Access Cloudfleet Kubernetes cluster from GitHub Actions

This guide explains how to securely access the Cloudfleet Kubernetes Engine (CFKE) API from continuous integration (CI) tools. It covers generating API credentials, storing them securely, and using them to interact with CFKE clusters.

Prepare API Key and Secret

To authenticate your CI platform with CFKE, you need an API key and secret. These credentials can be generated via the Cloudfleet Console or the Cloudfleet CLI. Refer to the API Tokens Documentation for detailed instructions.

  1. Access the Console: Navigate to the API Tokens Page.
  2. Generate a Token:
    • Click Create.
    • Provide a descriptive name for the token.
    • Assign a role. For CI/CD pipelines, use the Administrator role for comprehensive access. If reduced access is preferred, consult the “Use the token to access CFKE clusters” documentation.
  3. Save Token Details:
    • Click Save.
    • Record the token ID and secret immediately, as they won’t be viewable again.

GitHub Actions

To access CFKE clusters in GitHub Actions, you need to install and configure the Cloudfleet CLI using the API credentials in the pipeline.

  • Store the API key as an environment variable (e.g., CLOUDFLEET_API_KEY).
  • Store your organization ID (e.g., CLOUDFLEET_ORGANIZATION_ID) and cluster ID (e.g., CLOUDFLEET_CLUSTER_ID) as environment variables
  • Store the API secret as a GitHub secret (e.g., CLOUDFLEET_API_SECRET).

To set up secrets and variables, please see GitHub documentation: Store information in variables and Using secrets.

Below is an example workflow to deploy applications to a CFKE cluster:

name: Deploy to CFKE
on:
    push:
        branches: [ "main" ]

jobs:
    deploy:
        name: Deploy
        runs-on: ubuntu-latest
        permissions:
            contents: read

        steps:
            - name: Install Cloudfleet CLI
              env:
                NONINTERACTIVE: 1
              run: |
                curl -fsSL https://downloads.cloudfleet.ai/apt/pubkey.gpg | tee /usr/share/keyrings/cloudfleet-archive-keyring.gpg >/dev/null
                echo "deb [signed-by=/usr/share/keyrings/cloudfleet-archive-keyring.gpg] https://downloads.cloudfleet.ai/apt stable main" | sudo tee /etc/apt/sources.list.d/cloudfleet.list
                sudo apt update
                sudo apt install cloudfleet                

            - name: Configure Cloudfleet CLI
              run: cloudfleet auth add-profile token default ${{ vars.CLOUDFLEET_ORGANIZATION_ID }} ${{ vars.CLOUDFLEET_API_KEY }} ${{ secrets.CLOUDFLEET_API_SECRET }}

            - name: Configure Kubeconfig
              run: cloudfleet clusters kubeconfig ${{ vars.CLOUDFLEET_CLUSTER_ID }}

            - uses: azure/setup-kubectl@v4
              name: Setup kubectl

            - run: kubectl cluster-info

When you run the workflow, the pipeline installs the Cloudfleet CLI, configures the CLI with the API credentials, and sets up the kubeconfig to access the CFKE cluster. The pipeline then uses the kubectl command to display the cluster information.

You can adjust the pipeline according to your needs. For example, you can add more steps to clone the repo in the action and deploy your application to the CFKE cluster using the manifests in the repository.

Next
How to expose Kubernetes services to the public using DNS Load Balancing →
On this page