apiVersion: batch/v1 kind: Job metadata: name: loomio-db-init spec: template: spec: restartPolicy: OnFailure containers: - name: db-init image: postgres:15-alpine env: - name: PGHOST value: "{{ .db.host }}" - name: PGPORT value: "{{ .db.port }}" - name: PGUSER value: postgres - name: PGPASSWORD valueFrom: secretKeyRef: name: postgres-secrets key: postgres.password - name: LOOMIO_DB_NAME value: "{{ .db.name }}" - name: LOOMIO_DB_USER value: "{{ .db.user }}" - name: LOOMIO_DB_PASSWORD valueFrom: secretKeyRef: name: loomio-secrets key: dbPassword command: - sh - -c - | echo "Creating database and user for Loomio..." # Check if database exists, create if not psql -tc "SELECT 1 FROM pg_database WHERE datname = '$LOOMIO_DB_NAME'" | grep -q 1 || \ psql -c "CREATE DATABASE \"$LOOMIO_DB_NAME\"" # Check if user exists, create or update password psql -tc "SELECT 1 FROM pg_user WHERE usename = '$LOOMIO_DB_USER'" | grep -q 1 && \ psql -c "ALTER USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" || \ psql -c "CREATE USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" # Grant all privileges psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$LOOMIO_DB_NAME\" TO \"$LOOMIO_DB_USER\"" # Connect to the database and grant schema permissions psql -d "$LOOMIO_DB_NAME" -c "GRANT ALL ON SCHEMA public TO \"$LOOMIO_DB_USER\"" echo "Database initialization complete!" securityContext: runAsNonRoot: true runAsUser: 999 # postgres user runAsGroup: 999 allowPrivilegeEscalation: false capabilities: drop: [ALL] readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault