Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
oracle-actions

GitHub Action

Configure Kubectl for Oracle Container Engine for Kubernetes (OKE)

v1.0

Configure Kubectl for Oracle Container Engine for Kubernetes (OKE)

oracle-actions

Configure Kubectl for Oracle Container Engine for Kubernetes (OKE)

Install and configure Kubectl for a specific Oracle Container Engine for Kubernetes (OKE) cluster

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Configure Kubectl for Oracle Container Engine for Kubernetes (OKE)

              
  uses: oracle-actions/configure-kubectl-oke@v1.0
Learn more about this action in oracle-actions/configure-kubectl-oke

Choose a version

Configure kubectl for Oracle Container Engine for Kubernetes

Use this GitHub Action to install and configure kubectl to connect to the specified Oracle Container Engine for Kubernetes (OKE) cluster.

Prerequisites

The target OKE cluster must have a public Kubernetes API Endpoint in order for the GitHub Action to successfully connect to the cluster.

The following OCI CLI environment variables must be defined for at least the configure-kubectl-oke task:

  • OCI_CLI_USER
  • OCI_CLI_TENANCY
  • OCI_CLI_FINGERPRINT
  • OCI_CLI_KEY_CONTENT
  • OCI_CLI_REGION

We recommend using GitHub Secrets to store these values. Defining your environment variables at the job or workflow level would allow multiple tasks/jobs to reduce duplication.

Inputs

  • cluster: (Required) The OCID of the OKE cluster to configure

Sample workflow steps

jobs:
  install-kubectl:
    runs-on: ubuntu
    name: Install Kubectl for OKE
    env:
      OCI_CLI_USER: ${{ secrets.OCI_CLI_USER }}
      OCI_CLI_TENANCY: ${{ secrets.OCI_CLI_TENANCY }}
      OCI_CLI_FINGERPRINT: ${{ secrets.OCI_CLI_FINGERPRINT }}
      OCI_CLI_KEY_CONTENT: ${{ secrets.OCI_CLI_KEY_CONTENT }}
      OCI_CLI_REGION: ${{ secrets.OCI_CLI_REGION }}

    steps:
      - name: Configure Kubectl
        uses: oracle-actions/configure-kubectl-oke@v1
        id: test-configure-kubectl-oke-action
        with:
          cluster: ${{ secrets.OKE_CLUSTER }}

      - name: Run Kubectl
        run: kubectl get nodes -A

Security recommendations

The Oracle Cloud Infrastructure Security Guide details our recommended best practices for securing user authentication which include:

  • creating a dedicated service user account specifically for GitHub Actions;
  • assigning that service account a unique and complex password;
  • rotating the API signing key pair used by the service account every 90 days; and
  • using GitHub encrypted secrets to store credentials.

Tip: if you create these secrets in your organization, you can limited which repositories have access to these secrets while also avoiding duplicating the credentials in multiple repositories.

Contributing

We welcome contributions from the community. Please review our contribution guide, then start a discussion or open an issue and let us know what you'd like to contribute.

Security

Please consult the security guide for our responsible security vulnerability disclosure process.

License

Copyright (c) 2021 Oracle and/or its affiliates.

Released under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl/.