Improved patching of NSPs & adding cleanup scripts based on ctfd-username list

scripts/delete-unused-ns.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+echo "This script DELETES all the namespaces that have not been used, it requires an export of the users in CTFD"
+echo "It assumes you have the users.csv file from CTFD in the same folder"
+echo "ONLY RUN THIS IF YOU ARE SATISFIED WITH THE OUTPUT OF list-unused-ns.sh!"
+
+sleep 2
+echo "Sleeping for 10 seconds to give you time to abort if you are not sure to use automatic deletion"
+sleep 10
+
+source check-available-commands.sh
+checkCommandsAvailable kubectl jq awk
+IFS=$'
+'
+USERS=($(awk -F , '{print $3}' users.csv))
+unset IFS
+for NAMESPACE in `kubectl get ns | grep t- |  awk '{print $1;}'`
+do
+echo "found $NAMESPACE"
+NO_TDASH_NAMESPACE=${NAMESPACE:2}
+echo "checking list for $NO_TDASH_NAMESPACE"
+if [[ " ${USERS[*]} " =~ " ${NO_TDASH_NAMESPACE} " ]]; then
+    echo "FOUND $NO_TDASH_NAMESPACE in users, skipping it"
+else
+    echo "did not find $NO_TDASH_NAMESPACE in users, deleting it now!"
+    kubectl delete ns $NAMESPACE
+    echo "deleted $NAMESPACE"
+fi
+done

scripts/list-unused-ns.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+echo "This script shows all the namespaces that have not been used, it requires an export of the users in CTFD"
+echo "It assumes you have the users.csv file from CTFD in the same folder"
+source check-available-commands.sh
+checkCommandsAvailable kubectl jq awk
+IFS=$'
+'
+USERS=($(awk -F , '{print $3}' users.csv))
+unset IFS
+for NAMESPACE in `kubectl get ns | grep t- |  awk '{print $1;}'`
+do
+echo "found $NAMESPACE"
+NO_TDASH_NAMESPACE=${NAMESPACE:2}
+echo "checking list for $NO_TDASH_NAMESPACE"
+if [[ " ${USERS[*]} " =~ " ${NO_TDASH_NAMESPACE} " ]]; then
+    echo "FOUND $NO_TDASH_NAMESPACE in users"
+else
+    echo "did not find $NO_TDASH_NAMESPACE in users"
+fi
+done

scripts/patch-nsp-for-kubectl.sh

@@ -1,12 +1,23 @@
 #!/bin/bash
-# Deployiong for 1-20 
+
 echo "This script will patch the networkpolicies for every ns starting with 't-', and patch it to use a new cidr block."
 echo "You can use this to patch the ns when autoscaling and rebalancing kubelets breaks the network of the pods "
+
+source check-available-commands.sh
+checkCommandsAvailable kubectl jq 
+echo "executing kubectl get endpoints kubernetes -o json | jq '.subsets[0].addresses[0].ip'"
+IP_ENDPOINT_STRING=$(kubectl get endpoints kubernetes -o json | jq '.subsets[0].addresses[0].ip')
+echo "We will base our CIDR on $IP_ENDPOINT_STRING  "
+IP_ENDPOINT="${IP_ENDPOINT_STRING//\"/}"
+echo $IP_ENDPOINT
+IFS=. ; set -- $IP_ENDPOINT
+CIDR="$1.$2.0.0/16"
+echo "We will use CIDR = ${CIDR}"
+
 for NAMESPACE in `kubectl get ns | grep t- |  awk '{print $1;}'`
 do
   sleep 1;
   echo "Deployoing fix for $NAMESPACE 🚀"
-  CIDR = "172.16.0.0/16"
   echo "IP whitelist set to cidr = $CIDR"
   kubectl delete networkpolicy access-kubectl-from-virtualdeskop -n $NAMESPACE 
   cat <<EOF | kubectl create -f -