Skip to content

Instantly share code, notes, and snippets.

@pen-pal

pen-pal/multiple_host.sh

Created January 23, 2024 12:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pen-pal/eb3fd6f493d3178216d3b139db0d8ffb to your computer and use it in GitHub Desktop.
Save pen-pal/eb3fd6f493d3178216d3b139db0d8ffb to your computer and use it in GitHub Desktop.
Download ZIP
kong_multiple_host.sh
Raw
multiple_host.sh
#!/bin/bash
# Get all namespaces
namespaces=$(kubectl get namespaces -o jsonpath='{.items[*].metadata.name}')
# Variables to store counts
k8s_secret_count=0
k8s_host_count=0
k8s_service_count=0
k8s_ingress_count=0
kong_route_count=0
kong_service_count=0
kong_sni_count=0
kong_certificate_count=0
kong_failed_route_count=0
kong_failed_service_count=0
kong_failed_certificate_count=0
kong_failed_sni_count=0
# Function to log errors
log_error() {
local resource_type=$1
local resource_name=$2
local error_message=$3
echo " Failed to create $resource_type for $resource_name: $error_message"
}
# Iterate through namespaces
for namespace in $namespaces; do
echo "Processing namespace: $namespace"
# Increment the Kubernetes ingress count for each namespace
((k8s_ingress_count += $(kubectl get ingress -n $namespace | tail -n +2 | wc -l)))
# Get all ingresses in the namespace
ingresses=$(kubectl get ingress -n $namespace -o jsonpath='{.items[*].metadata.name}')
# Increment the Kubernetes secret count for each namespace
((k8s_secret_count += $(kubectl get secret -n $namespace | tail -n +2 | wc -l)))
# Increment the Kubernetes service count for each namespace
((k8s_service_count += $(kubectl get services -n $namespace | tail -n +2 | wc -l)))
# Iterate through ingresses
for ingress in $ingresses; do
echo " Processing ingress: $ingress"
# Increment the Kubernetes host count for each ingress
((k8s_host_count += $(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.rules[*].host}' | wc -w)))
host=$(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.tls[*].hosts[*]}')
secret_name=$(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.tls[*].secretName}')
IFS=' ' read -ra hosts_array <<< "$host"
IFS=' ' read -ra secret_names_array <<< "$secret_name"
# Ensure both arrays have the same length
if [ ${#hosts_array[@]} -ne ${#secret_names_array[@]} ]; then
echo "Error: Mismatch in the number of hosts and secret names."
exit 1
fi
for ((i=0; i<${#hosts_array[@]}; i++)); do
host="${hosts_array[i]}"
secret_name="${secret_names_array[i]}"
echo "Processing Host: $host"
echo "Processing Secret: $secretName"
service_info=$(kubectl get ingress "$ingress" -n "$namespace" -o json | jq -r --arg host "$host" '
.spec.rules[] | select(.host == $host) | .http.paths[0].backend.service
')
service_name=$(echo "$service_info" | jq -r .name)
# Check if the port is specified as a number or a name
port_number=$(echo "$service_info" | jq -r '.port.number')
port_name=$(echo "$service_info" | jq -r '.port.name')
if [[ -n "$port_number" ]]; then
# Port specified as a number
service_port="$port_number"
elif [[ -n "$port_name" ]]; then
# Port specified as a name
service_port=$(kubectl get service "$service_name" -n "$namespace" -o json | jq -r --arg port_name "$port_name" '
.spec.ports[] | select(.name == $port_name) | .port
')
echo "service_port: $service_port"
else
echo "Error: Unable to determine service port."
exit 1
fi
#Dump tls.key and tls.crt from the secret
tls_key=$(kubectl get secret $secret_name -n $namespace -o jsonpath='{.data.tls\.key}' | base64 -d)
tls_crt=$(kubectl get secret $secret_name -n $namespace -o jsonpath='{.data.tls\.crt}' | base64 -d)
echo "Secret Name: $secret_name"
echo "Service Host: $host"
echo "Service Name: $service_name"
echo "Service Port: $service_port"
echo "---"
# Check if the host contains multiple segments
if [[ "$host" == *" "* ]]; then
gateway_service_name=$(echo "$host" | cut -d'.' -f1)
# Define the Kong service name
kong_service_name="$service_name.$namespace.svc.$gateway_service_name"
kong_data_service_name="$service_name.$namespace.svc"
# Check if Kong Service already exists
existing_service=$(curl -s http://localhost:8001/services/$kong_service_name)
if [ "$(echo "$existing_service" | jq -r '.message')" == "Not found" ]; then
# Increment the Kong service count
((kong_service_count++))
# Create Kong Service
kong_service_response=$(curl -s -i -X POST http://localhost:8001/services/ --data "name=$kong_service_name" --data "host=$kong_data_service_name" --data "port=$service_port" --data "path=/")
# Extract service.id from the response
service_id=$(echo "$kong_service_response" | awk -F'[:,}]' '/"id"/{print $2}' | tr -d '"')
if [ -z "$service_id" ]; then
((kong_failed_service_count++))
log_error "Kong Service" "$kong_service_name" "Service ID extraction failed"
else
echo " Service ID: $service_id"
fi
else
echo " Service already exists. Retrieving Service ID..."
service_id=$(echo "$existing_service" | jq -r '.id')
fi
# Check if Kong Route already exists
existing_route=$(curl -s http://localhost:8001/routes/$kong_service_name)
if [ "$(echo "$existing_route" | jq -r '.message')" == "Not found" ]; then
# Increment the Kong route count
((kong_route_count++))
# Create Kong Route
curl_response=$(curl -i -X POST http://localhost:8001/routes --data "name=$kong_service_name" --data "hosts=$host" --data "paths[]=/" --data "paths[]=/.well-known/acme-challenge" --data "service.id=$service_id" 2>&1)
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then
echo " Route created for Host: $host"
else
((kong_failed_route_count++))
log_error "Kong Route" "$host" "$curl_response"
fi
else
echo " Route already exists. Skipping..."
fi
# Check if Kong Certificate already exists
existing_certificate=$(curl -s http://localhost:8001/certificates/$host)
if [ "$(echo "$existing_certificate" | jq -r '.message')" == "SNI not found" ]; then
# Increment the Kong certificate count
((kong_certificate_count++))
# Create Kong Certificate
curl_response=$(curl -i -m 60 -X POST http://localhost:8001/certificates -F "cert=$tls_crt" -F "key=$tls_key" -F "snis[]=$host" 2>&1)
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then
echo " Certificate created for SNI: $host"
else
((kong_failed_certificate_count++))
log_error "Kong Certificate" "$host" "$curl_response"
fi
else
echo " Certificate already exists. Skipping..."
fi
# Check if Kong SNI already exists
existing_sni=$(curl -s http://localhost:8001/snis/$host)
if [ "$(echo "$existing_sni" | jq -r '.message')" == "Not found" ]; then
# Increment the Kong SNI count
((kong_sni_count++))
# Create Kong SNI
certificate_id=$(echo "$existing_certificate" | jq -r '.data[0].id')
curl_response=$(curl -i -X POST http://localhost:8001/snis --data "name=$host" --data "certificate=$existing_certificate" 2>&1)
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then
echo " SNI created for Host: $host"
else
((kong_failed_sni_count++))
log_error "Kong SNI" "$host" "$curl_response"
fi
else
echo " SNI already exists. Skipping..."
fi
echo " Service ID: $service_id"
echo " Route Host: $host"
echo " Certificate Created for SNI: $host"
echo "---"
fi
done
done
done
# Display final counts
echo "Total Ingresses (Kubernetes): $k8s_ingress_count"
echo "Total Secrets (Kubernetes): $k8s_secret_count"
echo "Total Hosts (Kubernetes): $k8s_host_count"
echo "Total Services (Kubernetes): $k8s_service_count"
echo "Total Routes Created in Kong: $kong_route_count"
echo "Total Services Created in Kong: $kong_service_count"
echo "Total Certificates Created in Kong: $kong_certificate_count"
echo "Total SNIs Created in Kong: $kong_sni_count"
echo "Failed Routes in Kong: $kong_failed_route_count"
echo "Failed Services in Kong: $kong_failed_service_count"
echo "Failed Certificates in Kong: $kong_failed_certificate_count"
echo "Failed SNIs in Kong: $kong_failed_sni_count"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment