jrenggli · May 25, 2026 18:25
diff --git a/seal-secret-to-values.sh b/seal-secret-to-values.sh
  export KUBECONFIG=~/.kube/mycluster-test.yaml
  
  for E in dev01 dev02 dev03 latest test staging; do
      kubectl create secret tls tls-secret \
          --cert=example.com.fullchain.crt \
          --key=example.com.key \
          --dry-run=client \
          --output=yaml \
      | kubeseal \
          --controller-name=sealed-secrets-controller \
          --controller-namespace=kube-system \
          --format=yaml \
          --namespace=myproject-${E} \
          --name=tls-wildcard.example.com-2025-05-17 \
      | yq eval '
        . as $s |
        {
          "kubernetes": {
            "sealedSecrets": {
              ($s.metadata.name): {
                "encryptedData": $s.spec.encryptedData,
                "template": {
                  "type": $s.spec.template.type
                }
              }
            }
          }
        }
      ' \
      | yq eval-all --inplace 'select(fileIndex==0) *+ select(fileIndex==1)' ../../deployment/helm/${E}.yaml -
  done
	export KUBECONFIG=~/.kube/mycluster-test.yaml

	for E in dev01 dev02 dev03 latest test staging; do
	kubectl create secret tls tls-secret \
	--cert=example.com.fullchain.crt \
	--key=example.com.key \
	--dry-run=client \
	--output=yaml \
	\| kubeseal \
	--controller-name=sealed-secrets-controller \
	--controller-namespace=kube-system \
	--format=yaml \
	--namespace=myproject-${E} \
	--name=tls-wildcard.example.com-2025-05-17 \
	\| yq eval '
	. as $s \|
	{
	"kubernetes": {
	"sealedSecrets": {
	($s.metadata.name): {
	"encryptedData": $s.spec.encryptedData,
	"template": {
	"type": $s.spec.template.type
	}
	}
	}
	}
	}
	' \
	\| yq eval-all --inplace 'select(fileIndex==0) *+ select(fileIndex==1)' ../../deployment/helm/${E}.yaml -
	done
No results found