Kubernetes

Runs kubectl commands in a Kubernetes cluster. There’s no need to provide the kubectl piece of the command in the script.

Type: k8s

Configuration

Name	Required	Description
`KUBE_CONFIG_DATA`	yes	A base64 encoded kubeconfig file.

How to generate a base64 Kubeconfig file

Examples

shell
runops tasks create --target k8s-type -s 'get pods'runops tasks create --target k8s-type -s 'get deploy -n runops'

Generating the KUBE_CONFIG_DATA

Explain how to create a base64 Kubeconfig file to interact with a Kubernetes Cluster thought Runops.

Kubeconfig from an existent config

It should be used in testing environments, like evaluating with minikube or a test Kubernetes Cluster.

shell
kubectl config view --raw -o json |jq . -c |base64

:::caution WARNING This command will dump all configurations in case of multiple configurations in your local $HOME/.kube/config. :::

Kubeconfig from a Service Account

All resources we create in this guide are isolated in the runops namespace. You can erase everything created here by deleting this namespace at any point.

Create a Service Account for Runops:

shell
kubectl -n runops create serviceaccount runops-edit

Configure the new service account with the permissions you want to set for the Runops Connection you are creating. You can copy and paste this example with edit access, ensuring that you use the service account from step 1 was created:

shell
cat << EOF | kubectl apply -f -apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: runops-editroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: editsubjects:- kind: ServiceAccount  name: runops-edit  namespace: runopsEOF

You can update the kind to RoleBinding and the namespace to allow access to a single namespace. Also: updating the roleRef.name to view will allow read-only access instead of read and edit.

Set up the following environment variables with access data needed for producing a new kubeconfig file:

shell
export USER_TOKEN_NAME=$(kubectl -n runops get serviceaccount runops-edit -o=jsonpath='{.secrets[0].name}')export USER_TOKEN_VALUE=$(kubectl -n runops get secret/${USER_TOKEN_NAME} -o=go-template='{{.data.token}}' | base64 --decode)export CURRENT_CONTEXT=$(kubectl config current-context)export CURRENT_CLUSTER=$(kubectl config view --raw -o=go-template='{{range .contexts}}{{if eq .name "'''${CURRENT_CONTEXT}'''"}}{{ index .context "cluster" }}{{end}}{{end}}')export CLUSTER_CA=$(kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}"{{with index .cluster "certificate-authority-data" }}{{.}}{{end}}"{{ end }}{{ end }}')export CLUSTER_SERVER=$(kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}{{ .cluster.server }}{{end}}{{ end }}')

Generate a Kubeconfig file with these values:

shell
cat << EOF > runops-edit-config
apiVersion: v1kind: Configcurrent-context: ${CURRENT_CONTEXT}contexts:- name: ${CURRENT_CONTEXT}  context:    cluster: ${CURRENT_CONTEXT}    user: runops-edit    namespace: runopsclusters:- name: ${CURRENT_CONTEXT}  cluster:    certificate-authority-data: ${CLUSTER_CA}    server: ${CLUSTER_SERVER}users:- name: runops-edit  user:    token: ${USER_TOKEN_VALUE}EOF

Base64 encode the generated kubeconfig and add the result to the KUBE_CONFIG_DATA variable of your Runops Connection:

shell
cat runops-edit-config | base64