ppusher

infra/overlays/upc-dev/passwordpusher-postgresql/resources/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- postgresql.yaml
+# passwordpusher-db-secret-sealed.yaml must be created separately:
+# 1. Create a Secret with keys: DATABASE_URL, pgusername, pgpassword
+#    (DATABASE_URL must be: postgresql://<pgusername>:<pgpassword>@passwordpusher-postgresql:5432/passwordpusher)
+# 2. Seal it with kubeseal targeting the passwordpusher namespace
+# 3. Add the resulting file here as a resource

infra/overlays/upc-dev/passwordpusher-postgresql/resources/postgresql.yaml

@@ -0,0 +1,98 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: passwordpusher-postgresql
+  namespace: passwordpusher
+  labels:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: passwordpusher
+    app.kubernetes.io/component: database
+spec:
+  type: ClusterIP
+  ports:
+  - name: tcp-postgresql
+    port: 5432
+    targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: passwordpusher
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: passwordpusher-postgresql
+  namespace: passwordpusher
+  labels:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: passwordpusher
+    app.kubernetes.io/component: database
+spec:
+  serviceName: passwordpusher-postgresql
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/instance: passwordpusher
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: postgresql
+        app.kubernetes.io/instance: passwordpusher
+        app.kubernetes.io/component: database
+    spec:
+      containers:
+      - name: postgresql
+        image: postgres:16-alpine
+        ports:
+        - name: tcp-postgresql
+          containerPort: 5432
+        env:
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: passwordpusher-db-creds
+              key: pgusername
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: passwordpusher-db-creds
+              key: pgpassword
+        - name: POSTGRES_DB
+          value: passwordpusher
+        - name: PGDATA
+          value: /var/lib/postgresql/data/pgdata
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/postgresql/data
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - pg_isready -U "$POSTGRES_USER" -d passwordpusher
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - pg_isready -U "$POSTGRES_USER" -d passwordpusher
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      resources:
+        requests:
+          storage: 2Gi