#!/usr/bin/env bash set -euo pipefail DEFAULT_SOURCE_DIR="${HOME}/.local/share/trade-bootstrap/sol/trade-r001-canary-secrets" SOURCE_HOST="${SOURCE_HOST:-mevnode_bot}" SOURCE_NAMESPACE="${SOURCE_NAMESPACE:-trade-staging}" SOURCE_DIR="${SOURCE_DIR:-}" TARGET_HOST="${TARGET_HOST:-mevnode}" TARGET_NAMESPACE="${TARGET_NAMESPACE:-trade-r001-canary}" SECRETS=( trade-postgres trade-hasura trade-api trade-frontend-tokens trade-basic-auth trade-ingestor-tokens ) ssh_source() { ssh -o StrictHostKeyChecking=no "$SOURCE_HOST" "$@" } ssh_target() { ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@" } if [ -z "$SOURCE_DIR" ] && [ -d "$DEFAULT_SOURCE_DIR" ]; then SOURCE_DIR="$DEFAULT_SOURCE_DIR" fi get_secret_json() { local secret_name="$1" if [ -n "$SOURCE_DIR" ]; then cat "${SOURCE_DIR}/${secret_name}.json" else ssh_source "sudo k3s kubectl -n ${SOURCE_NAMESPACE} get secret ${secret_name} -o json" fi } ssh_target "sudo k3s kubectl get ns ${TARGET_NAMESPACE} >/dev/null 2>&1 || sudo k3s kubectl create ns ${TARGET_NAMESPACE} >/dev/null" for secret_name in "${SECRETS[@]}"; do SECRET_JSON="$(get_secret_json "${secret_name}")" printf '%s' "$SECRET_JSON" \ | jq --arg ns "$TARGET_NAMESPACE" 'del(.metadata.uid,.metadata.resourceVersion,.metadata.creationTimestamp,.metadata.managedFields,.metadata.ownerReferences,.metadata.selfLink,.metadata.annotations["kubectl.kubernetes.io/last-applied-configuration"]) | .metadata.namespace = $ns' \ | ssh_target "sudo k3s kubectl apply -f - >/dev/null" echo "Synced ${secret_name} to ${TARGET_NAMESPACE}" done