k8s postgres

2025-07-22 13:39:40 +02:00
parent 2d1b25e40e
commit 91eef1911f
5 changed files with 140 additions and 0 deletions
--- a/doc/k8s-testing.md
+++ b/doc/k8s-testing.md
@@ -8,6 +8,12 @@
  * [Initialize](#initialize)
    * [Namespace](#namespace)
    * [Registry Secret](#registry-secret)
  * [Databases](#databases)
    * [Postgres](#postgres)
      * [Secret](#secret)
      * [Config Map](#config-map)
      * [Stateful Set](#stateful-set)
      * [Service](#service)
 <!-- TOC -->
 ----
@@ -67,3 +73,51 @@ echo -n '{"auths":{"<your-registry>":{"username":"your-username","password":"you
 ```
 witch give `eyJhdXRocyI6eyI8eW91ci1yZWdpc3RyeT4iOnsidXNlcm5hbWUiOiJ5b3VyLXVzZXJuYW1lIiwicGFzc3dvcmQiOiJ5b3VyLXBhc3N3b3JkIiwiZW1haWwiOiJ5b3VyLWVtYWlsIiwiYXV0aCI6ImVXOTFjaTExYzJWeWJtRnRaVHA1YjNWeUxYQmhjM04zYjNKayJ9fX0=`
 ---
 ## Databases
 ### Postgres
 Remember that you don't run replicas but many instances with its own storage and service.
 #### Secret
 ```bash
 kubectl apply -f .\kube\02-databases\01-postgres\01-secret.yaml
 ```
 Set values:
 - postgres root password
 using something a bit more secure `SCRAM-SHA-256$4096:f/IWlCTGdMT9qOjQlPbWtA==$qePy5ArW+7ykg3yHqW7qYH0j2384OIoV2IcBcz0mIRM=:KuU1xgnAVtOVpCZhdUJlI8F7Viz0ApmYxYEo5yXNCW0=` in this case we use `password`, to make this... use postgres to make a user and password, copy this value and now will use as admin password.
 #### Config Map
 ```bash
 kubectl apply -f .\kube\02-databases\01-postgres\02-configmap.yaml
 ```
 Set values:
 - postgres root user
 #### Stateful Set
 This is the specifications for postgres.
 ```bash
 kubectl apply -f .\kube\02-databases\01-postgres\03-statefulset.yaml
 ```
 Set storage size for permanent storage
 #### Service
 this exposes port and ip.
 ```bash
 kubectl apply -f .\kube\02-databases\01-postgres\04-service.yaml
 ```
--- a/kube/02-databases/01-postgres/01-secret.yaml
+++ b/kube/02-databases/01-postgres/01-secret.yaml
@@ -0,0 +1,12 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: postgres
  namespace: hlaeja
  labels:
    app: postgres
    environment: testing
    tier: database
 type: Opaque
 stringData:
  POSTGRES_PASSWORD: "password"
--- a/kube/02-databases/01-postgres/02-configmap.yaml
+++ b/kube/02-databases/01-postgres/02-configmap.yaml
@@ -0,0 +1,11 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: postgres
  namespace: hlaeja
  labels:
    app: postgres
    environment: testing
    tier: database
 data:
  POSTGRES_USER: "postgres"
--- a/kube/02-databases/01-postgres/03-statefulset.yaml
+++ b/kube/02-databases/01-postgres/03-statefulset.yaml
@@ -0,0 +1,42 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  name: postgres
  namespace: hlaeja
  labels:
    app: postgres
    environment: testing
    tier: database
 spec:
  serviceName: postgres
  replicas: 1
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
        - name: postgres
          image: postgres:17
          ports:
            - containerPort: 5432
          envFrom:
            - configMapRef:
                name: postgres
            - secretRef:
                name: postgres
          volumeMounts:
            - name: postgres-data
              mountPath: /var/lib/postgresql/data
  volumeClaimTemplates:
    - metadata:
        name: postgres-data
      spec:
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
--- a/kube/02-databases/01-postgres/04-service.yaml
+++ b/kube/02-databases/01-postgres/04-service.yaml
@@ -0,0 +1,21 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: postgres
  namespace: hlaeja
  labels:
    app: postgres
    environment: testing
    tier: database
  annotations:
    metallb.universe.tf/address-pool: default
 spec:
  type: LoadBalancer
  loadBalancerIP: 10.0.3.141
  selector:
    app: postgres
  ports:
    - port: 5432
      targetPort: 5432
      protocol: TCP
      name: postgres