terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" version = "2.13.1" } } } locals { port = 5432 app = "postgres" match_labels = { "app.kubernetes.io/name" = "postgres" "app.kubernetes.io/instance" = "postgres" } labels = merge(local.match_labels, var.labels) env = "postgres-env" } resource "kubernetes_stateful_set" "postgres" { metadata { name = var.stateful_set_name namespace = var.namespace labels = local.labels } spec { selector { match_labels = local.labels } service_name = local.app replicas = local.replicas template { metadata { labels = local.labels } spec { affinity { pod_affinity {} pod_anti_affinity { preferred_during_scheduling_ignored_during_execution { pod_affinity_term { label_selector { match_labels = local.match_labels } namespaces = [var.namespace] topology_key = "kubernetes.io/hostname" } weight = 1 } } node_affinity {} } security_context { fs_group = 1001 } container { image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}" name = var.container_name env_from { config_map_ref { name = kubernetes_config_map.postgres.metadata.0.name } } env { name = "POSTGRES_POSTGRES_PASSWORD" value_from { secret_key_ref { name = kubernetes_secret.postgres.metadata.0.name key = "postgres-postgres-password" } } } env { name = "POSTGRES_PASSWORD" value_from { secret_key_ref { name = kubernetes_secret.postgres.metadata.0.name key = "postgres-password" } } } port { name = "tcp-postgres" container_port = local.port } liveness_probe { exec { command = ["/bin/sh", "-c", "exec pg_isready -U ${var.postgres_user} -d \"dbname=${var.postgres_db}\" -h 127.0.0.1 -p ${local.port}"] } initial_delay_seconds = 30 period_seconds = 10 timeout_seconds = 5 success_threshold = 1 failure_threshold = 1 } readiness_probe { exec { command = [ "/bin/sh", "-c", "-e", <