apiVersion: v1
kind: Service
metadata:
  name: plausible-db
  labels:
    app.kubernetes.io/name: postgres
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: plausible
spec:
  type: ClusterIP
  ports:
    - name: db
      port: 5432
      targetPort: 5432
      protocol: TCP
  selector:
    app.kubernetes.io/name: postgres
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: plausible
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: plausible-db
  labels:
    app.kubernetes.io/name: postgres
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: plausible
spec:
  replicas: 1
  serviceName: plausible-db
  selector:
    matchLabels:
      app.kubernetes.io/name: postgres
      app.kubernetes.io/component: database
      app.kubernetes.io/part-of: plausible
  template:
    metadata:
      labels:
        app.kubernetes.io/name: postgres
        app.kubernetes.io/component: database
        app.kubernetes.io/part-of: plausible
    spec:
      restartPolicy: Always
      # 70 is the standard UID/GID for "postgres" in Alpine.
      # See  https://github.com/docker-library/postgres/blob/156d0659d047578f06aa8785cf12d547c6a5ccfd/14/alpine/Dockerfile#L9
      securityContext:
        runAsUser: 70
        runAsGroup: 70
        fsGroup: 70
      containers:
        - name: plausible-db
          # Postgres v14 is recommended
          image: postgres:14-alpine
          imagePullPolicy: Always
          ports:
            - containerPort: 5432
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data
          env:
            - name: POSTGRES_DB
              value: plausible
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: plausible-db-user
                  key: username
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: plausible-db-user
                  key: password
          securityContext:
            allowPrivilegeEscalation: false
          resources:
            limits:
              memory: 2Gi
              cpu: 1500m
            requests:
              memory: 65Mi
              cpu: 15m
          readinessProbe:
            exec:
              command:
                - /bin/sh
                - -c
                - pg_isready -U postgres
            initialDelaySeconds: 20
            failureThreshold: 6
            periodSeconds: 10
          livenessProbe:
            exec:
              command:
                - /bin/sh
                - -c
                - pg_isready -U postgres
            initialDelaySeconds: 30
            failureThreshold: 3
            periodSeconds: 10
  volumeClaimTemplates:
    - metadata:
        name: data
        labels:
          app.kubernetes.io/name: postgres
          app.kubernetes.io/component: database
          app.kubernetes.io/part-of: plausible
      spec:
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 128Mi
          limits:
            storage: 15Gi