--- # PostgreSQL Deployment for SecretumVault dynamic secrets storage apiVersion: v1 kind: PersistentVolumeClaim metadata: name: vault-postgresql-pvc namespace: secretumvault spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: vault-postgresql namespace: secretumvault labels: app: vault-postgresql spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: vault-postgresql template: metadata: labels: app: vault-postgresql spec: containers: - name: postgresql image: postgres:15-alpine imagePullPolicy: IfNotPresent ports: - name: postgres containerPort: 5432 protocol: TCP env: - name: POSTGRES_DB value: "secretumvault" - name: POSTGRES_USER value: "vault" - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: vault-postgresql-secret key: password - name: PGDATA value: /var/lib/postgresql/data/pgdata volumeMounts: - name: data mountPath: /var/lib/postgresql/data livenessProbe: exec: command: - /bin/sh - -c - pg_isready -U vault -d secretumvault initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: exec: command: - /bin/sh - -c - pg_isready -U vault -d secretumvault initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "250m" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL volumes: - name: data persistentVolumeClaim: claimName: vault-postgresql-pvc terminationGracePeriodSeconds: 30 --- # PostgreSQL Service apiVersion: v1 kind: Service metadata: name: vault-postgresql namespace: secretumvault labels: app: vault-postgresql spec: type: ClusterIP selector: app: vault-postgresql ports: - name: postgres port: 5432 targetPort: postgres protocol: TCP --- # Secret for PostgreSQL authentication apiVersion: v1 kind: Secret metadata: name: vault-postgresql-secret namespace: secretumvault type: Opaque stringData: password: "change-me-in-production"