-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTaskfile.yaml
79 lines (72 loc) · 3.28 KB
/
Taskfile.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
version: '3'
tasks:
up:
desc: Builds end to end an AKS environment
cmds:
- task: init
- task: apply
- task: creds
- task: provider-config
init:
cmds:
- terraform -chdir=./infrastructure workspace new {{.REGION}} || true
- terraform -chdir=./infrastructure workspace select {{.REGION}}
- terraform -chdir=./infrastructure init
vars:
REGION: '{{default "southcentralus" .CLI_ARGS}}'
apply:
cmds:
- terraform -chdir=./infrastructure apply -auto-approve -var "region={{.REGION}}"
vars:
REGION: '{{default "southcentralus" .CLI_ARGS}}'
creds:
desc: Grab AKS credentials
cmds:
- az aks get-credentials -g {{.RG}} -n {{.AKS}} --overwrite-existing
- sed -i s/devicecode/azurecli/g ~/.kube/config
vars:
RG:
sh: terraform -chdir=./infrastructure output -raw AKS_RESOURCE_GROUP
AKS:
sh: terraform -chdir=./infrastructure output -raw AKS_CLUSTER_NAME
provider-config:
desc: Update upbound azure provider configuration
cmds:
- export AKS_TENANT_ID={{.AKS_TENANT_ID}} ;
export AKS_SUBSCRIPTION_ID={{.AKS_SUBSCRIPTION_ID}} ;
export UMI_CLIENT_ID={{.UMI_CLIENT_ID}} ;
envsubst < ./cluster-configs/management/upbound-providers-config/azure-config.tmpl > ./cluster-configs/management/upbound-providers-config/azure-config.yaml
- git add ./cluster-configs/management/upbound-providers-config/azure-config.yaml
- git commit -m "Updated Azure configuration"
- git push
vars:
AKS_TENANT_ID:
sh: terraform -chdir=./infrastructure output -raw AKS_TENANT_ID
AKS_SUBSCRIPTION_ID:
sh: terraform -chdir=./infrastructure output -raw AKS_SUBSCRIPTION_ID
UMI_CLIENT_ID:
sh: terraform -chdir=./infrastructure output -raw UMI_CLIENT_ID
federate-serviceaccount:
desc: Federate Service Accounts for Identity Access
cmds:
- task: creds
- kubectl -n upbound-system patch deployment {{.CURRENT_REVISION}} -p '{"spec":{"template":{"metadata":{"labels":{"azure.workload.identity/use":"true"}}}}}'
- kubectl -n {{.NAMESPACE}} label serviceaccount {{.CURRENT_REVISION}} azure.workload.identity/use=true
- bash ./scripts/federate-workload-identity.sh -c {{.AKS}} -g {{.RG}} -n {{.NAMESPACE}} -a {{.CURRENT_REVISION}} -i {{.UMI_CLIENT_NAME}}
- kubectl -n {{.NAMESPACE}} rollout restart deployment {{.CURRENT_REVISION}}
vars:
AKS:
sh: terraform -chdir=./infrastructure output -raw AKS_CLUSTER_NAME
RG:
sh: terraform -chdir=./infrastructure output -raw AKS_RESOURCE_GROUP
NAMESPACE:
sh: terraform -chdir=./infrastructure output -raw NAMESPACE
UMI_CLIENT_NAME:
sh: terraform -chdir=./infrastructure output -raw UMI_CLIENT_NAME
CURRENT_REVISION:
sh: kubectl -n {{.NAMESPACE}} get providers.pkg.crossplane.io provider-azure -o jsonpath='{.status.currentRevision}'
down:
desc: Destroys all Azure resources and cleans up Terraform
cmds:
- az group list --tag Application="Crossplane Demo Application" --query "[].name" -o tsv | xargs -ot -n 1 az group delete -y --verbose --no-wait -n || true
- cd ./infrastructure; rm -rf terraform.tfstate.d .terraform.lock.hcl .terraform terraform.tfstate terraform.tfstate.backup .terraform.tfstate.lock.info || true