Skip to content
Snippets Groups Projects
Select Git revision
  • 3eef04c32df5a29792593edc103b747a4be726be
  • main default protected
2 results

adopt-secrets.sh

Blame
    • Forked from stackspin / stackspin-flux-example
    Source project has a limited visibility.
    adopt-secrets.sh 2.22 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51 
    

    

    

    #!/bin/bash
# Copied from Stackspin with slight adjustment to include all new secrets
set -o errexit
secrets=$(kubectl get -A 'stringsecrets.v1alpha1.secretgenerator.mittwald.de' | tail +2 | awk '{print $2}' | paste -s -d ' ')
for secret in $secrets
do
  echo "Processing secret $secret"
  if currentRefs=$(kubectl get secret -n flux-system $secret -o jsonpath={.metadata.ownerReferences})
  then
    if [ -n "$currentRefs" ]
    then
      echo "There are refs set already, skip."
      continue
    fi

    uid=$(kubectl get stringsecret -n flux-system $secret -o jsonpath={.metadata.uid})
    echo "Patching to add owner reference to StringSecret with uid $uid"
    kubectl patch secret -n flux-system $secret --patch="{\"metadata\":{\"ownerReferences\":[{\"apiVersion\":\"secretgenerator.mittwald.de/v1alpha1\",\"blockOwnerDeletion\":true,\"controller\":true,\"kind\":\"StringSecret\",\"name\":\"$secret\",\"uid\":\"$uid\"}]}}"
  else
    echo "Secret does not exist; perhaps this is a new install or the app is not installed. Skipping."
  fi
done

secrets="stackspin-alertmanager-basic-auth stackspin-prometheus-basic-auth"
for secret in $secrets
do
  echo "Processing secret $secret"
  if currentRefs=$(kubectl get secret -n stackspin $secret -o jsonpath={.metadata.ownerReferences})
  then
    if [ -n "$currentRefs" ]
    then
      echo "There are refs set already, skip."
      continue
    fi

    uid=$(kubectl get basicauth -n stackspin $secret -o jsonpath={.metadata.uid})
    echo "Patching to add owner reference to BasicAuth with uid $uid"
    kubectl patch secret -n stackspin $secret --patch="{\"metadata\":{\"ownerReferences\":[{\"apiVersion\":\"secretgenerator.mittwald.de/v1alpha1\",\"blockOwnerDeletion\":true,\"controller\":true,\"kind\":\"BasicAuth\",\"name\":\"$secret\",\"uid\":\"$uid\"}]}}"
  else
    echo "Secret does not exist; perhaps this is a new install or the app is not installed. Skipping."
  fi
done

echo "Done patching secrets."
echo "Restarting secrets controller."
if ! kubectl rollout restart deploy -n secrets-controller secrets-controller-kubernetes-secret-generator
then
  echo "Restarting failed. Possibly this is a new install and the secrets controller is not installed yet. Ignoring."
fi
echo "adopt-secrets completed"