DEV Community

ahn4
ahn4

Posted on • Edited on

3 1

Apply Kubernetes resources to AWS EKS Cluster - Bitbucket Pipeline

#kubernetes #aws #eks #bitbucket

Relation between EKS and Bitbucket

Apply k8s Deployment.

Official

We'll use this one in the pipeline.

The following is needed.

  1. AWS IAM.
  2. Role/ClusterRole and Binding.

AWS IAM

Simply create one of User. This user will not access to Console. We configure this user's key and token to BitBucket.

The user should have the following policy at least.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "eks:DescribeCluster"
            ],
            "Resource": "*"
        }
    ]
}
Enter fullscreen mode Exit fullscreen mode

Role/ClusterRole and Binding.

2 Resources are needed to be applied.

ClusterRole

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: bitbucket-cicd
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  - pods
  - services
  verbs:
  - get
  - list
  - update
  - patch
- apiGroups:
  - apps
  resources:
  - deployments
  - daemonsets
  - statefulsets
  - replicasets
  verbs:
  - get
  - list
  - update
  - patch
- apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - get
  - list
  - update
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: bitbucket-cicd-binding
subjects:
- kind: Group
  name: bitbucket-group
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: bitbucket-cicd
  apiGroup: rbac.authorization.k8s.io
Enter fullscreen mode Exit fullscreen mode

apiGroups: apiVersion is specified when we create k8s manifest. apiGroups is string up to the first slash in this version. The version should be ignored. If group name was v1 only for example, apiGroups will be empty string, We can get all of api groups, use the command kubectl api-resources.

verbes: All of verbes are here.

ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: bitbucket-cicd-binding
subjects:
- kind: Group
  name: bitbucket-group
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: bitbucket-cicd
  apiGroup: rbac.authorization.k8s.io
Enter fullscreen mode Exit fullscreen mode

subjects

Specify User, Group, or ServiceAccount to which the role is tied in this field.

kind: Will be User / Group / ServiceAccount.

name: Resource name of the kind.

Edit aws-auth

Map ClusterRoleBinding and IAM User.

kubectl edit -n kube-system configmap/aws-auth
Enter fullscreen mode Exit fullscreen mode

Mapping data will be like this...

apiVersion: v1
data:
  mapAccounts: |
    []  
  mapRoles: |
    - "userarn": "arn:aws:iam::{account id}:user/{IAM name}"
      "username": "bitbucket-cicd-user" # Name you like
      "groups":
      - "bitbucket-group" # Group name you specified in ClusterRoleBinding
-- omit.....
Enter fullscreen mode Exit fullscreen mode
profile
Postmark
 Promoted

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

iaasgeek profile image

Primeros pasos con AWS PartyRock

Guillermo Ruiz -

leewalter profile image

Exploring new AWS EKS auto mode. What is it ? Why it is useful ? How to quick start ?

Walter Lee -

carlosfilho profile image

New AWS WAF Feature: Top Insights Visualizations

Carlos Filho -

aurelievache profile image

Understanding Kubernetes: part 54 – StatefulSet

Aurélie Vache -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay