wild-cloud/apps/discourse/db-init-job.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: discourse-db-init
  namespace: discourse
spec:
  template:
    metadata:
      labels:
        component: db-init
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 999
        runAsGroup: 999
        seccompProfile:
          type: RuntimeDefault
      restartPolicy: OnFailure
      containers:
      - name: db-init
        image: postgres:16-alpine
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: false
        env:
        - name: PGHOST
          value: "{{ .apps.discourse.dbHostname }}"
        - name: PGPORT
          value: "5432"
        - name: PGUSER
          value: postgres
        - name: PGPASSWORD
          valueFrom:
            secretKeyRef:
              name: discourse-secrets
              key: apps.postgres.password
        - name: DISCOURSE_DB_USER
          value: "{{ .apps.discourse.dbUsername }}"
        - name: DISCOURSE_DB_NAME
          value: "{{ .apps.discourse.dbName }}"
        - name: DISCOURSE_DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: discourse-secrets
              key: apps.discourse.dbPassword
        command:
        - /bin/sh
        - -c
        - |
          echo "Initializing Discourse database..."
          
          # Create database if it doesn't exist
          if ! psql -lqt | cut -d \| -f 1 | grep -qw "$DISCOURSE_DB_NAME"; then
            echo "Creating database $DISCOURSE_DB_NAME..."
            createdb "$DISCOURSE_DB_NAME"
          else
            echo "Database $DISCOURSE_DB_NAME already exists."
          fi
          
          # Create user if it doesn't exist and grant permissions
          psql -d "$DISCOURSE_DB_NAME" -c "
            DO \$\$
            BEGIN
              IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$DISCOURSE_DB_USER') THEN
                CREATE USER $DISCOURSE_DB_USER WITH PASSWORD '$DISCOURSE_DB_PASSWORD';
              END IF;
            END
            \$\$;
            GRANT ALL PRIVILEGES ON DATABASE $DISCOURSE_DB_NAME TO $DISCOURSE_DB_USER;
            GRANT ALL ON SCHEMA public TO $DISCOURSE_DB_USER;
            GRANT USAGE ON SCHEMA public TO $DISCOURSE_DB_USER;
          "
          
          echo "Database initialization completed."