Using OIDC to securely deploy to any cloud
In this recipe, we will set up our Kubernetes cluster in Azure, and we will configure OIDC in Azure to deploy to the cluster without using stored secrets.
Getting ready…
Make sure you have a PAT with at least read access to packages.
If you are experienced in Azure and you have the Azure CLI (https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) installed locally, then you can work from there. If you are new to Azure or you don’t have the CLI installed, just use Azure Cloud Shell at https://shell.azure.com.
Set the PAT token as an environment variable:
$ export GHCR_PAT=<YOUR_PAT_TOKEN>
The token will be used by Kubernetes to read from the GitHub Package Registry. Open the script setup-azure.sh and adjust the location variable at the top of the file to the Azure region of your choice. You can get a list of regions using az account list-locations -o table. Commit and push your changes...
