182 lines
8.2 KiB
Bash
Executable File
182 lines
8.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
|
|
## @todo switch to infisical
|
|
# ns=futureporn
|
|
# kubectl --namespace $ns delete secret universal-auth-credentials --ignore-not-found
|
|
# kubectl --namespace $ns create secret generic universal-auth-credentials \
|
|
# --from-literal=clientSecret="${INFISICAL_CLIENT_SECRET}" \
|
|
# --from-literal=clientId="${INFISICAL_CLIENT_ID}"
|
|
# echo "@todo remove all the unused secrets"
|
|
# exit 256
|
|
|
|
CLOUD_DATA=$(echo -e "[default]\naws_access_key_id: $VELERO_S3_KEY_ID\naws_secret_access_key: $VELERO_S3_ACCESS_KEY" | base64 -w 0)
|
|
kubectl --namespace=velero delete secret velero --ignore-not-found
|
|
## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
|
|
cat <<EOF | kubectl --namespace=velero create -f-
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: velero
|
|
namespace: velero
|
|
annotations:
|
|
meta.helm.sh/release-namespace: futureporn
|
|
labels:
|
|
app.kubernetes.io/managed-by: Helm
|
|
type: Opaque
|
|
data:
|
|
cloud: $CLOUD_DATA
|
|
EOF
|
|
|
|
|
|
# kubectl --namespace futureporn delete secret uppy --ignore-not-found
|
|
# kubectl --namespace futureporn create secret generic uppy \
|
|
# --from-literal=driveKey=${UPPY_DRIVE_KEY} \
|
|
# --from-literal=driveSecret=${UPPY_DRIVE_SECRET} \
|
|
# --from-literal=dropboxKey=${UPPY_DROPBOX_KEY} \
|
|
# --from-literal=dropboxSecret=${UPPY_DROPBOX_SECRET} \
|
|
# --from-literal=jwtSecret=${UPPY_JWT_SECRET} \
|
|
# --from-literal=secret=${UPPY_SECRET} \
|
|
# --from-literal=sessionSecret=${UPPY_SESSION_SECRET} \
|
|
# --from-literal=b2Key=${UPPY_B2_KEY} \
|
|
# --from-literal=b2Secret=${UPPY_B2_SECRET}\
|
|
|
|
|
|
kubectl --namespace futureporn delete secret chisel --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic chisel \
|
|
--from-literal=auth="${CHISEL_USERNAME}:${CHISEL_PASSWORD}"
|
|
kubectl --namespace chisel-operator-system delete secret chisel --ignore-not-found
|
|
kubectl --namespace chisel-operator-system create secret generic chisel \
|
|
--from-literal=auth="${CHISEL_USERNAME}:${CHISEL_PASSWORD}"
|
|
|
|
kubectl --namespace futureporn delete secret ngrok --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic ngrok \
|
|
--from-literal=API_KEY=${NGROK_API_KEY} \
|
|
--from-literal=AUTHTOKEN=${NGROK_AUTHTOKEN} \
|
|
--from-literal=domain=${NGROK_DOMAIN}
|
|
|
|
kubectl --namespace futureporn delete secret bot --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic bot \
|
|
--from-literal=automationUserJwt=${AUTOMATION_USER_JWT} \
|
|
--from-literal=discordToken=${DISCORD_TOKEN} \
|
|
--from-literal=discordChannelId=${DISCORD_CHANNEL_ID} \
|
|
--from-literal=discordGuildId=${DISCORD_GUILD_ID} \
|
|
--from-literal=discordApplicationId=${DISCORD_APPLICATION_ID} \
|
|
--from-literal=workerConnectionString=${WORKER_CONNECTION_STRING}
|
|
|
|
kubectl --namespace futureporn delete secret pgadmin4 --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic pgadmin4 \
|
|
--from-literal=email=${PGADMIN_DEFAULT_EMAIL} \
|
|
--from-literal=password=${PGADMIN_DEFAULT_PASSWORD}
|
|
|
|
kubectl --namespace futureporn delete secret postgrest --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic postgrest \
|
|
--from-literal=dbUri=${PGRST_DB_URI} \
|
|
--from-literal=jwtSecret=${PGRST_JWT_SECRET} \
|
|
--from-literal=automationUserJwt=${AUTOMATION_USER_JWT}
|
|
|
|
kubectl --namespace futureporn delete secret capture --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic capture \
|
|
--from-literal=workerConnectionString=${WORKER_CONNECTION_STRING} \
|
|
--from-literal=s3AccessKeyId=${S3_USC_BUCKET_KEY_ID} \
|
|
--from-literal=s3SecretAccessKey=${S3_USC_BUCKET_APPLICATION_KEY} \
|
|
--from-literal=httpProxy=${HTTP_PROXY}
|
|
|
|
kubectl --namespace futureporn delete secret mailbox --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic mailbox \
|
|
--from-literal=databaseUrl=${WORKER_DATABASE_URL} \
|
|
--from-literal=imapServer=${IMAP_SERVER} \
|
|
--from-literal=imapPort=${IMAP_PORT} \
|
|
--from-literal=imapUsername=${IMAP_USERNAME} \
|
|
--from-literal=imapPassword=${IMAP_PASSWORD} \
|
|
--from-literal=imapAccessToken=${IMAP_ACCESS_TOKEN}
|
|
|
|
|
|
# kubectl --namespace futureporn delete secret discord --ignore-not-found
|
|
# kubectl --namespace futureporn create secret generic discord \
|
|
# --from-literal=token=${DISCORD_TOKEN} \
|
|
# --from-literal=applicationId=${DISCORD_APPLICATION_ID}
|
|
|
|
kubectl --namespace futureporn delete secret redis --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic redis \
|
|
--from-literal=password=${REDIS_PASSWORD}
|
|
|
|
kubectl --namespace futureporn delete secret uppy --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic uppy \
|
|
--from-literal=redisUrl=${COMPANION_REDIS_URL} \
|
|
--from-literal=secret=${COMPANION_SECRET} \
|
|
--from-literal=preAuthSecret=${COMPANION_PREAUTH_SECRET} \
|
|
--from-literal=dropboxKey=${COMPANION_DROPBOX_KEY} \
|
|
--from-literal=dropboxSecret=${COMPANION_DROPBOX_SECRET} \
|
|
--from-literal=boxKey=${COMPANION_BOX_KEY} \
|
|
--from-literal=boxSecret=${COMPANION_BOX_SECRET} \
|
|
--from-literal=googleKey=${COMPANION_GOOGLE_KEY} \
|
|
--from-literal=googleSecret=${COMPANION_GOOGLE_SECRET} \
|
|
--from-literal=awsKey=${COMPANION_AWS_KEY} \
|
|
--from-literal=awsSecret=${COMPANION_AWS_SECRET} \
|
|
--from-literal=awsBucket=${COMPANION_AWS_BUCKET} \
|
|
--from-literal=oauthDomain=${COMPANION_OAUTH_DOMAIN} \
|
|
--from-literal=uploadUrls=${COMPANION_UPLOAD_URLS}
|
|
|
|
## @todo we need exoscale in two separate namespaces.
|
|
## Is it worth using secrets reflector?
|
|
kubectl --namespace cert-manager delete secret exoscale --ignore-not-found
|
|
kubectl --namespace cert-manager create secret generic exoscale \
|
|
--from-literal=apiKey=${EXOSCALE_API_KEY} \
|
|
--from-literal=apiSecret=${EXOSCALE_API_SECRET}
|
|
kubectl --namespace futureporn delete secret exoscale --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic exoscale \
|
|
--from-literal=apiKey=${EXOSCALE_API_KEY} \
|
|
--from-literal=apiSecret=${EXOSCALE_API_SECRET}
|
|
|
|
kubectl --namespace futureporn delete secret grafana --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic grafana \
|
|
--from-literal=admin-user=${GRAFANA_USERNAME} \
|
|
--from-literal=admin-password=${GRAFANA_PASSWORD}
|
|
|
|
|
|
# kubectl --namespace futureporn delete secret link2cid --ignore-not-found
|
|
# kubectl --namespace futureporn create secret generic link2cid \
|
|
# --from-literal=apiKey=${LINK2CID_API_KEY}
|
|
|
|
kubectl --namespace cert-manager delete secret vultr --ignore-not-found
|
|
kubectl --namespace cert-manager create secret generic vultr \
|
|
--from-literal=apiKey=${VULTR_API_KEY}
|
|
|
|
kubectl --namespace futureporn delete secret vultr --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic vultr \
|
|
--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \
|
|
--from-literal=apiKey=${VULTR_API_KEY}
|
|
|
|
kubectl --namespace futureporn delete secret postgresql --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic postgresql \
|
|
--from-literal=replication-password=${POSTGRES_PASSWORD} \
|
|
--from-literal=postgres-password=${POSTGRES_PASSWORD} \
|
|
--from-literal=password=${POSTGRES_PASSWORD}
|
|
|
|
kubectl --namespace futureporn delete secret pgadmin --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic pgadmin \
|
|
--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \
|
|
--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD}
|
|
|
|
kubectl --namespace futureporn delete secret strapi --ignore-not-found
|
|
kubectl --namespace futureporn create secret generic strapi \
|
|
--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \
|
|
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
|
|
--from-literal=appKeys=${STRAPI_APP_KEYS} \
|
|
--from-literal=databaseUrl=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
|
|
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
|
|
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
|
|
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
|
|
--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \
|
|
--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \
|
|
--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \
|
|
--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \
|
|
--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \
|
|
--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \
|
|
--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \
|
|
--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \
|
|
--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \
|
|
--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}
|