With this orb, you can quickly validate and enforce policies on Kubernetes resources in CircleCI workflows.
Note: To use this orb you need a valid Styra account, if you do not have one already, visit https://styra.com
Go to https://youraccount.styra.com -> Settings -> API Tokens -> Add API token
Systems are displayed on the left-hand side. To add a new one, click the + next to the word "Systems" and fill
System name: a human-friendly name, so you remember which cluster is which
Description: more details about this cluster
Read-only: set to true only if you want to stop people from editing the policy in the GUI
Enable guardrails/rules you want to put in place for CircleCI checks
Note: Toggle the mode for the above rules from monitor mode to enforced
Click on publish
Setup the config.yml to call the styra-policy-check job.
Example:
version: 2.1
orbs:
styra-orb: styra/cli@0.0.7
workflows:
version: 2.1
check-workflow:
jobs:
- styra-orb/styra-policy-check:
context: SystemID_b6c4e9e6e9fa410991061f3fa3b3d0ca
Important: Specify the following Environment variables in your CircleCI project
$STYRA_TOKEN (Supply the API token generated in Step 1.)
$STYRA_TENANT (E.g., youraccount.styra.com)
System id can be retrieved from https://youraccount.styra.com -> System -> Settings. Specify this value for system_id variable in .styra.yaml
cat > .styra.yaml <<EOF
checks:
foo:
system_id: b52e42c6ab574d9ab8bc5e7a86ce72ea
Files:
- k8s/prod/*.yaml
- k8s/*/*.yaml
EOF