This repository contains Fabrikate high-level definitions (HLD) for MagicAKS.
MagicAKS sets up Flux (GitOps) to track the Kubernetes (K8s) manifest repository ("manifest repo" for short). Any changes made to Fabrikate definitions here will trigger the GitHub Actions pipeline (.github/workflows/main.yml
) and push new changes to the manifest repo and those changes will eventually be reflected in the cluster.
The build.sh
script, executed by the pipeline, creates the necessary role-based access control (RBAC) configuration, which is then placed in the Fabrikate generated folder and pushed to the manifest repo.
Execute the following steps to initialize Flux (GitOps) for your cluster:
-
Edit the
users.yaml
file to specify the list of users and groups that have access to the clusterImportant: User and group object IDs are specific to an AAD tenant. Make sure to retrieve the user and group object IDs from the AAD tenant that governs the RBAC access to the cluster.
- Since MagicAKS is a RBAC enabled cluster, users and groups are defined in Azure Active Directory (AAD). You can retrieve the object IDs of users and groups from AAD in Azure Portal or by command line tools. Examples using Azure CLI:
-
User object ID:
az ad user show --id "<user principal name>" --query objectId --out tsv
-
Group object ID:
az ad group show --group "<group name>" --query objectId --out tsv
-
- Since MagicAKS is a RBAC enabled cluster, users and groups are defined in Azure Active Directory (AAD). You can retrieve the object IDs of users and groups from AAD in Azure Portal or by command line tools. Examples using Azure CLI:
-
Create a secret for this repository containing an access token so that the GitOps process can monitor repositories and update manifests
- Create a personal access token with repo scope (full control of private repositories)
Note: Make sure to copy the access token value once created, because you cannot access it again.
- Create a repository secret, named
ACCESS_TOKEN
, for this repository using the value of the personal access token
- Create a personal access token with repo scope (full control of private repositories)
-
Duplicate the manifest repo to create one for yourself using the following link:
https://github.com/magicaks/k8smanifests/generate
-
Change the value of the
REPO
variable in the last step of the.github/workflows/main.yml
pipeline file to point to your new manifest repo created in the previous step -
Make sure the build script and the Fabrikate executable have execute permissions set so that the GitHub Actions pipeline can run them:
git update-index --chmod=+x build.sh git update-index --chmod=+x bin/fab
Note: These changes too need to be committed (
git commit
). -
Commit and push the changes made
- This will trigger the GitHub Actions pipeline, which runs Fabrikate to generate the K8s manifests and pushes them to the manifest repo
- Check the output of the pipeline to ensure everything ran well; if the run was successful, you should see changes applied to your manifest repo