GitHub Actions Certification
Continuous Deployment with GitHub Actions
Workflow Configuring Kubeconfig file
Enable seamless authentication between kubectl
and your Kubernetes cluster by injecting your Kubeconfig into a GitHub Actions workflow. This tutorial covers every step—from adding your Kubeconfig as a secret to verifying cluster connectivity.
1. Base Workflow: No Kubeconfig Context
Below is an example dev-deploy
job defined in .github/workflows/ci.yml
. It installs kubectl
but cannot fetch cluster data until a valid context is configured.
dev-deploy:
needs: docker
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install kubectl CLI
uses: azure/setup-kubectl@v3
with:
version: 'v1.26.0'
- name: Fetch Kubernetes cluster details
run: |
kubectl version --short
echo '---------------------------'
kubectl get nodes
2. Store Your Kubeconfig as a Secret
Copy the contents of your local Kubeconfig file. It typically includes your cluster endpoint, certificate data, and user credentials:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <base64-encoded-ca-cert>
server: https://your-cluster-endpoint:6443
name: your-cluster
contexts:
- context:
cluster: your-cluster
user: your-user
name: your-context
current-context: your-context
users:
- name: your-user
user:
client-certificate-data: <base64-encoded-client-cert>
client-key-data: <base64-encoded-client-key>
- In your GitHub repo, navigate to Settings > Secrets and variables > Actions.
- Click New repository secret.
- Name it
KUBECONFIG
and paste the full Kubeconfig content.
Warning
Never expose your Kubeconfig file in public repositories. Store it only as a GitHub Actions secret.
3. Choose the azure/k8s-set-context
Action
To apply your Kubeconfig in the workflow environment, use the azure/k8s-set-context action. It handles writing the secret to a file and switching the current Kubernetes context.
4. Update Your Workflow with the Kubeconfig Step
Integrate the context-setting action before any kubectl
commands:
dev-deploy:
needs: docker
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install kubectl CLI
uses: azure/setup-kubectl@v3
with:
version: 'v1.26.0'
- name: Configure kubeconfig context
uses: azure/k8s-set-context@v3
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Fetch Kubernetes cluster details
run: |
kubectl version --short
echo '---------------------------------'
kubectl get nodes
Note
The azure/k8s-set-context
action decodes your KUBECONFIG
secret, writes it to the runner’s file system, and then updates KUBECONFIG
environment variables automatically.
5. Verify the Workflow Run
After pushing the updated workflow, navigate to the Actions tab in GitHub. You should see:
…and the detailed dev-deploy
job steps:
You should now see both client and server versions of kubectl
as well as node details. This confirms your CI pipeline can authenticate to the Kubernetes cluster using the provided Kubeconfig.
References
- azure/setup-kubectl GitHub Action
- azure/k8s-set-context GitHub Action
- GitHub Actions: Creating and storing encrypted secrets
Watch Video
Watch video content