Kubernetes Deployment

This page covers Kubernetes-specific concepts: manifest templating, secrets, obtaining kubeconfig from IONOS Cloud, verifying, rollback, and cleanup.

Manifest Templating

The file kubernetes_config.tpl contains ${BACKEND_IMAGE} and ${FRONTEND_IMAGE} placeholders. During CI the workflow exports these env vars and runs:

envsubst < kubernetes_config.tpl > kubernetes_config.yaml

So the resulting applied file references the exact immutable image tags from the release tag.

Snippet

apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend
spec:
  template:
    spec:
      containers:
      - name: backend
        image: ${BACKEND_IMAGE}  # substituted in CI

Secrets

Runtime API keys are injected via a recreated generic secret secrets:

kubectl delete secret secrets --ignore-not-found
kubectl create secret generic secrets \
  --from-literal=IONOS_API_KEY=*** \
  --from-literal=TAVILY_API_KEY=***

Deployments reference them with valueFrom.secretKeyRef.

Obtaining kubeconfig from IONOS Cloud

You need the kubeconfig file to let both local kubectl and CI access the cluster.

Console Steps

Sign in to the IONOS Cloud Console (dashboard home).
In the left sidebar click Containers.
Click Managed Kubernetes.
Select your cluster (e.g. ionos-chatbot-starter-pack).
In the Cluster Settings view click the download button next to kubeconfig.yaml.
Save the file securely (e.g., ~/kube/cluster-admin.yaml).
(Optional) Review / redact before storing as a secret.

Steps to get your KubeConfig from IONOS Cloud:

Step 1: Dashboard Home – landing Step 2: Step 3: Cluster Settings – download kubeconfig.yaml

Add kubeconfig as GitHub Secret

Open the file → copy all contents.
GitHub: Settings → Secrets and variables → Actions → New repository secret.
Name: KUBE_CONFIG.
Paste → Save.

CI/CD Pipeline Docker