KubeRig - The initEnvironment Task
On this page I am gathering some details on the initEnvironment
task that would otherwise have to be repeated in multiple places.
In Action
- KubeRig + microk8s
- KubeRig + Digital Ocean Kubernetes (DOKS)
- KubeRig + Google Kubernetes Engine (GKE)
- KubeRig + Elastic Kubernetes Service (Amazon EKS)
- planned KubeRig + minikube
- ...
Details
The initEnvironment
task is intented to make it easy to configure a KubeRig environment and start deploying resources to an existing Kubernetes Cluster.
The initEnvironment
task will make sure that:
- The environment directory (environments/$environment.name$) is created
- The environment configs file ($environment.name$-configs.properties) is created inside the environment directory.
- The api server url is added to the environment configs file as an encrypted value.
- The environment encryption key ($environment-name$.keyset.json) is generated inside the environment directory.
Everything except for the environment encryption key are safe to commit.
I advise you to create a secure backup of your environment encryption key.
Flags
--name
The name to use for the new environment.
--apiServerUrl
Mostly only usable for local development environments without authentication/authorization like microk8s.
No service account is created when using this flag.
--currentKubectlContext
When using the --currentKubectlContext
flag there is no need to specify the --apiServerUrl
flag because all details will be read from the kubectl
config file.
The --currentKubectlContext
flag triggers the initEnvironment to use the current Kubectl context to create the kuberig service account.
The kuberig service account is created in the namespace of the Kubectl context. In case no namespace is set the default namespace is used.
A kuberig-edit rolebinding is created granting ClusterRole edit to the kuberig service account.
The access token for the kuberig service acount is added to the environment and encrypted (see environments/$environment.name$/.encrypted.$environment.name$.access-token)
Limitations
The Kubectl configuration file has a lot of possible ways to configure access to a Kubernetes cluster and it will take more work to make the --currentKubectlContext
deal with them all.
Currently it is known to work for:
- Digital Ocean Kubernetes service
- Google Kubernetes Engine
- minikube
In case you run into problems please create an issue on github or jump in and create a pull-request.
Task Help
With Gradle it easy to get some more information about a task. So always remember that help is only a single command away.
If you run help --task initEnvironment
you get details about what arguments the task takes with additional information about them.
$ ./gradlew help --task initEnvironment
> Task :help
Detailed task information for initEnvironment
Path
:initEnvironment
Type
InitEnvironmentTask (eu.rigeldev.kuberig.gradle.tasks.InitEnvironmentTask)
Options
--apiServerUrl The URL of the api server of your cluster
--currentKubectlContext From the current kubectl context
--name The name of the environment that you want to create
Description
-
Group
kuberig
BUILD SUCCESSFUL in 0s
1 actionable task: 1 executed