Description
Applies a Kubernetes resource manifest to the specified cluster, supporting namespaced resources and optional OIDC authentication.
Input Schema
| Property | Type | Description | Required |
|---|---|---|---|
| token | string | An optional OIDC token that will be used to authenticate to the Kubernetes cluster | |
| manifest | string | The resource manifest to apply in the Platform cluster | |
| namespaced | boolean | Whether the API is namespaced or if its not | |
| clusterName | string | The name of the Kubernetes cluster to use (from app-config) |
Output Schema
No output schema defined for this action.
Usage Examples
Deploy a Deployment and Service to a dev cluster
Applies a namespaced Deployment and Service for a new microservice. Use after fetch:template has prepared your manifest values.
steps:
- id: apply-app
action: kube:apply
input:
clusterName: dev-eks
namespaced: true
manifest: |
apiVersion: v1
kind: Service
metadata:
name: ${{ parameters.serviceName }}
namespace: ${{ parameters.namespace }}
labels:
app.kubernetes.io/name: ${{ parameters.serviceName }}
app.kubernetes.io/part-of: ${{ parameters.system }}
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: ${{ parameters.serviceName }}
ports:
- name: http
port: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${{ parameters.serviceName }}
namespace: ${{ parameters.namespace }}
labels:
app.kubernetes.io/name: ${{ parameters.serviceName }}
app.kubernetes.io/part-of: ${{ parameters.system }}
spec:
replicas: ${{ parameters.replicas }}
selector:
matchLabels:
app.kubernetes.io/name: ${{ parameters.serviceName }}
template:
metadata:
labels:
app.kubernetes.io/name: ${{ parameters.serviceName }}
spec:
containers:
- name: app
image: ${{ parameters.image }}
ports:
- containerPort: 8080
env:
- name: ENV
value: devCreate a new Namespace in the default cluster
Creates a cluster scoped Namespace for a new project. Use this to bootstrap the Kubernetes namespace before deploying workloads.
steps:
- id: create-namespace
action: kube:apply
input:
namespaced: false
manifest: |
apiVersion: v1
kind: Namespace
metadata:
name: ${{ parameters.namespace }}
labels:
owner: ${{ parameters.owner }}
environment: ${{ parameters.environment }}Grant read access with a ClusterRoleBinding using OIDC
Applies a cluster scoped ClusterRoleBinding on a production cluster using an OIDC token for authentication. Use this to grant a group read access across the cluster.
steps:
- id: grant-read
action: kube:apply
input:
clusterName: prod-gke
token: ${{ parameters.oidcToken }}
namespaced: false
manifest: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ${{ parameters.team }}-read-access
subjects:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: ${{ parameters.oidcGroup }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: viewApply ConfigMap and Secret to staging
Applies namespaced configuration resources to the staging cluster. Use this to deliver app config and secrets alongside your deployment after fetch:template.
steps:
- id: apply-config
action: kube:apply
input:
clusterName: staging-aks
namespaced: true
manifest: |
apiVersion: v1
kind: ConfigMap
metadata:
name: ${{ parameters.serviceName }}-config
namespace: ${{ parameters.namespace }}
labels:
app.kubernetes.io/name: ${{ parameters.serviceName }}
data:
application.yaml: |
server:
port: 8080
featureFlag: ${{ parameters.featureFlag }}
---
apiVersion: v1
kind: Secret
metadata:
name: ${{ parameters.serviceName }}-secrets
namespace: ${{ parameters.namespace }}
type: Opaque
stringData:
DATABASE_URL: ${{ parameters.databaseUrl }}
API_KEY: ${{ parameters.apiKey }}Run a one off database migration Job with OIDC
Applies a namespaced Job to run a migration using an OIDC token on a tooling cluster. Use this to run post deployment migrations.
steps:
- id: run-migration
action: kube:apply
input:
clusterName: tools-k8s
token: ${{ parameters.oidcToken }}
namespaced: true
manifest: |
apiVersion: batch/v1
kind: Job
metadata:
name: ${{ parameters.serviceName }}-db-migrate
namespace: ${{ parameters.namespace }}
spec:
backoffLimit: 1
template:
spec:
restartPolicy: Never
containers:
- name: migrate
image: ${{ parameters.migrationImage }}
command: ["sh", "-c", "npm run migrate"]
env:
- name: DATABASE_URL
value: ${{ parameters.databaseUrl }}