actions-hub / kubectl Goto Github PK
View Code? Open in Web Editor NEWGitHub Action for interacting with kubectl (k8s)
Home Page: https://github.com/marketplace/actions/kuberentes-k8s-cli-kubectl
License: MIT License
GitHub Action for interacting with kubectl (k8s)
Home Page: https://github.com/marketplace/actions/kuberentes-k8s-cli-kubectl
License: MIT License
I'm using the latest version and using KUBE_CONFIG way, but getting bellow error. Can somebody help me out here.
Unable to connect to the server: getting credentials: exec: executable aws not found
It looks like you are trying to use a client-go credential plugin that is not installed.
To learn more about this feature, consult the documentation available at:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
Here is how I'm using the action -
- name: Setup kubectl
uses: actions-hub/[email protected]
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
with:
args: get pods
I'd like to use this action in a workflow to test that manifests can be rendered.
kubectl kustomize
is a built-in that doesn't require connectivity to a cluster. I get the following error:
No authorization data found. Please provide KUBE_CONFIG or KUBE_HOST variables. Exiting...
Lines 35 to 38 in 4eb1c88
Hey everyone!
I was following the tutorial about self-hosted github runner for applying kubectl command and ran into this issue:
E1208 23:53:20.163003 7 memcache.go:265] couldn't get current server API group list: Get "https://127.0.0.1:6443/api?timeout=32s": dial tcp 127.0.0.1:6443: connect: connection refused
I provided base64 encoded .kube/config via secrets
github runner is hosted on the kubernetes control-plane (master) node, kubectl commands are working fine, when i run them from my ssh-terminal at that node, but when github runner does it into docker container, this issue occurs
Could someone please help me out on this?
I am trying to create job like this:
apply-resources:
runs-on: ubuntu-latest
environment: ${{ inputs.env }}
needs: apply-resources
steps:
- uses: actions-hub/kubectl@master
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
with:
args: apply -f src/k8s/services/my-service.yml
but getting error that file does not exist.
Is it possible to pass manifest file here somehow?
I will report an error when I pass multiple commands for the args parameter
It would be very convenient to have an option to specify the namespace (be it via env or with) instead of doing args: -n <some-namespace> get pods
Currently this action is useful for manipulative operations on a cluster, but not for read operations, since there is no way to receive the output of a command currently.
running CMD "cluster-info"
in the Dockerfile prevents users from using a namespace scoped service account without access to list services
in kube-system
.
Error from server (Forbidden): services is forbidden: User "system:serviceaccount:my-app:github-ci" cannot list resource "services" in API group "" in the namespace "kube-system"
Is there a reason cluster-info
is run? or it is just to log info in the github action logs?
It looks like you are trying to use a client-go credential plugin that is not installed.
To learn more about this feature, consult the documentation available at:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
The error doesn't occur when I use the same kubeconfig secret with azure/setup-kubectl@v3
and azure/k8s-set-context@v3
It would nice if there were a ignore_error
option that could be set to true
and default to false
.
Use case: I want to execute kubectl delete job <job-name>
and not fail if the job doesn't exist, so that in the next stage I can execute kubectl apply -f job.yaml
Here is my current workaround
- name: Delete Migration Job
if: ${{ contains(fromJSON('["prod"]'), matrix.env) }}
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
run: |
set -e
if [ ! -f "$HOME/.kube/config" ]; then
if [ ! -z "${KUBE_CONFIG}" ]; then
mkdir -p $HOME/.kube
echo "$KUBE_CONFIG" | base64 -d > $HOME/.kube/config
fi
fi
kubectl delete job accounts-migrate-database || true
- name: Run Database Migration Job
if: ${{ contains(fromJSON('["prod"]'), matrix.env) }}
uses: actions-hub/kubectl@master
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
with:
args: apply -f kube/job-db-migrate.yaml
I'm setting up my AWS credentials with aws-actions/configure-aws-credentials@v1 and using the aws-actions/amazon-ecr-login@v1 to log into AWS ECR and yet when I use the kubectl action it cant find aws-cli that was used in the previous step.
Got the following 2 errors
Warning: The `add-path` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
Unable to connect to the server: getting credentials: exec: exec: "aws": executable file not found in $PATH
I use the following commands to create kubeconfig file in Github Actions, not sure does it breaks anything
- name: Create kubeconfig
run: aws eks --region us-west-2 update-kubeconfig --name production-v1
- name: Setting KUBE_CONFIG environment variable
run: echo "KUBE_CONFIG=$(cat $HOME/.kube/config | base64 --wrap=0)" >> $GITHUB_ENV
Tried these:
- name: Annotate
uses: actions-hub/kubectl@master
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
with:
args: annotate deployment/thttpd kubernetes.io/change-cause="${{ github.event.head_commit.message }}"
got error:
error: all resources must be specified before annotation changes: commit messsage
BTW: {{github.event.head_commit.message}}
has an extra \n
.
- name: Annotate
uses: actions-hub/kubectl@master
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
COMMIT: ${{ github.event.head_commit.message }}
with:
args: annotate deployment/thttpd kubernetes.io/change-cause="${COMMIT}"
the above left these in rollout history:
REVISION CHANGE-CAUSE
1 <none>
2 <none>
3 <none>
4 <none>
5 ${COMMIT}
6 ${COMMIT}
7 ${COMMIT}
8 ${COMMIT}
9 ${COMMIT}
10 ${COMMIT}
11 ${COMMIT}
Hello there!
I’m trying to extract secret from k8s using this GH action, but the problem that I can not access the command output.
I checked the actions.yaml
there is an undocumented input redirect-to
which seems not working properly.
Here is the example:
steps:
- name: Get secrets
id: get-secret
uses: actions-hub/[email protected]
env:
KUBE_HOST: ${{ env.KUBE_HOST }}
KUBE_CERTIFICATE: ${{ env.KUBE_CERTIFICATE }}
KUBE_TOKEN: ${{ env.KUBE_TOKEN }}
with:
args: get secret ${{ inputs.secret-name }} -n ${{ inputs.namespace }} -o json
redirect-to: secret-content
- name: Print result
shell: bash
run: echo "${{ steps.get-secret.outputs.secret-content }}"
And that is debug output:
[GitHub Actions Debug Workflow/actions-debug] [DEBUG] expression 'echo "${{ steps.get-secret.outputs.secret-content }}"' rewritten to 'format('echo "{0}"', steps.get-secret.outputs.secret-content)'
[GitHub Actions Debug Workflow/actions-debug] [DEBUG] evaluating expression 'format('echo "{0}"', steps.get-secret.outputs.secret-content)'
[GitHub Actions Debug Workflow/actions-debug] [DEBUG] expression 'format('echo "{0}"', steps.get-secret.outputs.secret-content)' evaluated to '%!t(string=echo "")'
Executing github action locally with: https://github.com/nektos/act
tried to use this action , started with simple "get pods" command.
keep getting the above error and the following description:
Unable to connect to the server: getting credentials: exec: executable aws not found
It looks like you are trying to use a client-go credential plugin that is not installed.
To learn more about this feature, consult the documentation available at:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
this is my code:
- name: Rollout Changes In Kubernetes Cluster
if: ${{github.ref == 'refs/heads/master'}}
# Load the KubeConfigs from secrets and run the rollout command
uses: actions-hub/kubectl@master
env:
KUBE_CONFIG: ${{ secrets.AWS_KUBECONFIG}}
with:
args: get pods
running my action on ubuntu-latest.
the kubeconfig is base64 encoded , using it to connect to am AWS EKS cluster.
using the same config file on my computer works with no problem.
tried to change the command to aws2 (like seen in several posts) but that got me to the same place.
It would be nice if the images were published already, instead of building it in every Action where used. This will also spare build minutes.
I would suggest publishing it to ghcr.io and use that directly instead.
Would spare quite some time.
Thanks in advance. If you want, I would be happy to help with a pr for this.
The Error:
Run actions-hub/kubectl@master
/usr/bin/docker run --name****st.yaml
error: error loading config file "/github/home/.kube/config": yaml: invalid leading UTF-8 octet
The error comes from base64 -d
option
if [ ! -z "${KUBE_CONFIG}" ]; then
echo "$KUBE_CONFIG" | base64 -d > $HOME/.kube/config
if [ ! -z "${KUBE_CONTEXT}" ]; then
Hello Team,
When we are trying to deploy to Kubernetes which is hosted in our on prem server using your action template below is the errroe we are encountering: -
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Can you please help us with the resolution
Error:- docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
I am using self hosted runner running on kubernetes.
Github action config
name: Actions Runner Controller Demo
on:
workflow_dispatch:
jobs:
Explore-GitHub-Actions:
runs-on: arc-runner-set
steps:
- name: Check OS Version
run: |
lsb_release -a
shell: bash
- name: Install Docker
run: |
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install -y --no-install-recommends ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# Add the Docker repository to APT sources:
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
docker -v
shell: bash
- name: Install Node.js
run: |
# Install Node.js using NodeSource repository
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/nodesource-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/nodesource-archive-keyring.gpg] https://deb.nodesource.com/node_14.x $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/nodesource.list > /dev/null
sudo apt-get update
sudo apt-get install -y nodejs
node -v
npm -v
shell: bash
- name: Checkout Code
uses: actions/checkout@v2
- name: List Files
run: |
ls
docker -v
- uses: actions-hub/kubectl@master
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
with:
args: get pods
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.