easy-secrets-gen: include secrets for nautobot sso

rackerlabs · Mar 20, 2024 · 1ca855d · 1ca855d
1 parent 3fef745
commit 1ca855d
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/scripts/easy-secrets-gen.sh b/scripts/easy-secrets-gen.sh
@@ -29,6 +29,18 @@ kubectl --namespace nautobot \
     --from-literal=redis-password="$(./scripts/pwgen.sh)" \
     > secret-nautobot-redis.yaml
 
+NAUTOBOT_SSO_SECRET=$(./scripts/pwgen.sh)
+for ns in nautobot dex; do
+  kubectl --namespace $ns \
+    create secret generic nautobot-sso \
+    --dry-run=client \
+    -o yaml \
+    --type Opaque \
+    --from-literal=client-secret="$NAUTOBOT_SSO_SECRET" \
+    > secret-nautobot-sso-$ns.yaml
+done
+unset NAUTOBOT_SSO_SECRET
+
 kubectl --namespace openstack \
     create secret generic keystone-rabbitmq-password \
     --type Opaque \
@@ -105,6 +117,15 @@ for skrt in $(find . -maxdepth 1 -name "secret-keystone*.yaml" -o -name "secret-
         -w "${encskrt}"
 done
 
+for ns in nautobot dex; do
+  kubeseal \
+    --scope cluster-wide \
+    --allow-empty-data \
+    -o yaml \
+    -f secret-nautobot-sso-$ns.yaml \
+    -w components/01-secrets/encrypted-nautobot-sso-$ns.yaml
+done
+
 cd components/01-secrets/
 rm -f kustomization.yaml
 kustomize create --autodetect