apiVersion: v1 kind: PersistentVolume metadata: name: pomerium-db-data labels: type: local spec: storageClassName: manual hostPath: path: "/opt/pomerium-db" capacity: storage: 50Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain claimRef: namespace: pomerium name: pomerium-db-data --- apiVersion: v1 kind: PersistentVolumeClaim metadata: namespace: pomerium name: pomerium-db-data spec: storageClassName: "" volumeName: "pomerium-db-data" accessModes: - ReadWriteOnce resources: requests: storage: 50Gi --- apiVersion: apps/v1 kind: Deployment metadata: namespace: pomerium name: pomerium-db spec: replicas: 1 strategy: {type: Recreate} selector: matchLabels: app: pomerium-db template: metadata: labels: app: pomerium-db annotations: prometheus.io/scrape: "false" spec: volumes: - name: pomerium-db-data persistentVolumeClaim: claimName: pomerium-db-data containers: # see /my/serv/photoprism/deploy.yaml for exporter example (for mariadb) - name: pomerium-db image: postgres:14.2-alpine3.15 env: - {name: POSTGRES_PASSWORD, value: admin} - {name: POSTGRES_DB, value: pomerium} ports: - containerPort: 5432 volumeMounts: - name: pomerium-db-data mountPath: /var/lib/postgresql/data affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "kubernetes.io/hostname" operator: In values: ["ditto"] --- apiVersion: v1 kind: Service metadata: namespace: pomerium name: pomerium-db spec: ports: - port: 5432 targetPort: 5432 selector: app: pomerium-db --- apiVersion: v1 kind: Secret metadata: namespace: pomerium name: postgres-connection-key type: Opaque stringData: connection: postgresql://pom:pom@pomerium-db/pomerium