first commit
This commit is contained in:
sttlab
Executable
+82
@@ -0,0 +1,82 @@
|
||||
#!/usr/bin/env bash
|
||||
# Create all credential secrets before the first helm install.
|
||||
# Skips any secret that already exists — delete it first to regenerate.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
NS="gravitee-apim"
|
||||
|
||||
# Ensure namespace exists
|
||||
kubectl create namespace "${NS}" --dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
secret_exists() {
|
||||
kubectl -n "${NS}" get secret "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
echo "==> Creating MongoDB credentials"
|
||||
if secret_exists mongodb-credentials; then
|
||||
echo " mongodb-credentials already exists, skipping"
|
||||
else
|
||||
MONGO_ROOT_PASSWORD=$(openssl rand -base64 24 | tr -dc 'A-Za-z0-9' | head -c 16)
|
||||
MONGO_GRAVITEE_PASSWORD=$(openssl rand -base64 24 | tr -dc 'A-Za-z0-9' | head -c 16)
|
||||
kubectl -n "${NS}" create secret generic mongodb-credentials \
|
||||
--from-literal=mongodb-root-password="${MONGO_ROOT_PASSWORD}" \
|
||||
--from-literal=mongodb-passwords="${MONGO_GRAVITEE_PASSWORD}" \
|
||||
--from-literal=mongodb-replica-set-key=''
|
||||
fi
|
||||
|
||||
echo "==> Creating MongoDB URI secret"
|
||||
if secret_exists gravitee-mongodb-uri; then
|
||||
echo " gravitee-mongodb-uri already exists, skipping"
|
||||
else
|
||||
MONGO_GRAVITEE_PASSWORD=$(kubectl -n "${NS}" get secret mongodb-credentials \
|
||||
-o jsonpath='{.data.mongodb-passwords}' | base64 -d)
|
||||
MONGO_URI="mongodb://gravitee:${MONGO_GRAVITEE_PASSWORD}@mongodb.gravitee-apim.svc.cluster.local:27017/gravitee?tls=true&authSource=gravitee"
|
||||
kubectl -n "${NS}" create secret generic gravitee-mongodb-uri \
|
||||
--from-literal=GRAVITEE_MANAGEMENT_MONGODB_URI="${MONGO_URI}" \
|
||||
--from-literal=GRAVITEE_RATELIMIT_MONGODB_URI="${MONGO_URI}"
|
||||
fi
|
||||
|
||||
echo "==> Creating Gravitee admin credentials"
|
||||
if secret_exists gravitee-admin; then
|
||||
echo " gravitee-admin already exists, skipping"
|
||||
else
|
||||
GRAVITEE_ADMIN_PASSWORD=$(openssl rand -base64 24 | tr -dc 'A-Za-z0-9' | head -c 16)
|
||||
ADMIN_BCRYPT=$(htpasswd -bnBC 10 "" "${GRAVITEE_ADMIN_PASSWORD}" | tr -d ':\n')
|
||||
kubectl -n "${NS}" create secret generic gravitee-admin \
|
||||
--from-literal=admin-username='admin' \
|
||||
--from-literal=admin-password-plain="${GRAVITEE_ADMIN_PASSWORD}" \
|
||||
--from-literal=admin-password-bcrypt="${ADMIN_BCRYPT}"
|
||||
fi
|
||||
|
||||
echo "==> Creating JKS keystore password"
|
||||
if secret_exists gravitee-jks-password; then
|
||||
echo " gravitee-jks-password already exists, skipping"
|
||||
else
|
||||
JKS_PASSWORD=$(openssl rand -base64 24 | tr -dc 'A-Za-z0-9' | head -c 20)
|
||||
kubectl -n "${NS}" create secret generic gravitee-jks-password \
|
||||
--from-literal=password="${JKS_PASSWORD}"
|
||||
fi
|
||||
|
||||
echo "==> Creating JWT signing secret"
|
||||
if secret_exists gravitee-jwt; then
|
||||
echo " gravitee-jwt already exists, skipping"
|
||||
else
|
||||
JWT_SECRET=$(openssl rand -base64 48 | tr -d '\n')
|
||||
kubectl -n "${NS}" create secret generic gravitee-jwt \
|
||||
--from-literal=GRAVITEE_JWT_SECRET="${JWT_SECRET}"
|
||||
fi
|
||||
|
||||
echo "==> Creating API properties encryption key"
|
||||
if secret_exists gravitee-encryption; then
|
||||
echo " gravitee-encryption already exists, skipping"
|
||||
else
|
||||
ENCRYPTION_KEY=$(openssl rand -hex 16)
|
||||
kubectl -n "${NS}" create secret generic gravitee-encryption \
|
||||
--from-literal=api-properties-encryption-secret="${ENCRYPTION_KEY}"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "==> Done. Secrets in namespace ${NS}:"
|
||||
kubectl -n "${NS}" get secrets | grep -E 'mongodb-credentials|gravitee-mongodb-uri|gravitee-admin|gravitee-jwt|gravitee-jks-password|gravitee-ca-trust'
|
||||
echo ""
|
||||
Reference in New Issue
Block a user