marko/pspmigrator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add dry-run mode and other minor nits

Browse Source
This commit is contained in:
Sam Stoelinga
2022-07-21 13:56:03 -07:00
parent c59890e05b
commit 59e58c140c
1 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/migrate.go
View File

@@ -5,14 +5,20 @@ import (
"log" "log"
"os" "os"
"github.com/kubernetes-sigs/pspmigrator"
"github.com/manifoldco/promptui" "github.com/manifoldco/promptui"
"github.com/olekukonko/tablewriter" "github.com/olekukonko/tablewriter"
"github.com/kubernetes-sigs/pspmigrator"
"github.com/spf13/cobra" "github.com/spf13/cobra"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
psaApi "k8s.io/pod-security-admission/api" psaApi "k8s.io/pod-security-admission/api"
) )
var DryRun bool
func init() {
MigrateCmd.Flags().BoolVarP(&DryRun, "dry-run", "d", true, "Set dry run to true to not apply any changes")
}
var MigrateCmd = &cobra.Command{ var MigrateCmd = &cobra.Command{
Use: "migrate", Use: "migrate",
Short: "Interactive command to migrate from PSP to PSA ", Short: "Interactive command to migrate from PSP to PSA ",
@@ -26,7 +32,7 @@ var MigrateCmd = &cobra.Command{
for _, pod := range pods.Items { for _, pod := range pods.Items {
mutated, _, err := pspmigrator.IsPodBeingMutatedByPSP(&pod, clientset) mutated, _, err := pspmigrator.IsPodBeingMutatedByPSP(&pod, clientset)
if err != nil { if err != nil {
log.Println(err) log.Fatalln(err)
} }
if mutated { if mutated {
mutatedPods = append(mutatedPods, pod) mutatedPods = append(mutatedPods, pod)
@@ -34,8 +40,9 @@ var MigrateCmd = &cobra.Command{
} }
if len(mutatedPods) > 0 { if len(mutatedPods) > 0 {
fmt.Println("The table below shows the pods that were mutated by a PSP object") fmt.Println("The table below shows the pods that were mutated by a PSP object")
// TODO: Group pods by controller to remove duplicate pods
table := tablewriter.NewWriter(os.Stdout) table := tablewriter.NewWriter(os.Stdout)
table.SetHeader([]string{"Name", "Namespace", "PSP"}) table.SetHeader([]string{"Pod Name", "Namespace", "PSP"})
for _, pod := range mutatedPods { for _, pod := range mutatedPods {
if pspName, ok := pod.ObjectMeta.Annotations["kubernetes.io/psp"]; ok { if pspName, ok := pod.ObjectMeta.Annotations["kubernetes.io/psp"]; ok {
table.Append([]string{pod.Name, pod.Namespace, pspName}) table.Append([]string{pod.Name, pod.Namespace, pspName})
@@ -73,6 +80,10 @@ var MigrateCmd = &cobra.Command{
suggested = psaApi.LevelPrivileged suggested = psaApi.LevelPrivileged
} }
fmt.Printf("Suggest using %v in namespace %v\n", suggested, namespace.Name) fmt.Printf("Suggest using %v in namespace %v\n", suggested, namespace.Name)
if DryRun == true {
fmt.Printf("In dry-run mode so not applying any changes. You can run this ")
fmt.Printf("command again with --dry-run=false to apply %v on namespace %v\n", suggested, namespace.Name)
} else {
skipStr := "skip, continue with next namespace" skipStr := "skip, continue with next namespace"
prompt := promptui.Select{ prompt := promptui.Select{
Label: fmt.Sprintf("Select control mode for %v on namespace %v", suggested, namespace.Name), Label: fmt.Sprintf("Select control mode for %v on namespace %v", suggested, namespace.Name),
@@ -89,6 +100,7 @@ var MigrateCmd = &cobra.Command{
fmt.Printf("Applied pod security level %v on namespace %v in %v control mode\n", suggested, namespace.Name, control) fmt.Printf("Applied pod security level %v on namespace %v in %v control mode\n", suggested, namespace.Name, control)
fmt.Printf("Review the labels by running `kubectl get ns %v -o yaml`\n", namespace.Name) fmt.Printf("Review the labels by running `kubectl get ns %v -o yaml`\n", namespace.Name)
} }
}
fmt.Println("Done with migrating namespaces with pods to PSA") fmt.Println("Done with migrating namespaces with pods to PSA")
}, },