admin/ircs-prod-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e326c375ab133061d69946f64d0ed9c345a6679
ircs-prod-config/scripts/prepare-prod-secrets.ps1
T
Prodiglagla 712770d7d3 fix prod secret token generation compatibility
2026-06-14 12:16:02 +08:00

68 lines
2.1 KiB
PowerShell
Raw Blame History

param(
[string]$OldNamespace = "ircs-system",
[string]$NewNamespace = "ircs-prod",
[string]$OldSecret = "ircs-backend-secrets",
[string]$NewSecret = "ircs-prod-secrets",
[string]$OldPullSecret = "harbor-secret",
[string]$NewPullSecret = "harbor-secret"
)
$ErrorActionPreference = "Stop"
function New-Base64SecretValue([int]$Bytes = 48) {
$buffer = [byte[]]::new($Bytes)
$rng = [System.Security.Cryptography.RandomNumberGenerator]::Create()
try {
$rng.GetBytes($buffer)
} finally {
$rng.Dispose()
}
return [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes([Convert]::ToBase64String($buffer)))
}
$namespaceName = kubectl get namespace $NewNamespace --ignore-not-found -o name
if (-not $namespaceName) {
kubectl create namespace $NewNamespace | Out-Null
}
$old = kubectl -n $OldNamespace get secret $OldSecret -o json | ConvertFrom-Json
$data = @{}
foreach ($prop in $old.data.PSObject.Properties) {
$data[$prop.Name] = $prop.Value
}
foreach ($key in @('APP_IDENTITY_JWT_SECRET', 'INTERNAL_CREDENTIAL_TOKEN', 'SERVICE_CREDENTIAL_TOKEN', 'SERVICE_SEARCH_TOKEN')) {
if (-not $data.ContainsKey($key)) {
$data[$key] = New-Base64SecretValue 48
}
}
$secret = [ordered]@{
apiVersion = 'v1'
kind = 'Secret'
metadata = [ordered]@{
name = $NewSecret
namespace = $NewNamespace
labels = [ordered]@{
'app.kubernetes.io/part-of' = 'ircs'
environment = 'prod'
}
}
type = 'Opaque'
data = $data
}
$secret | ConvertTo-Json -Depth 20 | kubectl apply -f - | Out-Null
$pull = kubectl -n $OldNamespace get secret $OldPullSecret -o json | ConvertFrom-Json
$pull.metadata.namespace = $NewNamespace
$pull.metadata.name = $NewPullSecret
$pull.metadata.PSObject.Properties.Remove('creationTimestamp')
$pull.metadata.PSObject.Properties.Remove('resourceVersion')
$pull.metadata.PSObject.Properties.Remove('uid')
$pull.metadata.PSObject.Properties.Remove('managedFields')
$pull.metadata.PSObject.Properties.Remove('annotations')
$pull | ConvertTo-Json -Depth 20 | kubectl apply -f - | Out-Null
Write-Host "Prepared namespace, runtime secret, and image pull secret for $NewNamespace. Secret values were not printed."
Reference in New Issue View Git Blame Copy Permalink