fix: Resolve Kubernetes deployment issues with proper persistence and authentication

- Replace non-persistent emptyDir with PersistentVolumeClaim for database storage
- Add imagePullSecrets to both API and frontend deployments for private registry access
- Implement database initialization Job that creates schema and populates fake data
- Fix incomplete frontend-deployment.yaml YAML structure
- Add database initialization ServiceAccount with minimal privileges
- Ensure idempotent initialization (checks if DB exists before creating)
- Update kustomization.yaml to include all new resources in correct order

These changes ensure the deployment:
1. Persists database across pod restarts
2. Authenticates with private container registry
3. Automatically initializes the database with schema and sample KPI data
4. Follows DRY and KISS principles with single reusable init job

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

dashboard-sqdc/k8s/api-deployment.yaml

@@ -54,4 +54,7 @@ spec:
           mountPath: /app/database
       volumes:
       - name: database
-        emptyDir: {}
+        persistentVolumeClaim:
+          claimName: sqdc-database-pvc
+      imagePullSecrets:
+      - name: registry-credentials

dashboard-sqdc/k8s/db-init-job.yaml

@@ -0,0 +1,58 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: sqdc-db-init
+  namespace: sqdc-dashboard
+  labels:
+    app: sqdc-api
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      labels:
+        app: sqdc-api-init
+    spec:
+      serviceAccountName: sqdc-db-init
+      restartPolicy: Never
+      containers:
+      - name: db-init
+        image: gitea.vidoks.fr/sortifal/pfee:latest
+        imagePullPolicy: Always
+        command:
+        - sh
+        - -c
+        - |
+          echo "Starting database initialization..."
+
+          if [ ! -f /app/database/sqdc.db ]; then
+            echo "Creating new database from schema..."
+            sqlite3 /app/database/sqdc.db < /app/database/schema.sql
+
+            echo "Populating database with sample data..."
+            python3 /app/database/populate_db.py
+
+            echo "✅ Database initialized successfully"
+          else
+            echo "✅ Database already exists, skipping initialization"
+          fi
+
+          echo "Verifying database integrity..."
+          sqlite3 /app/database/sqdc.db "SELECT COUNT(*) as table_count FROM sqlite_master WHERE type='table';"
+
+          echo "Database initialization complete"
+        volumeMounts:
+        - name: database
+          mountPath: /app/database
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "256Mi"
+            cpu: "200m"
+      volumes:
+      - name: database
+        persistentVolumeClaim:
+          claimName: sqdc-database-pvc
+      imagePullSecrets:
+      - name: registry-credentials

dashboard-sqdc/k8s/db-init-sa.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sqdc-db-init
+  namespace: sqdc-dashboard
+  labels:
+    app: sqdc-api

dashboard-sqdc/k8s/frontend-deployment.yaml

@@ -46,3 +46,5 @@ spec:
           periodSeconds: 5
           timeoutSeconds: 3
           failureThreshold: 2
+      imagePullSecrets:
+      - name: registry-credentials

dashboard-sqdc/k8s/kustomization.yaml

@@ -5,6 +5,9 @@ namespace: sqdc-dashboard
 
 resources:
   - namespace.yaml
+  - pvc.yaml
+  - db-init-sa.yaml
+  - db-init-job.yaml
   - api-deployment.yaml
   - api-service.yaml
   - frontend-deployment.yaml

dashboard-sqdc/k8s/pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sqdc-database-pvc
+  namespace: sqdc-dashboard
+  labels:
+    app: sqdc-api
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi