Boost your CICD with qbconf, a razor-fast and small-footprint CLI tool to generate kubeconfig for your Kubernetes clusters with build-in authentication to cloud providers
Intro
When applications need to get deployed to Kubernetes, the time your CICD takes to do so will determine your “time to market.” Keeping this value low has, of course, a positive impact on your business.
At #Raftech we understand these factors, which is why we have developed qbconf, which allows us to seamlessly integrate generating kubeconfig in our pipelines and terminals.
The key features of recently published v1.0.0 are:
- Works with AWS natively
- Works with GitHub Actions OIDC
- Has minimal footprint
These features allow you to integrate the toolkit into your existing pipelines and, at the same time, reduce the need to have a full-blown AWS CLI to generate kubeconfig.
Installing the CLI
For most of the engineers the best method to install it would be via brew
brew tap RaftechNL/toolbox brew install raftechnl/toolbox/qbconf
If however, you would like to install it on your system by downloading it then the following shell script will help
#!/bin/bash
# Fetch the latest release version from Github API
VERSION=$(curl --silent "https://api.github.com/repos/RaftechNL/qbconf/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
# Set the URL of the tarball for the latest release
URL="https://github.com/RaftechNL/qbconf/releases/download/${VERSION}/qbconf_${VERSION}_darwin_x86_64.tar.gz"
# Download and install the latest release
curl -L ${URL} | tar xz
chmod +x qbconf
sudo mv qbconf /usr/local/bin/
And since we are container friendly, we have bundles of tools available for you. Check our page describing the bundles at https://github.com/RaftechNL/public-ecr/ and head to our ECR public gallery to grab the image you need https://gallery.ecr.aws/raftech
Using the CLI
The design of the commands allows us to use the tool in a very intuitive manner.
There are three base modes of operating ( at the moment of writing this article )
Generate using existing AWS credentials
## generates kubeconfig for aws eks cluster by using provided credentials qbconf generate aws --cluster-name XXX --region us-east-1
Generate using AWS credentials by assuming an IAM role
## generates kubeconfig for aws eks cluster by assuming given role ( uses provided credentials ) qbconf generate aws --cluster-name XXX --region us-east-1 --with-assume-role --role-arn "arn:aws:iam::12334556:role/AWSMagicRole"
Generate using GitHub Actions OIDC provider
## generates kubeconfig for aws eks cluster by assuming given role ( uses oidc credentials ) qbconf generate aws --cluster-name XXX --region us-east-1 --with-gha-oidc --role-arn "arn:aws:iam::12334556:role/AWSMagicRole"
Outro
In our use cases, we have noticed an increase in delivery speed for our deployments, along with the ability to reduce our containers’ image size when not needing to run the full AWS CLI to generate kubeconfig.
We extend big thanks to everyone who provided us with the first rounds of feedback, which allowed mature production stable release!
If you would like to contribute to extending configurations to other cloud providers, you can find the CLI repo in our Github organization https://github.com/RaftechNL/qbconf/
