import json import shlex import subprocess import sys import time import requests url = "https://deployment-portal.cmd.navi-tech.in" s = requests.Session() cookie = "" # FILL ME x_xsrf_token = "" # FILL ME s.headers.update({'cookie': cookie, 'x-xsrf-token': x_xsrf_token}) list_manifest_path = "/api/manifest/list" product = "lending" # lending, gi, sa, navi-pay certificate = "" security_groups = "" # internal, office-ip access_log_bucket = "" subnets = "" env = "dev" ns = "dev" r = s.get(url + list_manifest_path) manifest_list = r.json() env_manifest_list = [manifest for manifest in manifest_list if manifest['environment'] == env] def change_name(cluster, manifest_name, namespace, lb_name_by_user, lb_type): group_name = f"{namespace}-internal" attributes = f"idle_timeout.timeout_seconds=60,access_logs.s3.enabled=true,access_" \ f"logs.s3.bucket={access_log_bucket},access_logs.s3.prefix={group_name}" tags = f"Name=shared-alb-{group_name},Ingress=shared-alb-{group_name},Owner=shared," \ f"Team=Shared,Product={product},Environment={env}" annotations = { "alb.ingress.kubernetes.io/actions.ssl-redirect": "{\"Type\": \"redirect\", " "\"RedirectConfig\": { \"Protocol\": " "\"HTTPS\", \"Port\": \"443\", " "\"StatusCode\": \"HTTP_301\"}}", "alb.ingress.kubernetes.io/certificate-arn": certificate, "alb.ingress.kubernetes.io/group.name": group_name, "alb.ingress.kubernetes.io/listen-ports": "[{ \"HTTPS\": 443 },{\"HTTP\": 80}]", "alb.ingress.kubernetes.io/load-balancer-attributes": attributes, "alb.ingress.kubernetes.io/scheme": "internal", "alb.ingress.kubernetes.io/security-groups": security_groups, "alb.ingress.kubernetes.io/ssl-policy": "ELBSecurityPolicy-TLS-1-2-2017-01", "alb.ingress.kubernetes.io/subnets": subnets, "alb.ingress.kubernetes.io/tags": tags, "alb.ingress.kubernetes.io/target-type": "ip", "kubernetes.io/ingress.class": "alb", } if lb_type == "sharedAlb" else {} lb_name = f"{manifest_name}-navi-service-{lb_type.lower()}" new_lb_name = f"{manifest_name}-navi-service-sharedalb" if lb_name_by_user != "": lb_name = f"{lb_name}-{lb_name_by_user.lower()}" new_lb_name = f"{new_lb_name}-{lb_name_by_user.lower()}" with open(f"/tmp/annotations_{lb_name}.json", mode="w") as log_file: log_file.write(json.dumps(annotations, indent=4)) print(f'running ./change_shared_alb_across_namespace_name.sh {cluster} {namespace} {lb_name} ' f'{new_lb_name}') result = subprocess.run(shlex.split((f"./change_shared_alb_across_namespace_name.sh {cluster} " f"{namespace} {lb_name} {new_lb_name}")), shell=False, capture_output=True, text=True) print(result.stdout) whitelist1 = [] if result.stderr != "" and lb_name not in whitelist1: print(result.stderr) if result.stderr.find("not found") == -1: sys.exit(1) for i in env_manifest_list: perform_post = False r = s.get("{0}/api/manifest/{1}".format(url, str(i['id']))) manifest = r.json() if 'deployment' in manifest: deployment = manifest['deployment'] if deployment['namespace'] != ns: print(f"Deployment does not belong to {ns}. Skipping...") continue if 'loadBalancers' in deployment: load_balancers = deployment['loadBalancers'] for lb in load_balancers: if lb['type'] == 'sharedAlb' or lb['type'] == 'sharedAlbAcrossNamespace': if 'name' not in lb: lb['name'] = '' change_name(deployment['cluster'], manifest['name'], deployment['namespace'], lb['name'], lb['type']) if lb['type'] == 'sharedAlb': perform_post = True print(f"{manifest['environment']}/{manifest['name']} has a sharedAlb: " f"{lb['endpoint']}") lb['type'] = 'sharedAlbAcrossNamespace' lb['groupName'] = f"{deployment['namespace']}-internal" if perform_post: response = s.post(f"{url}/api/manifest", json=manifest) print(f"{i['id']} response of post is {response.json()}") time.sleep(2) else: print(f"{i['id']} is not updated.")