plausible-hosting/k8s-manifests/postgres.yaml

apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  type: ClusterIP
  ports:
    - port: 5432
      targetPort: 5432
      protocol: TCP
      name: postgres
  selector:
    app: postgres
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
spec:
  replicas: 1
  serviceName: "postgres"
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      securityContext:
        fsGroup: 70
      containers:
        - name: snoopdb
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsGroup: 70
            runAsUser: 70
          image: postgres:12
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: postgres-configuration
                  key: POSTGRES_DB
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: postgres-configuration
                  key: POSTGRES_USER
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-configuration
                  key: POSTGRES_PASSWORD
            - name: PGDATABASE
              valueFrom:
                secretKeyRef:
                  name: postgres-configuration
                  key: PGDATABASE
            - name: PGUSER
              valueFrom:
                secretKeyRef:
                  name: postgres-configuration
                  key: POSTGRES_USER
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-configuration
                  key: POSTGRES_PASSWORD
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
          livenessProbe:
            exec:
              command:
                - "sh"
                - "-c"
                - "pg_isready"
                - "-U"
                - "$POSTGRES_USER"
            failureThreshold: 5
            periodSeconds: 10
            timeoutSeconds: 5
          resources:
            {}
          volumeMounts:
          - name: tmp
            mountPath: /tmp
          - name: var-lib-postgresql
            mountPath: /var/lib/postgresql
          - name: var-run-postgresql
            mountPath: /var/run/postgresql
      volumes:
        - name: tmp
          emptyDir: {}
        - name: var-lib-postgresql
          emptyDir: {}
        - name: var-run-postgresql
          emptyDir: {}