56 lines
2.0 KiB
Bash
56 lines
2.0 KiB
Bash
#!/bin/bash
|
|
# Session 6.4 — SMTP secret setup for PieCed Portal
|
|
#
|
|
# 1. Store SMTP credentials in OpenBao
|
|
# 2. Apply the ExternalSecret
|
|
# 3. Patch the portal deployment to mount the secret
|
|
#
|
|
# Prerequisites: bao CLI authenticated, kubectl context set
|
|
|
|
set -e
|
|
|
|
# ─── Step 1: Store SMTP creds in OpenBao ───────────────────────────────────────
|
|
echo "==> Storing SMTP credentials in OpenBao..."
|
|
bao kv put pieced/portal/smtp \
|
|
host="smtp.gmail.com" \
|
|
port="587" \
|
|
user="noreply@pieced.ch" \
|
|
password="REPLACE_WITH_APP_PASSWORD" \
|
|
from="PieCed <noreply@pieced.ch>" \
|
|
admin_email="admin@pieced.ch"
|
|
|
|
echo "==> Verifying..."
|
|
bao kv get pieced/portal/smtp
|
|
|
|
# ─── Step 2: Apply ExternalSecret ──────────────────────────────────────────────
|
|
echo "==> Applying ExternalSecret..."
|
|
kubectl apply -f deploy/portal-smtp-externalsecret.yaml
|
|
|
|
echo "==> Waiting for ExternalSecret to sync..."
|
|
kubectl wait --for=condition=Ready externalsecret/portal-smtp -n pieced-system --timeout=60s
|
|
|
|
echo "==> Verifying K8s secret created..."
|
|
kubectl get secret portal-smtp -n pieced-system
|
|
|
|
# ─── Step 3: Patch portal deployment to mount SMTP secret ──────────────────────
|
|
echo "==> Patching portal deployment..."
|
|
# Add envFrom entry for portal-smtp secret
|
|
# If your deployment already uses a patch file, add this to the containers[0].envFrom array instead.
|
|
kubectl patch deployment pieced-portal -n pieced-system --type=json -p='[
|
|
{
|
|
"op": "add",
|
|
"path": "/spec/template/spec/containers/0/envFrom/-",
|
|
"value": {
|
|
"secretRef": {
|
|
"name": "portal-smtp"
|
|
}
|
|
}
|
|
}
|
|
]'
|
|
|
|
echo "==> Restarting portal..."
|
|
kubectl rollout restart deployment pieced-portal -n pieced-system
|
|
kubectl rollout status deployment pieced-portal -n pieced-system
|
|
|
|
echo "==> Done! SMTP credentials are now available to the portal."
|