diff --git a/scripts/CEE/delete-pod/README.md b/scripts/CEE/delete-pod/README.md new file mode 100644 index 00000000..01672f15 --- /dev/null +++ b/scripts/CEE/delete-pod/README.md @@ -0,0 +1,23 @@ +# Delete Openshift Pod Script + +## Purpose + +This script is designed to delete a pod from OpenShift cluster core namespace. + +## Usage + +Parameters: +- POD_NAME: Name of pod to delete. +- NAMESPACE: Namespace name where por to delete is running, must start with openshift-*. +- FLAGS: Optional flags, currently only accepts --force. + +```bash +ocm backplane managedjob create CEE/delete-pod -p POD_NAME: dns-default-h7l2w -p NAMESPACE=openshift-dns -p FLAGS="--force" +``` + +## Important Notes + +- The script utilizes the `oc` command-line tool, and the user running the script should have the necessary permissions to access the cluster. +- Ensure that the required tools (`oc`) are available in the environment where the script is executed. +- The script requires pod to be bound to a replicaset. Otherwise pod cannot be deleted. +- The script provides force flag to bypass replicaset check. \ No newline at end of file diff --git a/scripts/CEE/delete-pod/metadata.yaml b/scripts/CEE/delete-pod/metadata.yaml new file mode 100644 index 00000000..f6c4b98f --- /dev/null +++ b/scripts/CEE/delete-pod/metadata.yaml @@ -0,0 +1,31 @@ +file: script.sh +name: delete-pod +shortDescription: Deletes a pod from openshift namespace +description: Deletes a single pod from openshift's reserved namespace. +author: Alex Volkov +allowedGroups: + - SREP + - MCSTierTwo +rbac: + clusterRoleRules: + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "delete" + - "get" + +envs: +- key: POD_NAME + description: Name of the pod to delete + optional: false +- key: NAMESPACE + description: Namespace name where pod to delete is running, must start with openshift-* + optional: false +- key: FLAGS + description: Flag to bypass ReplicaSet validation + optional: true + +language: bash +customerDataAccess: false diff --git a/scripts/CEE/delete-pod/script.sh b/scripts/CEE/delete-pod/script.sh new file mode 100755 index 00000000..d5ab46a3 --- /dev/null +++ b/scripts/CEE/delete-pod/script.sh @@ -0,0 +1,73 @@ +#!/bin/bash + +set -e +set -o errexit +set -o nounset +set -o pipefail + +## Input validation +if ! declare -p FLAGS &>/dev/null || [[ -z "${FLAGS}" ]]; then + FLAGS="" +fi + +# If --force is in FLAGS, set FORCE_FLAG to true +FORCE_FLAG=false +if [[ "$FLAGS" =~ --force ]]; then + FORCE_FLAG=true +fi + +if [[ -z "${POD_NAME:-}" ]]; then + echo 'Variable POD_NAME cannot be blank' + exit 1 +fi + +if [[ -z "${NAMESPACE:-}" ]]; then + echo 'Variable NAMESPACE cannot be blank' + exit 1 +fi + +### Check namespace is "openshift-*" +if [[ ! "$NAMESPACE" =~ ^openshift-.*$ ]]; then + echo "The namespace must start with 'openshift-'" + exit 1 +fi + +## Validate if pod is owned by a replicaset +check_owned_by_replicaset(){ + echo -e "\n[INFO] Checking replicaset owning the pod \"${POD_NAME}\" from \"${NAMESPACE}\" namespace." + + local owner_kind + owner_kind=$(oc get pod "$POD_NAME" -n "$NAMESPACE" -o jsonpath='{.metadata.ownerReferences[0].kind}' 2>/dev/null || echo "") + + if [[ "$owner_kind" == "ReplicaSet" ]]; then + echo "[INFO] Pod '${POD_NAME}' is owned by a ReplicaSet." + else + echo "[WARN] Pod '${POD_NAME}' is not owned by a ReplicaSet." + + if [[ "$FORCE_FLAG" != true ]]; then + echo "[ERROR] Deletion blocked. Use --force to override." >&2 + exit 1 + else + echo "[INFO] --force flag detected. Proceeding with deletion." + fi + fi +} + +## Delete pod +delete_pod(){ + echo -e "\n[INFO] Deleting pod \"${POD_NAME}\" from \"${NAMESPACE}\" namespace." + oc delete pod "$POD_NAME" -n "$NAMESPACE" + + if [ $? -eq 0 ]; then + echo -e "\n[SUCCESS] Pod '$POD_NAME' successfully deleted from namespace '$NAMESPACE'." + else + echo -e "\n[ERROR] Failed to delete pod '$POD_NAME' from namespace '$NAMESPACE'." + fi +} + +main(){ + check_owned_by_replicaset + delete_pod +} + +main \ No newline at end of file