I need to deploy multiple (> 2 dozen) applications into distinct namespaces from GitLab. Unfortunately, Gitlab's old instance-wide Kubernetes integration has long been deprecated, and the new agent system requires setting up and configuring a separate agent per project which is infeasible at my scale.
My first attempt was to use Kubernetes CertificateSigningRequests to create client certificates, but that failed because for some reason Kubernetes would not issue them despite being approved.
So, I tried deploying with kubectl directly - that works, but it seems like all guides I found simply say to use your existing AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY credentials in the CI pipeline. This however is just plain bad because I don't want to leak my credentials all over Gitlab.
So, what is the current best practice to do deployments to an EKS cluster that at least somehow scale?
