Skip to content

Instantly share code, notes, and snippets.

@pen-pal

pen-pal/single_host.sh

Created January 23, 2024 12:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pen-pal/50a82458eff33a50e2817fc32344d7ac to your computer and use it in GitHub Desktop.
Save pen-pal/50a82458eff33a50e2817fc32344d7ac to your computer and use it in GitHub Desktop.
Download ZIP
kong_single_host.sh
Raw
single_host.sh
#!/bin/bash
# Get all namespaces
namespaces=$(kubectl get namespaces -o jsonpath='{.items[*].metadata.name}')
# Variables to store counts
k8s_secret_count=0
k8s_host_count=0
k8s_service_count=0
k8s_ingress_count=0
kong_route_count=0
kong_service_count=0
kong_sni_count=0
kong_certificate_count=0
kong_failed_route_count=0
kong_failed_service_count=0
kong_failed_certificate_count=0
kong_failed_sni_count=0
# Function to log errors
log_error() {
local resource_type=$1
local resource_name=$2
local error_message=$3
echo " Failed to create $resource_type for $resource_name: $error_message"
}
# Iterate through namespaces
for namespace in $namespaces; do
echo "Processing namespace: $namespace"
# Increment the Kubernetes ingress count for each namespace
((k8s_ingress_count += $(kubectl get ingress -n $namespace | tail -n +2 | wc -l)))
# Get all ingresses in the namespace
ingresses=$(kubectl get ingress -n $namespace -o jsonpath='{.items[*].metadata.name}')
# Increment the Kubernetes secret count for each namespace
((k8s_secret_count += $(kubectl get secret -n $namespace | tail -n +2 | wc -l)))
# Increment the Kubernetes service count for each namespace
((k8s_service_count += $(kubectl get services -n $namespace | tail -n +2 | wc -l)))
# Iterate through ingresses
for ingress in $ingresses; do
echo " Processing ingress: $ingress"
# Increment the Kubernetes host count for each ingress
((k8s_host_count += $(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.rules[*].host}' | wc -w)))
host=$(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.tls[*].hosts[*]}')
secret_name=$(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.tls[*].secretName}')
IFS=' ' read -ra hosts_array <<< "$host"
IFS=' ' read -ra secret_names_array <<< "$secret_name"
# Ensure both arrays have the same length
if [ ${#hosts_array[@]} -ne ${#secret_names_array[@]} ]; then
echo "Error: Mismatch in the number of hosts and secret names."
exit 1
fi
for ((i=0; i<${#host[@]}; i++)); do
host="${host[i]}"
secretName="${secretNames[i]}"
echo "Processing Host: $host"
echo "Processing Secret: $secretName"
service_name=$(kubectl get ingress "$ingress" -n "$namespace" -o jsonpath="{.spec.rules[?(@.host=='$host')].http.paths[0].backend.service.name}")
service_port=$(kubectl get service "$service_name" -n "$namespace" -o jsonpath="{.spec.ports[?(@.name=='http')].port}")
if [[ "$service_port" =~ ^[0-9]+$ ]]; then
echo "Service Port (integer): $service_port"
else
port_name=$(kubectl get service "$service_name" -n "$namespace" -o jsonpath="{.spec.ports[?(@.name=='$service_port')].port}")
if [[ "$port_name" =~ ^[0-9]+$ ]]; then
echo "Service Port (string, resolved to integer): $port_name"
else
echo "Service Port (string, unresolved): $service_port"
fi
fi
# Dump tls.key and tls.crt from the secret
#
tls_key=$(kubectl get secret $secret_name -n $namespace -o jsonpath='{.data.tls\.key}' | base64 -d)
tls_crt=$(kubectl get secret $secret_name -n $namespace -o jsonpath='{.data.tls\.crt}' | base64 -d)
echo "Secret Name: $secret_name"
echo "Service Host: $host"
echo "Service Name: $service_name"
echo "Service Port: $service_port"
echo "---"
# Check if the host contains multiple segments
if [[ "$host" == *.* ]]; then
gateway_service_name=$(echo "$host" | cut -d'.' -f1)
# Define the Kong service name
kong_service_name="$service_name.$namespace.svc.$gateway_service_name"
kong_data_service_name="$service_name.$namespace.svc"
# Check if Kong Service already exists
existing_service=$(curl -s http://localhost:8001/services/$kong_service_name)
if [ "$(echo "$existing_service" | jq -r '.message')" == "Not found" ]; then
# Increment the Kong service count
((kong_service_count++))
# Create Kong Service
kong_service_response=$(curl -s -i -X POST http://localhost:8001/services/ --data "name=$kong_service_name" --data "host=$kong_data_service_name" --data "port=$service_port" --data "path=/")
# Extract service.id from the response
service_id=$(echo "$kong_service_response" | awk -F'[:,}]' '/"id"/{print $2}' | tr -d '"')
if [ -z "$service_id" ]; then
((kong_failed_service_count++))
log_error "Kong Service" "$kong_service_name" "Service ID extraction failed"
else
echo " Service ID: $service_id"
fi
else
echo " Service already exists. Retrieving Service ID..."
service_id=$(echo "$existing_service" | jq -r '.id')
fi
# Check if Kong Route already exists
existing_route=$(curl -s http://localhost:8001/routes/$kong_service_name)
if [ "$(echo "$existing_route" | jq -r '.message')" == "Not found" ]; then
# Increment the Kong route count
((kong_route_count++))
# Create Kong Route
curl_response=$(curl -i -X POST http://localhost:8001/routes --data "name=$kong_service_name" --data "hosts=$host" --data "paths[]=/" --data "paths[]=/.well-known/acme-challenge" --data "service.id=$service_id" 2>&1)
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then
echo " Route created for Host: $host"
else
((kong_failed_route_count++))
log_error "Kong Route" "$host" "$curl_response"
fi
else
echo " Route already exists. Skipping..."
fi
# Check if Kong Certificate already exists
existing_certificate=$(curl -s http://localhost:8001/certificates/$host)
if [ "$(echo "$existing_certificate" | jq -r '.message')" == "SNI not found" ]; then
# Increment the Kong certificate count
((kong_certificate_count++))
# Create Kong Certificate
curl_response=$(curl -i -m 60 -X POST http://localhost:8001/certificates -F "cert=$tls_crt" -F "key=$tls_key" -F "snis[]=$host" 2>&1)
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then
echo " Certificate created for SNI: $host"
else
((kong_failed_certificate_count++))
log_error "Kong Certificate" "$host" "$curl_response"
fi
else
echo " Certificate already exists. Skipping..."
fi
# Check if Kong SNI already exists
existing_sni=$(curl -s http://localhost:8001/snis/$host)
if [ "$(echo "$existing_sni" | jq -r '.message')" == "Not found" ]; then
# Increment the Kong SNI count
((kong_sni_count++))
# Create Kong SNI
certificate_id=$(echo "$existing_certificate" | jq -r '.data[0].id')
curl_response=$(curl -i -X POST http://localhost:8001/snis --data "name=$host" --data "certificate=$existing_certificate" 2>&1)
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then
echo " SNI created for Host: $host"
else
((kong_failed_sni_count++))
log_error "Kong SNI" "$host" "$curl_response"
fi
else
echo " SNI already exists. Skipping..."
fi
echo " Service ID: $service_id"
echo " Route Host: $host"
echo " Certificate Created for SNI: $host"
echo "---"
fi
done
done
done
# Display final counts
echo "Total Ingresses (Kubernetes): $k8s_ingress_count"
echo "Total Secrets (Kubernetes): $k8s_secret_count"
echo "Total Hosts (Kubernetes): $k8s_host_count"
echo "Total Services (Kubernetes): $k8s_service_count"
echo "Total Routes Created in Kong: $kong_route_count"
echo "Total Services Created in Kong: $kong_service_count"
echo "Total Certificates Created in Kong: $kong_certificate_count"
echo "Total SNIs Created in Kong: $kong_sni_count"
echo "Failed Routes in Kong: $kong_failed_route_count"
echo "Failed Services in Kong: $kong_failed_service_count"
echo "Failed Certificates in Kong: $kong_failed_certificate_count"
echo "Failed SNIs in Kong: $kong_failed_sni_count"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment