Move files from samos123/pspmigrator into here

2022-06-24 10:13:51 -07:00
parent 5134cadbb8
commit 2a0d58fcb5
20 changed files with 2131 additions and 11 deletions
--- a/cmd/utils.go
+++ b/cmd/utils.go
@ -0,0 +1,54 @@
+package cmd
+
+import (
+	"context"
+
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/fields"
+	psaApi "k8s.io/pod-security-admission/api"
+)
+
+func IgnoreNamespaceSelector(field string) string {
+	ignoredNamespaces := []string{"kube-system", "kube-public", "kube-node-lease"}
+	selectors := make([]fields.Selector, 0)
+	for _, n := range ignoredNamespaces {
+		selectors = append(selectors, fields.OneTermNotEqualSelector(field, n))
+	}
+	return fields.AndSelectors(selectors...).String()
+}
+
+func GetPods() *v1.PodList {
+	listOptions := metav1.ListOptions{FieldSelector: IgnoreNamespaceSelector("metadata.namespace")}
+	pods, err := clientset.CoreV1().Pods("").List(context.TODO(), listOptions)
+	if err != nil {
+		panic(err.Error())
+	}
+	return pods
+}
+
+func GetPodsByNamespace(namespace string) *v1.PodList {
+	listOptions := metav1.ListOptions{}
+	pods, err := clientset.CoreV1().Pods(namespace).List(context.TODO(), listOptions)
+	if err != nil {
+		panic(err.Error())
+	}
+	return pods
+}
+
+func GetNamespaces() *v1.NamespaceList {
+	listOptions := metav1.ListOptions{FieldSelector: IgnoreNamespaceSelector("metadata.name")}
+	namespaces, err := clientset.CoreV1().Namespaces().List(context.TODO(), listOptions)
+	if err != nil {
+		panic(err.Error())
+	}
+	return namespaces
+}
+
+func ApplyPSSLevel(namespace *v1.Namespace, level psaApi.Level, control string) {
+	namespace.Labels["pod-security.kubernetes.io/"+control] = string(level)
+	namespace, err := clientset.CoreV1().Namespaces().Update(context.TODO(), namespace, metav1.UpdateOptions{})
+	if err != nil {
+		panic(err.Error())
+	}
+}