Deployment Target

Is it possible to setup EC2 deployment targets per project / environment that then can deploy to EKS clusters?

For example say we have Project-A that we setup 1 EC2 deployment target in Development and have Octopus use that target to then deploy kubernetes steps into the Development EKS cluster? Then replicate that for Production where we have another EC2 deployment target that deploys those kubernetes steps into the Production cluster?

We want to follow least privilege access patterns for our workers / deployment targets. Currently we are using a pool of linux worker containers, however we have hundreds of different projects all needing potentially different IAM roles in different environments. We do not want to have a single IAM monolithic policy for the worker containers.

So we are wondering if its possible to setup a single EC2 deployment target per environment as needed for each project that then could execute the kubernetes deployment steps for that project or any other steps based on a custom instance profile for that projects needs.

Hey there @swalsh1!

Thanks for reaching out, I’d love to help you get this configured and ensure you’re able to have your deployments secured and following the principle of least privilege for access.

I have a few follow up questions to make sure I understand your current state and goal -

  1. You have 100’s of projects, and at least 2 environments (Development/Production, possibly some in between) - is this correct?
  2. You currently use Linux containers to deploy these projects into your EKS cluster - are these execution containers being utilized on a worker?
  3. Are your projects all deployed to a single EKS cluster, or are you using multiple clusters?
  4. When you say setup a single EC2 deployment target per environment as needed for each project - do you mean a single worker per environment(+per cluster, if using multiple) , or a worker per project+environment combo? Theoretically, you could do either, but the latter could be a few hundred workers, which is likely tough to manage :sweat_smile:

Look forward to hearing from you soon, we can definitely get you some resources to help get this sorted properly!