GARAGENUM
/
DevOps-Bash-tools
mirror of https://github.com/HariSekhon/DevOps-Bash-tools
13
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
gh-pages
ccmenu
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8c21abf3db'
${ noResults }
DevOps-Bash-tools/kubernetes/kubectl_secrets_annotate_to...

76 lines
2.0 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# vim:ts=4:sts=4:sw=4:et
#
# Author: Hari Sekhon
# Date: 2022-07-29 19:15:08 +0100 (Fri, 29 Jul 2022)
#
# https://github.com/HariSekhon/DevOps-Bash-tools
#
# License: see accompanying Hari Sekhon LICENSE file
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
# https://www.linkedin.com/in/HariSekhon
#
set -euo pipefail
[ -n "${DEBUG:-}" ] && set -x
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck disable=SC1090,SC1091
. "$srcdir/lib/utils.sh"
# shellcheck disable=SC1090,SC1091
. "$srcdir/lib/kubernetes.sh"
# shellcheck disable=SC2034,SC2154
usage_description="
Annotate all secrets in the current or given namespace to allow Sealed Secret overwrite
Useful to fix update conflicts in ArgoCD where the sealed secret can't be unmapped
This is usually done as part of the migration script kubernetes_secrets_to_sealed_secrets.sh but if reapplying or updating secrets then this may be needed
See Also:
kubernetes_secret_to_sealed_secret.sh
kubernetes_secrets_to_sealed_secrets.sh
kubectl_secrets_download.sh (to take a backup of secrets first)
Requires kubectl to be in the \$PATH and configured
"
# used by usage() in lib/utils.sh
# shellcheck disable=SC2034
usage_args="[<namespace> <context>]"
help_usage "$@"
#min_args 1 "$@"
namespace="${1:-}"
context="${2:-}"
kube_config_isolate
if [ -n "$context" ]; then
kube_context "$context"
fi
if [ -n "$namespace" ]; then
kube_namespace "$namespace"
fi
kubectl get secrets |
# don't touch the default generated service account tokens for safety
grep -v kubernetes.io/service-account-token |
# remove header
grep -v '^NAME[[:space:]]' |
awk '{print $1}' |
while read -r secret; do
timestamp "Annotating secret '$secret' to be managed by sealed-secrets controller"
kubectl annotate secrets "$secret" 'sealedsecrets.bitnami.com/managed=true' --overwrite
echo
done
timestamp Done
Reference in New Issue View Git Blame Copy Permalink