Mercurial > code > home > repos > pomerium

diff 20-kube/06-postgres.yaml @ 17:768a373ff151

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add postgres for session storage
author drewp@bigasterisk.com
date Sun, 09 Apr 2023 16:35:33 -0700
parents
children 76e097b3e248
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/20-kube/06-postgres.yaml	Sun Apr 09 16:35:33 2023 -0700
@@ -0,0 +1,96 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pomerium-db-data
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  hostPath:
+    path: "/opt/pomerium-db"
+  capacity:
+    storage: 50Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  claimRef:
+    namespace: pomerium
+    name: pomerium-db-data
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: pomerium
+  name: pomerium-db-data
+spec:
+  storageClassName: ""
+  volumeName: "pomerium-db-data"
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: pomerium
+  name: pomerium-db
+spec:
+  replicas: 1
+  strategy: {type: Recreate}
+  selector:
+    matchLabels:
+      app: pomerium-db
+  template:
+    metadata:
+      labels:
+        app: pomerium-db
+      annotations:
+        prometheus.io/scrape: "false"
+    spec:
+      volumes:
+        - name: pomerium-db-data
+          persistentVolumeClaim:
+            claimName: pomerium-db-data
+      containers:
+        # see /my/serv/photoprism/deploy.yaml for exporter example (for mariadb)
+        - name: pomerium-db
+          image: postgres:14.2-alpine3.15
+          env:
+          - {name: POSTGRES_PASSWORD, value: admin}
+          - {name: POSTGRES_DB, value: pomerium}
+          ports:
+          - containerPort: 5432
+          volumeMounts:
+          - name: pomerium-db-data
+            mountPath:  /var/lib/postgresql/data
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: "kubernetes.io/hostname"
+                operator: In
+                values: ["ditto"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: pomerium
+  name: pomerium-db
+spec:
+  ports:
+  - port: 5432
+    targetPort: 5432
+  selector:
+    app: pomerium-db
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: pomerium
+  name: postgres-connection-key
+type: Opaque
+stringData: 
+  connection: postgresql://pom:pom@pomerium-db/pomerium