GitHub Action to deploy Helm Charts in EKS
This GitHub Action allows you to install and upgrade Helm Charts in Amazon EKS clusters, including private EKS clusters and private Helm repositories. Version 2.0.0 introduces comprehensive support for enterprise-grade private infrastructure with enhanced security and reliability features.
โจ Features
- ๐ Private EKS Cluster Support - Full support for private EKS clusters with proper network connectivity validation
- ๐ข Private Helm Repository Support - Authenticate and deploy from private Helm registries
- ๐ก๏ธ Enhanced Security - Improved authentication mechanisms and credential handling
- โก Configurable Versions - Choose specific kubectl and Helm versions
- ๐ Debug Mode - Comprehensive logging and troubleshooting capabilities
- โฑ๏ธ Timeout Control - Configurable timeouts for operations
- ๐งช Dry Run Mode - Test configurations without making actual changes
- ๐ฅ Health Checks - Built-in container health verification
๐ Quick Start
Basic Usage (Public EKS)
steps:
- name: Setup AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: $
aws-secret-access-key: $
aws-region: us-west-2
- name: Deploy to EKS
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: my-eks-cluster
region: us-west-2
args: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm upgrade --install my-app bitnami/nginx --namespace default
Private EKS Cluster
steps:
- name: Setup AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: $
aws-secret-access-key: $
aws-region: us-west-2
- name: Deploy to Private EKS
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: my-private-eks
region: us-west-2
private-cluster: true
timeout: 600
debug: true
args: |
helm upgrade --install my-app ./charts/my-app --namespace production --create-namespace
Private Helm Repository
steps:
- name: Setup AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: $
aws-secret-access-key: $
aws-region: us-west-2
- name: Deploy from Private Registry
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: my-eks-cluster
region: us-west-2
helm-registry-url: https://my-company-helm-registry.com/charts
helm-registry-username: $
helm-registry-password: $
args: |
helm repo update
helm upgrade --install my-private-app private-registry/my-app --namespace production
๐ Inputs
| Parameter | Description | Required | Default |
|---|---|---|---|
args |
Commands to execute for Helm operations | โ | - |
cluster-name |
EKS cluster name | โ | From env CLUSTER_NAME |
region |
AWS region where EKS cluster is located | โ | From env REGION_CODE |
private-cluster |
Set to true for private EKS clusters |
โ | false |
helm-registry-url |
Private Helm registry URL | โ | - |
helm-registry-username |
Username for private Helm registry | โ | - |
helm-registry-password |
Password for private Helm registry | โ | - |
helm-registry-insecure |
Allow insecure registry connections | โ | false |
kubectl-version |
Specific kubectl version to use | โ | 1.28.4 |
helm-version |
Specific Helm version to use | โ | 3.13.3 |
timeout |
Operation timeout in seconds | โ | 300 |
debug |
Enable debug logging | โ | false |
kubeconfig-path |
Custom kubeconfig file path | โ | /opt/kubernetes/config |
dry-run |
Show commands without executing | โ | false |
๐ Private EKS Clusters
When working with private EKS clusters, ensure your GitHub runner environment meets these requirements:
Network Requirements
- Self-hosted Runners: Deploy runners in the same VPC as your private EKS cluster
- VPC Endpoints: Configure VPC endpoints for AWS services if needed:
com.amazonaws.region.ekscom.amazonaws.region.stscom.amazonaws.region.s3(if using S3-based Helm repos)
- Security Groups: Ensure runners can reach:
- EKS API endpoint (port 443)
- Private Helm registries (typically port 443)
Example with VPC Configuration
# For self-hosted runners in private subnets
steps:
- name: Deploy to Private EKS
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: $
region: us-west-2
private-cluster: true
timeout: 900 # Increased timeout for private networks
debug: true # Enable for troubleshooting
args: |
# Verify connectivity first
kubectl cluster-info
helm list --all-namespaces
# Deploy application
helm upgrade --install my-app ./charts/my-app \
--namespace production \
--create-namespace \
--wait \
--timeout 10m
๐ข Private Helm Registries
Supported Registry Types
- Harbor: Private container and Helm registry
- Nexus Repository: Sonatype Nexus with Helm support
- Artifactory: JFrog Artifactory with Helm repositories
- AWS ECR: Amazon Elastic Container Registry (OCI format)
- Azure Container Registry: Microsoft ACR with Helm support
- Custom Registries: Any Helm-compatible private registry
Authentication Examples
Basic Authentication
with:
helm-registry-url: https://harbor.company.com/chartrepo/project
helm-registry-username: $
helm-registry-password: $
AWS ECR (OCI Format)
steps:
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v1
- name: Deploy from ECR
uses: open-source-srilanka/eks-helm-client-github-action@v2.0.0
with:
cluster-name: my-cluster
region: us-west-2
args: |
helm upgrade --install my-app oci://123456789012.dkr.ecr.us-west-2.amazonaws.com/my-charts/my-app \
--version 1.0.0 \
--namespace production
๐ ๏ธ Advanced Usage
Multiple Helm Repositories
with:
args: |
# Add multiple repositories
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add stable https://charts.helm.sh/stable
helm repo add private-registry https://registry.company.com/helm --username $HELM_USER --password $HELM_PASS
# Update all repositories
helm repo update
# Deploy from different repos
helm upgrade --install redis bitnami/redis --namespace cache --create-namespace
helm upgrade --install app private-registry/my-app --namespace production --create-namespace
Helm Values and Configurations
with:
args: |
# Deploy with custom values
helm upgrade --install my-app bitnami/nginx \
--namespace production \
--create-namespace \
--values values.yaml \
--set replicaCount=3 \
--set image.tag=latest \
--wait \
--timeout 10m
# Verify deployment
kubectl get pods -n production
helm status my-app -n production
Debug and Troubleshooting
with:
debug: true
timeout: 900
args: |
# Enable Helm debug mode
export HELM_DEBUG=true
# Check cluster connectivity
kubectl cluster-info dump --output-directory=/tmp/cluster-info
# List existing releases
helm list --all-namespaces
# Deploy with verbose output
helm upgrade --install my-app ./charts/my-app \
--namespace production \
--create-namespace \
--debug \
--dry-run
๐งช Testing and Validation
Dry Run Mode
with:
dry-run: true
args: |
helm upgrade --install my-app bitnami/nginx --namespace test --dry-run
Connectivity Testing
with:
debug: true
args: |
# Test cluster access
kubectl auth can-i '*' '*' --all-namespaces
# Test Helm functionality
helm version
helm repo list
# Validate charts
helm lint ./charts/my-app
helm template my-app ./charts/my-app --validate
๐ง Troubleshooting
Common Issues
Private EKS Connection Failed
# Enable debug mode to see detailed logs
debug: true
# Check if runner can reach EKS endpoint
# Ensure security groups allow port 443 access
# Verify VPC endpoints are configured correctly
Private Registry Authentication Failed
# Verify credentials are correct
# Test registry connectivity from runner
# Check if registry supports Helm protocol version
Timeout Issues
# Increase timeout for private networks
timeout: 900
# Use --wait flag with Helm commands
helm upgrade --install my-app chart --wait --timeout 15m
Debug Checklist
- โ AWS credentials configured correctly
- โ Runner has network access to EKS API
- โ Security groups allow required ports
- โ Helm registry credentials are valid
- โ kubectl can connect to cluster
- โ Helm can list repositories and charts
๐ Migration from v1.0.0
Backward Compatibility
Your existing v1.0.0 workflows will continue to work unchanged:
# v1.0.0 style - still works in v2.0.0
env:
CLUSTER_NAME: my-cluster
REGION_CODE: us-west-2
with:
args: "helm install my-app bitnami/nginx"
New v2.0.0 Style
Take advantage of new features with input parameters:
# v2.0.0 style - recommended for new workflows
with:
cluster-name: my-cluster
region: us-west-2
private-cluster: true
helm-registry-url: https://harbor.company.com
args: "helm install my-app private-registry/my-app"
See the complete Migration Guide for detailed upgrade instructions.
๐ Examples Repository
Find comprehensive examples and use cases in our documentation:
- Basic Usage Examples
- Private Cluster Examples
- Private Registry Examples
- Advanced Scenarios
- Troubleshooting Guide
๐ค Contributing
We welcome contributions! Please see our Contributing Guidelines and Code of Conduct.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
๐ License
This project is licensed under the MIT License - see the LICENSE.md file for details.
๐ Changelog
v2.0.0 (Latest)
- โจ Added private EKS cluster support
- โจ Added private Helm repository authentication
- โจ Enhanced debugging and logging capabilities
- โจ Configurable kubectl and Helm versions
- โจ Improved error handling and connectivity testing
- โจ Added health checks and container validation
- โจ Dry run mode for testing configurations
- ๐ง Breaking: Some input parameter names changed for consistency
v1.0.0 (Legacy)
- โ Basic EKS and Helm functionality
- โ Public cluster support only
๐ Support
For questions, issues, or feature requests:
- ๐ง Email: dinushchathurya21@gmail.com
- ๐ Issues: GitHub Issues
- ๐ฌ Discussions: GitHub Discussions
๐ค Author
Made with โค๏ธ & โ by Dinush Chathurya as a part of ProjectOSS