Unattended Flux installation by automated deploy key management #2273
Labels
kind/feature
New feature or request
Comments
mumoshu
changed the title
mumoshu
changed the title
5 tasks
mumoshu
added a commit
to mumoshu/eksctl
that referenced
this issue
May 30, 2020
You don't need to manually add GitHub deploy keys anymore. This feature enables you to install Flux via eksctl in an unattended way, by automatically creating GitHub deply key on cluster creation and on `eksctl enable repo`, and by automatically deleting the deploy key on cluster deletion. All you need to use this feature is providing `GITHUB_TOKEN` that has access to your repository's deploy keys, and a standard cluster.yaml that contains a `git` configuration for installing Flux. Usage: ``` $ eksctl create cluster -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` ``` $ eksctl delete cluster -f cluster.yaml eksctl automatically deletes the deploy key named `eksctl-REGION-NAME` by calling GitHub API ``` ``` $ eksctl enable repo -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` Resolves eksctl-io#2273
mumoshu
added a commit
to mumoshu/eksctl
that referenced
this issue
May 30, 2020
You don't need to manually add GitHub deploy keys anymore. This feature enables you to install Flux via eksctl in an unattended way, by automatically creating GitHub deply key on cluster creation and on `eksctl enable repo`, and by automatically deleting the deploy key on cluster deletion. All you need to use this feature is providing `GITHUB_TOKEN` that has access to your repository's deploy keys, and a standard cluster.yaml that contains a `git` configuration for installing Flux. Usage: ``` $ eksctl create cluster -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` ``` $ eksctl delete cluster -f cluster.yaml eksctl automatically deletes the deploy key named `eksctl-REGION-NAME` by calling GitHub API ``` ``` $ eksctl enable repo -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` Please also note that this feature has an extra ability to make the deploy key "read-only". With the read-only deploy key, If you prefer that, you can effectively block Flux from ever pushing commits to the repository. This can be enabled by setting `git.readOnly` to `true` or passing `--readonly` to `eksctl enable repo`. Resolves eksctl-io#2273
mumoshu
added a commit
to mumoshu/eksctl
that referenced
this issue
May 30, 2020
You don't need to manually add GitHub deploy keys anymore. This feature enables you to install Flux via eksctl in an unattended way, by automatically creating GitHub deply key on cluster creation and on `eksctl enable repo`, and by automatically deleting the deploy key on cluster deletion. All you need to use this feature is providing `GITHUB_TOKEN` that has access to your repository's deploy keys, and a standard cluster.yaml that contains a `git` configuration for installing Flux. Usage: ``` $ eksctl create cluster -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` ``` $ eksctl delete cluster -f cluster.yaml eksctl automatically deletes the deploy key named `eksctl-REGION-NAME` by calling GitHub API ``` ``` $ eksctl enable repo -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` Please also note that this feature has an extra ability to make the deploy key "read-only". With the read-only deploy key, If you prefer that, you can effectively block Flux from ever pushing commits to the repository. This can be enabled by setting `git.readOnly` to `true` or passing `--readonly` to `eksctl enable repo`. Resolves eksctl-io#2273
mumoshu
added a commit
to mumoshu/eksctl
that referenced
this issue
May 30, 2020
You don't need to manually add GitHub deploy keys anymore. This feature enables you to install Flux via eksctl in an unattended way, by automatically creating GitHub deply key on cluster creation and on `eksctl enable repo`, and by automatically deleting the deploy key on cluster deletion. All you need to use this feature is providing `GITHUB_TOKEN` that has access to your repository's deploy keys, and a standard cluster.yaml that contains a `git` configuration for installing Flux. Usage: ``` $ eksctl create cluster -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` ``` $ eksctl delete cluster -f cluster.yaml eksctl automatically deletes the deploy key named `eksctl-REGION-NAME` by calling GitHub API ``` ``` $ eksctl enable repo -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` Please also note that this feature has an extra ability to make the deploy key "read-only". With the read-only deploy key, If you prefer that, you can effectively block Flux from ever pushing commits to the repository. This can be enabled by setting `git.readOnly` to `true` or passing `--readonly` to `eksctl enable repo`. Resolves eksctl-io#2273
mumoshu
added a commit
to mumoshu/eksctl
that referenced
this issue
Jun 4, 2020
You don't need to manually add GitHub deploy keys anymore. This feature enables you to install Flux via eksctl in an unattended way, by automatically creating GitHub deply key on cluster creation and on `eksctl enable repo`, and by automatically deleting the deploy key on cluster deletion. All you need to use this feature is providing `GITHUB_TOKEN` that has access to your repository's deploy keys, and a standard cluster.yaml that contains a `git` configuration for installing Flux. Usage: ``` $ eksctl create cluster -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` ``` $ eksctl delete cluster -f cluster.yaml eksctl automatically deletes the deploy key named `eksctl-REGION-NAME` by calling GitHub API ``` ``` $ eksctl enable repo -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` Please also note that this feature has an extra ability to make the deploy key "read-only". With the read-only deploy key, If you prefer that, you can effectively block Flux from ever pushing commits to the repository. This can be enabled by setting `git.readOnly` to `true` or passing `--readonly` to `eksctl enable repo`. Resolves eksctl-io#2273
martina-if
pushed a commit
that referenced
this issue
Jun 4, 2020
…deploy key) (#2274) Unattended Flux installation (automatic addition of deploy key) You don't need to manually add GitHub deploy keys anymore. This feature enables you to install Flux via eksctl in an unattended way, by automatically creating GitHub deply key on cluster creation and on `eksctl enable repo`, and by automatically deleting the deploy key on cluster deletion. All you need to use this feature is providing `GITHUB_TOKEN` that has access to your repository's deploy keys, and a standard cluster.yaml that contains a `git` configuration for installing Flux. Usage: ``` $ eksctl create cluster -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` ``` $ eksctl delete cluster -f cluster.yaml eksctl automatically deletes the deploy key named `eksctl-REGION-NAME` by calling GitHub API ``` ``` $ eksctl enable repo -f cluster.yaml eksctl automatically creates a deploy key named `eksctl-REGION-NAME` from the public ssh key generated by Flux ``` Please also note that this feature has an extra ability to make the deploy key "read-only". With the read-only deploy key, If you prefer that, you can effectively block Flux from ever pushing commits to the repository. This can be enabled by setting `git.readOnly` to `true` or passing `--readonly` to `eksctl enable repo`. Resolves #2273
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Why do you want this feature?
As of today,
eksctl create clusterandeksctl enable repocan setup a GitOps config repo and install Flux manifests into the cluster automatically. But you still need to manually register a deploy key emitted by eksctl to e.g. GitHub to allow the installed Flux to successfully pull manifests from the config repo. This manual step prevents me from fully automating cluster creation.What feature/behavior/change do you want?
Given that GitHub has a dedicated API for creating and deleting deploy keys, there can be two options.
Enhance eksctl to allow exporting the public key generated by Flux on
eksctl create clusterandeksctl enable repo, so that we can possibly use external tool(s) to create a deploy key from the exported flux ssh public key.Enhance eksctl to create the deploy key on your behalf.
I believe the latter is nicer for U/X.
The text was updated successfully, but these errors were encountered: