Difference between revisions of "Secret update k8s"
Jump to navigation
Jump to search
(Created page with "# OK kubectl create secret generic ssl-certs --from-file=ca-certificates.crt=./etc-ssl-certs/ca-certificates.crt --save-config --dry-run=client -o yaml | kubectl apply --serve...") |
|||
| Line 20: | Line 20: | ||
production-tls \ | production-tls \ | ||
-p "{\"data\":{\"tls.key\":\"${TLS_KEY}\",\"tls.crt\":\"${TLS_CRT}\"}}" | -p "{\"data\":{\"tls.key\":\"${TLS_KEY}\",\"tls.crt\":\"${TLS_CRT}\"}}" | ||
| + | ``` | ||
| + | |||
| + | |||
| + | |||
| + | # Foo | ||
| + | ``` | ||
| + | #!/bin/bash | ||
| + | |||
| + | SECRET_NAME="your-secret-name" | ||
| + | NAMESPACE="your-namespace" | ||
| + | DATA_FILE="your-data-file.yaml" | ||
| + | |||
| + | # Generate a hash of the new data | ||
| + | new_hash=$(shasum -a 256 "$DATA_FILE" | cut -d ' ' -f1) | ||
| + | |||
| + | # Get the current hash from the existing secret (if it exists) | ||
| + | existing_hash=$(kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" -o jsonpath='{.data.hash}' || echo "") | ||
| + | |||
| + | # Compare the hashes | ||
| + | if [ "$new_hash" != "$existing_hash" ]; then | ||
| + | echo "Data has changed. Updating secret..." | ||
| + | |||
| + | # Apply the updated secret | ||
| + | kubectl apply -f "$DATA_FILE" -n "$NAMESPACE" | ||
| + | |||
| + | # Update the hash in the secret | ||
| + | kubectl patch secret "$SECRET_NAME" -n "$NAMESPACE" -p '{"data":{"hash":"'$(echo -n $new_hash | base64)'"}}' | ||
| + | else | ||
| + | echo "Data has not changed. No update needed." | ||
| + | fi | ||
``` | ``` | ||
Revision as of 16:41, 28 February 2024
OK
kubectl create secret generic ssl-certs --from-file=ca-certificates.crt=./etc-ssl-certs/ca-certificates.crt --save-config --dry-run=client -o yaml | kubectl apply --server-side=true -f -
Better
TLS_KEY=$(base64 < "./tls.key" | tr -d '\n')
TLS_CRT=$(base64 < "./tls.crt" | tr -d '\n')
kubectl get secrets production-tls -o json \
| jq ".data[\"tls.key\"] |= \"$TLS_KEY\"" \
| jq ".data[\"tls.crt\"] |= \"$TLS_CRT\"" \
| kubectl apply -f -
Patch
kubectl \
patch \
secret \
production-tls \
-p "{\"data\":{\"tls.key\":\"${TLS_KEY}\",\"tls.crt\":\"${TLS_CRT}\"}}"
Foo
#!/bin/bash
SECRET_NAME="your-secret-name"
NAMESPACE="your-namespace"
DATA_FILE="your-data-file.yaml"
# Generate a hash of the new data
new_hash=$(shasum -a 256 "$DATA_FILE" | cut -d ' ' -f1)
# Get the current hash from the existing secret (if it exists)
existing_hash=$(kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" -o jsonpath='{.data.hash}' || echo "")
# Compare the hashes
if [ "$new_hash" != "$existing_hash" ]; then
echo "Data has changed. Updating secret..."
# Apply the updated secret
kubectl apply -f "$DATA_FILE" -n "$NAMESPACE"
# Update the hash in the secret
kubectl patch secret "$SECRET_NAME" -n "$NAMESPACE" -p '{"data":{"hash":"'$(echo -n $new_hash | base64)'"}}'
else
echo "Data has not changed. No update needed."
fi