Skip to content

Commit

Permalink
chore(yaskfile): hey ho lets go
Browse files Browse the repository at this point in the history
Signed-off-by: Devin Buhl <[email protected]>
  • Loading branch information
onedr0p committed Oct 24, 2024
1 parent 71a0bac commit ec7c520
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 118 deletions.
12 changes: 3 additions & 9 deletions .taskfiles/bootstrap/Taskfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,8 @@ vars:
tasks:

kubernetes:
desc: Bootstrap a Talos Kubernetes cluster backed by flux, sops, and rook
prompt: Bootstrap a Talos Kubernetes cluster ... continue?
summary: |-
CLUSTER: Cluster to run command against (default: main)
NODES: Nodes in the cluster (default: k8s-0,k8s-1,k8s-2,k8s-3,k8s-4,k8s-5)
ROOK_DISK: Rook disk to reset (default: /dev/nvme0n1)
desc: Bootstrap a Kubernetes cluster [CLUSTER=main] [NODES=k8s-0,k8s-1,...] [ROOK_DISK=/dev/nvme0n1]
prompt: Bootstrap a Kubernetes cluster ... continue?
vars: &vars
CLUSTER: '{{.CLUSTER}}'
NODES: '{{.NODES | default "k8s-0,k8s-1,k8s-2,k8s-3,k8s-4,k8s-5"}}'
Expand Down Expand Up @@ -138,9 +134,7 @@ tasks:

# Ref: https://github.com/onedr0p/home-service
matchbox:
desc: Sync required Matchbox configuration to PXE Boot machine
summary: |-
CLUSTER: Cluster to run command against (default: main)
desc: Sync required Matchbox config to PXEBoot machine [CLUSTER=main]
dotenv: ['{{.CLUSTER_DIR}}/bootstrap/config.env']
cmds:
- for: { var: ASSETS }
Expand Down
16 changes: 3 additions & 13 deletions .taskfiles/kubernetes/Taskfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,7 @@ version: '3'
tasks:

apply-ks:
desc: Apply a Flux Kustomization resource for a cluster
summary: |-
CLUSTER: Cluster to run command against (default: main)
PATH: Path to the Flux Kustomization resource from the apps base dir (required, e.g. default/plex)
NS: Namespace the Flux Kustomization exists in (default: flux-system)
desc: Apply a Flux Kustomization resource for a cluster [CLUSTER=main] [PATH=required] [NS=flux-system]
cmd: >
flux build --namespace {{.NS}} ks {{base .PATH}}
--kustomization-file {{.CLUSTER_DIR}}/apps/{{.PATH}}/ks.yaml
Expand All @@ -27,11 +23,7 @@ tasks:
- test -f {{.CLUSTER_DIR}}/apps/{{.PATH}}/ks.yaml

browse-pvc:
desc: Exec into a container to browse a PersistentVolumeClaim
summary: |-
CLUSTER: Cluster to run command against (default: main)
NS: Namespace to browse PersistentVolumeClaims in (default: default)
CLAIM: PersistentVolumeClaim to browse (required)
desc: Mount PVC to an temp container for browsing [CLUSTER=main] [NS=default] [CLAIM=required]
interactive: true
cmd: kubectl browse-pvc --namespace {{.NS}} --image docker.io/library/alpine:latest {{.CLAIM}}
vars:
Expand All @@ -42,9 +34,7 @@ tasks:
- kubectl --namespace {{.NS}} get persistentvolumeclaims {{.CLAIM}}

sync-secrets:
desc: Sync all ExternalSecrets
summary: |-
CLUSTER: Cluster to run command against (default: main)
desc: Sync all ExternalSecrets [CLUSTER=main]
cmd: >
kubectl get externalsecret --all-namespaces --no-headers -A | awk '{print $1, $2}'
| xargs --max-procs=2 -l bash -c 'kubectl --namespace "$0" annotate externalsecret "$1" force-sync="{{now | unixEpoch}}" --overwrite'
Expand Down
32 changes: 7 additions & 25 deletions .taskfiles/talos/Taskfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,12 @@ version: '3'
tasks:

apply-config:
desc: Apply Talos configuration to a node
summary: |-
CLUSTER: Cluster to run command against (default: main)
HOSTNAME: Node to apply configuration to (required)
desc: Apply Talos config to a node [CLUSTER=main] [HOSTNAME=required] [MODE=auto|no-reboot|reboot]
cmd: >
sops exec-file {{.CLUSTER_DIR}}/bootstrap/talos/assets/{{.HOSTNAME}}.secret.sops.yaml "minijinja-cli --env --trim-blocks --lstrip-blocks --autoescape=none {}"
| talosctl apply-config --mode={{.MODE}} --nodes {{.HOSTNAME}} --file /dev/stdin
vars:
MODE: '{{.MODE | default "no-reboot"}}'
MODE: '{{.MODE | default "auto"}}'
env:
KUBERNETES_VERSION:
sh: kubectl get node {{.HOSTNAME}} --output=jsonpath="{.status.nodeInfo.kubeletVersion}"
Expand All @@ -27,12 +24,8 @@ tasks:
- talosctl --nodes {{.HOSTNAME}} get machineconfig &>/dev/null

upgrade-node:
desc: Upgrade Talos on a single node
desc: Upgrade Talos on a single node [CLUSTER=main] [HOSTNAME=required] [VERSION=required]
prompt: Upgrade Talos node '{{.HOSTNAME}}' on the '{{.CLUSTER}}' cluster to {{.VERSION}} ... continue?
summary: |-
CLUSTER: Cluster to run command against (default: main)
HOSTNAME: Node to upgrade (required)
VERSION: Talos version to upgrade to (required)
cmds:
- task: '{{if ne .ROLLOUT true}}down{{else}}noop{{end}}'
- talosctl --nodes {{.HOSTNAME}} upgrade --image="factory.talos.dev/installer/{{.SCHEMATIC_ID}}:{{.VERSION}}" --timeout=10m
Expand All @@ -50,11 +43,8 @@ tasks:
- curl -fsSL -o /dev/null --fail https://github.com/siderolabs/talos/releases/tag/{{.VERSION}}

upgrade-cluster:
desc: Upgrade Talos on the whole cluster
desc: Upgrade Talos across the whole cluster [CLUSTER=main] [VERSION=required]
prompt: Upgrade Talos cluster '{{.CLUSTER}}' to {{.VERSION}} ... continue?
summary: |-
CLUSTER: Cluster to run command against (default: main)
VERSION: Talos version to upgrade to (required)
cmds:
- task: down
- for: { var: HOSTNAMES }
Expand All @@ -71,10 +61,7 @@ tasks:
vars: [CLUSTER, VERSION]

upgrade-k8s:
desc: Upgrade Kubernetes
summary: |-
CLUSTER: Cluster to run command against (default: main)
VERSION: Kubernetes version to upgrade to (required)
desc: Upgrade Kubernetes across the whole cluster [CLUSTER=main] [VERSION=required]
prompt: Upgrade Kubernetes cluster '{{.CLUSTER}}' to {{.VERSION}} ... continue?
cmds:
- task: down
Expand All @@ -92,10 +79,7 @@ tasks:
- curl -fsSL -o /dev/null --fail https://github.com/siderolabs/kubelet/releases/tag/{{.VERSION}}

reset-node:
desc: Reset a Talos node and shut it down
summary: |-
CLUSTER: Cluster to run command against (default: main)
HOSTNAME: Node to reset (required)
desc: Reset Talos on a single node [CLUSTER=main] [HOSTNAME=required]
prompt: Reset Talos node '{{.HOSTNAME}}' on the '{{.CLUSTER}}' cluster ... continue?
cmd: talosctl reset --nodes {{.HOSTNAME}} --graceful=false
requires:
Expand All @@ -106,9 +90,7 @@ tasks:
- talosctl --nodes {{.HOSTNAME}} get machineconfig &>/dev/null

reset-cluster:
desc: Reset all the Talos nodes and shut 'em down
summary: |-
CLUSTER: Cluster to run command against (default: main)
desc: Reset Talos across the whole cluster [CLUSTER=main]
prompt: Reset Talos cluster '{{.CLUSTER}}' ... continue?
cmd: talosctl reset --nodes {{.HOSTNAMES}} --graceful=false
vars:
Expand Down
90 changes: 22 additions & 68 deletions .taskfiles/volsync/Taskfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,39 +14,26 @@ vars:
tasks:

state-*:
desc: Suspend or Resume Volsync
summary: |-
CLUSTER: Cluster to run command against (default: main)
STATE: resume or suspend (required)
desc: Suspend or resume Volsync [CLUSTER=main]
cmds:
# - until kubectl wait jobs --all --all-namespaces --for=condition=complete --timeout=5m &>/dev/null; do sleep 5; done
- flux {{.STATE}} kustomization volsync
- flux --namespace {{.NS}} {{.STATE}} helmrelease volsync
- kubectl --namespace {{.NS}} scale deployment --all --replicas {{if eq .STATE "suspend"}}0{{else}}1{{end}}
- flux --namespace volsync-system {{.STATE}} helmrelease volsync
- kubectl --namespace volsync-system scale deployment --all --replicas {{if eq .STATE "suspend"}}0{{else}}1{{end}}
vars:
NS: '{{.NS | default "volsync-system"}}'
STATE: '{{index .MATCH 0}}'
requires:
vars: [CLUSTER]

unlock:
desc: Unlock all Restic repositories
summary: |-
CLUSTER: Cluster to run command against (default: main)
desc: Unlock all Restic repos [CLUSTER=main]
cmd: >
kubectl get replicationsources --all-namespaces --no-headers -A | awk '{print $1, $2}'
| xargs --max-procs=2 -l bash -c 'kubectl --namespace "$0" patch --field-manager=flux-client-side-apply replicationsources "$1" --type merge --patch "{\"spec\":{\"restic\":{\"unlock\":\"{{now | unixEpoch}}\"}}}"'
requires:
vars: [CLUSTER]

# To run backup jobs in parallel for all replicationsources:
# - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task volsync:snapshot APP=$0 NS=$1'
snapshot:
desc: Snapshot an application
summary: |-
CLUSTER: Cluster to run command against (default: main)
NS: Namespace the application is in (default: default)
APP: Application to snapshot (required)
desc: Snapshot an app [CLUSTER=main] [NS=default] [APP=required]
cmds:
- kubectl --namespace {{.NS}} patch replicationsources {{.APP}} --type merge -p '{"spec":{"trigger":{"manual":"{{now | unixEpoch}}"}}}'
- until kubectl --namespace {{.NS}} get job/{{.JOB}} &>/dev/null; do sleep 5; done
Expand All @@ -59,46 +46,34 @@ tasks:
preconditions:
- kubectl --namespace {{.NS}} get replicationsources {{.APP}}

# To run restore jobs in parallel for all replicationdestinations:
# - kubectl get replicationsources --all-namespaces --no-headers | awk '{print $2, $1}' | xargs --max-procs=4 -l bash -c 'task volsync:restore APP=$0 NS=$1'
restore:
desc: Restore an application
summary: |-
CLUSTER: Cluster to run command against (default: main)
NS: Namespace the application is in (default: default)
APP: Application to restore (required)
PREVIOUS: Previous number of snapshots to restore (default: 2)
cmds:
- task: .suspend
- task: .restore
- task: .resume
requires:
vars: [CLUSTER, APP]

.suspend:
internal: true
desc: Restore an app [CLUSTER=main] [NS=default] [APP=required] [PREVIOUS=required]
cmds:
# Suspend
- flux --namespace flux-system suspend kustomization {{.APP}}
- flux --namespace {{.NS}} suspend helmrelease {{.APP}}
- kubectl --namespace {{.NS}} scale {{.CONTROLLER}}/{{.APP}} --replicas 0
- kubectl --namespace {{.NS}} wait pod --for=delete --selector="app.kubernetes.io/name={{.APP}}" --timeout=5m
vars:
NS: '{{.NS | default "default"}}'
APP: '{{.APP}}'
CONTROLLER:
sh: kubectl --namespace {{.NS}} get deployment {{.APP}} &>/dev/null && echo deployment || echo statefulset

.restore:
internal: true
cmds:
# Restore
- minijinja-cli --env --trim-blocks --lstrip-blocks --autoescape=none {{.VOLSYNC_RESOURCES_DIR}}/replicationdestination.yaml.j2 | kubectl apply --server-side --filename -
- until kubectl --namespace {{.NS}} get job/{{.JOB}} &>/dev/null; do sleep 5; done
- kubectl --namespace {{.NS}} wait job/{{.JOB}} --for=condition=complete --timeout=120m
- kubectl --namespace {{.NS}} delete replicationdestination {{.JOB}}
# Resume
- flux --namespace {{.NS}} resume helmrelease {{.APP}}
- flux --namespace flux-system resume kustomization {{.APP}}
- kubectl --namespace {{.NS}} scale {{.CONTROLLER}}/{{.APP}} --replicas 1
- kubectl --namespace {{.NS}} wait pod --for=condition=ready --selector="app.kubernetes.io/name={{.APP}}" --timeout=5m
vars:
NS: '{{.NS | default "default"}}'
JOB: volsync-dst-{{.APP}}
PREVIOUS: '{{.PREVIOUS | default 2}}'
CONTROLLER:
sh: kubectl --namespace {{.NS}} get deployment {{.APP}} &>/dev/null && echo deployment || echo statefulset
env:
NS: '{{.NS}}'
APP: '{{.APP}}'
PREVIOUS: '{{.PREVIOUS}}'
JOB: '{{.JOB}}'
CLAIM:
sh: kubectl --namespace {{.NS}} get replicationsources/{{.APP}} --output=jsonpath="{.spec.sourcePVC}"
ACCESS_MODES:
Expand All @@ -109,28 +84,7 @@ tasks:
sh: kubectl --namespace {{.NS}} get replicationsources/{{.APP}} --output=jsonpath="{.spec.restic.moverSecurityContext.runAsUser}"
PGID:
sh: kubectl --namespace {{.NS}} get replicationsources/{{.APP}} --output=jsonpath="{.spec.restic.moverSecurityContext.runAsGroup}"
env:
NS: '{{.NS}}'
JOB: '{{.JOB}}'
APP: '{{.APP}}'
PREVIOUS: '{{.PREVIOUS}}'
CLAIM: '{{.CLAIM}}'
ACCESS_MODES: '{{.ACCESS_MODES}}'
STORAGE_CLASS_NAME: '{{.STORAGE_CLASS_NAME}}'
PUID: '{{.PUID}}'
PGID: '{{.PGID}}'
requires:
vars: [CLUSTER, APP, PREVIOUS]
preconditions:
- test -f {{.VOLSYNC_RESOURCES_DIR}}/replicationdestination.yaml.j2

.resume:
internal: true
cmds:
- flux --namespace {{.NS}} resume helmrelease {{.APP}}
- flux --namespace flux-system resume kustomization {{.APP}}
- kubectl --namespace {{.NS}} scale {{.CONTROLLER}}/{{.APP}} --replicas 1
- kubectl --namespace {{.NS}} wait pod --for=condition=ready --selector="app.kubernetes.io/name={{.APP}}" --timeout=5m
vars:
NS: '{{.NS | default "default"}}'
APP: '{{.APP}}'
CONTROLLER:
sh: kubectl --namespace {{.NS}} get deployment {{.APP}} &>/dev/null && echo deployment || echo statefulset
6 changes: 3 additions & 3 deletions .taskfiles/volsync/resources/replicationdestination.yaml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ spec:
storageClassName: {{ ENV.STORAGE_CLASS_NAME }}
accessModes: {{ ENV.ACCESS_MODES }}
previous: {{ ENV.PREVIOUS }}
enableFileDeletion: true
cleanupCachePVC: true
cleanupTempPVC: true
moverSecurityContext:
runAsUser: {{ ENV.PUID }}
runAsGroup: {{ ENV.PGID }}
fsGroup: {{ ENV.PGID }}
enableFileDeletion: true
cleanupCachePVC: true
cleanupTempPVC: true

0 comments on commit ec7c520

Please sign in to comment.