apiVersion: v1 kind: Service metadata: name: postgres spec: type: ClusterIP ports: - port: 5432 targetPort: 5432 protocol: TCP name: postgres selector: app: postgres --- apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres spec: replicas: 1 serviceName: "postgres" selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: securityContext: fsGroup: 70 containers: - name: snoopdb securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsGroup: 70 runAsUser: 70 image: postgres:12 imagePullPolicy: IfNotPresent ports: - containerPort: 5432 env: - name: POSTGRES_DB valueFrom: secretKeyRef: name: postgres-configuration key: POSTGRES_DB - name: POSTGRES_USER valueFrom: secretKeyRef: name: postgres-configuration key: POSTGRES_USER - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-configuration key: POSTGRES_PASSWORD - name: PGDATABASE valueFrom: secretKeyRef: name: postgres-configuration key: PGDATABASE - name: PGUSER valueFrom: secretKeyRef: name: postgres-configuration key: POSTGRES_USER - name: PGPASSWORD valueFrom: secretKeyRef: name: postgres-configuration key: POSTGRES_PASSWORD - name: PGDATA value: /var/lib/postgresql/data/pgdata livenessProbe: exec: command: - "sh" - "-c" - "pg_isready" - "-U" - "$POSTGRES_USER" failureThreshold: 5 periodSeconds: 10 timeoutSeconds: 5 resources: {} volumeMounts: - name: tmp mountPath: /tmp - name: var-lib-postgresql mountPath: /var/lib/postgresql - name: var-run-postgresql mountPath: /var/run/postgresql volumes: - name: tmp emptyDir: {} - name: var-lib-postgresql emptyDir: {} - name: var-run-postgresql emptyDir: {}