Check kubeconfig and dump reencrypted version with kubeseal #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Debug - dump encrypted secrets reencrypted with kubeseal | |
on: | |
workflow_dispatch: | |
jobs: | |
dump: | |
name: Dump | |
runs-on: ubuntu-latest | |
steps: | |
- uses: azure/setup-kubectl@v3 | |
- name: extract kubeconfig | |
run: | | |
echo -n "${{secrets.KUBECONFIG}}" | base64 --decode > kubeconfig | |
- name: list kube data | |
run: | | |
KUBECONFIG=./kubeconfig kubectl config get-contexts | |
- name: Install kubeseal | |
run: | | |
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.22.0/kubeseal-0.22.0-linux-amd64.tar.gz | |
tar -xvzf kubeseal-0.22.0-linux-amd64.tar.gz kubeseal | |
sudo install -m 755 kubeseal /usr/local/bin/kubeseal | |
- name: Dump and reencrypt secrets | |
run: | | |
echo -n "${{secrets.KUBECONFIG}}" | kubeseal --raw --controller-namespace sealed-secrets-system --name test --kubeconfig kubeconfig |