Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CLOUD] Identify a method to generate credentials that can github action to deploy to the cluster. #65

Closed
LucaLanziani opened this issue Feb 21, 2023 · 1 comment · Fixed by #77
Closed

[CLOUD] Identify a method to generate credentials that can github action to deploy to the cluster. #65

LucaLanziani opened this issue Feb 21, 2023 · 1 comment · Fixed by #77
Assignees
@blucas

Comments

@LucaLanziani
Copy link
Member

LucaLanziani commented Feb 21, 2023
edited
Loading

Issue Type

Enhancement

Description

The Context:
At the current state, it is not easy at all to deploy this project on a remote cluster. We claim it is as easy as deploying Argo and applying our manifest but in fact, there are a series of challenges to overcome while doing that in order to achieve a perfectly working cluster, as we intended:

  • In order to access the Kubernetes master API to provide a deployment context to the Github Action it is required to set up an OIDC connection, for example for AWS, it's not that easy to figure out which is the role to use, as well as which IAM permissions are required to make it work in the first place.

These are at the current state the challenges I faced with @LucaLanziani while we were trying to deploy this solution on an AWS EKS cluster and probably we missed some others that might happen down the road, but at the current state those are already some huge roadblocks we noticed that require immediate attention if we want to deliver an easy to use experience for DevOps onboarding this project, no matter their background.

The Solution:
First of all, it would be nice to identify if there is a way to abstract the OIDC connection layer to ensure it works cross-cloud and ideally even on bare metal. Once that has been figured out, an ideal solution would be to provide an easy-to-use script and/or a make command that would abstract this complexity and allow everyone to deploy this project on their target cloud environment ( AWS, Google, Azure, Alibaba, etc. ) with ease.

The Alternatives:
An alternative that could be considered but IMHO should be done meanwhile the full scripted solution is provided, is to create a series of documentation that would cover this aspect and help the DevOps operator to successfully deploy this solution on their intended cloud platform.

Requirements

  • These credentials will be used in GitHub action on developers repos.
  • These credentials should only be able to deploy things on the cluster.

Desired Outcome

  • Have credential or tokens or a way to authenticate that could be used by a CLI tool running on Github actions

Detailed steps

N/A

Screenshots

N/A

Logs

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@blucas blucas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: create github k8s service account nearform/initium-platform
2 participants
@LucaLanziani @blucas