shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-30 15:37:44 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cac31754bb4d3876b39ba93e8266e47d74f8d0e4
auricom-home-cluster/cluster/apps/secret-reflector/secret-reflector.yaml
Renovate Bot 0aa11d6ff4 fix(images): update ghcr.io/k8s-at-home/kubectl to v1.23.1 
Signed-off-by: auricom <27022259+auricom@users.noreply.github.com>
2021-12-16 23:38:06 +01:00

51 lines
2.6 KiB
YAML
Raw Blame History

---
apiVersion: batch/v1
kind: CronJob
metadata:
name: secret-reflector
namespace: kube-system
spec:
schedule: "0 */12 * * *"
jobTemplate:
spec:
backoffLimit: 0
template:
spec:
serviceAccountName: secret-reflector
containers:
- name: secret-reflector
image: ghcr.io/k8s-at-home/kubectl:v1.23.1
command:
- "/bin/sh"
- "-ec"
- |
set -o nounset
set -o errexit
# space delimited secrets to copy
secrets="${SECRET_CLUSTER_CERTIFICATE_DEFAULT} regcred drone-pipelines"
# source namespace to reflect secret from
namespace_source="networking"
# space delimited namespace where to reflect the secrets to
namespace_destination="data development home-automation media monitoring rook-ceph"
for secret in $secrets; do
secret_source_content=$(kubectl get secret $secret -n $namespace_source -o json | jq 'del(.metadata.managedFields, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.annotations)')
secret_source_checksum=$(printf '%s' "$secret_source_content" | jq 'del(.metadata.namespace)' | md5sum | awk '{ print $1 }')
for namespace in $namespace_destination; do
if kubectl get secret $secret -n $namespace >/dev/null 2>&1; then
secret_dest_content=$(kubectl get secret $secret -n $namespace -o json | jq 'del(.metadata.managedFields, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.annotations)')
secret_dest_checksum=$(printf '%s' "$secret_dest_content" | jq 'del(.metadata.namespace)' | md5sum | awk '{ print $1 }')
if [ "$secret_source_checksum" != "$secret_dest_checksum" ]; then
printf '%s' "$secret_source_content" | \
jq -r --arg namespace $namespace '.metadata.namespace = $namespace' | \
kubectl replace -n $namespace -f -
fi
else
printf '%s' "$secret_source_content" | \
jq -r --arg namespace $namespace '.metadata.namespace = $namespace' | \
kubectl apply -n $namespace -f -
fi
done
done
restartPolicy: OnFailure
Reference in New Issue View Git Blame Copy Permalink