massive refactor

apps/fireflyiii/db/kustomization.yaml

@@ -1,4 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- firefly-db.yaml
+- fireflysecrets.yaml
+- ../../../infrastructure/modules/postgres-app
+
+patches:
+- target:
+    kind: Job
+    name: postgres-init
+  patch: |
+    - op: replace
+      path: /metadata/name
+      value: postgres-init-firefly

apps/fireflyiii/kustomization.yaml

@@ -8,4 +8,3 @@ resources:
 - pvc.yaml
 - service.yaml
 - db
-- fireflysecrets.yaml

apps/kimai/kustomization.yaml

@@ -5,10 +5,6 @@ resources:
 - db
 - kimaisecrets.yaml
 
-#spec:
-#  dependsOn:
-#    - name: secrets
-
 namespace: kimai
 
 configMapGenerator:

apps/kimai/namespace.yaml

@@ -3,4 +3,4 @@ kind: Namespace
 metadata:
   name: kimai
   labels:
-    backup: true
+    backup: "true"

infrastructure/databases/cloudnative-pg/namespace.yaml

@@ -2,3 +2,5 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: cnpg-system
+  labels:
+    backup: "true"

infrastructure/databases/cnpg-clusters/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- pg-cluster.yaml

infrastructure/databases/cnpg-clusters/pg-cluster.yaml

@@ -0,0 +1,10 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: pg-cluster
+  namespace: pg-databases
+spec:
+  instances: 3
+
+  storage:
+    size: 20Gi

infrastructure/databases/kustomization.yaml

@@ -4,3 +4,4 @@ resources:
 - cloudnative-pg
 - mariadb-operator
 - mariadb-clusters
+- cnpg-clusters

infrastructure/modules/postgres-app/job.yaml

@@ -0,0 +1,61 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: postgres-init
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: psql
+        image: postgres:16
+        env:
+        - name: PGHOST
+          value: pg-cluster-rw.pg-databases.svc.cluster.local
+        - name: PGUSER
+          value: postgres
+        - name: PGPASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: pg-superuser-secret
+              key: password
+
+        - name: APP_DB
+          valueFrom:
+            secretKeyRef:
+              name: app-db-secret
+              key: database
+        - name: APP_USER
+          valueFrom:
+            secretKeyRef:
+              name: app-db-secret
+              key: username
+        - name: APP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: app-db-secret
+              key: password
+
+        command:
+        - sh
+        - -c
+        - |
+          psql <<EOF
+          DO \$\$
+          BEGIN
+            IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${APP_USER}') THEN
+              CREATE USER ${APP_USER} WITH PASSWORD '${APP_PASSWORD}';
+            END IF;
+          END
+          \$\$;
+
+          DO \$\$
+          BEGIN
+            IF NOT EXISTS (SELECT FROM pg_database WHERE datname = '${APP_DB}') THEN
+              CREATE DATABASE ${APP_DB} OWNER ${APP_USER};
+            END IF;
+          END
+          \$\$;
+
+          GRANT ALL PRIVILEGES ON DATABASE ${APP_DB} TO ${APP_USER};
+          EOF

infrastructure/modules/postgres-app/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- job.yaml