4 years ago · a03ab14e21
parent aca178e540
commit a03ab14e21
1 changed files with 10 additions and 12 deletions
--- a/gcp_secrets_to_kubernetes.sh
+++ b/gcp_secrets_to_kubernetes.sh
@ -54,6 +54,12 @@ mkdir -pv "$(dirname "$kubeconfig")"
 cp -f "${KUBECONFIG:-$HOME/.kube/config}" "$kubeconfig"
 export KUBECONFIG="$kubeconfig"

+# there's no -o jsonpath / -o namespace / -o cluster as of Kubernetes 1.15 so have to just print columns
+kubectl_context="$(kubectl config get-contexts "$(kubectl config current-context)" --no-headers)"
+current_cluster="$(awk '{print $3}' <<< "$kubectl_context")"
+current_namespace="$(awk '{print $5}' <<< "$kubectl_context")"
+current_namespace="${current_namespace:-default}"
+
 get_latest_secret_version(){
    local secret="$1"
    gcloud secrets versions list "$secret" --filter='state = enabled' --format='value(name)' |
@ -64,29 +70,21 @@ get_latest_secret_version(){
 load_secret(){
    local secret="$1"
    local namespace
-    local namespace_opt
    namespace="$(gcloud secrets describe "$secret" --format='get(labels.kubernetes-namespace)')"
-    if [ -n "$namespace" ]; then
-        namespace_opt=("-n" "$namespace")
-    fi
-    if kubectl get secret "$secret" "${namespace_opt[@]}" &>/dev/null; then
+    namespace="${namespace:-$current_namespace}"
+    if kubectl get secret "$secret" -n "$namespace" &>/dev/null; then
        timestamp "kubernetes secret '$secret' already exists in namespace '$namespace', skipping creation..."
        return
    fi
    latest_version="$(get_latest_secret_version "$secret")"
    value="$(gcloud secrets versions access "$latest_version" --secret="$secret")"
-    timestamp "creating secret '$secret' in namespace '${namespace:-$current_namespace}'"
+    timestamp "creating secret '$secret' in namespace '$namespace'"
    # kubectl create secret automatically base64 encodes the $value
    # if you did this in yaml you'd have to base64 encode it yourself in the yaml
    #         could alternatively make this --from-literal="value=$value"
-    kubectl create secret generic "$secret" --from-literal="$secret=$value" "${namespace_opt[@]}"
+    kubectl create secret generic "$secret" --from-literal="$secret=$value" -n "$namespace"
 }

-# there's no -o jsonpath / -o namespace / -o cluster as of Kubernetes 1.15 so have to just print columns
-kubectl_context="$(kubectl config get-contexts "$(kubectl config current-context)" --no-headers)"
-current_cluster="$(awk '{print $3}' <<< "$kubectl_context")"
-current_namespace="$(awk '{print $5}' <<< "$kubectl_context")"
-
 if [ $# -gt 0 ]; then
    for arg; do
        load_secret "$arg"