vijay-veeranki
commented
4 years ago Worked on a spike using concourse as a gitops solution.
Prerequisites: Create a service account in every namespace, which have permissions for only that particular namespace.
Note: Secrets is not covered as part of this spike.
--> Created a concourse pipeline which will iterate though all the environment repo namespaces and do below tasks. a) Pick up repo url, which is an annotation in Namespace. b) Use a service account created in a namespace and create a config file of it and upload to s3. c) The pipeline above Create a separate Pipeline for environment/namespace using fly commands. with url and namespace as variables.
--> Pipeline created for environment will run a script in the user repo( which can be kubectl or helm commands), using the service account config from s3 bucket and apply resources in the cluster.
This would be a script which runs as a pipeline, following the source code URL in a namespace annotation and automatically deploying code from a specially-named folder.
related to #1158