Skip to main contentIBM Cloud Patterns

Cross Account Pipelines with IBM Cloud Toolchain

Cross Account Pipelines with IBM Cloud Toolchain

Overview

The toolchain brings together many resources. A git repo, the Docker Registry, a Kubernetes Cluster and the toolchain itself.

Everything created in the environment setup so far was done using a single IAM role, in a single resource group, in a single IBM Cloud Account.

CICD All Access

A powerful way to organize access is to put different IBM Cloud Resources into different Resource Groups.

CICD Namespaces

For admin level or a higher level of isolation, it is common to put a production cluster in a different IBM Cloud Account from all other environments.

CICD Namespaces

Setting up access to production kubernetes cluster

  • Login into a second IBM Cloud Account, this will be “Production”. You will need to configure and create a k8s cluster by following these instructions. As a quick reference you can run the following command to create a cluster on VPC Gen 2.
$ ibmcloud ks cluster create vpc-gen2 --flavor FLAVOR --name NAME --subnet-id ID --vpc-id ID --zone ZONE
  • Create an API Key to access your cluster
$ ibmcloud iam api-key-create kubernetes-key
Creating API key kubernetes-key under e65910fa61ce9072d64902d03f3d4774 as John.Zaccone@ibm.com...
OK
API key kubernetes-key was created
Please preserve the API key! It cannot be retrieved after it's created.
ID ApiKey-0159e477-07d7-409d-ac84-c366528b6c65
Name kubernetes-key
  • Log into the first account. This will be our “Tools” environment, where our pipeline lives, and where we will use the key to our Kubernetes cluster.

  • Find the DevOps page from the upper-left handside menu. Open the Toolchain you created earlier

  • Next to the Deploy, click the Configure icon

Configure Deploy Stage

  • Change the API Key to the value you generated for your production cluster

Configure Deploy Stage

  • Save the values and rerun the Deploy stage to see the app deployed to your production cluster in your other account.