wn/universal-data-ingest
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change db password approach
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/tag/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2023-12-24 14:28:46 +01:00
parent 7d8d8b1c6a
commit fc91a0da2e
2 changed files with 46 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
deployment/deploy.sh
View File

@ -35,9 +35,12 @@ for NAMESPACE_DIR in `find $INSTANCES_DIR -type d -mindepth 1 -maxdepth 1`; do
INSTANCE=`basename $INSTANCE_DIR`
echo "Instance: $INSTANCE"
# set secret configuration from encrypted and decrypted file
VARIABLE_PREFIX=`echo "$NAMESPACE""_""$INSTANCE" | tr - _`
# set MQTT_PASSWORD as secret
MQTT_PASSWORD_VARIABLE="$NAMESPACE""_""$INSTANCE""_MQTT_PASSWORD"
MQTT_PASSWORD_VARIABLE=`echo $MQTT_PASSWORD_VARIABLE | tr - _`
MQTT_PASSWORD_VARIABLE=$VARIABLE_PREFIX"_MQTT_PASSWORD"
MQTT_PASSWORD="${!MQTT_PASSWORD_VARIABLE}"
# echo "MQTT_PASSWORD_VARIABLE: $MQTT_PASSWORD_VARIABLE"
# echo "MQTT_PASSWORD: $MQTT_PASSWORD"
@ -46,27 +49,17 @@ for NAMESPACE_DIR in `find $INSTANCES_DIR -type d -mindepth 1 -maxdepth 1`; do
--dry-run=client \
-o yaml \
--save-config | \
kubectl apply -f - -n $NAMESPACE
kubectl apply -f - -n $NAMESPACE
# set database configuration as secret
## prepare configuration to access database to set udi database password
PGUSER=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-username}" | base64 -d`
PGHOST=`kubectl get services traefik -n system -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
PGPASSWORD=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-password}" | base64 -d`
PGSSLMODE=require
NEW_UDI_DB_LOGIN="udi""-""$NAMESPACE""-""$INSTANCE"
NEW_UDI_DB_PASSWORD=`tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32`
NEW_UDI_DB_DATABASE="udi""-""$NAMESPACE""-""$INSTANCE"
LOGIN_VARIABLE=$VARIABLE_PREFIX"_PGUSER"
NEW_UDI_DB_LOGIN="${!LOGIN_VARIABLE}"
PASSWORD_VARIABLE=$VARIABLE_PREFIX"_PGDATABASE"
NEW_UDI_DB_PASSWORD="${!PASSWORD_VARIABLE}"
DATABASE_VARIABLE=$VARIABLE_PREFIX"_PGDATABASE"
NEW_UDI_DB_DATABASE="${!DATABASE_VARIABLE}"
NEW_UDI_DB_HOST=timescaledb.database.svc.cluster.local
DATABASE_MASTER_POD=`kubectl get pods -n database -l app=StackGresCluster -l role=master -o jsonpath='{.items[0].metadata.name}'`
kubectl exec -i $DATABASE_MASTER_POD -c postgres-util -n database -- psql <<EOF
BEGIN;
ALTER USER "$NEW_UDI_DB_LOGIN" WITH PASSWORD '$NEW_UDI_DB_PASSWORD';
COMMIT;
EOF
kubectl create secret generic $INSTANCE-udi-db-cred \
--dry-run=client \
-o yaml \