bin/install-external-secrets.sh

#!/usr/bin/env bash
set -o errexit

CURRENT_DIR=$(pwd)
NAMESPACE=${1:-meet}
SECRET_NAME=${2:-bitwarden-cli-meet}
TEMP_SECRET_FILE=$(mktemp)


cleanup() {
    rm -f "${TEMP_SECRET_FILE}"
}
trap cleanup EXIT


# Check if kubectl is available
check_prerequisites() {
    if ! command -v kubectl &> /dev/null; then
        echo "Error: kubectl is not installed or not in PATH"
        exit 1
    fi
}

# Check if secret already exists
check_secret_exists() {
    kubectl -n "${NAMESPACE}" get secrets "${SECRET_NAME}" &> /dev/null
}


# Collect user input securely
get_user_input() {
    echo "Please provide the following information:"
    read -p "Enter your Vaultwarden email login: " LOGIN
    read -s -p "Enter your Vaultwarden password: " PASSWORD
    echo
    read -p "Enter your Vaultwarden server url: " URL
}

# Create and apply the secret
create_secret() {
    cat > "${TEMP_SECRET_FILE}" << EOF
apiVersion: v1
kind: Secret
metadata:
  name: ${SECRET_NAME}
  namespace: ${NAMESPACE}
type: Opaque
stringData:
  BW_HOST: ${URL}
  BW_PASSWORD: ${PASSWORD}
  BW_USERNAME: ${LOGIN}
EOF

    kubectl -n "${NAMESPACE}" apply -f "${TEMP_SECRET_FILE}"
}

# Install external-secrets using Helm
install_external_secrets() {
    if ! kubectl get ns external-secrets &>/dev/null; then
        echo "Installing external-secrets…"
        helm repo add external-secrets https://charts.external-secrets.io
        helm upgrade --install external-secrets \
            external-secrets/external-secrets \
            -n external-secrets \
            --create-namespace \
            --set installCRDs=true
    else
        echo "External secrets already deployed"
    fi
}

main() {
    check_prerequisites

    if check_secret_exists; then
        echo "Secret '${SECRET_NAME}' already present in namespace '${NAMESPACE}'"
        exit 0
    fi

    echo -e ${TEMP_SECRET_FILE}

    get_user_input
    echo -e "\nCreating Vaultwarden secret…"
    create_secret
    install_external_secrets

    echo "Secret installation completed successfully"
}

main "$@"
♻️(scripts) improve script portability Improved script portability by switching to `/usr/bin/env bash`, ensuring better support across environments where `bash` may not be the default shell. 2025-01-13 17:21:28 +01:00			`#!/usr/bin/env bash`
♻️(helm) extract make command in a script Existing make command wasn't working on Mac. Fixed it, plus refactored it in a proper script, so we can share it among projects, as for the build kind cluster one. External secrets are created in a dedicated namespace, to avoid duplicating them if we spawn several LaSuite applications on the same local stack. 2025-01-13 11:48:47 +01:00			`set -o errexit`

			`CURRENT_DIR=$(pwd)`
			`NAMESPACE=${1:-meet}`
♻️(helm) refactor clusterSecretStore and ExternalSecret deployments Refactored ClusterSecretStore and ExternalSecret deployment to support VaultWarden custom fields beyond login/password, including multi-line values via file input. Also made the secret template name configurable for added flexibility. ClusterSecretStore are supposed to be cluster-wide objects, it's useless to precise any namespace. 2025-01-13 12:20:35 +01:00			`SECRET_NAME=${2:-bitwarden-cli-meet}`
♻️(helm) extract make command in a script Existing make command wasn't working on Mac. Fixed it, plus refactored it in a proper script, so we can share it among projects, as for the build kind cluster one. External secrets are created in a dedicated namespace, to avoid duplicating them if we spawn several LaSuite applications on the same local stack. 2025-01-13 11:48:47 +01:00			`TEMP_SECRET_FILE=$(mktemp)`


			`cleanup() {`
			`rm -f "${TEMP_SECRET_FILE}"`
			`}`
			`trap cleanup EXIT`


			`# Check if kubectl is available`
			`check_prerequisites() {`
			`if ! command -v kubectl &> /dev/null; then`
			`echo "Error: kubectl is not installed or not in PATH"`
			`exit 1`
			`fi`
			`}`

			`# Check if secret already exists`
			`check_secret_exists() {`
			`kubectl -n "${NAMESPACE}" get secrets "${SECRET_NAME}" &> /dev/null`
			`}`


			`# Collect user input securely`
			`get_user_input() {`
			`echo "Please provide the following information:"`
			`read -p "Enter your Vaultwarden email login: " LOGIN`
			`read -s -p "Enter your Vaultwarden password: " PASSWORD`
			`echo`
			`read -p "Enter your Vaultwarden server url: " URL`
			`}`

			`# Create and apply the secret`
			`create_secret() {`
			`cat > "${TEMP_SECRET_FILE}" << EOF`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: ${SECRET_NAME}`
			`namespace: ${NAMESPACE}`
			`type: Opaque`
			`stringData:`
			`BW_HOST: ${URL}`
			`BW_PASSWORD: ${PASSWORD}`
			`BW_USERNAME: ${LOGIN}`
			`EOF`

			`kubectl -n "${NAMESPACE}" apply -f "${TEMP_SECRET_FILE}"`
			`}`

			`# Install external-secrets using Helm`
			`install_external_secrets() {`
			`if ! kubectl get ns external-secrets &>/dev/null; then`
			`echo "Installing external-secrets…"`
			`helm repo add external-secrets https://charts.external-secrets.io`
			`helm upgrade --install external-secrets \`
			`external-secrets/external-secrets \`
			`-n external-secrets \`
			`--create-namespace \`
			`--set installCRDs=true`
			`else`
			`echo "External secrets already deployed"`
			`fi`
			`}`

			`main() {`
			`check_prerequisites`

			`if check_secret_exists; then`
			`echo "Secret '${SECRET_NAME}' already present in namespace '${NAMESPACE}'"`
			`exit 0`
			`fi`

			`echo -e ${TEMP_SECRET_FILE}`

			`get_user_input`
			`echo -e "\nCreating Vaultwarden secret…"`
			`create_secret`
			`install_external_secrets`

			`echo "Secret installation completed successfully"`
			`}`

			`main "$@"`