I want to use github actions to deploy a kubernetes secret to my cluster but I want to leverage the secrets in github actions to store the secret value and inject into my manifest file. I'm new to github actions so not sure how it can be done
This is my github actions file
on:
push:
branches: ["main"]
workflow_dispatch:
env:
RESOURCE_GROUP: "rg"
CLUSTER_NAME: "cluster"
DEPLOYMENT_MANIFEST_PATH: "kustomize/overlay/uat"
jobs:
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Log in with Azure
uses: azure/login@v1
with:
creds: '${{ secrets.AZURE_CREDENTIALS_UAT }}'
# Use kubelogin to configure your kubeconfig for Azure auth
- name: Set up kubelogin for non-interactive login
uses: azure/use-kubelogin@v1
with:
kubelogin-version: 'v0.0.25'
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v3
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
admin: 'false'
use-kubelogin: 'true'
# Deploys application based on given manifest file
- name: Deploys application
uses: Azure/k8s-deploy@v4
with:
action: deploy
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
This is my manifest
apiVersion: v1
data:
api-key:
kind: Secret
metadata:
name: datadog-api-key
type: Opaque
I've created the secret in github as API_KEY_DEV_QA but unsure how to get github actions to inject that into the above yaml during the workflow.
If could use the yaml-update-action, as example, adding this step before the deploy:
- name: Update values.yaml
uses: fjogeleit/yaml-update-action@main
with:
valueFile: '<the-manifest-filename>'
propertyPath: data['api-key']
value: ${{ secrets. API_KEY_DEV_QA }}
commitChange: false
``
Tested here https://github.com/mbiagetti/github-action-poc/pull/3