[Request] Add support for kubeconfig files in github workspace

[jhoward321]

If I have a kube config in my github workspace, I would love to be able to use it instead of using a value from secrets that is static. My usecase is that I dynamically retrieve my kubeconfig from digital ocean using doctl and store it in the github workspace.

This code has an example of what I am talking about, and the current workaround I'm using. I would rather use your action!

[steebchen]

Sounds like a good addition, however I'm pretty swamped right now and personally I don't need it. However, if you or someone else can send a PR, I will happily review and merge it.

[VJGediya]

Hi Steeb, Thanks for your github action, this is what I was looking for. Still I'm facing an issue while executing it.. I'm trying to build the pipeline - GitHub -> Docker Hub -> IBM Cloud Kubernetes. I'm new at this Github action. Well my issue is; on set image step github is throwing an error "Docker run failed with exit code 2" and "sh: 1: Bad substitution"... I'm not sure how to resolve this issue.. I've created secrets KUBE_CONFIG_DATA as you mentioned in steps.. and added value by cat $KUBECONFIG | base64

secrets.DOCKER_REPO = vjgediya/nodedemoapp

Can you please help me with that as soon as possible?

Thanks.

[steebchen]

@VJGediya Can you try reading the value of the kube config data, but instead put the value (already base64 encoded) into a GitHub Actions secret using the repo settings? Also, can you make sure your line in "set image" works; ${GITHUB_SHA::8} seems like bash and may not be supported in sh/posix.

[VJGediya]

Well I’ve already encoded the value of KUBECONFIG and set that into secret.. I’ve encoded using; cat $KUBECONFIG | base64

And to answer your second question, ${GITHUB_SHA::8} does work as I am using it to tag docker image and it’s successfully gives output as first 8 character of commit.

run: docker build -t ${{ secrets.DOCKER_REPO }}:${GITHUB_SHA::8} .

I’m not sure why is it still not working.. I’ve been stuck at this step for 3 days.. it’s so annoying 😣

[steebchen]

Uff, though... Can you try hardcoding the ${GITHUB_SHA::8} part temporarily? Also, maybe try quoting the DOCKER_REPO secret, i.e. set image --record deployment/demo-nodeapp nodeapp="${{ secrets.DOCKER_REPO }}":"${GITHUB_SHA::8}"

[steebchen]

Ahhh wait, did you maybe forget to supply DOCKER_REPO in the env config?

Here, you just declare KUBE_CONFIG_DATA, but not DOCKER_REPO

[VJGediya]

Oh mann!!! So this is this works? Like I have to declare each secrets as env variables? Like; env: KUBE_CONFIG...... DOCKER_REPO: ${{secrets. DOCKER_REPO}}

And then I can use the arg? i.e. set image --record deployment/demo-nodeapp nodeapp=$DOCKER_REPO:"${GITHUB_SHA::8}"

[steebchen]

Yep, all secrets you have defined in your repo secrets you have to declare in each action explicitly if you want to use them EDIT: actually probably not true unless you really want to use them as an env var. sorry

[VJGediya]

Oh man...🤦🏻‍♂️ You gave me hope man.. I’ll try that and let you know what happens.. You’re legend man.. Thank you so much for quick replies. Appreciate it.

[VJGediya]

Well now I'm facing this issue.. :( I don't know where I'm wrong...

[VJGediya]

As I've understood till now that It's trying to read the CA certificate which is defined in KUBECONFIG file under cluster section -> certificate-autho and server's value... But somehow it can't reach or find the file.. I'm not sure why?

[hazcod]

@steebchen : or would it be possible to provide the path to the KUBECONFIG file? At the moment passing the value into env KUBECONFIG (not out of secrets) is a security vulnerability since it shows up in the Action logs which are public..

[steebchen]

Maybe you can just try setting --kubeconfig=.... by yourself in the command? If that doesn't work and you need the functionality in this repository feel free to send a PR and I'll merge it.