“Struggling with CI/CD Deployment to EC2 Kubernetes Cluster”

bhargav.n · September 7, 2025, 7:34pm

Hi All,

I’m working on a DevOps project that involves automating a CI/CD pipeline for a sample Python application hosted on GitHub. The pipeline includes code checkout, SonarQube analysis, Docker image creation, and deployment to a Kubernetes cluster running on an EC2 instance.

I’ve made good progress so far:

Docker image builds and pushes successfully
GitHub Actions workflow is configured with secrets and matrix builds
Terraform provisions the EC2 instance
k3s is installed with --tls-san for public IP
Kubeconfig is base64-encoded and injected into the workflow

But I’m stuck at the final deployment step.

0s

6s

Run echo “ Deploying to EC2-hosted Kubernetes (TLS bypass)…”

Deploying to EC2-hosted Kubernetes (TLS bypass)…

error: error validating “k8s/deployment.yaml”: error validating data: failed to download openapi: the server has asked for the client to provide credentials; if you choose to ignore these errors, turn validation off with --validate=false

Error: Process completed with exit code 1.

raymond.baoly · September 8, 2025, 10:29am

Hi @bhargav.n

Please share at least the GitHub Actions YAML file where you are getting this error.

bhargav.n · September 9, 2025, 5:56am

name: CI/CD Pipeline

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:

jobs:
build:
runs-on: ubuntu-latest

strategy:
  matrix:
    python-version: [3.8, 3.9]

steps:
  - name: Checkout code
    uses: actions/checkout@v3

  - name: Set up Python
    uses: actions/setup-python@v4
    with:
      python-version: ${{ matrix.python-version }}

  - name: Set up Docker Buildx
    uses: docker/setup-buildx-action@v2

  - name: Log in to Docker Hub
    uses: docker/login-action@v2
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}

  - name: Build and Push Docker Image
    uses: docker/build-push-action@v5
    with:
      context: .
      file: ./Dockerfile
      push: true
      tags: ${{ secrets.DOCKER_USERNAME }}/devops-app:${{ github.sha }}

  - name: Set up kubeconfig for EC2 cluster
    run: |
      mkdir -p $HOME/.kube
      echo "${{ secrets.KUBECONFIG_DATA }}" | base64 -d > $HOME/.kube/config

  - name: Deploy to EC2 Kubernetes (TLS bypass)
    run: |
      echo "🚀 Deploying to EC2-hosted Kubernetes (TLS bypass)..."
      kubectl apply -f k8s/deployment.yaml --insecure-skip-tls-verify
      kubectl apply -f k8s/service.yaml --insecure-skip-tls-verify

  - name: Verify rollout status (TLS bypass)
    run: |
      echo "🔍 Checking rollout status..."
      kubectl rollout status deployment/devops-app --insecure-skip-tls-verify

raymond.baoly · September 9, 2025, 10:37am

Hi @bhargav.n

Have you set up the kubeconfig so GitHub can access the Kubernetes cluster? Also, please share the contents of the k8s/deployment.yaml file.