Authenticating

The Kubernetes integration relies on using kubectl's native authentication to connect to your cluster. You can use the $KUBECONFIG environment variable to find the location of the Kubernetes configuration file, and configure any credentials required.

You should perform any custom authentication as part of a before init hook to make sure that kubectl is configured correctly before any commands are run in after init and subsequent hooks.

The following sections provide examples of how to configure the integration manually, as well as using cloud provider-specific tooling.

Manual Configuration

Manual configuration allows you to connect to any Kubernetes cluster accessible by your Spacelift workers, regardless of whether your cluster is on-prem or hosted by a cloud provider. The Kubernetes integration automatically sets the $KUBECONFIG environment variable to point at /mnt/workspace/.kube/config, giving you a number of options:

• You can use a mounted file to mount a pre-prepared config file into your workspace at /mnt/workspace/.kube/config.
• You can use a before init hook to create a kubeconfig file, or to download it from a trusted location.

Please refer to the Kubernetes documentation for more information on configuring kubectl.

AWS

The simplest way to connect to an AWS EKS cluster is using the AWS CLI tool. To do this, add the following before init hook to your Stack:

aws eks update-kubeconfig --region $REGION_NAME --name $CLUSTER_NAME

Info

• The $REGION_NAME and $CLUSTER_NAME environment variables must be defined in your Stack's environment.
• This relies on either using the Spacelift AWS Integration, or ensuring that your workers have permission to access the EKS cluster.