vault-demo
aws
Our great sponsors
vault-demo | aws | |
---|---|---|
2 | 6 | |
- | - | |
- | - | |
- | - | |
- | - | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vault-demo
-
Vault root token using terraform?
GitLab supports jwt. This allows the pipeline job to generate a one time use token to authenticate to vault. Here are a few examples on how to do this. https://gitlab.com/bdowney/vault-demo/-/blob/master/.gitlab-ci.yml
-
AWS federation comes to GitHub Actions
There are a couple approaches. GitLab's JWT token allows custom scripting to interface it to other systems. This demo shows custom integration with Vault (it also demonstrates our native integration - so you have to parse out which code you are looking at): https://gitlab.com/bdowney/vault-demo
Another approach is placing a GitLab runner within AWS and assigning it an IAM role directly. While this isn't as flexible, it is also not as complex to debug why a specific user can't build or deploy a job when another can.
In this scheme, there is potentially a runner per-dev team that has the same exact IAM profile as the dev team.
This can be done using KIAM for EKS runners, or if you are doing docker runners, you can use the "GitLab HA Scaling Runner Vending Machine for AWS EC2 ASG" here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...
That last automation is designed to be self-service and can be setup in AWS Service Manager for teams to self-deploy their runners.
The many other benefits to this automation are enumerated here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...
aws
-
AWS EC2 as a gitlab-runner
You might want to consider using one of the easy-button templates in the GitLab HA Scaling Runner Vending Machine for AWS EC2 ASG project. Even for a single instance, it'll help you get the basics correct, including setting the concurrency to 1 if desired.
- Deploying to multiple aws accounts or environments
-
Setting up GitLab + AWS EKS for CI/CD - help/insight needed please
Please see https://gitlab.com/guided-explorations/aws/gitlab-runner-autoscaling-aws-asg/
-
Best way to host GL Runners on AWS
AWS GL Vending machine https://gitlab.com/guided-explorations/aws/gitlab-runner-autoscaling-aws-asg/ Pros: each team deploying their own runner quickly helps with cost allocation Cons: doesnt seem to be updated, tested heavily I dont see runner caching solutions
-
AWS Federation for Gitlab CI Jobs – Your Feedback Wanted
- New Working Example: https://gitlab.com/guided-explorations/aws/configure-openid-connect-in-aws
Huge thanks go out to Joe Randazzo, Brad Downey, Viktor Nagy and Krasimir Angelov for working the following issues and MRs to get this done:
-
AWS federation comes to GitHub Actions
There are a couple approaches. GitLab's JWT token allows custom scripting to interface it to other systems. This demo shows custom integration with Vault (it also demonstrates our native integration - so you have to parse out which code you are looking at): https://gitlab.com/bdowney/vault-demo
Another approach is placing a GitLab runner within AWS and assigning it an IAM role directly. While this isn't as flexible, it is also not as complex to debug why a specific user can't build or deploy a job when another can.
In this scheme, there is potentially a runner per-dev team that has the same exact IAM profile as the dev team.
This can be done using KIAM for EKS runners, or if you are doing docker runners, you can use the "GitLab HA Scaling Runner Vending Machine for AWS EC2 ASG" here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...
That last automation is designed to be self-service and can be setup in AWS Service Manager for teams to self-deploy their runners.
The many other benefits to this automation are enumerated here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...
What are some alternatives?
trackiam - A project to collate IAM actions, AWS APIs and managed policies from various public sources.
terraform-aws-gitlab-runner - Terraform module for AWS GitLab runners on ec2 (spot) instances