fix secret name

deployment/decrypt-secrets.sh

@@ -11,7 +11,7 @@ if [ "$MD5_CHECKSUM" = "" ]; then
 fi
 
 SECRETS_CIPHERTEXT_FILE=secrets.enc
-SECRETS_PLAINTEXT_FILE=secrets
+SECRETS_PLAINTEXT_FILE=/tmp/secrets
 TMP_FILE=`mktemp`
 POD_NAME_SUFFIX=`date +%s`
 
@@ -37,6 +37,7 @@ if [ "$MD5_CHECKSUM" != "$CALCULATED_CHECKSUM" ]; then
   exit 1
 fi
 
+# cat $TMP_FILE
 mv $TMP_FILE $SECRETS_PLAINTEXT_FILE
 
 

deployment/deploy.sh

@@ -5,9 +5,6 @@ if [ "$IMAGE_TAG" == "" ]; then
   exit 1
 fi
 
-./deployment/decrypt-secrets.sh || exit 1 
-. secrets
-rm secrets
 
 IMAGE_NAME=gitea.hottis.de/wn/udi
 
@@ -17,6 +14,11 @@ CONFIG_FILE=config.json
 DEPLOYMENT_DIR=$PWD/deployment
 INSTANCES_DIR=$DEPLOYMENT_DIR/instances
 
+pushd $DEPLOYMENT_DIR > /dev/null
+./decrypt-secrets.sh || exit 1 
+. /tmp/secrets
+rm /tmp/secrets
+popd > /dev/null
 
 for NAMESPACE_DIR in `find $INSTANCES_DIR -type d -mindepth 1 -maxdepth 1`; do
   NAMESPACE=`basename $NAMESPACE_DIR`
@@ -37,8 +39,8 @@ for NAMESPACE_DIR in `find $INSTANCES_DIR -type d -mindepth 1 -maxdepth 1`; do
     MQTT_PASSWORD_VARIABLE="$NAMESPACE""_""$INSTANCE""_MQTT_PASSWORD"
     MQTT_PASSWORD_VARIABLE=`echo $MQTT_PASSWORD_VARIABLE | tr - _`
     MQTT_PASSWORD="${!MQTT_PASSWORD_VARIABLE}"
-    echo "MQTT_PASSWORD_VARIABLE: $MQTT_PASSWORD_VARIABLE"
-    echo "MQTT_PASSWORD: $MQTT_PASSWORD"
+    # echo "MQTT_PASSWORD_VARIABLE: $MQTT_PASSWORD_VARIABLE"
+    # echo "MQTT_PASSWORD: $MQTT_PASSWORD"
     kubectl create secret generic $INSTANCE-mqtt-password \
       --from-literal=MQTT_PASSWORD="$MQTT_PASSWORD" \
       --dry-run=client \

deployment/load-config.sh

@@ -1,55 +0,0 @@
-#!/bin/bash
-
-FILE=$1
-if [ "$FILE" = "" ]; then
-  echo "give config file to load as first argument"
-  exit 1
-fi
-MQTT_PASSWORD=$2
-if [ "$MQTT_PASSWORD" = "" ]; then
-  echo "give mqtt password as second argument"
-  exit 1
-fi
-NAMESPACE=$3
-if [ "$NAMESPACE" = "" ]; then
-  echo "give namespace as third argument"
-  exit 1
-fi
-
-kubectl create secret generic udi-conf \
-  --from-literal=UDI_CONF="`cat $FILE`" \
-  -n $NAMESPACE \
-  --dry-run=client \
-  -o yaml \
-  --save-config | \
-kubectl apply -f -
-
-kubectl create secret generic mqtt-password \
-  --from-literal=MQTT_PASSWORD="$MQTT_PASSWORD" \
-  -n $NAMESPACE \
-  --dry-run=client \
-  -o yaml \
-  --save-config | \
-kubectl apply -f -
-
-. ~/Workspace/MyKubernetesEnv/ENVDB
-DATABASE="udi-$NAMESPACE"
-LOGIN="udi-$NAMESPACE"
-PASSWORD=`openssl rand -base64 24` 
-psql <<EOF
-ALTER USER "$LOGIN" WITH PASSWORD '$PASSWORD';
-GRANT ALL PRIVILEGES ON DATABASE "$DATABASE" TO "$LOGIN";
-COMMIT;
-EOF
-
-kubectl create secret generic udi-db-cred \
-  --dry-run=client \
-  -o yaml \
-  --save-config \
-  --from-literal=PGUSER="$LOGIN" \
-  --from-literal=PGHOST="timescaledb.database.svc.cluster.local" \
-  --from-literal=PGPASSWORD="$PASSWORD" \
-  --from-literal=PGSSLMODE="require" \
-  --from-literal=PGDATABASE="$DATABASE" | \
-kubectl apply -f - -n $NAMESPACE
-

deployment/secrets.enc

@@ -1,4 +1,7 @@
-U2FsdGVkX1+235sIaS3YkXthSjtLu/5ky8o0KGw4E0Bh2avnKV6Qg9XiKe5JnJOk
-IQcWgB9rwqg1oNFD1diaotk5AEGvejJawiUcsvHywx7U0XqGt7vhNdf3tp/Mjc0z
-BzbHykKfwnFzX3PACw78HJb+zk10DyDgEQ09o7wE6CZVCx5MXdbcZzrJ1a7a3edQ
-+FKkrwK5L/byPJk7lOmdOxC+Kq+uVGWRToUniABbYYaBDvtpXytan8BVZcKSjQQ/
+U2FsdGVkX1+jsPd67Sl8bXkH/OVKx3clFUnpJBzwRXA9qEhyDrwMJWg3UH6eiCZd
+PIwApBbDKxR0W/NotaE9100gQo+L3tHL0elMo/YOFkiwkM3tJ1v3zngY1BUoEAGJ
+4aZNVC7Eb9HDG0RKqh7fSPuazeKxd1fih9nQuxy//XgRivqjbgqfD/xLi5NZ/n0F
+nJT1MsBKGmYF4ezC7thSYIN/+GDL6gpty/FYxAi56oFy6q2YGuADXPgRs1v22vz3
+KP+9mIeg6VZn6IRv00w0HSJ3UghMMx/b3pDjIVrq9I3x9sXDD1YqYbjjcnopqKsl
++gVrX/jCsDBmArRXFu1innOJ+pOsHJ3sSR5fRugnn0Fgje63n4mN46eJYdwhHgEr
+yIuyMipc0Uc1ZOsEpkrmYnEofgGaWC3IrdsVEwybbGQ=