|
- name: osm-label |
|
image: {{ .Values.alpine.image.name }}:{{ .Values.alpine.image.tag }} |
|
imagePullPolicy: IfNotPresent |
|
env: |
|
- name: labelnamespaces |
|
value: {{ .Values.OpenServiceMesh.ignoreNamespaces }} |
|
- name: osmnamespace |
|
value: {{ .Release.Namespace }} |
|
securityContext: |
|
allowPrivilegeEscalation: false |
|
command: |
|
- "/bin/sh" |
|
- "-ec" |
|
- | |
|
set -o pipefail |
|
token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) |
|
namespaces=${labelnamespaces} |
|
for namespace in ${namespaces} |
|
do |
|
echo "Retrieving namespace ${namespace} details" |
|
namespaceDetails=$(curl -s -X GET -k https://kubernetes.default.svc/api/v1/namespaces/${namespace} \ |
|
-H "Authorization: Bearer ${token}" \ |
|
-H "Content-Type: application/json" \ |
|
-H "Accept: application/json") |
|
kind=$(echo $namespaceDetails | jq .kind) |
|
if [ "$kind" = "\"Namespace\"" ] |
|
then |
|
cplabel=$(echo $namespaceDetails | jq .metadata.labels.\"openservicemesh.io/ignore\") |
|
if [ "$cplabel" = "null" ] |
|
then |
|
echo "Adding openservicemesh.io/ignore label to ${namespace}" |
|
patchstatus=$(curl -s -X PATCH -k https://kubernetes.default.svc/api/v1/namespaces/${namespace} \ |
|
-d '{ "metadata": { "labels": { "openservicemesh.io/ignore": "true" } } }' \ |
|
-H "Authorization: Bearer ${token}" \ |
|
-H "Content-Type: application/strategic-merge-patch+json" \ |
|
-H "Accept: application/json") |
|
else |
|
echo "openservicemesh.io/ignore label already exists on namespace ${namespace}" |
|
fi |
|
else |
|
echo "Failed to retrieve ${namespace} details" |
|
fi |
|
done |
|
echo "Retrieving namespace ${osmnamespace} details" |
|
namespaceDetails=$(curl -s -X GET -k https://kubernetes.default.svc/api/v1/namespaces/${osmnamespace} \ |
|
-H "Authorization: Bearer ${token}" \ |
|
-H "Content-Type: application/json" \ |
|
-H "Accept: application/json") |
|
kind=$(echo $namespaceDetails | jq .kind) |
|
if [ "$kind" = "\"Namespace\"" ] |
|
then |
|
cplabel=$(echo $namespaceDetails | jq .metadata.labels.\"admission.policy.azure.com/ignore\") |
|
if [ "$cplabel" = "null" ] |
|
then |
|
echo "Adding admission.policy.azure.com/ignore label to ${osmnamespace}" |
|
patchstatus=$(curl -s -X PATCH -k https://kubernetes.default.svc/api/v1/namespaces/${osmnamespace} \ |
|
-d '{ "metadata": { "labels": { "admission.policy.azure.com/ignore": "true" } } }' \ |
|
-H "Authorization: Bearer ${token}" \ |
|
-H "Content-Type: application/strategic-merge-patch+json" \ |
|
-H "Accept: application/json") |
|
else |
|
echo "admission.policy.azure.com/ignore label already exists on namespace ${osmnamespace}" |
|
fi |
|
else |
|
echo "Failed to retrieve ${osmnamespace} details" |
|
fi |