fp/scripts/k8s-secrets.sh

159 lines
7.2 KiB
Bash
Raw Normal View History

2024-05-28 05:17:49 +00:00
#!/bin/bash
2024-06-18 02:21:08 +00:00
kubectl --namespace=velero delete secret velero --ignore-not-found
## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
cat <<EOF | kubectl --namespace=velero create -f-
---
apiVersion: v1
kind: Secret
metadata:
name: velero
namespace: velero
annotations:
meta.helm.sh/release-namespace: futureporn
labels:
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
aws_access_key_id: $(echo -n $VELERO_S3_KEY_ID | base64)
aws_secret_access_key: $(echo -n $VELERO_S3_ACCESS_KEY | base64)
EOF
# kubectl --namespace futureporn delete secret traefik --ignore-not-found
# kubectl --namespace futureporn create secret generic traefik \
# --from-literal=username=${TRAEFIK_USERNAME} \
# --from-literal=password=${TRAEFIK_PASSWORD}
2024-07-06 08:49:51 +00:00
# kubectl --namespace futureporn delete secret uppy --ignore-not-found
# kubectl --namespace futureporn create secret generic uppy \
# --from-literal=driveKey=${UPPY_DRIVE_KEY} \
# --from-literal=driveSecret=${UPPY_DRIVE_SECRET} \
# --from-literal=dropboxKey=${UPPY_DROPBOX_KEY} \
# --from-literal=dropboxSecret=${UPPY_DROPBOX_SECRET} \
# --from-literal=jwtSecret=${UPPY_JWT_SECRET} \
# --from-literal=secret=${UPPY_SECRET} \
# --from-literal=sessionSecret=${UPPY_SESSION_SECRET} \
# --from-literal=b2Key=${UPPY_B2_KEY} \
# --from-literal=b2Secret=${UPPY_B2_SECRET}\
2024-07-10 02:34:23 +00:00
kubectl --namespace futureporn delete secret trigger --ignore-not-found
kubectl --namespace futureporn create secret generic trigger \
--from-literal=encryptionKey=${TRIGGER_ENCRYPTION_KEY} \
--from-literal=magicLinkSecret=${TRIGGER_MAGIC_LINK_SECRET} \
--from-literal=databaseUrl=${TRIGGER_DATABASE_URL} \
--from-literal=loginUrl=${TRIGGER_LOGIN_ORIGIN} \
--from-literal=appOrigin=${TRIGGER_APP_ORIGIN}
kubectl --namespace futureporn delete secret discord --ignore-not-found
kubectl --namespace futureporn create secret generic discord \
--from-literal=token=${DISCORD_TOKEN} \
--from-literal=applicationId=${DISCORD_APPLICATION_ID}
2024-07-10 02:34:23 +00:00
2024-07-06 08:49:51 +00:00
kubectl --namespace futureporn delete secret redis --ignore-not-found
kubectl --namespace futureporn create secret generic redis \
--from-literal=password=${REDIS_PASSWORD}
kubectl --namespace futureporn delete secret uppy --ignore-not-found
kubectl --namespace futureporn create secret generic uppy \
--from-literal=redisUrl=${COMPANION_REDIS_URL} \
--from-literal=secret=${COMPANION_SECRET} \
--from-literal=preAuthSecret=${COMPANION_PREAUTH_SECRET} \
--from-literal=dropboxKey=${COMPANION_DROPBOX_KEY} \
--from-literal=dropboxSecret=${COMPANION_DROPBOX_SECRET} \
--from-literal=boxKey=${COMPANION_BOX_KEY} \
--from-literal=boxSecret=${COMPANION_BOX_SECRET} \
--from-literal=googleKey=${COMPANION_GOOGLE_KEY} \
--from-literal=googleSecret=${COMPANION_GOOGLE_SECRET} \
--from-literal=awsKey=${COMPANION_AWS_KEY} \
--from-literal=awsSecret=${COMPANION_AWS_SECRET} \
--from-literal=awsBucket=${COMPANION_AWS_BUCKET} \
--from-literal=oauthDomain=${COMPANION_OAUTH_DOMAIN} \
--from-literal=uploadUrls=${COMPANION_UPLOAD_URLS}
## @todo we need exoscale in two separate namespaces.
## Is it worth using secrets reflector?
2024-06-28 23:23:04 +00:00
kubectl --namespace cert-manager delete secret exoscale --ignore-not-found
kubectl --namespace cert-manager create secret generic exoscale \
2024-06-24 21:41:18 +00:00
--from-literal=apiKey=${EXOSCALE_API_KEY} \
--from-literal=apiSecret=${EXOSCALE_API_SECRET}
2024-06-28 23:59:31 +00:00
kubectl --namespace futureporn delete secret exoscale --ignore-not-found
kubectl --namespace futureporn create secret generic exoscale \
--from-literal=apiKey=${EXOSCALE_API_KEY} \
--from-literal=apiSecret=${EXOSCALE_API_SECRET}
2024-06-20 23:34:34 +00:00
kubectl --namespace futureporn delete secret grafana --ignore-not-found
kubectl --namespace futureporn create secret generic grafana \
2024-06-20 23:33:27 +00:00
--from-literal=admin-user=${GRAFANA_USERNAME} \
--from-literal=admin-password=${GRAFANA_PASSWORD}
2024-06-18 02:21:08 +00:00
2024-05-28 05:17:49 +00:00
kubectl --namespace futureporn delete secret frp --ignore-not-found
kubectl --namespace futureporn create secret generic frp \
--from-literal=token=${FRP_TOKEN}
kubectl --namespace futureporn delete secret chisel --ignore-not-found
kubectl --namespace futureporn create secret generic chisel \
--from-literal=auth=${CHISEL_USERNAME}:${CHISEL_PASSWORD}
2024-05-28 05:17:49 +00:00
kubectl --namespace futureporn delete secret scout --ignore-not-found
kubectl --namespace futureporn create secret generic scout \
--from-literal=recentsToken=${SCOUT_RECENTS_TOKEN} \
--from-literal=strapiApiKey=${SCOUT_STRAPI_API_KEY} \
--from-literal=imapServer=${SCOUT_IMAP_SERVER} \
--from-literal=imapPort=${SCOUT_IMAP_PORT} \
--from-literal=imapUsername=${SCOUT_IMAP_USERNAME} \
--from-literal=imapPassword=${SCOUT_IMAP_PASSWORD} \
--from-literal=imapAccessToken=${SCOUT_IMAP_ACCESS_TOKEN} \
2024-06-13 01:38:11 +00:00
--from-literal=nitterAccessKey=${SCOUT_NITTER_ACCESS_KEY} \
--from-literal=s3BucketKeyId=${S3_BUCKET_KEY_ID} \
--from-literal=s3BucketApplicationKey=${S3_BUCKET_APPLICATION_KEY}
2024-05-28 05:17:49 +00:00
kubectl --namespace futureporn delete secret link2cid --ignore-not-found
kubectl --namespace futureporn create secret generic link2cid \
--from-literal=apiKey=${LINK2CID_API_KEY}
kubectl --namespace cert-manager delete secret vultr --ignore-not-found
kubectl --namespace cert-manager create secret generic vultr \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret vultr --ignore-not-found
kubectl --namespace futureporn create secret generic vultr \
--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret postgres --ignore-not-found
kubectl --namespace futureporn create secret generic postgres \
--from-literal=password=${POSTGRES_PASSWORD}
kubectl --namespace futureporn delete secret pgadmin --ignore-not-found
kubectl --namespace futureporn create secret generic pgadmin \
--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \
--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD}
kubectl --namespace futureporn delete secret strapi --ignore-not-found
kubectl --namespace futureporn create secret generic strapi \
--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
--from-literal=appKeys=${STRAPI_APP_KEYS} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \
--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \
--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \
--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \
--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \
--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \
--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \
--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \
--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \
--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}
kubectl --namespace futureporn delete secret realtime --ignore-not-found
kubectl --namespace futureporn create secret generic realtime \
--from-literal=postgresRealtimeConnectionString=${POSTGRES_REALTIME_CONNECTION_STRING}
2024-06-04 23:06:47 +00:00