apiVersion: v1 kind: Service metadata: name: vaultwarden-postgresql namespace: vaultwarden labels: app.kubernetes.io/name: postgresql app.kubernetes.io/instance: vaultwarden app.kubernetes.io/component: database spec: type: ClusterIP ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql selector: app.kubernetes.io/name: postgresql app.kubernetes.io/instance: vaultwarden --- apiVersion: apps/v1 kind: StatefulSet metadata: name: vaultwarden-postgresql namespace: vaultwarden labels: app.kubernetes.io/name: postgresql app.kubernetes.io/instance: vaultwarden app.kubernetes.io/component: database spec: serviceName: vaultwarden-postgresql replicas: 1 selector: matchLabels: app.kubernetes.io/name: postgresql app.kubernetes.io/instance: vaultwarden template: metadata: labels: app.kubernetes.io/name: postgresql app.kubernetes.io/instance: vaultwarden app.kubernetes.io/component: database spec: containers: - name: postgresql image: postgres:16-alpine ports: - name: tcp-postgresql containerPort: 5432 env: - name: POSTGRES_USER valueFrom: secretKeyRef: name: prod-db-creds key: pgusername - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: prod-db-creds key: pgpassword - name: POSTGRES_DB value: vaultwarden - name: PGDATA value: /var/lib/postgresql/data/pgdata volumeMounts: - name: data mountPath: /var/lib/postgresql/data livenessProbe: exec: command: - sh - -c - pg_isready -U "$POSTGRES_USER" -d vaultwarden initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: exec: command: - sh - -c - pg_isready -U "$POSTGRES_USER" -d vaultwarden initialDelaySeconds: 5 periodSeconds: 5 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 2Gi