truestuff/foreach-secret.sh

#! /usr/bin/env bash
set -e

if [[ $# -lt 1 ]]; then
    MYNAME="$(basename $0)"
    cat - <<USAGE
$MYNAME
Grab dns-ingress tls certs from local k3s secrets and copy over to
szdocker's adguard

Usage:
    $MYNAME <app-name> [<secret-name> [cmdline with \$FILE receiving content]]

Example:
    $MYNAME dns-ingress external-service-tls-0 '{ 
        echo /opt/adguardhome/conf/\$FILE;
        ssh szdocker@szdocker.lan sudo tee /srv/containeriszed/0.local/adguardhome/conf/\$FILE > /dev/null;
    }'

Arguments
    app-name    - name of the ix-app
    secret-name - name of the secret, when ommitted, a sorted list of
                  secrets will be listed
    cmdline...  - Command to run on the secret, \$FILE will be the
                  secret name, where stdin will contain the content of
                  the secret

USAGE
    false
else
    APPNAME="${1}"
    NS="--namespace=ix-${APPNAME:?Appname was not specified}"
    if [[ -z "${2}" ]]; then
        # shellcheck disable=SC2086 # ${NS} unqouted on purpose
        k3s kubectl get secrets ${NS} | sort
        exit
    fi
    SECRETNAME="${APPNAME}-${2}"
    PIPECMD="${*:3}"
    PIPECMD="${PIPECMD:-cat -}"
    # shellcheck disable=SC2086 # ${NS} unqouted on purpose
    mapfile -t FILES < <(k3s kubectl get secrets ${NS} "${SECRETNAME}" --output=json | jq -r '.data | keys[]')
    for FILE in "${FILES[@]}"; do
        # shellcheck disable=SC2086 # ${NS} and $PIPECMD unqouted on purpose
        k3s kubectl get secrets ${NS} "${SECRETNAME}" --output=json | jq -r '.data["'"${FILE}"'"] | @base64d' | eval $PIPECMD
    done
fi
Some more goodies fix-kubectl - updated tool versions foreach-secret - a tool to export an ix-app's secret, executing a command line on the content. Was created to periodically update AdGuard Home HTTPS certificate over SSH. show-console - designed to be executed with `watch`: `sudo watch ./show-console.sh' Will output what is shown on the console. 2024-02-05 17:11:00 +00:00			`#! /usr/bin/env bash`
			`set -e`

			`if [[ $# -lt 1 ]]; then`
			`MYNAME="$(basename $0)"`
			`cat - <<USAGE`
			`$MYNAME`
			`Grab dns-ingress tls certs from local k3s secrets and copy over to`
			`szdocker's adguard`

			`Usage:`
			`$MYNAME <app-name> [<secret-name> [cmdline with \$FILE receiving content]]`

			`Example:`
			`$MYNAME dns-ingress external-service-tls-0 '{`
			`echo /opt/adguardhome/conf/\$FILE;`
			`ssh szdocker@szdocker.lan sudo tee /srv/containeriszed/0.local/adguardhome/conf/\$FILE > /dev/null;`
			`}'`

			`Arguments`
			`app-name - name of the ix-app`
			`secret-name - name of the secret, when ommitted, a sorted list of`
			`secrets will be listed`
			`cmdline... - Command to run on the secret, \$FILE will be the`
			`secret name, where stdin will contain the content of`
			`the secret`

			`USAGE`
			`false`
			`else`
			`APPNAME="${1}"`
			`NS="--namespace=ix-${APPNAME:?Appname was not specified}"`
			`if [[ -z "${2}" ]]; then`
			`# shellcheck disable=SC2086 # ${NS} unqouted on purpose`
			`k3s kubectl get secrets ${NS} \| sort`
			`exit`
			`fi`
			`SECRETNAME="${APPNAME}-${2}"`
			`PIPECMD="${*:3}"`
			`PIPECMD="${PIPECMD:-cat -}"`
			`# shellcheck disable=SC2086 # ${NS} unqouted on purpose`
			`mapfile -t FILES < <(k3s kubectl get secrets ${NS} "${SECRETNAME}" --output=json \| jq -r '.data \| keys[]')`
			`for FILE in "${FILES[@]}"; do`
			`# shellcheck disable=SC2086 # ${NS} and $PIPECMD unqouted on purpose`
			`k3s kubectl get secrets ${NS} "${SECRETNAME}" --output=json \| jq -r '.data["'"${FILE}"'"] \| @base64d' \| eval $PIPECMD`
			`done`
			`fi`