# Postgres standalone pour ordinarthur-os. # Single-user, faible volume → 1 replica + PVC. Backup via backup.cronjob.yaml. # # Secrets attendus dans `ordinarthur-os-db-secrets` (cf. secrets.template.yaml) : # POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB # # `DATABASE_URL` consommé par l'API est injecté depuis `ordinarthur-os-secrets` # et doit pointer vers `postgres.ordinarthur-os.svc.cluster.local:5432/`. --- apiVersion: v1 kind: Service metadata: name: postgres namespace: ordinarthur-os spec: clusterIP: None selector: { app: postgres } ports: - name: postgres port: 5432 targetPort: 5432 --- apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres namespace: ordinarthur-os spec: serviceName: postgres replicas: 1 selector: { matchLabels: { app: postgres } } template: metadata: { labels: { app: postgres } } spec: containers: - name: postgres image: postgres:16-alpine ports: - containerPort: 5432 name: postgres envFrom: - secretRef: { name: ordinarthur-os-db-secrets } env: - { name: PGDATA, value: /var/lib/postgresql/data/pgdata } volumeMounts: - name: data mountPath: /var/lib/postgresql/data readinessProbe: exec: { command: ["pg_isready", "-U", "$(POSTGRES_USER)", "-d", "$(POSTGRES_DB)"] } initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: exec: { command: ["pg_isready", "-U", "$(POSTGRES_USER)", "-d", "$(POSTGRES_DB)"] } initialDelaySeconds: 30 periodSeconds: 30 resources: requests: { cpu: 50m, memory: 128Mi } limits: { cpu: 1000m, memory: 512Mi } volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: { storage: 5Gi } # storageClassName: à définir selon le cluster (local-path par défaut sur k3s)