fix: seed grafana admin secret during deploy
This commit is contained in:
@@ -857,6 +857,7 @@ jobs:
|
|||||||
- name: Reconcile observability stack
|
- name: Reconcile observability stack
|
||||||
env:
|
env:
|
||||||
KUBECONFIG: outputs/kubeconfig
|
KUBECONFIG: outputs/kubeconfig
|
||||||
|
GRAFANA_ADMIN_PASSWORD: ${{ secrets.GRAFANA_ADMIN_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
@@ -949,14 +950,25 @@ jobs:
|
|||||||
wait_for_grafana_secret() {
|
wait_for_grafana_secret() {
|
||||||
local timeout_seconds="$1"
|
local timeout_seconds="$1"
|
||||||
local elapsed=0
|
local elapsed=0
|
||||||
|
local force_sync
|
||||||
|
|
||||||
while [ "${elapsed}" -lt "${timeout_seconds}" ]; do
|
while [ "${elapsed}" -lt "${timeout_seconds}" ]; do
|
||||||
|
force_sync="$(date +%s)"
|
||||||
|
kubectl -n observability annotate externalsecret/grafana-admin external-secrets.io/force-sync="${force_sync}" --overwrite || true
|
||||||
|
|
||||||
|
if [ -n "${GRAFANA_ADMIN_PASSWORD}" ]; then
|
||||||
|
kubectl -n observability create secret generic grafana-admin-credentials \
|
||||||
|
--from-literal=admin-user=admin \
|
||||||
|
--from-literal=admin-password="${GRAFANA_ADMIN_PASSWORD}" \
|
||||||
|
--dry-run=client -o yaml | kubectl apply -f -
|
||||||
|
fi
|
||||||
|
|
||||||
if kubectl -n observability get secret/grafana-admin-credentials >/dev/null 2>&1; then
|
if kubectl -n observability get secret/grafana-admin-credentials >/dev/null 2>&1; then
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sleep 15
|
sleep 15
|
||||||
elapsed=$((elapsed + 75))
|
elapsed=$((elapsed + 15))
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "Timed out waiting for Grafana admin ExternalSecret to sync" >&2
|
echo "Timed out waiting for Grafana admin ExternalSecret to sync" >&2
|
||||||
|
|||||||
Reference in New Issue
Block a user