# kubernetes/postgres.yaml apiVersion: v1 kind: Service metadata: name: postgres namespace: default spec: ports: - port: 5432 selector: app: postgres --- apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres namespace: default spec: selector: matchLabels: app: postgres serviceName: "postgres" replicas: 1 template: metadata: labels: app: postgres spec: securityContext: # Run as standard Postgres user (UID 999) fsGroup: 999 runAsNonRoot: true runAsUser: 999 containers: - name: postgres image: postgres:15-alpine securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL env: - name: POSTGRES_USER valueFrom: secretKeyRef: name: rallly-secrets key: POSTGRES_USER - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: rallly-secrets key: POSTGRES_PASSWORD - name: POSTGRES_DB value: rallly ports: - containerPort: 5432 name: postgres # Health Probes livenessProbe: exec: command: - /bin/sh - -c - pg_isready -U rallly initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: exec: command: - /bin/sh - -c - pg_isready -U rallly initialDelaySeconds: 10 periodSeconds: 5 volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data resources: limits: cpu: "2" memory: 2Gi requests: cpu: 500m memory: 1Gi volumeClaimTemplates: - metadata: name: postgres-data spec: accessModes: ["ReadWriteOnce"] resources: requests: # Note: Adjust storage size based on your data retention needs. storage: 1Gi