---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
  namespace: darkdork-dev
  labels:
    app: postgres
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: postgres
    spec:
      terminationGracePeriodSeconds: 30
      imagePullSecrets:
        - name: registry-credentials
      securityContext:
        fsGroup: 1000
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - postgres
              topologyKey: kubernetes.io/hostname
      containers:
        - name: postgres
          image: postgres:17-alpine
          imagePullPolicy: Always
          # securityContext:
          #   runAsUser: 1001
          #   runAsGroup: 1001
          #   allowPrivilegeEscalation: false
          volumeMounts:
            - name: postgres-data-statefulset
              mountPath: /var/lib/postgresql/data
              subPath: pgdata # Using subPath to avoid permission issues
            - name: postgres-init-volume
              mountPath: /docker-entrypoint-initdb.d
            - name: postgres-config-volume
              mountPath: /etc/postgresql/postgresql.conf
              subPath: postgresql.conf
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres
                  key: postgres-password
            - name: DB_PASS
              valueFrom:
                secretKeyRef:
                  name: postgres
                  key: postgres-password
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
            - name: POSTGRES_INITDB_ARGS
              value: "-c config_file=/etc/postgresql/postgresql.conf"
          resources:
            requests:
              memory: "256Mi"
              cpu: "100m"
            limits:
              memory: "8Gi"
              cpu: "3000m"
          livenessProbe:
            exec:
              command:
                - pg_isready
                - -U
                - postgres
                - -d
                - pleroma
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 6
          readinessProbe:
            exec:
              command:
                - pg_isready
                - -U
                - postgres
                - -d
                - pleroma
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 3
            failureThreshold: 3
          startupProbe:
            exec:
              command:
                - pg_isready
                - -U
                - postgres
                - -d
                - pleroma
            initialDelaySeconds: 15
            periodSeconds: 5
            timeoutSeconds: 3
            failureThreshold: 12
      volumes:
        - name: postgres-init-volume
          configMap:
            name: postgres-init
            defaultMode: 0755
        - name: postgres-config-volume
          configMap:
            name: postgres-config
  volumeClaimTemplates:
  - metadata:
      name: postgres-data-statefulset
    spec:
      accessModes: ["ReadWriteOnce"]
      storageClassName: longhorn-ssd
      resources:
        requests:
          storage: 10Gi