#!/bin/bash # Copyright 2015 The Kubernetes Authors All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # TODO: This loop updates authorized networks even if nothing has changed. It # should only send updates if something changes. We should be able to do # this by comparing pod creation time with the last scan time. while true; do hostport="https://kubernetes.default.cluster.local" token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) path="api/v1beta3/pods" query="labels=$SELECTOR" # TODO: load in the CAS cert when we distributed it on all platforms. ips_json=`curl ${hostport}/${path}?${query} --insecure --header "Authorization: Bearer ${token}" 2>/dev/null | grep hostIP` ips=`echo $ips_json | cut -d'"' -f 4 | sed 's/,$//'` echo "Adding IPs $ips" gcloud sql instances patch $CLOUDSQL_DB --authorized-networks $ips sleep 10 done