apiVersion: v1
kind: Service
metadata:
  name: forte-drop-postgresql
  namespace: forte-drop
  labels:
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/instance: forte-drop
    app.kubernetes.io/component: database
spec:
  type: ClusterIP
  ports:
  - name: tcp-postgresql
    port: 5432
    targetPort: tcp-postgresql
  selector:
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/instance: forte-drop
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: forte-drop-postgresql
  namespace: forte-drop
  labels:
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/instance: forte-drop
    app.kubernetes.io/component: database
spec:
  serviceName: forte-drop-postgresql
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: postgresql
      app.kubernetes.io/instance: forte-drop
  template:
    metadata:
      labels:
        app.kubernetes.io/name: postgresql
        app.kubernetes.io/instance: forte-drop
        app.kubernetes.io/component: database
    spec:
      containers:
      - name: postgresql
        image: postgres:16-alpine
        # NOTE: no securityContext. The official postgres image's entrypoint must
        # start as root to chown a fresh /var/lib/postgresql/data, then drops to
        # the postgres user (uid 70 in alpine) via gosu. Forcing runAsNonRoot here
        # breaks initdb on a fresh PVC. Matches the vaultwarden-postgresql pattern.
        ports:
        - name: tcp-postgresql
          containerPort: 5432
        env:
        - name: POSTGRES_USER
          valueFrom:
            secretKeyRef:
              name: forte-drop-pg-creds
              key: pgusername
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: forte-drop-pg-creds
              key: pgpassword
        - name: POSTGRES_DB
          value: drops
        - name: PGDATA
          value: /var/lib/postgresql/data/pgdata
        volumeMounts:
        - name: data
          mountPath: /var/lib/postgresql/data
        livenessProbe:
          exec:
            command:
            - sh
            - -c
            - pg_isready -U "$POSTGRES_USER" -d drops
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          exec:
            command:
            - sh
            - -c
            - pg_isready -U "$POSTGRES_USER" -d drops
          initialDelaySeconds: 5
          periodSeconds: 5
        resources:
          requests:
            cpu: 100m
            memory: 256Mi
          limits:
            cpu: 500m
            memory: 512Mi
  volumeClaimTemplates:
  - metadata:
      name: data
      annotations:
        argocd.argoproj.io/sync-options: Prune=false,Delete=false
    spec:
      accessModes:
      - ReadWriteOnce
      storageClassName: upcloud-block-storage-maxiops
      resources:
        requests:
          storage: 5Gi