You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+47-14Lines changed: 47 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,32 +30,65 @@ For more information, reference the GitHub Help Documentation for [Creating a wo
30
30
31
31
For more information on inputs, see the [API Documentation](https://developer.github.com/v3/repos/releases/#input)
32
32
33
-
-`version`: The kind version to use (default: `v0.7.0`)
34
-
-`config`: The path to the kind config file
35
-
-`node_image`: The Docker image for the cluster nodes
36
-
-`cluster_name`: The name of the cluster to create (default: `chart-testing`)
37
-
-`wait`: The duration to wait for the control plane to become ready (default: `60s`)
38
-
-`log_level`: The log level for kind
33
+
- 'include_namespaces': Namespaces to include in the scan - defaults to all
34
+
- 'exclude_namespaces': Namespaces to exclude in the scan - defaults to kube-system,istio-system
35
+
- 'output_file: Scan result file name. You can publish this artifact in a later step.
36
+
- 'fail_on_critical': Fail the task if critical findings observed.
37
+
- 'policy_profile:Alcide policy profile the cluster will be scanned against.
38
+
- 'policy_profile_id': The profile id with which cluster should be scanned. Note - Alcide Api Key is required to run a scan with customized profile
39
+
- 'alcide_apikey': Alcide API Key - to run advisor scan with customized profile an api-key is needed - login to your account to obtain one
40
+
- 'alcide_apiserver': Alcide API Server - The api server provisioned to your account
39
41
40
42
### Example Workflow
41
43
42
-
Create a workflow (eg: `.github/workflows/create-cluster.yml`):
44
+
Create a workflow (eg: `.github/workflows/test.yml`):
43
45
44
46
```yaml
45
-
name: Create Cluster
47
+
name: Alcide Advisor Workflow Example
46
48
47
-
on: pull_request
49
+
on:
50
+
pull_request:
51
+
push:
52
+
branches:
53
+
- '*'
54
+
- '!master'
48
55
49
56
jobs:
50
-
create-cluster:
57
+
advisor-test:
51
58
runs-on: ubuntu-latest
52
59
steps:
53
-
- name: Create k8s Kind Cluster
54
-
uses: alcideio/advisor-action@v1.0.0-alpha.3
60
+
- name: Checkout
61
+
uses: actions/checkout@v1
62
+
63
+
- name: Launch Cluster
64
+
uses: helm/kind-action@v1.0.0-alpha.3
65
+
with:
66
+
version: v0.7.0
67
+
name: kruzer
68
+
node_image: kindest/node:v1.16.4
69
+
wait: 5m
70
+
install_local_path_provisioner: true
71
+
72
+
- name: Test
73
+
run: |
74
+
kubectl cluster-info
75
+
kubectl get storageclass standard
76
+
77
+
- name: Scan Local Cluster
78
+
uses: alcideio/advisor-action@v1.0.0
79
+
with:
80
+
exclude_namespaces: '-'
81
+
include_namespaces: '*'
82
+
output_file: 'advisor-scan.html'
83
+
84
+
- name: Upload Alcide Advisor Scan Report
85
+
uses: actions/upload-artifact@v1
86
+
with:
87
+
name: advisor-scan.html
88
+
path: advisor-scan.html
55
89
```
56
90
57
-
This uses [@alcideio/advisor-action](https://www.github.com/alcideio/advisor-action) GitHub Action to spin up a [kind](https://kind.sigs.k8s.io/) Kubernetes cluster on every Pull Request.
58
-
See [@helm/chart-testing-action](https://www.github.com/helm/chart-testing-action) for a more practical example.
91
+
This uses [@alcideio/advisor-action](https://www.github.com/alcideio/advisor-action) GitHub Action to security scan your Kubernetes cluster configuration.
0 commit comments