-
Notifications
You must be signed in to change notification settings - Fork 10
/
get_discovered_yamls.sh
executable file
·71 lines (64 loc) · 2.24 KB
/
get_discovered_yamls.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash
podname=$(kubectl get pod -n explorer -l container=knoxautopolicy -o=jsonpath='{.items[0].metadata.name}' --field-selector=status.phase==Running)
[[ $? -ne 0 ]] && echo "could not find knoxautopolicy pod" && exit 2
function trigger_policy_dump()
{
kubectl exec -n explorer $podname -- bash -c "rm *_policies*.yaml 2>/dev/null; /convert_$1_policy.sh > /dev/null"
[[ $? -ne 0 ]] && echo "getting $1 policies failed" && exit 1
}
function network_policy()
{
# kubectl exec -n explorer $podname -- bash -c "rm cilium_policies*.yaml 2>/dev/null" 2>/dev/null
trigger_policy_dump net
filelist=`kubectl exec -n explorer $podname -- ls -1 | grep "cilium_policies.*\.yaml"`
[[ "$filelist" == "" ]] && echo "No network policies discovered" && return
for f in `echo $filelist`; do
f=$(echo $f | tr -d '\r')
typ=${f/_*/}
ns=${f/*_policies_/}
ns=${ns/.yaml/}
kubectl cp explorer/$podname:$f $f
cnt=`grep "kind:" $f | wc -l`
echo "Got $cnt $typ policies in file $f"
done
}
function system_policy()
{
# kubectl exec -n explorer $podname -- bash -c "rm kubearmor_policies*.yaml 2>/dev/null" 2>/dev/null
trigger_policy_dump sys
[[ "$FILTER" == "" ]] && FILTER="kubearmor_policies.*\.yaml"
filelist=`kubectl exec -n explorer $podname -- ls -1 | grep "$FILTER"`
[[ "$filelist" == "" ]] && echo "No system policies discovered" && return 1
for f in `echo $filelist`; do
f=$(echo $f | tr -d '\r')
typ=${f/_*/}
kubectl cp explorer/$podname:$f $f
cnt=`grep "kind:" $f | wc -l`
echo "Got $cnt $typ policies in file $f"
done
}
usage()
{
echo "$0 [options]"
echo -en "\t-f|--fetch [cilium|kubearmor] ... default [cilium|kubearmor]\n"
echo -en "\t--filter [kubearmor_policies_default_*.yaml] ... default []\n"
exit
}
parse_cmdargs()
{
FETCH="cilium|kubearmor"
OPTS=`getopt -o hf: --long filter:,fetch:,help -n 'parse-options' -- "$@"`
eval set -- "$OPTS"
while true; do
case "$1" in
-f | --fetch ) FETCH="$2"; shift 2;;
--filter ) FILTER="$2"; echo "USING $FILTER"; shift 2;;
-h | --help ) usage; shift 2;;
-- ) shift; break ;;
* ) break ;;
esac
done
}
parse_cmdargs $*
[[ "$FETCH" =~ .*cilium.* ]] && network_policy
[[ "$FETCH" =~ .*kubearmor.* ]] && system_policy