CI Integration
There are several options for integrating the various components in this project into a useful CI/CD pipeline. One possible option is depicted below.
In this flow, the Analysis and Synthesis phase is manually triggered by the DevOps team. This results in a new PR, containing the synthesized network policies. Opening the PR triggers a run of the other components, which provide the connectivity map, connectivity diff, and policy verification results as PR comments.
To enable CI/CD integrations, this project provides several GitHub Actions as well as Tekton Tasks. Use the table below to get the relevant CI-stage encapsulation for your needs.
| CI stage | GitHub Action | Tekton Task |
|---|---|---|
| Analysis & Synthesis | link | link |
| Connectivity map | link | link |
| Connectivity diff | link | link |
| Connectivity verification | link | link |
A sample implementation of the CI pipeline depicted above for a demo Kubernetes application using our GitHub Actions can be found here. See a resulting PR here.
A sample implementation of the CI pipeline depicted above for a demo Kubernetes application using our Tekton Tasks can be found here. See a resulting PR here.
