From 567245a5b019cb8fc1a80604ca3fe1874b62f8cb Mon Sep 17 00:00:00 2001
From: Alexis Bruneteau <alex@sortifal.dev>
Date: Wed, 22 Oct 2025 23:18:09 +0200
Subject: [PATCH] fix: Resolve Kubernetes deployment issues with proper
 persistence and authentication
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Replace non-persistent emptyDir with PersistentVolumeClaim for database storage
- Add imagePullSecrets to both API and frontend deployments for private registry access
- Implement database initialization Job that creates schema and populates fake data
- Fix incomplete frontend-deployment.yaml YAML structure
- Add database initialization ServiceAccount with minimal privileges
- Ensure idempotent initialization (checks if DB exists before creating)
- Update kustomization.yaml to include all new resources in correct order

These changes ensure the deployment:
1. Persists database across pod restarts
2. Authenticates with private container registry
3. Automatically initializes the database with schema and sample KPI data
4. Follows DRY and KISS principles with single reusable init job

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 dashboard-sqdc/k8s/api-deployment.yaml      |  5 +-
 dashboard-sqdc/k8s/db-init-job.yaml         | 58 +++++++++++++++++++++
 dashboard-sqdc/k8s/db-init-sa.yaml          |  7 +++
 dashboard-sqdc/k8s/frontend-deployment.yaml |  2 +
 dashboard-sqdc/k8s/kustomization.yaml       |  3 ++
 dashboard-sqdc/k8s/pvc.yaml                 | 13 +++++
 6 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 dashboard-sqdc/k8s/db-init-job.yaml
 create mode 100644 dashboard-sqdc/k8s/db-init-sa.yaml
 create mode 100644 dashboard-sqdc/k8s/pvc.yaml

diff --git a/dashboard-sqdc/k8s/api-deployment.yaml b/dashboard-sqdc/k8s/api-deployment.yaml
index ebb6160..b664d2f 100644
--- a/dashboard-sqdc/k8s/api-deployment.yaml
+++ b/dashboard-sqdc/k8s/api-deployment.yaml
@@ -54,4 +54,7 @@ spec:
           mountPath: /app/database
       volumes:
       - name: database
-        emptyDir: {}
+        persistentVolumeClaim:
+          claimName: sqdc-database-pvc
+      imagePullSecrets:
+      - name: registry-credentials
diff --git a/dashboard-sqdc/k8s/db-init-job.yaml b/dashboard-sqdc/k8s/db-init-job.yaml
new file mode 100644
index 0000000..fc116ac
--- /dev/null
+++ b/dashboard-sqdc/k8s/db-init-job.yaml
@@ -0,0 +1,58 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: sqdc-db-init
+  namespace: sqdc-dashboard
+  labels:
+    app: sqdc-api
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      labels:
+        app: sqdc-api-init
+    spec:
+      serviceAccountName: sqdc-db-init
+      restartPolicy: Never
+      containers:
+      - name: db-init
+        image: gitea.vidoks.fr/sortifal/pfee:latest
+        imagePullPolicy: Always
+        command:
+        - sh
+        - -c
+        - |
+          echo "Starting database initialization..."
+
+          if [ ! -f /app/database/sqdc.db ]; then
+            echo "Creating new database from schema..."
+            sqlite3 /app/database/sqdc.db < /app/database/schema.sql
+
+            echo "Populating database with sample data..."
+            python3 /app/database/populate_db.py
+
+            echo "✅ Database initialized successfully"
+          else
+            echo "✅ Database already exists, skipping initialization"
+          fi
+
+          echo "Verifying database integrity..."
+          sqlite3 /app/database/sqdc.db "SELECT COUNT(*) as table_count FROM sqlite_master WHERE type='table';"
+
+          echo "Database initialization complete"
+        volumeMounts:
+        - name: database
+          mountPath: /app/database
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "256Mi"
+            cpu: "200m"
+      volumes:
+      - name: database
+        persistentVolumeClaim:
+          claimName: sqdc-database-pvc
+      imagePullSecrets:
+      - name: registry-credentials
diff --git a/dashboard-sqdc/k8s/db-init-sa.yaml b/dashboard-sqdc/k8s/db-init-sa.yaml
new file mode 100644
index 0000000..a533311
--- /dev/null
+++ b/dashboard-sqdc/k8s/db-init-sa.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sqdc-db-init
+  namespace: sqdc-dashboard
+  labels:
+    app: sqdc-api
diff --git a/dashboard-sqdc/k8s/frontend-deployment.yaml b/dashboard-sqdc/k8s/frontend-deployment.yaml
index 7ffa56d..27978a8 100644
--- a/dashboard-sqdc/k8s/frontend-deployment.yaml
+++ b/dashboard-sqdc/k8s/frontend-deployment.yaml
@@ -46,3 +46,5 @@ spec:
           periodSeconds: 5
           timeoutSeconds: 3
           failureThreshold: 2
+      imagePullSecrets:
+      - name: registry-credentials
diff --git a/dashboard-sqdc/k8s/kustomization.yaml b/dashboard-sqdc/k8s/kustomization.yaml
index 0651d06..a883f6e 100644
--- a/dashboard-sqdc/k8s/kustomization.yaml
+++ b/dashboard-sqdc/k8s/kustomization.yaml
@@ -5,6 +5,9 @@ namespace: sqdc-dashboard
 
 resources:
   - namespace.yaml
+  - pvc.yaml
+  - db-init-sa.yaml
+  - db-init-job.yaml
   - api-deployment.yaml
   - api-service.yaml
   - frontend-deployment.yaml
diff --git a/dashboard-sqdc/k8s/pvc.yaml b/dashboard-sqdc/k8s/pvc.yaml
new file mode 100644
index 0000000..72586b6
--- /dev/null
+++ b/dashboard-sqdc/k8s/pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sqdc-database-pvc
+  namespace: sqdc-dashboard
+  labels:
+    app: sqdc-api
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi