Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ericogr/azenv
A tool to ease the creation of Azure DevOps environments for use with your pipelines.
https://github.com/ericogr/azenv
azure-devops devops kubernetes
Last synced: 3 months ago
JSON representation
A tool to ease the creation of Azure DevOps environments for use with your pipelines.
- Host: GitHub
- URL: https://github.com/ericogr/azenv
- Owner: ericogr
- License: gpl-3.0
- Created: 2022-10-27T00:20:51.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-17T14:43:45.000Z (about 1 year ago)
- Last Synced: 2024-06-19T19:48:34.874Z (8 months ago)
- Topics: azure-devops, devops, kubernetes
- Language: Go
- Homepage:
- Size: 111 KB
- Stars: 6
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Azure DevOps Environment Creation
Use this tool to set up an Azure DevOps [Environment]. An [Environment] is a collection of resources that can be targeted by deployments from a pipeline.
## Requirements
To run this tool, you need:
- [Azure DevOps] account
- Azure DevOps [PAT] with the following permissions:
- Environment (Read & manage)
- Service Connections (Read, query, & manage)
- For Kubernetes resources:
- [Kubernetes Cluster]
- [RBAC] access with the following permissions:
- get, create and patch namespaces
- get and create serviceaccounts
- get and create secrets
# Kubernetes Resources
For Kubernetes resources these are the resources that can be configured:
|Resource|Type|Can use existent|Notes|
|--------|----|----------------|-----|
|Environment|Azure DevOps|Yes|-|
|Environment Resource|Azure DevOps|No|it must be deleted before creating a new one|
|Service Connection|Azure DevOps|Yes|-|
|Namespace|Kubernetes|Yes|-|
|Service Account|Kubernetes|Yes|you have to create role/clusterrole and bind to service account your own|
|Secret|Kubernetes|Yes|-|
> **_NOTE:_** In some cases, cli will try to use existent resource before create a new one.
## Kubernetes detailed permissions
To create and get some resources, cli will need some permissions. See an example of ClusterRole below:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: azenv
rules:
- apiGroups:
- ""
resources:
- namespaces
- serviceaccounts
- secret
verbs:
- get
- create
- apiGroups:
- ""
resources:
- namespaces
verbs:
- patch
```
## Usage example
See above an example, the fields are self-explanatory. Replace by your own values.
```sh
./azenv \
create kubernetes \
--pat \
--project / \
--name \
--service-account / \
--service-connection \
--namespace-label label1=value1 \
--namespace-label label2=value2 \
--show-kubeconfig=false
```
[Azure DevOps]: https://azure.microsoft.com/en-us/free/
[Environment]: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/environments?view=azure-devops
[PAT]: https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows
[RBAC]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
[Kubernetes Cluster]: https://killercoda.com/kimwuestkamp/scenario/k8s1.24-serviceaccount-secret-changes