stackoom
  简体   繁体   中英

How to deploy to AWS Kubernetes from Azure DevOps

 原文  2019-07-06 12:39:46       amazon-web-services/ kubernetes/ azure-devops/ continuous-deployment

Question

I'm using Azure DevOps, to handle PBI, repos, PRS, and builds, but all my infrastructure, including Kubernetes is managed by AWS.

There's not documentation, neither "the right and easy way" of how to deploy to AWS EKS using Azure DevOps Tasks.

I found this solution , its a good solution, but would be awesome to know how you guys resolve it, or if there are more approaches.

2 answers

solution1
 2 ACCPTED  2019-07-06 15:49:44

After a research and try and failure, I found another way to do it, without messing around with shell scripts.

You just need to apply the following to Kubernetes, It will create a ServiceAccount and bind it to a custom Role, that role will have the permissions to create/delete deployments and pods (tweak it for services permissions).

deploy-robot-conf.yaml 

apiVersion: v1
kind: ServiceAccount
metadata:
  name: deploy-robot
automountServiceAccountToken: false
---
apiVersion: v1
kind: Secret
metadata:
  name: deploy-robot-secret
  annotations:
    kubernetes.io/service-account.name: deploy-robot
type: kubernetes.io/service-account-token
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: deploy-robot-role
  namespace: default
rules: # ## Customize these to meet your requirements ##
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["create", "delete"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: global-rolebinding
  namespace: default
subjects:
- kind: ServiceAccount
  name: deploy-robot
  namespace: default
roleRef:
  kind: Role
  name: deploy-robot-role
  apiGroup: rbac.authorization.k8s.io

This will have the minimum permissions needed for Azure DevOps be able to deploy to the cluster.

Note: Please tweak the rules at the role resource to meet your need, for instance services resources permissions.

Then go to your release and create a Kubernetes Service Connection:

Kubernetes服务连接

Fill the boxes, and follow the steps required to get your secret from the service account, remember that is deploy-robot if you didn't change the yaml file.

Kubernetes服务连接

And then just use your Kubernetes Connection:

使用Kubernetes Connection发行

solution2
 1  2019-07-08 11:03:46

另一个选择是使用基于“ kubeconf”的身份验证,其中可以通过以下AWS CLI命令获取“ kubeconf”文件: 

aws eks --region region update-kubeconfig --name cluster_name --kubconfig ~/.kube/AzureDevOpsConfig

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to deploy code on 60 AWS servers from Azure Devops how to build, package and deploy AWS SAM lambda function of python from azure Devops CI/CD pipeline to AWS How to deploy Kubernetes on AWS? How to deploy django with Kubernetes on AWS Deploy PHP application from Azure DevOps to AWS using CI/CD pipeline AssumeRole when using Terraform on Azure DevOps to deploy to AWS How to locally build and deploy Kubernetes in AWS? How to deploy Keycloak in AWS Fargate kubernetes cluster How to connect AWS EKS cluster from Azure Devops pipeline - No user credentials found for cluster in KubeConfig content Unable to deploy the image in the kubernetes (AWS)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM