commit inicial
This commit is contained in:
Milki, Rodrigo Salvador
79
sync-secrets.sh
Executable file
79
sync-secrets.sh
Executable file
@@ -0,0 +1,79 @@
|
||||
#!/bin/bash
|
||||
|
||||
# sync-secrets.sh
|
||||
# Automically updates kustomization resources and deployment patches using yq.
|
||||
|
||||
BASE_DIR="k8s/overlays"
|
||||
SECRETS_DIR="k8s/service-config/Secrets"
|
||||
|
||||
# Determinar qué ambientes procesar
|
||||
if [ -n "$1" ]; then
|
||||
ENVS=("$1")
|
||||
else
|
||||
ENVS=("dev" "qat" "prd" "box")
|
||||
fi
|
||||
|
||||
for ENV in "${ENVS[@]}"; do
|
||||
echo "Processing environment: $ENV..."
|
||||
KUST_FILE="$BASE_DIR/$ENV/kustomization.yaml"
|
||||
PATCH_FILE="$BASE_DIR/$ENV/litellm-patch.yaml"
|
||||
|
||||
if [ ! -f "$KUST_FILE" ]; then
|
||||
echo "Error: Kustomization file not found at $KUST_FILE"
|
||||
continue
|
||||
fi
|
||||
|
||||
# 1. Clear existing dynamic secret resources from kustomization.yaml
|
||||
yq -i 'del(.resources[] | select(. == "../../service-config/Secrets/*"))' "$KUST_FILE"
|
||||
|
||||
# 2. Clear existing deployment patches that manage envFrom (by path or by content)
|
||||
yq -i 'del(.patches[] | select(.path == "litellm-patch.yaml" or .patch == "*envFrom*"))' "$KUST_FILE"
|
||||
|
||||
# 3. Identify environment-specific secrets
|
||||
FILES=$(ls $SECRETS_DIR/*-${ENV}.yaml 2>/dev/null)
|
||||
|
||||
# 4. Generate the Strategic Merge Patch content (envFrom list)
|
||||
ENV_FROM_LIST=" - configMapRef:
|
||||
name: litellm-env"
|
||||
|
||||
if [ -n "$FILES" ]; then
|
||||
for FILE in $FILES; do
|
||||
REL_PATH="../../service-config/Secrets/$(basename $FILE)"
|
||||
SECRET_NAME=$(yq '.metadata.name' "$FILE" | tr -d '"')
|
||||
|
||||
echo " Adding secret: $SECRET_NAME ($REL_PATH)"
|
||||
|
||||
# Add secret to kustomization resources
|
||||
yq -i ".resources += [\"$REL_PATH\"]" "$KUST_FILE"
|
||||
|
||||
# Append to patch content
|
||||
ENV_FROM_LIST="$ENV_FROM_LIST
|
||||
- secretRef:
|
||||
name: $SECRET_NAME"
|
||||
done
|
||||
|
||||
# 5. Create the dedicated patch file with NAMESPACE included
|
||||
cat <<EOF > "$PATCH_FILE"
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: litellm
|
||||
namespace: litellm
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: litellm
|
||||
envFrom:
|
||||
$ENV_FROM_LIST
|
||||
EOF
|
||||
|
||||
# 6. Reference the patch file in kustomization.yaml
|
||||
yq -i ".patches += [{\"path\": \"litellm-patch.yaml\"}]" "$KUST_FILE"
|
||||
else
|
||||
echo " No secrets found for $ENV, skipping patch."
|
||||
rm -f "$PATCH_FILE"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "¡Synchronization complete with namespaced external patch files!"
|
||||
Reference in New Issue
Block a user