64 lines
1.6 KiB
YAML
64 lines
1.6 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: postgres-init
|
|
spec:
|
|
dependsOn:
|
|
- name: infrastructure
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: psql
|
|
image: postgres:16
|
|
env:
|
|
- name: PGHOST
|
|
value: pg-cluster-rw.pg-databases.svc.cluster.local
|
|
- name: PGUSER
|
|
value: postgres
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: pg-cluster-root-password
|
|
key: password
|
|
|
|
- name: APP_DB
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-db-secret
|
|
key: database
|
|
- name: APP_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-db-secret
|
|
key: username
|
|
- name: APP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-db-secret
|
|
key: password
|
|
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
psql <<EOF
|
|
-- Create user (safe in transaction)
|
|
DO \$\$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${APP_USER}') THEN
|
|
CREATE USER ${APP_USER} WITH PASSWORD '${APP_PASSWORD}';
|
|
END IF;
|
|
END
|
|
\$\$;
|
|
|
|
-- Create database (must be outside transaction)
|
|
SELECT 'CREATE DATABASE ${APP_DB} OWNER ${APP_USER}'
|
|
WHERE NOT EXISTS (
|
|
SELECT FROM pg_database WHERE datname = '${APP_DB}'
|
|
)\gexec
|
|
|
|
-- Grant privileges (safe)
|
|
GRANT ALL PRIVILEGES ON DATABASE ${APP_DB} TO ${APP_USER};
|
|
EOF
|