Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,448 questions
Kubernetes and GitHub Action Workflow
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 18%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sebastian Pacheco
286
Reputation points
Hello everyone, I have the following query... I have a workflow in GitHub Action where I perform an upload to the Azure Container Registry and then a deployment to the Kubernetes cluster, but in the deployment step the workflow is waiting for an intervention manual: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code FIWCPT2UA to authenticate. deployment.apps/xxxxxxxxx configured
To make it automatic, what should I do? Kubernetes: 1.24.6 Workflow:
......
Deploy_Nurseviewtest:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [Build_and_Push_Image, CreateSecret]
steps:
- uses: actions/checkout@master
# Set the target AKS clusterr
- name: Azure login
id: login
uses: azure/login@v1.4.6
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set AKS context
id: set-context
uses: azure/aks-set-context@v3
with:
resource-group: '${{ env.RESOURCE_GROUP_AKS }}'
cluster-name: '${{ env.CLUSTER_NAME }}'
- name: Setup kubectl
id: install-kubectl
uses: azure/setup-kubectl@v3
- uses: azure/use-kubelogin@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
kubelogin-version: 'latest'
- name: Deploys application
id: deploy-aks
uses: Azure/k8s-deploy@v4
with:
action: deploy
strategy: basic
namespace: ${{ env.NAMESPACE }}
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
images: |
${{ secrets.ACR_SERVER }}/${{ env.CONTAINER_NAME }}:${{ github.sha }}
pull-images: false
In the next section, I don't really have that secret on github, I'm not 100% sure what it's for or if something should be added:
- uses: azure/use-kubelogin@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
kubelogin-version: 'latest'
I think I should configure kubernetes non-interactive so that it doesn't ask for web code, but I'm not really sure how to do it without this being a security risk.
Azure Kubernetes Service
{count} votes
-
Cristian Gatjens 716 Reputation points Microsoft Employee2023-04-04T16:41:34.3+00:00 Hi Sebastian, What type of authentication are you using for your AKS cluster? Are you using RBAC with AAD enabled? If so, something similar to below external articles can help: https://github.com/Azure/kubelogin/issues/20 https://stackoverflow.com/questions/54004007/azure-devop-pipelines-authentication-to-aks-with-azure-ad-rbac-configured And the kubelogin documentation for interactive and non-interactive methods: https://github.com/Azure/kubelogin Let us know if any questions.
-
vipullag-MSFT 26,487 Reputation points Moderator2023-04-10T08:53:49.79+00:00 Hello Sebastian Pacheco
Just checking in to see if you got a chance to see previous response. Let us know if any questions.
Sign in to comment
Sign in to answer