Created
January 23, 2024 12:46
-
-
Save pen-pal/eb3fd6f493d3178216d3b139db0d8ffb to your computer and use it in GitHub Desktop.
kong_multiple_host.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Get all namespaces | |
namespaces=$(kubectl get namespaces -o jsonpath='{.items[*].metadata.name}') | |
# Variables to store counts | |
k8s_secret_count=0 | |
k8s_host_count=0 | |
k8s_service_count=0 | |
k8s_ingress_count=0 | |
kong_route_count=0 | |
kong_service_count=0 | |
kong_sni_count=0 | |
kong_certificate_count=0 | |
kong_failed_route_count=0 | |
kong_failed_service_count=0 | |
kong_failed_certificate_count=0 | |
kong_failed_sni_count=0 | |
# Function to log errors | |
log_error() { | |
local resource_type=$1 | |
local resource_name=$2 | |
local error_message=$3 | |
echo " Failed to create $resource_type for $resource_name: $error_message" | |
} | |
# Iterate through namespaces | |
for namespace in $namespaces; do | |
echo "Processing namespace: $namespace" | |
# Increment the Kubernetes ingress count for each namespace | |
((k8s_ingress_count += $(kubectl get ingress -n $namespace | tail -n +2 | wc -l))) | |
# Get all ingresses in the namespace | |
ingresses=$(kubectl get ingress -n $namespace -o jsonpath='{.items[*].metadata.name}') | |
# Increment the Kubernetes secret count for each namespace | |
((k8s_secret_count += $(kubectl get secret -n $namespace | tail -n +2 | wc -l))) | |
# Increment the Kubernetes service count for each namespace | |
((k8s_service_count += $(kubectl get services -n $namespace | tail -n +2 | wc -l))) | |
# Iterate through ingresses | |
for ingress in $ingresses; do | |
echo " Processing ingress: $ingress" | |
# Increment the Kubernetes host count for each ingress | |
((k8s_host_count += $(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.rules[*].host}' | wc -w))) | |
host=$(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.tls[*].hosts[*]}') | |
secret_name=$(kubectl get ingress $ingress -n $namespace -o jsonpath='{.spec.tls[*].secretName}') | |
IFS=' ' read -ra hosts_array <<< "$host" | |
IFS=' ' read -ra secret_names_array <<< "$secret_name" | |
# Ensure both arrays have the same length | |
if [ ${#hosts_array[@]} -ne ${#secret_names_array[@]} ]; then | |
echo "Error: Mismatch in the number of hosts and secret names." | |
exit 1 | |
fi | |
for ((i=0; i<${#hosts_array[@]}; i++)); do | |
host="${hosts_array[i]}" | |
secret_name="${secret_names_array[i]}" | |
echo "Processing Host: $host" | |
echo "Processing Secret: $secretName" | |
service_info=$(kubectl get ingress "$ingress" -n "$namespace" -o json | jq -r --arg host "$host" ' | |
.spec.rules[] | select(.host == $host) | .http.paths[0].backend.service | |
') | |
service_name=$(echo "$service_info" | jq -r .name) | |
# Check if the port is specified as a number or a name | |
port_number=$(echo "$service_info" | jq -r '.port.number') | |
port_name=$(echo "$service_info" | jq -r '.port.name') | |
if [[ -n "$port_number" ]]; then | |
# Port specified as a number | |
service_port="$port_number" | |
elif [[ -n "$port_name" ]]; then | |
# Port specified as a name | |
service_port=$(kubectl get service "$service_name" -n "$namespace" -o json | jq -r --arg port_name "$port_name" ' | |
.spec.ports[] | select(.name == $port_name) | .port | |
') | |
echo "service_port: $service_port" | |
else | |
echo "Error: Unable to determine service port." | |
exit 1 | |
fi | |
#Dump tls.key and tls.crt from the secret | |
tls_key=$(kubectl get secret $secret_name -n $namespace -o jsonpath='{.data.tls\.key}' | base64 -d) | |
tls_crt=$(kubectl get secret $secret_name -n $namespace -o jsonpath='{.data.tls\.crt}' | base64 -d) | |
echo "Secret Name: $secret_name" | |
echo "Service Host: $host" | |
echo "Service Name: $service_name" | |
echo "Service Port: $service_port" | |
echo "---" | |
# Check if the host contains multiple segments | |
if [[ "$host" == *" "* ]]; then | |
gateway_service_name=$(echo "$host" | cut -d'.' -f1) | |
# Define the Kong service name | |
kong_service_name="$service_name.$namespace.svc.$gateway_service_name" | |
kong_data_service_name="$service_name.$namespace.svc" | |
# Check if Kong Service already exists | |
existing_service=$(curl -s http://localhost:8001/services/$kong_service_name) | |
if [ "$(echo "$existing_service" | jq -r '.message')" == "Not found" ]; then | |
# Increment the Kong service count | |
((kong_service_count++)) | |
# Create Kong Service | |
kong_service_response=$(curl -s -i -X POST http://localhost:8001/services/ --data "name=$kong_service_name" --data "host=$kong_data_service_name" --data "port=$service_port" --data "path=/") | |
# Extract service.id from the response | |
service_id=$(echo "$kong_service_response" | awk -F'[:,}]' '/"id"/{print $2}' | tr -d '"') | |
if [ -z "$service_id" ]; then | |
((kong_failed_service_count++)) | |
log_error "Kong Service" "$kong_service_name" "Service ID extraction failed" | |
else | |
echo " Service ID: $service_id" | |
fi | |
else | |
echo " Service already exists. Retrieving Service ID..." | |
service_id=$(echo "$existing_service" | jq -r '.id') | |
fi | |
# Check if Kong Route already exists | |
existing_route=$(curl -s http://localhost:8001/routes/$kong_service_name) | |
if [ "$(echo "$existing_route" | jq -r '.message')" == "Not found" ]; then | |
# Increment the Kong route count | |
((kong_route_count++)) | |
# Create Kong Route | |
curl_response=$(curl -i -X POST http://localhost:8001/routes --data "name=$kong_service_name" --data "hosts=$host" --data "paths[]=/" --data "paths[]=/.well-known/acme-challenge" --data "service.id=$service_id" 2>&1) | |
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then | |
echo " Route created for Host: $host" | |
else | |
((kong_failed_route_count++)) | |
log_error "Kong Route" "$host" "$curl_response" | |
fi | |
else | |
echo " Route already exists. Skipping..." | |
fi | |
# Check if Kong Certificate already exists | |
existing_certificate=$(curl -s http://localhost:8001/certificates/$host) | |
if [ "$(echo "$existing_certificate" | jq -r '.message')" == "SNI not found" ]; then | |
# Increment the Kong certificate count | |
((kong_certificate_count++)) | |
# Create Kong Certificate | |
curl_response=$(curl -i -m 60 -X POST http://localhost:8001/certificates -F "cert=$tls_crt" -F "key=$tls_key" -F "snis[]=$host" 2>&1) | |
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then | |
echo " Certificate created for SNI: $host" | |
else | |
((kong_failed_certificate_count++)) | |
log_error "Kong Certificate" "$host" "$curl_response" | |
fi | |
else | |
echo " Certificate already exists. Skipping..." | |
fi | |
# Check if Kong SNI already exists | |
existing_sni=$(curl -s http://localhost:8001/snis/$host) | |
if [ "$(echo "$existing_sni" | jq -r '.message')" == "Not found" ]; then | |
# Increment the Kong SNI count | |
((kong_sni_count++)) | |
# Create Kong SNI | |
certificate_id=$(echo "$existing_certificate" | jq -r '.data[0].id') | |
curl_response=$(curl -i -X POST http://localhost:8001/snis --data "name=$host" --data "certificate=$existing_certificate" 2>&1) | |
if [[ "$curl_response" == *"HTTP/1.1 201 Created"* ]]; then | |
echo " SNI created for Host: $host" | |
else | |
((kong_failed_sni_count++)) | |
log_error "Kong SNI" "$host" "$curl_response" | |
fi | |
else | |
echo " SNI already exists. Skipping..." | |
fi | |
echo " Service ID: $service_id" | |
echo " Route Host: $host" | |
echo " Certificate Created for SNI: $host" | |
echo "---" | |
fi | |
done | |
done | |
done | |
# Display final counts | |
echo "Total Ingresses (Kubernetes): $k8s_ingress_count" | |
echo "Total Secrets (Kubernetes): $k8s_secret_count" | |
echo "Total Hosts (Kubernetes): $k8s_host_count" | |
echo "Total Services (Kubernetes): $k8s_service_count" | |
echo "Total Routes Created in Kong: $kong_route_count" | |
echo "Total Services Created in Kong: $kong_service_count" | |
echo "Total Certificates Created in Kong: $kong_certificate_count" | |
echo "Total SNIs Created in Kong: $kong_sni_count" | |
echo "Failed Routes in Kong: $kong_failed_route_count" | |
echo "Failed Services in Kong: $kong_failed_service_count" | |
echo "Failed Certificates in Kong: $kong_failed_certificate_count" | |
echo "Failed SNIs in Kong: $kong_failed_sni_count" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment