apiVersion: batch/v1
kind: Job
metadata:
  name: harbor-db-init-v1
  namespace: pg-init
spec:
  ttlSecondsAfterFinished: 300
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: db-init
          image: postgres:17
          env:
            - name: PGHOST
              value: pgbouncer.default.svc.cluster.local
            - name: PGPORT
              value: "6432"
            - name: PGUSER
              value: pginit
            - name: PGDATABASE
              value: postgres
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: pg-init-secret
                  key: password
            - name: HARBOR_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: harbor-db-bootstrap-secret
                  key: password
          command:
            - bash
            - -ec
            - |
              psql -c "SELECT 1 FROM pg_roles WHERE rolname='harbor'" | grep -q 1 || \
                psql -c "CREATE USER harbor WITH PASSWORD '${HARBOR_DB_PASSWORD}';"
              psql -c "GRANT harbor TO pginit;"
              psql -c "SELECT 1 FROM pg_database WHERE datname='harbor'" | grep -q 1 || \
                psql -c "CREATE DATABASE harbor OWNER harbor;"
              psql -c "GRANT ALL PRIVILEGES ON DATABASE harbor TO harbor;"
              psql -d harbor -c "GRANT ALL ON SCHEMA public TO harbor;"