如何从 Azure DevOps 部署到 AWS Kubernetes [英] How to deploy to AWS Kubernetes from Azure DevOps

问题描述

我使用 Azure DevOps 来处理 PBI、存储库、PRS 和构建，但我的所有基础设施(包括 Kubernetes)都由 AWS 管理.

没有文档，也没有关于如何使用 Azure DevOps Tasks 部署到 AWS EKS 的正确且简单的方法".

我找到了

填写方框，然后按照所需的步骤从服务帐户中获取您的机密，如果您没有更改 yaml 文件，请记住是 deploy-robot.

然后只需使用您的 Kubernetes 连接:

I'm using Azure DevOps, to handle PBI, repos, PRS, and builds, but all my infrastructure, including Kubernetes is managed by AWS.

There's not documentation, neither "the right and easy way" of how to deploy to AWS EKS using Azure DevOps Tasks.

I found this solution, its a good solution, but would be awesome to know how you guys resolve it, or if there are more approaches.

解决方案

After a research and try and failure, I found another way to do it, without messing around with shell scripts.

You just need to apply the following to Kubernetes, It will create a ServiceAccount and bind it to a custom Role, that role will have the permissions to create/delete deployments and pods (tweak it for services permissions).

deploy-robot-conf.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: deploy-robot
automountServiceAccountToken: false
---
apiVersion: v1
kind: Secret
metadata:
  name: deploy-robot-secret
  annotations:
    kubernetes.io/service-account.name: deploy-robot
type: kubernetes.io/service-account-token
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: deploy-robot-role
  namespace: default
rules: # ## Customize these to meet your requirements ##
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["create", "delete"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: global-rolebinding
  namespace: default
subjects:
- kind: ServiceAccount
  name: deploy-robot
  namespace: default
roleRef:
  kind: Role
  name: deploy-robot-role
  apiGroup: rbac.authorization.k8s.io

This will have the minimum permissions needed for Azure DevOps be able to deploy to the cluster.

Note: Please tweak the rules at the role resource to meet your need, for instance services resources permissions.

Then go to your release and create a Kubernetes Service Connection:

Fill the boxes, and follow the steps required to get your secret from the service account, remember that is deploy-robot if you didn't change the yaml file.

And then just use your Kubernetes Connection:

这篇关于如何从 Azure DevOps 部署到 AWS Kubernetes的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！