pomerium Files · 20-kube/06-postgres.yaml

Files @ 768a373ff151

Branch filter:

Location: pomerium/20-kube/06-postgres.yaml

768a373ff151 2.0 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

drewp@bigasterisk.com

add postgres for session storage

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pomerium-db-data
  labels:
    type: local
spec:
  storageClassName: manual
  hostPath:
    path: "/opt/pomerium-db"
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  claimRef:
    namespace: pomerium
    name: pomerium-db-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  namespace: pomerium
  name: pomerium-db-data
spec:
  storageClassName: ""
  volumeName: "pomerium-db-data"
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: pomerium
  name: pomerium-db
spec:
  replicas: 1
  strategy: {type: Recreate}
  selector:
    matchLabels:
      app: pomerium-db
  template:
    metadata:
      labels:
        app: pomerium-db
      annotations:
        prometheus.io/scrape: "false"
    spec:
      volumes:
        - name: pomerium-db-data
          persistentVolumeClaim:
            claimName: pomerium-db-data
      containers:
        # see /my/serv/photoprism/deploy.yaml for exporter example (for mariadb)
        - name: pomerium-db
          image: postgres:14.2-alpine3.15
          env:
          - {name: POSTGRES_PASSWORD, value: admin}
          - {name: POSTGRES_DB, value: pomerium}
          ports:
          - containerPort: 5432
          volumeMounts:
          - name: pomerium-db-data
            mountPath:  /var/lib/postgresql/data
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: "kubernetes.io/hostname"
                operator: In
                values: ["ditto"]
---
apiVersion: v1
kind: Service
metadata:
  namespace: pomerium
  name: pomerium-db
spec:
  ports:
  - port: 5432
    targetPort: 5432
  selector:
    app: pomerium-db
---
apiVersion: v1
kind: Secret
metadata:
  namespace: pomerium
  name: postgres-connection-key
type: Opaque
stringData: 
  connection: postgresql://pom:pom@pomerium-db/pomerium