shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-10-02 08:47:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5a7f11ca4e792371d518e9bd80d0c0e3b51dac1
auricom-home-cluster/cluster/apps/networking/secret-reflector/cronjob.yaml
auricom 22f15f4643 feat: add secret-reflector
2021-04-17 12:15:18 +02:00

49 lines
2.5 KiB
YAML
Raw Blame History

---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: secret-reflector
namespace: networking
spec:
schedule: "0 0 */2 * *"
jobTemplate:
spec:
template:
spec:
serviceAccountName: sa-secret-reflector
containers:
- name: secret-reflector
image: bitnami/kubectl:1.21.0
command:
- "/bin/sh"
- "-ec"
- |
set -o nounset
set -o errexit
# space delimited secrets to copy
SECRETS=$(kubectl get secrets -n networking | grep -i tls | awk '{print $1}')
# source namespace to reflect secret from
NAMESPACE_SOURCE="networking"
# space delimited namespace where to reflect the secrets to
NAMESPACE_DEST="kasten-io"
for secret in ${SECRETS}; do
secret_source_content="$(kubectl get secret "${secret}" -n "${NAMESPACE_SOURCE}" -o json | jq 'del(.metadata.managedFields, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid)')"
secret_source_checksum="$(echo "${secret_source_content}" | jq 'del(.metadata.namespace)' | md5sum | awk '{ print $1 }')"
for namespace in ${NAMESPACE_DEST}; do
if kubectl get secret "${secret}" -n "${namespace}" >/dev/null 2>&1; then
secret_dest_content="$(kubectl get secret "${secret}" -n "${namespace}" -o json | jq 'del(.metadata.managedFields, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid)')"
secret_dest_checksum="$(echo "${secret_dest_content}" | jq 'del(.metadata.namespace)' | md5sum | awk '{ print $1 }')"
if [ "${secret_source_checksum}" != "${secret_dest_checksum}" ]; then
echo "${secret_source_content}" | \
jq -r --arg namespace "$namespace" '.metadata.namespace = $namespace' | \
kubectl replace -n "${namespace}" -f -
fi
else
echo "${secret_source_content}" | \
jq -r --arg namespace "$namespace" '.metadata.namespace = $namespace' | \
kubectl apply -n "${namespace}" -f -
fi
done
done
restartPolicy: OnFailure
Reference in New Issue View Git Blame Copy Permalink