apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: {{ .Release.Name }}-postgresql-pvc
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "postgresql.labels" . | nindent 4 }}
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: {{ .Values.persistence.storageClass }}
  resources:
    requests:
      storage: {{ .Values.persistence.size | default "4Gi" }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ .Release.Name }}-postgresql
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "postgresql.labels" . | nindent 4 }}
spec:
  replicas: 1
  selector:
    matchLabels:
      {{- include "postgresql.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
      {{- include "postgresql.labels" . | nindent 8 }}
    spec:
      securityContext:
        fsGroup: 999
      initContainers:
        - name: fs-ownership
          image: {{ .Values.fsOwnership.image }}
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - '-c'
            - chown -R 999:999 /var/lib/postgresql/data
          resources: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              add:
                - CHOWN
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: false
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              name: {{ .Release.Name }}-postgresql-pv
              subPath: data
      containers:
        - name: postgresql
          securityContext:
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 999
          image: {{ .Values.image.repository | default "postgres" }}
          env:
            - name: POSTGRES_USER
              value: "siatel"
            - name: POSTGRES_PASSWORD
              value: "{{ .Values.siatel.password | default "siatel123" }}"
            - name: POSTGRES_DB
              value: {{ .Values.siatel.database | default "_default" }}
          ports:
            - name: pgs
              containerPort: 5432
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              name: {{ .Release.Name }}-postgresql-pv
              subPath: data
            - mountPath: /var/run/postgresql
              name: var-run-postgresql
            - mountPath: /tmp
              name: tmp
          {{- with .Values.volumeMounts }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
        - name: {{ .Release.Name }}-postgresql-pv
          persistentVolumeClaim:
            claimName: {{ .Release.Name }}-postgresql-pvc
        - name: tmp
          emptyDir: {}
        - name: var-run-postgresql
          emptyDir: {}
      {{- with .Values.volumes }}
        {{- toYaml . | nindent 8 }}
      {{- end }}
  serviceName: {{ .Release.Name }}-postgresql