CI/CD Pipeline Integration with EKS (GitHub Actions)
CI/CD Pipeline Integration with EKS (GitHub Actions)
In modern software development, speed is everything. The code written by the developer must reach the live environment on Amazon EKS within minutes and without manual intervention, passing through tests. This process is called CI/CD (Continuous Integration / Continuous Deployment). We will explain how to integrate EKS with GitHub Actions, one of the most popular CI tools.
Pipeline Steps
An EKS deployment pipeline typically consists of the following steps:
- Checkout: Pulling the code from GitHub.
- Configure AWS Credentials: Authorizing the GitHub runner to access your AWS account (Use OIDC, not Access Key!).
- Login to ECR: Logging into Amazon ECR to push the Docker image.
- Build & Push: Building the Docker image and pushing it to ECR.
- Update Kubeconfig: Updating the config file so the
kubectlcommand can talk to EKS. - Deploy: Updating the application with
kubectl applyorhelm upgrade.
Secure Connection with GitHub OIDC
Giving AWS Access Key and Secret Key to GitHub Actions is a security risk. Use OpenID Connect (OIDC) instead. By creating an "Identity Provider" in AWS IAM, you can grant temporary permission only to requests coming from your GitHub repo.
Example Workflow File (.github/workflows/deploy.yml)
name: Deploy to EKS
on:
push:
branches: [ main ]
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::123456789012:role/GitHubActionRole
aws-region: eu-central-1
- run: |
aws eks update-kubeconfig --name my-cluster
kubectl set image deployment/my-app my-app=123456789012.dkr.ecr.eu-central-1.amazonaws.com/my-app:${{ github.sha }}
This simple pipeline updates your application on EKS after every commit.