A template repository for a civic cloud cluster
- Customize email in 2 places in
cert-manager.issuers.yaml
- Customize hostname in 2 places in
grafana/release-values.yaml
- Add a secret named
BOT_GITHUB_TOKEN
containing a GitHub token that can write to the repository (this is needed for a workflow to be triggered by another workflow)- Create or reuse GitHub bot user with write access to the cluster repository
- Grant the GitHub bot user the write access to the cluster repository, and ensure that its invitation is accepted
- Create a Personal Access Token under the GitHub bot user with the
repo
andworkflow
scopes using a classic token with no expiration - Save the generated Personal Access Token to a secret called
BOT_GITHUB_TOKEN
under the cluster repository
- Add a secret named
KUBECONFIG_BASE64
containing connection and authentication details for writing manifests to your Kubernetes cluster-
Follow IaaS provider's instructions for setting up your local
kubectl
client to administer the provisioned Kubernetes cluster -
Manually apply
github-actions.serviceaccount.yaml
using your localkubectl
client to initialize the service account that GitHub Actions will use to handle deployments going forward:kubectl apply -f ./github-actions.serviceaccount.yaml
-
Install the
view-serviceaccount-kubeconfig
plugin forkubectl
to simplify generating aKUBECONFIG
for a service account:kubectl krew install view-serviceaccount-kubeconfig
-
Create a token and generate a base64-encoded
KUBECONFIG
file from it:kubectl --namespace kube-system create token github-actions \ | kubectl view-serviceaccount-kubeconfig \ | base64
-
Save the generated base64-encoded string to a secret called
KUBECONFIG_BASE64
under the cluster repository
-