fp/scripts/k8s-secrets.sh

182 lines
8.2 KiB
Bash
Raw Normal View History

2024-05-28 05:17:49 +00:00
#!/bin/bash
2024-06-18 02:21:08 +00:00
2024-09-16 16:31:51 +00:00
## @todo switch to infisical
# ns=futureporn
# kubectl --namespace $ns delete secret universal-auth-credentials --ignore-not-found
# kubectl --namespace $ns create secret generic universal-auth-credentials \
# --from-literal=clientSecret="${INFISICAL_CLIENT_SECRET}" \
# --from-literal=clientId="${INFISICAL_CLIENT_ID}"
# echo "@todo remove all the unused secrets"
# exit 256
CLOUD_DATA=$(echo -e "[default]\naws_access_key_id: $VELERO_S3_KEY_ID\naws_secret_access_key: $VELERO_S3_ACCESS_KEY" | base64 -w 0)
2024-06-18 02:21:08 +00:00
kubectl --namespace=velero delete secret velero --ignore-not-found
## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
cat <<EOF | kubectl --namespace=velero create -f-
---
apiVersion: v1
kind: Secret
metadata:
name: velero
namespace: velero
annotations:
meta.helm.sh/release-namespace: futureporn
labels:
app.kubernetes.io/managed-by: Helm
type: Opaque
2024-09-16 16:31:51 +00:00
data:
cloud: $CLOUD_DATA
2024-06-18 02:21:08 +00:00
EOF
2024-07-06 08:49:51 +00:00
# kubectl --namespace futureporn delete secret uppy --ignore-not-found
# kubectl --namespace futureporn create secret generic uppy \
# --from-literal=driveKey=${UPPY_DRIVE_KEY} \
# --from-literal=driveSecret=${UPPY_DRIVE_SECRET} \
# --from-literal=dropboxKey=${UPPY_DROPBOX_KEY} \
# --from-literal=dropboxSecret=${UPPY_DROPBOX_SECRET} \
# --from-literal=jwtSecret=${UPPY_JWT_SECRET} \
# --from-literal=secret=${UPPY_SECRET} \
# --from-literal=sessionSecret=${UPPY_SESSION_SECRET} \
# --from-literal=b2Key=${UPPY_B2_KEY} \
# --from-literal=b2Secret=${UPPY_B2_SECRET}\
2024-08-13 21:18:01 +00:00
kubectl --namespace futureporn delete secret chisel --ignore-not-found
kubectl --namespace futureporn create secret generic chisel \
--from-literal=auth="${CHISEL_USERNAME}:${CHISEL_PASSWORD}"
kubectl --namespace chisel-operator-system delete secret chisel --ignore-not-found
kubectl --namespace chisel-operator-system create secret generic chisel \
--from-literal=auth="${CHISEL_USERNAME}:${CHISEL_PASSWORD}"
kubectl --namespace futureporn delete secret ngrok --ignore-not-found
kubectl --namespace futureporn create secret generic ngrok \
--from-literal=API_KEY=${NGROK_API_KEY} \
--from-literal=AUTHTOKEN=${NGROK_AUTHTOKEN} \
--from-literal=domain=${NGROK_DOMAIN}
2024-08-01 19:16:35 +00:00
kubectl --namespace futureporn delete secret bot --ignore-not-found
kubectl --namespace futureporn create secret generic bot \
--from-literal=automationUserJwt=${AUTOMATION_USER_JWT} \
--from-literal=discordToken=${DISCORD_TOKEN} \
--from-literal=discordChannelId=${DISCORD_CHANNEL_ID} \
--from-literal=discordGuildId=${DISCORD_GUILD_ID} \
--from-literal=discordApplicationId=${DISCORD_APPLICATION_ID} \
--from-literal=workerConnectionString=${WORKER_CONNECTION_STRING}
2024-07-30 20:34:25 +00:00
kubectl --namespace futureporn delete secret pgadmin4 --ignore-not-found
kubectl --namespace futureporn create secret generic pgadmin4 \
--from-literal=email=${PGADMIN_DEFAULT_EMAIL} \
--from-literal=password=${PGADMIN_DEFAULT_PASSWORD}
kubectl --namespace futureporn delete secret postgrest --ignore-not-found
kubectl --namespace futureporn create secret generic postgrest \
--from-literal=dbUri=${PGRST_DB_URI} \
--from-literal=jwtSecret=${PGRST_JWT_SECRET} \
--from-literal=automationUserJwt=${AUTOMATION_USER_JWT}
2024-07-30 20:34:25 +00:00
2024-07-23 02:59:41 +00:00
kubectl --namespace futureporn delete secret capture --ignore-not-found
kubectl --namespace futureporn create secret generic capture \
2024-08-01 19:16:35 +00:00
--from-literal=workerConnectionString=${WORKER_CONNECTION_STRING} \
2024-07-28 00:42:09 +00:00
--from-literal=s3AccessKeyId=${S3_USC_BUCKET_KEY_ID} \
2024-08-20 04:27:40 +00:00
--from-literal=s3SecretAccessKey=${S3_USC_BUCKET_APPLICATION_KEY} \
--from-literal=httpProxy=${HTTP_PROXY}
2024-07-23 02:59:41 +00:00
kubectl --namespace futureporn delete secret mailbox --ignore-not-found
kubectl --namespace futureporn create secret generic mailbox \
--from-literal=databaseUrl=${WORKER_DATABASE_URL} \
--from-literal=imapServer=${IMAP_SERVER} \
--from-literal=imapPort=${IMAP_PORT} \
--from-literal=imapUsername=${IMAP_USERNAME} \
--from-literal=imapPassword=${IMAP_PASSWORD} \
--from-literal=imapAccessToken=${IMAP_ACCESS_TOKEN}
2024-08-01 19:16:35 +00:00
# kubectl --namespace futureporn delete secret discord --ignore-not-found
# kubectl --namespace futureporn create secret generic discord \
# --from-literal=token=${DISCORD_TOKEN} \
# --from-literal=applicationId=${DISCORD_APPLICATION_ID}
2024-07-10 02:34:23 +00:00
2024-07-06 08:49:51 +00:00
kubectl --namespace futureporn delete secret redis --ignore-not-found
kubectl --namespace futureporn create secret generic redis \
--from-literal=password=${REDIS_PASSWORD}
kubectl --namespace futureporn delete secret uppy --ignore-not-found
kubectl --namespace futureporn create secret generic uppy \
--from-literal=redisUrl=${COMPANION_REDIS_URL} \
--from-literal=secret=${COMPANION_SECRET} \
--from-literal=preAuthSecret=${COMPANION_PREAUTH_SECRET} \
--from-literal=dropboxKey=${COMPANION_DROPBOX_KEY} \
--from-literal=dropboxSecret=${COMPANION_DROPBOX_SECRET} \
--from-literal=boxKey=${COMPANION_BOX_KEY} \
--from-literal=boxSecret=${COMPANION_BOX_SECRET} \
--from-literal=googleKey=${COMPANION_GOOGLE_KEY} \
--from-literal=googleSecret=${COMPANION_GOOGLE_SECRET} \
--from-literal=awsKey=${COMPANION_AWS_KEY} \
--from-literal=awsSecret=${COMPANION_AWS_SECRET} \
--from-literal=awsBucket=${COMPANION_AWS_BUCKET} \
--from-literal=oauthDomain=${COMPANION_OAUTH_DOMAIN} \
--from-literal=uploadUrls=${COMPANION_UPLOAD_URLS}
## @todo we need exoscale in two separate namespaces.
## Is it worth using secrets reflector?
2024-06-28 23:23:04 +00:00
kubectl --namespace cert-manager delete secret exoscale --ignore-not-found
kubectl --namespace cert-manager create secret generic exoscale \
2024-06-24 21:41:18 +00:00
--from-literal=apiKey=${EXOSCALE_API_KEY} \
--from-literal=apiSecret=${EXOSCALE_API_SECRET}
2024-06-28 23:59:31 +00:00
kubectl --namespace futureporn delete secret exoscale --ignore-not-found
kubectl --namespace futureporn create secret generic exoscale \
--from-literal=apiKey=${EXOSCALE_API_KEY} \
--from-literal=apiSecret=${EXOSCALE_API_SECRET}
2024-06-20 23:34:34 +00:00
kubectl --namespace futureporn delete secret grafana --ignore-not-found
kubectl --namespace futureporn create secret generic grafana \
2024-06-20 23:33:27 +00:00
--from-literal=admin-user=${GRAFANA_USERNAME} \
--from-literal=admin-password=${GRAFANA_PASSWORD}
2024-06-18 02:21:08 +00:00
2024-08-01 19:16:35 +00:00
# kubectl --namespace futureporn delete secret link2cid --ignore-not-found
# kubectl --namespace futureporn create secret generic link2cid \
# --from-literal=apiKey=${LINK2CID_API_KEY}
2024-05-28 05:17:49 +00:00
kubectl --namespace cert-manager delete secret vultr --ignore-not-found
kubectl --namespace cert-manager create secret generic vultr \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret vultr --ignore-not-found
kubectl --namespace futureporn create secret generic vultr \
--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \
--from-literal=apiKey=${VULTR_API_KEY}
2024-07-23 02:59:41 +00:00
kubectl --namespace futureporn delete secret postgresql --ignore-not-found
kubectl --namespace futureporn create secret generic postgresql \
2024-07-17 07:27:23 +00:00
--from-literal=replication-password=${POSTGRES_PASSWORD} \
--from-literal=postgres-password=${POSTGRES_PASSWORD} \
2024-05-28 05:17:49 +00:00
--from-literal=password=${POSTGRES_PASSWORD}
kubectl --namespace futureporn delete secret pgadmin --ignore-not-found
kubectl --namespace futureporn create secret generic pgadmin \
--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \
--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD}
kubectl --namespace futureporn delete secret strapi --ignore-not-found
kubectl --namespace futureporn create secret generic strapi \
--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
--from-literal=appKeys=${STRAPI_APP_KEYS} \
2024-07-18 12:37:36 +00:00
--from-literal=databaseUrl=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
2024-05-28 05:17:49 +00:00
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \
--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \
--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \
--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \
--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \
--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \
--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \
--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \
--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \
--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}