Merge branch 'master' of github.com:HariSekhon/DevOps-Bash-tools
commit
957b424f62
@ -0,0 +1,64 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# vim:ts=4:sts=4:sw=4:et
|
||||||
|
#
|
||||||
|
# Author: Hari Sekhon
|
||||||
|
# Date: 2021-06-18 11:43:50 +0100 (Fri, 18 Jun 2021)
|
||||||
|
#
|
||||||
|
# https://github.com/HariSekhon/bash-tools
|
||||||
|
#
|
||||||
|
# License: see accompanying Hari Sekhon LICENSE file
|
||||||
|
#
|
||||||
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
||||||
|
#
|
||||||
|
# https://www.linkedin.com/in/HariSekhon
|
||||||
|
#
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
[ -n "${DEBUG:-}" ] && set -x
|
||||||
|
srcdir="$(dirname "${BASH_SOURCE[0]}")"
|
||||||
|
|
||||||
|
# shellcheck disable=SC1090,SC1091
|
||||||
|
. "$srcdir/lib/utils.sh"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2034,SC2154
|
||||||
|
usage_description="
|
||||||
|
Filter program to generate ArgoCD namespace resource whitelist from a give Kubernetes yaml or Kustomize build output
|
||||||
|
|
||||||
|
Yaml can be supplied as a file argument or via standard input. If no file is given, waits for stdin like a standard unix filter program
|
||||||
|
|
||||||
|
Outputs Yaml for the namespaceResourceWhitelist section of argocd-project.yaml
|
||||||
|
|
||||||
|
A full argocd-project.yaml is already provided at the URL below with all the most common object permissions already populated via the output from this script against my production environment
|
||||||
|
|
||||||
|
https://github.com/HariSekhon/Kubernetes-configs
|
||||||
|
|
||||||
|
Uses adjacent script kubernetes_resource_types.sh
|
||||||
|
|
||||||
|
Tested on ArgoCD 2.0.3
|
||||||
|
"
|
||||||
|
|
||||||
|
# used by usage() in lib/utils.sh
|
||||||
|
# shellcheck disable=SC2034
|
||||||
|
usage_args="[<file.yaml> <file2.yaml> ...]"
|
||||||
|
|
||||||
|
help_usage "$@"
|
||||||
|
|
||||||
|
#min_args 1 "$@"
|
||||||
|
|
||||||
|
echo " namespaceResourceWhitelist:"
|
||||||
|
"$srcdir/kubernetes_resource_types.sh" "$@" |
|
||||||
|
while read -r group kind; do
|
||||||
|
# Cluster resources, ignore these
|
||||||
|
if [[ "$kind" =~ Namespace|PriorityClass|StorageClass ]]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
group="${group%/*}"
|
||||||
|
if [ "$group" = v1 ]; then
|
||||||
|
group=""
|
||||||
|
fi
|
||||||
|
if [ "$group" = "" ]; then
|
||||||
|
group="''"
|
||||||
|
fi
|
||||||
|
echo " - group: $group"
|
||||||
|
echo " kind: $kind"
|
||||||
|
done
|
@ -0,0 +1,109 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# vim:ts=4:sts=4:sw=4:et
|
||||||
|
# args: eu-west-1 ROUTE53_HEALTHCHECKS
|
||||||
|
#
|
||||||
|
# Author: Hari Sekhon
|
||||||
|
# Date: 2021-06-18 17:13:10 +0100 (Fri, 18 Jun 2021)
|
||||||
|
#
|
||||||
|
# https://github.com/HariSekhon/bash-tools
|
||||||
|
#
|
||||||
|
# License: see accompanying Hari Sekhon LICENSE file
|
||||||
|
#
|
||||||
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
||||||
|
#
|
||||||
|
# https://www.linkedin.com/in/HariSekhon
|
||||||
|
#
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
[ -n "${DEBUG:-}" ] && set -x
|
||||||
|
srcdir="$(dirname "${BASH_SOURCE[0]}")"
|
||||||
|
|
||||||
|
# shellcheck disable=SC1090,SC1091
|
||||||
|
. "$srcdir/lib/utils.sh"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2034,SC2154
|
||||||
|
usage_description="
|
||||||
|
Returns all the AWS IPs for a given Region and Service using the AWS ip-range json API:
|
||||||
|
|
||||||
|
https://ip-ranges.amazonaws.com/ip-ranges.json
|
||||||
|
|
||||||
|
To get and use these IPs directly in Terraform, see the Cloudflare Firewall module in https://github.com/HariSekhon/Terraform
|
||||||
|
|
||||||
|
Examples:
|
||||||
|
|
||||||
|
Lists all regions and their services to filter on:
|
||||||
|
|
||||||
|
${0##*/} list
|
||||||
|
|
||||||
|
Get all IPs for eu-west-1 region:
|
||||||
|
|
||||||
|
${0##*/} eu-west-1
|
||||||
|
|
||||||
|
Get all eu-west-1 IPs for EC2, S3 or Route 53 Healthchecks:
|
||||||
|
|
||||||
|
${0##*/} eu-west-1 EC2
|
||||||
|
${0##*/} eu-west-1 S3
|
||||||
|
${0##*/} eu-west-1 ROUTE53_HEALTHCHECKS
|
||||||
|
|
||||||
|
Get global Route 53 Healthcheck IPs:
|
||||||
|
|
||||||
|
${0##*/} GLOBAL ROUTE53_HEALTHCHECKS
|
||||||
|
|
||||||
|
Get all Route 53 Healthcheck IPs in all regions:
|
||||||
|
|
||||||
|
${0##*/} all ROUTE53_HEALTHCHECKS
|
||||||
|
|
||||||
|
"
|
||||||
|
|
||||||
|
# used by usage() in lib/utils.sh
|
||||||
|
# shellcheck disable=SC2034
|
||||||
|
usage_args="[<region> <service> | list]"
|
||||||
|
|
||||||
|
help_usage "$@"
|
||||||
|
|
||||||
|
url="https://ip-ranges.amazonaws.com/ip-ranges.json"
|
||||||
|
region="${1:-}"
|
||||||
|
service="${2:-}"
|
||||||
|
|
||||||
|
# All regions are lowercase except for GLOBAL
|
||||||
|
region="$(tr '[:upper:]' '[:lower:]' <<< "$region")"
|
||||||
|
if [ "$region" = global ]; then
|
||||||
|
region=GLOBAL
|
||||||
|
fi
|
||||||
|
# All Services are uppercase
|
||||||
|
service="$(tr '[:lower:]' '[:upper:]' <<< "$service")"
|
||||||
|
|
||||||
|
if [ "$region" = list ]; then
|
||||||
|
curl -sS "$url" |
|
||||||
|
jq -r '.prefixes[] | [.region, .service] | @tsv' | sort -u
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
curl -sS "$url" |
|
||||||
|
#jq -r ".prefixes[]" |
|
||||||
|
#if [ -n "$region" ] && [ "$region" != all ]; then
|
||||||
|
# #jq -r ".prefixes[] | select(.region == \"$region\") | .ip_prefix"
|
||||||
|
# jq -r "select(.region == \"$region\")"
|
||||||
|
#else
|
||||||
|
# cat
|
||||||
|
#fi |
|
||||||
|
#if [ -n "$service" ] && [ "$service" != all ]; then
|
||||||
|
# jq -r "select(.service == \"$service\")"
|
||||||
|
#else
|
||||||
|
# cat
|
||||||
|
#fi |
|
||||||
|
#jq -r '.ip_prefix'
|
||||||
|
jq -r "
|
||||||
|
.prefixes[] |
|
||||||
|
if(\"$region\" != \"\" and \"$region\" != \"all\") then
|
||||||
|
select(.region == \"$region\")
|
||||||
|
else
|
||||||
|
.
|
||||||
|
end |
|
||||||
|
if(\"$service\" != \"\" and \"$service\" != \"all\") then
|
||||||
|
select(.service == \"$service\")
|
||||||
|
else
|
||||||
|
.
|
||||||
|
end |
|
||||||
|
.ip_prefix
|
||||||
|
" # end jq script
|
@ -0,0 +1,64 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# vim:ts=4:sts=4:sw=4:et
|
||||||
|
#
|
||||||
|
# Author: Hari Sekhon
|
||||||
|
# Date: 2021-06-18 11:28:40 +0100 (Fri, 18 Jun 2021)
|
||||||
|
#
|
||||||
|
# https://github.com/HariSekhon/bash-tools
|
||||||
|
#
|
||||||
|
# License: see accompanying Hari Sekhon LICENSE file
|
||||||
|
#
|
||||||
|
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
|
||||||
|
#
|
||||||
|
# https://www.linkedin.com/in/HariSekhon
|
||||||
|
#
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
[ -n "${DEBUG:-}" ] && set -x
|
||||||
|
srcdir="$(dirname "${BASH_SOURCE[0]}")"
|
||||||
|
|
||||||
|
# shellcheck disable=SC1090,SC1091
|
||||||
|
. "$srcdir/lib/utils.sh"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2034,SC2154
|
||||||
|
usage_description="
|
||||||
|
Filter program to get all unique Kubernetes resources types out of a Kubernetes yaml or Kustomize build output
|
||||||
|
|
||||||
|
Yaml can be supplied as a file argument or via standard input. If no file is given, waits for stdin like a standard unix filter program
|
||||||
|
|
||||||
|
Output Format:
|
||||||
|
|
||||||
|
<group> <object_kind>
|
||||||
|
|
||||||
|
Sorted by object kind
|
||||||
|
|
||||||
|
eg.
|
||||||
|
|
||||||
|
v1 ConfigMap
|
||||||
|
batch/v1beta1 CronJob
|
||||||
|
apps/v1 Deployment
|
||||||
|
autoscaling/v1 HorizontalPodAutoscaler
|
||||||
|
extensions/v1beta1 Ingress
|
||||||
|
v1 Namespace
|
||||||
|
policy/v1beta1 PodDisruptionBudget
|
||||||
|
scheduling.k8s.io/v1 PriorityClass
|
||||||
|
v1 Service
|
||||||
|
v1 ServiceAccount
|
||||||
|
apps/v1 StatefulSet
|
||||||
|
storage.k8s.io/v1 StorageClass
|
||||||
|
autoscaling.k8s.io/v1beta2 VerticalPodAutoscaler
|
||||||
|
"
|
||||||
|
|
||||||
|
# used by usage() in lib/utils.sh
|
||||||
|
# shellcheck disable=SC2034
|
||||||
|
usage_args="[<file.yaml> <file2.yaml> ...]"
|
||||||
|
|
||||||
|
help_usage "$@"
|
||||||
|
|
||||||
|
#min_args 1 "$@"
|
||||||
|
|
||||||
|
awk '/^(api|kind)/{print $2}' "$@" |
|
||||||
|
# sed N joins every 2 lines
|
||||||
|
sed 'N;s/\n/ /' |
|
||||||
|
sort -k2 -u |
|
||||||
|
column -t
|
Loading…
Reference in New Issue