-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathsealed_secrets.sh
61 lines (52 loc) · 1.78 KB
/
sealed_secrets.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/bash
SEALED_SECRETS_FOLDER="${GIT_ROOT}/components/operators/sealed-secrets-operator/operator/overlays/default"
SEALED_SECRETS_SECRET="${GIT_ROOT}/bootstrap/sealed-secrets-secret.yaml"
sealed_secret_create(){
read -r -p "Create NEW [${SEALED_SECRETS_SECRET}]? [y/N] " input
case $input in
[yY][eE][sS]|[yY])
oc apply -k "${SEALED_SECRETS_FOLDER}"
# sanity check
[ -e "${SEALED_SECRETS_SECRET}" ] && return
# TODO: explore using openssl
# oc -n sealed-secrets -o yaml \
# create secret generic
# just wait for it
k8s_wait_for_crd sealedsecrets.bitnami.com
oc -n sealed-secrets \
rollout status deployment sealed-secrets-controller
sleep 10
oc -n sealed-secrets \
-o yaml \
get secret \
-l sealedsecrets.bitnami.com/sealed-secrets-key=active \
> "${SEALED_SECRETS_SECRET}"
;;
[nN][oO]|[nN])
echo
;;
*)
echo
echo "!!NOTICE!!: Cluster automation MAY NOT WORK w/o a valid sealed secret"
echo "Choosing NO may have unintended results - see docs for more info"
echo "Contact a repo MAINTINAER to get a current sealed secrets key"
echo
echo 'You must choose yes or no to continue'
echo
sealed_secret_create
;;
esac
}
sealed_secret_check(){
if [ -f "${SEALED_SECRETS_SECRET}" ]; then
echo "Exists: ${SEALED_SECRETS_SECRET}"
oc apply -f "${SEALED_SECRETS_FOLDER}/namespace.yaml"
oc apply -f "${SEALED_SECRETS_SECRET}" || return 0
oc apply -k "${SEALED_SECRETS_FOLDER}"
else
echo "Missing: ${SEALED_SECRETS_SECRET}"
echo "The master key is required to bootstrap sealed secrets and CANNOT be checked into git."
echo
[ -n "${NON_INTERACTIVE}" ] || sealed_secret_create
fi
}