GitHub Action
Kubernetes Deployment
k-deploy-action is a GitHub Action that can be used to build CI/CD pipeline to deploy an app to any Kubernetes Enviroment. Also supports Kustomization.
The action can be used as
- name: Kubernetes Deployment
uses: TanmoySG/[email protected]
with:
kubeconfig: path/to/kubeconfig
namespace: 'default'
manifest: path/to/resources/fileUsing Kustomization
- name: Kubernetes Deployment
uses: TanmoySG/[email protected]
with:
kubeconfig: path/to/kubeconfig
namespace: 'default'
kustomize: true
overlay: 'path-to/deploy/overlay/something'The Action can be configures using inputs
| Input Name | Required | Default | Description |
|---|---|---|---|
| kubeconfig | Yes | None | Path to Kubeconfig for the Kubernetes cluster. Default Context is used. |
| namespace | No | default |
Namespace to make the deployment in. Default: 'default' |
| mainifest | No, if using kustomize, otherwise Yes | None | Manifest File required for Deploying the Application with all configurations. Ref. |
| kustomize | No | false |
Boolean - true if using kustomize, else false |
| overlay | Yes, if using kustomize | None | Path to kustomization overlay |
Currently this action supports all resources defined in a single YML file. Multiple Resources File support will be added soon.
While using the k-deploy action it is important that the kubeconfig file is not added to the repository without properly securing it. No authentiation file like the kubeconfig or certificates should be added without encrypting them, or securing them in some other way. It is highly recommended that kubeconfigs and certs should NOT be added to the repository.
To tackle this, one may use one of the following ways to secure the things.
- Kubeconfig and Certs can be stored using GitHub Secrets. Add a step before using the
k-deploy-actionthat takes the secrets and creates the required files (kubeconfig and certs) in runtime of the workflow, and specify the path where the files were created in the k-deploy inputs.
- name: Generate Kubeconfig and Certs
run: |
echo ${{ secrets.KUBECONFIG }} > path/to/deploy.kubeconfig
echo ${{ secrets.CERTS }} > path/to/cert
- name: Kubernetes Deployment
uses: TanmoySG/[email protected]
with:
kubeconfig: path/to/deploy.kubeconfig
namespace: 'default'
manifest: path/to/resources/file
- name: Clean-Up
run: |
rm path/to/deploy.kubeconfig
rm path/to/cert- The Kubeconfigs and Certs can be encrypted and added to the repository. While during the workflow runtime, the encrypted files are decrypted using a key stored in GitHub Secrets and used in the k-deploy inputs. Keys for decryption can also be stored in some cloud Key Management Service.
- name: Decrypt Kubeconfigs and Certs
run: |
./decrypt kubeconfig.encrypted -k ${{ secret.DECRYPTION_KEY}} > path/to/deploy.kubeconfig
./decrypt certs.encrypted -k ${{ secret.DECRYPTION_KEY}} > path/to/cert
- name: Kubernetes Deployment
uses: TanmoySG/[email protected]
with:
kubeconfig: path/to/deploy.kubeconfig
namespace: 'default'
manifest: path/to/resources/file
- name: Clean-Up
run: |
rm path/to/deploy.kubeconfig
rm path/to/certTesting this action locally requires you to clone the repo and run the following commands.
# Installs the dependancies - kind, kubectl and act
make get-tools
# run the sample action - example/example-k-deploy.yml
make dry-run
# cleanup
make clean-upThe local testing depends on act, a tool to run GitHub Actions locally.
- Context Setting is not available so it picks up default context.
- Kubeconfig and certs should be in same directory for a certificate based authentication to work.
- Currently only a single resource file is supported.