--- # 创建 Namespace apiVersion: v1 kind: Namespace metadata: name: hty1024-db --- # 创建 StorageClass apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: storage-local-postgres labels: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: storageClass provisioner: kubernetes.io/no-provisioner reclaimPolicy: Retain volumeBindingMode: WaitForFirstConsumer --- # 创建 PersistentVolume apiVersion: v1 kind: PersistentVolume metadata: name: hty1024-db-postgres-pv labels: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: persistentVolume spec: capacity: storage: 20Gi volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: storage-local-postgres local: path: /app/postgres/data nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: node.k8s.hty1024.com/type operator: In values: - app --- # 创建 PersistentVolumeClaim apiVersion: v1 kind: PersistentVolumeClaim metadata: name: hty1024-db-postgres-pvc namespace: hty1024-db labels: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: persistentVolumeClaim spec: resources: requests: storage: 20Gi volumeMode: Filesystem accessModes: - ReadWriteOnce storageClassName: storage-local-postgres --- # 创建 Secret(自定义 PostgreSQL 用户密码) apiVersion: v1 kind: Secret metadata: name: hty1024-db-postgres-secret namespace: hty1024-db labels: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: secret type: Opaque stringData: postgres.key: | 123456 immutable: true --- # 创建 Service apiVersion: v1 kind: Service metadata: name: hty1024-db-postgres-service namespace: hty1024-db labels: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: service spec: type: ClusterIP ports: - port: 5432 targetPort: 5432 selector: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: pod --- # 创建 StatefulSet apiVersion: apps/v1 kind: StatefulSet metadata: name: hty1024-db-postgres-statefulset namespace: hty1024-db labels: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: statefulSet spec: replicas: 1 minReadySeconds: 30 selector: matchLabels: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: pod template: metadata: labels: app.k8s.hty1024.com/env: prod app.k8s.hty1024.com/type: db app.k8s.hty1024.com/name: postgres app.k8s.hty1024.com/version: 16.4-alpine3.20 app.k8s.hty1024.com/resources: pod spec: terminationGracePeriodSeconds: 60 volumes: - name: localtime hostPath: path: /etc/localtime - name: hty1024-db-postgres-data persistentVolumeClaim: claimName: hty1024-db-postgres-pvc - name: hty1024-db-postgres-pwd secret: secretName: hty1024-db-postgres-secret containers: - name: postgres image: postgres:16.4-alpine3.20 ports: - name: tcp containerPort: 5432 volumeMounts: - name: localtime mountPath: /etc/localtime readOnly: true - name: hty1024-db-postgres-data mountPath: /var/lib/postgres - name: hty1024-db-postgres-pwd mountPath: /tmp/secret-volume readOnly: true env: - name: POSTGRES_PASSWORD_FILE value: "/tmp/secret-volume/postgres.key" nodeSelector: node.k8s.hty1024.com/type: app