ArgoCD context to secret

--- date-created: 20240404 tags: - argocd - bash --- # ArgoCD context to secret - Not tested ```bash #!/bin/bash # Usage: ./extract_context_to_secret.sh <kubeconfig_file> <context_name> <secret_name> <namespace> KUBECONFIG_FILE="$1" CONTEXT_NAME="$2" SECRET_NAME="$3" NAMESPACE="$4" # Check if all arguments are provided if [[ -z "$KUBECONFIG_FILE" || -z "$CONTEXT_NAME" || -z "$SECRET_NAME" || -z "$NAMESPACE" ]]; then echo "Usage: $0 <kubeconfig_file> <context_name> <secret_name> <namespace>" exit 1 fi # Extract the cluster server URL SERVER=$(kubectl --kubeconfig="$KUBECONFIG_FILE" config view -o jsonpath="{.clusters[?(@.name == \"${CONTEXT_NAME}\")].cluster.server}") # Extract the CA certificate and base64 encode it CA_DATA=$(kubectl --kubeconfig="$KUBECONFIG_FILE" config view --raw -o jsonpath="{.clusters[?(@.name == \"${CONTEXT_NAME}\")].cluster.certificate-authority-data}") # Extract the bearer token BEARER_TOKEN=$(kubectl --kubeconfig="$KUBECONFIG_FILE" config view -o jsonpath="{.users[?(@.name == \"${CONTEXT_NAME}\")].user.token}") # Create the secret YAML cat <<EOF > "${SECRET_NAME}.yaml" apiVersion: v1 kind: Secret metadata: name: ${SECRET_NAME} namespace: ${NAMESPACE} labels: argocd.argoproj.io/secret-type: cluster type: Opaque stringData: name: ${CONTEXT_NAME} server: ${SERVER} config: | { "bearerToken": "${BEARER_TOKEN}", "tlsClientConfig": { "insecure": false, "caData": "${CA_DATA}" } } EOF echo "Secret file ${SECRET_NAME}.yaml created successfully." ``` with kubeconfig: ``` #!/bin/bash # Usage: ./extract_context_to_secret.sh <context_name> <secret_name> <namespace> [<alternate_kubeconfig>] CONTEXT_NAME="$1" SECRET_NAME="$2" NAMESPACE="$3" ALTERNATE_KUBECONFIG="${4:-$HOME/.kube/config}" # Check if the required arguments are provided if [[ -z "$CONTEXT_NAME" || -z "$SECRET_NAME" || -z "$NAMESPACE" ]]; then echo "Usage: $0 <context_name> <secret_name> <namespace> [<alternate_kubeconfig>]" exit 1 fi # Use the specified kubeconfig file or default to ~/.kube/config export KUBECONFIG="$ALTERNATE_KUBECONFIG" # Extract the cluster server URL SERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name == \"${CONTEXT_NAME}\")].cluster.server}") # Extract the CA certificate and base64 encode it CA_DATA=$(kubectl config view --raw -o jsonpath="{.clusters[?(@.name == \"${CONTEXT_NAME}\")].cluster.certificate-authority-data}") # Extract the bearer token BEARER_TOKEN=$(kubectl config view -o jsonpath="{.users[?(@.name == \"${CONTEXT_NAME}\")].user.token}") # Create the secret YAML cat <<EOF > "${SECRET_NAME}.yaml" apiVersion: v1 kind: Secret metadata: name: ${SECRET_NAME} namespace: ${NAMESPACE} labels: argocd.argoproj.io/secret-type: cluster type: Opaque stringData: name: ${CONTEXT_NAME} server: ${SERVER} config: | { "bearerToken": "${BEARER_TOKEN}", "tlsClientConfig": { "insecure": false, "caData": "${CA_DATA}" } } EOF echo "Secret file ${SECRET_NAME}.yaml created successfully." ``` ``` ./extract_context_to_secret.sh my-context my-secret my-namespace /path/to/alternate/kubeconfig ```