knowledge-base
Gitlab & EKS
创建IAM User&Group
User:gitlab-ci,保存生成的Access key ID和Secret Access Key,后面会用到
Group:Gitlab.CI,添加Policy如下:
| Policy Name |
|---|
 AmazonEKSWorkerNodePolicy |
| AmazonEC2ContainerRegistryFullAccess |
| AmazonEC2ContainerRegistryReadOnly |
| AmazonEC2ContainerServiceFullAccess |
| AmazonEKS_CNI_Policy |
将user gitlab-ci添加到Group Gitlab.CI
将IAM User添加到ConfigMap
kubectl edit cm aws-auth -n kube-system
在mapUsers键追加:
- "groups":
- "system:masters"
"userarn": "arn:aws:iam::xxxxxxx:user/gitlab-ci"
"username": "gitlab-ci"
Gitlab仓库设置
Setting => CI/CD => Variables,添加变量:
- AWS_ACCESS_KEY_ID:
- AWS_SECRET_ACCESS_KEY:
Gitlab仓库.gitlab-ci.yml