Access Cloudfleet Kubernetes cluster from GitHub Actions

This guide explains how to securely access the Cloudfleet Kubernetes Engine (CFKE) API from continuous integration (CI) tools. It covers generating API credentials, storing them securely, and using them to interact with CFKE clusters.

Prepare API Key and Secret

To authenticate your CI platform with CFKE, you need an API key and secret. These credentials can be generated via the Cloudfleet Console or the Cloudfleet CLI. Refer to the API Tokens Documentation for detailed instructions.

  1. Access the Console: Navigate to the API Tokens Page.
  2. Generate a Token:
    • Click Create.
    • Provide a descriptive name for the token.
    • Assign a role. For CI/CD pipelines, use the Administrator role for comprehensive access. If reduced access is preferred, consult the “Use the token to access CFKE clusters” documentation.
  3. Save Token Details:
    • Click Save.
    • Record the token ID and secret immediately, as they won’t be viewable again.

GitHub Actions

To access CFKE clusters in GitHub Actions, you need to install and configure the Cloudfleet CLI using the API credentials in the pipeline.

The Cloudfleet CLI supports environment variable-based authentication, which simplifies CI/CD configuration. You need to configure the following in your GitHub repository:

  • Store the access token ID as a repository variable (e.g., CLOUDFLEET_ACCESS_TOKEN_ID).
  • Store the access token secret as a GitHub secret (e.g., CLOUDFLEET_ACCESS_TOKEN_SECRET).
  • Store your organization ID as a repository variable (e.g., CLOUDFLEET_ORGANIZATION_ID).
  • Store your cluster ID as a repository variable (e.g., CLOUDFLEET_CLUSTER_ID).

To set up secrets and variables, please see GitHub documentation: Store information in variables and Using secrets.

Below is an example workflow to deploy applications to a CFKE cluster:

name: Deploy to CFKE
on:
  push:
    branches: [ "main" ]

jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    permissions:
      contents: read
    env:
      CLOUDFLEET_ACCESS_TOKEN_ID: ${{ vars.CLOUDFLEET_ACCESS_TOKEN_ID }}
      CLOUDFLEET_ACCESS_TOKEN_SECRET: ${{ secrets.CLOUDFLEET_ACCESS_TOKEN_SECRET }}
      CLOUDFLEET_ORGANIZATION_ID: ${{ vars.CLOUDFLEET_ORGANIZATION_ID }}
    steps:
      - uses: actions/checkout@v4

      - name: Install Cloudfleet CLI
        env:
          NONINTERACTIVE: 1
        run: |
          curl -fsSL https://downloads.cloudfleet.ai/apt/pubkey.gpg | sudo tee /usr/share/keyrings/cloudfleet-archive-keyring.gpg >/dev/null
          echo "deb [signed-by=/usr/share/keyrings/cloudfleet-archive-keyring.gpg] https://downloads.cloudfleet.ai/apt stable main" | sudo tee /etc/apt/sources.list.d/cloudfleet.list
          sudo apt update
          sudo apt install cloudfleet          

      - name: Configure Kubeconfig
        run: cloudfleet clusters kubeconfig ${{ vars.CLOUDFLEET_CLUSTER_ID }}

      - uses: azure/setup-kubectl@v4
        name: Setup kubectl

      - run: kubectl cluster-info

When you run the workflow, the pipeline installs the Cloudfleet CLI and sets up the kubeconfig to access the CFKE cluster. The CLI automatically uses the environment variables for authentication, eliminating the need to explicitly configure a profile with cloudfleet auth add-profile. The pipeline then uses the kubectl command to display the cluster information.

You can adjust the pipeline according to your needs. For example, you can add more steps to deploy your application to the CFKE cluster using Helm, kubectl, or other deployment tools.

On this page