param( [string]$OldNamespace = "ircs-system", [string]$NewNamespace = "ircs-prod", [string]$OldSecret = "ircs-backend-secrets", [string]$NewSecret = "ircs-prod-secrets", [string]$OldPullSecret = "harbor-secret", [string]$NewPullSecret = "harbor-secret" ) $ErrorActionPreference = "Stop" function New-Base64SecretValue([int]$Bytes = 48) { $buffer = [byte[]]::new($Bytes) [System.Security.Cryptography.RandomNumberGenerator]::Fill($buffer) return [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes([Convert]::ToBase64String($buffer))) } kubectl get namespace $NewNamespace *> $null if ($LASTEXITCODE -ne 0) { kubectl create namespace $NewNamespace | Out-Null } $old = kubectl -n $OldNamespace get secret $OldSecret -o json | ConvertFrom-Json $data = @{} foreach ($prop in $old.data.PSObject.Properties) { $data[$prop.Name] = $prop.Value } foreach ($key in @('APP_IDENTITY_JWT_SECRET', 'INTERNAL_CREDENTIAL_TOKEN', 'SERVICE_CREDENTIAL_TOKEN', 'SERVICE_SEARCH_TOKEN')) { if (-not $data.ContainsKey($key)) { $data[$key] = New-Base64SecretValue 48 } } $secret = [ordered]@{ apiVersion = 'v1' kind = 'Secret' metadata = [ordered]@{ name = $NewSecret namespace = $NewNamespace labels = [ordered]@{ 'app.kubernetes.io/part-of' = 'ircs' environment = 'prod' } } type = 'Opaque' data = $data } $secret | ConvertTo-Json -Depth 20 | kubectl apply -f - | Out-Null $pull = kubectl -n $OldNamespace get secret $OldPullSecret -o json | ConvertFrom-Json $pull.metadata.namespace = $NewNamespace $pull.metadata.name = $NewPullSecret $pull.metadata.PSObject.Properties.Remove('creationTimestamp') $pull.metadata.PSObject.Properties.Remove('resourceVersion') $pull.metadata.PSObject.Properties.Remove('uid') $pull.metadata.PSObject.Properties.Remove('managedFields') $pull.metadata.PSObject.Properties.Remove('annotations') $pull | ConvertTo-Json -Depth 20 | kubectl apply -f - | Out-Null Write-Host "Prepared namespace, runtime secret, and image pull secret for $NewNamespace. Secret values were not printed."