Deploy Helm chart to AWS EKS Cluster


Deploy Helm chart to AWS EKS Cluster


Deploy Helm chart to AWS EKS Cluster

Deploy a helm chart to an Amazon EKS cluster using IAM authentication


EKS deployments with Helm

GitHub action for deploying to AWS EKS clusters using helm.

Note: If your EKS cluster administrative access is in a private network, you will need to use a self hosted runner in that network to use this action.


Note on chart repository / oci registry

Although Helm repositories are different than OCI registries, the chart-repository variable supports both options.

See example below for reference, but should be similar to using a repo.

Note on charts list command

You can use the name as a way to filter results, or just leave it blank to get all the charts available.


Following inputs can be used as step.with keys

Name Type Description
aws-secret-access-key String AWS secret access key part of the aws credentials. This is used to login to EKS.
aws-access-key-id String AWS access key id part of the aws credentials. This is used to login to EKS.
aws-region String AWS region to use. This must match the region your desired cluster lies in.
cluster-name String The name of the desired cluster.
cluster-role-arn String If you wish to assume an admin role, provide the role arn here to login as.
action String Determines if we install/uninstall the chart, or list. (Optional, Defaults to install)
dry-run Boolean Toggles dry-run option for install/uninstall action. (Defaults to false)
config-files String Comma separated list of helm values files.
namespace String Kubernetes namespace to use. Will create if it does not exist
values String Comma separated list of value set for helms. e.x:key1=value1,key2=value2
name String The name of the helm release
chart-path String The path to the chart. (defaults to helm/)
chart-repository String The URL of the chart-repository (Optional) Note: If oci based registry, set url to oci://
version String The version of the chart (Optional)
plugins String Comma separated list of plugins to install. e.x:, (defaults to none)
timeout String The value of the timeout for the helm release
update-deps Boolean Update chart dependencies
helm-wait String Add the helm --wait flag to the helm Release (Optional)
atomic String Add the helm --atomic flag if set (Optional)
ca-file String Verify certificates of HTTPS-enabled servers using this CA bundle.
cert-file String Identify HTTPS client using this SSL certificate file.
key-file String Identify HTTPS client using this SSL key file.
insecure-skip-tls-verify String Skip tls certificate checks for the chart download.
pass-credentials String Pass credentials to all domains. set (Optional)
username String Chart repository username where to locate the requested chart.
password String Chart repository password where to locate the requested chart.
use-secrets-vals Boolean Use secrets plugin using vals to evaluate the secrets
helm-extra-args String Append any string containing any extra option that might escape the ones present in this action.

Example 1 - local repo chart

    - name: Deploy Helm
      uses: bitovi/[email protected]
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2
        cluster-name: mycluster
        config-files: .github/values/dev.yaml
        chart-path: chart/
        namespace: dev
        values: key1=value1,key2=value2
        name: release_name

Example 2 - Custom Chart Repo

    - name: Deploy Helm
      uses: bitovi/[email protected]
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2
        cluster-name: mycluster
        cluster-role-arn: ${{ secrets.AWS_ROLE_ARN }}
        config-files: fluent-bit/prod/values.yaml
        chart-path: fluent/fluent-bit
        namespace: logging
        name: fluent-bit
        version: 0.20.6
        atomic: true

Example 3 - OCI Chart Repo

    - name: Deploy Helm
      uses: bitovi/[email protected]
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2
        cluster-name: mycluster
        cluster-role-arn: ${{ secrets.AWS_ROLE_ARN }}
        chart-repository: oci://
        chart-path: organization/chart
        namespace: org
        name: some-name
        version: 0.1.0

Example 4 - Separate AWS login

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v2
        role-to-assume: arn:aws:iam::${{ }}:role/${{ }}
        aws-region: ${{ }}

    - name: Install Helm Chart
      uses: bitovi/[email protected]
        aws-region: ${{ }}
        cluster-name: eks-cluster-${{ env.environment }}
        ... (put your other arguments here)

Example 5 - Use secrets with vals backend

    - name: Deploy Helm
      uses: bitovi/[email protected]
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2
        cluster-name: mycluster
        config-files: .github/values/dev.yaml
        chart-path: chart/
        namespace: dev
        values: key1=value1,key2=value2
        name: release_name
        use-secrets-vals: true

Example 6 - Use with S3 as repo

    - name: Deploy S3 Helm chart
      uses: bitovi/[email protected]
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2
        chart-repository: s3://my-s3-bucket/
        chart-path: my-service/my-service
        version: 0.1.0
        cluster-name: mycluster
        namespace: dev
        name: my_service_name

Example Uninstall

    - name: Deploy Helm
      uses: bitovi/[email protected]
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2
        action: uninstall
        cluster-name: mycluster
        namespace: dev
        name: release_name

Example List

    - name: Deploy Helm
      uses: bitovi/[email protected]
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-west-2
        action: list
        namespace: dev
        name: release_name


We would love for you to contribute to bitovi/github-actions-deploy-eks-helm. Issues and Pull Requests are welcome!


The scripts and documentation in this project are released under the MIT License.

