Create Kubernetes Target Command

Kubernetes

Command: New-OctopusKubernetesTarget

ParameterCloud ProviderValue
-nameName for the Octopus deployment target.
-clusterUrlThe Kubernetes cluster URL. This must be a complete URL such as https://mycluster.org.
-octopusServerCertificateIdOrNameThe name of the Octopus certificate to use as the cluster CA.
-octopusRolesComma separated list of target tags to assign.
-octopusAccountIdOrNameAzure, AWS, GCEThe name of the Octopus account used for authentication with the cluster. This or the -octopusClientCertificateIdOrName option must be defined.
-octopusClientCertificateIdOrNameThe name of the Octopus certificate used for authentication with the cluster. This or the -octopusAccountIdOrName option must be defined.
-clusterResourceGroupWhen using an Azure account, this defines the name of the resource group that holds the AKS cluster.
-clusterAdminLoginAzureSet to $True when building an AKS target to use the admin login.
-clusterNameAzure, AWSWhen using a AWS or Azure account, this defines the name of the EKS or AKS cluster.
-namespaceThe default kubectl namespace.
-updateIfExistingWill update an existing Kubernetes target with the same name, create if it doesn’t exist.
-skipTlsVerificationThe server’s certificate will not be checked for validity. This will make your HTTPS connections insecure.
-octopusDefaultWorkerPoolIdOrNameName or Id of the Worker Pool for the deployment target to use. (Optional). Added in 2020.6.
-healthCheckContainerImageFeedIdOrNameName or Id of the feed that contains the health check container image. Added in 2021.2.
-healthCheckContainerImageThe name of the health check container image. Added in 2021.2.
-clusterProjectGCEThe ID of the GCE project containing the GKE cluster to connect to.
-clusterRegionGCEThe name of the GKE cluster region (for regional clusters).
-clusterZoneGCEThe name of the GKE cluster zone (for zonal clusters).
-clusterImpersonateServiceAccountGCESet to $True to impersonate service accounts when defining a GKE cluster.
-clusterServiceAccountEmailsGCEDefines the service account emails to assume when defining a GKE cluster.
-clusterUseVmServiceAccountGCESet to $True to use the service account assigned to the virtual machine hosting the GKE target worker.
-awsUseWorkerCredentialsAWSWill create a Kubernetes Target configured to authenticate to AWS using Worker Credentials. -octopusAccountIdOrName option must not be defined.
-awsAssumeRoleArnAWSAdds an IAM Role to AWS Credentials. Can only be used with an AWS Account in -octopusAccountIdOrName or with -awsUseWorkerCredentials.
-awsAssumeRoleSessionAWSAdds a Session Name to the IAM Role configuration. Can only be used when -awsAssumeRoleArn is used.
-awsAssumeRoleSessionDurationSecondsAWSAdds a Session Duration in Seconds to the IAM Role Configuration. Can only be used when -awsAssumeRoleArn is used.
-awsAssumeRoleExternalIdAWSAdds an External Id to the IAM Role Configuration. Can only be used when -awsAssumeRoleArn is used.

Examples

Create a target with a username/password or token account.

New-OctopusKubernetesTarget `
    -name "The name of the target" `
    -clusterUrl "https://k8scluster" `
    -octopusRoles "The target tag" `
    -octopusAccountIdOrName "The name of an account" `
    -namespace "kubernetes-namespace" `
    -updateIfExisting `
    -skipTlsVerification True

When creating a target with a client certificate, the name of the certificate is required.

New-OctopusKubernetesTarget `
    -name "The name of the target" `
    -clusterUrl "https://k8scluster" `
    -octopusRoles "The target tag" `
    -octopusClientCertificateIdOrName "The name of a certificate" `
    -namespace "kubernetes-namespace" `
    -updateIfExisting `
    -skipTlsVerification True

When creating a target using an Azure account, the cluster URL and certificates are not required. The Azure resource group and AKS name are required.

New-OctopusKubernetesTarget `
    -name "The name of the target" `
    -octopusRoles "The target tag" `
    -octopusAccountIdOrName "The name of an azure account" `
    -clusterResourceGroup "AzureResourceGroupName" `
    -clusterName "AzureAKSClusterName" `
    -namespace "kubernetes-namespace" `
    -updateIfExisting `
    -skipTlsVerification True

When creating a target using an AWS account with optional IAM Role, the EKS cluster name is required.

Note: When using an IAM Role, Session, Session Duration and External ID are not required if the default is preferred.

New-OctopusKubernetesTarget `
    -name "The name of the target" `
    -octopusRoles "The target tag" `
    -clusterUrl "https://k8scluster" `
    -octopusAccountIdOrName "The name of an aws account" `
    -clusterName "AwsEKSClusterName" `
    -namespace "kubernetes-namespace" `
    -updateIfExisting `
    -skipTlsVerification True `
    -awsAssumeRoleArn "MyIamRoleArnHere"`
    -awsAssumeRoleSession "MySessionNameHere"`
    -awsAssumeRoleSessionDurationSeconds 1200`
    -awsAssumeRoleExternalId "MyExternalIdHere"

When creating a target using AWS Worker Credentials, use the -awsUseWorkerCredentials option. The IAM Role options in the example above can also be used.

Note: In this case, no -octopusAccountIdOrName is required.

New-OctopusKubernetesTarget `
    -name "The name of the target" `
    -octopusRoles "The target tag" `
    -clusterUrl "https://k8scluster" `
    -clusterName "AwsEKSClusterName" `
    -namespace "kubernetes-namespace" `
    -updateIfExisting `
    -skipTlsVerification True `
    -awsUseWorkerCredentials

When creating a GKE target, the GCE project, region or zone, and cluster names are required:

New-OctopusKubernetesTarget `
    -name dynamicGKE `
    -octopusRoles gke `
    -environment Development `
    -octopusAccountIdOrName Google `
    -clusterProject kubernetes-demo-198002 `
    -clusterRegion australia-southeast1 `
    -clusterName mattc-test `
    -updateIfExisting

If your process creates dynamic deployment targets from a script, and then deploys to those targets in a subsequent step, make sure you add a full health check step for the role of the newly created targets after the step that creates and registers the targets.

This allows Octopus to ensure the new targets are ready for deployment by staging packages required by subsequent steps that perform the deployment.

Help us continuously improve

Please let us know if you have any feedback about this page.

Send feedback

Page updated on Thursday, June 27, 2024