From 974cc295d1aeac310c7cbd909fb8f256300d1ffc Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 16 Jan 2024 14:07:21 -0500 Subject: [PATCH] feat: update taskfiles Signed-off-by: Devin Buhl --- .github/tests/config-k0s.yaml | 1 - .github/workflows/e2e.yaml | 9 +-- .taskfiles/Ansible/Taskfile.yaml | 71 ++++++++++--------- .taskfiles/Flux/Taskfile.yaml | 55 ++++++++------ .taskfiles/K0s/Taskfile.yaml | 33 +++++---- .taskfiles/Kubernetes/Taskfile.yaml | 13 +++- .../Kubernetes}/kubeconform.sh | 0 .taskfiles/Repo/Taskfile.yaml | 14 ++-- .taskfiles/Sops/Taskfile.yaml | 10 +-- .taskfiles/Workstation/Taskfile.yaml | 25 +++---- Taskfile.yaml | 53 ++++++++------ bootstrap/templates/ansible/.ansible-lint.j2 | 1 + .../playbooks/cluster-installation.yaml.j2 | 2 +- 13 files changed, 160 insertions(+), 127 deletions(-) rename {.github/scripts => .taskfiles/Kubernetes}/kubeconform.sh (100%) diff --git a/.github/tests/config-k0s.yaml b/.github/tests/config-k0s.yaml index 211e143095a..7442d9c13b0 100644 --- a/.github/tests/config-k0s.yaml +++ b/.github/tests/config-k0s.yaml @@ -1,4 +1,3 @@ -# Test: k0s --- ci_test: true diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 8f8fdf15d15..b3f12c0d323 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -112,13 +112,10 @@ jobs: shell: bash run: task configure --yes - - name: Run configure again to ensure idempotency - shell: bash - run: task configure --yes - - - name: Run kubeconform + - name: Run Ansible lint + if: ${{ steps.config-env.outputs.distribution == 'k3s' || steps.config-env.outputs.distribution == 'k0s' }} shell: bash - run: ./.github/scripts/kubeconform.sh ./kubernetes + run: task ansible:lint - name: List Hosts with Ansible if: ${{ steps.config-env.outputs.distribution == 'k3s' || steps.config-env.outputs.distribution == 'k0s' }} diff --git a/.taskfiles/Ansible/Taskfile.yaml b/.taskfiles/Ansible/Taskfile.yaml index b503d296bea..a232416e1db 100644 --- a/.taskfiles/Ansible/Taskfile.yaml +++ b/.taskfiles/Ansible/Taskfile.yaml @@ -4,7 +4,10 @@ version: "3" vars: PYTHON_BIN: python3 + ANSIBLE_LINT_FILE: "{{.ANSIBLE_DIR}}/.ansible-lint" ANSIBLE_INVENTORY_FILE: "{{.ANSIBLE_DIR}}/inventory/hosts.yaml" + ANSIBLE_REQUIREMENTS_FILE: "{{.ROOT_DIR}}/requirements.yaml" + PIP_REQUIREMENTS_FILE: "{{.ROOT_DIR}}/requirements.txt" env: PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH" @@ -31,66 +34,66 @@ tasks: playbook: Playbook to run (required) prompt: Run Ansible playbook '{{.playbook}}'... continue? deps: ["deps"] - cmd: | - .venv/bin/ansible-playbook --inventory {{.ANSIBLE_INVENTORY_FILE}} \ - {{.ANSIBLE_DIR}}/playbooks/{{.playbook}}.yaml {{.CLI_ARGS}} + cmd: .venv/bin/ansible-playbook --inventory {{.ANSIBLE_INVENTORY_FILE}} {{.ANSIBLE_DIR}}/playbooks/{{.playbook}}.yaml {{.CLI_ARGS}} preconditions: - - { msg: "Argument (playbook) is required", sh: "test -n {{.playbook}}" } - - { msg: "Venv not found", sh: "test -d {{.ROOT_DIR}}/.venv" } - - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" } - - { msg: "Playbook not found", sh: "test -f {{.ANSIBLE_DIR}}/playbooks/{{.playbook}}.yaml" } + - sh: test -n {{.playbook}} + - sh: test -d {{.ROOT_DIR}}/.venv + - sh: test -f {{.ANSIBLE_INVENTORY_FILE}} + - sh: test -f {{.ANSIBLE_DIR}}/playbooks/{{.playbook}}.yaml poweroff: desc: Shutdown all the k8s nodes deps: ["deps"] - cmd: | - .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} \ - -a '/usr/bin/systemctl poweroff' --become + cmd: .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} -a '/usr/bin/systemctl poweroff' --become preconditions: - - { msg: "Venv not found", sh: "test -d {{.ROOT_DIR}}/.venv" } - - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" } + - sh: test -d {{.ROOT_DIR}}/.venv + - sh: test -f {{.ANSIBLE_INVENTORY_FILE}} list: desc: List all the hosts deps: ["deps"] - cmd: | - .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} \ - --list-hosts + cmd: .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} --list-hosts preconditions: - - { msg: "Venv not found", sh: "test -d {{.ROOT_DIR}}/.venv" } - - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" } + - sh: test -d {{.ROOT_DIR}}/.venv + - sh: test -f {{.ANSIBLE_INVENTORY_FILE}} ping: desc: Ping all the hosts deps: ["deps"] - cmd: | - .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} \ - --one-line -m 'ping' + cmd: .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} --one-line -m 'ping' preconditions: - - { msg: "Venv not found", sh: "test -d {{.ROOT_DIR}}/.venv" } - - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" } + - sh: test -d {{.ROOT_DIR}}/.venv + - sh: test -f {{.ANSIBLE_INVENTORY_FILE}} uptime: desc: Uptime of all the hosts deps: ["deps"] - cmd: | - .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} \ - --one-line -a 'uptime' + cmd: .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} --one-line -a 'uptime' preconditions: - - { msg: "Venv not found", sh: "test -d {{.ROOT_DIR}}/.venv" } - - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" } + - sh: test -d {{.ROOT_DIR}}/.venv + - sh: test -f {{.ANSIBLE_INVENTORY_FILE}} + + lint: + desc: Lint Ansible + deps: ["deps"] + cmd: ./.venv/bin/ansible-lint --config-file {{.ANSIBLE_LINT_FILE}} {{.ANSIBLE_DIR}}/**/*.yaml + preconditions: + - sh: test -d {{.ANSIBLE_DIR}} + - sh: test -f {{.ANSIBLE_LINT_FILE}} .venv: internal: true cmds: - - true && {{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv + - "{{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv" - .venv/bin/python3 -m pip install --upgrade pip setuptools wheel - - .venv/bin/python3 -m pip install --upgrade --requirement "{{.ROOT_DIR}}/requirements.txt" - - .venv/bin/ansible-galaxy install --role-file "{{.ROOT_DIR}}/requirements.yaml" {{if eq .force "true"}}--force{{end}} - vars: - force: '{{.force | default "true"}}' + - .venv/bin/python3 -m pip install --upgrade --requirement "{{.PIP_REQUIREMENTS_FILE}}" + - .venv/bin/ansible-galaxy install --role-file "{{.ANSIBLE_REQUIREMENTS_FILE}}" {{if eq .force "true"}}--force{{end}} sources: - - "{{.ROOT_DIR}}/requirements.txt" - - "{{.ROOT_DIR}}/requirements.yaml" + - "{{.PIP_REQUIREMENTS_FILE}}" + - "{{.ANSIBLE_REQUIREMENTS_FILE}}" generates: - "{{.ROOT_DIR}}/.venv/pyvenv.cfg" + preconditions: + - sh: command -v {{.PYTHON_BIN}} + vars: + force: '{{.force | default "true"}}' diff --git a/.taskfiles/Flux/Taskfile.yaml b/.taskfiles/Flux/Taskfile.yaml index 72c26e283c5..cfdde0b8483 100644 --- a/.taskfiles/Flux/Taskfile.yaml +++ b/.taskfiles/Flux/Taskfile.yaml @@ -12,22 +12,26 @@ tasks: desc: Bootstrap Flux into a Kubernetes cluster cmds: # Install essential Prometheus Operator CRDs - - kubectl apply --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml - - kubectl apply --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml - - kubectl apply --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml - - kubectl apply --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml # Install Flux - - kubectl apply --server-side --kustomize {{.KUBERNETES_DIR}}/bootstrap + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --kustomize {{.KUBERNETES_DIR}}/bootstrap # Install Secrets and Kustomizations - - cat {{.ROOT_DIR}}/age.key | kubectl -n flux-system create secret generic sops-age --from-file=age.agekey=/dev/stdin - - sops --decrypt {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets.sops.yaml | kubectl apply --server-side --filename - - - sops --decrypt {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets-user.sops.yaml | kubectl apply --server-side --filename - - - kubectl apply --server-side --filename {{.KUBERNETES_DIR}}/flux/vars/cluster-settings.yaml - - kubectl apply --server-side --filename {{.KUBERNETES_DIR}}/flux/vars/cluster-settings-user.yaml - - kubectl apply --server-side --kustomize {{.KUBERNETES_DIR}}/flux/config + - cat {{.SOPS_AGE_FILE}} | kubectl -n flux-system create secret generic sops-age --from-file=age.agekey=/dev/stdin + - sops --decrypt {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets.sops.yaml | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename - + - sops --decrypt {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets-user.sops.yaml | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename - + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename {{.KUBERNETES_DIR}}/flux/vars/cluster-settings.yaml + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename {{.KUBERNETES_DIR}}/flux/vars/cluster-settings-user.yaml + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --kustomize {{.KUBERNETES_DIR}}/flux/config preconditions: - - { msg: "Flux already appears installed", sh: "kubectl get namespace flux-system &>/dev/null && exit 1 || exit 0" } - - { msg: "Age private key not found", sh: "test -f {{.ROOT_DIR}}/age.key" } + - sh: command -v flux + - sh: command -v kubectl + - sh: command -v sops + - sh: test -f {{.SOPS_AGE_FILE}} + - sh: test -f {{.KUBECONFIG_FILE}} + - sh: kubectl get namespace flux-system &>/dev/null && exit 1 || exit 0 apply: desc: Apply a Flux Kustomization resource for a cluster @@ -36,27 +40,36 @@ tasks: path: Path containing the Flux Kustomization resource (ks.yaml) (required) ns: Namespace the Flux Kustomization exists in (default: flux-system) cmd: | - flux build ks $(basename {{.path}}) \ + flux --kubeconfig {{.KUBECONFIG_FILE}} build ks $(basename {{.path}}) \ --namespace {{.ns}} \ --kustomization-file {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml \ --path {{.KUBERNETES_DIR}}/apps/{{.path}} \ {{- if contains "not found" .ks }}--dry-run \{{ end }} | \ - kubectl apply --server-side \ + kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side \ --field-manager=kustomize-controller -f - + preconditions: + - sh: command -v flux + - sh: command -v kubectl + - sh: test -f {{.KUBECONFIG_FILE}} + - sh: test -f {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml vars: path: '{{ or .path (fail "Argument (path) is required") }}' ns: '{{.ns | default "flux-system"}}' ks: - sh: flux --namespace {{.ns}} get kustomizations $(basename {{.path}}) 2>&1 - preconditions: - - { msg: "Kustomization file not found", sh: "test -f {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml" } + sh: flux --kubeconfig {{.KUBECONFIG_FILE}} --namespace {{.ns}} get kustomizations $(basename {{.path}}) 2>&1 reconcile: desc: Force update Flux to pull in changes from your Git repository - cmd: flux reconcile --namespace flux-system kustomization cluster --with-source + cmd: flux --kubeconfig {{.KUBECONFIG_FILE}} reconcile --namespace flux-system kustomization cluster --with-source + preconditions: + - sh: command -v flux + - sh: test -f {{.KUBECONFIG_FILE}} github-deploy-key: - cmd: sops --decrypt {{.KUBERNETES_DIR}}/bootstrap/github-deploy-key.sops.yaml | kubectl apply --server-side --filename - + cmd: sops --decrypt {{.KUBERNETES_DIR}}/bootstrap/github-deploy-key.sops.yaml | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename - preconditions: - - { msg: "Flux is not installed", sh: "kubectl get namespace flux-system &>/dev/null && exit 0 || exit 1" } + - sh: command -v kubectl + - sh: command -v sops + - sh: test -f {{.KUBECONFIG_FILE}} + - sh: kubectl get namespace flux-system &>/dev/null && exit 0 || exit 1 diff --git a/.taskfiles/K0s/Taskfile.yaml b/.taskfiles/K0s/Taskfile.yaml index 8b46765536a..7d247dacf0f 100644 --- a/.taskfiles/K0s/Taskfile.yaml +++ b/.taskfiles/K0s/Taskfile.yaml @@ -7,27 +7,34 @@ env: tasks: - kubeconfig: - desc: Gets k0s cluster kubeconfig - cmds: - - k0sctl kubeconfig --config {{.ROOT_DIR}}/k0s-config.yaml > kubeconfig - preconditions: - - { msg: "k0s-config.yaml not found", sh: "test -f {{.ROOT_DIR}}/k0s-config.yaml" } - apply: - desc: Apply k0s cluster k0s-config.yaml + desc: Apply k0s cluster config cmds: - - k0sctl apply --config {{.ROOT_DIR}}/k0s-config.yaml + - k0sctl apply --config {{.K0S_CONFIG_FILE}} - task: kubeconfig preconditions: - - { msg: "k0s-config.yaml not found", sh: "test -f {{.ROOT_DIR}}/k0s-config.yaml" } + - sh: command -v k0sctl + - sh: test -f {{.K0S_CONFIG_FILE}} reset: - desc: Resets the k0s cluster + desc: Resets k0s cluster + deps: [":ansible:deps"] cmds: - - k0sctl reset --config {{.ROOT_DIR}}/k0s-config.yaml + - k0sctl reset --config {{.K0S_CONFIG_FILE}} - task: :ansible:run vars: playbook: cluster-nuke preconditions: - - { msg: "k0s-config.yaml not found", sh: "test -f {{.ROOT_DIR}}/k0s-config.yaml" } + - sh: command -v k0sctl + - sh: test -f {{.K0S_CONFIG_FILE}} + + kubeconfig: + desc: Gets k0s cluster kubeconfig + cmd: k0sctl kubeconfig --config {{.K0S_CONFIG_FILE}} > {{.KUBECONFIG_FILE}} + sources: + - "{{.K0S_CONFIG_FILE}}" + generates: + - "{{.KUBECONFIG_FILE}}" + preconditions: + - sh: command -v k0sctl + - sh: test -f {{.K0S_CONFIG_FILE}} diff --git a/.taskfiles/Kubernetes/Taskfile.yaml b/.taskfiles/Kubernetes/Taskfile.yaml index 043c5952108..c3453809d13 100644 --- a/.taskfiles/Kubernetes/Taskfile.yaml +++ b/.taskfiles/Kubernetes/Taskfile.yaml @@ -2,6 +2,9 @@ # yaml-language-server: $schema=https://taskfile.dev/schema.json version: "3" +vars: + KUBECONFORM_SCRIPT: "{{.TASKFILE_DIR}}/.taskfiles/Kubernetes/kubeconform.sh" + tasks: mount: @@ -47,7 +50,7 @@ tasks: ns: '{{.ns | default "default"}}' claim: '{{ or .claim (fail "Argument (claim) is required") }}' preconditions: - - { msg: "PVC not found", sh: "kubectl -n {{.ns}} get persistentvolumeclaim {{.claim}}" } + - sh: kubectl -n {{.ns}} get persistentvolumeclaim {{.claim}} resources: desc: Gather common resources in your cluster, useful when asking for support @@ -65,3 +68,11 @@ tasks: certificaterequests ingresses pods + + kubeconform: + desc: Validate Kubernetes manifests with kubeconform + cmd: bash {{.KUBECONFORM_SCRIPT}} {{.KUBERNETES_DIR}} + preconditions: + - sh: command -v kubeconform + - sh: command -v kustomize + - sh: test -f {{.KUBECONFORM_SCRIPT}} diff --git a/.github/scripts/kubeconform.sh b/.taskfiles/Kubernetes/kubeconform.sh similarity index 100% rename from .github/scripts/kubeconform.sh rename to .taskfiles/Kubernetes/kubeconform.sh diff --git a/.taskfiles/Repo/Taskfile.yaml b/.taskfiles/Repo/Taskfile.yaml index 0377761882c..f5001a0c080 100644 --- a/.taskfiles/Repo/Taskfile.yaml +++ b/.taskfiles/Repo/Taskfile.yaml @@ -11,23 +11,23 @@ tasks: - rm -rf {{.ROOT_DIR}}/.github/tests - rm -rf {{.ROOT_DIR}}/.github/workflows/e2e.yaml # Move bootstrap directory to gitignored directory - - mkdir -p {{.ROOT_DIR}}/.private - - mv {{.BOOTSTRAP_DIR}} {{.ROOT_DIR}}/.private/bootstrap-{{now | date "150405"}} - - mv {{.ROOT_DIR}}/makejinja.toml {{.ROOT_DIR}}/.private/makejinja-{{now | date "150405"}}.toml + - mv {{.BOOTSTRAP_DIR}} {{.PRIVATE_DIR}}/bootstrap-{{now | date "150405"}} + - mv {{.MAKEJINJA_CONFIG_FILE}} {{.PRIVATE_DIR}}/makejinja-{{now | date "150405"}}.toml # Update renovate.json5 - sed -i {{if eq OS "darwin"}}''{{end}} 's/(..\.j2)\?(..\.j2)\?//g' {{.ROOT_DIR}}/.github/renovate.json5 preconditions: - - { msg: "bootstrap dir not found", sh: "test -d {{.BOOTSTRAP_DIR}}" } - - { msg: "renovate.json5 not found", sh: "test -f {{.ROOT_DIR}}/.github/renovate.json5" } + - sh: test -d {{.BOOTSTRAP_DIR}} + - sh: test -d {{.PRIVATE_DIR}} + - sh: test -f {{.ROOT_DIR}}/.github/renovate.json5 reset: desc: Reset templated configuration files prompt: Reset templated configuration files... continue? cmds: - - rm -rf {{.ROOT_DIR}}/.sops.yaml - - rm -rf {{.ROOT_DIR}}/k0s-config.yaml + - rm -rf {{.SOPS_CONFIG_FILE}} - rm -rf {{.ANSIBLE_DIR}} - rm -rf {{.KUBERNETES_DIR}} + - rm -rf {{.K0S_CONFIG_FILE}} force-reset: desc: Reset repo back to HEAD diff --git a/.taskfiles/Sops/Taskfile.yaml b/.taskfiles/Sops/Taskfile.yaml index c3e373a49f5..07b0524241a 100644 --- a/.taskfiles/Sops/Taskfile.yaml +++ b/.taskfiles/Sops/Taskfile.yaml @@ -6,9 +6,9 @@ tasks: age-keygen: desc: Initialize Age Key for Sops - cmd: age-keygen --output {{.ROOT_DIR}}/age.key + cmd: age-keygen --output {{.SOPS_AGE_FILE}} status: - - test -f "{{.ROOT_DIR}}/age.key" + - test -f "{{.SOPS_AGE_FILE}}" encrypt: desc: Encrypt a secret @@ -19,8 +19,8 @@ tasks: vars: claim: '{{ or .file (fail "Argument (file) is required") }}' preconditions: - - { msg: "Sops config not found", sh: "test -f {{.ROOT_DIR}}/.sops.yaml" } - - { msg: "Age key not found", sh: "test -f {{.ROOT_DIR}}/age.key" } + - sh: test -f {{.SOPS_CONFIG_FILE}} + - sh: test -f {{.SOPS_AGE_FILE}} encrypt:all: desc: Encrypt all Kubernetes SOPS secrets @@ -28,7 +28,7 @@ tasks: - for: { var: file } task: encrypt vars: - file: '{{.ITEM}}' + file: "{{.ITEM}}" vars: file: sh: find {{.KUBERNETES_DIR}} -type f -name "*.sops.*" diff --git a/.taskfiles/Workstation/Taskfile.yaml b/.taskfiles/Workstation/Taskfile.yaml index 209909e2de7..3e035afa5c9 100644 --- a/.taskfiles/Workstation/Taskfile.yaml +++ b/.taskfiles/Workstation/Taskfile.yaml @@ -2,34 +2,29 @@ # yaml-language-server: $schema=https://taskfile.dev/schema.json version: "3" +vars: + ARCHFILE: "{{.ROOT_DIR}}/.taskfiles/Workstation/Archfile" + BREWFILE: "{{.ROOT_DIR}}/.taskfiles/Workstation/Brewfile" + tasks: brew: desc: Install workstation dependencies with Brew - cmd: brew bundle --file {{.ROOT_DIR}}/.taskfiles/Workstation/Brewfile + cmd: brew bundle --file {{.BREWFILE}} preconditions: - sh: command -v brew - msg: | - Homebrew is not installed. Using MacOS, Linux or WSL? - Head over to https://brew.sh to get up and running. - - { msg: "Brewfile not found", sh: "test -f {{.ROOT_DIR}}/.taskfiles/Workstation/Brewfile" } + - sh: test -f {{.BREWFILE}} paru: desc: Install workstation dependencies with Paru - cmd: paru -Syu --needed --noconfirm --noprogressbar $(cat {{.ROOT_DIR}}/.taskfiles/Workstation/Archfile | xargs) + cmd: paru -Syu --needed --noconfirm --noprogressbar $(cat {{.ARCHFILE}} | xargs) preconditions: - sh: command -v paru - msg: | - Paru is not installed. Using ArchLinux? - Head over to https://github.com/Morganamilo/paru to get up and running. - - { msg: "Archfile not found", sh: "test -f {{.ROOT_DIR}}/.taskfiles/Workstation/Archfile" } + - sh: test -f {{.ARCHFILE}} yay: desc: Install workstation dependencies with Yay - cmd: yay -Syu --needed --noconfirm --noprogressbar $(cat {{.ROOT_DIR}}/.taskfiles/Workstation/Archfile | xargs) + cmd: yay -Syu --needed --noconfirm --noprogressbar $(cat {{.ARCHFILE}} | xargs) preconditions: - sh: command -v yay - msg: | - Yay is not installed. Using ArchLinux? - Head over to https://github.com/Jguer/yay to get up and running. - - { msg: "Archfile not found", sh: "test -f {{.ROOT_DIR}}/.taskfiles/Workstation/Archfile" } + - sh: test -f {{.ARCHFILE}} diff --git a/Taskfile.yaml b/Taskfile.yaml index 0c3385e1cf4..f9da7000619 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -3,12 +3,19 @@ version: "3" vars: - BOOTSTRAP_DIR: "{{.ROOT_DIR}}/bootstrap" + # Directories ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible" + BOOTSTRAP_DIR: "{{.ROOT_DIR}}/bootstrap" KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" - -env: - KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig" + PRIVATE_DIR: "{{.ROOT_DIR}}/.private" + # Files + BOOTSTRAP_ADDONS_FILE: "{{.BOOTSTRAP_DIR}}/vars/addons.yaml" + BOOTSTRAP_CONFIG_FILE: "{{.BOOTSTRAP_DIR}}/vars/config.yaml" + K0S_CONFIG_FILE: "{{.ROOT_DIR}}/k0s-config.yaml" + KUBECONFIG_FILE: "{{.ROOT_DIR}}/kubeconfig" + MAKEJINJA_CONFIG_FILE: "{{.ROOT_DIR}}/makejinja.toml" + SOPS_AGE_FILE: "{{.ROOT_DIR}}/age.key" + SOPS_CONFIG_FILE: "{{.ROOT_DIR}}/.sops.yaml" includes: ansible: .taskfiles/Ansible/Taskfile.yaml @@ -26,21 +33,22 @@ tasks: default: task -l init: - desc: Initialize configuration files + desc: Initialize template files and directories cmds: - - cp -n {{.BOOTSTRAP_DIR}}/vars/addons.sample.yaml {{.BOOTSTRAP_DIR}}/vars/addons.yaml - - cp -n {{.BOOTSTRAP_DIR}}/vars/config.sample.yaml {{.BOOTSTRAP_DIR}}/vars/config.yaml - - cmd: echo "=== Configuration files copied ===" + - mkdir -p {{.PRIVATE_DIR}} + - cp -n {{.BOOTSTRAP_ADDONS_FILE | replace ".yaml" ".sample.yaml"}} {{.BOOTSTRAP_ADDONS_FILE}} + - cp -n {{.BOOTSTRAP_CONFIG_FILE | replace ".yaml" ".sample.yaml"}} {{.BOOTSTRAP_CONFIG_FILE}} + - cmd: echo === Configuration files copied === silent: true - - cmd: echo "Proceed with updating the configuration files..." + - cmd: echo Proceed with updating the configuration files... silent: true - - cmd: echo "{{.BOOTSTRAP_DIR}}/vars/config.yaml" + - cmd: echo {{.BOOTSTRAP_CONFIG_FILE}} silent: true - - cmd: echo "{{.BOOTSTRAP_DIR}}/vars/addons.yaml" + - cmd: echo {{.BOOTSTRAP_ADDONS_FILE}} silent: true status: - - test -f "{{.BOOTSTRAP_DIR}}/vars/addons.yaml" - - test -f "{{.BOOTSTRAP_DIR}}/vars/config.yaml" + - test -f {{.BOOTSTRAP_ADDONS_FILE}} + - test -f {{.BOOTSTRAP_CONFIG_FILE}} configure: desc: Configure repository from Ansible vars @@ -56,22 +64,21 @@ tasks: env: ANSIBLE_DISPLAY_SKIPPED_HOSTS: "false" preconditions: - - { msg: "addons file not found", sh: "test -f {{.BOOTSTRAP_DIR}}/vars/addons.yaml" } - - { msg: "config file not found", sh: "test -f {{.BOOTSTRAP_DIR}}/vars/config.yaml" } + - sh: test -f {{.BOOTSTRAP_ADDONS_FILE}} + - sh: test -f {{.BOOTSTRAP_CONFIG_FILE}} .template: internal: true cmds: - - ./.venv/bin/makejinja --force + - ./.venv/bin/makejinja --keep-trailing-newline --force - task: sops:encrypt:all preconditions: - - { msg: "bootstrap addons file not found", sh: "test -f {{.BOOTSTRAP_DIR}}/vars/addons.yaml" } - - { msg: "bootstrap config file not found", sh: "test -f {{.BOOTSTRAP_DIR}}/vars/config.yaml" } - - { msg: "makejinja loader file not found", sh: "test -f {{.BOOTSTRAP_DIR}}/scripts/loader.py" } - - { msg: "makejinja config file not found", sh: "test -f {{.ROOT_DIR}}/makejinja.toml" } + - sh: test -f {{.BOOTSTRAP_ADDONS_FILE}} + - sh: test -f {{.BOOTSTRAP_CONFIG_FILE}} + - sh: test -f {{.BOOTSTRAP_DIR}}/scripts/loader.py + - sh: test -f {{.MAKEJINJA_CONFIG_FILE}} .post-validate: internal: true - cmd: ./.github/scripts/kubeconform.sh {{.KUBERNETES_DIR}} - preconditions: - - { msg: "kubeconform file not found", sh: "test -f ./.github/scripts/kubeconform.sh" } + cmds: + - task: kubernetes:kubeconform diff --git a/bootstrap/templates/ansible/.ansible-lint.j2 b/bootstrap/templates/ansible/.ansible-lint.j2 index 59c41dc3953..36f6b441462 100644 --- a/bootstrap/templates/ansible/.ansible-lint.j2 +++ b/bootstrap/templates/ansible/.ansible-lint.j2 @@ -1,4 +1,5 @@ skip_list: + - yaml[commas] - yaml[line-length] - var-naming warn_list: diff --git a/bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2 index 32395392536..0f0bd3edf5d 100644 --- a/bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2 +++ b/bootstrap/templates/ansible/playbooks/cluster-installation.yaml.j2 @@ -46,7 +46,7 @@ wait_sleep: 10 wait_timeout: 360 loop: - - { name: cilium, kind: HelmChart, namespace: kube-system } + - { name: cilium, kind: HelmChart, namespace: kube-system } # noqa: yaml[commas] - { name: coredns, kind: HelmChart, namespace: kube-system } - name: Coredns