From b57e671a7d0e415935ef171e02cc6c7cb7ff2093 Mon Sep 17 00:00:00 2001 From: Josh Mandel Date: Wed, 28 Aug 2024 18:05:18 -0500 Subject: [PATCH] Add service account config --- server/service-account.yaml | 100 ++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 server/service-account.yaml diff --git a/server/service-account.yaml b/server/service-account.yaml new file mode 100644 index 0000000..7d4c723 --- /dev/null +++ b/server/service-account.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: github-actions-deployer + namespace: vaxxlink +--- +apiVersion: v1 +kind: Secret +metadata: + name: github-actions-token + namespace: vaxxlink + annotations: + kubernetes.io/service-account.name: github-actions-deployer +type: kubernetes.io/service-account-token +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: vaxxlink + name: deployment-restarter +rules: +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch", "patch"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: github-actions-deployer-binding + namespace: vaxxlink +subjects: +- kind: ServiceAccount + name: github-actions-deployer + namespace: vaxxlink +roleRef: + kind: Role + name: deployment-restarter + apiGroup: rbac.authorization.k8s.io + +# Commands to run: +# +# 1. Apply the YAML file: +# kubectl apply -f service-account.yaml +# +# 2. Retrieve the token, certificate, and server information: +# KUBE_TOKEN=$(kubectl get secret github-actions-token -n vaxxlink -o jsonpath='{.data.token}' | base64 --decode) +# KUBE_CERTIFICATE=$(kubectl get secret github-actions-token -n vaxxlink -o jsonpath='{.data.ca\.crt}') +# KUBE_SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') +# +# 3. Create a JSON object with the Kubernetes configuration: +# KUBE_CONFIG=$(echo '{ +# "KUBE_TOKEN": "'$KUBE_TOKEN'", +# "KUBE_CERTIFICATE": "'$KUBE_CERTIFICATE'", +# "KUBE_SERVER": "'$KUBE_SERVER'" +# }' | jq -c .) +# +# 4. Display the JSON object to be added as a GitHub secret: +# echo "Add this JSON object as a secret named KUBE_CONFIG in your GitHub repository:" +# echo $KUBE_CONFIG +# +# 5. Add the JSON object as a secret to your GitHub repository: +# - Go to your GitHub repository +# - Navigate to Settings > Secrets and variables > Actions +# - Add a new repository secret: +# - Name: KUBE_CONFIG +# - Value: [Paste the JSON object from step 4] +# +# 6. Create a GitHub Actions workflow file in your repository: +# Create a file at .github/workflows/restart-deployment.yml with the following content: +# +# name: Restart Deployment +# on: +# workflow_dispatch: +# inputs: +# deployment_name: +# description: 'Name of the deployment to restart' +# required: true +# jobs: +# restart_deployment: +# runs-on: ubuntu-latest +# steps: +# - name: Configure Kubectl +# env: +# KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} +# run: | +# mkdir -p $HOME/.kube +# KUBE_TOKEN=$(echo $KUBE_CONFIG | jq -r .KUBE_TOKEN) +# KUBE_CERTIFICATE=$(echo $KUBE_CONFIG | jq -r .KUBE_CERTIFICATE) +# KUBE_SERVER=$(echo $KUBE_CONFIG | jq -r .KUBE_SERVER) +# echo "$KUBE_CERTIFICATE" | base64 --decode > $HOME/.kube/ca.crt +# kubectl config set-cluster argocluster-doks --server="$KUBE_SERVER" --certificate-authority=$HOME/.kube/ca.crt +# kubectl config set-credentials github-actions-deployer --token="$KUBE_TOKEN" +# kubectl config set-context argo --cluster=argocluster-doks --user=github-actions-deployer --namespace=vaxxlink +# kubectl config use-context argo +# - name: Restart Deployment +# run: | +# kubectl rollout restart deployment/vaxxlink -n vaxxlink