Skip to content

Commit

Permalink
try external secret
Browse files Browse the repository at this point in the history
  • Loading branch information
@erickgnavar
erickgnavar committed Dec 5, 2023
1 parent 1f700a2 commit c58038f
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 12 deletions.
20 changes: 11 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,16 @@ This action will run `kubectl` to update the given deployment container with a n

## Inputs

| Input | Required | Description |
|-----------|----------|-------------------------------------------------------------------------|
| cert | yes | base64 encoded certificate |
| server | yes | server host |
| token | yes | authentication token |
| namespace | yes | deployment's namespace to be updated |
| name | yes | deployment's name to be updated |
| image | yes | image name what will be used in the update, example: `org/repo:version` |
| container | yes | deployment's container which will be updated with new image |
| Input | Required | Description |
|-----------------|----------|--------------------------------------------------------------------------------------------------------------------------|
| cert | yes | base64 encoded certificate |
| server | yes | server host |
| token | yes | authentication token |
| namespace | yes | deployment's namespace to be updated |
| name | yes | deployment's name to be updated |
| image | yes | image name what will be used in the update, example: `org/repo:version` |
| container | yes | deployment's container which will be updated with new image |
| external_secret | no | If defined, it will be forced to fetch latest values from secrets provider before the image is updated in the deployment |

## Usage

Expand All @@ -27,6 +28,7 @@ This action will run `kubectl` to update the given deployment container with a n
name: my_project
image: new_image_name
container: backend
external_secret: app-external-secret
```

Enjoy 🎉
25 changes: 22 additions & 3 deletions entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@ NAMESPACE="${INPUT_NAMESPACE}"
DEPLOYMENT="${INPUT_NAME}"
IMAGE="${INPUT_IMAGE}"
CONTAINER="${INPUT_CONTAINER}"
EXTERNAL_SECRET="${INPUT_EXTERNAL_SECRET}"

echo "${KUBERNETES_CERT}" | base64 -d > ca.crt
echo "${KUBERNETES_CERT}" | base64 -d >ca.crt

kubectl config set-cluster "${CLUSTER_NAME}" --server="${KUBERNETES_SERVER}" --certificate-authority=ca.crt

Expand All @@ -21,12 +22,30 @@ kubectl config use-context "${CONTEXT}"

kubectl config set-credentials "$CONTEXT" --token="$KUBERNETES_TOKEN"

if [ "$EXTERNAL_SECRET" ]; then
if [ ! "$EXTERNAL_SECRET" ]; then
echo "External secret name was not defined."
exit 1
fi

echo "Checking if $EXTERNAL_SECRET exists..."

if [ $(kubectl -n "$NAMESPACE" get es "$EXTERNAL_SECRET") -neq 0 ]; then
echo "$EXTERNAL_SECRET doesn't exist"
exit 1
fi

echo "Syncing secret before deployment image update..."

kubectl -n "$NAMESPACE" annotate es "$EXTERNAL_SECRET" force-sync="$(date +%s)" --overwrite
fi

echo "Deploying to ${KUBERNETES_SERVER}"

echo "Updating ${DEPLOYMENT} in ${NAMESPACE} with ${IMAGE}..."

IFS=',' read -ra containers <<< "$CONTAINER"
IFS=',' read -ra containers <<<"$CONTAINER"

for container in "${containers[@]}"; do
kubectl -n "${NAMESPACE}" set image "deployment/${DEPLOYMENT}" "${container}=${IMAGE}"
kubectl -n "${NAMESPACE}" set image "deployment/${DEPLOYMENT}" "${container}=${IMAGE}"
done

0 comments on commit c58038f

Please sign in to comment.