kubectl in CI/CD Pipelines

Integrating kubectl into CI/CD pipelines automates Kubernetes deployments, ensuring consistent and repeatable releases.

kubectl in GitHub Actions

A typical workflow authenticates to the cluster and applies manifests:

name: Deploy to Kubernetes
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up kubectl
        uses: azure/setup-kubectl@v3

      - name: Configure kubeconfig
        run: |
          echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config
        env:
          KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }}

      - name: Deploy
        run: |
          kubectl set image deployment/myapp \
            myapp=myregistry/myapp:${{ github.sha }}
          kubectl rollout status deployment/myapp --timeout=300s

Image Tagging Strategies

Use deterministic tags tied to your CI pipeline rather than mutable tags like latest:

# Tag with Git SHA for traceability
docker build -t myregistry/myapp:${GITHUB_SHA} .

# Update the deployment image
kubectl set image deployment/myapp \
  myapp=myregistry/myapp:${GITHUB_SHA}

# Verify the rollout succeeded
kubectl rollout status deployment/myapp

Rollout Strategies

Control how updates are delivered to minimize downtime:

# Check current rollout strategy
kubectl get deployment myapp -o jsonpath='{.spec.strategy}'

# Trigger a rolling update
kubectl set image deployment/myapp myapp=myregistry/myapp:v2.0.0

# Pause a rollout for manual verification
kubectl rollout pause deployment/myapp

# Resume after validation
kubectl rollout resume deployment/myapp

# Rollback if something goes wrong
kubectl rollout undo deployment/myapp

Using rollout status in your pipeline ensures the job fails if pods do not become ready, providing fast feedback on broken deployments.