search

apache / openserverless

Apache OpenServerless (incubating)
https://openserverless.apache.org
Apache License 2.0
421 stars 14 forks source link

PoC: verifiy if it is possible to access to a kubernetes cluster with a secret on 1password #52

Closed sciabarracom closed 2 months ago

sciabarracom commented 3 months ago

We need to setup the testing infrastructure which includes setting a lot of secrets that will be read by github actions.

Since the GitHub secrets are managed by Apache infra and we need to open a ticket for each change it is impractical to keep the secrets in Github so I plan to move all the secrets to 1password and only put a service token as a secret in GitHub.

So please to this test:

  1. put in 1password a kubernetes cluster config and an ssh key
  2. get a service token
  3. write a github action using this: https://github.com/marketplace/actions/load-secrets-from-1password that retrieves the secret
  4. verify you can access to the kubernetes cluster (for example kubectl get nodes) and the ssh server (example ssh root@server uptime)
d4rkstar commented 2 months ago

@sciabarracom I've a working PoC here: https://github.com/d4rkstar/poc-52/blob/main/.github/workflows/publish-docker.yml