From 91eef1911f2505193eaa8a7ba161ff125d645b80 Mon Sep 17 00:00:00 2001
From: Swordsteel <swordsteel@gmail.com>
Date: Tue, 22 Jul 2025 13:39:40 +0200
Subject: [PATCH] k8s postgres

---
 doc/k8s-testing.md                            | 54 +++++++++++++++++++
 kube/02-databases/01-postgres/01-secret.yaml  | 12 +++++
 .../01-postgres/02-configmap.yaml             | 11 ++++
 .../01-postgres/03-statefulset.yaml           | 42 +++++++++++++++
 kube/02-databases/01-postgres/04-service.yaml | 21 ++++++++
 5 files changed, 140 insertions(+)
 create mode 100644 kube/02-databases/01-postgres/01-secret.yaml
 create mode 100644 kube/02-databases/01-postgres/02-configmap.yaml
 create mode 100644 kube/02-databases/01-postgres/03-statefulset.yaml
 create mode 100644 kube/02-databases/01-postgres/04-service.yaml

diff --git a/doc/k8s-testing.md b/doc/k8s-testing.md
index ee7b367..6294e41 100644
--- a/doc/k8s-testing.md
+++ b/doc/k8s-testing.md
@@ -8,6 +8,12 @@
   * [Initialize](#initialize)
     * [Namespace](#namespace)
     * [Registry Secret](#registry-secret)
+  * [Databases](#databases)
+    * [Postgres](#postgres)
+      * [Secret](#secret)
+      * [Config Map](#config-map)
+      * [Stateful Set](#stateful-set)
+      * [Service](#service)
 <!-- TOC -->
 
 ----
@@ -67,3 +73,51 @@ echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"you
 ```
 
 witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`
+
+---
+
+## Databases
+
+### Postgres
+
+Remember that you don't run replicas but many instances with its own storage and service.
+
+#### Secret
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\01-secret.yaml
+```
+
+Set values:
+
+- postgres root password
+
+using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.
+
+#### Config Map
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\02-configmap.yaml
+```
+
+Set values:
+
+- postgres root user
+
+#### Stateful Set
+
+This is the specifications for postgres.
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\03-statefulset.yaml
+```
+
+Set storage size for permanent storage
+
+#### Service
+
+this exposes port and ip.
+
+```bash
+kubectl apply -f .\kube\02-databases\01-postgres\04-service.yaml
+```
diff --git a/kube/02-databases/01-postgres/01-secret.yaml b/kube/02-databases/01-postgres/01-secret.yaml
new file mode 100644
index 0000000..76d6a8a
--- /dev/null
+++ b/kube/02-databases/01-postgres/01-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+type: Opaque
+stringData:
+  POSTGRES_PASSWORD: "password"
diff --git a/kube/02-databases/01-postgres/02-configmap.yaml b/kube/02-databases/01-postgres/02-configmap.yaml
new file mode 100644
index 0000000..31aeb09
--- /dev/null
+++ b/kube/02-databases/01-postgres/02-configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+data:
+  POSTGRES_USER: "postgres"
diff --git a/kube/02-databases/01-postgres/03-statefulset.yaml b/kube/02-databases/01-postgres/03-statefulset.yaml
new file mode 100644
index 0000000..26127b0
--- /dev/null
+++ b/kube/02-databases/01-postgres/03-statefulset.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+spec:
+  serviceName: postgres
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:17
+          ports:
+            - containerPort: 5432
+          envFrom:
+            - configMapRef:
+                name: postgres
+            - secretRef:
+                name: postgres
+          volumeMounts:
+            - name: postgres-data
+              mountPath: /var/lib/postgresql/data
+  volumeClaimTemplates:
+    - metadata:
+        name: postgres-data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 10Gi
diff --git a/kube/02-databases/01-postgres/04-service.yaml b/kube/02-databases/01-postgres/04-service.yaml
new file mode 100644
index 0000000..5a06099
--- /dev/null
+++ b/kube/02-databases/01-postgres/04-service.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: hlaeja
+  labels:
+    app: postgres
+    environment: testing
+    tier: database
+  annotations:
+    metallb.universe.tf/address-pool: default
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.0.3.141
+  selector:
+    app: postgres
+  ports:
+    - port: 5432
+      targetPort: 5432
+      protocol: TCP
+      name: postgres