|
2 | 2 |
|
3 | 3 | # Steps |
4 | 4 |
|
5 | | -1. Add secrets for the server address and JWT token |
| 5 | +1. Add secrets for the server address and JWT token, and other variables |
6 | 6 |
|
7 | 7 | - Note that generated JWT tokens are relatively short-lived, but you can extend their validity by passing `--duration=<timespan>` to `kubectl create token` |
8 | 8 | - e.g. `kubectl create-token remote-dev --duration=12h` for a token valid for 12 hours |
9 | 9 | - We probably don't want to use these in production, your kubernetes provider (e.g. EKS) may offer a better means of authentication |
10 | 10 |
|
11 | 11 | - On the webpage for your repo: |
12 | 12 | - Settings -> Secrets and Variables -> Actions -> New Repository Secret |
13 | | - - Set the name to `JWT_AUTH_TOKEN` |
| 13 | + - Set the name to `KUBE_JWT_AUTH_TOKEN` |
14 | 14 | - Set the value to the JWT token you generated |
15 | | - - Add another secret called `API_SERVER_ADDR` with the value of your public-facing API server address |
| 15 | + - Add another secret called `KUBE_API_SERVER_ADDR` with the value of your public-facing API server address |
16 | 16 |
|
17 | | -2. Access the secret in the action |
| 17 | + - We'll also add some variables for the cluster, remote username, and remote context |
| 18 | + - On the webpage for your repo: |
| 19 | + - Settings -> Secrets and Variables -> Actions -> Variables -> New Repository Variable |
| 20 | + - Add three variables with the names and values: |
| 21 | + - KUBE_REMOTE_CLUSTER = minikube |
| 22 | + - KUBE_REMOTE_USER = remote-dev |
| 23 | + - KUBE_REMOTE_CONTEXT = remote-context |
| 24 | + |
| 25 | +2. Access the secrets and variables in the action |
18 | 26 |
|
19 | | - - Github actions can access repository secrets using the syntax `${{ secrets.<secret> }}` |
| 27 | + - Github actions can access repository secrets using the syntax `${{ secrets.<secret> }}` and variables with `${{ vars.<variable> }}` |
20 | 28 | - We'll create a step in our action that sets the correct kubeconfig |
21 | 29 |
|
22 | 30 | ```yaml |
23 | 31 | # Other steps... # |
24 | 32 |
|
25 | 33 | - name: Set kubeconfig with kubectl |
26 | 34 | run: | |
27 | | - kubectl config set-cluster "minikube" --server "${{ secrets.API_SERVER_ADDR }}" |
28 | | - kubectl config set-credentials "remote-dev" --token "${{ secrets.JWT_AUTH_TOKEN }}" |
29 | | - kubectl config set-context "remote-context" --cluster "minikube" --user "remote-dev" |
30 | | - kubectl config use-context "remote-context" |
| 35 | + kubectl config set-cluster "${{ vars.KUBE_REMOTE_CLUSTER }}" --server "${{ secrets.KUBE_API_SERVER_ADDR }}" |
| 36 | + kubectl config set-credentials "${{ vars.KUBE_REMOTE_USER }}" --token "${{ secrets.KUBE_JWT_AUTH_TOKEN }}" |
| 37 | + kubectl config set-context "${{ vars.KUBE_REMOTE_CONTEXT }}" --cluster "${{ vars.KUBE_REMOTE_CLUSTER }}" --user "${{ vars.KUBE_REMOTE_USER }}" |
| 38 | + kubectl config use-context "${{ vars.KUBE_REMOTE_CONTEXT }}" |
31 | 39 |
|
32 | 40 | # kubectl command steps ... # |
33 | 41 | ``` |
34 | 42 |
|
| 43 | + - Using these variables and secrets makes it easier to update them in the future, without modifying the workflow file directly |
| 44 | + |
35 | 45 | 3. Create the full workflow |
36 | 46 |
|
37 | 47 | - So we need to: |
|
45 | 55 |
|
46 | 56 | name: Run kubectl against remote cluster |
47 | 57 | on: |
| 58 | + workflow_dispatch: # Allows manual start of workflows |
48 | 59 | push: |
49 | 60 | branches: |
50 | 61 | - "main" |
|
54 | 65 | steps: |
55 | 66 | - name: Install kubectl |
56 | 67 | run: | |
57 | | - mkdir $HOME/bin |
58 | | - curl -Lf 'https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl' -o $HOME/bin/kubectl |
| 68 | + mkdir "$HOME/bin" |
| 69 | + curl -Lf "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o "$HOME/bin/kubectl" |
59 | 70 | chmod +x $HOME/bin/kubectl |
60 | 71 | echo "$HOME/bin" >> $GITHUB_PATH |
61 | 72 |
|
|
67 | 78 |
|
68 | 79 | - name: Set kubeconfig with kubectl |
69 | 80 | run: | |
70 | | - kubectl config set-cluster "minikube" --server "${{ secrets.API_SERVER_ADDR }}" |
71 | | - kubectl config set-credentials "remote-dev" --token "${{ secrets.JWT_AUTH_TOKEN }}" |
72 | | - kubectl config set-context "remote-context" --cluster "minikube" --user "remote-dev" |
73 | | - kubectl config use-context "remote-context" |
| 81 | + kubectl config set-cluster "${{ vars.KUBE_REMOTE_CLUSTER }}" --server "${{ secrets.KUBE_API_SERVER_ADDR }}" |
| 82 | + kubectl config set-credentials "${{ vars.KUBE_REMOTE_USER }}" --token "${{ secrets.KUBE_JWT_AUTH_TOKEN }}" |
| 83 | + kubectl config set-context "${{ vars.KUBE_REMOTE_CONTEXT }}" --cluster "${{ vars.KUBE_REMOTE_CLUSTER }}" --user "${{ vars.KUBE_REMOTE_USER }}" |
| 84 | + kubectl config use-context "${{ vars.KUBE_REMOTE_CONTEXT }}" |
74 | 85 |
|
75 | 86 | - name: Run kubectl command against remote API |
76 | 87 | run: kubectl get namespaces |
|
83 | 94 | # previous setup steps # |
84 | 95 |
|
85 | 96 | - name: kubectl apply with a file |
86 | | - run: | |
87 | | - kubectl apply -f "${GITHUB_WORKSPACE}/manifests/nginx-test.yml" |
| 97 | + run: kubectl apply -f "${GITHUB_WORKSPACE}/manifests/nginx-test.yml" |
88 | 98 | ``` |
0 commit comments