search

buildkite / agent-stack-k8s

Spin up an autoscaling stack of Buildkite Agents on Kubernetes
MIT License
79 stars 30 forks source link

feat: allow ssh-credentials to be set in agent and plugin #248

Open 42atomys opened 8 months ago

42atomys commented 8 months ago

Description

This pull request introduces the capability to configure ssh credentials directly in the Buildkite agent and plugin settings. This feature enhances security and flexibility by allowing users to set up git access credentials, improving the management and use of private repositories in CI/CD workflows.

This pull request put gitFromEnv as deprecated because this is not relevante to the usage (currently this field is used to set a ssh credentials and can be also used as envFrom override). The gitFromEnv still working for backward compatibility but as the project are not stable yet, what is the vision about deprecated lifecycle ?

⚠️ DEPRECATED ⚠️

The method for setting git credentials in Buildkite agents stack and k8s plugins is changing. Please update your configurations to use the new method introduced in PR #248 for enhanced security and flexibility. 

# DEPRECATED WAY
gitEnvFrom:
- secretRef: { name: agent-stack-k8s }
# REPLACEMENT
ssh-credentials-secret: agent-stack-k8s
42atomys commented 8 months ago

Hi @triarius, We start the pod spec at the agent level with the ssh-credentials, other pull request will come today with the pod-spec-patch feature 🚀

I have multiple question about the future of this agent-k8s-stack and the vision to be align with it, can we discuss via Slack ?

triarius commented 8 months ago

Hi @42atomys, sure, but our timezones might make synchronous conversation hard. It might be best to email support@buildkite.com, and they can arrange some channel for us to communicate.

triarius commented 8 months ago

I've run the CI pipeline on your branch, @42atomys. There are some failures: https://buildkite.com/buildkite-kubernetes-stack/kubernetes-agent-stack/builds/1040#018d97ce-c014-46c9-8704-516f22867af4

42atomys commented 8 months ago

@triarius I will send a message today to support@buildkite.com and sorry about the errors, a stash still on my computer. My bad

Currently on the last failling test

42atomys commented 8 months ago

@triarius Trying to run integration test in an empty organization, but job is not taked by the agent, I dont found the source. I found an issue and resolve it. Sorry for the test approval train :pray:

peterkracik commented 8 months ago

this would be really helpful 🙏