Last active
March 27, 2020 16:42
-
-
Save arwilczek90/a80bb68a4bf2669872cea16e6382675c to your computer and use it in GitHub Desktop.
This is a shellscript I compiled from various stack overflows to find differences in the secrets I installed vs the secrets that are used and vice versa. this makes trimming legacy/nolonger used secrets easier.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env zsh | |
printf "Getting used secrets...\n" | |
# Get envFrom secrets | |
envSecrets=$(kubectl get pods -o jsonpath='{.items[*].spec.containers[*].envFrom[*].secretRef.name}' | xargs -n1) | |
# Get valueFrom secrets | |
envSecrets2=$(kubectl get pods -o jsonpath='{.items[*].spec.containers[*].env[*].valueFrom.secretKeyRef.name}' | xargs -n1) | |
# Get secrets mounted as volumes | |
volumeSecrets=$(kubectl get pods -o jsonpath='{.items[*].spec.volumes[*].secret.secretName}' | xargs -n1) | |
# Get imagePullSecrets | |
pullSecrets=$(kubectl get pods -o jsonpath='{.items[*].spec.imagePullSecrets[*].name}' | xargs -n1) | |
# Get ingress tls secrets | |
tlsSecrets=$(kubectl get ingress -o jsonpath='{.items[*].spec.tls[*].secretName}' | xargs -n1) | |
#printf "${envSecrets}\n${envSecrets2}\n${volumeSecrets}\n${pullSecrets}\n${tlsSecrets}" | |
printf "Diffing secrets used vs secrets installed:\n" | |
# If colordiff is installed use it else use diff | |
if command -v colordiff > /dev/null ; then | |
colordiff -u --label "Used Secrets" <(printf "${envSecrets}\n${envSecrets2}\n${volumeSecrets}\n${pullSecrets}\n${tlsSecrets}\n" | awk NF | sort | uniq) --label "Installed Secrets" <(kubectl get secrets -o jsonpath='{.items[*].metadata.name}' | xargs -n1 | sort | uniq) | |
else | |
diff -u --label "Used Secrets" <(printf "${envSecrets}\n${envSecrets2}\n${volumeSecrets}\n${pullSecrets}\n${tlsSecrets}\n" | awk NF | sort | uniq) --label "Installed Secrets" <(kubectl get secrets -o jsonpath='{.items[*].metadata.name}' | xargs -n1 | sort | uniq) | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment