58 lines
2.0 KiB
YAML
58 lines
2.0 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: matrix-db-init
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: db-init
|
|
image: postgres:17
|
|
command: ["/bin/bash", "-c"]
|
|
args:
|
|
- |
|
|
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${DB_HOSTNAME} -U postgres <<EOF
|
|
DO \$\$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '${DB_USERNAME}') THEN
|
|
CREATE USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
|
|
ELSE
|
|
ALTER USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
|
|
END IF;
|
|
END
|
|
\$\$;
|
|
|
|
SELECT 'CREATE DATABASE ${DB_DATABASE_NAME} ENCODING ''UTF8'' LC_COLLATE ''C'' LC_CTYPE ''C'' TEMPLATE template0' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_DATABASE_NAME}')\gexec
|
|
ALTER DATABASE ${DB_DATABASE_NAME} OWNER TO ${DB_USERNAME};
|
|
GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE_NAME} TO ${DB_USERNAME};
|
|
EOF
|
|
env:
|
|
- name: POSTGRES_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: matrix-secrets
|
|
key: postgres.password
|
|
- name: DB_HOSTNAME
|
|
value: "{{ .dbHostname }}"
|
|
- name: DB_DATABASE_NAME
|
|
value: "{{ .dbName }}"
|
|
- name: DB_USERNAME
|
|
value: "{{ .dbUsername }}"
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: matrix-secrets
|
|
key: dbPassword
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: [ALL]
|
|
readOnlyRootFilesystem: false
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 999
|
|
runAsGroup: 999
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
restartPolicy: OnFailure
|