Authenticating to Cloud Providers
Last updated
Last updated
Some features of Garden Cloud require you to configure authentication to your clusters or—more generally—to your providers. Specifically, features such as Automatic Environment Cleanup, Workflows, and One-click Preview environment require you to be able to connect to the infrastructure where the runners need to build, deploy, and test your code.
Below you'll find our preferred ways for authenticating in the scenarios described above.
Note: this authentication method is not supported in all features. Please take a look at the support table below.
To setup an Authentication Script, please navigate to your Project Settings and click the settings icon for the environment you'll want to deploy your environment to.
In the example below, we are setting up the authentication script for the preview
environment
Note: this authentication method is not supported in all features. Please take a look at the support table below.
If you want a bit more flexibility when defining which environment needs authentication and when you need to use the same script for different environments, we suggest using an Exec Provider and set it as a dependency for the providers that need to be authenticated.
In the example below we want to authenticate to our kubernetes cluster, using the script defined in initScript
.
You can read more about the exec
provider here.
Note: this authentication method is not supported in all features. Please take a look at the support table below.
Authentication varies greatly between different cloud providers, so we'd suggest you to always follow their specific docs in order to understand how to create accounts, credentials and how to authenticate to their services using those.
We have collected some common examples of an authentication script for connecting to AWS EKS and GCP GKE. Please bear in mind that your project and security configuration might be different and the script might need tweaking based on your specific conditions.
This assumes your credentials (aws_access_key_id
and aws_secret_access_key
) are stored as secrets in Garden Cloud under the keys AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
.
This assumes a GCP (service) account with access to your GKE cluster has been created, and the JSON credentials have been downloaded and stored in a secret in Garden Cloud called GCLOUD_JSON
.
https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
We are working on enabling all authentications method for all features but until then, this is an overview of the currently supported authentication method for each feature.
Environment Authentication Script | Exec Provider | Workflow Configuration | |
---|---|---|---|
Automatic Environment Cleanup | ✅ | ❌ | ❌ |
Workflows | ❌ | ✅ | ✅ |
One-click Preview Environments | ✅ | ✅ | ❌ |