Automating Kubernetes Deployments with GitHub Actions

In today’s DevOps world, automation is key to faster and more reliable deployments. Instead of manually applying Kubernetes manifests, we can use GitHub Actions to trigger deployments automatically whenever we push code.

What We Built Today?

A complete GitHub Actions pipeline for Kubernetes deployments
End-to-end automation from code commit to deployment
Secure & efficient setup using GitHub Secrets

Key Challenges We Solved:

How to integrate GitHub Actions with Kubernetes?
Ensuring deployments are non-root and secure
Handling GitHub Secrets for secure kubeconfig access Kubernetes Deployment YAML

Here’s the Kubernetes deployment we used today:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      securityContext:
        runAsNonRoot: true
      containers:
        - name: myapp
          image: nginxinc/nginx-unprivileged:latest
          ports:
            - containerPort: 80
          securityContext:
            runAsNonRoot: true
            readOnlyRootFilesystem: true
          volumeMounts:
            - mountPath: /var/cache/nginx
              name: cache-volume
            - mountPath: /tmp
              name: tmp-volume
      volumes:
        - name: cache-volume
          emptyDir: {}
        - name: tmp-volume
          emptyDir: {}

Click Here to Copy YAML

Runs as a non-root user
Read-only root filesystem for security
Uses nginx-unprivileged for better compliance Setting Up GitHub Actions for Kubernetes

To automate deployment, we used this GitHub Actions workflow:

name: Deploy to Kubernetes

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v3

      - name: Set up kubectl
        uses: azure/setup-kubectl@v3
        with:
          version: latest

      - name: Configure Kubernetes Cluster
        run: |
          echo "${{ secrets.KUBECONFIG }}" | base64 --decode > kubeconfig
          export KUBECONFIG=kubeconfig

      - name: Deploy to Kubernetes
        run: kubectl apply -f deploy.yaml

Click Here to Copy YAML

What It Does?

Triggers on every git push to main
Sets up kubectl to interact with the cluster
Uses GitHub Secrets (KUBECONFIG) for secure authentication
Deploys the latest changes to Kubernetes automatically

Why This Matters?

No more manual deployments
Instant updates on every push
Security-first approach with GitHub Secrets

Do you automate your Kubernetes deployments? Let’s discuss best practices in the comments!

skills

AppArmor, ArgoCD, Audit Logs, Azure, Bash Scripting, Bitbucket, CI/CD Pipelines, Cilium, ConfigMaps, Containerd, Docker, Falco, Git, GitHub, GitLab, GitLab CI, GitHub Actions, Grafana, Helm, Image Policy Webhooks, Infisical, Kubernetes, Kubesec, Kustomize, Linkerd, Linux, Loki, Longhorn, MongoDB, Multitasking, Network Policies, OPA, Pod Security Standards, Problem Solving, Prometheus, Python, RBAC, Rook & Ceph, Runtime Classes, Seccomp, Secrets, Shell Scripting, System Analysis, System Monitoring, Tekton, Terraform, Trivy.

Blog Posts

Kubernetes: The Cornerstone of Modern Container Orchestration
Introduction In today’s fast-paced world of cloud-native technologies, Kubernetes has become synonymous with container orchestration. Initially developed by Google and now maintained by the Cloud Native Computing Foundation (CNCF), Kubernetes is an open-source platform designed to automate the deployment, scaling, … Continue reading "Kubernetes: The Cornerstone of Modern Container Orchestration"
Setting Up a Secure Multi-tenant Kubernetes Cluster in Minikube
Introduction In Kubernetes, multi-tenancy enables multiple teams or projects to share the same cluster while maintaining isolation and security. However, ensuring proper access control and preventing resource conflicts is a challenge. This guide walks you through setting up a secure … Continue reading "Setting Up a Secure Multi-tenant Kubernetes Cluster in Minikube"
Implementing Pod Security Standards in Kubernetes: A Practical Guide
Introduction Securing Kubernetes workloads is critical to prevent security breaches and container escapes. Kubernetes Pod Security Standards (PSS) provide a framework for defining and enforcing security settings for Pods at different levels—Privileged, Baseline, and Restricted. In this guide, you’ll learn … Continue reading "Implementing Pod Security Standards in Kubernetes: A Practical Guide"
Automating Container Security Scans with Trivy in GitHub Actions
Introduction Ensuring security in containerized applications is a critical aspect of modern DevOps workflows. To enhance security and streamline vulnerability detection, I integrated Trivy into my GitHub repository, enabling automated security scanning within the CI/CD pipeline. Objective To automate vulnerability … Continue reading "Automating Container Security Scans with Trivy in GitHub Actions"
Mastering Kubernetes Network Security with NetworkPolicies
Introduction Did you know? By default, every pod in Kubernetes can talk to any other pod—leading to unrestricted internal communication and potential security risks. This is a major concern in production environments where microservices demand strict access controls. So, how … Continue reading "Mastering Kubernetes Network Security with NetworkPolicies"

What We Built Today?

Key Challenges We Solved:

What It Does?

Why This Matters?

Share this:

Related

Leave a comment Cancel reply