Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env python3
import base64
import argparse
from datetime import datetime, timedelta
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from kubernetes import client, config
config.load_kube_config()
v1 = client.CoreV1Api()
parser = argparse.ArgumentParser(description="TLS secret checker")
parser.add_argument('--delete', dest='delete',
type=bool, const=True, default=False, nargs='?')
def main():
namespaces = v1.list_namespace()
for namespace in namespaces.items:
if namespace.metadata.name.startswith("tmc-"):
check_secrets_in_namespace(namespace.metadata.name)
def check_secrets_in_namespace(namespace):
for secret in v1.list_namespaced_secret(namespace).items:
if secret.metadata.annotations is not None and \
secret.metadata.annotations.get("cert-manager.io/issuer-name") \
== "dev" \
and \
secret.metadata.annotations.get("cert-manager.io/issuer-kind") \
== "Issuer":
ca_cert = base64.b64decode(secret.data.get("ca.crt"))
cert = x509.load_pem_x509_certificate(ca_cert, default_backend())
timeleft = cert.not_valid_after - datetime.now()
threshold = timedelta(days=14)
if timeleft < threshold:
print(f"namespace: {secret.metadata.namespace}, \
secret_name: {secret.metadata.name}, \
time_left: {timeleft}")
args = parser.parse_args()
if args.delete:
print(f"deleting {secret.metadata.name} in \
{secret.metadata.namespace}")
v1.delete_namespaced_secret(secret.metadata.name,
secret.metadata.namespace)
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment