Skip to main content
The CI/CD integration connects Kestrel to your GitHub and GitLab repositories, enabling two powerful workflows:
  1. GitOps: Deploy Kubernetes YAML changes generated by the AI copilot directly to your repositories via pull requests or merge requests
  2. IaC Remediation: When Kestrel detects a cloud misconfiguration, it generates a Terraform fix and opens a PR/MR targeting the exact file in your repository

Prerequisites

  • Organization Admin role in Kestrel
  • GitHub organization admin or GitLab account access

GitHub Integration

Connecting GitHub

  1. Navigate to Integrations → CI/CD in your Kestrel dashboard
  2. Click Connect GitHub
  3. A new tab opens with the Kestrel GitHub App installation page
  4. Select your GitHub organization
  5. Choose which repositories to grant access to (all or selected)
  6. Click Install & Authorize
Once connected, you’ll see your organization name and connection status on the CI/CD page.

Managing Repositories

Repository access is managed through your GitHub App installation settings. To add or remove repositories:
  1. Go to your GitHub organization settings
  2. Navigate to Installed GitHub Apps → Kestrel AI
  3. Update the repository selection
Click the GitHub card in Kestrel to expand and view all connected repositories.

Configuring IaC Repositories

To enable IaC remediation on a repository:
  1. Expand the GitHub card to view your repositories
  2. Click Configure IaC on the repository
  3. Select the IaC type:
    • Terraform
    • CloudFormation
    • Pulumi
  4. Set the root path (e.g., / or /terraform)
  5. Optionally link a cloud account (AWS or OCI) - this helps Kestrel match cloud resources to the correct repository
  6. Click Enable IaC
Once enabled, when Kestrel detects a cloud misconfiguration, it can automatically generate a fix targeting this repository and open a pull request.

GitLab Integration

Connecting GitLab

  1. Navigate to Integrations → CI/CD in your Kestrel dashboard
  2. Click Connect GitLab
  3. A new tab opens with the GitLab OAuth authorization page
  4. Authorize Kestrel to access your GitLab account
  5. Once authorized, you’re redirected back to the Kestrel dashboard

Syncing Projects

After connecting, sync your GitLab projects:
  1. Click the GitLab card to expand it
  2. Click Add Projects
  3. Select the GitLab projects you want to manage
  4. Click Sync Projects
Synced projects appear in the repository list and are available for GitOps and IaC workflows.

Configuring IaC Repositories

The IaC configuration for GitLab follows the same steps as GitHub:
  1. Click Configure IaC on a synced GitLab project
  2. Select the IaC type (Terraform, CloudFormation, or Pulumi)
  3. Set the root path
  4. Optionally link a cloud account
  5. Click Enable IaC

Disconnecting GitLab

  1. Click the GitLab card to expand it
  2. Click Disconnect
  3. Confirm the disconnection
Disconnecting GitLab removes all synced repositories and their IaC configurations. This action cannot be undone.

Using GitOps Workflows

Once repositories are connected, you can deploy changes from two places in Kestrel:

From the AI Copilot Chat

When the AI copilot generates a Kubernetes YAML change (e.g., scaling a deployment, updating resource limits, adding a network policy):
  1. Click Deploy to CI/CD on the generated change
  2. Select a GitHub or GitLab repository
  3. Browse the directory structure with the interactive file browser
  4. Select an existing file or create a new one
  5. Kestrel opens a pull request (GitHub) or merge request (GitLab) with the change

From Incident Detail Pages

When Kestrel detects an incident and generates a fix:
  1. Navigate to the incident detail page
  2. Click Create Pull Request (or Deploy to CI/CD)
  3. Select the target repository and file
  4. Review and submit
After the PR/MR is created, the change shows a PR Created badge that links directly to it.

IaC Remediation Workflow

For cloud incidents with connected IaC repositories:
  1. Kestrel detects a cloud misconfiguration (e.g., S3 bucket with public access)
  2. Kestrel identifies the Terraform file managing that resource by matching the resource identifier across all connected repositories
  3. Kestrel generates a Terraform fix
  4. Click Create Pull Request to open a PR/MR with the remediation
  5. The PR includes the full diff, a description of the fix, and a link back to the incident

Next Steps