Validating apps against company policies in a CI pipeline

Use with https://cloud.google.com/anthos-config-management/docs/tutorials/app-policy-validation-ci-pipeline

Code sample

YAML

steps:
- id: 'Prepare config'
  # This step builds the final manifests for the app
  # using kustomize and the configuration files
  # available in the repository.
  name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
  entrypoint: '/bin/sh'
  args: ['-c', 'mkdir tmp && kubectl kustomize config/prod > tmp/prod.yaml']
- id: 'Download policies'
  # This step fetches the policies from the Anthos Config Management repository
  # and consolidates every resource in a single directory.
  name: 'gcr.io/kpt-dev/kpt:v1.0.0-beta.3'
  entrypoint: '/bin/sh'
  args: ['-c', 'kpt pkg get https://github.com/GoogleCloudPlatform/csp-config-management.git/ci-app/acm-repo/cluster@1.0.0 constraints
                  && cp -a constraints/* tmp/']
- id: 'Validate against policies'
  # This step validates that all resources comply with all policies.
  name: 'gcr.io/kpt-dev/kpt:v1.0.0-beta.3'
  entrypoint: '/bin/sh'
  args: ['-c', 'kpt fn eval tmp/ --image gcr.io/kpt-fn/gatekeeper:v0']

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.