apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgis
spec:
  selector:
    matchLabels:
      app: postgis
  serviceName: postgis
  replicas: 1
  template:
    metadata:
      labels:
        app: postgis
    spec:
      containers:
        - name: postgis
          image: postgis/postgis:17-3.4
          ports:
            - containerPort: 5432
              name: postgres
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql
          env:
            - name: POSTGRES_USER
              value: mobilizon
            - name: POSTGRES_DB
              value: mobilizon
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgis-password
                  key: password
  volumeClaimTemplates:
    - metadata:
        name: data
      spec:
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
  name: postgis
spec:
  selector:
    app: postgis
  ports:
    - port: 5432
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: postgis-password
spec:
  target:
    name: postgis-password
  dataFrom:
    - sourceRef:
        generatorRef:
          apiVersion: generators.external-secrets.io/v1alpha1
          kind: ClusterGenerator
          name: password