zabbix/deployment/roll-db-credential.sh

40 lines
1.1 KiB
Bash
Raw Normal View History

2024-11-26 09:56:42 +01:00
#!/bin/bash
export PGUSER=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-username}" | base64 --decode`
export PGHOST=`kubectl get services traefik -n system -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
export PGPASSWORD=`kubectl get secret -n database timescaledb -o jsonpath="{.data.superuser-password}" | base64 --decode`
export PGSSLMODE=require
2024-11-26 09:56:42 +01:00
DATABASE=zabbix
LOGIN=zabbix
PASSWORD=`openssl rand -base64 24`
NAMESPACE=$(cat namespace)
ARG1=$1
if [ "$ARG1" = "initial" ]; then
psql <<EOF
CREATE USER $LOGIN;
COMMIT;
CREATE DATABASE $DATABASE WITH OWNER $LOGIN;
2024-11-26 09:56:42 +01:00
EOF
fi
psql <<EOF
ALTER USER $LOGIN WITH PASSWORD '$PASSWORD';
GRANT ALL PRIVILEGES ON DATABASE $DATABASE TO $LOGIN;
2024-11-26 09:56:42 +01:00
commit;
EOF
kubectl create secret generic database-cred \
--dry-run=client \
-o yaml \
--save-config \
--from-literal=POSTGRES_USER="$LOGIN" \
--from-literal=POSTGRES_PASSWORD="$PASSWORD" \
--from-literal=POSTGRES_DB="$DATABASE" \
2024-11-26 09:56:42 +01:00
--from-literal=DB_SERVER_HOST="timescaledb.database.svc.cluster.local" | \
kubectl apply -f - -n $NAMESPACE