INFRA-1847 | Ashvin | Do remove and apply on ingress

scripts/change_shared_alb_across_namespace_name.sh

@@ -0,0 +1,24 @@
+#!/bin/bash -e
+
+kubectl config use-context "$1"
+
+namespace=$2
+lb_name=$3
+new_name=$4
+annotations=$5
+
+original_lb="/tmp/${namespace}_${lb_name}.json"
+kubectl apply view-last-applied ingress -n "${namespace}" "${lb_name}" -o json > "$original_lb"
+
+# change name
+final_lb="/tmp/${namespace}_${new_name}.json"
+jq --arg name "${new_name}" '.metadata.name = $name' "$original_lb" > "$final_lb"
+
+# add annotation
+if [ -z "$annotations" ]; then
+  annotation_changed_lb="/tmp/${namespace}_${new_name}_annotation.json"
+  jq --arg annotations "${annotations}" '.metadata.annotations = $annotations' "$final_lb" > "$annotation_changed_lb"
+  cp "$annotation_changed_lb" "$final_lb"
+fi
+
+kubectl apply -f "$final_lb"

scripts/migrate_from_shared_alb.py

@@ -1,21 +1,65 @@
 import time
-
+import subprocess
+import shlex
 import requests
 
-url = "https://deployment-portal.cmd.navi-tech.in"
+url = "https://navi-pay-deployment-portal.cmd.navi-tech.in"
 s = requests.Session()
 cookie = ""  # FILL ME
 x_xsrf_token = ""  # FILL ME
 s.headers.update({'cookie': cookie, 'x-xsrf-token': x_xsrf_token})
 list_manifest_path = "/api/manifest/list"
+
+product = "medici"  # medici, gi, sa, navi-pay
+certificate = "arn:aws:acm:ap-south-1:197185947855:certificate/a8025483-daf3-49f9-8528-4ffa4683ce88"
+security_groups = "sg-0b7735ad1e1ccf94d,sg-0c954334a33a84784"
+subnets = "ap-south-1a.aps1.np.navi-sa.in,ap-south-1b.aps1.np.navi-sa.in,ap-south-1c.aps1.np.navi-sa.in"
 env = "qa"
+
 r = s.get(url + list_manifest_path)
 manifest_list = r.json()
 env_manifest_list = [manifest for manifest in manifest_list if
                      manifest['environment'] == env]
+
+
+def change_name(cluster, manifest_name, namespace, lb_name_by_user, lb_type):
+    group_name = f"{namespace}-internal"
+    attributes = f"idle_timeout.timeout_seconds=60,access_logs.s3.enabled=true,access_" \
+                 f"logs.s3.bucket={cluster}-alb-access-logs,access_logs.s3.prefix={group_name}"
+    tags = f"Name=shared-alb-{group_name},Ingress=shared-alb-{group_name},Owner=shared," \
+           f"Team=Shared,Product={product},Environment={env}"
+
+    annotations = {
+        "alb.ingress.kubernetes.io/actions.ssl-redirect": "{\"Type\": \"redirect\", "
+                                                          "\"RedirectConfig\": { \"Protocol\": "
+                                                          "\"HTTPS\", \"Port\": \"443\", "
+                                                          "\"StatusCode\": \"HTTP_301\"}}",
+        "alb.ingress.kubernetes.io/certificate-arn": certificate,
+        "alb.ingress.kubernetes.io/group.name": group_name,
+        "alb.ingress.kubernetes.io/listen-ports": "[{ \"HTTPS\": 443 },{\"HTTP\": 80}]",
+        "alb.ingress.kubernetes.io/load-balancer-attributes": attributes,
+        "alb.ingress.kubernetes.io/scheme": "internal",
+        "alb.ingress.kubernetes.io/security-groups": security_groups,
+        "alb.ingress.kubernetes.io/ssl-policy": "ELBSecurityPolicy-TLS-1-2-2017-01",
+        "alb.ingress.kubernetes.io/subnets": subnets,
+        "alb.ingress.kubernetes.io/tags": tags,
+        "alb.ingress.kubernetes.io/target-type": "ip",
+        "kubernetes.io/ingress.class": "alb",
+    } if lb_type == "sharedAlb" else {}
+
+    lb_name = f"{manifest_name}-navi-service-{lb_type}"
+    new_lb_name = f"{manifest_name}-navi-service-sharedalb"
+    if lb_name_by_user != "":
+        lb_name = f"{lb_name}-{lb_name_by_user}"
+        new_lb_name = f"{new_lb_name}-{lb_name_by_user}"
+    subprocess.call(shlex.split((f"./change_shared_alb_across_namespace_name.sh {cluster} "
+                                 f"{namespace} {lb_name} {new_lb_name} {annotations}")))
+    pass
+
+
 for i in env_manifest_list:
     perform_post = False
-    r = s.get(url + "/api/manifest/" + str(i['id']))
+    r = s.get("{0}/api/manifest/{1}".format(url, str(i['id'])))
     manifest = r.json()
     if 'deployment' in manifest:
         deployment = manifest['deployment']
@@ -23,11 +67,15 @@ for i in env_manifest_list:
             load_balancers = deployment['loadBalancers']
             for lb in load_balancers:
                 if lb['type'] == 'sharedAlb':
-                    perform_post = True
-                    print(f"{manifest['environment']}/{manifest['name']} has a "
-                          f"sharedAlb: {lb['endpoint']}")
+                    perform_post = False
+                    print(f"{manifest['environment']}/{manifest['name']} has a "f"sharedAlb: "
+                          f"{lb['endpoint']}")
                     lb['type'] = 'sharedAlbAcrossNamespace'
                     lb['groupName'] = f"{manifest['namespace']}-internal"
+                if lb['type'] == 'sharedAlb' or lb['type'] == 'sharedAlbAcrossNamespace':
+                    change_name(deployment['cluster'], manifest['name'], deployment['namespace'],
+                                lb['name'], lb['type'])
+
     if perform_post:
         response = s.post(f"{url}/api/manifest", json=manifest)
         print(f"{i['id']} response of post is {response.json()}")

scripts/prometheus_rule_migration.sh

@@ -3,7 +3,7 @@ rules=$(kubectl get prometheusRule -A |grep -v "Name" | grep -E 'dev|qa' | awk '
 for i in $rules;do
     rule=$(echo $i | cut -d '/' -f2)
     namespace=$(echo $i | cut -d '/' -f1)
-    if `kubectl apply  view-last-applied prometheusRule  $rule  -n $namespace -o yaml  |grep -q "tag_Namespace,tag_Name"`;then
+    if `kubectl apply  view-last-applied deploy navi-feeds-navi-service prometheusRule  $rule  -n $namespace -o yaml  |grep -q "tag_Namespace,tag_Name"`;then
         echo "found in $namespace/$rule"
         kubectl apply  view-last-applied prometheusRule  $rule  -n $namespace -o yaml | sed 's/tag_Namespace,tag_Name/tag_Namespace,tag_Ingress/g'  | kubectl apply -f -
     fi