-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.rb
executable file
·182 lines (141 loc) · 4.58 KB
/
app.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
#!/usr/bin/env ruby
# PUT zones/:zone_identifier/dns_records/:identifier
require 'http'
require 'json'
def debug? = ENV['DEBUG_OUTPUT'] =~ /[Yy]/
def debug(msg)
if debug?
puts "[DEBUG]: #{msg}"
end
end
def info(msg)
puts "[INFO]: #{msg}"
end
def warning(msg)
puts "[WARNING]: #{msg}"
end
def error(msg)
puts "[ERROR]: #{msg}"
end
def get_nodes
# In k8s, the ca cert is mounted here:
# /run/secrets/kubernetes.io/serviceaccount/ca.crt
# In dev, ca cert verification can be disabled
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
#ctx.ca_file = '/run/secrets/kubernetes.io/serviceaccount/ca.crt'
resp = HTTP
.auth("Bearer #{k8s_token}")
.headers(accept: 'application/json')
.headers('content-type': 'application/json')
.get("https://kubernetes.default.svc/api/v1/nodes", ssl_context: ctx)
.body
JSON.parse(resp)
end
def get_node_ips
get_nodes()["items"].map do |item|
item['status']['addresses'].select { |a| a['type'] == 'ExternalIP' }.map { |a| a['address'] }
end.flatten
end
def get_a_records
resp = HTTP
.auth("Bearer #{cf_token}")
.headers(accept: 'application/json')
.headers('content-type': 'application/json')
.get("https://api.cloudflare.com/client/v4/zones/#{zone_id}/dns_records?name=#{full_hostname}&type=A")
.body
js = JSON.parse(resp)
if js["success"] == false
error("Cloudflare API call failed. Cloudflare returned:")
error(JSON.pretty_unparse(js))
if js["errors"][0]["code"] == 10000
error("Cloudflare Authentication failed. Double check the CF_TOKEN value")
exit 1
end
end
js
end
def relevant_a_records
get_a_records['result']
.select { |a_record| a_record['name'] =~ /^#{hostname}/i }
.map { |a_record| a_record['content'] }
end
def create_a_record(ip:)
# POST zones/:zone_identifier/dns_records
info "Creating A record for IP #{ip}"
result = HTTP
.auth("Bearer #{cf_token}")
.headers(accept: 'application/json')
.headers('content-type': 'application/json')
.post("https://api.cloudflare.com/client/v4/zones/#{zone_id}/dns_records", json: {
type: "A",
name: hostname,
content: ip,
ttl: '1',
proxied: false
})
.body
info("Creation result: #{result}")
end
def remove_a_record(ip:)
info "Removing A record for IP #{ip}"
debug "Retrieving ID for A record for IP #{ip}"
# First get the record's ID
# TODO: Limit search to cvh-staging.ameelio.org
resp = HTTP
.auth("Bearer #{cf_token}")
.headers(accept: 'application/json')
.headers('content-type': 'application/json')
.get("https://api.cloudflare.com/client/v4/zones/#{zone_id}/dns_records?type=A&match=all&content=#{ip}&name=#{full_hostname}")
.body
debug "Parsing ID for A record for IP #{ip}"
record = JSON.parse(resp)['result']
.select { |a_record| a_record['content'] == ip }
.first
id = record['id']
debug "Parsed ID for A record for IP #{ip}. ID is '#{id}'"
# DELETE zones/:zone_identifier/dns_records/:identifier
result = HTTP
.auth("Bearer #{cf_token}")
.headers(accept: 'application/json')
.headers('content-type': 'application/json')
.delete("https://api.cloudflare.com/client/v4/zones/#{zone_id}/dns_records/#{id}")
.body
info("Removal result: #{result}")
end
def read_k8s_token = File.read('/var/run/secrets/kubernetes.io/serviceaccount/token')
def k8s_token
$k8s_token ||= read_k8s_token
$k8s_token
end
def cf_token = ENV['CF_TOKEN']
def hostname = ENV['HOSTNAME']
def domain = ENV['DOMAIN']
def full_hostname = "#{hostname}.#{domain}"
def zone_id = ENV['ZONE_ID']
def cf_auth_email = ENV['CF_AUTH_EMAIL']
def cf_auth_key = ENV['CF_AUTH_KEY']
def main(args)
info("Starting Cloudflare updater cycle")
info("- Start time: #{`date`}")
info("- Hostname: #{hostname}")
info("- Domain: #{domain}")
info("- Full Hostname: #{full_hostname}")
info("- Zone ID: #{zone_id}")
# Get the IP addresses for all the nodes in our cluster
node_ips = get_node_ips
info("Successfully Retrieved node_ips: #{node_ips}")
# Get all A records from Cloudflare
cf_a_records = relevant_a_records
info("Successfully Retrieved relevant A records from Cloudflare: #{cf_a_records}")
node_ips.each do |node_ip|
# If there's not an A record for this IP already, add it
create_a_record(ip: node_ip) unless cf_a_records.include?(node_ip)
end
cf_a_records.each do |a_record|
# If there's not a node corresponding to this IP, remove it
remove_a_record(ip: a_record) unless node_ips.include?(a_record)
end
info("Finished Cloudflare updater cycle")
end
main ARGV