fix: improve argocd secret handling
This commit is contained in:
parent
94dd2f395e
commit
01832f2e41
@ -44,10 +44,21 @@ function field_manager() {
|
||||
}
|
||||
|
||||
|
||||
function get_kubezero_secret() {
|
||||
export _key="$1"
|
||||
function get_secret_val() {
|
||||
local ns=$1
|
||||
local secret=$2
|
||||
local val=$(kubectl get secret -n $ns $secret -o yaml | yq ".data.\"$3\"")
|
||||
|
||||
kubectl get secrets -n kubezero kubezero-secrets -o yaml | yq '.data.[env(_key)]' | base64 -d -w0
|
||||
if [ "$val" != "null" ]; then
|
||||
echo -n $val | base64 -d -w0
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function get_kubezero_secret() {
|
||||
get_secret_val kubezero kubezero-secrets "$1"
|
||||
}
|
||||
|
||||
|
||||
@ -55,7 +66,9 @@ function set_kubezero_secret() {
|
||||
local key="$1"
|
||||
local val="$2"
|
||||
|
||||
kubectl patch secret -n kubezero kubezero-secrets --patch="{\"data\": { \"$key\": \"$(echo -n $val |base64 -w0)\" }}"
|
||||
if [ -n "$val" ]; then
|
||||
kubectl patch secret -n kubezero kubezero-secrets --patch="{\"data\": { \"$key\": \"$(echo -n $val |base64 -w0)\" }}"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -139,7 +152,7 @@ function delete_ns() {
|
||||
|
||||
# Extract crds via helm calls
|
||||
function crds() {
|
||||
helm secrets --evaluate-templates template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --include-crds -f $WORKDIR/values.yaml $API_VERSIONS --kube-version $KUBE_VERSION $@ | python3 -c '
|
||||
helm template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --include-crds -f $WORKDIR/values.yaml $API_VERSIONS --kube-version $KUBE_VERSION $@ | python3 -c '
|
||||
#!/usr/bin/python3
|
||||
import yaml
|
||||
import sys
|
||||
|
||||
8
charts/kubezero-argo/hooks.d/pre-install.sh
Normal file → Executable file
8
charts/kubezero-argo/hooks.d/pre-install.sh
Normal file → Executable file
@ -6,16 +6,16 @@ kubectl get application kubezero-git-sync -n argocd || \
|
||||
PW=$(get_kubezero_secret argo-cd.adminPassword)
|
||||
if [ -z "$PW" ]; then
|
||||
# Check for existing password in actual secret
|
||||
NEW_PW=$(kubectl get secret argocd-secret -n argocd -o yaml | yq '.data."admin.password"')
|
||||
NEW_PW=$(get_secret_val argocd argocd-secret "admin.password")
|
||||
|
||||
if [ "$NEW_PW" == "null" ];then
|
||||
if [ -z "$NEW_PW" ];then
|
||||
ARGO_PWD=$(date +%s | sha256sum | base64 | head -c 12 ; echo)
|
||||
NEW_PW=$(htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/' | base64 -w0)
|
||||
NEW_PW=$(htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/')
|
||||
|
||||
set_kubezero_secret argo-cd.adminPasswordClear $ARGO_PWD
|
||||
fi
|
||||
|
||||
set_kubezero_secret argo-cd.adminPassword $NEW_PW
|
||||
set_kubezero_secret argo-cd.adminPassword "$NEW_PW"
|
||||
fi
|
||||
|
||||
# GitSync privateKey
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user