#!/bin/bash ## @todo switch to infisical # ns=futureporn # kubectl --namespace $ns delete secret universal-auth-credentials --ignore-not-found # kubectl --namespace $ns create secret generic universal-auth-credentials \ # --from-literal=clientSecret="${INFISICAL_CLIENT_SECRET}" \ # --from-literal=clientId="${INFISICAL_CLIENT_ID}" # echo "@todo remove all the unused secrets" # exit 256 CLOUD_DATA=$(echo -e "[default]\naws_access_key_id: $VELERO_S3_KEY_ID\naws_secret_access_key: $VELERO_S3_ACCESS_KEY" | base64 -w 0) kubectl --namespace=velero delete secret velero --ignore-not-found ## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649 cat <<EOF | kubectl --namespace=velero create -f- --- apiVersion: v1 kind: Secret metadata: name: velero namespace: velero annotations: meta.helm.sh/release-namespace: futureporn labels: app.kubernetes.io/managed-by: Helm type: Opaque data: cloud: $CLOUD_DATA EOF # kubectl --namespace futureporn delete secret uppy --ignore-not-found # kubectl --namespace futureporn create secret generic uppy \ # --from-literal=driveKey=${UPPY_DRIVE_KEY} \ # --from-literal=driveSecret=${UPPY_DRIVE_SECRET} \ # --from-literal=dropboxKey=${UPPY_DROPBOX_KEY} \ # --from-literal=dropboxSecret=${UPPY_DROPBOX_SECRET} \ # --from-literal=jwtSecret=${UPPY_JWT_SECRET} \ # --from-literal=secret=${UPPY_SECRET} \ # --from-literal=sessionSecret=${UPPY_SESSION_SECRET} \ # --from-literal=b2Key=${UPPY_B2_KEY} \ # --from-literal=b2Secret=${UPPY_B2_SECRET}\ kubectl --namespace futureporn delete secret superstreamer --ignore-not-found kubectl --namespace futureporn create secret generic superstreamer \ --from-literal=databaseUri=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/sprs \ --from-literal=s3Endpoint=${S3_ENDPOINT} \ --from-literal=s3Region=${S3_REGION} \ --from-literal=s3AccessKey=${S3_ACCESS_KEY_ID} \ --from-literal=s3SecretKey=${S3_SECRET_ACCESS_KEY} \ --from-literal=s3Bucket=${S3_BUCKET_NAME} \ --from-literal=publicS3Endpoint=${PUBLIC_S3_ENDPOINT} \ --from-literal=superSecret=${SUPER_SECRET} \ --from-literal=authToken=${SUPERSTREAMER_AUTH_TOKEN} kubectl --namespace futureporn delete secret bright --ignore-not-found kubectl --namespace futureporn create secret generic bright \ --from-literal=databaseUrl=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/bright \ --from-literal=secretKeyBase=${BRIGHT_SECRET_KEY_BASE} kubectl --namespace futureporn delete secret next --ignore-not-found kubectl --namespace futureporn create secret generic next \ --from-literal=nextAuthSecret=${NEXTAUTH_SECRET} kubectl --namespace futureporn delete secret traefik-dashboard-auth --ignore-not-found kubectl --namespace futureporn create secret generic traefik-dashboard-auth \ --type=kubernetes.io/basic-auth \ --from-literal=password=${TRAEFIK_DASHBOARD_PASSWORD} \ --from-literal=username=${TRAEFIK_DASHBOARD_USERNAME} kubectl --namespace futureporn delete secret patreon --ignore-not-found kubectl --namespace futureporn create secret generic patreon \ --from-literal=creatorAccessToken=${PATREON_CREATOR_ACCESS_TOKEN} \ --from-literal=creatorRefreshToken=${PATREON_CREATOR_REFRESH_TOKEN} \ --from-literal=clientId=${PATREON_CLIENT_ID} \ --from-literal=clientSecret=${PATREON_CLIENT_SECRET} kubectl --namespace futureporn delete secret chisel --ignore-not-found kubectl --namespace futureporn create secret generic chisel \ --from-literal=auth="${CHISEL_USERNAME}:${CHISEL_PASSWORD}" kubectl --namespace chisel-operator-system delete secret chisel --ignore-not-found kubectl --namespace chisel-operator-system create secret generic chisel \ --from-literal=auth="${CHISEL_USERNAME}:${CHISEL_PASSWORD}" kubectl --namespace futureporn delete secret bot --ignore-not-found kubectl --namespace futureporn create secret generic bot \ --from-literal=automationUserJwt=${AUTOMATION_USER_JWT} \ --from-literal=discordToken=${DISCORD_TOKEN} \ --from-literal=discordChannelId=${DISCORD_CHANNEL_ID} \ --from-literal=discordGuildId=${DISCORD_GUILD_ID} \ --from-literal=discordApplicationId=${DISCORD_APPLICATION_ID} \ --from-literal=workerConnectionString=${WORKER_CONNECTION_STRING} kubectl --namespace futureporn delete secret pgadmin4 --ignore-not-found kubectl --namespace futureporn create secret generic pgadmin4 \ --from-literal=email=${PGADMIN_DEFAULT_EMAIL} \ --from-literal=password=${PGADMIN_DEFAULT_PASSWORD} kubectl --namespace futureporn delete secret postgrest --ignore-not-found kubectl --namespace futureporn create secret generic postgrest \ --from-literal=dbUri=${PGRST_DB_URI} \ --from-literal=jwtSecret=${PGRST_JWT_SECRET} \ --from-literal=automationUserJwt=${AUTOMATION_USER_JWT} kubectl --namespace futureporn delete secret capture --ignore-not-found kubectl --namespace futureporn create secret generic capture \ --from-literal=workerConnectionString=${WORKER_CONNECTION_STRING} \ --from-literal=s3AccessKeyId=${S3_USC_BUCKET_KEY_ID} \ --from-literal=s3SecretAccessKey=${S3_USC_BUCKET_APPLICATION_KEY} \ --from-literal=httpProxy=${HTTP_PROXY} kubectl --namespace futureporn delete secret mailbox --ignore-not-found kubectl --namespace futureporn create secret generic mailbox \ --from-literal=databaseUrl=${WORKER_DATABASE_URL} \ --from-literal=imapServer=${IMAP_SERVER} \ --from-literal=imapPort=${IMAP_PORT} \ --from-literal=imapUsername=${IMAP_USERNAME} \ --from-literal=imapPassword=${IMAP_PASSWORD} \ --from-literal=imapAccessToken=${IMAP_ACCESS_TOKEN} # kubectl --namespace futureporn delete secret discord --ignore-not-found # kubectl --namespace futureporn create secret generic discord \ # --from-literal=token=${DISCORD_TOKEN} \ # --from-literal=applicationId=${DISCORD_APPLICATION_ID} kubectl --namespace futureporn delete secret redis --ignore-not-found kubectl --namespace futureporn create secret generic redis \ --from-literal=password=${REDIS_PASSWORD} kubectl --namespace futureporn delete secret uppy --ignore-not-found kubectl --namespace futureporn create secret generic uppy \ --from-literal=redisUrl=${COMPANION_REDIS_URL} \ --from-literal=secret=${COMPANION_SECRET} \ --from-literal=preAuthSecret=${COMPANION_PREAUTH_SECRET} \ --from-literal=dropboxKey=${COMPANION_DROPBOX_KEY} \ --from-literal=dropboxSecret=${COMPANION_DROPBOX_SECRET} \ --from-literal=boxKey=${COMPANION_BOX_KEY} \ --from-literal=boxSecret=${COMPANION_BOX_SECRET} \ --from-literal=googleKey=${COMPANION_GOOGLE_KEY} \ --from-literal=googleSecret=${COMPANION_GOOGLE_SECRET} \ --from-literal=awsKey=${COMPANION_AWS_KEY} \ --from-literal=awsSecret=${COMPANION_AWS_SECRET} \ --from-literal=awsBucket=${COMPANION_AWS_BUCKET} \ --from-literal=oauthDomain=${COMPANION_OAUTH_DOMAIN} \ --from-literal=uploadUrls=${COMPANION_UPLOAD_URLS} ## @todo we need exoscale in two separate namespaces. ## Is it worth using secrets reflector? kubectl --namespace cert-manager delete secret exoscale --ignore-not-found kubectl --namespace cert-manager create secret generic exoscale \ --from-literal=apiKey=${EXOSCALE_API_KEY} \ --from-literal=apiSecret=${EXOSCALE_API_SECRET} kubectl --namespace futureporn delete secret exoscale --ignore-not-found kubectl --namespace futureporn create secret generic exoscale \ --from-literal=apiKey=${EXOSCALE_API_KEY} \ --from-literal=apiSecret=${EXOSCALE_API_SECRET} kubectl --namespace futureporn delete secret grafana --ignore-not-found kubectl --namespace futureporn create secret generic grafana \ --from-literal=admin-user=${GRAFANA_USERNAME} \ --from-literal=admin-password=${GRAFANA_PASSWORD} # kubectl --namespace futureporn delete secret link2cid --ignore-not-found # kubectl --namespace futureporn create secret generic link2cid \ # --from-literal=apiKey=${LINK2CID_API_KEY} kubectl --namespace cert-manager delete secret vultr --ignore-not-found kubectl --namespace cert-manager create secret generic vultr \ --from-literal=apiKey=${VULTR_API_KEY} kubectl --namespace futureporn delete secret vultr --ignore-not-found kubectl --namespace futureporn create secret generic vultr \ --from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \ --from-literal=apiKey=${VULTR_API_KEY} kubectl --namespace futureporn delete secret postgresql --ignore-not-found kubectl --namespace futureporn create secret generic postgresql \ --from-literal=replication-password=${POSTGRES_PASSWORD} \ --from-literal=postgres-password=${POSTGRES_PASSWORD} \ --from-literal=password=${POSTGRES_PASSWORD} \ --from-literal=db-password=${POSTGRES_PASSWORD} kubectl --namespace futureporn delete secret pgadmin --ignore-not-found kubectl --namespace futureporn create secret generic pgadmin \ --from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \ --from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD} kubectl --namespace futureporn delete secret strapi --ignore-not-found kubectl --namespace futureporn create secret generic strapi \ --from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \ --from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \ --from-literal=appKeys=${STRAPI_APP_KEYS} \ --from-literal=databaseUrl=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \ --from-literal=jwtSecret=${STRAPI_JWT_SECRET} \ --from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \ --from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \ --from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \ --from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \ --from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \ --from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \ --from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \ --from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \ --from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \ --from-literal=sendgridApiKey=${SENDGRID_API_KEY} \ --from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \ --from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}