Search code examples
kubernetesdeploymentcontinuous-deploymentkubectlservice-accounts

Kubernetes, deploy from within a pod

We have an AWS EKS Kubernetes cluster with two factor authentication for all the kubectl commands.

  1. Is there a way of deploying an app into this cluster using a pod deployed inside the cluster?
  2. Can I deploy using helm charts or by specifying service account instead of kubeconfig file?
  3. Can I specify a service account(use the one that is assigned to the pod with kubectl) for all actions of kubectl?

All this is meant to bypass two-factor authentication for the continuous deployment via Jenkins, by deploying jenkins agent into the cluster and using it for deployments. Thanks.

Solution

    1. You can use a supported Kubernetes client library or Kubectl or directly use curl to call rest api exposed by Kubernetes API Server from within a pod.

    2. You can use helm as well as long as you install it in the pod.

    3. When you call Kubernetes API from within a pod by default service account is used.Service account mounted in the pod need to have role and rolebinding associated to be able to call Kubernetes API.