Skip to content

Storage

RDS

DB Provisioning

If your app uses a Postgres DB, you can add the following snippets to your overlays/<env>/kustomization.yaml to provision a DB prior to app startup:

# applications/{external,internal}/<app>/overlays/<env>/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

labels:
  - pairs:
      # Your app name
      app: app-name-1
      allow-ingress-traefik: "true"
      # Allow connecting to RDS
      allow-egress-rds: "true"
    includeSelectors: true

resources:
  - ../../base
  # Include the RDS DB provisioning job
  - ../../../../kustomize/rds-db-provisioning

# Create a ConfigMap containing your DB provisioning script (see example below)
configMapGenerator:
  - name: rds-provisioning-scripts
    files:
      - files/db-provisioning.sh
    options:
      annotations:
        argocd.argoproj.io/hook: PreSync

patches:
  - target:
      kind: ExternalSecret
      name: secrets
    patch: |
      - op: add
        path: /spec/dataFrom
        value:
          - extract:
              key: constellation/dev/rds_credentials # RDS Master Credentials
          - extract:
              key: constellation/app-name-1/dev # App-specific RDS Credentials

An example DB provisioning script follows. You must place this in your environment-specific overlays files directory (e.g., applications/{external,internal}/<app>/overlays/<env>/files/db-provisioning.sh):

# applications/internal/comply/overlays/dev/files/db-provisioning.sh
echo "Bootstrapping $DB_NAME for user $DB_USER..."

# Check if database exists
if ! psql -h "$PGHOST" -U "$PGUSER" -d "$PGDATABASE" -tAc "SELECT 1 FROM pg_database WHERE datname='$DB_NAME'" | grep -q 1; then
  echo "Creating database $DB_NAME..."
  psql -h "$PGHOST" -U "$PGUSER" -d "$PGDATABASE" -c "CREATE DATABASE \"$DB_NAME\""
else
  echo "Database $DB_NAME already exists."
fi

# Now create or update the user and grant privileges
psql -h "$PGHOST" -U "$PGUSER" -d "$DB_NAME" <<SQL
DO \$\$
BEGIN
  IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = '$DB_USER') THEN
    EXECUTE format('CREATE ROLE %I LOGIN PASSWORD %L', '$DB_USER', '$DB_PASSWORD');
  ELSE
    EXECUTE format('ALTER ROLE %I WITH LOGIN PASSWORD %L', '$DB_USER', '$DB_PASSWORD');
  END IF;
END
\$\$;

GRANT ALL PRIVILEGES ON DATABASE "$DB_NAME" TO "$DB_USER";

-- Set up default privileges BEFORE ownership transfer
ALTER DEFAULT PRIVILEGES FOR ROLE "$DB_USER" IN SCHEMA public
  GRANT ALL ON TABLES TO "$DB_USER";
ALTER DEFAULT PRIVILEGES FOR ROLE "$DB_USER" IN SCHEMA public
  GRANT ALL ON SEQUENCES TO "$DB_USER";

-- Now hand over ownership
ALTER DATABASE "$DB_NAME" OWNER TO "$DB_USER";
SQL

# Check if pgvector extension exists in the database
EXT_EXISTS=$(psql -h "$PGHOST" -U "$PGUSER" -d "$DB_NAME" -t -c "SELECT 1 FROM pg_extension WHERE extname = 'vector'")

# Create pgvector extension if it doesn't exist
if [ -z "$EXT_EXISTS" ]; then
  echo "Creating pgvector extension in database $DB_NAME..."
  psql -h "$PGHOST" -U "$PGUSER" -d "$DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS vector;"
else
  echo "pgvector extension already exists in database $DB_NAME."
fi

echo "Bootstrap for $DB_NAME completed successfully."