我正在使用Azure DevOps来处理PBI,存储库,PRS和构建,但是我所有的基础架构(包括Kubernetes)都由AWS管理.
I'm using Azure DevOps, to handle PBI, repos, PRS, and builds, but all my infrastructure, including Kubernetes is managed by AWS.
没有文档,也没有有关如何使用Azure DevOps任务将其部署到AWS EKS的正确而简便的方法".
There's not documentation, neither "the right and easy way" of how to deploy to AWS EKS using Azure DevOps Tasks.
我发现此解决方案,它是一个很好的解决方案,但是知道你们是如何解决它的,或者是否有更多方法,真是太棒了.
I found this solution, its a good solution, but would be awesome to know how you guys resolve it, or if there are more approaches.
推荐答案经过研究并尝试失败后,我发现了另一种方法,而又不会弄乱shell脚本.
After a research and try and failure, I found another way to do it, without messing around with shell scripts.
您只需要将以下内容应用于Kubernetes,它将创建一个ServiceAccount并将其绑定到自定义角色,该角色将具有创建/删除部署和pod的权限(将其调整为服务权限).
You just need to apply the following to Kubernetes, It will create a ServiceAccount and bind it to a custom Role, that role will have the permissions to create/delete deployments and pods (tweak it for services permissions).
deploy-robot-conf.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: deploy-robot automountServiceAccountToken: false --- apiVersion: v1 kind: Secret metadata: name: deploy-robot-secret annotations: kubernetes.io/service-account.name: deploy-robot type: kubernetes.io/service-account-token --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: deploy-robot-role namespace: default rules: # ## Customize these to meet your requirements ## - apiGroups: ["apps"] resources: ["deployments"] verbs: ["create", "delete"] - apiGroups: [""] resources: ["pods"] verbs: ["create", "delete"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: global-rolebinding namespace: default subjects: - kind: ServiceAccount name: deploy-robot namespace: default roleRef: kind: Role name: deploy-robot-role apiGroup: rbac.authorization.k8s.io这将具有Azure DevOps能够部署到群集所需的最低权限.
This will have the minimum permissions needed for Azure DevOps be able to deploy to the cluster.
注意:请调整角色资源上的规则以满足您的需求,例如服务资源权限.
Note: Please tweak the rules at the role resource to meet your need, for instance services resources permissions.
然后转到您的发行版并创建Kubernetes服务连接:
Then go to your release and create a Kubernetes Service Connection:
填写方框,然后按照从服务帐户获取机密所需的步骤进行操作,请记住,如果您未更改yaml文件,则为 deploy-robot .
Fill the boxes, and follow the steps required to get your secret from the service account, remember that is deploy-robot if you didn't change the yaml file.
然后只需使用您的Kubernetes连接:
And then just use your Kubernetes Connection:
更多推荐
如何从Azure DevOps部署到AWS Kubernetes
发布评论