V2.1 GCP Reference Implementation - Streamline install process

.gitignore

@@ -38,3 +38,5 @@ override.tf.json
 terraform.rc
 
 /private/
+config.yaml
+.task/

.taskrc.yml

@@ -0,0 +1,2 @@
+experiments:
+  ENV_PRECEDENCE: 1

Taskfile.test.yml

@@ -0,0 +1,19 @@
+# https://taskfile.dev
+version: "3"
+
+tasks:
+  test:gke:create:
+    deps:
+      - task: gcp:init
+    env:
+      KUBECONFIG:
+        sh: echo ${HOME}/.kube/config
+    cmds:
+      - gcloud container clusters create-auto "$(yq '.cluster_name' {{.CONFIG_FILE}})" --enable-dns-access
+      - gcloud container clusters get-credentials "$(yq '.cluster_name' {{.CONFIG_FILE}})"
+
+  test:gke:destroy:
+    deps:
+      - task: gcp:init
+    cmds:
+      - gcloud container clusters delete "$(yq '.cluster_name' {{.CONFIG_FILE}})" --quiet

Taskfile.yml

@@ -0,0 +1,141 @@
+# https://taskfile.dev
+version: "3"
+set: [errexit, nounset, pipefail]
+
+env:
+  KUBECONFIG: "{{.ROOT_DIR}}/private/kubeconfig"
+  REPO_ROOT: "{{.ROOT_DIR}}"
+
+vars:
+  CONFIG_FILE: "{{.ROOT_DIR}}/config.yaml"
+  REQUIRED_CLIS: [gcloud, kubectl, kubelogin, yq, helm, helmfile, yamale]
+
+includes:
+  test:
+    taskfile: ./Taskfile.test.yml
+    flatten: true
+    optional: true
+
+tasks:
+  init:
+    deps:
+      - task: config:lint
+    cmds:
+      - cmd: bash command -V {{.ITEM}}
+        for:
+          var: REQUIRED_CLIS
+      - task: helmfile:init
+      - task: helmfile:lint
+      - task: helmfile:build
+
+  install:
+    cmds:
+      - task: kind:create
+      - task: apply
+
+  apply:
+    deps:
+      - task: config:lint
+    cmds:
+      - task: kubeconfig:set-context:kind
+      - task: helmfile:apply
+
+  diff:
+    deps:
+      - task: config:lint
+      - task: kubeconfig:set-context:kind
+    cmds:
+      - task: helmfile:diff
+
+  sync:
+    deps:
+      - task: config:lint
+      - task: kubeconfig:set-context:kind
+    cmds:
+      - task: helmfile:sync
+
+  config:lint:
+    silent: true
+    cmds:
+      - cmd: yamale -s "{{.ROOT_DIR}}/config.schema.yaml" "{{.CONFIG_FILE}}"
+      - defer: rm -f "{{.ROOT_DIR}}/private/gcp-credentials.yaml"
+      - cmd: test -f "{{.ROOT_DIR}}/private/gcp-credentials.json" || (echo ERROR\:\ private/gcp-credentials.json not found && exit 1)
+      - cmd: yq -o=yaml "{{.ROOT_DIR}}/private/gcp-credentials.json" > "{{.ROOT_DIR}}/private/gcp-credentials.yaml"
+      - cmd: yamale -s "{{.ROOT_DIR}}/private/gcp-credentials.schema.yaml" "{{.ROOT_DIR}}/private/gcp-credentials.yaml"
+
+  get:urls:
+    deps:
+      - task: kubeconfig:set-context:gke
+    cmd: >-
+      kubectl get ingress -A -o yaml | yq '.items[] | {(.metadata.name): ((select(.spec.tls != null) | "https://" // "http://") + .spec.rules[].host + .spec.rules[].http.paths[].path)}'
+
+  kubeconfig:set-context:gke:
+    deps:
+      - task: kubeconfig:update:gke
+    cmd: kubectl config set-context "$(yq '.cluster_name' {{.CONFIG_FILE}})"
+
+  kubeconfig:set-context:kind:
+    deps:
+      - task: kubeconfig:update:kind
+    cmd: kubectl config set-context $(yq '.name' "{{.ROOT_DIR}}/kind.yaml")
+
+  kubeconfig:update:gke:
+    deps:
+      - task: gcp:init
+    cmd: gcloud container clusters get-credentials "$(yq '.cluster_name' {{.CONFIG_FILE}})"
+
+  kubeconfig:update:kind:
+    cmd: kind export kubeconfig --quiet --name $(yq '.name' "{{.ROOT_DIR}}/kind.yaml")
+
+  gcp:init:
+    deps:
+      - task: config:lint
+    silent: true
+    cmds:
+      - cmd: gcloud config set project "$(yq '.project' {{.CONFIG_FILE}})"
+      - cmd: gcloud config set compute/region "$(yq '.region' {{.CONFIG_FILE}})"
+
+  uninstall:
+    deps:
+      - task: gcp:init
+    ignore_error: true
+    cmds:
+      - defer: rm -f "{{.KUBECONFIG}}"
+      - task: kubeconfig:set-context:gke
+      - cmd: kubectl delete workloadidentities.gcp.livewyer.io -A --all --interactive=false --now && sleep 60
+      - cmd: gcloud iam service-accounts delete crossplane
+      - cmd: kubectl delete pkg.crossplane.io -A --all --interactive=false --now
+      - cmd: kubectl -n argocd delete appset $(yq '. | keys - ["argocd"] | .[]' ${REPO_ROOT}/packages/addons/values.yaml) --interactive=false --now
+      - cmd: kubectl -n argocd delete app $(kubectl -n argocd get app -o yaml | yq '.items[] | select(.metadata.labels.addonName!="argocd").metadata.name') --interactive=false --now
+      - task: kubeconfig:set-context:kind
+      - cmd: kubectl -n argocd delete appset cnoe argocd --interactive=false --now && sleep 300
+      - task: helmfile:destroy
+      - task: kind:delete
+
+  kind:create:
+    cmd: kind create cluster --config "{{.ROOT_DIR}}/kind.yaml"
+  kind:delete:
+    cmd: kind delete cluster --name $(yq '.name' "{{.ROOT_DIR}}/kind.yaml")
+
+  helmfile:init:
+    cmd: helmfile init {{.CLI_ARGS}}
+  helmfile:lint:
+    cmd: helmfile lint {{.CLI_ARGS}}
+  helmfile:diff:
+    cmd: helmfile diff {{.CLI_ARGS}}
+  helmfile:build:
+    cmd: helmfile build {{.CLI_ARGS}}
+  helmfile:apply:
+    cmd: helmfile apply {{.CLI_ARGS}}
+  helmfile:list:
+    cmd: helmfile list {{.CLI_ARGS}}
+  helmfile:status:
+    cmd: helmfile status {{.CLI_ARGS}}
+  helmfile:template:
+    cmd: helmfile template {{.CLI_ARGS}}
+  helmfile:deps:
+    cmd: helmfile deps {{.CLI_ARGS}}
+  helmfile:sync:
+    cmd: helmfile sync {{.CLI_ARGS}}
+  helmfile:destroy:
+    cmd: helmfile destroy {{.CLI_ARGS}}

config.schema.yaml

@@ -0,0 +1,24 @@
+# YAML Schema for config.yaml
+
+repo:
+  url: str()
+  revision: str()
+  basepath: str()
+cluster_name: str()
+project: str()
+region: str()
+dns_zone: str()
+dns_domain: str()
+secret_manager: str()
+path_routing: bool()
+github:
+  appId: regex('^[0-9]+$')
+  installationId: regex('^[0-9]+$')
+  orgURL: regex('^http(s?)://.*$')
+  clientId: regex('^[a-zA-Z0-9]+$')
+  clientSecret: regex('^[a-zA-Z0-9]{32,}')
+  webhookUrl: regex('^http(s?)://.*$')
+  webhookSecret: str()
+  privateKey: str(multiline=True)
+letsencrypt_env: enum('prod', 'staging')
+tags: map(str(), key=str())

config.template.yaml

@@ -0,0 +1,52 @@
+### Config for CNOE GCP Reference Implementation ###
+# Source: "https://github.com/livewyer-ops/reference-implementation-google"
+
+# Details of your repository hosting the reference azure implementation code
+repo:
+  url: "https://github.com/<REPLACE_ME_your_org>/reference-implementation-google"
+  revision: "main" # Branch or Tag which should be used for Argo CD Apps
+  basepath: "packages" # Directory in which configuration of addons is stored
+
+# The name of the GKE cluster you are installing the reference implementation on.
+cluster_name: "cnoe-ref-impl"
+# GCP Region of the GKE cluster and cnoe-reference-implementation-google config secret
+project: cnoe-idp
+region: us-east1
+
+# Base Domain name used for exposing services. It should be a subdomain or main domain of the DNS zone.
+dns_zone: <REPLACE_ME_cnoe-dns>
+dns_domain: <REPLACE_ME_example.com>
+
+# GCP Secret Manager to use to store config secrets and certs
+secret_manager: cnoe-ref-impl
+
+# Set this to "true" if you want to enable path routing othewise "false" for domain based routing.
+# When enabled, the exposed addons will be accessible at https://<domain_name>/<addon-name>
+# When disabled, the exposed addons will be accessible at https://<addon-name>.<domain_name>
+# !!! Note: This is a string value as it is passed on to the Argo CD cluster secret as label
+path_routing: false
+
+github:
+  appId: "<REPLACE_ME_12345678>"
+  installationId: "<REPLACE_ME_12345678>"
+  orgURL: https://github.com/<REPLACE_ME_your_org>
+  clientId: <REPLACE_ME_clientId>
+  clientSecret: <REPLACE_ME_clientSecret>
+  webhookUrl: <REPLACE_ME_webhookUrl>
+  webhookSecret: <REPLACE_ME_webhookSecret>
+  privateKey: |
+    -----BEGIN RSA PRIVATE KEY-----
+    ...
+    -----END RSA PRIVATE KEY-----
+
+letsencrypt_env: prod
+
+# Tags for GCP resources
+tags:
+  githubRepo: "github.com/<REPLACE_ME_your_org>/reference-implementation-azure"
+  env: "dev"
+  project: "cnoe"
+
+crossplane_workload_identity:
+  clientId: <REPLACE_ME_00000000-0000-0000-0000-000000000000>
+  tenantId: <REPLACE_ME_00000000-0000-0000-0000-000000000000>