Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
shield

GitHub Action

K8s NetworkPolicy Diff

v1.0.0

K8s NetworkPolicy Diff

shield

K8s NetworkPolicy Diff

Produce a network-connectivity diff between two versions of a your K8s app

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: K8s NetworkPolicy Diff

              
  uses: np-guard/[email protected]
Learn more about this action in np-guard/netpol-diff-gh-action

Choose a version

Diff cluster connectivity

About

This action produces a semantic diff of the expected connectivity in a given Kubernetes cluster, as dictated by resource-defining YAML files in a GitHub repository. The action will compare the connectivity before and after commits which change the cluster's endpoints (e.g., Deployments) or its NetworkPolicies.

An example diff output (in md format):

query src_ns src_pods dst_ns dst_pods connection
Added connections
[demo] [ui] [demo] [query-service] TCP 8080
[demo] [cli-service] [demo] [ui] All connections
Removed connections
[demo] [ui] [demo] [query-service] UDP 8080
[demo] ip block: 0.0.0.0/0 [demo] [query-service] All connections

This action is part of a wider attempt to provide shift-left automation for generating and maintaining Kubernetes Network Policies.

Inputs

old-path

(Required) The path in the GitHub Workspace where the old version was checked-out

new-path

(Required) The path in the GitHub Workspace where the new version was checked-out

output-format

(Optional) The format in which to output verifitaion results. Either "md" (default), "yaml" or "txt".

Outputs

diff-results-artifact

The name of the GitHub Action artifact containing diff results

diff-results-file

The name of the actual file in the artifact, which contains diff results

Usage examples

Compare changes made in a PR to the branch base (results are stored as Action artifact)

name: network-connectivity-diff
on:
  pull_request:

jobs:
  diff-netpols:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        path: new
    - uses: actions/checkout@v2
      with:
        ref: ${{ github.base_ref }}
        path: old
    - name: Diff versions
      uses: shift-left-netconfig/netpol-diff-gh-action@v1
      with:
        new-path: new
        old-path: old

Compare changes made in a PR to the branch base and store as a PR comment

name: network-connectivity-diff
on:
  pull_request:

jobs:
  diff-netpols:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        path: new
    - uses: actions/checkout@v2
      with:
        ref: ${{ github.base_ref }}
        path: old
    - name: Diff versions
      id: diff-versions
      uses: shift-left-netconfig/netpol-diff-gh-action@v1
      with:
        new-path: new
        old-path: old
    - uses: actions/download-artifact@v2
      with:
        name: ${{ steps.diff-versions.outputs.diff-results-artifact }}
    - name: comment PR
      uses: machine-learning-apps/[email protected]
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        path: ${{ steps.diff-versions.outputs.diff-results-file }}