patroni_k8s.yaml

---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: &cluster_name patronidemo
  labels:
    application: patroni
    cluster-name: *cluster_name
spec:
  replicas: 2
  serviceName: *cluster_name
  selector:
    matchLabels:
      application: patroni
      cluster-name: *cluster_name
  template:
    metadata:
      namespace: default
      labels:
        application: patroni
        cluster-name: *cluster_name
    spec:
      serviceAccountName: patronidemo
      initContainers:
      - name: init-permission
        image: busybox
        command: 
        - chown
        - "-R"
        - "999:999"
        - "/home/postgres"
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - name: pgdata
          mountPath: "/home/postgres"
      containers:
      - name: *cluster_name
        image: patroni  # docker build -t patroni .
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8008
          protocol: TCP
        - containerPort: 5432
          protocol: TCP
        volumeMounts:
        - mountPath: /home/postgres/pgdata
          name: pgdata
        env:
        - name: PATRONI_KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: PATRONI_KUBERNETES_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        #- name: PATRONI_KUBERNETES_USE_ENDPOINTS
        #  value: 'true'
        - name: PATRONI_KUBERNETES_LABELS
          value: '{application: patroni, cluster-name: patronidemo}'
        - name: PATRONI_SUPERUSER_USERNAME
          value: postgres
        - name: PATRONI_SUPERUSER_PASSWORD
          valueFrom:
            secretKeyRef:
              name: *cluster_name
              key: superuser-password
        - name: PATRONI_REPLICATION_USERNAME
          value: standby
        - name: PATRONI_REPLICATION_PASSWORD
          valueFrom:
            secretKeyRef:
              name: *cluster_name
              key: replication-password
        - name: PATRONI_SCOPE
          value: *cluster_name
        - name: PATRONI_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: PATRONI_POSTGRESQL_DATA_DIR
          value: /home/postgres/pgdata/pgroot/data
        - name: PATRONI_POSTGRESQL_PGPASS
          value: /tmp/pgpass
        - name: PATRONI_POSTGRESQL_LISTEN
          value: '0.0.0.0:5432'
        - name: PATRONI_RESTAPI_LISTEN
          value: '0.0.0.0:8008'
      terminationGracePeriodSeconds: 0
  volumeClaimTemplates:
  - metadata:
      labels:
        application: patroni
        cluster-name: *cluster_name
      name: pgdata
    spec:
      storageClassName: manual
      accessModes:
      - ReadWriteOnce
      selector:
        matchLabels:
          app: patroni
      resources:
        requests:
          storage: 1Gi
---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: patroni-pv-1
  labels:
    type: local
    app: patroni
spec:
  storageClassName: manual
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/patroni-1"

---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: patroni-pv-2
  labels:
    type: local
    app: patroni
spec:
  storageClassName: manual
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/patroni-2"
#---
#apiVersion: v1
#kind: Endpoints
#metadata:
#  name: &cluster_name patronidemo
#  labels:
#    application: patroni
#    cluster-name: *cluster_name
#subsets: []

---
apiVersion: v1
kind: Service
metadata:
  name: &cluster_name patronidemo
  labels:
    application: patroni
    cluster-name: *cluster_name
spec:
  selector:
    application: patroni
    cluster-name: *cluster_name
  type: ClusterIP
  ports:
  - port: 5432
    targetPort: 5432
  clusterIP: None

---
apiVersion: v1
kind: Secret
metadata:
  name: &cluster_name patronidemo
  labels:
    application: patroni
    cluster-name: *cluster_name
type: Opaque
data:
  superuser-password: cG9zdGdyZXM=
  replication-password: cG9zdGdyZXM=

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: patronidemo

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: patronidemo
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - create
  - get
  - list
  - patch
  - update
  - watch
  # delete is required only for 'patronictl remove'
  - delete
- apiGroups:
  - ""
  resources:
  - endpoints
  verbs:
  - get
  - patch
  - update
  # the following three privileges are necessary only when using endpoints
  - create
  - list
  - watch
  # delete is required only for for 'patronictl remove'
  - delete
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  - list
  - patch
  - update
  - watch
# The following privilege is only necessary for creation of headless service
# for patronidemo-config endpoint, in order to prevent cleaning it up by the
# k8s master. You can avoid giving this privilege by explicitly creating the
# service like it is done in this manifest (lines 2..10)
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - create

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: patronidemo
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: patronidemo
subjects:
- kind: ServiceAccount
  name: patronidemo