From 549401d356b4f9a69315c0a47918e3b735ebc9b2 Mon Sep 17 00:00:00 2001 From: Jonas Forsberg Date: Mon, 28 Mar 2022 08:46:25 +0200 Subject: [PATCH] added ingress validation for private proj --- .functions/kubernetes.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.functions/kubernetes.sh b/.functions/kubernetes.sh index 72fe3f3..de6d1c4 100644 --- a/.functions/kubernetes.sh +++ b/.functions/kubernetes.sh @@ -33,3 +33,22 @@ function k(){ kubectl "$@" } [[ $(type -t __start_kubectl) == function ]] && complete -o default -F __start_kubectl k + +function validate_private_ingress(){ + local PRIVATE_PROJECT_ID="${PRIVATE_PROJECT_ID:-p-c5fcj}" + local WHITELIST_SOURCE_RANGE="${WHITELIST_SOURCE_RANGE:-10.0.0.0/8}" + local OK='\e[32m\u2714\e[0m' + local NOT_OK='\u274c' + printf "Validating ingresses in private project (%s}\n" "$PRIVATE_PROJECT_ID" + for NS in $(kubectl get namespaces --selector=field.cattle.io/projectId="$PRIVATE_PROJECT_ID" --template "{{range .items}}{{.metadata.name}}{{\"\n\"}}{{end}}"); do + for INGRESS in $(kubectl --namespace "$NS" get ingress --template "{{range .items}}{{.metadata.name}}{{\"\n\"}}{{end}}"); do + if [[ $(kubectl --namespace "$NS" get ingress "$INGRESS" -o jsonpath='{.metadata.annotations.nginx\.ingress\.kubernetes\.io/whitelist-source-range}') == "$WHITELIST_SOURCE_RANGE" ]];then + echo -n -e "$OK " + else + echo -n -e "$NOT_OK " + fi + printf "%-20s %s\n" "$NS" "$INGRESS" + done + done + +}