From 4528e358726b5300a0293dd95d8e0c478230c3bb Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Fri, 11 Mar 2022 18:38:47 +0000 Subject: [PATCH] Disable/enable webhooks Signed-off-by: Marcus Noble --- home/.bin/kube-disable-webhook | 61 +++++++++++++++++++++++++++++++++ home/.bin/kube-reenable-webhook | 51 +++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100755 home/.bin/kube-disable-webhook create mode 100755 home/.bin/kube-reenable-webhook diff --git a/home/.bin/kube-disable-webhook b/home/.bin/kube-disable-webhook new file mode 100755 index 0000000..62003eb --- /dev/null +++ b/home/.bin/kube-disable-webhook @@ -0,0 +1,61 @@ +#!/usr/bin/env bash + +source .utils + +set -e +WEBHOOK_TYPE="mutating" + +print_usage() { + blue "kube-disable-webhook - Disabled a webhook by modifying the namespace selector" + echo " " + underline "Usage:" + echo "kube-disable-webhook [options] NAME" + echo " " + underline "Options:" + echo "-h, --help show this help text" + echo "-t, --type the type of webhook [mutating (default), validating]" +} + +while test $# -gt 0; do + case "$1" in + -t|--type) + shift + WEBHOOK_TYPE=$1 + shift + ;; + -h|--help) + print_usage + exit 0 + ;; + *) + break + ;; + esac +done + +NAME=${1} + +FAKE_SELECTOR='"namespaceSelector":{"matchExpressions":[{"key":"disabled","operator":"In","values":["webhook"]}]}' + +if [[ "${WEBHOOK_TYPE}" == "mutating" ]]; then + printf "🚫 Disabling mutating webhook ${NAME}..." + kubectl annotate mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} previous-state='kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o json' + HOOKS=$(kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o go-template='{{range .webhooks}}{{.name}}{{"\n"}}{{end}}') + for HOOK in ${HOOKS} + do + kubectl patch mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -p '{"webhooks": [{"name": "'${HOOK}'", '${FAKE_SELECTOR}'}]}' 1>/dev/null + done + printf " ✅ Done" +elif [[ "${WEBHOOK_TYPE}" == "validating" ]]; then + printf "🚫 Disabling validating webhook ${NAME}..." + kubectl annotate validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} previous-state='kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o json' + HOOKS=$(kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o go-template='{{range .webhooks}}{{.name}}{{"\n"}}{{end}}') + for HOOK in ${HOOKS} + do + kubectl patch validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -p '{"webhooks": [{"name": "'${HOOK}'", '${FAKE_SELECTOR}'}]}' 1>/dev/null + done + printf " ✅ Done" +else + echo "Unknown webhook type" + exit 1 +fi diff --git a/home/.bin/kube-reenable-webhook b/home/.bin/kube-reenable-webhook new file mode 100755 index 0000000..60bcd67 --- /dev/null +++ b/home/.bin/kube-reenable-webhook @@ -0,0 +1,51 @@ +#!/usr/bin/env bash + +source .utils + +set -e +WEBHOOK_TYPE="mutating" + +print_usage() { + blue "kube-reenable-webhook - Re-enable a previously disabled webhook" + echo " " + underline "Usage:" + echo "kube-reenable-webhook [options] NAME" + echo " " + underline "Options:" + echo "-h, --help show this help text" + echo "-t, --type the type of webhook [mutating (default), validating]" +} + +while test $# -gt 0; do + case "$1" in + -t|--type) + shift + WEBHOOK_TYPE=$1 + shift + ;; + -h|--help) + print_usage + exit 0 + ;; + *) + break + ;; + esac +done + +NAME=${1} + +FAKE_SELECTOR='"namespaceSelector":{"matchExpressions":[{"key":"disabled","operator":"In","values":["webhook"]}]}' + +if [[ "${WEBHOOK_TYPE}" == "mutating" ]]; then + printf "🔌 Re-enabling mutating webhook ${NAME}..." + kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o custom-columns="prev:.metadata.annotations.previous-state" --no-headers | kubectl apply -f - + printf " ✅ Done" +elif [[ "${WEBHOOK_TYPE}" == "validating" ]]; then + printf "🔌 Re-enabling validating webhook ${NAME}..." + kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io ${NAME} -o custom-columns="prev:.metadata.annotations.previous-state" --no-headers | kubectl apply -f - + printf " ✅ Done" +else + echo "Unknown webhook type" + exit 1 +fi