Secret update k8s
Jump to navigation
Jump to search
OK
kubectl create secret generic ssl-certs --from-file=ca-certificates.crt=./etc-ssl-certs/ca-certificates.crt --save-config --dry-run=client -o yaml | kubectl apply --server-side=true -f -
Better
TLS_KEY=$(base64 < "./tls.key" | tr -d '\n')
TLS_CRT=$(base64 < "./tls.crt" | tr -d '\n')
kubectl get secrets production-tls -o json \
| jq ".data[\"tls.key\"] |= \"$TLS_KEY\"" \
| jq ".data[\"tls.crt\"] |= \"$TLS_CRT\"" \
| kubectl apply -f -
Patch
kubectl \
patch \
secret \
production-tls \
-p "{\"data\":{\"tls.key\":\"${TLS_KEY}\",\"tls.crt\":\"${TLS_CRT}\"}}"
Foo
#!/bin/bash
SECRET_NAME="your-secret-name"
NAMESPACE="your-namespace"
DATA_FILE="your-data-file.yaml"
# Generate a hash of the new data
new_hash=$(shasum -a 256 "$DATA_FILE" | cut -d ' ' -f1)
# Get the current hash from the existing secret (if it exists)
existing_hash=$(kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" -o jsonpath='{.data.hash}' || echo "")
# Compare the hashes
if [ "$new_hash" != "$existing_hash" ]; then
echo "Data has changed. Updating secret..."
# Apply the updated secret
kubectl apply -f "$DATA_FILE" -n "$NAMESPACE"
# Update the hash in the secret
kubectl patch secret "$SECRET_NAME" -n "$NAMESPACE" -p '{"data":{"hash":"'$(echo -n $new_hash | base64)'"}}'
else
echo "Data has not changed. No update needed."
fi