admin/ircs-prod-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f83d1157b1c78a4897562b000c2466d5a4eff308
ircs-prod-config/scripts/prepare-prod-secrets.ps1
T
Prodiglagla f83d1157b1 bootstrap ircs-prod gitops config
2026-06-14 11:46:13 +08:00

63 lines
2.0 KiB
PowerShell
Raw Blame History

param(
[string]$OldNamespace = "ircs-system",
[string]$NewNamespace = "ircs-prod",
[string]$OldSecret = "ircs-backend-secrets",
[string]$NewSecret = "ircs-prod-secrets",
[string]$OldPullSecret = "harbor-secret",
[string]$NewPullSecret = "harbor-secret"
)
$ErrorActionPreference = "Stop"
function New-Base64SecretValue([int]$Bytes = 48) {
$buffer = [byte[]]::new($Bytes)
[System.Security.Cryptography.RandomNumberGenerator]::Fill($buffer)
return [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes([Convert]::ToBase64String($buffer)))
}
kubectl get namespace $NewNamespace *> $null
if ($LASTEXITCODE -ne 0) {
kubectl create namespace $NewNamespace | Out-Null
}
$old = kubectl -n $OldNamespace get secret $OldSecret -o json | ConvertFrom-Json
$data = @{}
foreach ($prop in $old.data.PSObject.Properties) {
$data[$prop.Name] = $prop.Value
}
foreach ($key in @('APP_IDENTITY_JWT_SECRET', 'INTERNAL_CREDENTIAL_TOKEN', 'SERVICE_CREDENTIAL_TOKEN', 'SERVICE_SEARCH_TOKEN')) {
if (-not $data.ContainsKey($key)) {
$data[$key] = New-Base64SecretValue 48
}
}
$secret = [ordered]@{
apiVersion = 'v1'
kind = 'Secret'
metadata = [ordered]@{
name = $NewSecret
namespace = $NewNamespace
labels = [ordered]@{
'app.kubernetes.io/part-of' = 'ircs'
environment = 'prod'
}
}
type = 'Opaque'
data = $data
}
$secret | ConvertTo-Json -Depth 20 | kubectl apply -f - | Out-Null
$pull = kubectl -n $OldNamespace get secret $OldPullSecret -o json | ConvertFrom-Json
$pull.metadata.namespace = $NewNamespace
$pull.metadata.name = $NewPullSecret
$pull.metadata.PSObject.Properties.Remove('creationTimestamp')
$pull.metadata.PSObject.Properties.Remove('resourceVersion')
$pull.metadata.PSObject.Properties.Remove('uid')
$pull.metadata.PSObject.Properties.Remove('managedFields')
$pull.metadata.PSObject.Properties.Remove('annotations')
$pull | ConvertTo-Json -Depth 20 | kubectl apply -f - | Out-Null
Write-Host "Prepared namespace, runtime secret, and image pull secret for $NewNamespace. Secret values were not printed."
Reference in New Issue View Git Blame Copy Permalink