apiVersion: batch/v1 kind: Job metadata: name: lemmy-db-init namespace: {{ .namespace }} spec: template: metadata: labels: component: db-init spec: restartPolicy: OnFailure securityContext: runAsNonRoot: true runAsUser: 999 runAsGroup: 999 seccompProfile: type: RuntimeDefault containers: - name: db-init image: postgres:16-alpine securityContext: allowPrivilegeEscalation: false capabilities: drop: [ALL] readOnlyRootFilesystem: false env: - name: PGHOST value: "{{ .dbHost }}" - name: PGPORT value: "{{ .dbPort }}" - name: PGUSER value: postgres - name: PGPASSWORD valueFrom: secretKeyRef: name: lemmy-secrets key: postgres.password - name: DB_NAME value: "{{ .dbName }}" - name: DB_USER value: "{{ .dbUser }}" - name: DB_PASSWORD valueFrom: secretKeyRef: name: lemmy-secrets key: dbPassword command: - sh - -c - | set -e echo "Waiting for PostgreSQL to be ready..." until pg_isready -h $PGHOST -p $PGPORT -U $PGUSER; do echo "Waiting for database connection..." sleep 2 done echo "Creating database and user..." psql -v ON_ERROR_STOP=1 <<-EOSQL SELECT 'CREATE DATABASE ${DB_NAME}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_NAME}')\gexec DO \$\$ BEGIN IF NOT EXISTS (SELECT FROM pg_user WHERE usename = '${DB_USER}') THEN CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASSWORD}'; ELSE ALTER USER ${DB_USER} WITH PASSWORD '${DB_PASSWORD}'; END IF; END \$\$; GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER}; \c ${DB_NAME} GRANT ALL ON SCHEMA public TO ${DB_USER}; EOSQL echo "Database initialization completed successfully"