secrets

deployment/deploy.sh

@@ -35,9 +35,12 @@ for NAMESPACE_DIR in `find $INSTANCES_DIR -type d -mindepth 1 -maxdepth 1`; do
     INSTANCE=`basename $INSTANCE_DIR`
     echo "Instance: $INSTANCE"
 
+    # set secret configuration from encrypted and decrypted file
+    VARIABLE_PREFIX=`echo "$NAMESPACE""_""$INSTANCE" | tr - _`
+
+    
     # set MQTT_PASSWORD as secret
-    MQTT_PASSWORD_VARIABLE="$NAMESPACE""_""$INSTANCE""_MQTT_PASSWORD"
-    MQTT_PASSWORD_VARIABLE=`echo $MQTT_PASSWORD_VARIABLE | tr - _`
+    MQTT_PASSWORD_VARIABLE=$VARIABLE_PREFIX"_MQTT_PASSWORD"
     MQTT_PASSWORD="${!MQTT_PASSWORD_VARIABLE}"
     # echo "MQTT_PASSWORD_VARIABLE: $MQTT_PASSWORD_VARIABLE"
     # echo "MQTT_PASSWORD: $MQTT_PASSWORD"
@@ -46,27 +49,17 @@ for NAMESPACE_DIR in `find $INSTANCES_DIR -type d -mindepth 1 -maxdepth 1`; do
       --dry-run=client \
       -o yaml \
       --save-config | \
-    kubectl apply -f - -n $NAMESPACE
+      kubectl apply -f - -n $NAMESPACE
 
-    # set database configuration as secret
-    ## prepare configuration to access database to set udi database password
-    PGUSER=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-username}" | base64 -d`
-    PGHOST=`kubectl get services traefik -n system -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
-    PGPASSWORD=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-password}" | base64 -d`
-    PGSSLMODE=require
 
-    NEW_UDI_DB_LOGIN="udi""-""$NAMESPACE""-""$INSTANCE"
-    NEW_UDI_DB_PASSWORD=`tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32`
-    NEW_UDI_DB_DATABASE="udi""-""$NAMESPACE""-""$INSTANCE"
+    LOGIN_VARIABLE=$VARIABLE_PREFIX"_PGUSER"
+    NEW_UDI_DB_LOGIN="${!LOGIN_VARIABLE}"
+    PASSWORD_VARIABLE=$VARIABLE_PREFIX"_PGPASSWORD"
+    NEW_UDI_DB_PASSWORD="${!PASSWORD_VARIABLE}"
+    DATABASE_VARIABLE=$VARIABLE_PREFIX"_PGDATABASE"
+    NEW_UDI_DB_DATABASE="${!DATABASE_VARIABLE}"
     NEW_UDI_DB_HOST=timescaledb.database.svc.cluster.local
 
-    DATABASE_MASTER_POD=`kubectl get pods -n database -l app=StackGresCluster -l role=master -o jsonpath='{.items[0].metadata.name}'`
-    kubectl exec -i $DATABASE_MASTER_POD -c postgres-util -n database -- psql <<EOF
-    BEGIN;
-    ALTER USER "$NEW_UDI_DB_LOGIN" WITH PASSWORD '$NEW_UDI_DB_PASSWORD';
-    COMMIT;
-EOF
-
     kubectl create secret generic $INSTANCE-udi-db-cred \
       --dry-run=client \
       -o yaml \

deployment/secrets.enc

@@ -1,15 +1,32 @@
-U2FsdGVkX18F3lXFVDFOS8Q3iGZsIPmMr9CvSshg1t4VTJ8fVlJ6LbFwT3SD1x4a
-Z2IdRTWT8wPG7Y9w4c3xbfFZywsJbxyrY+i3Lh7qvpsj7CXiWGOahdj5Pqu1UE3g
-3PiMpmfyeHKn30hRhupO6jL7kzxJEV8uov/sUh7H+76/R1h5oBBxJEhCl9nPrrf8
-7QaxFeJzogjHu+szvkOM5WylE/PuPv53OGF+7+6R5rK5v25pWlIhuUPg3CKk1qBg
-Ice6q2j5vQe1u+wEdJbxsvbwIdAQC8r6flPuwUeMfLe/Myiuo7v03Re45XKVCQAx
-H+i5Gh50KHqfoZliLeH0ShNSHPNh7zjuBF01o1/Y6KbKDga8G8FjGMn11kjkMCqX
-KxdF6Fp1up02n4UTk0+m1ekEc2bk+NZ71xb/iBdsZtyK9POj2ZAuxrjxJZH2FzQ+
-5lh/AgyH1LC8ms4KL5HjPLEIHQIkD/MJCnti/hQ7ZpoqFBRnTmRdv9w+pC/aXlmb
-en6I8Mv82qe1sdVlyoiTAqL1flfUjd+yICUE04g/M9NPYidhc+FZrsqyeVfSJYOh
-eDl4owAUjzJuDBkuFAX1PHwKglNcIx/rNaxF8ROSDyv59Qzzi84U3xmfm4JqGp2X
-2DAMT2Du8fP/cpRrwWQNtFN7a0FxOnmhDO6SAZoDisEeWR3r+2KsnR6ztKWgGWHK
-uTsb/g8fwx/KH2RsPukmiX7s8aTWcS5DyADNF8VgWKa3BU1icDlku+gMCINyHA9k
-iLR7qzBDXzZPLXj+tm7DjLnZYe2w2Ih7A3ZWsNI6Fp7wFFfqH3TYEM38VZWpzQmz
-gGa3vuIohn0Mt6JHeZ9zHc8wYruBhjeU16VHawP12jBSnFQnP/FeJq/WpUMW3YDY
-c8jsXokMCKUNubnzsmeQgiL0721IfB6+KdiGMucZZkQ=
+U2FsdGVkX1+DXC4uFXaRWr40xvTwUDMfmx3gZmixNJWP4djN5e5JZYmq2uWB/kQr
+0eCD4UM9cRnwyqCJudsOJnB8pT6XQgl/ZkSZavSOxG7r0uh90IqOe25nxWH3iiza
+oPWW0qR9KXB4qNQEAHkoww+dz7B2zFaDSQPgzm2oV9SWXfjhu0nDPcBO2e3gzSvU
+vCuwLnmG/4oacBgAeJHyys2NmW1e2ZnjbFOT+hMBtGPwwEIQ/mbq7IWrfiREUJ7B
+U1LoN4NPnkTtbFf63AkuQ6Lq0mkH6a6ZoVfkyg7kS9VIhznoDcZb29S/N6cGgoRG
+KFu1VbyjoCXnskZ/a9rw4e3Epau9qoeupmALlmcogOK3J0g1EhltmFMsfMnTDIkf
+Pj3t4+WZn0xozX89gLwNYYATALQfL+mAFRHpwx924Mh12tRzgSHyq+BHbcI5yjKA
+eNyP+gUT6nmrSGhlwBXsUzILsOCxxdhNsSd0h3S3huhuS+RivnXpGJQnR5vXmc8d
+iQE28Rx9YyrOM8+lpIL5mz7O7cSjEzwuIWLsnvs2nowYl8erWu7e+R9e2e8ulAgt
+UokWp2tOMFfvPU6bHJwDcre42Ozv8QefPQb9E8hcZe6U3ibpw715sV4YvSchxLCF
+cGzwgRSceKd+LOuoXOTfcUAvMzkOcV5/VRbX/ZbESt5ntw+g2AZqp3T+7iAnPmtx
+q2RN94Yes/8yKkvAV+wO6qBv7mCn79ZPYdf8C+eWVQv/uJ9BRmJMxy0FfUFz+kY0
++QL72T1BJwBRWkWmAmOuQSvQ6q+MtzekwuXfQgmcdtdWZAUxcnsjJBKAFRthEgU9
+/N2UkHezMx5hn2wa7K+Z8v29zmlwQaRJGVW0xzpzKlYrneAqm65o+aIEtWMiIUwz
+zuCPN7tZcjxzOmwnLXupOclw2fE76vFzxc8g6pRH5bbpmNynB6SszCM8Gya2LUOV
+OK8B7fThcx4XimWRE8jrBQHCaYEEqgXaLxUSrMV7s9yLbKRQI24YTWcIMY8pmp5t
+/Viq6qqtiWZ7BwrtTR8KFzNEJcz5hC7LDaP1hJR4MEbRv8VPsyM3mxOWflmmR6jI
+x8UBv585SLRiqNMFqJ+BryrBbiwtbm15z1jUyQTSGM8J+dULbLgDp1O1fQphXJKV
+7dbkV5CXPoglOK/jy3bj4zSfG0Fr068aBkXvkBlJ2X088Xxoj59mep+ZI0SJj4L1
+vK6EecRxUHUQUltarj9A2LaHw5iqG5QD5px3O1wN4xqiuh95FuwmvIa2DNlclgca
+4xzWXUFwoJFoKLsaX8dkxC3Zs4YybSEpRntU8+ElQeAQoDB5gPgjvKoep+JHCSWZ
+w+ZhNT+F5+tbRToPwyWn9k9lRBaDcDWQAOQtcoGxzZ0I4j0CWnC0uzfTJ48skhKk
+xBo5sujuyZ3m0I/icdVY0hAt9Ok+3hB4hrvfMAT13zK0u+a917d6HKfeh95BNXAN
+CzSUtC/J0VU1tk2cF71pJS6T1oTxm/+ptwPMclOiKqzgkxoZzITd08JLe6d50HCI
+fw4LL7Z65HOE4kxHySxtCHWBw0d+44C+H9+g6SKWDNCUpv+xbc9VAMM6/rl8vW2G
+bJHkSqxvx2mi3X3Ti4BLXNb7IWYjJVirTNtzYXbqgoPDotviuyoyB3v9bAGbg+gQ
+KpzQJR+j+ODHITG9wJs14WtL/Ll3TO6Tz3XGfmgLiPs7N5oReNdQYrW5TadzttoQ
++WDKYoFXLXyHOT43BHRu+6V16Mpj/khdR7DFoj5AKbS3IoSuMiniowf2sztvtnsY
+j7jwL3zaNv7qSf0p4TYo1HhXSggunaDRqBebpNVKAbHTU0ygiSizZAKIXb97/Gbp
+rop1vSH0GNZWcV653vNFCKoSecVPwAA7LRQcW1RpyzE/NBdRLmh+rbONeh9FlJA4
+JWpMK7RNA0JsaTy7Ti9/I7cYxUpAxP/6oHaH+P16bpoppyx6toH0Q94uXTU/Nlpl
+PpipMYgTHN8SPwSBWUzIYQ==