This GitHub Action allows you to install and upgrade Helm Charts in Amazon EKS clusters, including private EKS clusters and private Helm repositories. Version 2.0.0 introduces comprehensive support for enterprise-grade private infrastructure with enhanced security and reliability features.
โจ Features
- ๐ Private EKS Cluster Support - Full support for private EKS clusters with proper network connectivity validation
- ๐ข Private Helm Repository Support - Authenticate and deploy from private Helm registries
- ๐ก๏ธ Enhanced Security - Improved authentication mechanisms and credential handling
- โก Configurable Versions - Choose specific kubectl and Helm versions
- ๐ Debug Mode - Comprehensive logging and troubleshooting capabilities
- โฑ๏ธ Timeout Control - Configurable timeouts for operations
- ๐งช Dry Run Mode - Test configurations without making actual changes
- ๐ฅ Health Checks - Built-in container health verification
๐ Quick Start
Basic Usage (Public EKS)
steps:
- name: Setup AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: $
aws-secret-access-key: $
aws-region: us-west-2
- name: Deploy to EKS
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: my-eks-cluster
region: us-west-2
args: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm upgrade --install my-app bitnami/nginx --namespace default
Private EKS Cluster
steps:
- name: Setup AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: $
aws-secret-access-key: $
aws-region: us-west-2
- name: Deploy to Private EKS
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: my-private-eks
region: us-west-2
private-cluster: true
timeout: 600
debug: true
args: |
helm upgrade --install my-app ./charts/my-app --namespace production --create-namespace
Private Helm Repository
steps:
- name: Setup AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: $
aws-secret-access-key: $
aws-region: us-west-2
- name: Deploy from Private Registry
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: my-eks-cluster
region: us-west-2
helm-registry-url: https://my-company-helm-registry.com/charts
helm-registry-username: $
helm-registry-password: $
args: |
helm repo update
helm upgrade --install my-private-app private-registry/my-app --namespace production
๐ Inputs
| Parameter | Description | Required | Default |
|---|---|---|---|
args |
Commands to execute for Helm operations | โ | - |
cluster-name |
EKS cluster name | โ | From env CLUSTER_NAME |
region |
AWS region where EKS cluster is located | โ | From env REGION_CODE |
private-cluster |
Set to true for private EKS clusters |
โ | false |
helm-registry-url |
Private Helm registry URL | โ | - |
helm-registry-username |
Username for private Helm registry | โ | - |
helm-registry-password |
Password for private Helm registry | โ | - |
helm-registry-insecure |
Allow insecure registry connections | โ | false |
kubectl-version |
Specific kubectl version to use | โ | 1.28.4 |
helm-version |
Specific Helm version to use | โ | 3.13.3 |
timeout |
Operation timeout in seconds | โ | 300 |
debug |
Enable debug logging | โ | false |
kubeconfig-path |
Custom kubeconfig file path | โ | /opt/kubernetes/config |
dry-run |
Show commands without executing | โ | false |
๐ Private EKS Clusters
When working with private EKS clusters, ensure your GitHub runner environment meets these requirements:
Network Requirements
- Self-hosted Runners: Deploy runners in the same VPC as your private EKS cluster
- VPC Endpoints: Configure VPC endpoints for AWS services if needed:
com.amazonaws.region.ekscom.amazonaws.region.stscom.amazonaws.region.s3(if using S3-based Helm repos)
- Security Groups: Ensure runners can reach:
- EKS API endpoint (port 443)
- Private Helm registries (typically port 443)
Example with VPC Configuration
# For self-hosted runners in private subnets
steps:
- name: Deploy to Private EKS
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: $
region: us-west-2
private-cluster: true
timeout: 900 # Increased timeout for private networks
debug: true # Enable for troubleshooting
args: |
# Verify connectivity first
kubectl cluster-info
helm list --all-namespaces
# Deploy application
helm upgrade --install my-app ./charts/my-app \
--namespace production \
--create-namespace \
--wait \
--timeout 10m
๐ข Private Helm Registries
Supported Registry Types
- Harbor: Private container and Helm registry
- Nexus Repository: Sonatype Nexus with Helm support
- Artifactory: JFrog Artifactory with Helm repositories
- AWS ECR: Amazon Elastic Container Registry (OCI format)
- Azure Container Registry: Microsoft ACR with Helm support
- Custom Registries: Any Helm-compatible private registry
Authentication Examples
Basic Authentication
with:
helm-registry-url: https://harbor.company.com/chartrepo/project
helm-registry-username: $
helm-registry-password: $
AWS ECR (OCI Format)
steps:
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v1
- name: Deploy from ECR
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: my-cluster
region: us-west-2
args: |
helm upgrade --install my-app oci://123456789012.dkr.ecr.us-west-2.amazonaws.com/my-charts/my-app \
--version 1.0.0 \
--namespace production
๐ ๏ธ Advanced Usage
Multiple Helm Repositories
with:
args: |
# Add multiple repositories
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add stable https://charts.helm.sh/stable
helm repo add private-registry https://registry.company.com/helm --username $HELM_USER --password $HELM_PASS
# Update all repositories
helm repo update
# Deploy from different repos
helm upgrade --install redis bitnami/redis --namespace cache --create-namespace
helm upgrade --install app private-registry/my-app --namespace production --create-namespace
Helm Values and Configurations
with:
args: |
# Deploy with custom values
helm upgrade --install my-app bitnami/nginx \
--namespace production \
--create-namespace \
--values values.yaml \
--set replicaCount=3 \
--set image.tag=latest \
--wait \
--timeout 10m
# Verify deployment
kubectl get pods -n production
helm status my-app -n production
Debug and Troubleshooting
with:
debug: true
timeout: 900
args: |
# Enable Helm debug mode
export HELM_DEBUG=true
# Check cluster connectivity
kubectl cluster-info dump --output-directory=/tmp/cluster-info
# List existing releases
helm list --all-namespaces
# Deploy with verbose output
helm upgrade --install my-app ./charts/my-app \
--namespace production \
--create-namespace \
--debug \
--dry-run
๐งช Testing and Validation
Dry Run Mode
with:
dry-run: true
args: |
helm upgrade --install my-app bitnami/nginx --namespace test --dry-run
Connectivity Testing
with:
debug: true
args: |
# Test cluster access
kubectl auth can-i '*' '*' --all-namespaces
# Test Helm functionality
helm version
helm repo list
# Validate charts
helm lint ./charts/my-app
helm template my-app ./charts/my-app --validate
๐ง Troubleshooting
Common Issues
Private EKS Connection Failed
# Enable debug mode to see detailed logs
debug: true
# Check if runner can reach EKS endpoint
# Ensure security groups allow port 443 access
# Verify VPC endpoints are configured correctly
Private Registry Authentication Failed
# Verify credentials are correct
# Test registry connectivity from runner
# Check if registry supports Helm protocol version
Timeout Issues
# Increase timeout for private networks
timeout: 900
# Use --wait flag with Helm commands
helm upgrade --install my-app chart --wait --timeout 15m
Debug Checklist
- โ AWS credentials configured correctly
- โ Runner has network access to EKS API
- โ Security groups allow required ports
- โ Helm registry credentials are valid
- โ kubectl can connect to cluster
- โ Helm can list repositories and charts
๐ Migration from v1.0.0
Backward Compatibility
Your existing v1.0.0 workflows will continue to work unchanged:
# v1.0.0 style - still works in v2.0.0
env:
CLUSTER_NAME: my-cluster
REGION_CODE: us-west-2
with:
args: "helm install my-app bitnami/nginx"
New v2.0.0 Style
Take advantage of new features with input parameters:
# v2.0.0 style - recommended for new workflows
with:
cluster-name: my-cluster
region: us-west-2
private-cluster: true
helm-registry-url: https://harbor.company.com
args: "helm install my-app private-registry/my-app"
See the complete Migration Guide for detailed upgrade instructions.
๐ Examples Repository
Find comprehensive examples and use cases in our documentation:
- Basic Usage Examples
- Private Cluster Examples
- Private Registry Examples
- Advanced Scenarios
- Troubleshooting Guide
๐ค Contributing
We welcome contributions! Please see our Contributing Guidelines and Code of Conduct.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
๐ License
This project is licensed under the MIT License - see the LICENSE.md file for details.
๐ Changelog
v2.0.0 (Latest)
- โจ Added private EKS cluster support
- โจ Added private Helm repository authentication
- โจ Enhanced debugging and logging capabilities
- โจ Configurable kubectl and Helm versions
- โจ Improved error handling and connectivity testing
- โจ Added health checks and container validation
- โจ Dry run mode for testing configurations
- ๐ง Breaking: Some input parameter names changed for consistency
v1.0.0 (Legacy)
- โ Basic EKS and Helm functionality
- โ Public cluster support only
๐ Support
For questions, issues, or feature requests:
- ๐ง Email: dinushchathurya21@gmail.com
- ๐ Issues: GitHub Issues
- ๐ฌ Discussions: GitHub Discussions
๐ค Author
Made with โค๏ธ & โ by Dinush Chathurya as a part of ProjectOSS