Kubernetes
Command: New-OctopusKubernetesTarget
Parameter | Cloud Provider | Value |
---|---|---|
-name | Name for the Octopus deployment target. | |
-clusterUrl | The Kubernetes cluster URL. This must be a complete URL such as https://mycluster.org . | |
-octopusServerCertificateIdOrName | The name of the Octopus certificate to use as the cluster CA. | |
-octopusRoles | Comma separated list of target tags to assign. | |
-octopusAccountIdOrName | Azure, AWS, GCE | The name of the Octopus account used for authentication with the cluster. This or the -octopusClientCertificateIdOrName option must be defined. |
-octopusClientCertificateIdOrName | The name of the Octopus certificate used for authentication with the cluster. This or the -octopusAccountIdOrName option must be defined. | |
-clusterResourceGroup | When using an Azure account, this defines the name of the resource group that holds the AKS cluster. | |
-clusterAdminLogin | Azure | Set to $True when building an AKS target to use the admin login. |
-clusterName | Azure, AWS | When using a AWS or Azure account, this defines the name of the EKS or AKS cluster. |
-namespace | The default kubectl namespace. | |
-updateIfExisting | Will update an existing Kubernetes target with the same name, create if it doesn’t exist. | |
-skipTlsVerification | The server’s certificate will not be checked for validity. This will make your HTTPS connections insecure. | |
-octopusDefaultWorkerPoolIdOrName | Name or Id of the Worker Pool for the deployment target to use. (Optional). Added in 2020.6. | |
-healthCheckContainerImageFeedIdOrName | Name or Id of the feed that contains the health check container image. Added in 2021.2. | |
-healthCheckContainerImage | The name of the health check container image. Added in 2021.2. | |
-clusterProject | GCE | The ID of the GCE project containing the GKE cluster to connect to. |
-clusterRegion | GCE | The name of the GKE cluster region (for regional clusters). |
-clusterZone | GCE | The name of the GKE cluster zone (for zonal clusters). |
-clusterImpersonateServiceAccount | GCE | Set to $True to impersonate service accounts when defining a GKE cluster. |
-clusterServiceAccountEmails | GCE | Defines the service account emails to assume when defining a GKE cluster. |
-clusterUseVmServiceAccount | GCE | Set to $True to use the service account assigned to the virtual machine hosting the GKE target worker. |
-awsUseWorkerCredentials | AWS | Will create a Kubernetes Target configured to authenticate to AWS using Worker Credentials. -octopusAccountIdOrName option must not be defined. |
-awsAssumeRoleArn | AWS | Adds an IAM Role to AWS Credentials. Can only be used with an AWS Account in -octopusAccountIdOrName or with -awsUseWorkerCredentials . |
-awsAssumeRoleSession | AWS | Adds a Session Name to the IAM Role configuration. Can only be used when -awsAssumeRoleArn is used. |
-awsAssumeRoleSessionDurationSeconds | AWS | Adds a Session Duration in Seconds to the IAM Role Configuration. Can only be used when -awsAssumeRoleArn is used. |
-awsAssumeRoleExternalId | AWS | Adds an External Id to the IAM Role Configuration. Can only be used when -awsAssumeRoleArn is used. |
Examples
Create a target with a username/password or token account.
New-OctopusKubernetesTarget `
-name "The name of the target" `
-clusterUrl "https://k8scluster" `
-octopusRoles "The target tag" `
-octopusAccountIdOrName "The name of an account" `
-namespace "kubernetes-namespace" `
-updateIfExisting `
-skipTlsVerification True
When creating a target with a client certificate, the name of the certificate is required.
New-OctopusKubernetesTarget `
-name "The name of the target" `
-clusterUrl "https://k8scluster" `
-octopusRoles "The target tag" `
-octopusClientCertificateIdOrName "The name of a certificate" `
-namespace "kubernetes-namespace" `
-updateIfExisting `
-skipTlsVerification True
When creating a target using an Azure account, the cluster URL and certificates are not required. The Azure resource group and AKS name are required.
New-OctopusKubernetesTarget `
-name "The name of the target" `
-octopusRoles "The target tag" `
-octopusAccountIdOrName "The name of an azure account" `
-clusterResourceGroup "AzureResourceGroupName" `
-clusterName "AzureAKSClusterName" `
-namespace "kubernetes-namespace" `
-updateIfExisting `
-skipTlsVerification True
When creating a target using an AWS account with optional IAM Role, the EKS cluster name is required.
Note: When using an IAM Role, Session, Session Duration and External ID are not required if the default is preferred.
New-OctopusKubernetesTarget `
-name "The name of the target" `
-octopusRoles "The target tag" `
-clusterUrl "https://k8scluster" `
-octopusAccountIdOrName "The name of an aws account" `
-clusterName "AwsEKSClusterName" `
-namespace "kubernetes-namespace" `
-updateIfExisting `
-skipTlsVerification True `
-awsAssumeRoleArn "MyIamRoleArnHere"`
-awsAssumeRoleSession "MySessionNameHere"`
-awsAssumeRoleSessionDurationSeconds 1200`
-awsAssumeRoleExternalId "MyExternalIdHere"
When creating a target using AWS Worker Credentials, use the -awsUseWorkerCredentials
option. The
IAM Role options in the example above can also be used.
Note: In this case, no -octopusAccountIdOrName
is required.
New-OctopusKubernetesTarget `
-name "The name of the target" `
-octopusRoles "The target tag" `
-clusterUrl "https://k8scluster" `
-clusterName "AwsEKSClusterName" `
-namespace "kubernetes-namespace" `
-updateIfExisting `
-skipTlsVerification True `
-awsUseWorkerCredentials
When creating a GKE target, the GCE project, region or zone, and cluster names are required:
New-OctopusKubernetesTarget `
-name dynamicGKE `
-octopusRoles gke `
-environment Development `
-octopusAccountIdOrName Google `
-clusterProject kubernetes-demo-198002 `
-clusterRegion australia-southeast1 `
-clusterName mattc-test `
-updateIfExisting
If your process creates dynamic deployment targets from a script, and then deploys to those targets in a subsequent step, make sure you add a full health check step for the role of the newly created targets after the step that creates and registers the targets.
This allows Octopus to ensure the new targets are ready for deployment by staging packages required by subsequent steps that perform the deployment.
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Thursday, June 27, 2024