Ruby code to
-
List 'orphaned' namespaces
Script to compare the namespaces which exist in the cluster to those which are defined in the env-repo. Namespaces which exist in the cluster, but which are not defined in the repo should be deleted, along with all of their AWS resources.
-
List 'hosted services'
Script to list the namespaces and its ingresses of services that are hosted by Cloud Platform.
Both the projects are executed regularly by a concourse-job, to generate a report. To run manually, follow the steps in Installation and Usage.
You need to have docker installed on your computer.
- Check out a copy of this repository
- Copy
example.env.live1to.env.live1 - Replace the placeholders in the
.env.live1files with valid AWS credentials, GITHUB_TOKEN (withpublic_reposcope, for orphaned-resources) and HOODAW_API_KEY(for listing hosted services) make pull
To list namespaces which exist in the cluster, but which are not defined in the env-repo
. .env.live1; make list-orphaned-namespaces
To list namespaces and ingresses of services which exist in the cluster
. .env.live1; make hosted-services
If you have set up your local ruby development environment, you can invoke the ruby scripts locally. See the makefile for examples of how to do this.
If you want to develop the code, you will also need to install ruby 2.6.2, and run bundle install to install gems.
After changing the code, create a new release using the github web interface.
This will trigger a github action to build the docker image with tag ministryofjustice/orphaned-namespace-checker:<release-tag>and push it to docker hub.
You will then need to update the image tag in the concourse-job, and make any other required changes there.
Run make test to execute the tests.
The following is some detail on how the scripts work, and the resources they require.
These scripts need to fetch some resources from S3:
- A valid Kubernetes config file, for the targeted cluster
- The terraform state files for cluster namespaces
These are stored in different AWS accounts and regions, depending on the cluster. Hence, multiple sets of AWS credentials must be supplied (as environment variables).
These scripts require many environment variables to be set. See example.env.live-1 for a list.
You can copy these examples to, e.g. .env.live1 (which will be git ignored) and supply valid AWS credentials, GITHUB_TOKEN(for orphaned_namespaces) and HOODAW_API_KEY(for hosted_services), in order to run these scripts locally (either directly, or via the docker image).
This script outputs a report, detailing the namespaces which are not defined in the env-repo, and any associated AWS resources which are defined in the terraform state.
This script is executed regularly via Concourse, as defined here, with the output piped into Slack.
This script outputs a report with the list of namespaces, namespace annotations and corresponding ingresses which exists in the cluster.
This script is executed regularly via Concourse, as defined here, with the output piped into Slack.
This script runs and pushes the output of bin/hosted_services.rb to the HOODAW page. This is executed regulary via Concourse, as defined here