Disable/enable webhooks

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
2022-03-11 18:38:47 +00:00 · 2022-03-11 18:38:47 +00:00 · 4528e35872
parent 381adefe87
commit 4528e35872
2 changed files with 112 additions and 0 deletions
--- a/home/.bin/kube-disable-webhook
+++ b/home/.bin/kube-disable-webhook
@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+source .utils
+
+set -e
+WEBHOOK_TYPE="mutating"
+
+print_usage() {
+  blue "kube-disable-webhook - Disabled a webhook by modifying the namespace selector"
+  echo " "
+  underline "Usage:"
+  echo "kube-disable-webhook [options] NAME"
+  echo " "
+  underline "Options:"
+  echo "-h, --help            show this help text"
+  echo "-t, --type            the type of webhook [mutating (default), validating]"
+}
+
+while test $# -gt 0; do
+  case "$1" in
+    -t|--type)
+      shift
+      WEBHOOK_TYPE=$1
+      shift
+      ;;
+    -h|--help)
+      print_usage
+      exit 0
+      ;;
+    *)
+      break
+      ;;
+  esac
+done
+
+NAME=${1}
+
+FAKE_SELECTOR='"namespaceSelector":{"matchExpressions":[{"key":"disabled","operator":"In","values":["webhook"]}]}'
+
+if [[ "${WEBHOOK_TYPE}" == "mutating" ]]; then
+  printf "🚫 Disabling mutating webhook ${NAME}..."
+  kubectl annotate mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} previous-state='kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o json'
+  HOOKS=$(kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o go-template='{{range .webhooks}}{{.name}}{{"\n"}}{{end}}')
+  for HOOK in ${HOOKS}
+  do
+    kubectl patch mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -p '{"webhooks": [{"name": "'${HOOK}'", '${FAKE_SELECTOR}'}]}' 1>/dev/null
+  done
+  printf " ✅  Done"
+elif [[ "${WEBHOOK_TYPE}" == "validating" ]]; then
+  printf "🚫 Disabling validating webhook ${NAME}..."
+  kubectl annotate validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} previous-state='kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o json'
+  HOOKS=$(kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o go-template='{{range .webhooks}}{{.name}}{{"\n"}}{{end}}')
+  for HOOK in ${HOOKS}
+  do
+    kubectl patch validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -p '{"webhooks": [{"name": "'${HOOK}'", '${FAKE_SELECTOR}'}]}' 1>/dev/null
+  done
+  printf " ✅  Done"
+else
+  echo "Unknown webhook type"
+  exit 1
+fi
--- a/home/.bin/kube-reenable-webhook
+++ b/home/.bin/kube-reenable-webhook
@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+source .utils
+
+set -e
+WEBHOOK_TYPE="mutating"
+
+print_usage() {
+  blue "kube-reenable-webhook - Re-enable a previously disabled webhook"
+  echo " "
+  underline "Usage:"
+  echo "kube-reenable-webhook [options] NAME"
+  echo " "
+  underline "Options:"
+  echo "-h, --help            show this help text"
+  echo "-t, --type            the type of webhook [mutating (default), validating]"
+}
+
+while test $# -gt 0; do
+  case "$1" in
+    -t|--type)
+      shift
+      WEBHOOK_TYPE=$1
+      shift
+      ;;
+    -h|--help)
+      print_usage
+      exit 0
+      ;;
+    *)
+      break
+      ;;
+  esac
+done
+
+NAME=${1}
+
+FAKE_SELECTOR='"namespaceSelector":{"matchExpressions":[{"key":"disabled","operator":"In","values":["webhook"]}]}'
+
+if [[ "${WEBHOOK_TYPE}" == "mutating" ]]; then
+  printf "🔌 Re-enabling mutating webhook ${NAME}..."
+  kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o custom-columns="prev:.metadata.annotations.previous-state" --no-headers | kubectl apply -f -
+  printf " ✅  Done"
+elif [[ "${WEBHOOK_TYPE}" == "validating" ]]; then
+  printf "🔌 Re-enabling validating webhook ${NAME}..."
+  kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o custom-columns="prev:.metadata.annotations.previous-state" --no-headers | kubectl apply -f -
+  printf " ✅  Done"
+else
+  echo "Unknown webhook type"
+  exit 1
+fi