Repository is archived
No commit activity in last 3 years
No release in over 3 years
Generate Kubernetes Network Policy YAML resource definitions from .xlsx Excel spreadsheets
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.16.1
~> 2.1.0
~> 6.0.1
~> 3.7
~> 0.52.1
~> 3.5.0
~> 0.15.1

Runtime

~> 2.7.1
 Project Readme

xlsx_to_k8s_network_policy

Converts an Excel (.xlsx) spreadsheet into a Kubernetes network policy resource definition YAML file.

See https://kubernetes.io/docs/concepts/services-networking/network-policies/

See test/fixtures/network_policy.xlsx, or this Google sheet for a sample Excel file.

Sample Network Policy

First, define a Zones sheet that contains the zones and their corresponding network CIDRs. Separate multiple CIDRs using commas. For example:

Zone CIDRs
Front End 10.10.1.0/24, 10.10.2.0/24
Back End 10.11.0.0/24
Infrastructure 10.12.0.0/24

Next, define a ZoneToZone sheet that defines the zone to zone network access. For example:

Front End Back End Infrastructure
Front End Y Y N
Back End Y Y
Infrastructure Y

This defines rules that allow intra-zone traffic for all zones, and one-way traffic from the Front End zone to the Back End zone, and from the Back End zone to the Infrastructure zone.

Generated YAML

That Excel file generates the following YAML file:

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: front-end-zone
spec:
  podSelector:
    matchLabels:
      zone: front-end
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          zone: front-end
    - ipBlock: 10.10.1.0/24
    - ipBlock: 10.10.2.0/24
  egress:
  - to:
    - podSelector:
        matchLabels:
          zone: front-end
    - ipBlock: 10.10.1.0/24
    - ipBlock: 10.10.2.0/24
    - podSelector:
        matchLabels:
          zone: back-end
    - ipBlock: 10.11.0.0/24
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: back-end-zone
spec:
  podSelector:
    matchLabels:
      zone: back-end
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          zone: back-end
    - ipBlock: 10.11.0.0/24
    - podSelector:
        matchLabels:
          zone: front-end
    - ipBlock: 10.10.1.0/24
    - ipBlock: 10.10.2.0/24
  egress:
  - to:
    - podSelector:
        matchLabels:
          zone: back-end
    - ipBlock: 10.11.0.0/24
    - podSelector:
        matchLabels:
          zone: infrastructure
    - ipBlock: 10.12.0.0/24
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: infrastructure-zone
spec:
  podSelector:
    matchLabels:
      zone: infrastructure
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          zone: infrastructure
    - ipBlock: 10.12.0.0/24
    - podSelector:
        matchLabels:
          zone: back-end
    - ipBlock: 10.11.0.0/24
  egress:
  - to:
    - podSelector:
        matchLabels:
          zone: infrastructure
    - ipBlock: 10.12.0.0/24

Installation

This gem was developed using Ruby 2.5.0, but may work with earlier Ruby 2.x.

$ gem install xlsx_to_k8s_network_policy

Usage

$ xlsx_to_k8s_network_policy network_policy.xlsx network_policy.yml

Contributing to xlsx_to_k8s_network_policy

  • Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
  • Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
  • Fork the project.
  • Start a feature/bugfix branch.
  • Commit and push until you are happy with your contribution.
  • Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
  • Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.

Copyright

Copyright (c) 2018 Alistair A. Israel. See LICENSE.txt for further details.