initial

roll-db-credential.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+
+
+DBNAMESPACE=database1
+DEPLOYNAME=database
+PGUSER=`kubectl get secret -n $DBNAMESPACE $DEPLOYNAME -o jsonpath="{.data.superuser-username}" | base64 --decode`
+PGHOST=`kubectl get services $DEPLOYNAME -n $DBNAMESPACE -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
+PGPASSWORD=`kubectl get secret -n $DBNAMESPACE $DEPLOYNAME -o jsonpath="{.data.superuser-password}" | base64 --decode`
+PGSSLMODE=require
+export PGUSER PGHOST PGPASSWORD PGSSLMODE
+
+DB_USER=keycloak2
+DB_PASSWD=$(openssl rand -base64 24)
+
+NAMESPACE=$(cat namespace)
+
+psql <<EOF
+ALTER USER $DB_USER WITH PASSWORD '$DB_PASSWD';
+COMMIT;
+EOF
+
+kubectl create secret generic keycloak-database-secrets \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=DB_USER="$DB_USER" \
+  --from-literal=DB_PASSWD="$DB_PASSWD" | \
+  kubectl apply -f - -n $NAMESPACE
+
+
+