apiVersion: batch/v1
kind: Job
metadata:
  name: keycloak-db-init
  namespace: pg-init
spec:
  ttlSecondsAfterFinished: 300
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: db-init
          image: postgres:17
          env:
            - name: PGHOST
              value: pgbouncer.internal
            - name: PGPORT
              value: "6432"
            - name: PGUSER
              value: pginit
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: pg-init-secret
                  key: password
            - name: KC_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-db-bootstrap-secret
                  key: password
          command:
            - bash
            - -c
            - |
              psql -c "CREATE DATABASE keycloak;" || true
              psql -c "CREATE USER keycloak WITH PASSWORD '${KC_DB_PASSWORD}';" || true
              psql -c "GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;" || true
              psql -d keycloak -c "GRANT ALL ON SCHEMA public TO keycloak;" || true