database

2024-12-01 20:18:30 +01:00 · 2024-12-01 20:18:30 +01:00 · defee32084
commit defee32084
parent eea7c5c95b
2 changed files with 45 additions and 0 deletions
--- a/ENVDB.matest
+++ b/ENVDB.matest
@ -0,0 +1,7 @@
+N=homea
+PGHOST=`kubectl get services traefik -n system -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
+PGPASSWORD=`kubectl get secrets ma-db-cred -n $N -o jsonpath="{.data.PGPASSWORD}" | base64 --decode`
+PGUSER=`kubectl get secrets ma-db-cred -n $N -o jsonpath="{.data.PGUSER}" | base64 --decode`
+PGSSLMODE=`kubectl get secrets ma-db-cred -n $N -o jsonpath="{.data.PGSSLMODE}" | base64 --decode`
+PGDATABASE="matest"
+export PGUSER PGHOST PGPASSWORD PGSSLMODE PGDATABASE
--- a/deployment/roll-db-credentials.sh
+++ b/deployment/roll-db-credentials.sh
@ -0,0 +1,38 @@
+#!/bin/bash
+
+export PGUSER=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-username}" | base64 --decode`
+export PGHOST=`kubectl get services traefik -n system -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
+export PGPASSWORD=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-password}" | base64 --decode`
+export PGSSLMODE=require
+
+
+DATABASE=ma
+LOGIN=ma
+PASSWORD=`openssl rand -base64 24`
+NAMESPACE=homea
+
+psql <<EOF
+do
+\$\$
+begin
+  ALTER USER $LOGIN WITH PASSWORD '$PASSWORD';
+  GRANT ALL PRIVILEGES ON DATABASE $DATABASE TO $LOGIN;
+end
+\$\$
+;
+commit;
+EOF
+
+
+
+kubectl create secret generic ma-db-cred \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=PGUSER="$LOGIN" \
+  --from-literal=PGPASSWORD="$PASSWORD" \
+  --from-literal=PGDATABASE="$DATABASE" \
+  --from-literal=PGHOST="timescaledb.database.svc.cluster.local" \
+  --from-literal=PGSSLMODE="require" | \
+  kubectl apply -f - -n $NAMESPACE
+