From 7ba40ae6dac29cc581937c268aab66535ee1d60c Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Fri, 2 Feb 2024 16:44:03 -0600 Subject: [PATCH] feat: add some helper scripts for OpenStack Helm These scripts help deal with OpenStack Helm and it's quirky usage of helm charts and secrets, which can't really be externalized. --- scripts/openstack-helm-depend-sync.sh | 3 ++ scripts/openstack-helm-sealed-secrets.sh | 39 ++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100755 scripts/openstack-helm-depend-sync.sh create mode 100755 scripts/openstack-helm-sealed-secrets.sh diff --git a/scripts/openstack-helm-depend-sync.sh b/scripts/openstack-helm-depend-sync.sh new file mode 100755 index 000000000..18dba086f --- /dev/null +++ b/scripts/openstack-helm-depend-sync.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +cd $(git rev-parse --show-toplevel)/openstack-helm && helm dep up "$1" diff --git a/scripts/openstack-helm-sealed-secrets.sh b/scripts/openstack-helm-sealed-secrets.sh new file mode 100755 index 000000000..e05742552 --- /dev/null +++ b/scripts/openstack-helm-sealed-secrets.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# function to process each YAML file +process_yaml() { + kind=$(echo "$1" | yq e '.kind') + if [[ "${kind}" == "Secret" ]]; then + # its a match, encrypt it + echo "$1" | \ + kubeseal \ + --scope cluster-wide \ + --allow-empty-data \ + -o yaml + else + # not a match just output it + echo "---" + echo "$1" + fi +} + +NL=$'\n' + +# read the stream from stdin and break up each YAML doc +yaml_acc="" +while IFS= read -r line; do + if [[ $line =~ ^---$ ]]; then + # process each YAML file + if [[ -n $yaml_acc ]]; then + process_yaml "$yaml_acc" + yaml_acc="" + fi + else + # accumulate the lines of the current YAML doc + yaml_acc+="${line}${NL}" + + fi +done + +# process the last one +[[ -n $yaml_acc ]] && process_yaml "$yaml_acc"