Add taskfiles · kryptonian.dev/k8s-cluster@af882ff

+58 -52

.taskfiles/Flux/Taskfile.yaml

··· 1 1 --- 2 + # yaml-language-server: $schema=https://taskfile.dev/schema.json 2 3 version: "3" 3 4 5 + vars: 6 + CLUSTER_SECRET_SOPS_FILE: "{{.KUBERNETES_DIR}}/flux/vars/cluster-secrets.sops.yaml" 7 + CLUSTER_SETTINGS_FILE: "{{.KUBERNETES_DIR}}/flux/vars/cluster-settings.yaml" 8 + GITHUB_DEPLOY_KEY_FILE: "{{.KUBERNETES_DIR}}/bootstrap/flux/github-deploy-key.sops.yaml" 9 + 4 10 tasks: 11 + 5 12 bootstrap: 6 13 desc: Bootstrap Flux into a Kubernetes cluster 7 - summary: | 8 - Args: 9 - cluster: Cluster to run command against (required) 10 - prompt: Bootstrap Flux into the '{{.cluster}}' cluster... continue? 11 14 cmds: 12 - - kubectl --context {{.cluster}} apply --server-side --kustomize {{.KUBERNETES_DIR}}/{{.cluster}}/bootstrap/flux 13 - - sops --decrypt --in-place {{.KUBERNETES_DIR}}/base/flux-system/cluster-config/overlays/{{.cluster}}/cluster-secrets.sops.yaml 14 - - kubectl --context {{.cluster}} apply --server-side --kustomize {{.KUBERNETES_DIR}}/base/flux-system/cluster-config/overlays/{{.cluster}} 15 - - kubectl --context {{.cluster}} apply --server-side --kustomize {{.KUBERNETES_DIR}}/{{.cluster}}/flux/config 16 - - defer: sops --encrypt --in-place {{.KUBERNETES_DIR}}/base/flux-system/cluster-config/overlays/{{.cluster}}/cluster-secrets.sops.yaml 15 + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --kustomize {{.KUBERNETES_DIR}}/bootstrap/flux 16 + - cat {{.AGE_FILE}} | kubectl --kubeconfig {{.KUBECONFIG_FILE}} -n flux-system create secret generic sops-age --from-file=age.agekey=/dev/stdin 17 + - sops --decrypt {{.CLUSTER_SECRET_SOPS_FILE}} | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename - 18 + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename {{.CLUSTER_SETTINGS_FILE}} 19 + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --kustomize {{.KUBERNETES_DIR}}/flux/config 17 20 preconditions: 18 - - { msg: "Argument (cluster) is required", sh: "test -n {{.cluster}}" } 19 - - { msg: "Cluster settings not found", sh: "test -f {{.KUBERNETES_DIR}}/base/flux-system/cluster-config/overlays/{{.cluster}}" } 20 - - { msg: "Cluster secrets not found", sh: "test -f {{.KUBERNETES_DIR}}/base/flux-system/cluster-config/overlays/{{.cluster}}/cluster-secrets.sops.yaml" } 21 - - { msg: "Unable to decrypt sops secret", sh: "sops --decrypt {{.KUBERNETES_DIR}}/{{.cluster}}/flux/vars/cluster-secrets.secret.sops.env" } 22 - gr-sync: 23 - desc: Sync all Flux GitRepositories 24 - cmds: 25 - - | 26 - kubectl get gitrepositories --all-namespaces --no-headers | awk '{print $1, $2}' \ 27 - | xargs -P 4 -L 1 bash -c \ 28 - 'kubectl -n $0 annotate gitrepository/$1 reconcile.fluxcd.io/requestedAt=$(date +%s) --field-manager=flux-client-side-apply --overwrite' 21 + - msg: Missing kubeconfig 22 + sh: test -f {{.KUBECONFIG_FILE}} 23 + - msg: Missing Sops Age key file 24 + sh: test -f {{.AGE_FILE}} 29 25 30 - ks-sync: 31 - desc: Sync all Flux Kustomizations 32 - cmds: 33 - - | 34 - kubectl get kustomization --all-namespaces --no-headers | awk '{print $1, $2}' \ 35 - | xargs -P 4 -L 1 bash -c \ 36 - 'kubectl -n $0 annotate kustomization/$1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --field-manager=flux-client-side-apply --overwrite' 26 + apply: 27 + desc: Apply a Flux Kustomization resource for a cluster 28 + summary: | 29 + Args: 30 + path: Path under apps containing the Flux Kustomization resource (ks.yaml) (required) 31 + ns: Namespace the Flux Kustomization exists in (default: flux-system) 32 + cmd: | 33 + flux --kubeconfig {{.KUBECONFIG_FILE}} build ks $(basename {{.path}}) \ 34 + --namespace {{.ns}} \ 35 + --kustomization-file {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml \ 36 + --path {{.KUBERNETES_DIR}}/apps/{{.path}} \ 37 + {{- if contains "not found" .ks }}--dry-run \{{ end }} 38 + | \ 39 + kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side \ 40 + --field-manager=kustomize-controller -f - 41 + requires: 42 + vars: ["path"] 43 + vars: 44 + ns: '{{.ns | default "flux-system"}}' 45 + ks: 46 + sh: flux --kubeconfig {{.KUBECONFIG_FILE}} --namespace {{.ns}} get kustomizations $(basename {{.path}}) 2>&1 47 + preconditions: 48 + - msg: Missing kubeconfig 49 + sh: test -f {{.KUBECONFIG_FILE}} 50 + - msg: Missing Flux Kustomization for app {{.path}} 51 + sh: test -f {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml 37 52 38 - hr-sync: 39 - desc: Sync all Flux HelmReleases 40 - cmds: 41 - - | 42 - kubectl get helmreleases --all-namespaces --no-headers | awk '{print $1, $2}' \ 43 - | xargs -P 4 -L 1 bash -c \ 44 - 'kubectl -n $0 annotate helmrelease/$1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --overwrite' 53 + reconcile: 54 + desc: Force update Flux to pull in changes from your Git repository 55 + cmd: flux --kubeconfig {{.KUBECONFIG_FILE}} reconcile --namespace flux-system kustomization cluster --with-source 56 + preconditions: 57 + - msg: Missing kubeconfig 58 + sh: test -f {{.KUBECONFIG_FILE}} 45 59 46 - tf-sync: 47 - desc: Sync Flux Terraforms 60 + github-deploy-key: 48 61 cmds: 49 - - | 50 - kubectl get terraforms --all-namespaces --no-headers | awk '{print $1, $2}' \ 51 - | xargs -P 4 -L 1 bash -c \ 52 - 'kubectl -n $0 annotate terraform/$1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --overwrite' 53 - hr-suspend: 54 - desc: Suspend all Flux HelmReleases 55 - cmds: 56 - - | 57 - flux get helmrelease --all-namespaces --no-header | awk '{print $1, $2}' \ 58 - | xargs -L 1 bash -c 'flux -n $0 suspend helmrelease $1' 59 - hr-resume: 60 - desc: Resume all Flux HelmReleases 61 - cmds: 62 - - | 63 - flux get helmrelease --all-namespaces --no-header | awk '{print $1, $2}' \ 64 - | xargs -L 1 bash -c 'flux -n $0 resume helmrelease $1' 62 + - kubectl create namespace flux-system --dry-run=client -o yaml | kubectl --kubeconfig {{.KUBECONFIG_FILE}} apply --filename - 63 + - sops --decrypt {{.GITHUB_DEPLOY_KEY_FILE}} | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename - 64 + preconditions: 65 + - msg: Missing kubeconfig 66 + sh: test -f {{.KUBECONFIG_FILE}} 67 + - msg: Missing Sops Age key file 68 + sh: test -f {{.AGE_FILE}} 69 + - msg: Missing Github deploy key file 70 + sh: test -f {{.GITHUB_DEPLOY_KEY_FILE}}

+93

Taskfile.yaml

··· 1 + --- 2 + # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 + version: "3" 4 + 5 + vars: 6 + # Directories 7 + BOOTSTRAP_DIR: "{{.ROOT_DIR}}/bootstrap" 8 + KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" 9 + PRIVATE_DIR: "{{.ROOT_DIR}}/.private" 10 + SCRIPTS_DIR: "{{.ROOT_DIR}}/scripts" 11 + # Files 12 + AGE_FILE: "{{.ROOT_DIR}}/age.key" 13 + BOOTSTRAP_CONFIG_FILE: "{{.ROOT_DIR}}/config.yaml" 14 + KUBECONFIG_FILE: "{{.ROOT_DIR}}/kubeconfig" 15 + MAKEJINJA_CONFIG_FILE: "{{.ROOT_DIR}}/makejinja.toml" 16 + PIP_REQUIREMENTS_FILE: "{{.ROOT_DIR}}/requirements.txt" 17 + SOPS_CONFIG_FILE: "{{.ROOT_DIR}}/.sops.yaml" 18 + # Binaries 19 + PYTHON_BIN: python3 20 + 21 + env: 22 + KUBECONFIG: "{{.KUBECONFIG_FILE}}" 23 + PYTHONDONTWRITEBYTECODE: "1" 24 + SOPS_AGE_KEY_FILE: "{{.AGE_FILE}}" 25 + VIRTUAL_ENV: "{{.ROOT_DIR}}/.venv" 26 + 27 + includes: 28 + kubernetes: .taskfiles/Kubernetes 29 + flux: .taskfiles/Flux 30 + repository: .taskfiles/Repository 31 + talos: .taskfiles/Talos 32 + sops: .taskfiles/Sops 33 + workstation: .taskfiles/Workstation 34 + externalsecrets: .taskfiles/ExternalSecrets 35 + user: 36 + taskfile: .taskfiles/User 37 + optional: true 38 + 39 + tasks: 40 + 41 + default: task --list 42 + 43 + init: 44 + desc: Initialize configuration files 45 + cmds: 46 + - cp -n {{.BOOTSTRAP_CONFIG_FILE | replace ".yaml" ".sample.yaml"}} {{.BOOTSTRAP_CONFIG_FILE}} 47 + - cmd: echo === Configuration file copied === 48 + - cmd: echo Proceed with updating the configuration files... 49 + - cmd: echo {{.BOOTSTRAP_CONFIG_FILE}} 50 + status: 51 + - test -f {{.BOOTSTRAP_CONFIG_FILE}} 52 + silent: true 53 + 54 + configure: 55 + desc: Configure repository from bootstrap vars 56 + prompt: Any conflicting config in the kubernetes directory will be overwritten... continue? 57 + deps: ["workstation:direnv", "workstation:venv", "sops:age-keygen", "init"] 58 + cmds: 59 + - task: .template 60 + - task: sops:encrypt 61 + - task: .validate 62 + 63 + .template: 64 + internal: true 65 + cmd: "{{.VIRTUAL_ENV}}/bin/makejinja" 66 + preconditions: 67 + - msg: Missing virtual environment 68 + sh: test -d {{.VIRTUAL_ENV}} 69 + - msg: Missing Makejinja config file 70 + sh: test -f {{.MAKEJINJA_CONFIG_FILE}} 71 + - msg: Missing Makejinja plugin file 72 + sh: test -f {{.BOOTSTRAP_DIR}}/scripts/plugin.py 73 + - msg: Missing bootstrap config file 74 + sh: test -f {{.BOOTSTRAP_CONFIG_FILE}} 75 + 76 + .validate: 77 + internal: true 78 + cmds: 79 + - task: kubernetes:kubeconform 80 + - cmd: echo === Done rendering and validating YAML === 81 + - cmd: | 82 + if [[ $KUBECONFIG != "{{.KUBECONFIG_FILE}}" ]]; then 83 + echo WARNING: KUBECONFIG is not set to the expected value, this may cause conflicts. 84 + fi 85 + - cmd: | 86 + if [[ $SOPS_AGE_KEY_FILE != "{{.AGE_FILE}}" ]]; then 87 + echo WARNING: SOPS_AGE_KEY_FILE is not set to the expected value, this may cause conflicts. 88 + fi 89 + - cmd: | 90 + if test -f ~/.config/sops/age/keys.txt; then 91 + echo WARNING: SOPS Age key found in home directory, this may cause conflicts. 92 + fi 93 + silent: true

-22

Taskfile.yml

··· 1 - --- 2 - version: "3" 3 - 4 - vars: 5 - PYTHON_BIN: python3 6 - KUBERNETES_DIR: "{{.ROOT_DIR}}/k8s" 7 - ANSIBLE_DIR: "{{.ROOT_DIR}}/provision/ansible" 8 - 9 - #env: 10 - #KUBECONFIG: "{{.KUBERNETES_DIR}}/k8s/nebula/kubeconfig:{{.KUBERNETES_DIR}}/k8s/media/kubeconfig" 11 - 12 - includes: 13 - ansible: .taskfiles/Ansible/Taskfile.yaml 14 - external-secrets: .taskfiles/ExternalSecrets/Taskfile.yaml 15 - flux: .taskfiles/Flux/Taskfile.yaml 16 - kubernetes: .taskfiles/Kubernetes/Taskfile.yaml 17 - volsync: .taskfiles/VolSync/Taskfile.yaml 18 - 19 - tasks: 20 - default: 21 - silent: true 22 - cmds: ["task -l"]

Configure Feed

Configure Feed