Storing kubernetes secrets securely within GitHub Actions

We are currently implementing the use of github actions, with a focus on securely storing sensitive information like kubeconfig within github's secrets. A GitHub secret has been set up under the name KUBECONFIG1

Steps to Replicate

The GitHub secret should contain the file below, attempted to be converted to JSON using this tool: 

apiVersion: v1
kind: Config
clusters:
  - name: brf
    cluster:
      certificate-authority-data: >-
        LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTakNBd0t6RXBNQ2NHQTFVRUF4TWdkbWx5ZE2bUljTlRtakFWCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
      server: 'https://vfg.canary.k8s.ondemand.com'
users:
  - name: user1
    user:
      token: >-
        eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuW1lc3BhY2UiOiJnYXJkZW4tZGV2e
contexts:
  - name: g-root
    context:
      cluster: garv
      user: robot
      namespace: gking
current-context: gaot

Within the github actions workflow, we store the contents above with the name KUBECONFIG1 and utilize it to create a k8s secret.

name: Example action

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - uses: actions/checkout@v2
      - name: install k8s
        run: |
          curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE=777 sh -
          cat /etc/rancher/k3s/k3s.yaml
          mkdir -p ~/.kube
          cp /etc/rancher/k3s/k3s.yaml ~/.kube/config


     - run: 'echo -e "$KUBECONFIG1" > ~/.tmpfile.json'
        shell: bash
        env:
          KUBECONFIG1: ${{secrets.KUBECONFIG1}}
    
      - name: example 
        shell: bash
        run: |
          cd ~/
          kubectl create secret generic project-kubecfg --from-file=~/.tmpfile.json -n default

Upon running this workflow, the following error was encountered:

error: error loading config file "/home/runner/work/_temp/kubeconfig_1617030542039": couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct *** APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" ***
Error: Process completed with exit code 1.

An attempt was made to extract the file content and utilize

Considering our work with Golang, there is a possibility of taking the kubeconfig and utilizing it as a go template. It may also involve safeguarding the sensitive-data such as token and certificate-authority-data within github secrets, with an update of these values during the workflow execution. The exact process for achieving this remains unclear...

Final Objective The command below needs to function seamlessly in the workflow

kubectl create secret generic project-kubecfg --from-file=~/.tmpfile.json -n default

jsongogithubkubernetesgithub-actions

Answer №1

The problem lies within the following command:

kubectl create secret generic project-kubecfg --from-file=~/.tmpfile.json -n default

The issue arises because using ~ causes confusion with kubectl, as it does not expand to the home directory. To resolve this, simply modify the command as shown below:

kubectl create secret generic project-kubecfg --from-file=/home/runner/.tmpfile.json -n default

Alternatively, consider using a fixed path instead of relying on the home directory shortcut ~.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Using Custom GeoJSON Data with HighMaps Tutorial

Currently, I have created a custom .geo.json file from a county shapefile using ogr2ogr. My goal is to manually add values for each county. After studying a jsfiddle example (link provided), I'm unsure how to merge the two together. The specific line ...

jsonhighchartsgeojsonhighmaps

Tips for retaining deque data in Python

I am currently working on a Python project and have encountered the following line of code: user_last3[name].append(score) I am interested in saving this data to a database (using Python 3.x) so that I can manipulate previously saved data, add scores to ...

jsonpython-3.xpickledeque

Using PHP to insert nested JSON data into a MySQL database table

I'm currently facing a challenge where I need to insert nested JSON data obtained from the tmdb API into my mySQL database. Although I already know how to insert nested JSON, the new record I'm working with involves a many-to-many relationship b ...

phpmysqljsonpdo

Guide to converting a nested JSON object into a primitive type using the field of one of the nested objects

Consider the following JSON data: [{ "id": 123, "description": "test", "group": { "id": 456, "description": "org" } }] I am looking to deserialize the JObject into a C# object. Typically, I would approach it like this (whe ...

c#json

Combining two sets of C# objects represented as JSON into a hierarchical parent-child structure

Below is a JSON string that I need to work with: [ { "id": 1, "title": "Hello" }, { "id": 2, "title": "test" } ] [ { "id": 1, "parentId": 1, "prop1": "sdsdsdt", "prop1l": "3dsdsd", "v": "fsssd sd" }, ...

c#jsonlinqcollections

Guide on removing multiple JSON objects from a large JSON file

Hey there, I experimented with the code below to effectively delete an object from a JSON file: #!/usr/bin/python # Load the JSON module and use it to load your JSON file. # I'm assuming that the JSON file contains a list of objects. import json obj ...

pythonarraysjsoncoco

Mapping objects with nested objects using ObjectMapper

I'm facing an issue with mapping a JSON response that contains an array. The mapping process is throwing an error, and I need help on how to handle this type of JSON structure. { "total":10, "count":10, "start":0, " ...

javajsonobjectmapper

What could be causing the JSON output to appear in a disordered fashion?

I am attempting to retrieve weather information for 8 different locations. Utilizing a weather API that requires longitude and latitude, it returns JSON output with the weather data for each location. I provided the coordinates in sequential order from 0 t ...

javascriptjqueryajaxjsonsynchronization

Extract specific data from a challonge.com JSON file and store it in an ArrayList using the Gson library

I am trying to extract specific values from a JSON file obtained from challonge.com. The values I need are the "id" and "name". For more information, please refer to . Here is the code snippet I am currently using: HttpClient client = HttpClients.creat ...

javajsonarraylistnullpointerexceptiongson

Transform an HTML table string into JSON format

I discovered a useful library called table to JSON that allows me to convert an HTML Table to JSON using its ID (#testtable in the example below): var table = $('#testtable').tableToJSON(); alert(JSON.stringify(table)); However, I am interested ...

javascriptjqueryjsonhtml-table

Can you provide me with instructions on utilizing the Apache HttpClient library for sending a PATCH request containing JSON data?

How can I use Apache HTTP client v 4.3.4 to send JSON data to a URL using the PATCH method? Here's what I've tried: // Create the httpclient HttpClient httpclient = HttpClientBuilder.create().build(); // Prepare a request object HttpUriRequest ...

jsonhttpclientapache-httpcomponentshttp-patch

Having difficulty saving a tree as a JSON file for three.js framework

After using the sapling addon in Blender, I created a tree similar to the example shown here. I then exported it to json using three.js for display in WebGL. However, only the foliage of the tree is visible and the trunk and branches are missing. Upon ...

jsonthree.jsblender

Is there a recent problem with the flickrAPI where the photo description is showing as undefined

For the last couple of years, my two websites have been successfully populating galleries using a simple FlickrAPI call with JSON and jQuery. However, they recently encountered an error that caused gallery population to fail. I've narrowed down the i ...

jqueryjsonapiflickr

Unable to Access ReactJS Nested Property in JSON Data

While attempting to access a nested property in my JSON file loaded into the state, I encountered an issue. Despite confirming the existence of the property within the object through logging, when trying to navigate a level deeper using dot-notation, an er ...

jsonreactjs

Retrieve targeted information from the Coin Market Cap API by extracting specific data values using an array

I am looking to retrieve the symbol and other details using the "name" from my array. $.getJSON("//api.coinmarketcap.com/v1/ticker/?limit=0", function(data) { var crypto = [ "Ethereum", "Ripple", "Tron", ]; // used for arr ...

jqueryarraysjsonapiethereum

Retrieving the XML data instead of JSON from a RESTful API

I have been practicing with the REST API to enhance my skills in Groovy-REST. Currently, I am able to extract specific JSON data from the REST response using SOAP UI 5.0 and generate a simple output from it. Interestingly, SOAP UI also provides an XML ver ...

xmljsonrestsoapgroovy

Error: Property name in Ansible must be enclosed in double quotation marks

Task at hand involves reading the contents of a file and for each line in JSON format, executing a script. This part is functioning correctly. - name: create users script: cmd: myscript.sh "{{item}}" with_lines: "cat users-list" ...

jsonansible

Decoding GeoJSON: Extracting a feature from an array

I am currently working on a map project where I am drawing polygons with properties pulled from a JSON file. Each polygon is colored based on feature values in the JSON file. Here's an example of a feature in the JSON file: { "type": "Feature", " ...

javascriptjsonopenlayers-3geojson

Python Scrap Data Project

I attempted to extract data using Xpath, but unfortunately, it was unsuccessful. My aim is for the code to retrieve information from specific columns on the website "https://www.destatis.de/DE/Themen/Gesellschaft-Umwelt/Bevoelkerung/Geburten/Tabellen/leben ...

pythonjsonseleniummatplotlibtime

Steps to automatically return JSON in a Visual Studio web API1. Open your Visual Studio

After setting up a Web API project in Visual Studio 2013, I noticed that when I visit a sample restful URL in my browser, such as http://localhost/values/5, it returns XML. Is there a way to configure it so that it defaults to returning JSON instead of X ...

jsonvisual-studio-2013asp.net-web-apirestful-url