fix: Add IRSA cross-account deployment guide

KubeRocketCI · Mar 7, 2025 · c6263c9 · c6263c9
1 parent 707721b
commit c6263c9
Show file tree

Hide file tree

Showing 13 changed files with 808 additions and 3 deletions.
diff --git a/docs/operator-guide/cd/deploy-application-in-remote-cluster-via-irsa.md b/docs/operator-guide/cd/deploy-application-in-remote-cluster-via-irsa.md
@@ -28,9 +28,9 @@ To start using this approach, you need to have OIDC (OpenID Connect) already con
 Cross-account interaction is performed through IRSA with a two-tiered IAM role setup:
 
 - In AWS Account A, the EKS cluster runs a kuberocketci cd-pipeline-operator with service account.
-- This service account obtains temporary credentials through IRSA, which are associated with the AWSIRSA_\{cluster_name\}_CDPipelineOperator role.
-- AWSIRSA_\{cluster_name\}_CDPipelineOperator can then assume the AWSIRSA_\{cluster_name\}_CDPipelineAgent role in AWS Account B.
-- AWSIRSA_\{cluster_name\}_CDPipelineAgent configures the environment (Stage) by creating namespaces, generating service accounts, copying secrets, and preparing for deployment.
+- This service account obtains temporary credentials through IRSA, which are associated with the `AWSIRSA_\{cluster_name\}_CDPipelineOperator` role.
+- `AWSIRSA_\{cluster_name\}_CDPipelineOperator` can then assume the `AWSIRSA_\{cluster_name\}_CDPipelineAgent` role in AWS Account B.
+- `AWSIRSA_\{cluster_name\}_CDPipelineAgent` configures the environment (Stage) by creating namespaces, generating service accounts, copying secrets, and preparing for deployment.
 
 ### Required IAM Roles, and polices for KRCI
 

diff --git a/versioned_docs/version-3.10/assets/drawio-diagrams/cluster-irsa-argocd-acess-model.drawio b/versioned_docs/version-3.10/assets/drawio-diagrams/cluster-irsa-argocd-acess-model.drawio
diff --git a/...uide/deploy-application-in-remote-cluster-via-irsa/cluster-irsa-add-cluster.png b/...uide/deploy-application-in-remote-cluster-via-irsa/cluster-irsa-add-cluster.png
diff --git a/...ploy-application-in-remote-cluster-via-irsa/cluster-irsa-argocd-acess-model.jpg b/...ploy-application-in-remote-cluster-via-irsa/cluster-irsa-argocd-acess-model.jpg
diff --git a/...de/deploy-application-in-remote-cluster-via-irsa/cluster-irsa-argocd-status.png b/...de/deploy-application-in-remote-cluster-via-irsa/cluster-irsa-argocd-status.png
diff --git a/...oy-application-in-remote-cluster-via-irsa/cluster-irsa-configmap-edp-config.png b/...oy-application-in-remote-cluster-via-irsa/cluster-irsa-configmap-edp-config.png
diff --git a/...-application-in-remote-cluster-via-irsa/cluster-irsa-create-deployment-flow.png b/...-application-in-remote-cluster-via-irsa/cluster-irsa-create-deployment-flow.png
diff --git a/...cation-in-remote-cluster-via-irsa/cluster-irsa-deployed-application-summary.png b/...cation-in-remote-cluster-via-irsa/cluster-irsa-deployed-application-summary.png
diff --git a/.../deploy-application-in-remote-cluster-via-irsa/cluster-irsa-deployment-flow.png b/.../deploy-application-in-remote-cluster-via-irsa/cluster-irsa-deployment-flow.png
diff --git a/...oy-application-in-remote-cluster-via-irsa/cluster-irsa-environment-overview.png b/...oy-application-in-remote-cluster-via-irsa/cluster-irsa-environment-overview.png
diff --git a/...plication-in-remote-cluster-via-irsa/cluster-irsa-krci-deployed-application.png b/...plication-in-remote-cluster-via-irsa/cluster-irsa-krci-deployed-application.png
diff --git a/...e/deploy-application-in-remote-cluster-via-irsa/cluster-irsa-select-cluster.png b/...e/deploy-application-in-remote-cluster-via-irsa/cluster-irsa-select-cluster.png