Security fix: Replace hardcoded kubeconfig with KUBE_CONFIG secret

yassinsws · yassinsws · commit 6ec30f9ab34a · 2025-07-21T00:01:07.000+02:00
diff --git a/.github/workflows/deploy-auth-service.yml b/.github/workflows/deploy-auth-service.yml
@@ -86,32 +86,14 @@ jobs:
           helm version
 
       - name: Configure kubectl
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
         run: |
           echo "🔧 Configuring kubectl..."
           
-          # Set up kubectl configuration
+          # Set up kubectl configuration from secret
           mkdir -p $HOME/.kube
-          cat > $HOME/.kube/config << 'EOF'
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: "student"
-            cluster:
-              server: "https://rancher.ase.cit.tum.de/k8s/clusters/c-m-nhcfjg9h"
-          
-          users:
-          - name: "student"
-            user:
-              token: "kubeconfig-u-g7fbq4tzcsrjvb2:dtw5qr2nkwl5hl4r676dlmt7v9lh9bw5xgkp5l65pf6tr6ql79zsmm"
-          
-          contexts:
-          - name: "student"
-            context:
-              user: "student"
-              cluster: "student"
-          
-          current-context: "student"
-          EOF
+          echo "$KUBE_CONFIG" > $HOME/.kube/config
           chmod 600 $HOME/.kube/config
           
           echo "✅ Kubectl configured"
diff --git a/.github/workflows/deploy-client.yml b/.github/workflows/deploy-client.yml
@@ -88,32 +88,14 @@ jobs:
           helm version
 
       - name: Configure kubectl
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
         run: |
           echo "🔧 Configuring kubectl..."
           
-          # Set up kubectl configuration
+          # Set up kubectl configuration from secret
           mkdir -p $HOME/.kube
-          cat > $HOME/.kube/config << 'EOF'
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: "student"
-            cluster:
-              server: "https://rancher.ase.cit.tum.de/k8s/clusters/c-m-nhcfjg9h"
-          
-          users:
-          - name: "student"
-            user:
-              token: "kubeconfig-u-g7fbq4tzcsrjvb2:dtw5qr2nkwl5hl4r676dlmt7v9lh9bw5xgkp5l65pf6tr6ql79zsmm"
-          
-          contexts:
-          - name: "student"
-            context:
-              user: "student"
-              cluster: "student"
-          
-          current-context: "student"
-          EOF
+          echo "$KUBE_CONFIG" > $HOME/.kube/config
           chmod 600 $HOME/.kube/config
           
           echo "✅ Kubectl configured"
diff --git a/.github/workflows/deploy-document-service.yml b/.github/workflows/deploy-document-service.yml
@@ -86,32 +86,14 @@ jobs:
           helm version
 
       - name: Configure kubectl
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
         run: |
           echo "🔧 Configuring kubectl..."
           
-          # Set up kubectl configuration
+          # Set up kubectl configuration from secret
           mkdir -p $HOME/.kube
-          cat > $HOME/.kube/config << 'EOF'
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: "student"
-            cluster:
-              server: "https://rancher.ase.cit.tum.de/k8s/clusters/c-m-nhcfjg9h"
-          
-          users:
-          - name: "student"
-            user:
-              token: "kubeconfig-u-g7fbq4tzcsrjvb2:dtw5qr2nkwl5hl4r676dlmt7v9lh9bw5xgkp5l65pf6tr6ql79zsmm"
-          
-          contexts:
-          - name: "student"
-            context:
-              user: "student"
-              cluster: "student"
-          
-          current-context: "student"
-          EOF
+          echo "$KUBE_CONFIG" > $HOME/.kube/config
           chmod 600 $HOME/.kube/config
           
           echo "✅ Kubectl configured"
diff --git a/.github/workflows/deploy-genai-backend.yml b/.github/workflows/deploy-genai-backend.yml
@@ -88,32 +88,14 @@ jobs:
           helm version
 
       - name: Configure kubectl
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
         run: |
           echo "🔧 Configuring kubectl..."
           
-          # Set up kubectl configuration
+          # Set up kubectl configuration from secret
           mkdir -p $HOME/.kube
-          cat > $HOME/.kube/config << 'EOF'
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: "student"
-            cluster:
-              server: "https://rancher.ase.cit.tum.de/k8s/clusters/c-m-nhcfjg9h"
-          
-          users:
-          - name: "student"
-            user:
-              token: "kubeconfig-u-g7fbq4tzcsrjvb2:dtw5qr2nkwl5hl4r676dlmt7v9lh9bw5xgkp5l65pf6tr6ql79zsmm"
-          
-          contexts:
-          - name: "student"
-            context:
-              user: "student"
-              cluster: "student"
-          
-          current-context: "student"
-          EOF
+          echo "$KUBE_CONFIG" > $HOME/.kube/config
           chmod 600 $HOME/.kube/config
           
           echo "✅ Kubectl configured"
diff --git a/.github/workflows/deploy-genai-service.yml b/.github/workflows/deploy-genai-service.yml
@@ -86,32 +86,14 @@ jobs:
           helm version
 
       - name: Configure kubectl
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
         run: |
           echo "🔧 Configuring kubectl..."
           
-          # Set up kubectl configuration
+          # Set up kubectl configuration from secret
           mkdir -p $HOME/.kube
-          cat > $HOME/.kube/config << 'EOF'
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: "student"
-            cluster:
-              server: "https://rancher.ase.cit.tum.de/k8s/clusters/c-m-nhcfjg9h"
-          
-          users:
-          - name: "student"
-            user:
-              token: "kubeconfig-u-g7fbq4tzcsrjvb2:dtw5qr2nkwl5hl4r676dlmt7v9lh9bw5xgkp5l65pf6tr6ql79zsmm"
-          
-          contexts:
-          - name: "student"
-            context:
-              user: "student"
-              cluster: "student"
-          
-          current-context: "student"
-          EOF
+          echo "$KUBE_CONFIG" > $HOME/.kube/config
           chmod 600 $HOME/.kube/config
           
           echo "✅ Kubectl configured"
diff --git a/.github/workflows/deploy-infrastructure.yml b/.github/workflows/deploy-infrastructure.yml
@@ -52,32 +52,14 @@ jobs:
           helm version
 
       - name: Configure kubectl
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
         run: |
           echo "🔧 Configuring kubectl..."
           
-          # Set up kubectl configuration
+          # Set up kubectl configuration from secret
           mkdir -p $HOME/.kube
-          cat > $HOME/.kube/config << 'EOF'
-          apiVersion: v1
-          kind: Config
-          clusters:
-          - name: "student"
-            cluster:
-              server: "https://rancher.ase.cit.tum.de/k8s/clusters/c-m-nhcfjg9h"
-          
-          users:
-          - name: "student"
-            user:
-              token: "kubeconfig-u-g7fbq4tzcsrjvb2:dtw5qr2nkwl5hl4r676dlmt7v9lh9bw5xgkp5l65pf6tr6ql79zsmm"
-          
-          contexts:
-          - name: "student"
-            context:
-              user: "student"
-              cluster: "student"
-          
-          current-context: "student"
-          EOF
+          echo "$KUBE_CONFIG" > $HOME/.kube/config
           chmod 600 $HOME/.kube/config
           
           echo "✅ Kubectl configured"
