--- # Source: postgresql/templates/primary/networkpolicy.yaml kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: coder-db-postgresql namespace: "coder" labels: app.kubernetes.io/instance: coder-db app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 helm.sh/chart: postgresql-16.7.4 app.kubernetes.io/component: primary spec: podSelector: matchLabels: app.kubernetes.io/instance: coder-db app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary policyTypes: - Ingress - Egress egress: - {} ingress: - ports: - port: 5432 --- # Source: postgresql/templates/primary/pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: coder-db-postgresql namespace: "coder" labels: app.kubernetes.io/instance: coder-db app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 helm.sh/chart: postgresql-16.7.4 app.kubernetes.io/component: primary spec: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/instance: coder-db app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary --- # Source: postgresql/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: coder-db-postgresql namespace: "coder" labels: app.kubernetes.io/instance: coder-db app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 helm.sh/chart: postgresql-16.7.4 automountServiceAccountToken: false --- # Source: postgresql/templates/secrets.yaml apiVersion: v1 kind: Secret metadata: name: coder-db-postgresql namespace: "coder" labels: app.kubernetes.io/instance: coder-db app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 helm.sh/chart: postgresql-16.7.4 type: Opaque data: postgres-password: "bGpmalNLbjJaQw==" password: "Y29kZXI=" # We don't auto-generate LDAP password when it's not provided as we do for other passwords --- # Source: postgresql/templates/primary/svc-headless.yaml apiVersion: v1 kind: Service metadata: name: coder-db-postgresql-hl namespace: "coder" labels: app.kubernetes.io/instance: coder-db app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 helm.sh/chart: postgresql-16.7.4 app.kubernetes.io/component: primary annotations: spec: type: ClusterIP clusterIP: None # We want all pods in the StatefulSet to have their addresses published for # the sake of the other Postgresql pods even before they're ready, since they # have to be able to talk to each other in order to become ready. publishNotReadyAddresses: true ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql selector: app.kubernetes.io/instance: coder-db app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary --- # Source: postgresql/templates/primary/svc.yaml apiVersion: v1 kind: Service metadata: name: coder-db-postgresql namespace: "coder" labels: app.kubernetes.io/instance: coder-db app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 helm.sh/chart: postgresql-16.7.4 app.kubernetes.io/component: primary spec: type: ClusterIP sessionAffinity: None ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql nodePort: null selector: app.kubernetes.io/instance: coder-db app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary --- # Source: postgresql/templates/primary/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: coder-db-postgresql namespace: "coder" labels: app.kubernetes.io/instance: coder-db app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 helm.sh/chart: postgresql-16.7.4 app.kubernetes.io/component: primary spec: replicas: 1 serviceName: coder-db-postgresql-hl updateStrategy: rollingUpdate: {} type: RollingUpdate selector: matchLabels: app.kubernetes.io/instance: coder-db app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary template: metadata: name: coder-db-postgresql labels: app.kubernetes.io/instance: coder-db app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 helm.sh/chart: postgresql-16.7.4 app.kubernetes.io/component: primary spec: serviceAccountName: coder-db-postgresql automountServiceAccountToken: false affinity: podAffinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: coder-db app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary topologyKey: kubernetes.io/hostname weight: 1 nodeAffinity: securityContext: fsGroup: 1001 fsGroupChangePolicy: Always supplementalGroups: [] sysctls: [] hostNetwork: false hostIPC: false containers: - name: postgresql image: docker.io/bitnami/postgresql:17.5.0-debian-12-r3 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seLinuxOptions: {} seccompProfile: type: RuntimeDefault env: - name: BITNAMI_DEBUG value: "false" - name: POSTGRESQL_PORT_NUMBER value: "5432" - name: POSTGRESQL_VOLUME_DIR value: "/bitnami/postgresql" - name: PGDATA value: "/bitnami/postgresql/data" # Authentication - name: POSTGRES_USER value: "coder" - name: POSTGRES_PASSWORD_FILE value: /opt/bitnami/postgresql/secrets/password - name: POSTGRES_POSTGRES_PASSWORD_FILE value: /opt/bitnami/postgresql/secrets/postgres-password - name: POSTGRES_DATABASE value: "coder" # LDAP - name: POSTGRESQL_ENABLE_LDAP value: "no" # TLS - name: POSTGRESQL_ENABLE_TLS value: "no" # Audit - name: POSTGRESQL_LOG_HOSTNAME value: "false" - name: POSTGRESQL_LOG_CONNECTIONS value: "false" - name: POSTGRESQL_LOG_DISCONNECTIONS value: "false" - name: POSTGRESQL_PGAUDIT_LOG_CATALOG value: "off" # Others - name: POSTGRESQL_CLIENT_MIN_MESSAGES value: "error" - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES value: "pgaudit" ports: - name: tcp-postgresql containerPort: 5432 livenessProbe: failureThreshold: 6 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 exec: command: - /bin/sh - -c - exec pg_isready -U "coder" -d "dbname=coder" -h 127.0.0.1 -p 5432 readinessProbe: failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 exec: command: - /bin/sh - -c - -e - | exec pg_isready -U "coder" -d "dbname=coder" -h 127.0.0.1 -p 5432 [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] resources: limits: cpu: 150m ephemeral-storage: 2Gi memory: 192Mi requests: cpu: 100m ephemeral-storage: 50Mi memory: 128Mi volumeMounts: - name: empty-dir mountPath: /tmp subPath: tmp-dir - name: empty-dir mountPath: /opt/bitnami/postgresql/conf subPath: app-conf-dir - name: empty-dir mountPath: /opt/bitnami/postgresql/tmp subPath: app-tmp-dir - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ - name: dshm mountPath: /dev/shm - name: data mountPath: /bitnami/postgresql volumes: - name: empty-dir emptyDir: {} - name: postgresql-password secret: secretName: coder-db-postgresql - name: dshm emptyDir: medium: Memory volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi" --- apiVersion: v1 data: url: cG9zdGdyZXM6Ly9jb2Rlcjpjb2RlckBjb2Rlci1kYi1wb3N0Z3Jlc3FsLmNvZGVyLnN2Yy5jbHVzdGVyLmxvY2FsOjU0MzIvY29kZXI/c3NsbW9kZT1kaXNhYmxl kind: Secret metadata: name: coder-db-url namespace: coder type: Opaque