Stono · April 26, 2019 20:18
diff --git a/istio-rollout-sidecars.rb b/istio-rollout-sidecars.rb
 #!/usr/bin/ruby

 require 'json'
 require 'net/http'
 require 'shellwords'
 require 'time'
 require 'uri'
 require 'yaml'

 @target_sidecar_image = YAML.load(YAML.load(`kubectl --namespace=istio-system get configmap istio-sidecar-injector -o yaml`)['data']['config'])['template'].match(/.*(eu.gcr.io\/at-artefacts\/platform-istio-proxy.*)".*/)[1]
 puts "Targetting: #{@target_sidecar_image}"

 def restart(namespace, type, name)
  puts "   - Restarting #{type}: #{name}"
  args = %{{\\"spec\\":{\\"template\\":{\\"metadata\\":{\\"labels\\":{\\"RESTARTED_ON\\":\\"#{Time.now.to_i}\\"}}}}}}
  args = Shellwords.escape(args)
  command = %{kubectl -n #{namespace} patch #{type} #{name} -p \\"#{args}\\"}
  puts `echo #{command} | bash`
  puts "Waiting for rollout to complete..."
  command = %{kubectl -n #{namespace} rollout status #{type}/#{name}}
  puts `#{command}`
 end

 def is_istio(manifest)
  istio_disabled = (manifest.dig('spec', 'template', 'metadata', 'annotations', 'sidecar.istio.io/inject') === "false")
  if(!istio_disabled)
    puts "   - is istio enabled"
    matchLabels = manifest.dig('spec', 'selector', 'matchLabels')
    if(!matchLabels)
      puts "   ! does not have any matchLabels!"
      return true
    end

    matchLabels = matchLabels.map do |k, v|
      "#{k}=#{v}"
    end
    string = `kubectl -n #{manifest['metadata']['namespace']} get pods -l #{matchLabels.join(",")} -o yaml`
    if not string.include? 'eu.gcr.io/at-artefacts/platform-istio-proxy'
      puts "   - doesnt have a sidecar"
      return false
    end
    yaml = YAML.load string

    is_current = true
    yaml['items'].each do |pod|
      proxies = pod['spec']['containers'].select do |container|
        container['name'] === 'istio-proxy'
      end
      proxies.each do |proxy|
        if not proxy['image'] === @target_sidecar_image
          is_current = false
        end
      end
    end
    if(is_current)
      puts "   - is on the current version of istio"
      return false
    else
      puts "   + needs updating!"
      return true
    end
  end
  puts "   - is not istio"
  return false
 end

 def check_deployments(namespace)
  deployments = YAML.load `kubectl -n #{namespace} get deployments -o yaml`
  deployments['items'].each do |deployment|
    puts " - deployment/#{deployment['metadata']['name']}"
    restart(namespace, deployment['kind'], deployment['metadata']['name']) if is_istio(deployment)
  end
 end

 def check_statefulsets(namespace)
  statefulsets = YAML.load `kubectl -n #{namespace} get statefulsets -o yaml`
  statefulsets['items'].each do |statefulset|
    puts " - statefulset/#{statefulset['metadata']['name']}"
    restart(namespace, statefulset['kind'], statefulset['metadata']['name']) if is_istio(statefulset)
  end
 end

 namespaces=`kubectl get ns -L istio-injection | grep -v disabled | grep -v NAME | awk '{print $1}'`.split("\n")
 namespaces.each do |namespace|
  puts "#{namespace}:"
  check_deployments(namespace)
  check_statefulsets(namespace)
 end
	#!/usr/bin/ruby

	require 'json'
	require 'net/http'
	require 'shellwords'
	require 'time'
	require 'uri'
	require 'yaml'

	@target_sidecar_image = YAML.load(YAML.load(`kubectl --namespace=istio-system get configmap istio-sidecar-injector -o yaml`)['data']['config'])['template'].match(/.(eu.gcr.io\/at-artefacts\/platform-istio-proxy.)".*/)[1]
	puts "Targetting: #{@target_sidecar_image}"

	def restart(namespace, type, name)
	puts " - Restarting #{type}: #{name}"
	args = %{{\\"spec\\":{\\"template\\":{\\"metadata\\":{\\"labels\\":{\\"RESTARTED_ON\\":\\"#{Time.now.to_i}\\"}}}}}}
	args = Shellwords.escape(args)
	command = %{kubectl -n #{namespace} patch #{type} #{name} -p \\"#{args}\\"}
	puts `echo #{command} \| bash`
	puts "Waiting for rollout to complete..."
	command = %{kubectl -n #{namespace} rollout status #{type}/#{name}}
	puts `#{command}`
	end

	def is_istio(manifest)
	istio_disabled = (manifest.dig('spec', 'template', 'metadata', 'annotations', 'sidecar.istio.io/inject') === "false")
	if(!istio_disabled)
	puts " - is istio enabled"
	matchLabels = manifest.dig('spec', 'selector', 'matchLabels')
	if(!matchLabels)
	puts " ! does not have any matchLabels!"
	return true
	end

	matchLabels = matchLabels.map do \|k, v\|
	"#{k}=#{v}"
	end
	string = `kubectl -n #{manifest['metadata']['namespace']} get pods -l #{matchLabels.join(",")} -o yaml`
	if not string.include? 'eu.gcr.io/at-artefacts/platform-istio-proxy'
	puts " - doesnt have a sidecar"
	return false
	end
	yaml = YAML.load string

	is_current = true
	yaml['items'].each do \|pod\|
	proxies = pod['spec']['containers'].select do \|container\|
	container['name'] === 'istio-proxy'
	end
	proxies.each do \|proxy\|
	if not proxy['image'] === @target_sidecar_image
	is_current = false
	end
	end
	end
	if(is_current)
	puts " - is on the current version of istio"
	return false
	else
	puts " + needs updating!"
	return true
	end
	end
	puts " - is not istio"
	return false
	end

	def check_deployments(namespace)
	deployments = YAML.load `kubectl -n #{namespace} get deployments -o yaml`
	deployments['items'].each do \|deployment\|
	puts " - deployment/#{deployment['metadata']['name']}"
	restart(namespace, deployment['kind'], deployment['metadata']['name']) if is_istio(deployment)
	end
	end

	def check_statefulsets(namespace)
	statefulsets = YAML.load `kubectl -n #{namespace} get statefulsets -o yaml`
	statefulsets['items'].each do \|statefulset\|
	puts " - statefulset/#{statefulset['metadata']['name']}"
	restart(namespace, statefulset['kind'], statefulset['metadata']['name']) if is_istio(statefulset)
	end
	end

	namespaces=`kubectl get ns -L istio-injection \| grep -v disabled \| grep -v NAME \| awk '{print $1}'`.split("\n")
	namespaces.each do \|namespace\|
	puts "#{namespace}:"
	check_deployments(namespace)
	check_statefulsets(namespace)
	end