d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_order/infra/scripts/azure-update-k8s-secrets.sh
defiQUG 6a8582e54d feat: comprehensive project structure improvements and Cloud for Sovereignty landing zone 
- Add Cloud for Sovereignty landing zone architecture and deployment
- Implement complete legal document management system
- Reorganize documentation with improved navigation
- Add infrastructure improvements (Dockerfiles, K8s, monitoring)
- Add operational improvements (graceful shutdown, rate limiting, caching)
- Create comprehensive project structure documentation
- Add Azure deployment automation scripts
- Improve repository navigation and organization
2025-11-13 09:32:55 -08:00

65 lines
2.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Update Kubernetes secrets from Azure Key Vault
# Uses values from .env file to configure External Secrets
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
echo "🔄 Updating Kubernetes secrets configuration from .env..."
# Load environment
source "$SCRIPT_DIR/azure-validate-env.sh"
# Get Key Vault URI from Terraform output if available
cd "$PROJECT_ROOT/infra/terraform"
if terraform output -json key_vault_uri &> /dev/null; then
KEY_VAULT_URI=$(terraform output -raw key_vault_uri)
echo "Found Key Vault URI from Terraform: $KEY_VAULT_URI"
else
# Construct from known values
KEY_VAULT_NAME="${TF_VAR_key_vault_name:-the-order-kv-${TF_VAR_environment:-dev}}"
KEY_VAULT_URI="https://${KEY_VAULT_NAME}.vault.azure.net/"
echo "Using constructed Key Vault URI: $KEY_VAULT_URI"
fi
# Update External Secrets configuration
EXTERNAL_SECRETS_FILE="$PROJECT_ROOT/infra/k8s/base/external-secrets.yaml"
# Use sed or create a template update
if [ -f "$EXTERNAL_SECRETS_FILE" ]; then
# Create updated version
sed -i.bak "s|tenantId: \"\"|tenantId: \"${ARM_TENANT_ID}\"|g" "$EXTERNAL_SECRETS_FILE"
sed -i.bak "s|vaultUrl: \"\"|vaultUrl: \"${KEY_VAULT_URI}\"|g" "$EXTERNAL_SECRETS_FILE"
rm -f "${EXTERNAL_SECRETS_FILE}.bak"
echo "✅ Updated External Secrets configuration"
else
echo "⚠️ External Secrets file not found: $EXTERNAL_SECRETS_FILE"
fi
# Update Azure ConfigMap
CONFIGMAP_FILE="$PROJECT_ROOT/infra/k8s/base/configmap-azure.yaml"
if [ -f "$CONFIGMAP_FILE" ]; then
# Update with actual values (non-sensitive)
sed -i.bak "s|AZURE_REGION: \".*\"|AZURE_REGION: \"${ARM_LOCATION:-westeurope}\"|g" "$CONFIGMAP_FILE"
sed -i.bak "s|AKS_RESOURCE_GROUP: \".*\"|AKS_RESOURCE_GROUP: \"${TF_VAR_resource_group_name}\"|g" "$CONFIGMAP_FILE"
rm -f "${CONFIGMAP_FILE}.bak"
echo "✅ Updated Azure ConfigMap"
else
echo "⚠️ ConfigMap file not found: $CONFIGMAP_FILE"
fi
echo ""
echo "✅ Kubernetes secrets configuration updated!"
echo ""
echo "Next steps:"
echo " 1. Review updated files:"
echo " - $EXTERNAL_SECRETS_FILE"
echo " - $CONFIGMAP_FILE"
echo " 2. Apply to Kubernetes:"
echo " kubectl apply -f $EXTERNAL_SECRETS_FILE"
echo " kubectl apply -f $CONFIGMAP_FILE"
Reference in New Issue View Git Blame Copy Permalink