An Op that facilitates the management of Kubernetes clusters.
The Op currently supports public clusters managed with:
This op has been built and tested only with EKS and GKE clusters; we cannot guarantee the op will work for any custom/vanilla Kubernetes cluster.
❗️ Please consider running this op on a test cluster before running it on production clusters.
Before running the op, please set the cloud specific credentials as secrets, following the instructions below. In order for the op to automatically retrieve these secrets, please reference the details below for the exact key names you should use when storing them. If the auto-match fails, the op users will be prompted to select an option from the available list of secrets every time they run the op.
Please refer to this URL for instructions on how to find your AWS Account Number. Once identified, run the following command to save it as a secret in your Ops team:
ops secrets:set -k AWS_ACCOUNT_NUMBER -v <VALUE>
This op is built to support EKS clusters leveraging AWS IAM authenticator. To use this op, we recommend you create a dedicated machine user with programmatic access enabled. The user should be configured with the correct RBAC to list and create resources in the cluster. Ask a cluster admin to run
kubectl edit configmap -n kube-system aws-auth and add the user's details under
mapUsers. Additionally, the following predefined permissions policy might be required for all of the features in this op to function as expected:
Please refer to this URL for instructions and best practices on how to generate these access keys. Once ready, run the following commands to save them as secrets in your Ops team, replacing
<value> with your value:
ops secrets:set -k AWS_ACCESS_KEY_ID -v <value> ops secrets:set -k AWS_SECRET_ACCESS_KEY -v <value>
The following predefined roles are required for all of the features in this op to function as expected:
Please refer to this URL for instructions on how to create a service account with the above mentioned permissions. Once created, you will need to create a private key for the respective service account and download it to your computer (JSON). When ready, run the following command to save the credentials as a secret in your Ops team, replacing
<key_file> with the full path to your credentials JSON file:
ops secrets:set -k GOOGLE_APPLICATION_CREDENTIALS -v "$(cat <key_file> | tr -d '\n')"
ops run k8s
/ops run k8s
Allows the user to save the cluster configuration (kubeconfig content) under a specific name in the Op team secrets.
List pods/deployments under a specific namespace or across all namespaces.
If you would like to interact with the cluster directly from your machine to debug/test things as you use the op or add additional features, you should consider the following:
kubectl config use-context <kubeconfig_file>
[k8s-creds] aws_access_key_id = xxxxxx aws_secret_access_key = xxxxxx
AWS integration -
GCP integration -
To add a new provider:
See the Contributing Docs for more information.