Integrate kube-score into github actions for Helm charts

varshith — Thu, 22 Jun 2023 09:28:54 +0000

Kube Score is a powerful open-source tool designed to evaluate the security posture of Helm charts. By integrating kube-score into GitHub Actions, you can easily check the security context of your Helm charts as part of your CI/CD pipeline. In this blog post, we will guide you through the process of setting up kube-score within GitHub Actions to ensure the security of your deployments.

Step 1: Creating the GitHub Actions Workflow

To begin, navigate to your GitHub project's root directory and create a new file named .github/workflows/kube-score-check.yaml. This file will contain the configuration for our kube-score check.

Step 2: Editing the kube-score-check.yaml file

Open the newly created kube-score-check.yaml file and let's start editing it.

name: Kube-score-check

The first line sets the name of our GitHub Actions workflow as "Kube-score-check".

on:
  push:
  pull_request:
    branches:
    - main

The above code specifies the trigger for our workflow. It will be triggered on both push and pull request events in the main branch. Adjust the branch name as per your project's configuration.

jobs:
  kube-score:
    runs-on: ubuntu-22.04
    steps:
        - name: Checkout
          uses: actions/checkout@v3
          with:
            fetch-depth: 0

In this section, we define the jConclusion:ob for our workflow. It will run on an Ubuntu 22.04 environment. The first step is to checkout the repository's code using the actions/checkout action. We set fetch-depth to 0 to ensure the full history of the repository is fetched.

 - name: Install kube-score
          run: |
              wget https://github.com/zegl/kube-score/releases/download/v1.16.1/kube-score_1.16.1_linux_amd64.tar.gz
              tar xvf ./kube-score_1.16.1_linux_amd64.tar.gz && mv kube-score /usr/local/bin

Next, we fetch and install the kube-score package within the GitHub Actions runtime environment. This step downloads the necessary kube-score binary and adds it to the /usr/local/bin directory.

        - name: Run kube-score
          run: helm template "YOUR DEPLOYMENT NAME" . | kube-score score -

After installing kube-score, we can now run the actual evaluation. Replace "YOUR DEPLOYMENT NAME" with the name of your Helm deployment (without quotes). This command uses helm template to render the Helm chart and then pipes it to kube-score score - for evaluation.

Step 3: Pushing the Workflow to GitHub

Finally, push the kube-score-check.yaml file to your GitHub repository. This will trigger the workflow whenever there is a pull request or push event on the specified branch.

Integrating kube-score into GitHub Actions provides a seamless way to evaluate the security posture of your Helm charts as part of your CI/CD pipeline. By following the steps outlined in this blog post, you can easily set up kube-score and ensure the security of your deployments.

Forem: varshith

Integrate kube-score into github actions for Helm charts