Skip to content

Instantly share code, notes, and snippets.

@dmage

dmage/rotate-sa-tokens.sh

Created September 18, 2020 12:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dmage/af3eaa61bad54e98742e420857b3055c to your computer and use it in GitHub Desktop.
Save dmage/af3eaa61bad54e98742e420857b3055c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
rotate-sa-tokens.sh
#!/bin/sh -eu
NAMESPACE=default
SERVICEACCOUNT=default
oc -n "$NAMESPACE" serviceaccounts new-token "$SERVICEACCOUNT"
NEW_SECRET_NAME=$(
oc get secrets \
--field-selector='type=kubernetes.io/service-account-token' \
--output=go-template='{{range .items}}{{if eq (index .metadata.annotations "kubernetes.io/service-account.name") "'"$SERVICEACCOUNT"'"}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' \
--sort-by='.metadata.creationTimestamp' |
tail -n1
)
oc -n "$NAMESPACE" patch serviceaccount "$SERVICEACCOUNT" --type=json --patch='[
{"op": "replace", "path":"/imagePullSecrets", "value": []},
{"op": "replace", "path":"/secrets", "value": [{"name":"'"$NEW_SECRET_NAME"'"}]},
]'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment