Skip to content

Storage

RDS

DB Provisioning

If your app uses a Postgres DB, you can add the following snippets to your overlays/<env>/kustomization.yaml, to provision a DB prior App start up:

# applications/{external,internal}/<app>/overlays/<env>/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

labels:
  - pairs: 
      # your app name
      app: app-name-1
      allow-ingress-traefik: "true"
      # allow connecting to RDS
      allow-egress-rds: "true"
    includeSelectors: true

resources:
  - ../../base 
  # include the rds db provisioning job
  - ../../../../kustomize/rds-db-provisioning

# create a configmap containing your DB provisioning script (see example below)
configMapGenerator:
  - name: rds-provisioning-scripts
    files:
      - files/db-provisioning.sh
    options:
      annotations:
        argocd.argoproj.io/hook: PreSync

patches:
  - target:
      kind: ExternalSecret
      name: secrets
    patch: |
      - op: add
        path: /spec/dataFrom
        value:
          - extract:
              key: constellation/dev/rds_credentials # RDS Master Credentials
          - extract:
              key: constellation/app-name-1/dev # App Specific RDS Credentials

An example DB provisioning script could look like this, you will have to put this in your environment specific overlays files directory (e.g applications/{external,internal}/<app>/overlays/<env>/files/db-provisioning.sh):

# applications/internal/clearcomply/overlays/dev/files/db-provisioning.sh
echo "Bootstrapping $DB_NAME for user $DB_USER..."

# Check if database exists
if ! psql -h "$PGHOST" -U "$PGUSER" -d "$PGDATABASE" -tAc "SELECT 1 FROM pg_database WHERE datname='$DB_NAME'" | grep -q 1; then
  echo "Creating database $DB_NAME..."
  psql -h "$PGHOST" -U "$PGUSER" -d "$PGDATABASE" -c "CREATE DATABASE \"$DB_NAME\""
else
  echo "Database $DB_NAME already exists."
fi

# Now create or update the user and grant privileges
psql -h "$PGHOST" -U "$PGUSER" -d "$DB_NAME" <<SQL
DO \$\$
BEGIN
  IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = '$DB_USER') THEN
    EXECUTE format('CREATE ROLE %I LOGIN PASSWORD %L', '$DB_USER', '$DB_PASSWORD');
  ELSE
    EXECUTE format('ALTER ROLE %I WITH LOGIN PASSWORD %L', '$DB_USER', '$DB_PASSWORD');
  END IF;
END
\$\$;

GRANT ALL PRIVILEGES ON DATABASE "$DB_NAME" TO "$DB_USER";

-- Set up default privileges BEFORE ownership transfer
ALTER DEFAULT PRIVILEGES FOR ROLE "$DB_USER" IN SCHEMA public
  GRANT ALL ON TABLES TO "$DB_USER";
ALTER DEFAULT PRIVILEGES FOR ROLE "$DB_USER" IN SCHEMA public
  GRANT ALL ON SEQUENCES TO "$DB_USER";

-- Now hand over ownership
ALTER DATABASE "$DB_NAME" OWNER TO "$DB_USER";
SQL

echo "Bootstrap for $DB_NAME completed successfully."