Skip to main content
Version: 1.1

Creating Robots for CI

You can create robots to automate deployments and other tasks in your CI system.

This topic illustrates an example of creating a robot and assigning it the cluster.deployment role. This lets the robot deploy applications in a specific namespace.

You can see details of these roles by running: wf get role ROLE-NAME -o yaml. Use the -t flag to specify a workspace other than your default workspace.

For more information, see wf get role.

Create a robot

To create a build robot/token for a workspace:

  1. In your workspace, navigate to Automation & Integrations > Robots.

  2. Click Create a new robot, fill in the Robot name and Robot description, and then click Next.

  3. If permission profiling is enabled, the Use permission profiling dialog appears:

    1. Select whether this robot is used for app deployments.
    2. If you selected Yes, select whether to switch on profiling for this robot.
    3. Click Next.

    For more detail, see Switch on profiling when creating a robot.

    If you switch on profiling, the robot is assigned the cluster.learn role, and you must select the cluster and namespace in the Set parameters dialog (Step 5 below). You will have a time window (default: 1 hour) to use the robot token in your CI system. During this time, the robot learns the specific permissions needed for the deployment.

  4. If you did not switch on profiling, click Select role for the role(s) you want to assign, and then click Next.

  5. In the Set parameters form select the parameters required by the role(s) you've assigned to this robot, and then click Next.

    If you click Next without selecting a role or permission profiling, you can save this robot, copy its environment variables, and assign the role(s) later using the CLI. See Assign roles to robots after creation.

    The next page displays this robot's environment variables.

  6. Click Copy to clipboard to copy the robot token and environment variables to use in CI, and then click Close.

    Note

    You will not be able to see or copy the environment variables once you click Close, but you can regenerate a robot token later. See Regenerate a robot token.

Create a robot - CLI method

note

Take a look at Using Permission Profiling for a more dynamic approach to robot permissions. For an example, see Switch on profiling when creating a robot.

To create a robot/token for a workspace:

  1. Run the command:

    wf create robot NAME

  2. Answer the prompts presented. See wf create robot for details.

note

See this example if you want to use permission profiling to allow the robot to learn the necessary permissions for an app deployment.

Regenerate a robot token

You may need to regenerate a robot token for an existing robot if you did not copy environment variables when creating that robot for CI.

To regenerate a robot token:

  1. In your workspace, navigate to Automation & Integrations > Robots, and find the robot you want a new token for.

  2. Click Regenerate token for this robot, and then confirm.

    If you have used the old token, for example in a CI system, you must replace all occurences of the old token with the new one.

CLI: wf create robot-token ROBOT-NAME --regenerate

Use the robot token and run the build in CI

For detailed information on adding environment variables in two popular CI systems, see:

To download and install the Wayfinder CLI, see Get the CLI.

Use the robot to access a cluster

You can exchange a robot token for a short-lived access token to access a cluster. To do this, you create a robot and assign it the cluster.deployment role, use the environment variables generated for the robot in your CI system, and then run wf kubeconfig as shown below.

# Create a robot and assign it the cluster.deployment role
$ wf create robot <NAME> ..

# Or if the robot already exists you can assign a role
$ wf assign role cluster.deployment --robot <NAME>

...
# Use the robot account in CI pipeline - assuming you have taken the WAYFINDER_TOKEN,
# WAYFINDER_SERVER and WAYFINDER_WORKSPACE environment variables from the robot. You can download the Wayfinder CLI from
# https://docs.appvia.io/wayfinder/releases or use docker image quay.io/wayfinder/cli:<VERSION>.
# Provision a kubeconfig configuration file to speak to the cluster.
$ wf kubeconfig --cluster <NAME>

# Run kubectl commands as needed for the cluster
$ kubectl [commands]

View or assign roles to robots

You can see all the robots for your workspace in the Robots page, and which roles they have been assigned.

View robot roles

To view robot roles in the UI:

  1. In your workspace, navigate to Automation & Integrations > Robots.

    The robots for your workspace are displayed. To see an assigned role's permissions, click the right arrow.

Assign roles to robots after creation

Currently, you must use the CLI to assign a role to a robot that was created but not assigned a role.

To assign a role to a robot after it's been created:

  1. In your workspace, navigate to Automation & Integrations > Robots, and then find the robot you want.
  2. Click Assign roles, select the role(s) you want to assign, and then click Next.
  3. Select the parameters associated with the role(s) you selected, and then click Save.

CLI: wf assign role