. Using MacOS, Linux or WSL?
|
|
Head over to https://brew.sh to get up and running.
|
|
vars:
|
|
DEPS: >-
|
|
age
|
|
ansible
|
|
direnv
|
|
derailed/k9s/k9s
|
|
fluxcd/tap/flux
|
|
go-task/tap/go-task
|
|
helm
|
|
ipcalc
|
|
jq
|
|
kubernetes-cli
|
|
kustomize
|
|
pre-commit
|
|
prettier
|
|
sops
|
|
stern
|
|
talhelper
|
|
yamllint
|
|
yq
|
|
|
|
sync-secrets:
|
|
desc: Sync ExternalSecret resources
|
|
vars:
|
|
secret: '{{ .secret | default ""}}'
|
|
namespace: '{{.namespace | default "default"}}'
|
|
cmd: |
|
|
{{if eq .secret ""}}
|
|
kubectl get externalsecret.external-secrets.io --all-namespaces --no-headers -A | awk '{print $1, $2}' \
|
|
| xargs --max-procs=4 -l bash -c 'kubectl -n $0 annotate externalsecret.external-secrets.io $1 force-sync=$(date +%s) --overwrite'
|
|
{{else}}
|
|
kubectl -n {{.namespace}} annotate externalsecret.external-secrets.io {{.secret}} force-sync=$(date +%s) --overwrite
|
|
{{end}}
|
|
preconditions:
|
|
- kubectl -n {{.namespace}} get externalsecret {{.secret}}
|
|
|
|
mount-volume:
|
|
desc: Mount a PersistentVolumeClaim to a temporary pod
|
|
interactive: true
|
|
vars:
|
|
claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}'
|
|
namespace: '{{.namespace | default "default"}}'
|
|
cmd: |
|
|
kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides='
|
|
{
|
|
"apiVersion": "v1",
|
|
"spec": {
|
|
"containers": [
|
|
{
|
|
"name": "debug",
|
|
"image": "docker.io/library/alpine:3.19.1",
|
|
"command": ["/bin/bash"],
|
|
"stdin": true,
|
|
"stdinOnce": true,
|
|
"tty": true,
|
|
"volumeMounts": [
|
|
{
|
|
"name": "config",
|
|
"mountPath": "/config"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"volumes": [
|
|
{
|
|
"name": "config",
|
|
"persistentVolumeClaim": {
|
|
"claimName": "{{.claim}}"
|
|
}
|
|
}
|
|
],
|
|
"restartPolicy": "Never"
|
|
}
|
|
}'
|
|
preconditions:
|
|
- kubectl -n {{.namespace}} get pvc {{.claim}}
|