feat: add kubectl-sops task

2026-01-28 02:18:24 +00:00 · 2023-11-28 09:10:59 +08:00
parent bc1ef431ad
commit f7dc8dee75
1 changed files with 27 additions and 3 deletions
--- a/Taskfile.dist.yaml
+++ b/Taskfile.dist.yaml
@@ -20,9 +20,11 @@ includes:
  volsync:
    aliases: [vs]
    taskfile: .taskfiles/volsync/Taskfile.dist.yaml
-  cnpg:
-    aliases: [pg]
-    taskfile: .taskfiles/cnpg/Taskfile.dist.yaml
+  # cnpg:
+  #   aliases: [pg]
+  #   taskfile: .taskfiles/cnpg/Taskfile.dist.yaml
+  pg:
+    taskfile: .taskfiles/pg/Taskfile.dist.yaml
  rook:
    aliases: [r]
    taskfile: .taskfiles/rook
@@ -81,3 +83,25 @@ tasks:
    cmds:
      - htpasswd -bnBC 10 REMOVEME {{.USERPW}}

+  kubectl-sops:
+    silent: true
+    desc: Run kubectl commands with a SOPS encrypted $KUBECONFIG file
+    preconditions:
+      - sh: command -v sops
+    vars: &vars
+      KUBECONFIGSOPS: '{{ .KUBECONFIG | default "~/.kube/config.sops.yaml" }}'
+      KCMD:
+        sh: |-
+          [[ -n "{{.KUBECTL_CMD}}" ]] && echo "{{.KUBECTL_CMD}}" || [[ -n $(command -v kubecolor) ]] && command -v kubecolor && exit || [[ -n $(command -v kubectl) ]] && command -v kubectl && exit || exit 1
+      KUBETMPDIR:
+        sh: "mktemp -d"
+      KUBECONFIG: "{{.KUBETMPDIR}}/decrypted.yaml"
+    cmds:
+      # - echo "{{.KUBECTL_CMD}}"
+      - defer: "rm {{.KUBECONFIG}} && rmdir {{.KUBETMPDIR}}"
+      - |
+        mkfifo {{.KUBECONFIG}}
+        KUBECONFIG={{.KUBECONFIG}} {{.KCMD}} {{.CLI_ARGS}} &
+        KUBECTL_PID=$!
+        sops --decrypt --output {{.KUBECONFIG}} {{.KUBECONFIGSOPS}} >/dev/null 2>/dev/null
+        wait $KUBECTL_PID