Last active
April 4, 2024 19:54
-
-
Save sanchezl/887e27986bd0c373cea1100bc87855be to your computer and use it in GitHub Desktop.
OpenShift Deprecated API Queries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This jq filter takes as input a List of APIRequestCounts and outputs | |
| # json objects with the following properties: | |
| # - namespace: the namespace of the request | |
| # - api: the api that the request invoked | |
| # - requestCount: how many request were made in the current hour | |
| # WARNING: There is no actual namespace information in the APIRequestCount. | |
| # The namespace outputted by this filter is derived from the username | |
| # that ServiceAccounts present as in the requests, which are of the | |
| # form: system:serviceaccount:<namespace>:<sa-name>. | |
| # This tool will not report any non-service account usage. | |
| # Example invocation: | |
| # | |
| # oc get apirequestcounts -o json | |
| # | jq -c -f by-namespace.jq --arg removedInRelease '1.22' | |
| # | |
| # Use other tools to make the output even prettier: | |
| # oc get apirequestcounts -o json | |
| # | jq -c -f by-namespace.jq --arg removedInRelease '1.22' | |
| # | jq -r '[to_entries[]|.value]|@tsv'|column -t -NNAMESPACE,API,REQUESTS | |
| .items[] | |
| # First filter by removedInRelease value. | |
| # Invoke jq with `--arg removedInRelease re`, where `re` is | |
| # a regular expression to match removedInRelease against. | |
| | select(.status.removedInRelease//""|test($removedInRelease)) | |
| # Keep a reference to the metadata so we can reference it later. | |
| | .metadata as $meta | |
| # We're only going to look at current hour. | |
| | .status.currentHour | |
| # Gather an array all "byUser" entries in the currentHour, ignoring | |
| # the "byNode" structure. | |
| | [ | |
| .. # eveything under .currentHour: | |
| | objects # that is an object, | |
| | .byUser[]? # and has a byUser key, return the users | |
| # Include only users that appear to be system accounts. | |
| | select(.username | startswith("system:serviceaccount:")) | |
| # Exclude system accounts in openshift-* namespaces | |
| # (comment out the following line to show all namespaces) | |
| | select(.username|split(":")[2]|startswith("openshift-")|not) | |
| ] | |
| # Group by the namespace (extracted from SystemAccount username) | |
| | group_by(.username|split(":")[2])[] | |
| # Output namespace, deprecated api used, and request count | |
| | { namespace: .[0].username|split(":")[2], api:$meta.name, requestCount:[.[]|.requestCount]|add } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # defaults to removedInRelease=1.22 specifiy alternative regex | |
| # ss first # parameter to this script if needed, for example: | |
| # | |
| # by-namespace.sh '.*' | |
| oc get apirequestcounts.apiserver.openshift.io -o json \ | |
| | jq -f by-namespace.jq -c --arg removedInRelease "${1-1.22}" \ | |
| | jq -c -r '[to_entries[]|.value]|@tsv' \ | |
| | sort \ | |
| | column -t -NNAMESPACE,API,REQUESTS | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment