K
Q

Create namespace and secret, do patch only if not existing

1/21/2022

In my CI I'm running a helm upgrade command to release an app. But if it is a non existing app, I have to create the namespace, a secret and patch the serviceaccount. So I come up with this:

kubectl create namespace ${namespace} --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret docker-registry gitlab-registry --namespace ${namespace} --docker-server="\${CI_REGISTRY}" --docker-username="\${CI_DEPLOY_USER}" --docker-password="\${CI_DEPLOY_PASSWORD}" --docker-email="\${GITLAB_USER_EMAIL}" -o yaml --dry-run=client | kubectl apply -f -
kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"gitlab-registry"}]}' --namespace ${namespace}

This is working, but I think it is not the perfect way as these three steps should only be done once. : Only if app/namespace/secret is not existing

-- user3142695
kubectl
kubernetes

Similar Questions

Kubernetes hostpath volume with WLS2 does not work
Kubernetes Ingress rewrite-target - anyway to preserve the address when rewrite?
Setup two ingress for two services with same names in different namespaces
How to policy control kubernetes GET object request via open policy?
Routing One Pod’s packet to another Pod

1 Answer

1/21/2022

Helm provides the --create-namespace switch that will create the namespace of the release if it does not already exist.

The secret can be added in your helm chart and you can pass the variables (CI_REGISTRY, CI_DEPLOY_USER, etc.) in as helm chart values either as --set values or via the values.yaml file and using --values

The service account patching you can do as a post-install and/or a post-upgrade job (https://helm.sh/docs/topics/charts_hooks/)

-- Blender Fox
Source: StackOverflow