Created
October 29, 2019 13:46
-
-
Save bracki/4c3eff81536a03d1d2b882cad41f7610 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import requests | |
| import pykube | |
| def query_route53_records(): | |
| c = boto.client("route53") | |
| for zone in c.get_zones(): | |
| records = c.get_all_rrsets(zone.id) | |
| for r in records: | |
| if r.type == 'A': | |
| try: | |
| print("Checking {0}".format(r.name)) | |
| headers = requests.get('http://{0}'.format(r.name), timeout = 1, allow_redirects = False).headers | |
| if 'Location' not in headers: | |
| print("WARNING: Does not redirect {0}".format(r.name)) | |
| except requests.exceptions.RequestException: | |
| print("Skipping...") | |
| def query_load_balancers(): | |
| c = boto3.client("elb", region_name="eu-central-1") | |
| load_balancers = c.describe_load_balancers()['LoadBalancerDescriptions'] | |
| for lb in load_balancers: | |
| for listeners in lb['ListenerDescriptions']: | |
| if listeners['Listener']['LoadBalancerPort'] == 80: | |
| print(lb) | |
| def query_ingresses(): | |
| api = pykube.HTTPClient(pykube.KubeConfig.from_file()) | |
| ingresses = pykube.Ingress.objects(api).filter(namespace=pykube.query.all_) | |
| for ingress in ingresses: | |
| ingress_class = ingress.annotations['kubernetes.io/ingress.class'] | |
| if ingress_class.startswith("nginx-"): | |
| if 'nginx.ingress.kubernetes.io/force-ssl-redirect' not in ingress.annotations: | |
| print("BAD INGRESS: {0}".format(ingress.name)) | |
| print("BAD INGRESS: {0}".format(ingress.obj['spec']['rules'])) | |
| if __name__ == '__main__': | |
| query_ingresses() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment