Add wg-easy application example with helmfile and taskfile flow

Author: chris-sanders

.gitignore

@@ -28,3 +28,8 @@ Thumbs.db
 *.pyo
 *.pyd
 __pycache__/
+
+# wg-easy specific
+applications/wg-easy/release/
+applications/wg-easy/*/charts/
+applications/wg-easy/*/Chart.lock

applications/wg-easy/Taskfile.yaml

@@ -0,0 +1,300 @@
+version: "3"
+
+includes:
+  utils: ./taskfiles/utils.yml
+
+vars:
+  # Cluster configuration
+  CLUSTER_NAME: '{{.CLUSTER_NAME | default "test-cluster"}}'
+  K8S_VERSION: '{{.K8S_VERSION | default "1.32.2"}}'
+  DISK_SIZE: '{{.DISK_SIZE | default "100"}}'
+  INSTANCE_TYPE: '{{.INSTANCE_TYPE | default "r1.small"}}'
+  DISTRIBUTION: '{{.DISTRIBUTION | default "k3s"}}'
+  KUBECONFIG_FILE: './kubeconfig-{{.CLUSTER_NAME}}'
+  
+  # Ports configuration
+  EXPOSE_PORTS:
+    - port: 443
+      protocol: https
+    - port: 80
+      protocol: http
+    
+  # GCP default configuration
+  GCP_PROJECT: '{{.GCP_PROJECT | default "replicated-qa"}}'
+  GCP_ZONE: '{{.GCP_ZONE | default "us-central1-a"}}'
+  VM_NAME: '{{.VM_NAME | default (printf "%s-dev" (or (env "GUSER") "user"))}}'
+
+tasks:
+  default:
+    desc: Show available tasks
+    cmds:
+      - task -s --list
+
+  create-cluster:
+    desc: Create a test cluster using Replicated Compatibility Matrix (use EMBEDDED=true for embedded clusters)
+    run: once
+    silent: true
+    vars:
+      EMBEDDED: '{{.EMBEDDED | default "false"}}'
+      LICENSE_ID: '{{if eq .EMBEDDED "true"}}{{.LICENSE_ID | default "2cmqT1dBVHZ3aSH21kPxWtgoYGr"}}{{end}}'
+      TIMEOUT: '{{if eq .EMBEDDED "true"}}420{{else}}300{{end}}'
+    status:
+      - replicated cluster ls --output json | jq -e '.[] | select(.name == "{{.CLUSTER_NAME}}")' > /dev/null
+    cmds:
+      - |
+        if [ "{{.EMBEDDED}}" = "true" ]; then
+          echo "Creating embedded cluster {{.CLUSTER_NAME}} with license ID {{.LICENSE_ID}}..."
+          replicated cluster create --distribution embedded-cluster --name {{.CLUSTER_NAME}} --license-id {{.LICENSE_ID}}
+        else
+          echo "Creating cluster {{.CLUSTER_NAME}} with distribution {{.DISTRIBUTION}}..."
+          replicated cluster create --name {{.CLUSTER_NAME}} --distribution {{.DISTRIBUTION}} --version {{.K8S_VERSION}} --disk {{.DISK_SIZE}} --instance-type {{.INSTANCE_TYPE}}
+        fi
+      - task: utils:wait-for-cluster
+        vars:
+          TIMEOUT: "{{.TIMEOUT}}"
+
+  test:
+    desc: Run a basic test suite
+    silent: true
+    cmds:
+      - echo "Running basic tests..."
+      - echo "This is a placeholder for actual tests"
+      - sleep 5
+      - echo "Tests completed!"
+
+  get-kubeconfig:
+    desc: Get kubeconfig for the test cluster
+    silent: true
+    run: once
+    cmds:
+      - |
+        echo "Getting kubeconfig for cluster {{.CLUSTER_NAME}}..."
+        replicated cluster kubeconfig --name {{.CLUSTER_NAME}} --output-path {{.KUBECONFIG_FILE}}
+    status:
+      - test -f {{.KUBECONFIG_FILE}}
+    deps:
+      - create-cluster
+
+  update-dependencies:
+    desc: Update Helm dependencies for all charts
+    silent: true
+    cmds:
+      - echo "Updating Helm dependencies for all charts..."
+      - |
+        # Find all charts and update their dependencies
+        for chart_dir in $(find . -maxdepth 2 -name "Chart.yaml" | xargs dirname); do
+          echo "Updating dependency $chart_dir"
+          helm dependency update "$chart_dir"
+        done
+      - echo "All dependencies updated!"
+
+  expose-ports:
+    desc: Expose configured ports and capture exposed URLs
+    silent: true
+    run: once
+    status:
+      - |
+        CLUSTER_ID=$(replicated cluster ls --output json | jq -r '.[] | select(.name == "{{.CLUSTER_NAME}}") | .id')
+        if [ -z "$CLUSTER_ID" ]; then
+          exit 1
+        fi
+        
+        # Check if all ports are already exposed
+        expected_count={{len .EXPOSE_PORTS}}
+        port_checks=""
+        {{range $i, $port := .EXPOSE_PORTS}}
+        port_checks="${port_checks}(.upstream_port == {{$port.port}} and .exposed_ports[0].protocol == \"{{$port.protocol}}\") or "
+        {{end}}
+        # Remove trailing "or "
+        port_checks="${port_checks% or }"
+        
+        PORT_COUNT=$(replicated cluster port ls $CLUSTER_ID --output json | jq -r ".[] | select($port_checks) | .upstream_port" | wc -l | tr -d ' ')
+        [ "$PORT_COUNT" -eq "$expected_count" ]
+    cmds:
+      - task: utils:port-operations
+        vars:
+          OPERATION: "expose"
+    deps:
+      - create-cluster
+
+  deploy-helm:
+    desc: Deploy all charts using helmfile
+    silent: true
+    cmds:
+      - echo "Installing all charts via helmfile"
+      - |
+        # Get cluster ID
+        CLUSTER_ID=$(replicated cluster ls --output json | jq -r '.[] | select(.name == "{{.CLUSTER_NAME}}") | .id')
+        if [ -z "$CLUSTER_ID" ]; then
+          echo "Error: Could not find cluster with name {{.CLUSTER_NAME}}"
+          exit 1
+        fi
+        
+        # Get exposed URLs
+        ENV_VARS=$(task utils:port-operations OPERATION=getenv CLUSTER_NAME={{.CLUSTER_NAME}})
+        
+        # Deploy with helmfile
+        echo "Using $ENV_VARS"
+        KUBECONFIG={{.KUBECONFIG_FILE}} $ENV_VARS helmfile sync --wait
+      - echo "All charts deployed!"
+    deps:
+      - get-kubeconfig
+      - expose-ports
+      - remove-k3s-traefik
+
+  remove-k3s-traefik:
+    desc: Remove pre-installed Traefik from k3s clusters
+    silent: true
+    cmds:
+      - |
+        # Only run for k3s distributions
+        if [ "{{.DISTRIBUTION}}" = "k3s" ]; then
+          task utils:traefik-operations OPERATION=remove KUBECONFIG_FILE={{.KUBECONFIG_FILE}}
+        else
+          echo "Not a k3s cluster, skipping Traefik removal."
+        fi
+    deps:
+      - get-kubeconfig
+
+  delete-cluster:
+    desc: Delete all test clusters with matching name and clean up kubeconfig
+    silent: true
+    cmds:
+      - echo "Deleting clusters named {{.CLUSTER_NAME}}..."
+      - |
+        CLUSTER_IDS=$(replicated cluster ls | grep "{{.CLUSTER_NAME}}" | awk '{print $1}')
+        if [ -z "$CLUSTER_IDS" ]; then
+          echo "No clusters found with name {{.CLUSTER_NAME}}"
+          exit 0
+        fi
+        
+        for id in $CLUSTER_IDS; do
+          echo "Deleting cluster ID: $id"
+          replicated cluster rm "$id"
+        done
+      - |
+        # Clean up kubeconfig file
+        if [ -f "{{.KUBECONFIG_FILE}}" ]; then
+          echo "Removing kubeconfig file {{.KUBECONFIG_FILE}}"
+          rm "{{.KUBECONFIG_FILE}}"
+        fi
+      - echo "All matching clusters deleted and kubeconfig cleaned up!"
+
+  prepare-release:
+    desc: Prepare release files by copying replicated YAML files and packaging Helm charts
+    silent: true
+    cmds:
+      - echo "Preparing release files..."
+      - rm -rf ./release
+      - mkdir -p ./release
+      
+      # Copy all non-config.yaml files
+      - echo "Copying non-config YAML files to release folder..."
+      - find . -path '*/replicated/*.yaml' -not -name 'config.yaml' -exec cp {} ./release/ \;
+      - find ./replicated -name '*.yaml' -not -name 'config.yaml' -exec cp {} ./release/ \; 2>/dev/null || true
+      
+      # Merge config.yaml files
+      - echo "Merging config.yaml files..."
+      - |
+        # Start with an empty config file
+        echo "{}" > ./release/config.yaml
+        
+        # Merge all app config.yaml files first (excluding root replicated)
+        for config_file in $(find . -path '*/replicated/config.yaml' | grep -v "^./replicated/"); do
+          echo "Merging $config_file..."
+          yq eval-all '. as $item ireduce ({}; . * $item)' ./release/config.yaml "$config_file" > ./release/config.yaml.new
+          mv ./release/config.yaml.new ./release/config.yaml
+        done
+        
+        # Merge root config.yaml last
+        if [ -f "./replicated/config.yaml" ]; then
+          echo "Merging root config.yaml last..."
+          yq eval-all '. as $item ireduce ({}; . * $item)' ./release/config.yaml "./replicated/config.yaml" > ./release/config.yaml.new
+          mv ./release/config.yaml.new ./release/config.yaml
+        fi
+      
+      # Package Helm charts
+      - echo "Packaging Helm charts..."
+      - |
+        # Find top-level directories containing Chart.yaml files
+        for chart_dir in $(find . -maxdepth 2 -name "Chart.yaml" | xargs dirname); do
+          echo "Packaging chart: $chart_dir"
+          # Navigate to chart directory, package it, and move the resulting .tgz to release folder
+          (cd "$chart_dir" && helm package . && mv *.tgz ../release/)
+        done
+      
+      - echo "Release files prepared in ./release/ directory"
+      
+  release-create:
+    desc: Create and promote a release for home-cluster using the Replicated CLI
+    silent: true
+    requiredVars:
+      - CHANNEL
+    vars:
+      RELEASE_NOTES: '{{.RELEASE_NOTES | default "Release created via task release-create"}}'
+    cmds:
+      - echo "Creating and promoting release for home-cluster to channel {{.CHANNEL}}..."
+      - |
+        # Create and promote the release in one step
+        echo "Creating release from files in ./release directory..."
+        replicated release create --app home-cluster --yaml-dir ./release --release-notes "{{.RELEASE_NOTES}}" --promote {{.CHANNEL}}
+        
+        echo "Release created and promoted to channel {{.CHANNEL}}"
+    deps:
+      - prepare-release
+
+  create-gcp-vm:
+    desc: Create a simple GCP VM instance
+    silent: true
+    vars:
+      GCP_MACHINE_TYPE: '{{.GCP_MACHINE_TYPE | default "e2-standard-2"}}'
+      GCP_DISK_SIZE: '{{.GCP_DISK_SIZE | default "100"}}'
+      GCP_DISK_TYPE: '{{.GCP_DISK_TYPE | default "pd-standard"}}'
+      GCP_IMAGE_FAMILY: '{{.GCP_IMAGE_FAMILY | default "ubuntu-2204-lts"}}'
+      GCP_IMAGE_PROJECT: '{{.GCP_IMAGE_PROJECT | default "ubuntu-os-cloud"}}'
+    status:
+      - gcloud compute instances describe {{.VM_NAME}} --project={{.GCP_PROJECT}} --zone={{.GCP_ZONE}} &>/dev/null
+    cmds:
+      - task: utils:gcp-operations
+        vars:
+          OPERATION: "create"
+
+  delete-gcp-vm:
+    desc: Delete the GCP VM instance for K8s and VPN
+    silent: true
+    status:
+      - "! gcloud compute instances describe {{.VM_NAME}} --project={{.GCP_PROJECT}} --zone={{.GCP_ZONE}} &>/dev/null"
+    cmds:
+      - task: utils:gcp-operations
+        vars:
+          OPERATION: "delete"
+
+  setup-embedded-cluster:
+    desc: Setup Replicated embedded cluster on the GCP VM
+    silent: true
+    vars:
+      CHANNEL: '{{.CHANNEL | default "unstable"}}'
+      AUTH_TOKEN: '{{.AUTH_TOKEN | default "2uJbnRgxrmrhqBDF1Sd7wcYFDPh"}}'
+    deps:
+      - create-gcp-vm
+    status:
+      - |
+        # Check if the home-cluster tarball has already been downloaded and extracted
+        gcloud compute ssh {{.VM_NAME}} --project={{.GCP_PROJECT}} --zone={{.GCP_ZONE}} --command="test -d ./home-cluster" &>/dev/null
+    cmds:
+      - task: utils:gcp-operations
+        vars:
+          OPERATION: "setup-embedded"
+
+  full-test-cycle:
+    desc: Create cluster, get kubeconfig, expose ports, update dependencies, deploy charts, test, and delete
+    silent: true
+    cmds:
+      - task: create-cluster
+      - task: get-kubeconfig
+      - task: expose-ports
+      - task: remove-k3s-traefik
+      - task: update-dependencies
+      - task: deploy-helm
+      - task: test
+      - task: delete-cluster

applications/wg-easy/cert-manager-issuers/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cert-manager-issuers
+description: A Helm chart for cert-manager issuers
+type: application
+version: 1.0.0
+appVersion: "1.0.0"

applications/wg-easy/cert-manager-issuers/replicated/helmChart-cert-manager-issuers.yaml

@@ -0,0 +1,13 @@
+apiVersion: kots.io/v1beta2
+kind: HelmChart
+metadata:
+  name: cert-manager-issuers
+spec:
+  chart:
+    name: cert-manager-issuers
+    chartVersion: '1.0.0'
+  weight: 1
+  helmUpgradeFlags:
+    - --wait
+  namespace: cert-manager
+  builder: {}

applications/wg-easy/cert-manager-issuers/templates/issuers.yaml

@@ -0,0 +1,53 @@
+{{- if .Values.local.letsencrypt.staging }}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  acme:
+    email: {{ .Values.local.letsencrypt.email }}
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-staging-account-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-token
+            key: token
+{{- end }}
+{{- if .Values.local.letsencrypt.production }}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  acme:
+    email: {{ .Values.local.letsencrypt.email }}
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-production-account-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-token
+            key: token
+{{- end }}
+{{- if .Values.local.letsencrypt.selfSigned }}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-cluster-issuer
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  selfSigned: {}
+{{- end }}

applications/wg-easy/cert-manager-issuers/values.yaml

@@ -0,0 +1,7 @@
+local:
+  letsencrypt:
+    production: false
+    staging: false
+    selfSigned: true
+    email: [email protected]
+    acme_host: 'dns.example.com'