42 lines
1.4 KiB
YAML
42 lines
1.4 KiB
YAML
|
apiVersion: batch/v1
|
||
|
|
kind: Job
|
||
|
|
metadata:
|
||
|
|
name: {{ include "solidtime.fullname" . }}-keygen
|
||
|
|
annotations:
|
||
|
|
"helm.sh/hook": pre-install,pre-upgrade
|
||
|
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||
|
|
spec:
|
||
|
|
template:
|
||
|
|
spec:
|
||
|
|
serviceAccountName: {{ include "solidtime.fullname" . }}-keygen
|
||
|
|
restartPolicy: OnFailure
|
||
|
|
containers:
|
||
|
|
- name: keygen
|
||
|
|
image: bitnami/kubectl:latest
|
||
|
|
command:
|
||
|
|
- /bin/sh
|
||
|
|
- -c
|
||
|
|
- |
|
||
|
|
SECRET_NAME="solidtime-app-secrets"
|
||
|
|
|
||
|
|
# 1. Check if secret exists
|
||
|
|
if kubectl get secret $SECRET_NAME; then
|
||
|
|
echo "Keys already exist. Skipping generation."
|
||
|
|
exit 0
|
||
|
|
fi
|
||
|
|
|
||
|
|
echo "Generating keys..."
|
||
|
|
|
||
|
|
# Generate Passport Keys
|
||
|
|
openssl genrsa -out private.key 4096
|
||
|
|
openssl rsa -in private.key -pubout -out public.key
|
||
|
|
|
||
|
|
# Generate App Key (base64 encoded random 32 chars)
|
||
|
|
APP_KEY="base64:$(openssl rand -base64 32)"
|
||
|
|
|
||
|
|
# 2. Create Secret with ALL keys
|
||
|
|
# We use --from-file for RSA keys to preserve newlines correctly
|
||
|
|
kubectl create secret generic $SECRET_NAME \
|
||
|
|
--from-literal=APP_KEY="$APP_KEY" \
|
||
|
|
--from-file=PASSPORT_PRIVATE_KEY=private.key \
|
||
|
|
--from-file=PASSPORT_PUBLIC_KEY=public.key
|