Question

Continuous deployment with k8s, is this right way to manage API token?

Posted October 28, 2020 116 views
CI/CDKubernetes

I just set CD on DO k8s with github actions.

When I deploy to DO k8s, I get authentication to DO k8s with my API token, which looks like

doctl auth init -t ${{ secrets.DO_TOKEN}}

Although it works like a charm. Everytime I make a deployment, I can see my API token generating in the API token page(cloud.digitalocean.com/account/api/tokens), which means If there would 10 deployments a day, I would got 20 tokens a day.

Is it fine? or am I doing something wrong?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hello @johnwook

I might be wrong here because I’m not too familiar with GitHub actions. I think you should be able to add the secret in GitHub GUI as environment variable securely then reuse it in all the deployments.

We have a blog post which might help you in setting it up:

https://www.digitalocean.com/blog/how-to-deploy-to-digitalocean-kubernetes-with-github-actions/

Cheers,

Dikshith

Let me know if you’d like more detail, but I believe what I did was:

  • Create a service account in my K8s cluster with exactly the permissions I wanted it to have (update deployments for example).
  • Use that service account’s token for the GitHub action secret

That way you don’t have to give GitHub actions your global DO credentials.

Submit an Answer