From 13d51b92c2efdafbfddcf68554a08bb544dde31b Mon Sep 17 00:00:00 2001
From: Luke Repko <luke.repko@rackspace.com>
Date: Fri, 2 Aug 2024 15:57:28 -0500
Subject: [PATCH] fix: add barbican secrets and create not apply

`apply` will overwrite the object if the secret changes, this could
result in accidentally changing all cluster secrets.
`create` will exit with an error if the object already exists which is
what we want.
---
 bin/create-secrets.sh            | 30 ++++++++++++++++++++++++++++++
 docs/infrastructure-namespace.md |  4 ++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/bin/create-secrets.sh b/bin/create-secrets.sh
index 72c3bee4..d5813abb 100755
--- a/bin/create-secrets.sh
+++ b/bin/create-secrets.sh
@@ -75,6 +75,9 @@ octavia_rabbitmq_password=$(generate_password 64)
 octavia_db_password=$(generate_password 32)
 octavia_admin_password=$(generate_password 32)
 octavia_certificates_password=$(generate_password 32)
+barbican_rabbitmq_password=$(generate_password 64)
+barbican_db_password=$(generate_password 32)
+barbican_admin_password=$(generate_password 32)
 postgresql_identity_admin_password=$(generate_password 32)
 postgresql_db_admin_password=$(generate_password 32)
 postgresql_db_exporter_password=$(generate_password 32)
@@ -432,6 +435,33 @@ data:
 ---
 apiVersion: v1
 kind: Secret
+metadata:
+  name: barbican-rabbitmq-password
+  namespace: openstack
+type: Opaque
+data:
+  password: $(echo -n $barbican_rabbitmq_password | base64 -w0)
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: barbican-db-password
+  namespace: openstack
+type: Opaque
+data:
+  password: $(echo -n $barbican_db_password | base64 -w0)
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: barbican-admin
+  namespace: openstack
+type: Opaque
+data:
+  password: $(echo -n $barbican_admin_password | base64 -w0)
+---
+apiVersion: v1
+kind: Secret
 metadata:
   name: postgresql-identity-admin
   namespace: openstack
diff --git a/docs/infrastructure-namespace.md b/docs/infrastructure-namespace.md
index 782fc317..a5f298e6 100644
--- a/docs/infrastructure-namespace.md
+++ b/docs/infrastructure-namespace.md
@@ -21,8 +21,8 @@ Then you can create all needed secrets by running the create-secrets.sh command
 
 That will create a kubesecrets.yaml file located in /etc/genestack
 
-You can then apply them to kubernetes with the following command:
+You can then apply it to kubernetes with the following command:
 
 ``` shell
-kubectl apply -f /etc/genestack/kubesecrets.yaml -n openstack
+kubectl create -f /etc/genestack/kubesecrets.yaml -n openstack
 ```