GitHub Action
Configure Kubectl for Oracle Container Engine for Kubernetes (OKE)
Use this GitHub Action to install and configure kubectl
to connect to
the specified Oracle Container Engine for Kubernetes (OKE) cluster.
The target OKE cluster must have a public Kubernetes API Endpoint in order for the GitHub Action to successfully connect to the cluster.
The following OCI CLI environment variables must be defined for at least
the configure-kubectl-oke
task:
OCI_CLI_USER
OCI_CLI_TENANCY
OCI_CLI_FINGERPRINT
OCI_CLI_KEY_CONTENT
OCI_CLI_REGION
We recommend using GitHub Secrets to store these values. Defining your environment variables at the job or workflow level would allow multiple tasks/jobs to reduce duplication.
cluster
: (Required) The OCID of the OKE cluster to configure
jobs:
install-kubectl:
runs-on: ubuntu
name: Install Kubectl for OKE
env:
OCI_CLI_USER: ${{ secrets.OCI_CLI_USER }}
OCI_CLI_TENANCY: ${{ secrets.OCI_CLI_TENANCY }}
OCI_CLI_FINGERPRINT: ${{ secrets.OCI_CLI_FINGERPRINT }}
OCI_CLI_KEY_CONTENT: ${{ secrets.OCI_CLI_KEY_CONTENT }}
OCI_CLI_REGION: ${{ secrets.OCI_CLI_REGION }}
steps:
- name: Configure Kubectl
uses: oracle-actions/configure-kubectl-oke@v1
id: test-configure-kubectl-oke-action
with:
cluster: ${{ secrets.OKE_CLUSTER }}
- name: Run Kubectl
run: kubectl get nodes -A
The Oracle Cloud Infrastructure Security Guide details our recommended best practices for securing user authentication which include:
- creating a dedicated service user account specifically for GitHub Actions;
- assigning that service account a unique and complex password;
- rotating the API signing key pair used by the service account every 90 days; and
- using GitHub encrypted secrets to store credentials.
Tip: if you create these secrets in your organization, you can limited which repositories have access to these secrets while also avoiding duplicating the credentials in multiple repositories.
We welcome contributions from the community. Please review our contribution guide, then start a discussion or open an issue and let us know what you'd like to contribute.
Please consult the security guide for our responsible security vulnerability disclosure process.
Copyright (c) 2021 Oracle and/or its affiliates.
Released under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl/.