When automating deployments to a Rackspace Spot Kubernetes cluster (Cloudspace) via GitHub Actions, you might encounter a frustrating issue: the official spotctl CLI crashes with a segmentation fault (SIGSEGV).

The Problem

If you attempt to fetch your Kubernetes config using spotctl inside a GitHub Actions runner like this:

      - name: Get Kubernetes Config
        env:
          SPOT_TOKEN: ${{ secrets.SPOT_TOKEN }}
        run: |
          mkdir -p ~/.kube
          spotctl cloudspaces get-config --org nmartindev --name nick-56 > ~/.kube/config

You might be greeted by a Go runtime panic:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x846ac2]

goroutine 1 [running]:
github.com/rackspace-spot/spotctl/cmd.init.func3(...)

This bug prevents your pipeline from obtaining the kubeconfig necessary to deploy your applications.

The Solution

Fortunately, spotctl is just a wrapper around the Rackspace Spot REST API. We can bypass the CLI entirely and use standard tools like curl and jq to fetch the configuration.

Here is a drop-in replacement for the GitHub Actions step that calls the API directly:

      - name: Fetch kubeconfig via Spot API
        env:
          SPOT_TOKEN: ${{ secrets.SPOT_TOKEN }}
        run: |
          mkdir -p ~/.kube
          curl -sf -X POST \
            https://spot.rackspace.com/apis/auth.ngpc.rxt.io/v1/generate-kubeconfig \
            -H "Content-Type: application/json" \
            -d "{\"organization_name\":\"YOUR_ORG_NAME\",\"cloudspace_name\":\"YOUR_CLOUDSPACE_NAME\",\"refresh_token\":\"$SPOT_TOKEN\"}" \
          | jq -r '.data.kubeconfig' > ~/.kube/config
          chmod 600 ~/.kube/config

Why this works:

1. We send an authenticated POST request to the generate-kubeconfig endpoint.
2. We pass the necessary JSON payload containing your organization name, cloudspace name, and the API token (SPOT_TOKEN).
3. We pipe the JSON response into jq, which cleanly extracts the raw kubeconfig string from .data.kubeconfig and saves it to ~/.kube/config.

By bypassing spotctl, you eliminate the segmentation fault while maintaining the security of dynamically fetching your cluster credentials on every run!