Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
build-and-deploy-docker-image-aks-using-manifests.yml Update build-and-deploy-docker-image-aks-using-manifests.yml Nov 18, 2019
build-and-deploy-docker-image-to-aks-using-helm.yml Update build-and-deploy-docker-image-to-aks-using-helm.yml Nov 18, 2019

Deploy to Kubernetes using GitHub Actions

We have released multiple actions to help you connect to a Kubernetes cluster running on-premises or on any cloud (including Azure Kubernetes Service – AKS), bake and deploy manifests, substitute artifacts, check rollout status, and handle secrets within the cluster.

  • Kubectl tool installer(azure/setup-kubectl): Installs a specific version of kubectl on the runner.
  • Kubernetes set context(azure/k8s-set-context): Used for setting the target Kubernetes cluster context which will be used by other actions or run any kubectl commands.
  • AKS set context(azure/aks-set-context): Used for setting the target Azure Kubernetes Service cluster context .
  • Kubernetes create secret(azure/k8s-create-secret): Create a generic secret or docker-registry secret in the Kubernetes cluster.
  • Kubernetes deploy(azure/ k8s-deploy): Use this to bake and deploy manifests to Kubernetes clusters.
  • Setup Helm(azure/setup-helm): Install a specific version of Helm binary on the runner.
  • Kubernetes bake(azure/k8s-bake): Use this action to bake manifest file to be used for deployments using helm2, kustomize or kompose.

Action Samples for deploying to to Kubernetes

Refer to starter templates to easily get started:

The workflows contain primarily the below sections:

Section Actions
Authentication Login to a private container registry (ACR)
Build Build & push the container image
Deploy Set the target cluster context ; Create a generic/docker-registry secret in Kubernetes cluster ; Deploy to the Kubernetes cluster

Build & Push container images

For containerized apps (single- or multi-containers) to create a complete workflow

  • use Docker login(azure/docker-login) for authentication And then run docker commands to build container images, push to the container registry (Docker Hub or Azure Container Registry) and then deploy the images to a Azure Web App or Azure Function for Containers, or to Kubernetes.

Deploy to Azure Kubernetes Service (AKS)

To deploy to a cluster on Azure Kubernetes Service, you could use azure/aks-set-context to communicate with the AKS cluster using Azure credentials, and then use azure/k8s-create-secret to create a pull image secret and finally use the azure/k8s-deploy to deploy the manifest files.

Configure Azure credentials:

To fetch the credentials required to authenticate with Azure, run the following command:

az ad sp create-for-rbac --name "myApp" --role contributor \
                            --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
  # Replace {subscription-id}, {resource-group} with the subscription, resource group details

  # The command should output a JSON object similar to this:

    "clientId": "<GUID>",
    "clientSecret": "<GUID>",
    "subscriptionId": "<GUID>",
    "tenantId": "<GUID>",

Add the json output as a secret (let's say with the name AZURE_CREDENTIALS) in the GitHub repository.

Deploy to any Kubernetes cluster (On-Prem/ Any cloud)

To connect to a cluster on any Kubernetes cluster, you could use azure/k8s-set-context; and then use azure/k8s-create-secret or azure/k8s-deploy, or run any kubectl commands.

Use secret ( in workflow for kubeconfig or k8s-values.

PS: kubeconfig takes precedence (i.e. kubeconfig would be created using the value supplied in kubeconfig)

Steps to get Kubeconfig of a K8s cluster:


az aks get-credentials --name

Refer to

For any K8s cluster

Please refer to

Steps to get Service account:

k8s-url: Run in your local shell to get server K8s URL

kubectl config view --minify -o jsonpath={.clusters[0].cluster.server}

k8s-secret: Run following sequential commands to get the secret value:

Get service account secret names by running

kubectl get sa <service-account-name> -n <namespace> -o=jsonpath={.secrets[*].name}

Use the output of the above command

kubectl get secret <service-account-secret-name> -n <namespace> -o json

Using secret for Kubeconfig or Service Account

Now add the values as a secret in the GitHub repository. In the example below the secret name is KUBE_CONFIG and it can be used in the workflow by using the following syntax:

 - uses: azure/k8s-set-context@v1
        kubeconfig: ${{ secrets.KUBE_CONFIG }}
You can’t perform that action at this time.