create-secrets.sh

#!/bin/sh
# A single script that generates the BASE64 encoded configuration
# from the plain text `pgbouncer.ini` and `userlist.txt` files.

KUBE_NAMESPACE="pgbouncer"
DEPLOYMENT_NAME="pgbouncer-example"
APP_NAME="$DEPLOYMENT_NAME"
SECRET_NAME="$DEPLOYMENT_NAME-config"

cd `dirname $0`
kubectl create secret generic "$SECRET_NAME" --namespace="$KUBE_NAMESPACE" --from-file=pgbouncer.ini --from-file=userlist.txt -o yaml --dry-run | tee "$SECRET_NAME.yml" | kubectl apply -f -

pod="$(kubectl get pod -n "$KUBE_NAMESPACE" -l "app=$APP_NAME" -o name)"
if [ -n "$pod" ]; then
  echo "Restarting pod $pod..."
  # Secrets are only updated once on creation, so no graceful "kubectl exec $pod -- kill -HUP 1" works.
  # Instead use this hack to let the deployment/replicationset use a rolling update:
  # https://github.com/kubernetes/kubernetes/issues/13488
  kubectl patch deployment -n "$KUBE_NAMESPACE" "$DEPLOYMENT_NAME" -p '{"spec":{"template":{"spec":{"containers":[{"name":"pgbouncer","env":[{"name":"RESTART_","value":"'$(date +%s)'"}]}]}}}}'
fi