Developer Tools●●●Banger
Segspec (CLI) K8s NetworkPolicies from App Configs (Go)
Static analysis beats 30-60 day observation. Generates NetworkPolicies in seconds, not weeks.
Big BrainSolve My Problem
dormstern
113mo ago
Back to browse
GitHub Repository
Static analysis from configs → Kubernetes NetworkPolicies in seconds
15 starsGo
Generate baseline Kubernetes NetworkPolicies from rendered manifests
by dormstern·Feb 18, 2026·1 point·0 comments
AI Analysis
●●SolidNiche GemSolve My Problem
The Take
It statically parses rendered manifests and common config files (Helm, Docker Compose, Spring Boot, .env, build files) to emit per-service ingress+egress NetworkPolicies—no cluster access needed. That offline, config-driven approach is smart and practical for PR-based workflows, though it will still need runtime validation for dynamic cases (headless services, service mesh/DNS/egress quirks) before you slam policies into prod.
Category
Target Audience
Platform engineers, SREs, cluster security teams, DevOps/DevSecOps
Post Description
A lot of clusters still run “allow-all” east/west because NetworkPolicies aren’t enforced everywhere. I built a small static analyzer that reads rendered manifests (Helm/Argo CD/Kustomize output) and emits baseline NetworkPolicy YAML you can commit + diff in PRs.
Workflow:
PR changes manifests
CI regenerates policies
reviewers see “newly allowed” connections as a normal permission diff
Curious how others handle this: would you rather review generated policy diffs, or a connectivity-graph diff? Any edge cases you’ve seen bite in real clusters (headless services, shared namespaces, DNS/egress, service meshes, etc.)?
Similar Projects
Infrastructure●Mid
Open-source tool for deploying applications to K8s/OpenShift
MCP server for values.yaml generation is nice, but universal Helm charts already exist.
Ship It
nixys_nxs
306d ago
Developer Tools●Mid
Local-first Kubernetes YAML visualizer (no server, no LLM)
Local-first parsing is nice, but K8s visualizers are a crowded shelf.
SlickCozy
shadaba
1020d ago
Infrastructure●●●Banger
Clawbernetes – Replace kubectl with conversation (Rust)
Replace kubectl with natural language for GPU cluster ops. Actually replaces K8s, not wraps it.
Zero to OneBig BrainWizardry
redclaw
503mo ago
Developer Tools●●Solid
Crashloop Analyzer – paste Kubernetes logs to diagnose CrashLoopBackOff
Deterministic log parsing for K8s crashes before falling back to AI explanations.
Solve My ProblemShip It
morrislaw
112mo ago
Security●●●Banger
Kubernetes Security Profile Generator Using eBPF
Detects silently-dropped NetworkPolicy traffic by counting TCP SYN retransmissions — brilliant.
WizardryBig BrainSolve My Problem
mrayas
402mo ago