From 68bdb9797bf5545c68d2a9fff719d233c631e909 Mon Sep 17 00:00:00 2001
From: zetaloop <zetaloop@outlook.com>
Date: Wed, 6 May 2026 13:21:23 +0800
Subject: [PATCH] fix(k01): apply-schema use TCP+PGPASSWORD for CNPG peer-auth
 bypass

---
 deploy/k01/apply-schema.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/deploy/k01/apply-schema.sh b/deploy/k01/apply-schema.sh
index 918bc8e..9afd6ff 100755
--- a/deploy/k01/apply-schema.sh
+++ b/deploy/k01/apply-schema.sh
@@ -17,14 +17,18 @@ domain_dir() {
 
 psql_exec() {
 	local cluster="$1" sql="$2"
-	kubectl -n juwan exec -i "${cluster}-1" -c postgres -- psql \
-		-v ON_ERROR_STOP=1 -U app -d app <<<"$sql"
+	local pw
+	pw="$(kubectl -n juwan get secret "${cluster}-app" -o jsonpath='{.data.password}' | base64 -d)"
+	kubectl -n juwan exec -i "${cluster}-1" -c postgres -- env PGPASSWORD="$pw" \
+		psql -v ON_ERROR_STOP=1 -h 127.0.0.1 -U app -d app <<<"$sql"
 }
 
 psql_file() {
 	local cluster="$1" file="$2"
-	kubectl -n juwan exec -i "${cluster}-1" -c postgres -- psql \
-		-v ON_ERROR_STOP=1 -U app -d app < "$file"
+	local pw
+	pw="$(kubectl -n juwan get secret "${cluster}-app" -o jsonpath='{.data.password}' | base64 -d)"
+	kubectl -n juwan exec -i "${cluster}-1" -c postgres -- env PGPASSWORD="$pw" \
+		psql -v ON_ERROR_STOP=1 -h 127.0.0.1 -U app -d app < "$file"
 }
 
 clusters=()