-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTaskfile.yaml
211 lines (189 loc) · 7.33 KB
/
Taskfile.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
version: "3"
env:
CLUSTER_NAME: K8s_cloud_deployment_toolset
CIVO_REGION: NYC1
GCP_REGION: us-central1
GCP_ZONE: us-central1-a
# Set default gum style options
BORDER: double
BORDER_FOREGROUND: "212"
PADDING: "1 1"
MARGIN: "1 1"
# Civo Tasks
tasks:
# Authenticate the Civo CLI
civo:00-authenticate-cli:
cmds:
- cmd: |
gum style "$(cat <<EOF
To get an API key you need to:
---
1. Log in or create an account at https://dashboard.civo.com/
2. Create a team at https://dashboard.civo.com/teams
3. Add yourself to the team
4. Navigate to https://dashboard.civo.com/security to get the api key
🚨🚨🚨 NOTE: Sometimes account verification required for new accounts
(so sign up before you want to use it!) 🚨🚨🚨
EOF
)"
silent: true
- civo apikey save
- civo apikey ls
- cmd: gum style "run \`civo apikey current <KEY_NAME>\` to set the current key as the default (if it is not already)"
silent: true
desc: Authenticate the Civo CLI
# Create a Civo network
civo:01-create-network:
cmds:
- civo network create ${CLUSTER_NAME} --region ${CIVO_REGION}
desc: Create a Civo network
# Create a Civo firewall and set up rules
civo:02-create-firewall:
cmds:
- |
civo firewall create ${CLUSTER_NAME} \
--network ${CLUSTER_NAME} \
--create-rules false \
--region ${CIVO_REGION}
- |
ingress_rule_ids=$(civo firewall rule ls --region ${CIVO_REGION} ${CLUSTER_NAME} -o json | jq -r '.[] | select(.direction == "ingress") | .id')
for rule_id in $ingress_rule_ids; do
civo firewall rule remove ${CLUSTER_NAME} $rule_id -y --region ${CIVO_REGION}
done
- civo firewall rule create ${CLUSTER_NAME} --startport 80 --endport 80 --cidr 0.0.0.0/0 --protocol TCP --region ${CIVO_REGION}
- civo firewall rule create ${CLUSTER_NAME} --startport 443 --endport 443 --cidr 0.0.0.0/0 --protocol TCP --region ${CIVO_REGION}
- civo firewall rule create ${CLUSTER_NAME} --startport 6443 --endport 6443 --cidr 0.0.0.0/0 --protocol TCP --region ${CIVO_REGION}
- cmd: gum style "🚨 If you wanted to lock down access to the k8s api, you could instead only allow traffic on 6443 from your IP (or that of a bastion host)"
silent: true
desc: Create a Civo firewall and set up rules
# Create a Civo Kubernetes cluster
civo:03-create-cluster:
cmds:
- |
civo kubernetes create ${CLUSTER_NAME} \
--region ${CIVO_REGION} \
--network ${CLUSTER_NAME} \
--existing-firewall ${CLUSTER_NAME} \
--nodes 2 \
--size g4s.kube.medium \
--remove-applications "traefik2-nodeport" \
--wait
desc: Create a Civo Kubernetes cluster
# Create the Civo network, firewall, and cluster in sequence
civo:04-create-all:
cmds:
- task: civo:01-create-network
- task: civo:02-create-firewall
- task: civo:03-create-cluster
desc: Create the Civo network, firewall, and cluster in sequence
# Get kubeconfig for the cluster
civo:05-get-kubeconfig:
cmds:
- civo kubernetes config ${CLUSTER_NAME} --region ${CIVO_REGION} --save --switch
desc: Get kubeconfig for the cluster
# Clean up the Civo Kubernetes cluster and associated resources
civo:06-clean-up:
cmds:
- civo kubernetes delete ${CLUSTER_NAME} --region ${CIVO_REGION} -y
- cmd: gum style "There is some delay on the civo side from cluster being deleted to it being removed from the firewall rule usage"
silent: true
- sleep 10
- civo firewall delete ${CLUSTER_NAME} --region ${CIVO_REGION} -y
- civo network delete ${CLUSTER_NAME} --region ${CIVO_REGION} -y
desc: Clean up the Civo Kubernetes cluster and associated resources
# GCP Tasks
# Authenticate and configure the gcloud CLI
gcp:01-init-cli:
cmds:
- gcloud init
desc: "Authenticate and configure the gcloud CLI"
# Enable necessary APIs
gcp:02-enable-apis:
cmds:
- |
gcloud services enable \
compute.googleapis.com \
container.googleapis.com \
cloudresourcemanager.googleapis.com \
iam.googleapis.com \
secretmanager.googleapis.com \
servicemanagement.googleapis.com \
serviceusage.googleapis.com
desc: "Enable necessary APIs"
# Set default region and zone
gcp:03-set-region-and-zone:
cmds:
- gcloud config set compute/region ${GCP_REGION}
- gcloud config set compute/zone ${GCP_ZONE}
desc: "Set default region and zone"
# Create VPC
gcp:04-create-vpc:
cmds:
- gcloud compute networks create ${CLUSTER_NAME} --subnet-mode=custom
desc: "Create VPC"
# Create subnet
gcp:05-create-subnet:
cmds:
- |
gcloud compute networks subnets create subnet-1 \
--network=${CLUSTER_NAME} \
--region=${GCP_REGION} \
--range=10.0.0.0/20
desc: "Create subnet"
# Create GKE cluster
gcp:06-create-cluster:
desc: "Create GKE cluster"
vars:
GCP_PROJECT_ID: kubernetes-course-424917
cmds:
- |
gcloud container clusters create ${CLUSTER_NAME} \
--zone ${GCP_ZONE} \
--network ${CLUSTER_NAME} \
--subnetwork subnet-1 \
--machine-type e2-standard-2 \
--num-nodes 2 \
--gateway-api=standard \
--workload-pool={{.GCP_PROJECT_ID}}.svc.id.goog
# Create the GCP network, subnet, firewall rules, and cluster in sequence
gcp:07-create-all:
cmds:
- task: gcp:02-enable-apis
- task: gcp:03-set-region-and-zone
- task: gcp:04-create-vpc
- task: gcp:05-create-subnet
- task: gcp:06-create-cluster
desc: Create the GCP network, subnet, firewall rules, and cluster in sequence
# Delete the GCP network, subnet, firewall rules, and cluster in reverse sequence
gcp:09-clean-up:
cmds:
- gcloud container clusters delete ${CLUSTER_NAME} --zone ${GCP_ZONE} --quiet
- gcloud compute networks subnets delete subnet-1 --region=${GCP_REGION} --quiet
- gcloud compute networks delete ${CLUSTER_NAME} --quiet
desc: Delete the GCP network, subnet, firewall rules, and cluster in reverse sequence
# Connect to the GKE cluster
gcp:08-connect-to-cluster:
cmds:
- gcloud container clusters get-credentials ${CLUSTER_NAME} --zone ${GCP_ZONE}
desc: "Connect to the GKE cluster"
# KinD Tasks
# Generate kind config with local absolute paths for PV mounts
kind:01-generate-config:
cmds:
- REPLACE_WITH_ABSOLUTE_PATH=${PWD} envsubst < kind-config.yaml.TEMPLATE > kind-config.yaml
desc: "Generate kind config with local absolute paths for PV mounts"
# Create a Kubernetes cluster using kind
kind:02-create-cluster:
cmds:
- kind create cluster --config kind-config.yaml
desc: Create a Kubernetes cluster using kind
# Run sigs.k8s.io/cloud-provider-kind@latest to enable load balancer services with KinD
kind:03-run-cloud-provider-kind:
desc: "Run sigs.k8s.io/cloud-provider-kind@latest to enable load balancer services with KinD"
cmds:
- sudo cloud-provider-kind
# Delete an existing kind Kubernetes cluster
kind:04-delete-cluster:
cmds:
- kind delete cluster
desc: Delete an existing kind Kubernetes cluster