GitHub Action
Run Kubernetes Job
Run an arbitrary docker image as a job on a Kubernetes cluster and report the output to stdout.
For services/apps running on Kubernetes, the run-k8s-job
action allows you to define an arbitrary task as an explict step in a GitHub workflow, without having to deal with a lot of Kubernetes-specific details (you just need a Docker image). This can be useful for creating automated stage gates in a deployment pipeline, or kicking off any task that may be repeated based on the GitHub events that trigger workflows.
It's also not always entirely straightforward to get the output of a previously executed Kubernetes job. This action will grab job status and any logs and output them to the actions console.
Some example uses might be:
- smoke/integration tests against a live environment
- load tests
- dependency provisioning
- database migrations
- uses: penDerGraft/run-k8s-job
with:
kubeconfig-file: '${{ secrets.KUBECONFIG_FILE }}'
image: 'penDerGraft/integration-test-job'
To create a new job in a cluster, run-k8s-job
needs credentials to authenticate against the canonical cluster endpoint. This is the IP address of the Kubernetes server that handles API access for the cluster. There are two ways to provide credentials:
This is a base64 encoded version of the config file that is stored at $HOME/.kube/config
. If you can access your cluster with kubectl
this file should already have the necessary data for authentication.
These values are included in your kubeconfig file, but there may be cases when it's more straightforward to specifiy them directly. Note that you can omit the ca-file
if you set allow-insecure
to true, but this should only be used in testing situations, or when you know your connection to the cluster is secured in other ways.
kubeconfig-file
a base64 encoded kubeconfig file with credentials for the cluster. This file is saved to$HOME/.kube/config
by default. Get a base64 encoded string of the file by runningcat <path-to-file> | base64 --encode
where<path-to-file>
is the path to your kubeconfig file.cluster-url
the cluster endpoint for your Kubernetes cluster.cluster-token
the OAuth Bearer token for your Kubernetes cluster.image
the docker image to be run as a job. The image must be publically accessible.ca-file
the path to the root CA certificates (in PEM format) for establishing a TLS connection to the Kubernetes server. Note: the step will fail if a ca file is not provided and thedisable-tls
input is not explicitly set to false. It is highly recommended that a CA file be specified.job-name
prefix for the auto-generated job name in Kubernetes. Defaults to the name of the repo.namespace
the Kubernetes namespace where the job should run. Defaults todefault
allow-insecure
connect to the Kubernetes server insecurely (without verifying the certificate authority). Should only be used for testing purposes as it leaves the connection vulnerable to man-in-the-middle attacks.