fix: add barbican secrets and create not apply

`apply` will overwrite the object if the secret changes, this could
result in accidentally changing all cluster secrets.
`create` will exit with an error if the object already exists which is
what we want.

bin/create-secrets.sh

@@ -75,6 +75,9 @@ octavia_rabbitmq_password=$(generate_password 64)
 octavia_db_password=$(generate_password 32)
 octavia_admin_password=$(generate_password 32)
 octavia_certificates_password=$(generate_password 32)
+barbican_rabbitmq_password=$(generate_password 64)
+barbican_db_password=$(generate_password 32)
+barbican_admin_password=$(generate_password 32)
 postgresql_identity_admin_password=$(generate_password 32)
 postgresql_db_admin_password=$(generate_password 32)
 postgresql_db_exporter_password=$(generate_password 32)
@@ -432,6 +435,33 @@ data:
 ---
 apiVersion: v1
 kind: Secret
+metadata:
+  name: barbican-rabbitmq-password
+  namespace: openstack
+type: Opaque
+data:
+  password: $(echo -n $barbican_rabbitmq_password | base64 -w0)
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: barbican-db-password
+  namespace: openstack
+type: Opaque
+data:
+  password: $(echo -n $barbican_db_password | base64 -w0)
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: barbican-admin
+  namespace: openstack
+type: Opaque
+data:
+  password: $(echo -n $barbican_admin_password | base64 -w0)
+---
+apiVersion: v1
+kind: Secret
 metadata:
   name: postgresql-identity-admin
   namespace: openstack

docs/infrastructure-namespace.md

@@ -21,8 +21,8 @@ Then you can create all needed secrets by running the create-secrets.sh command
 
 That will create a kubesecrets.yaml file located in /etc/genestack
 
-You can then apply them to kubernetes with the following command:
+You can then apply it to kubernetes with the following command:
 
 ``` shell
-kubectl apply -f /etc/genestack/kubesecrets.yaml -n openstack
+kubectl create -f /etc/genestack/kubesecrets.yaml -n openstack
 ```