Setup Kubeconfig File in GitHub Action Secrets

Learn how to set up your Kubeconfig file in GitHub Action secrets for seamless Kubernetes deployments.

karchunt

Kar Chun Tan

Creator

Metadata

Tue Sep 16 2025

2 min read

392 words

GitHub ActionsKubernetesDevOps

Introduction

More Information

https://github.com/kubernetes/kubernetes/issues/53661

In this blog post, we will explore how to set up your Kubeconfig file in GitHub Action secrets. This is essential for automating deployments to Kubernetes clusters using GitHub Actions.

Normally, people would use kubectl commands directly in their GitHub Actions workflows instead of using GitOps tools like ArgoCD or FluxCD. This is called push-based deployment.

When using kubectl commands, you need to authenticate to your Kubernetes cluster. The most common way to do this is by using a Kubeconfig file. But, when you try to setup Kubeconfig file in GitHub Action secrets, you might encounter some issues due to the base64 encoding issue.

Steps to Set Up Kubeconfig File in GitHub Action Secrets

Find your Kubeconfig file

The Kubeconfig file is usually located at ~/.kube/config on your local machine.

Here is an example of a Kubeconfig file:

~/.kube/config
apiVersion: v1
kind: Config
clusters:
  - name: production
    cluster:
      server: https://<cluster-ip>:<port>
      certificate-authority: |
        <base64-encoded-ca-certificate>
contexts:
  - name: prod@production
    context:
      cluster: production
      user: prod
users:
  - name: prod
    user:
      token: |
        <access-token>

Take a look at line 7 and 17. These two lines contain the | character, which indicates that the following lines are part of a multi-line string. This will cause issues as base64 encoding will convert the new line characters into \n, which will break the Kubeconfig file when it is decoded.

To avoid this issue, we need to convert the multi-line strings into single-line strings or use stripping version |-.

Fix Kubeconfig file

Here is the fixed version of the Kubeconfig file:

Make sure to replace all the new line characters with no spaces in between for the base64-encoded-ca-certificate and access-token values.

~/.kube/config
apiVersion: v1
kind: Config
clusters:
  - name: production
    cluster:
      server: https://<cluster-ip>:<port>
      certificate-authority: <base64-encoded-ca-certificate>
contexts:
  - name: prod@production
    context:
      cluster: production
      user: prod
users:
  - name: prod
    user:
      token: <access-token>
~/.kube/config
apiVersion: v1
kind: Config
clusters:
  - name: production
    cluster:
      server: https://<cluster-ip>:<port>
      certificate-authority: |-
        <base64-encoded-ca-certificate>
contexts:
  - name: prod@production
    context:
      cluster: production
      user: prod
users:
  - name: prod
    user:
      token: |-
        <access-token>

Copy the fixed Kubeconfig file content

Now, you can copy the content of the fixed kubeconfig file to the GitHub Action secrets.