Authenticating to your Providers
Some features of Garden Cloud require you to configure authentication to your clusters orโmore generallyโto your providers. Specifically, features such as Automatic Environment Cleanup, Workflows, and One-click Preview environment require you to be able to connect to the infrastructure where the runners need to build, deploy, and test your code.
Below you'll find our preferred ways for authenticating in the scenarios described above.
Authenticating via Environment Authentication Script
Note: this authentication method is not supported in all features. Please take a look at the support table below.
To setup an Authentication Script, please navigate to your Project Settings and click the settings icon for the environment you'll want to deploy your environment to.
Authenticating via Exec Provider
Note: this authentication method is not supported in all features. Please take a look at the support table below.
If you want a bit more flexibility when defining which environment needs authentication and when you need to use the same script for different environments, we suggest using an Exec Provider and set it as a dependency for the providers that need to be authenticated.
In the example below we want to authenticate to our kubernetes cluster, using the script defined in initScript
.
You can read more about the exec
provider here.
Authenticating via script field of the Workflow Configuration
Note: this authentication method is not supported in all features. Please take a look at the support table below.
Examples of authentication scripts
Authentication varies greatly between different cloud providers, so we'd suggest you to always follow their specific docs in order to understand how to create accounts, credentials and how to authenticate to their services using those.
We have collected some common examples of an authentication script for connecting to AWS EKS and GCP GKE. Please bear in mind that your project and security configuration might be different and the script might need tweaking based on your specific conditions.
AWS EKS
This assumes your credentials (aws_access_key_id
and aws_secret_access_key
) are stored as secrets in Garden Cloud under the keys AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
.
GCP GKE
This assumes a GCP (service) account with access to your GKE cluster has been created, and the JSON credentials have been downloaded and stored in a secret in Garden Cloud called GCLOUD_JSON
.
https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
Table of supported features vs authentication methods
We are working on enabling all authentications method for all features but until then, this is an overview of the currently supported authentication method for each feature.
Environment Authentication Script | Exec Provider | Workflow Configuration | |
---|---|---|---|
Automatic Environment Cleanup | โ | โ | โ |
Workflows | โ | โ | โ |
One-click Preview Environments | โ | โ | โ |
Last updated