-
Notifications
You must be signed in to change notification settings - Fork 2
/
sugarkube-conf.yaml
222 lines (213 loc) · 11.3 KB
/
sugarkube-conf.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
# Per-project config file. Copy this to the root of each of your projects.
log_level: none
#json_logs: false
#no_color: true
num_workers: 10 # number of goroutines to use to process kapps in parallel. You probably won't need it much higher
# than this unless your DAG is enormous
programs:
helm:
vars:
main_kapp_dir: "{{ .kapp.id }}"
kubeconfig: "{{ .kubeconfig }}"
namespace: "{{ .kapp.id }}"
release: "{{ .kapp.id }}"
kube_context: "{{ .kube_context }}"
kubectl: kubectl
tiller_namespace: kube-system
helm_timeout: 600
helm: helm # path to the helm binary to run. This allows version pinning if you have multiple versions of helm on your machine.
run_helm: true # none of these units will be run for a kapp if this is false because of the associated condition
# Search for parameters dynamically. The `findFiles` function takes a list of
# file name patterns and a starting directory to search from. It then recursively
# searches for a single file matching the pattern. If one (and only one) is found,
# it's returned in the result array. Patterns that don't match any files are
# filtered out.
#
# The `.sugarkube.defaultVars` variable is a list populated at runtime containing (in
# order of precedence: provider, account, profile, cluster, region.
#
# So these scary looking things search for a values.yaml file in the kapp cache directory, as well as
# `values-<provider/account/profile/etc>.yaml` and prepends '-f' ready to be passed as options to helm.
helm_params: >-
{{ listString "/values\\.yaml$" | findFiles .kapp.cacheRoot | mapPrintF "-f=%s" | uniq | last }}
{{ mapPrintF "/values-%s\\.yaml$" (.sugarkube.defaultVars | removeEmpty) | findFiles .kapp.cacheRoot | mapPrintF "-f=%s" | uniq | join " " }}
{{ listString "/_generated_.*\\.yaml$" | findFiles .kapp.cacheRoot | mapPrintF "-f=%s" | uniq | join " " }}
run_units:
helm:
working_dir: "{{ .kapp.cacheRoot }}/{{ .kapp.vars.main_kapp_dir }}" # directory to use as the working directory
conditions: # all must be true for any units to be run
- "{{ .kapp.vars.run_helm }}"
plan_install:
- name: helm-lint
command: "{{ .kapp.vars.helm }}"
# the nested list `helm_params` will be flattened and appended to the main args list. Empty lists will be filtered out.
args: |
lint
--kube-context={{ .kapp.vars.kube_context }}
--namespace={{ .kapp.vars.namespace }}
.
{{ .kapp.vars.helm_params }}
env_vars:
KUBECONFIG: "{{ .kapp.vars.kubeconfig }}"
apply_install:
- name: helm-install
command: "{{ .kapp.vars.helm }}"
args: |
upgrade
--kube-context={{ .kapp.vars.kube_context }}
--tiller-namespace={{ .kapp.vars.tiller_namespace }}
--wait
--install
--recreate-pods
--timeout={{ .kapp.vars.helm_timeout }}
--namespace={{ .kapp.vars.namespace }}
{{ .kapp.vars.release }}
.
{{ .kapp.vars.helm_params }}
env_vars:
KUBECONFIG: "{{ .kapp.vars.kubeconfig }}"
merge_priority: 30 # install helm charts *after* running terraform if terraform is used. By default
# terraform output will have been generated and loaded.
apply_delete:
- name: helm-delete
command: "{{ .kapp.vars.helm }}"
args: |
delete
--kube-context={{ .kapp.vars.kube_context }}
--tiller-namespace={{ .kapp.vars.tiller_namespace }}
--purge
{{ .kapp.vars.release }}
env_vars:
KUBECONFIG: "{{ .kapp.vars.kubeconfig }}"
merge_priority: 10 # delete helm charts *before* running terraform (we don't use 0 so you can insert your own steps before this one)
- name: delete namespace
command: "{{ .kapp.vars.kubectl }}"
args:
--context={{ .kapp.vars.kube_context }}
delete
--now
namespace
{{ .kapp.vars.namespace }}
env_vars:
KUBECONFIG: "{{ .kapp.vars.kubeconfig }}"
merge_priority: 15
kubectl:
vars:
kubeconfig: "{{ .kubeconfig }}"
kube_context: "{{ .kube_context }}"
namespace: "{{ .kapp.id }}"
kubectl: kubectl
aws:
vars:
region: "{{ .stack.region }}"
run_units:
aws:
binaries:
- aws
terraform:
vars:
main_kapp_dir: "{{ .kapp.id }}"
region: "{{ .stack.region }}"
project: "{{ .project }}"
run_terraform: true # none of these units will be run for a kapp if this is false because of the associated condition
terraform: terraform # path to the terraform binary to run. This allows version pinning if you have multiple versions of terraform on your machine.
terraform_dir: "{{ .kapp.cacheRoot }}/{{ .kapp.vars.main_kapp_dir }}/terraform_{{ .stack.provider }}"
tf_output_path: "{{ .kapp.cacheRoot }}/{{ .kapp.vars.main_kapp_dir }}/terraform_{{ .stack.provider }}/_generated_terraform_output.json"
tf_plan_path: "{{ .kapp.cacheRoot }}/{{ .kapp.vars.main_kapp_dir }}/terraform_{{ .stack.provider }}/_generated_plan.tfplan"
# Dynamically searches for terraform tfvars files based on the current stack provider and various properties of the
# stack (e.g. name, region, etc.) as well as any generated files. All files found are prepended by `-var-file`
tf_params: >-
{{ mapPrintF "terraform_%s/.*defaults\\.tfvars$" (listString .stack.provider) | findFiles .kapp.cacheRoot | mapPrintF "-var-file %s" | uniq | join " " | trim }}
{{ mapPrintF (mapPrintF "terraform_%s/.*%%s\\.tfvars$" (listString .stack.provider) | join "") (.sugarkube.defaultVars | removeEmpty) | findFiles .kapp.cacheRoot | mapPrintF "-var-file %s" | uniq | join " " | trim }}
{{ mapPrintF "terraform_%s/.*_generated_.*\\.tfvars$" (listString .stack.provider) | findFiles .kapp.cacheRoot | mapPrintF "-var-file %s" | uniq | join " " | trim }}
templates:
backend:
source: terraform/backend.tf
dest: terraform_{{ .stack.provider }}/_generated_backend.tf
conditions:
- "{{ exists \"d\" .kapp.vars.terraform_dir }}" # only render this template if a terraform directory exists
run_units:
terraform:
working_dir: "{{ .kapp.vars.terraform_dir }}" # directory to use as the working directory
conditions: # all must be true for any units to be run
- "{{ .kapp.vars.run_terraform }}"
- "{{ exists \"d\" .kapp.vars.terraform_dir }}" # won't run these if there's no terraform_<provider> directory (e.g. for local providers)
plan_install:
- name: tf-init
command: "{{ .kapp.vars.terraform }}"
args: init
conditions: # additional conditions for this specific step to be run. These must all be truthy for the command to be executed.
# only run if terraform hasn't already initialised (i.e. no .terraform directory exists)
- "{{ exists \"d\" \"{{ .kapp.vars.terraform_dir }}/.terraform\" | not }}"
- name: tf-format
command: "{{ .kapp.vars.terraform }}"
args: fmt
- name: tf-validate
command: "{{ .kapp.vars.terraform }}"
args: validate {{ .kapp.vars.tf_params }} # entirely blank/empty args will be stripped out by sugarkube
- name: tf-plan
print: verbose # print the plan to the console
command: "{{ .kapp.vars.terraform }}"
args: |
plan
-refresh=true
-out
{{ .kapp.vars.tf_plan_path }}
{{ .kapp.vars.tf_params }}
apply_install:
- name: tf-apply
print: verbose
command: "{{ .kapp.vars.terraform }}"
args: apply {{ .kapp.vars.tf_plan_path }}
merge_priority: 10 # apply terraform *before* installing a helm chart
- call: output # call the whole 'output' unit
merge_priority: 15 # apply terraform *before* installing a helm chart
plan_delete:
- call: plan_install/tf-init # call the tf-init step defined under `plan_install`
merge_priority: 25 # this needs to be merged after helm has run
- name: tf-destroy
print: true
expected_exit_code: 1 # terraform will exit with a code of '1', so only throw an error if it returns another error code
command: "{{ .kapp.vars.terraform }}" # command not auto-approved
args: destroy {{ .kapp.vars.tf_params }}
apply_delete:
- call: plan_install/tf-init # call the tf-init step defined under `plan_install`
merge_priority: 25 # this needs to be merged after helm has run
- name: tf-destroy
command: "{{ .kapp.vars.terraform }}"
args: destroy -auto-approve {{ .kapp.vars.tf_params }} # command auto-approved
merge_priority: 30 # delete terraform *after* deleting a helm chart
- name: tf-delete-state
command: aws
args: s3 rm s3://{{ .terraform.state.bucket }}/{{ .terraform.state.key }}
merge_priority: 50
output:
- call: plan_install/tf-init # call the tf-init step defined under `plan_install`
- name: tf-refresh
command: "{{ .kapp.vars.terraform }}"
args: refresh {{ .kapp.vars.tf_params }}
conditions:
# this is evaluated before any steps are executed so it'll be false even if the tf-init step has just
# created this directory
- "{{ exists \"d\" \"{{ .kapp.vars.terraform_dir }}/.terraform\" | not }}"
- name: tf-output
command: "{{ .kapp.vars.terraform }}"
args: output -json
stdout: "{{ .kapp.vars.tf_output_path }}" # save stdout to this path
load_outputs: true # instructs sugarkube to load and parse any defined outputs making them available for subsequent run steps
clean:
- name: clean-terraform
command: find
args: "{{ .kapp.cacheRoot }} -name '.terraform' -type d -exec rm -rf {} ';'"
ignore_errors: true # find returns several exit codes; we don't really care about the details
# globally defined run units will be used as defaults for each program
run_units:
clean:
- name: delete-generated-files
command: find
args: "{{ .kapp.cacheRoot }} -name '_generated_*' -type f -delete"
ignore_errors: true # find returns several exit codes; we don't really care about the details
- name: delete-generated-dirs
command: find
args: "{{ .kapp.cacheRoot }} -name '_generated_*' -type d -exec rm -rf {} ';'"
ignore_errors: true # find returns several exit codes; we don't really care about the details