From 203f1762e78c28c9004aa2dfe29812250a725a0f Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Mon, 13 Jan 2025 11:48:47 +0100 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F(helm)=20extract=20make=20com?= =?UTF-8?q?mand=20in=20a=20script?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Existing make command wasn't working on Mac. Fixed it, plus refactored it in a proper script, so we can share it among projects, as for the build kind cluster one. External secrets are created in a dedicated namespace, to avoid duplicating them if we spawn several LaSuite applications on the same local stack. --- Makefile | 30 +---------- bin/install-external-secrets.sh | 90 +++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 28 deletions(-) create mode 100755 bin/install-external-secrets.sh diff --git a/Makefile b/Makefile index fb2f1360..6b74e65c 100644 --- a/Makefile +++ b/Makefile @@ -301,34 +301,8 @@ build-k8s-cluster: ## build the kubernetes cluster using kind ./bin/start-kind.sh .PHONY: build-k8s-cluster -install-secret: ## install the kubernetes secrets from Vaultwarden - if kubectl -n meet get secrets bitwarden-cli-visio; then \ - echo "Secret already present"; \ - else \ - echo "Please provide the following information:"; \ - read -p "Enter your vaultwarden email login: " LOGIN; \ - read -p "Enter your vaultwarden password: " PASSWORD; \ - read -p "Enter your vaultwarden server url: " URL; \ - echo "\nCreate vaultwarden secret"; \ - echo "apiVersion: v1" > /tmp/secret.yaml; \ - echo "kind: Secret" >> /tmp/secret.yaml; \ - echo "metadata:" >> /tmp/secret.yaml; \ - echo " name: bitwarden-cli-visio" >> /tmp/secret.yaml; \ - echo " namespace: meet" >> /tmp/secret.yaml; \ - echo "type: Opaque" >> /tmp/secret.yaml; \ - echo "stringData:" >> /tmp/secret.yaml; \ - echo " BW_HOST: $$URL" >> /tmp/secret.yaml; \ - echo " BW_PASSWORD: $$PASSWORD" >> /tmp/secret.yaml; \ - echo " BW_USERNAME: $$LOGIN" >> /tmp/secret.yaml; \ - kubectl -n meet apply -f /tmp/secret.yaml;\ - rm -f /tmp/secret.yaml; \ - helm repo add external-secrets https://charts.external-secrets.io; \ - helm upgrade --install external-secrets \ - external-secrets/external-secrets \ - -n meet \ - --create-namespace \ - --set installCRDs=true; \ - fi +install-external-secrets: ## install the kubernetes secrets from Vaultwarden + ./bin/install-external-secrets.sh .PHONY: build-k8s-cluster start-tilt: ## start the kubernetes cluster using kind diff --git a/bin/install-external-secrets.sh b/bin/install-external-secrets.sh new file mode 100755 index 00000000..b782e518 --- /dev/null +++ b/bin/install-external-secrets.sh @@ -0,0 +1,90 @@ +#!/bin/sh +set -o errexit + +CURRENT_DIR=$(pwd) +NAMESPACE=${1:-meet} +SECRET_NAME=${2:-bitwarden-cli-visio} +TEMP_SECRET_FILE=$(mktemp) + + +cleanup() { + rm -f "${TEMP_SECRET_FILE}" +} +trap cleanup EXIT + + +# Check if kubectl is available +check_prerequisites() { + if ! command -v kubectl &> /dev/null; then + echo "Error: kubectl is not installed or not in PATH" + exit 1 + fi +} + +# Check if secret already exists +check_secret_exists() { + kubectl -n "${NAMESPACE}" get secrets "${SECRET_NAME}" &> /dev/null +} + + +# Collect user input securely +get_user_input() { + echo "Please provide the following information:" + read -p "Enter your Vaultwarden email login: " LOGIN + read -s -p "Enter your Vaultwarden password: " PASSWORD + echo + read -p "Enter your Vaultwarden server url: " URL +} + +# Create and apply the secret +create_secret() { + cat > "${TEMP_SECRET_FILE}" << EOF +apiVersion: v1 +kind: Secret +metadata: + name: ${SECRET_NAME} + namespace: ${NAMESPACE} +type: Opaque +stringData: + BW_HOST: ${URL} + BW_PASSWORD: ${PASSWORD} + BW_USERNAME: ${LOGIN} +EOF + + kubectl -n "${NAMESPACE}" apply -f "${TEMP_SECRET_FILE}" +} + +# Install external-secrets using Helm +install_external_secrets() { + if ! kubectl get ns external-secrets &>/dev/null; then + echo "Installing external-secrets…" + helm repo add external-secrets https://charts.external-secrets.io + helm upgrade --install external-secrets \ + external-secrets/external-secrets \ + -n external-secrets \ + --create-namespace \ + --set installCRDs=true + else + echo "External secrets already deployed" + fi +} + +main() { + check_prerequisites + + if check_secret_exists; then + echo "Secret '${SECRET_NAME}' already present in namespace '${NAMESPACE}'" + exit 0 + fi + + echo -e ${TEMP_SECRET_FILE} + + get_user_input + echo -e "\nCreating Vaultwarden secret…" + create_secret + install_external_secrets + + echo "Secret installation completed successfully" +} + +main "$@"