devonhk · November 2, 2025 22:11
diff --git a/generate-argocd-cluster-secret.sh b/generate-argocd-cluster-secret.sh
 #!/bin/bash

 # Script to generate Argo CD cluster secret from kubeconfig
 # Usage: ./generate-cluster-secret.sh <kubeconfig-path> [cluster-name] [namespace]

 set -e

 # Check if yq is installed
 if ! command -v yq &> /dev/null; then
    echo "Error: yq is required but not installed. Install it from https://github.com/mikefarah/yq"
    exit 1
 fi

 # Parse arguments
 KUBECONFIG_PATH="${1}"
 CLUSTER_NAME="${2}"
 NAMESPACE="${3:-argocd}"

 if [ -z "$KUBECONFIG_PATH" ]; then
    echo "Usage: $0 <kubeconfig-path> [cluster-name] [namespace]"
    echo ""
    echo "Arguments:"
    echo "  kubeconfig-path  Path to the kubeconfig file (required)"
    echo "  cluster-name     Name for the cluster in Argo CD (optional, will generate from server)"
    echo "  namespace        Namespace for the secret (optional, defaults to 'argocd')"
    exit 1
 fi

 if [ ! -f "$KUBECONFIG_PATH" ]; then
    echo "Error: Kubeconfig file not found: $KUBECONFIG_PATH"
    exit 1
 fi

 # Extract data from kubeconfig
 SERVER=$(yq eval '.clusters[0].cluster.server' "$KUBECONFIG_PATH")
 CA_DATA=$(yq eval '.clusters[0].cluster.certificate-authority-data' "$KUBECONFIG_PATH")
 CERT_DATA=$(yq eval '.users[0].user.client-certificate-data' "$KUBECONFIG_PATH")
 KEY_DATA=$(yq eval '.users[0].user.client-key-data' "$KUBECONFIG_PATH")

 # Generate cluster name if not provided
 if [ -z "$CLUSTER_NAME" ]; then
    # Extract host from server URL and create a name
    HOST=$(echo "$SERVER" | sed -E 's|https?://||' | sed 's|:.*||' | sed 's|\.|-|g')
    RANDOM_SUFFIX=$(openssl rand -hex 4)
    CLUSTER_NAME="k3s-cluster-${HOST}-${RANDOM_SUFFIX}"
 fi

 SECRET_NAME="$CLUSTER_NAME"

 # Create the secret YAML
 cat <<EOF
 apiVersion: v1
 kind: Secret
 metadata:
  name: ${SECRET_NAME}
  namespace: ${NAMESPACE}
  labels:
    argocd.argoproj.io/secret-type: cluster
 type: Opaque
 stringData:
  name: ${CLUSTER_NAME}
  server: ${SERVER}
  config: |
    {
      "tlsClientConfig": {
        "insecure": false,
        "caData": "${CA_DATA}",
        "certData": "${CERT_DATA}",
        "keyData": "${KEY_DATA}"
      }
    }
 EOF
	#!/bin/bash

	# Script to generate Argo CD cluster secret from kubeconfig
	# Usage: ./generate-cluster-secret.sh <kubeconfig-path> [cluster-name] [namespace]

	set -e

	# Check if yq is installed
	if ! command -v yq &> /dev/null; then
	echo "Error: yq is required but not installed. Install it from https://github.com/mikefarah/yq"
	exit 1
	fi

	# Parse arguments
	KUBECONFIG_PATH="${1}"
	CLUSTER_NAME="${2}"
	NAMESPACE="${3:-argocd}"

	if [ -z "$KUBECONFIG_PATH" ]; then
	echo "Usage: $0 <kubeconfig-path> [cluster-name] [namespace]"
	echo ""
	echo "Arguments:"
	echo " kubeconfig-path Path to the kubeconfig file (required)"
	echo " cluster-name Name for the cluster in Argo CD (optional, will generate from server)"
	echo " namespace Namespace for the secret (optional, defaults to 'argocd')"
	exit 1
	fi

	if [ ! -f "$KUBECONFIG_PATH" ]; then
	echo "Error: Kubeconfig file not found: $KUBECONFIG_PATH"
	exit 1
	fi

	# Extract data from kubeconfig
	SERVER=$(yq eval '.clusters[0].cluster.server' "$KUBECONFIG_PATH")
	CA_DATA=$(yq eval '.clusters[0].cluster.certificate-authority-data' "$KUBECONFIG_PATH")
	CERT_DATA=$(yq eval '.users[0].user.client-certificate-data' "$KUBECONFIG_PATH")
	KEY_DATA=$(yq eval '.users[0].user.client-key-data' "$KUBECONFIG_PATH")

	# Generate cluster name if not provided
	if [ -z "$CLUSTER_NAME" ]; then
	# Extract host from server URL and create a name
	HOST=$(echo "$SERVER" \| sed -E 's\|https?://\|\|' \| sed 's\|:.*\|\|' \| sed 's\|\.\|-\|g')
	RANDOM_SUFFIX=$(openssl rand -hex 4)
	CLUSTER_NAME="k3s-cluster-${HOST}-${RANDOM_SUFFIX}"
	fi

	SECRET_NAME="$CLUSTER_NAME"

	# Create the secret YAML
	cat <<EOF
	apiVersion: v1
	kind: Secret
	metadata:
	name: ${SECRET_NAME}
	namespace: ${NAMESPACE}
	labels:
	argocd.argoproj.io/secret-type: cluster
	type: Opaque
	stringData:
	name: ${CLUSTER_NAME}
	server: ${SERVER}
	config: \|
	{
	"tlsClientConfig": {
	"insecure": false,
	"caData": "${CA_DATA}",
	"certData": "${CERT_DATA}",
	"keyData": "${KEY_DATA}"
	}
	}
	EOF
No results found