Show HN: Segspec (CLI) K8s NetworkPolicies from App Configs (Go)

1 point

4 months ago

It reads Docker Compose, Helm charts, K8s manifests, and Spring Boot configs, extracts every network dependency, and generates per-service NetworkPolicies. Tested against real production stacks:

Sentry self-hosted (70+ services): 411 dependencies, 71 policies, 11ms PostHog (25+ services): 23 dependencies, 12 policies, 128ms

Key design decisions:

Static analysis only. No agents, no cluster access, no observation period. Works offline. AI is optional. Rule-based parsers handle the core. --ai adds Ollama (local) or Gemini (cloud) for edge cases. Interactive TUI lets you review every dependency before generating YAML. Per-service output with both ingress AND egress rules.

The thesis: your configs already declare every dependency. Why are we paying for 30-60 day observation periods and runtime agents? Written in Go, MIT licensed. Would love feedback from anyone running NetworkPolicies in production.

1 comment