#!/bin/bash # sync-secrets.sh # Automically updates kustomization resources and deployment patches using yq. BASE_DIR="k8s/overlays" SECRETS_DIR="k8s/service-config/Secrets" # Determinar qué ambientes procesar if [ -n "$1" ]; then ENVS=("$1") else ENVS=("dev" "qat" "prd" "box") fi for ENV in "${ENVS[@]}"; do echo "Processing environment: $ENV..." KUST_FILE="$BASE_DIR/$ENV/kustomization.yaml" PATCH_FILE="$BASE_DIR/$ENV/litellm-patch.yaml" if [ ! -f "$KUST_FILE" ]; then echo "Error: Kustomization file not found at $KUST_FILE" continue fi # 1. Clear existing dynamic secret resources from kustomization.yaml yq -i 'del(.resources[] | select(. == "../../service-config/Secrets/*"))' "$KUST_FILE" # 2. Clear existing deployment patches that manage envFrom (by path or by content) yq -i 'del(.patches[] | select(.path == "litellm-patch.yaml" or .patch == "*envFrom*"))' "$KUST_FILE" # 3. Identify environment-specific secrets FILES=$(ls $SECRETS_DIR/*-${ENV}.yaml 2>/dev/null) # 4. Generate the Strategic Merge Patch content (envFrom list) ENV_FROM_LIST=" - configMapRef: name: litellm-env" if [ -n "$FILES" ]; then for FILE in $FILES; do REL_PATH="../../service-config/Secrets/$(basename $FILE)" SECRET_NAME=$(yq '.metadata.name' "$FILE" | tr -d '"') echo " Adding secret: $SECRET_NAME ($REL_PATH)" # Add secret to kustomization resources yq -i ".resources += [\"$REL_PATH\"]" "$KUST_FILE" # Append to patch content ENV_FROM_LIST="$ENV_FROM_LIST - secretRef: name: $SECRET_NAME" done # 5. Create the dedicated patch file with NAMESPACE included cat < "$PATCH_FILE" apiVersion: apps/v1 kind: Deployment metadata: name: litellm namespace: litellm spec: template: spec: containers: - name: litellm envFrom: $ENV_FROM_LIST EOF # 6. Reference the patch file in kustomization.yaml yq -i ".patches += [{\"path\": \"litellm-patch.yaml\"}]" "$KUST_FILE" else echo " No secrets found for $ENV, skipping patch." rm -f "$PATCH_FILE" fi done echo "¡Synchronization complete with namespaced external patch files!"