lionsdev/lions-user-manager
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-01-03. You can view files and clone it, but cannot push or open issues or pull requests.
Files
main
lions-user-manager/scripts/create-kubernetes-secrets-production.ps1

244 lines
8.4 KiB
PowerShell
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env pwsh
<#
.SYNOPSIS
Script pour créer les secrets Kubernetes en production
.DESCRIPTION
Ce script crée les secrets Kubernetes nécessaires pour Lions User Manager :
- Secret frontend (Keycloak client secret, OIDC encryption secret)
- Secret backend (Keycloak service account secret, DB password, etc.)
.PARAMETER VpsHost
Host SSH du VPS (ex: lions@176.57.150.2)
.PARAMETER Namespace
Namespace Kubernetes (défaut: lions-user-manager)
.PARAMETER FrontendClientSecret
Secret du client frontend Keycloak
.PARAMETER BackendClientSecret
Secret du service account backend Keycloak
.PARAMETER OidcEncryptionSecret
Secret de chiffrement OIDC (32+ caractères)
.PARAMETER KeycloakAdminPassword
Mot de passe admin Keycloak
.PARAMETER DatabasePassword
Mot de passe base de données
.PARAMETER BackendUrl
URL du backend (défaut: https://api.lions.dev/lions-user-manager)
.EXAMPLE
.\create-kubernetes-secrets-production.ps1 `
-VpsHost "lions@176.57.150.2" `
-FrontendClientSecret "frontend-secret" `
-BackendClientSecret "backend-secret" `
-OidcEncryptionSecret "32-char-encryption-secret-here" `
-KeycloakAdminPassword "admin-password" `
-DatabasePassword "db-password"
#>
param(
[Parameter(Mandatory=$true)]
[string]$VpsHost,
[Parameter(Mandatory=$false)]
[string]$Namespace = "lions-user-manager",
[Parameter(Mandatory=$true)]
[string]$FrontendClientSecret,
[Parameter(Mandatory=$true)]
[string]$BackendClientSecret,
[Parameter(Mandatory=$true)]
[string]$OidcEncryptionSecret,
[Parameter(Mandatory=$true)]
[string]$KeycloakAdminPassword,
[Parameter(Mandatory=$true)]
[string]$DatabasePassword,
[Parameter(Mandatory=$false)]
[string]$BackendUrl = "https://api.lions.dev/lions-user-manager"
)
$ErrorActionPreference = "Stop"
# Couleurs
function Write-Success { Write-Host "$args" -ForegroundColor Green }
function Write-Info { Write-Host " $args" -ForegroundColor Cyan }
function Write-Warning { Write-Host "⚠️ $args" -ForegroundColor Yellow }
function Write-Error { Write-Host "$args" -ForegroundColor Red }
function Write-Step { Write-Host "`n🚀 $args" -ForegroundColor Magenta }
Write-Host @"
🔐 CRÉATION SECRETS KUBERNETES PRODUCTION 🔐
"@ -ForegroundColor Cyan
Write-Info "VPS Host: $VpsHost"
Write-Info "Namespace: $Namespace"
Write-Info ""
# Vérifier que le namespace existe
Write-Step "1. Vérification du namespace..."
$checkNsCmd = "kubectl get namespace $Namespace"
try {
ssh.exe $VpsHost $checkNsCmd | Out-Null
Write-Success "Namespace $Namespace existe"
} catch {
Write-Info "Création du namespace $Namespace..."
$createNsCmd = "kubectl create namespace $Namespace"
ssh.exe $VpsHost $createNsCmd
Write-Success "Namespace $Namespace créé"
}
# 2. Créer le secret frontend
Write-Step "2. Création du secret frontend..."
$frontendSecretYaml = @"
apiVersion: v1
kind: Secret
metadata:
name: lions-user-manager-client-secrets
namespace: $Namespace
type: Opaque
stringData:
KEYCLOAK_CLIENT_SECRET: $FrontendClientSecret
OIDC_ENCRYPTION_SECRET: $OidcEncryptionSecret
LIONS_USER_MANAGER_BACKEND_URL: $BackendUrl
"@
$frontendSecretFile = [System.IO.Path]::GetTempFileName()
$frontendSecretYaml | Out-File -FilePath $frontendSecretFile -Encoding UTF8
try {
# Supprimer le secret s'il existe déjà
$deleteCmd = "kubectl delete secret lions-user-manager-client-secrets -n $Namespace --ignore-not-found=true"
ssh.exe $VpsHost $deleteCmd | Out-Null
# Copier le fichier sur le VPS et créer le secret
$remoteFile = "/tmp/frontend-secret.yaml"
scp.exe $frontendSecretFile "$VpsHost`:$remoteFile"
$createSecretCmd = "kubectl apply -f $remoteFile"
ssh.exe $VpsHost $createSecretCmd
Write-Success "Secret frontend créé"
} catch {
Write-Error "Erreur création secret frontend: $($_.Exception.Message)"
exit 1
} finally {
Remove-Item $frontendSecretFile -Force
}
# 3. Créer le secret backend
Write-Step "3. Création du secret backend..."
$backendSecretYaml = @"
apiVersion: v1
kind: Secret
metadata:
name: lions-user-manager-server-secrets
namespace: $Namespace
type: Opaque
stringData:
KEYCLOAK_CLIENT_SECRET: $BackendClientSecret
KEYCLOAK_ADMIN_USERNAME: admin
KEYCLOAK_ADMIN_PASSWORD: $KeycloakAdminPassword
DB_PASSWORD: $DatabasePassword
"@
$backendSecretFile = [System.IO.Path]::GetTempFileName()
$backendSecretYaml | Out-File -FilePath $backendSecretFile -Encoding UTF8
try {
# Supprimer le secret s'il existe déjà
$deleteCmd = "kubectl delete secret lions-user-manager-server-secrets -n $Namespace --ignore-not-found=true"
ssh.exe $VpsHost $deleteCmd | Out-Null
# Copier le fichier sur le VPS et créer le secret
$remoteFile = "/tmp/backend-secret.yaml"
scp.exe $backendSecretFile "$VpsHost`:$remoteFile"
$createSecretCmd = "kubectl apply -f $remoteFile"
ssh.exe $VpsHost $createSecretCmd
Write-Success "Secret backend créé"
} catch {
Write-Error "Erreur création secret backend: $($_.Exception.Message)"
exit 1
} finally {
Remove-Item $backendSecretFile -Force
}
# 4. Vérifier les secrets
Write-Step "4. Vérification des secrets créés..."
$listSecretsCmd = "kubectl get secrets -n $Namespace | grep lions-user-manager"
try {
$secrets = ssh.exe $VpsHost $listSecretsCmd
Write-Success "Secrets listés:"
Write-Host $secrets
} catch {
Write-Warning "Erreur lors de la vérification: $($_.Exception.Message)"
}
# 5. Décrire les secrets (sans afficher les valeurs)
Write-Step "5. Description des secrets (sans valeurs)..."
try {
Write-Info "Secret frontend:"
$describeFrontendCmd = "kubectl describe secret lions-user-manager-client-secrets -n $Namespace"
ssh.exe $VpsHost $describeFrontendCmd
Write-Info "Secret backend:"
$describeBackendCmd = "kubectl describe secret lions-user-manager-server-secrets -n $Namespace"
ssh.exe $VpsHost $describeBackendCmd
} catch {
Write-Warning "Erreur lors de la description: $($_.Exception.Message)"
}
# 6. Résumé
Write-Step "6. Résumé de la configuration..."
Write-Host @"
SECRETS KUBERNETES CRÉÉS
"@ -ForegroundColor Green
Write-Host "📋 SECRETS CRÉÉS:" -ForegroundColor Yellow
Write-Host ""
Write-Host "🔐 FRONTEND (lions-user-manager-client-secrets):" -ForegroundColor Cyan
Write-Host " - KEYCLOAK_CLIENT_SECRET"
Write-Host " - OIDC_ENCRYPTION_SECRET"
Write-Host " - LIONS_USER_MANAGER_BACKEND_URL"
Write-Host ""
Write-Host "🔐 BACKEND (lions-user-manager-server-secrets):" -ForegroundColor Cyan
Write-Host " - KEYCLOAK_CLIENT_SECRET"
Write-Host " - KEYCLOAK_ADMIN_USERNAME"
Write-Host " - KEYCLOAK_ADMIN_PASSWORD"
Write-Host " - DB_PASSWORD"
Write-Host ""
Write-Host "⚠️ PROCHAINES ÉTAPES:" -ForegroundColor Yellow
Write-Host " 1. Vérifiez que les secrets sont correctement créés"
Write-Host " 2. Configurez les Deployments pour utiliser ces secrets"
Write-Host " 3. Procédez au déploiement avec lionsctl"
Write-Host ""
Reference in New Issue View Git Blame Copy Permalink