GitHub Action
K8s NetworkPolicy Connectivity Report
This action produces cluster-connectivity reports for your K8s-based application. It will first extract the cluster's connectivity graph by scanning your repository for YAML files containing endpoint resources (e.g., Deployments) or connectivity resources (Kubernetes NetworkPolicies). It will then summarize the cluster connectivity in either a consice textual report or a graphical representation.
An example connectivity report (in md format):
query | src_ns | src_pods | dst_ns | dst_pods | connection |
---|---|---|---|---|---|
[default] | [app in (checkoutservice,frontend,recommendationservice)] | [default] | [productcatalogservice] | TCP 3550 | |
[default] | [app in (checkoutservice,frontend)] | [default] | [shippingservice] | TCP 50051 | |
[default] | [frontend] | [default] | [checkoutservice] | TCP 5050 | |
[default] | [cartservice] | [default] | [redis-cart] | TCP 6379 | |
[default] | [app in (checkoutservice,frontend)] | [default] | [currencyservice] | TCP 7000 | |
[default] | [app in (checkoutservice,frontend)] | [default] | [cartservice] | TCP 7070 | |
ip block: 0.0.0.0/0 | [default] | [frontend] | TCP 8080 | ||
[default] | [checkoutservice] | [default] | [emailservice] | TCP 8080 | |
[default] | [frontend] | [default] | [recommendationservice] | TCP 8080 | |
[default] | [loadgenerator] | [default] | [frontend] | TCP 8080 | |
[default] | [frontend] | [default] | [adservice] | TCP 9555 |
This action is part of a wider attempt to provide shift-left automation for generating and maintaining Kubernetes Network Policies.
(Optional) The path in the GitHub workspace where deployment yamls are. Default is . (scanning the whole repository).
(Optional) The path in the GitHub workspace where the NetworkPolicy yamls are stored. Default is . (scanning the whole repository).
(Optional) Connectivity report format: either "md" (default), "yaml", "csv", "dot" or "txt".
The name of the artifact containing the connectivity report
The name of the actual file in the artifact, which contains the connectivity report
name: report-network-connectivity
on:
workflow_dispatch:
jobs:
report-connectivity:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: np-guard/netpol-reports-gh-action@v2
with:
output-format: csv
name: report-network-connectivity
on:
pull_request:
jobs:
report-connectivity:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Produce connectivity report
id: conn-report
uses: np-guard/netpol-reports-gh-action@v2
- uses: actions/download-artifact@v2
with:
name: ${{ steps.conn-report.outputs.conn-results-artifact }}
- run: gh pr comment ${{ github.event.number }} -F ${{ steps.conn-report.outputs.conn-results-file }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}