Justfile with nested kustomization to simply apply/deploy

2025-03-31 18:04:39 -04:00 · 2025-03-31 18:04:39 -04:00 · 240ea04de3
commit 240ea04de3
parent a3852b611c
25 changed files with 205 additions and 0 deletions
--- a/deploy/00-infisical.sh
+++ b/deploy/00-infisical.sh
@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Parse command line arguments
+RECREATE=false
+for arg in "$@"; do
+  case $arg in
+    --recreate)
+      RECREATE=true
+      shift
+      ;;
+  esac
+done
+
+# Check if the secret already exists
+SECRET_EXISTS=$(kubectl get secret universal-auth-credentials -n infisical --ignore-not-found -o name)
+
+if [[ -n "$SECRET_EXISTS" && "$RECREATE" == "true" ]]; then
+  echo "Recreating Infisical bootstrap secret..."
+  kubectl delete secret universal-auth-credentials -n infisical
+  kubectl create secret generic universal-auth-credentials -n infisical \
+    --from-literal clientId=$(gopass show -o homelab/infisical/id) \
+    --from-literal clientSecret=$(gopass show -o homelab/infisical/secret)
+elif [[ -z "$SECRET_EXISTS" ]]; then
+  echo "Creating Infisical bootstrap secret..."
+  kubectl create secret generic universal-auth-credentials -n infisical \
+    --from-literal clientId=$(gopass show -o homelab/infisical/id) \
+    --from-literal clientSecret=$(gopass show -o homelab/infisical/secret)
+else
+  echo "Infisical bootstrap secret already exists, skipping creation (use --recreate to force)"
+fi
--- a/deploy/00-infisical/kustomization.yaml
+++ b/deploy/00-infisical/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../namespaces/infisical/
--- a/deploy/01-infra.sh
+++ b/deploy/01-infra.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+echo -n "Checking for Infrastructure CRDs... "
+kubectl wait --for condition=established crd/httproutes.gateway.networking.k8s.io > /dev/null
+kubectl wait --for condition=established crd/volumes.longhorn.io > /dev/null
+kubectl wait --for condition=established crd/certificates.cert-manager.io > /dev/null
+echo "done"
--- a/deploy/01-infra/kustomization.yaml
+++ b/deploy/01-infra/kustomization.yaml
@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../namespaces/cert-manager/
+  - ../../namespaces/homelab/
+  - ../../namespaces/longhorn/
+  - ../../namespaces/traefik/
--- a/deploy/10-apps/kustomization.yaml
+++ b/deploy/10-apps/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../namespaces/
--- a/43
+++ b/43
@ -0,0 +1,43 @@
+set export := true
+verbose := "false"
+diff := "kubectl diff -k"
+apply := "kubectl apply -k"
+redirect := if verbose == "true" { "" } else { "> /dev/null" }
+
+default:
+    @just --list
+
+infisical_bootstrap_secret recreate="":
+    @echo "-- Adding Infisical Bootstrap secret --"
+    @./deploy/00-infisical.sh {{ recreate }}
+
+_diff_infisical:
+    @echo "-- Diffing Infisical resources --"
+    @{{ diff }} deploy/00-infisical || [ $? -eq 1 ]
+_diff_infra:
+    @echo "-- Diffing Infra resources --"
+    @{{ diff }} deploy/01-infra || [ $? -eq 1 ]
+_diff_apps:
+    @echo "-- Diffing Apps --"
+    @{{ diff }} deploy/10-apps || [ $? -eq 1 ]
+    # @./deploy/10-apps.sh
+
+_apply_infisical:
+    @echo "-- Applying Infisical resources --"
+    @{{ apply }} deploy/00-infisical {{ redirect }}
+_apply_infra:
+    @echo "-- Applying Infra resources --"
+    @{{ apply }} deploy/01-infra {{ redirect }}
+    @./deploy/01-infra.sh
+_apply_apps:
+    @echo "-- Applying Apps --"
+    @{{ apply }} deploy/10-apps {{ redirect }}
+
+_apply_post: _apply_infra _apply_apps
+
+diff: _diff_infisical _diff_infra _diff_apps
+apply: _apply_infisical _apply_post
+_deploy recreate="": _apply_infisical (infisical_bootstrap_secret recreate) _apply_post
+deploy: _deploy
+
+redeploy: (_deploy "--recreate")
--- a/namespaces/ai/kustomization.yaml
+++ b/namespaces/ai/kustomization.yaml
@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - ollama/
+  - tabby/
+  - openwebui/
--- a/namespaces/apps/kustomization.yaml
+++ b/namespaces/apps/kustomization.yaml
@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - smtp-secrets.yaml
+  - atuin/
+  - dolibarr/
+  - forgejo/
+  - linkwarden/
+  - mealie/
+  - paperless/
+  - vaultwarden/
--- a/namespaces/auth/namespace.yaml
+++ b/namespaces/auth/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    homelab-access: "true"
+  name: auth
--- a/namespaces/cert-manager/kustomization.yaml
+++ b/namespaces/cert-manager/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - cert-manager/
--- a/namespaces/cert-manager/cert-manager/post/cluster-issuer.yaml
+++ b/namespaces/cert-manager/cert-manager/post/cluster-issuer.yaml
--- a/namespaces/cert-manager/cert-manager/post/consultjlpdotcom-cert.yaml
+++ b/namespaces/cert-manager/cert-manager/post/consultjlpdotcom-cert.yaml
--- a/namespaces/cert-manager/cert-manager/post/jlptechdotconsulting-cert.yaml
+++ b/namespaces/cert-manager/cert-manager/post/jlptechdotconsulting-cert.yaml
--- a/namespaces/cert-manager/post-crd/kustomization.yaml
+++ b/namespaces/cert-manager/post-crd/kustomization.yaml
@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - cluster-issuer.yaml
+  - consultjlpdotcom-cert.yaml
+  - jlptechdotconsulting-cert.yaml
+  - leechpepindotcom-cert.yaml
--- a/namespaces/cert-manager/cert-manager/post/leechpepindotcom-cert.yaml
+++ b/namespaces/cert-manager/cert-manager/post/leechpepindotcom-cert.yaml
--- a/namespaces/charts/gpu-runtime.yaml
+++ b/namespaces/charts/gpu-runtime.yaml
--- a/namespaces/charts/kustomization.yaml
+++ b/namespaces/charts/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - gpu-runtime.yaml
--- a/namespaces/core/kustomization.yaml
+++ b/namespaces/core/kustomization.yaml
@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - postgres/
+  - redis/
+  - tika/
+  - gotenburg/
--- a/namespaces/homelab/kustomization.yaml
+++ b/namespaces/homelab/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - gateway.yaml
--- a/namespaces/infisical/kustomization.yaml
+++ b/namespaces/infisical/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - infisical/
--- a/namespaces/kustomization.yaml
+++ b/namespaces/kustomization.yaml
@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - cert-manager/post-crd
+  - ai/
+  - apps/
+  - auth/
+  - core/
+  - charts/
+  - monitoring/
+  - public/
--- a/namespaces/longhorn/kustomization.yaml
+++ b/namespaces/longhorn/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - longhorn/
--- a/namespaces/monitoring/kustomization.yaml
+++ b/namespaces/monitoring/kustomization.yaml
@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - smtp-secrets.yaml
+  - umami/
+  - ntfy/
+  - diun/
+  - healthchecks/
--- a/namespaces/public/kustomization.yaml
+++ b/namespaces/public/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
--- a/namespaces/traefik/kustomization.yaml
+++ b/namespaces/traefik/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - traefik/