Skip to main content
In this post, we explore how to set up your Kubeconfig file in GitHub Action secrets — essential for automating deployments to Kubernetes clusters using GitHub Actions. People often use kubectl commands directly in GitHub Actions workflows for push-based deployment instead of GitOps tools like ArgoCD or FluxCD. To authenticate to a Kubernetes cluster, you need a Kubeconfig file. However, setting it up as a GitHub Actions secret can cause issues due to base64 encoding of multi-line strings.
1
Find your Kubeconfig file
2
The Kubeconfig file is usually located at ~/.kube/config on your local machine.
3
Here is an example of a Kubeconfig file:
4
apiVersion: v1
kind: Config
clusters:
  - name: production
    cluster:
      server: https://<cluster-ip>:<port>
      certificate-authority: |
        <base64-encoded-ca-certificate>
contexts:
  - name: prod@production
    context:
      cluster: production
      user: prod
users:
  - name: prod
    user:
      token: |
        <access-token>
5
The | character on the certificate-authority and token lines indicates a multi-line string. When base64 encodes the file, it converts newline characters to \n, which breaks the Kubeconfig when decoded. You must fix this before storing the file as a secret.
6
Fix the Kubeconfig file
7
Convert the multi-line strings to either single-line or strip-version (|-) format:
8
Single-line strings
apiVersion: v1
kind: Config
clusters:
  - name: production
    cluster:
      server: https://<cluster-ip>:<port>
      certificate-authority: <base64-encoded-ca-certificate>
contexts:
  - name: prod@production
    context:
      cluster: production
      user: prod
users:
  - name: prod
    user:
      token: <access-token>
Stripping version (|-)
apiVersion: v1
kind: Config
clusters:
  - name: production
    cluster:
      server: https://<cluster-ip>:<port>
      certificate-authority: |-
        <base64-encoded-ca-certificate>
contexts:
  - name: prod@production
    context:
      cluster: production
      user: prod
users:
  - name: prod
    user:
      token: |-
        <access-token>
9
When using single-line strings, make sure to replace all newline characters with no spaces in between for the base64-encoded-ca-certificate and access-token values.
10
Copy the fixed Kubeconfig content to GitHub Secrets
11
Copy the content of the fixed Kubeconfig file and add it as a secret in your GitHub repository under Settings > Secrets and variables > Actions.

Build docs developers (and LLMs) love

Get started for freeTalk to us