Sitecore 10 on AKS - Powershell script to populate secrets for Kubernetes deployment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Generates new secrets for Sitecore K8s deployment | |
.DESCRIPTION | |
This Powershell script generates new secrets for a Sitecore K8s deployment. | |
This script requires the SitecoreInstallFramework module (see https://dev.sitecore.net/Downloads/Sitecore_Installation_Framework/2x/Sitecore_Installation_Framework_230.aspx). | |
This script needs to be executed from the root deployment folder of a specific topology. | |
.PARAMETER SitecoreLicensePath | |
Full path of the Sitecore license | |
.EXAMPLE | |
.\PopulateSecrets.ps1 -SitecoreLicensePath "C:\license\license.xml" | |
#> | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory)] | |
[ValidateScript( | |
{ if (-Not ($_ | Test-Path) ) | |
{ throw "The file or folder $_ does not exist" } | |
if (-Not ($_ | Test-Path -PathType Leaf) ) | |
{ throw "The Path argument must be a file. Folder paths are not allowed." } return $true })] | |
[string] $SitecoreLicensePath | |
) | |
Import-Module SitecoreInstallFramework | |
# Create complex passwords in secrets | |
Write-Host "Creating and storing passwords in secrets..." | |
Get-ChildItem ".\secrets" -Filter *password.txt | | |
Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 20 -EnforceComplexity -DisallowSpecial | Set-Content $_.FullName -NoNewline | |
} | |
Get-ChildItem ".\secrets" -Filter *telerikencryptionkey.txt | Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial | Set-Content $_.FullName -NoNewline | |
} | |
Get-ChildItem ".\secrets" -Filter *identitysecret.txt | Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 64 -DisallowSpecial | Set-Content $_.FullName -NoNewline | |
} | |
Get-ChildItem ".\secrets" -Filter *reportingapikey.txt | Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial | Set-Content $_.FullName -NoNewline | |
} | |
Get-ChildItem ".\secrets" -Filter *media-request-protection-shared-secret.txt | Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 64 | Set-Content $_.FullName -NoNewline | |
} | |
Write-Host "Converting and storing Sitecore license in secret..." | |
ConvertTo-CompressedBase64String -Path $SitecoreLicensePath | Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-license.txt | |
Write-Host "Creating the Identity Server token signing certificate and storing it in secret..." | |
$certificatePassword = Get-Item -Path .\secrets\sitecore-identitycertificatepassword.txt | Get-Content | |
$newCert = New-SelfSignedCertificate -DnsName "localhost" -FriendlyName "Sitecore Identity Token Signing" -NotAfter (Get-Date).AddYears(5) | |
Export-PfxCertificate -Cert $newCert -FilePath .\SitecoreIdentityTokenSigning.pfx -Password (ConvertTo-SecureString -String $certificatePassword -Force -AsPlainText) | |
[System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Get-Item .\SitecoreIdentityTokenSigning.pfx))) | Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-identitycertificate.txt | |
$mkcert = ".\mkcert.exe" | |
if (-not (Test-Path $mkcert)) { | |
Invoke-WebRequest https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-windows-amd64.exe -UseBasicParsing -OutFile mkcert.exe | |
} | |
Write-Host "Creating TLS/HTTPS certificates..." | |
& $mkcert -install | |
& $mkcert -cert-file secrets\tls\global-cm\tls.crt -key-file secrets\tls\global-cm\tls.key "cm.globalhost" | |
& $mkcert -cert-file secrets\tls\global-cd\tls.crt -key-file secrets\tls\global-cd\tls.key "cd.globalhost" | |
& $mkcert -cert-file secrets\tls\global-id\tls.crt -key-file secrets\tls\global-id\tls.key "id.globalhost" | |
function ConvertTo-CompressedBase64String { | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory)] | |
[ValidateScript( | |
{ if (-Not ($_ | Test-Path) ) | |
{ throw "The file or folder $_ does not exist" } | |
if (-Not ($_ | Test-Path -PathType Leaf) ) | |
{ throw "The Path argument must be a file. Folder paths are not allowed." } return $true })] | |
[string] $Path | |
) | |
$fileBytes = [System.IO.File]::ReadAllBytes($Path) | |
[System.IO.MemoryStream] $memoryStream = New-Object System.IO.MemoryStream | |
$gzipStream = New-Object System.IO.Compression.GzipStream $memoryStream, ([IO.Compression.CompressionMode]::Compress) $gzipStream.Write($fileBytes, 0, $fileBytes.Length) | |
$gzipStream.Close() | |
$memoryStream.Close() | |
$compressedFileBytes = $memoryStream.ToArray() | |
$encodedCompressedFileData = [Convert]::ToBase64String($compressedFileBytes) | |
$gzipStream.Dispose() | |
$memoryStream.Dispose() | |
return $encodedCompressedFileData | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment