Skip to content
shield

GitHub Action

K8s NetworkPolicy Connectivity Report

v2.0.0 Latest version

K8s NetworkPolicy Connectivity Report

shield

K8s NetworkPolicy Connectivity Report

Produce a network-connectivity report of your K8s application

Installation

Copy and paste the following snippet into your .yml file.

              

- name: K8s NetworkPolicy Connectivity Report

uses: np-guard/[email protected]

Learn more about this action in np-guard/netpol-reports-gh-action

Choose a version

Produce cluster-connectivity reports

About

This action produces cluster-connectivity reports for your K8s-based application. It will first extract the cluster's connectivity graph by scanning your repository for YAML files containing endpoint resources (e.g., Deployments) or connectivity resources (Kubernetes NetworkPolicies). It will then summarize the cluster connectivity in either a consice textual report or a graphical representation.

An example connectivity report (in md format):

query src_ns src_pods dst_ns dst_pods connection
[default] [app in (checkoutservice,frontend,recommendationservice)] [default] [productcatalogservice] TCP 3550
[default] [app in (checkoutservice,frontend)] [default] [shippingservice] TCP 50051
[default] [frontend] [default] [checkoutservice] TCP 5050
[default] [cartservice] [default] [redis-cart] TCP 6379
[default] [app in (checkoutservice,frontend)] [default] [currencyservice] TCP 7000
[default] [app in (checkoutservice,frontend)] [default] [cartservice] TCP 7070
ip block: 0.0.0.0/0 [default] [frontend] TCP 8080
[default] [checkoutservice] [default] [emailservice] TCP 8080
[default] [frontend] [default] [recommendationservice] TCP 8080
[default] [loadgenerator] [default] [frontend] TCP 8080
[default] [frontend] [default] [adservice] TCP 9555

This action is part of a wider attempt to provide shift-left automation for generating and maintaining Kubernetes Network Policies.

Inputs

deployment-path

(Optional) The path in the GitHub workspace where deployment yamls are. Default is . (scanning the whole repository).

netpol-path

(Optional) The path in the GitHub workspace where the NetworkPolicy yamls are stored. Default is . (scanning the whole repository).

output-format

(Optional) Connectivity report format: either "md" (default), "yaml", "csv", "dot" or "txt".

Outputs

conn-results-artifact

The name of the artifact containing the connectivity report

conn-results-file

The name of the actual file in the artifact, which contains the connectivity report

Usage examples

A manually-triggered action for creating a csv report (result is stored in an Action artifact)

name: report-network-connectivity
on:
  workflow_dispatch:

jobs:
  report-connectivity:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: np-guard/netpol-reports-gh-action@v2
        with:
          output-format: csv

Automatically add a connectivity report as a PR comment

name: report-network-connectivity
on:
  pull_request:

jobs:
  report-connectivity:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Produce connectivity report
        id: conn-report
        uses: np-guard/netpol-reports-gh-action@v2
      - uses: actions/download-artifact@v2
        with:
          name: ${{ steps.conn-report.outputs.conn-results-artifact }}
      - run: gh pr comment  ${{ github.event.number }} -F ${{ steps.conn-report.outputs.conn-results-file }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}