# PostgreSQL 16 — Ephemeral instance for integration tests # Namespace is substituted at runtime via envsubst # Migrations are loaded from a ConfigMap mounted into /docker-entrypoint-initdb.d/ # # Before applying this manifest, create the migrations ConfigMap: # kubectl create configmap postgres-migrations \ # --from-file=infra/migrations/ \ # -n ${NAMESPACE} --- apiVersion: apps/v1 kind: Deployment metadata: name: postgres namespace: ${NAMESPACE} labels: app: postgres tier: infra app.kubernetes.io/part-of: stonks-oracle spec: replicas: 1 selector: matchLabels: app: postgres template: metadata: labels: app: postgres tier: infra spec: automountServiceAccountToken: false securityContext: runAsNonRoot: true runAsUser: 999 runAsGroup: 999 fsGroup: 999 seccompProfile: type: RuntimeDefault containers: - name: postgres image: postgres:16-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 5432 protocol: TCP env: - name: POSTGRES_USER value: "stonks" - name: POSTGRES_PASSWORD value: "inttest" - name: POSTGRES_DB value: "stonks" - name: PGDATA value: "/var/lib/postgresql/data/pgdata" securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi readinessProbe: tcpSocket: port: 5432 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 6 livenessProbe: tcpSocket: port: 5432 initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 volumeMounts: - name: pgdata mountPath: /var/lib/postgresql/data - name: migrations mountPath: /docker-entrypoint-initdb.d readOnly: true volumes: - name: pgdata emptyDir: sizeLimit: 1Gi - name: migrations configMap: name: postgres-migrations --- apiVersion: v1 kind: Service metadata: name: postgres namespace: ${NAMESPACE} labels: app: postgres tier: infra app.kubernetes.io/part-of: stonks-oracle spec: selector: app: postgres ports: - port: 5432 targetPort: 5432 protocol: TCP