apiVersion: v1
kind: PersistentVolume
metadata:
  name: postgres
spec:
  accessModes:
    - ReadWriteOnce
  capacity:
    storage: 2Gi
  hostPath:
    path: /data/postgres
  storageClassName: standard
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  volumeName: postgres
---
apiVersion: v1
kind: Secret
metadata:
  name: postgres
type: Opaque
data:
  POSTGRES_USER: cG9zdGdyZXM=     # printf postgres | base64
  POSTGRES_PASSWORD: cGFzc3dvcmQ= # printf password | base64
---
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
  name: postgres
  labels:
    app: postgres
    role: service
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres
      role: service
  serviceName: postgres
  template:
    metadata:
      labels:
        app: postgres
        role: service
    spec:
      containers:
        - name: postgres
          image: postgres:9.6
          env:
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  key: POSTGRES_USER
                  name: postgres
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: POSTGRES_PASSWORD
                  name: postgres
          ports:
            - containerPort: 5432
              name: postgres
              protocol: TCP
          volumeMounts:
            - name: postgres
              mountPath: /var/lib/postgresql/data
      volumes:
        - name: postgres
          persistentVolumeClaim:
            claimName: postgres
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
  labels:
    app: postgres
    role: service
spec:
  selector:
    app: postgres
    role: service
  type: NodePort
  ports:
    - name: postgres
      port: 5432
      targetPort: 5432
      protocol: TCP