locals { postgresql_user = "gitea" postgresql_version = "18" postgresql_dbname = "gitea" } resource "kubernetes_service" "postgresql_headless" { metadata { name = "${local.instance_name}-postgresql-hl" namespace = kubernetes_namespace.this.metadata.0.name labels = { "app.kubernetes.io/instance" = local.instance_name "app.kubernetes.io/managed-by" = "terraform" "app.kubernetes.io/version" = local.postgresql_version "app.kubernetes.io/name" = "postgresql" } } spec { type = "ClusterIP" cluster_ip = null selector = { "app.kubernetes.io/instance" = local.instance_name "app.kubernetes.io/name" = "postgresql" } port { name = "tcp-postgresql" port = 5432 protocol = "TCP" target_port = "tcp-postgresql" } } } resource "kubernetes_service" "postgresql" { metadata { name = "${local.instance_name}-postgresql" namespace = kubernetes_namespace.this.metadata.0.name labels = { "app.kubernetes.io/instance" = local.instance_name "app.kubernetes.io/managed-by" = "terraform" "app.kubernetes.io/version" = local.postgresql_version "app.kubernetes.io/name" = "postgresql" } } spec { type = "ClusterIP" selector = { "app.kubernetes.io/instance" = local.instance_name "app.kubernetes.io/name" = "postgresql" } port { name = "tcp-postgresql" port = 5432 protocol = "TCP" target_port = "tcp-postgresql" } } } resource "kubernetes_secret" "postgresql" { metadata { namespace = kubernetes_namespace.this.metadata.0.name name = "${local.instance_name}-postgresql" } data = { password = sensitive(random_password.postgresql.result) } } resource "kubernetes_stateful_set" "postgresql" { metadata { namespace = kubernetes_namespace.this.metadata.0.name name = "${local.instance_name}-postgresql" labels = { "app.kubernetes.io/instance" = local.instance_name "app.kubernetes.io/managed-by" = "terraform" "app.kubernetes.io/version" = local.postgresql_version "app.kubernetes.io/name" = "postgresql" } } spec { replicas = 1 selector { match_labels = { "app.kubernetes.io/instance" = local.instance_name "app.kubernetes.io/name" = "postgresql" } } service_name = kubernetes_service.postgresql.metadata.0.name template { metadata { labels = { "app.kubernetes.io/instance" = local.instance_name "app.kubernetes.io/managed-by" = "terraform" "app.kubernetes.io/version" = local.postgresql_version "app.kubernetes.io/name" = "postgresql" } name = "${local.instance_name}-postgresql" } spec { automount_service_account_token = false container { name = "postgresql" image = "docker.io/library/postgres:${local.postgresql_version}-trixie" image_pull_policy = "IfNotPresent" env { name = "POSTGRES_DB" value = local.postgresql_dbname } env { name = "POSTGRES_USER" value = local.postgresql_user } env { name = "POSTGRES_PASSWORD" value_from { secret_key_ref { key = "password" name = kubernetes_secret.postgresql.metadata.0.name } } } port { container_port = 5432 protocol = "TCP" name = "tcp-postgresql" } volume_mount { name = "data" mount_path = "/var/lib/postgresql" } # volume_mount { # name = "data" # mount_path = "/var/lib/postgresql/data" # sub_path = "data" # } # resources { # limits = { # "cpu" = "1" # "memory" = "1Gi" # } # } liveness_probe { failure_threshold = 6 initial_delay_seconds = 30 period_seconds = 15 timeout_seconds = 10 exec { command = [ "/bin/sh", "-c", "exec pg_isready -U ${local.postgresql_user} -d 'dbname=${local.postgresql_dbname}' -h 127.0.0.1 -p 5432" ] } } } volume { name = "data" persistent_volume_claim { claim_name = module.postgres_persistance.pvc_name } } } } } } # image = { # tag = "12.20.0-debian-12-r26" # } # primary = { # persistence = { # enabled = true # existingClaim = module.postgres_persistance.pvc_name # claimName = module.postgres_persistance.pvc_name # } # podSecurityContext = { # enabled = true # } # volumePermissions = { # enabled = true # } # }