♻️(helm) extract make command in a script

Existing make command wasn't working on Mac. Fixed it, plus
refactored it in a proper script, so we can share it among
projects, as for the build kind cluster one.

External secrets are created in a dedicated namespace, to avoid
duplicating them if we spawn several LaSuite applications on the
same local stack.

Makefile

@@ -301,34 +301,8 @@ build-k8s-cluster: ## build the kubernetes cluster using kind
 	./bin/start-kind.sh
 .PHONY: build-k8s-cluster
 
-install-secret: ## install the kubernetes secrets from Vaultwarden
+install-external-secrets: ## install the kubernetes secrets from Vaultwarden
-	if kubectl -n meet get secrets bitwarden-cli-visio; then \
+	./bin/install-external-secrets.sh
-		echo "Secret already present"; \
-	else \
-		echo "Please provide the following information:"; \
-		read -p "Enter your vaultwarden email login: " LOGIN; \
-		read -p "Enter your vaultwarden password: " PASSWORD; \
-		read -p "Enter your vaultwarden server url: " URL; \
-		echo "\nCreate vaultwarden secret"; \
-		echo "apiVersion: v1" > /tmp/secret.yaml; \
-		echo "kind: Secret" >> /tmp/secret.yaml; \
-		echo "metadata:" >> /tmp/secret.yaml; \
-		echo "  name: bitwarden-cli-visio" >> /tmp/secret.yaml; \
-		echo "  namespace: meet" >> /tmp/secret.yaml; \
-		echo "type: Opaque" >> /tmp/secret.yaml; \
-		echo "stringData:" >> /tmp/secret.yaml; \
-		echo "  BW_HOST: $$URL" >> /tmp/secret.yaml; \
-		echo "  BW_PASSWORD: $$PASSWORD" >> /tmp/secret.yaml; \
-		echo "  BW_USERNAME: $$LOGIN" >> /tmp/secret.yaml; \
-		kubectl -n meet apply -f /tmp/secret.yaml;\
-		rm -f /tmp/secret.yaml; \
-		helm repo add external-secrets https://charts.external-secrets.io; \
-		helm upgrade --install external-secrets \
-      external-secrets/external-secrets \
-       -n meet \
-       --create-namespace \
-       --set installCRDs=true; \
-	fi
 .PHONY: build-k8s-cluster
 
 start-tilt: ## start the kubernetes cluster using kind

bin/install-external-secrets.sh

@@ -0,0 +1,90 @@
+#!/bin/sh
+set -o errexit
+
+CURRENT_DIR=$(pwd)
+NAMESPACE=${1:-meet}
+SECRET_NAME=${2:-bitwarden-cli-visio}
+TEMP_SECRET_FILE=$(mktemp)
+
+
+cleanup() {
+    rm -f "${TEMP_SECRET_FILE}"
+}
+trap cleanup EXIT
+
+
+# Check if kubectl is available
+check_prerequisites() {
+    if ! command -v kubectl &> /dev/null; then
+        echo "Error: kubectl is not installed or not in PATH"
+        exit 1
+    fi
+}
+
+# Check if secret already exists
+check_secret_exists() {
+    kubectl -n "${NAMESPACE}" get secrets "${SECRET_NAME}" &> /dev/null
+}
+
+
+# Collect user input securely
+get_user_input() {
+    echo "Please provide the following information:"
+    read -p "Enter your Vaultwarden email login: " LOGIN
+    read -s -p "Enter your Vaultwarden password: " PASSWORD
+    echo
+    read -p "Enter your Vaultwarden server url: " URL
+}
+
+# Create and apply the secret
+create_secret() {
+    cat > "${TEMP_SECRET_FILE}" << EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ${SECRET_NAME}
+  namespace: ${NAMESPACE}
+type: Opaque
+stringData:
+  BW_HOST: ${URL}
+  BW_PASSWORD: ${PASSWORD}
+  BW_USERNAME: ${LOGIN}
+EOF
+
+    kubectl -n "${NAMESPACE}" apply -f "${TEMP_SECRET_FILE}"
+}
+
+# Install external-secrets using Helm
+install_external_secrets() {
+    if ! kubectl get ns external-secrets &>/dev/null; then
+        echo "Installing external-secrets…"
+        helm repo add external-secrets https://charts.external-secrets.io
+        helm upgrade --install external-secrets \
+            external-secrets/external-secrets \
+            -n external-secrets \
+            --create-namespace \
+            --set installCRDs=true
+    else
+        echo "External secrets already deployed"
+    fi
+}
+
+main() {
+    check_prerequisites
+
+    if check_secret_exists; then
+        echo "Secret '${SECRET_NAME}' already present in namespace '${NAMESPACE}'"
+        exit 0
+    fi
+
+    echo -e ${TEMP_SECRET_FILE}
+
+    get_user_input
+    echo -e "\nCreating Vaultwarden secret…"
+    create_secret
+    install_external_secrets
+
+    echo "Secret installation completed successfully"
+}
+
+main "$@"