- Install the Plain Credentials Plugin and the Kubernetes Cli Plugin
- Upload your kubeconfig as a Secret file to Jenkins
- Ensure you have applied an auth config map with a mapping from IAM to cluster role
- Ensure that your agents have the correct IAM role to map with a permission in config-map (IAM Instance Profile on the EC2 Cloud plugin)
Last active
November 1, 2021 08:51
-
-
Save apr-1985/6d18ed64b863b4b0f079f3aa689d1e0b to your computer and use it in GitHub Desktop.
Run kubectl against EKS from Jenkins agent
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is the Init Script run on the Jenkins agent (in my case I am using the EC2 cloud plugin) | |
| # It installs kubectl and and aws-iam-authenticator and puts them on the path | |
| curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/kubectl | |
| curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator | |
| chmod +x ./aws-iam-authenticator | |
| chmod +x ./kubectl | |
| sudo mv ./aws-iam-authenticator /usr/local/bin/ | |
| sudo mv ./kubectl /usr/local/bin/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: aws-auth | |
| namespace: kube-system | |
| data: | |
| mapRoles: | | |
| - rolearn: arn:aws:iam::12345:role/mycluster.worker-node-role | |
| username: system:node:{{EC2PrivateDNSName}} | |
| groups: | |
| - system:bootstrappers | |
| - system:nodes | |
| - rolearn: arn:aws:iam::1234:role/Jenkins.test.ec2-role | |
| username: jenkins | |
| groups: | |
| - system:masters |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| clusters: | |
| - cluster: | |
| server: https://ABC1234.yl4.eu-west-1.eks.amazonaws.com | |
| certificate-authority-data: <REDACTED> | |
| name: kubernetes | |
| contexts: | |
| - context: | |
| cluster: kubernetes | |
| user: jenkins | |
| name: jenkins-context | |
| current-context: jenkins-context | |
| kind: Config | |
| preferences: {} | |
| users: | |
| - name: jenkins | |
| user: | |
| exec: | |
| apiVersion: client.authentication.k8s.io/v1alpha1 | |
| command: aws-iam-authenticator | |
| args: | |
| - "token" | |
| - "-i" | |
| - "mycluster" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pipeline { | |
| agent {label "kubectl"} | |
| stages { | |
| stage('Checkout Base Image repo') { | |
| steps { | |
| checkout([$class: 'GitSCM', | |
| branches: [[name: '*/master']], | |
| doGenerateSubmoduleConfigurations: false, | |
| extensions: [[$class: 'CleanCheckout']], | |
| submoduleCfg: [], | |
| userRemoteConfigs: [[credentialsId: 'Gitlab', url: '[email protected]:PROJECT/eks-demo.git']] | |
| ]) | |
| } | |
| } | |
| stage('run kubectl') { | |
| steps { | |
| script { | |
| withKubeConfig([credentialsId: 'jenkinsKubeConfig']) { | |
| sh 'kubectl apply -f sample_apps/deployment.yml' | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment