-
Notifications
You must be signed in to change notification settings - Fork 11
/
Taskfile.yml
60 lines (60 loc) · 2.36 KB
/
Taskfile.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
version: 3
vars:
KIND_CLUSTER_NAME: kms-vault
KIND_CLUSTER_VERSION: 1.24
ENABLED_PROVIDERS:
sh: '([ -z "$ENABLED_PROVIDERS" ] && echo --enabled-providers=debug) || echo $ENABLED_PROVIDERS'
silent: true
includes:
cluster: .task/cluster.yml
docker: .task/docker.yml
fetch: .task/fetch.yml
go: .task/go.yml
prod: .task/prod.yml
tasks:
default:
cmds:
- task -l
bin-dir:init:
desc: create bin directory
cmds:
- mkdir -p ./bin
status:
- test -d ./bin
run-dir:init:
desc: create bin directory
cmds:
- mkdir -pm 777 bin/run
- mkdir -pm 777 bin/run/debug
- mkdir -pm 777 bin/run/vault
- mkdir -pm 777 bin/run/awskms
- mkdir -pm 777 bin/run/azurekms
status:
- test -d ./bin/run
- test -d ./bin/run/debug
- test -d ./bin/run/vault
- test -d ./bin/run/awskms
- test -d ./bin/run/azurekms
example:load:
desc: load demo data
cmds:
- sh {{.SCRIPT}}/test.bash
example:before-key-rotate:
desc: data before key rotate
cmds:
- echo "-------- secret etcd data --------"
- ./bin/kubectl -n kube-system exec -t etcd-kms-vault-control-plane -- etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key get /registry/secrets/default/data-test
- echo "-------- secret fetch data --------"
- ./bin/kubectl get secret data-test -o yaml
example:after-key-rotate:
desc: data after key rotate
cmds:
- ./bin/kubectl apply -f scripts/secret2.yaml
- echo "-------- old secret etcd --------"
- ./bin/kubectl -n kube-system exec -t etcd-kms-vault-control-plane -- etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key get /registry/secrets/default/data-test
- echo "-------- new secret etcd --------"
- ./bin/kubectl -n kube-system exec -t etcd-kms-vault-control-plane -- etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key get /registry/secrets/default/data-test3
- echo "-------- old secret fetch data --------"
- ./bin/kubectl get secret data-test -o yaml
- echo "-------- new secret fetch data --------"
- ./bin/kubectl get secret data-test3 -o yaml