-
Notifications
You must be signed in to change notification settings - Fork 1
/
ott2policies.sh
43 lines (43 loc) · 1.04 KB
/
ott2policies.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/bash
#
# script to convert otterize output to k8s network policies
context=$(kubectl config current-context)
[ -f /tmp/${context}.map ] || (otterize network-mapper list > /tmp/${context}.map)
while read line
do
# beginning of a section
found=$(echo "$line" | grep 'calls:$')
if [[ $? -eq 0 ]]
then
source=$(echo $line | awk '{print $1}')
source_namespace=$(echo $line | awk '{print $4}')
continue
else
# the service that is called
dest=$(echo $line | awk '{print $2}')
dest_namespace=$(echo $line | awk '{print $5}')
fi
echo "---"
echo "#$source ($source_namespace) --> $dest ($dest_namespace)"
cat << EOF
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: ${dest}-ingress
namespace: $dest_namespace
spec:
podSelector:
matchLabels:
name: ${dest}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ${source_namespace}
- podSelector:
matchLabels:
name: $source
EOF
done < /tmp/${context}.map