Validating apps against company policies in a CI pipeline

Use with

Code sample


- id: 'Prepare config'
  # This step builds the final manifests for the app
  # using kustomize and the configuration files
  # available in the repository.
  name: ''
  entrypoint: '/bin/sh'
  args: ['-c', 'mkdir tmp && kubectl kustomize config/prod > tmp/prod.yaml']
- id: 'Download policies'
  # This step fetches the policies from the Anthos Config Management repository
  # and consolidates every resource in a single directory.
  name: ''
  entrypoint: '/bin/sh'
  args: ['-c', 'kpt pkg get constraints
                  && cp -a constraints/* tmp/']
- id: 'Validate against policies'
  # This step validates that all resources comply with all policies.
  name: ''
  entrypoint: '/bin/sh'
  args: ['-c', 'kpt fn eval tmp/ --image']

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.