truestuff/foreach-secret.sh

48 lines
1.6 KiB
Bash
Raw Normal View History

#! /usr/bin/env bash
set -e
if [[ $# -lt 1 ]]; then
MYNAME="$(basename $0)"
cat - <<USAGE
$MYNAME
Grab dns-ingress tls certs from local k3s secrets and copy over to
szdocker's adguard
Usage:
$MYNAME <app-name> [<secret-name> [cmdline with \$FILE receiving content]]
Example:
$MYNAME dns-ingress external-service-tls-0 '{
echo /opt/adguardhome/conf/\$FILE;
ssh szdocker@szdocker.lan sudo tee /srv/containeriszed/0.local/adguardhome/conf/\$FILE > /dev/null;
}'
Arguments
app-name - name of the ix-app
secret-name - name of the secret, when ommitted, a sorted list of
secrets will be listed
cmdline... - Command to run on the secret, \$FILE will be the
secret name, where stdin will contain the content of
the secret
USAGE
false
else
APPNAME="${1}"
NS="--namespace=ix-${APPNAME:?Appname was not specified}"
if [[ -z "${2}" ]]; then
# shellcheck disable=SC2086 # ${NS} unqouted on purpose
k3s kubectl get secrets ${NS} | sort
exit
fi
SECRETNAME="${APPNAME}-${2}"
PIPECMD="${*:3}"
PIPECMD="${PIPECMD:-cat -}"
# shellcheck disable=SC2086 # ${NS} unqouted on purpose
mapfile -t FILES < <(k3s kubectl get secrets ${NS} "${SECRETNAME}" --output=json | jq -r '.data | keys[]')
for FILE in "${FILES[@]}"; do
# shellcheck disable=SC2086 # ${NS} and $PIPECMD unqouted on purpose
k3s kubectl get secrets ${NS} "${SECRETNAME}" --output=json | jq -r '.data["'"${FILE}"'"] | @base64d' | eval $PIPECMD
done
fi