k8s/infrastructure/modules/postgres-app/job.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: postgres-init
spec:
  dependsOn:
    - name: infrastructure
  template:
    spec:
      restartPolicy: OnFailure
      containers:
      - name: psql
        image: postgres:16
        env:
        - name: PGHOST
          value: pg-cluster-rw.pg-databases.svc.cluster.local
        - name: PGUSER
          value: postgres
        - name: PGPASSWORD
          valueFrom:
            secretKeyRef:
              name: pg-cluster-root-password
              key: password

        - name: APP_DB
          valueFrom:
            secretKeyRef:
              name: app-db-secret
              key: database
        - name: APP_USER
          valueFrom:
            secretKeyRef:
              name: app-db-secret
              key: username
        - name: APP_PASSWORD
          valueFrom:
            secretKeyRef:
              name: app-db-secret
              key: password

        command:
        - sh
        - -c
        - |
          psql <<EOF
          -- Create user (safe in transaction)
          DO \$\$
          BEGIN
            IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${APP_USER}') THEN
              CREATE USER ${APP_USER} WITH PASSWORD '${APP_PASSWORD}';
            END IF;
          END
          \$\$;

          -- Create database (must be outside transaction)
          SELECT 'CREATE DATABASE ${APP_DB} OWNER ${APP_USER}'
          WHERE NOT EXISTS (
            SELECT FROM pg_database WHERE datname = '${APP_DB}'
          )\gexec

          -- Grant privileges (safe)
          GRANT ALL PRIVILEGES ON DATABASE ${APP_DB} TO ${APP_USER};
          EOF
massive refactor 2026-04-26 06:18:40 +00:00			`apiVersion: batch/v1`
			`kind: Job`
			`metadata:`
			`name: postgres-init`
			`spec:`
testing if dependson works on jobs 2026-04-26 23:08:25 +00:00			`dependsOn:`
			`- name: infrastructure`
massive refactor 2026-04-26 06:18:40 +00:00			`template:`
			`spec:`
			`restartPolicy: OnFailure`
			`containers:`
			`- name: psql`
			`image: postgres:16`
			`env:`
			`- name: PGHOST`
			`value: pg-cluster-rw.pg-databases.svc.cluster.local`
			`- name: PGUSER`
			`value: postgres`
			`- name: PGPASSWORD`
			`valueFrom:`
			`secretKeyRef:`
Fix secret name 2026-04-27 02:35:33 +00:00			`name: pg-cluster-root-password`
fixed password key 2026-04-27 03:21:23 +00:00			`key: password`
massive refactor 2026-04-26 06:18:40 +00:00
			`- name: APP_DB`
			`valueFrom:`
			`secretKeyRef:`
testing still 2026-04-27 01:04:59 +00:00			`name: app-db-secret`
massive refactor 2026-04-26 06:18:40 +00:00			`key: database`
			`- name: APP_USER`
			`valueFrom:`
			`secretKeyRef:`
testing still 2026-04-27 01:04:59 +00:00			`name: app-db-secret`
massive refactor 2026-04-26 06:18:40 +00:00			`key: username`
			`- name: APP_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
testing still 2026-04-27 01:04:59 +00:00			`name: app-db-secret`
massive refactor 2026-04-26 06:18:40 +00:00			`key: password`

			`command:`
			`- sh`
			`- -c`
			`- \|`
			`psql <<EOF`
update db init script to put create databse outside of transaction 2026-04-27 03:37:16 +00:00			`-- Create user (safe in transaction)`
massive refactor 2026-04-26 06:18:40 +00:00			`DO \$\$`
			`BEGIN`
			`IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${APP_USER}') THEN`
			`CREATE USER ${APP_USER} WITH PASSWORD '${APP_PASSWORD}';`
			`END IF;`
			`END`
			`\$\$;`

update db init script to put create databse outside of transaction 2026-04-27 03:37:16 +00:00			`-- Create database (must be outside transaction)`
			`SELECT 'CREATE DATABASE ${APP_DB} OWNER ${APP_USER}'`
			`WHERE NOT EXISTS (`
			`SELECT FROM pg_database WHERE datname = '${APP_DB}'`
			`)\gexec`
massive refactor 2026-04-26 06:18:40 +00:00
update db init script to put create databse outside of transaction 2026-04-27 03:37:16 +00:00			`-- Grant privileges (safe)`
massive refactor 2026-04-26 06:18:40 +00:00			`GRANT ALL PRIVILEGES ON DATABASE ${APP_DB} TO ${APP_USER};`
			`EOF`