bootstrap ircs-prod gitops config
This commit is contained in:
Prodiglagla
@@ -0,0 +1,62 @@
|
||||
param(
|
||||
[string]$OldNamespace = "ircs-system",
|
||||
[string]$NewNamespace = "ircs-prod",
|
||||
[string]$OldSecret = "ircs-backend-secrets",
|
||||
[string]$NewSecret = "ircs-prod-secrets",
|
||||
[string]$OldPullSecret = "harbor-secret",
|
||||
[string]$NewPullSecret = "harbor-secret"
|
||||
)
|
||||
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
function New-Base64SecretValue([int]$Bytes = 48) {
|
||||
$buffer = [byte[]]::new($Bytes)
|
||||
[System.Security.Cryptography.RandomNumberGenerator]::Fill($buffer)
|
||||
return [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes([Convert]::ToBase64String($buffer)))
|
||||
}
|
||||
|
||||
kubectl get namespace $NewNamespace *> $null
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
kubectl create namespace $NewNamespace | Out-Null
|
||||
}
|
||||
|
||||
$old = kubectl -n $OldNamespace get secret $OldSecret -o json | ConvertFrom-Json
|
||||
$data = @{}
|
||||
foreach ($prop in $old.data.PSObject.Properties) {
|
||||
$data[$prop.Name] = $prop.Value
|
||||
}
|
||||
|
||||
foreach ($key in @('APP_IDENTITY_JWT_SECRET', 'INTERNAL_CREDENTIAL_TOKEN', 'SERVICE_CREDENTIAL_TOKEN', 'SERVICE_SEARCH_TOKEN')) {
|
||||
if (-not $data.ContainsKey($key)) {
|
||||
$data[$key] = New-Base64SecretValue 48
|
||||
}
|
||||
}
|
||||
|
||||
$secret = [ordered]@{
|
||||
apiVersion = 'v1'
|
||||
kind = 'Secret'
|
||||
metadata = [ordered]@{
|
||||
name = $NewSecret
|
||||
namespace = $NewNamespace
|
||||
labels = [ordered]@{
|
||||
'app.kubernetes.io/part-of' = 'ircs'
|
||||
environment = 'prod'
|
||||
}
|
||||
}
|
||||
type = 'Opaque'
|
||||
data = $data
|
||||
}
|
||||
|
||||
$secret | ConvertTo-Json -Depth 20 | kubectl apply -f - | Out-Null
|
||||
|
||||
$pull = kubectl -n $OldNamespace get secret $OldPullSecret -o json | ConvertFrom-Json
|
||||
$pull.metadata.namespace = $NewNamespace
|
||||
$pull.metadata.name = $NewPullSecret
|
||||
$pull.metadata.PSObject.Properties.Remove('creationTimestamp')
|
||||
$pull.metadata.PSObject.Properties.Remove('resourceVersion')
|
||||
$pull.metadata.PSObject.Properties.Remove('uid')
|
||||
$pull.metadata.PSObject.Properties.Remove('managedFields')
|
||||
$pull.metadata.PSObject.Properties.Remove('annotations')
|
||||
$pull | ConvertTo-Json -Depth 20 | kubectl apply -f - | Out-Null
|
||||
|
||||
Write-Host "Prepared namespace, runtime secret, and image pull secret for $NewNamespace. Secret values were not printed."
|
||||
Reference in New Issue
Block a user