homelab/apps
1
0
Fork 0
mirror of https://github.com/morten-olsen/homelab-apps.git synced 2026-02-08 01:36:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
434d9ed7a255f378fcc2085ca10cefae01f601e0
apps/scripts/update_immich_postgres_password.sh
Morten Olsen 71feab50b1 add database to immich
2026-01-03 12:50:00 +01:00

62 lines
2.0 KiB
Bash
Raw Blame History

#!/bin/bash
set -e
# Find the pod namespace
POD_NAME="immich-postgres-544f467fd8-2k84c"
NAMESPACE=""
# Try to find the namespace
for ns in immich default apps; do
if kubectl get pod "$POD_NAME" -n "$ns" &>/dev/null; then
NAMESPACE="$ns"
break
fi
done
if [ -z "$NAMESPACE" ]; then
# Try without namespace specification
if kubectl get pod "$POD_NAME" -A &>/dev/null; then
NAMESPACE=$(kubectl get pod "$POD_NAME" -A -o jsonpath='{.items[0].metadata.namespace}' 2>/dev/null || \
kubectl get pod "$POD_NAME" -A -o jsonpath='{.metadata.namespace}' 2>/dev/null)
fi
fi
if [ -z "$NAMESPACE" ]; then
echo "Error: Could not find pod $POD_NAME in any namespace"
exit 1
fi
echo "Found pod in namespace: $NAMESPACE"
# Get the password from the secret
# The secret is stored as base64 in Kubernetes, and External Secrets uses base64 encoding
# So we need to decode twice: Kubernetes base64 -> External Secrets base64 -> actual password
SECRET_B64=$(kubectl get secret "immich-postgres-secret" -n "$NAMESPACE" -o jsonpath='{.data.password}')
if [ -z "$SECRET_B64" ]; then
echo "Error: Could not find secret immich-postgres-secret in namespace $NAMESPACE"
exit 1
fi
# Decode the password (double base64 decode: Kubernetes -> External Secrets -> actual password)
# First decode: Kubernetes base64 to get External Secrets base64 value
EXTERNAL_SECRETS_B64=$(echo "$SECRET_B64" | base64 -d)
# Second decode: External Secrets base64 to get actual password
PASSWORD=$(echo "$EXTERNAL_SECRETS_B64" | base64 -d)
if [ -z "$PASSWORD" ]; then
echo "Error: Failed to decode password"
exit 1
fi
echo "Updating PostgreSQL password for user 'immich'..."
# Update the password in PostgreSQL
# Escape single quotes in password for SQL by doubling them
ESCAPED_PASSWORD=$(echo "$PASSWORD" | sed "s/'/''/g")
# Use psql to update the password
kubectl exec "$POD_NAME" -n "$NAMESPACE" -- psql -U immich -d immich -c "ALTER USER immich WITH PASSWORD '${ESCAPED_PASSWORD}';"
echo "Password updated successfully!"
Reference in New Issue View Git Blame Copy Permalink