34 lines
1.4 KiB
Markdown
34 lines
1.4 KiB
Markdown
# helm-deploy
|
|
|
|
Deploy a service to Kubernetes via Helm over SSH.
|
|
|
|
## Inputs
|
|
|
|
| Input | Required | Default | Description |
|
|
|-------|----------|---------|-------------|
|
|
| `service-name` | Yes | — | Helm release name |
|
|
| `helm-cluster` | Yes | — | Cluster to deploye to (one of `internal_stage` or `internal_prod`) |
|
|
| `image-tag` | Yes | — | Docker image tag to deploy |
|
|
| `ssh-key` | Yes | — | Private SSH key content |
|
|
| `overrides-file` | No | `kubernetes/overrides-pu.yaml` | Local path to Helm values override file |
|
|
| `namespace` | No | `dsp` | Kubernetes namespace |
|
|
| `helm-repo` | No | `nexus-helm-repository` | Helm chart repository name |
|
|
| `helm-chart` | No | `DSP-Blueprint` | Chart name in the repository |
|
|
|
|
## Usage
|
|
|
|
```yaml
|
|
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/helm-deploy@helm-deploy-v1
|
|
with:
|
|
service-name: my-service
|
|
helm-host: dsp1-stage.schmalzgroup.net
|
|
image-tag: ${{ github.sha }}
|
|
ssh-key: ${{ secrets.HELM_SSH_KEY }}
|
|
```
|
|
|
|
## Notes
|
|
|
|
- The SSH key is written to a temporary file with `600` permissions and removed after the job, even on failure.
|
|
- The overrides file is copied to the remote host via `scp` before the Helm upgrade.
|
|
- `helm upgrade --install` is run with `--atomic` so a failed release is automatically rolled back.
|
|
- `StrictHostKeyChecking=no` is used; ensure the host is trusted within your network or add host verification as needed.
|