OpenShift Code Snippets¶
List routes with Missing SSL Certificates¶
Current Project¶
Command¶
oc get route -o json \
| jq -r '.items[]
| (.metadata.annotations."kubernetes.io/tls-acme" == "false") as $acme_disabled
| .spec
| if
(.path//"" | startswith("/.well-known/acme-challenge/"))
or
(.tls | has("key"))
then
empty
else
if $acme_disabled then
.host + .path + " (acme disabled)"
else
.host + .path
end
end
'
Sample Output¶
example.net
docs.example.net (acme disabled)
www.example.net
Routes with an explicit kubernetes.io/tls-acme = "false" annotation are marked acme disabled.
All Projects¶
Command¶
for n in $(oc projects -q); do
oc -n "$n" get route -o json \
| jq -r '.items[]
| (.metadata.annotations."kubernetes.io/tls-acme" == "false") as $acme_disabled
| .spec
| if
(.path//"" | startswith("/.well-known/acme-challenge/"))
or
(.tls | has("key"))
then
empty
else
if $acme_disabled then
.host + .path + " (acme disabled)"
else
.host + .path
end
end
' \
| awk -v prefix="$n" '$0=prefix": "$0'
done
Sample Output¶
toco-nice-spv: spvo.ch
toco-nice-spv: www.spvo.ch
toco-nice-svz: svz.tocco.ch (acme disabled)
toco-nice-tocco: manual.tocco.ch
Routes with an explicit kubernetes.io/tls-acme = "false" annotation are marked acme disabled.
List routes with ACME disabled or unset¶
List all routes with missing kubernetes.io/tls-acme as unset and routes with
kubernetes.io/tls-acme = "false" as disabled.
Current Project¶
Command¶
oc get route -o json \
| jq -r '.items[]
| .spec.host as $host
| (.spec.path//"") as $path
| if $path|startswith("/.well-known/acme-challenge/") | not then
.metadata.annotations
| if has("kubernetes.io/tls-acme") then
if ."kubernetes.io/tls-acme" == "true" then
empty
elif ."kubernetes.io/tls-acme" == "false" then
$host + $path + ": disabled"
else
$host + $path + ": unknown"
end
else
$host + $path + ": unset"
end
else
empty # paths starts with "/.well-known/acme-challenge/"
end
'
Sample Output¶
backoffice.tocco.ch: unset
cockpit.tocco.ch: unset
extranet.tocco.ch: unset
manual.tocco.ch: disabled
All Projects¶
Command¶
for n in $(oc projects -q); do
oc -n "$n" get route -o json \
| jq -r '.items[]
| .spec.host as $host
| (.spec.path//"") as $path
| if $path|startswith("/.well-known/acme-challenge/") | not then
.metadata.annotations
| if has("kubernetes.io/tls-acme") then
if ."kubernetes.io/tls-acme" == "true" then
empty
elif ."kubernetes.io/tls-acme" == "false" then
$host + $path + ": disabled"
else
$host + $path + ": unknown"
end
else
$host + $path + ": unset"
end
else
empty # path starts with "/.well-known/acme-challenge/"
end
' \
| awk -v prefix="$n" '$0=prefix": "$0'
done
Sample Output¶
toco-nice-tocco: cockpit.tocco.ch: unset
toco-nice-tocco: extranet.tocco.ch: unset
toco-nice-tocco: manual.tocco.ch: disabled
toco-nice-zewo: www.zewo.ch: unset
toco-nice-zewo: zewo.ch: unset