Search code examples
kubernetesgithubgithub-actionsbuilding-github-actions

How do I pass a Github secret into kubernetes yaml files using github actions workflow


I want to use github actions to deploy a kubernetes secret to my cluster but I want to leverage the secrets in github actions to store the secret value and inject into my manifest file. I'm new to github actions so not sure how it can be done

This is my github actions file


on:
  push:
    branches: ["main"]
  workflow_dispatch:

env:
  RESOURCE_GROUP: "rg"
  CLUSTER_NAME: "cluster"
  DEPLOYMENT_MANIFEST_PATH: "kustomize/overlay/uat"

jobs:
  deploy:
    permissions:
      actions: read
      contents: read
      id-token: write
    runs-on: ubuntu-latest
    steps:
      # Checks out the repository this file is in
      - uses: actions/checkout@v3

      # Logs in with your Azure credentials
      - name: Log in with Azure
        uses: azure/login@v1
        with:
          creds: '${{ secrets.AZURE_CREDENTIALS_UAT }}'

      # Use kubelogin to configure your kubeconfig for Azure auth
      - name: Set up kubelogin for non-interactive login
        uses: azure/use-kubelogin@v1
        with:
          kubelogin-version: 'v0.0.25'

      # Retrieves your Azure Kubernetes Service cluster's kubeconfig file
      - name: Get K8s context
        uses: azure/aks-set-context@v3
        with:
          resource-group: ${{ env.RESOURCE_GROUP }}
          cluster-name: ${{ env.CLUSTER_NAME }}
          admin: 'false'
          use-kubelogin: 'true'

      # Deploys application based on given manifest file
      - name: Deploys application
        uses: Azure/k8s-deploy@v4
        with:
          action: deploy
          manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }} 

This is my manifest


apiVersion: v1
data:
  api-key: 
kind: Secret
metadata:
  name: datadog-api-key
type: Opaque

I've created the secret in github as API_KEY_DEV_QA but unsure how to get github actions to inject that into the above yaml during the workflow.


Solution

  • If could use the yaml-update-action, as example, adding this step before the deploy:

          - name: Update values.yaml
            uses: fjogeleit/yaml-update-action@main
            with:
              valueFile: '<the-manifest-filename>'
              propertyPath: data['api-key']
              value: ${{ secrets. API_KEY_DEV_QA }}
              commitChange: false
    ``
    
    Tested here https://github.com/mbiagetti/github-action-poc/pull/3