# =============================================================================
# Deployment - PostgreSQL (Container Factory)
# =============================================================================
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgresql
  labels:
    app: postgresql
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/component: database
spec:
  replicas: 1
  strategy:
    type: Recreate  # PostgreSQL não suporta rolling update
  selector:
    matchLabels:
      app: postgresql
  template:
    metadata:
      labels:
        app: postgresql
    spec:
      terminationGracePeriodSeconds: 30
      imagePullSecrets:
        - name: gitea-registry

      securityContext:
        runAsNonRoot: true
        runAsUser: 70       # postgres user no Alpine
        fsGroup: 70
        seccompProfile:
          type: RuntimeDefault

      containers:
        - name: postgresql
          # Imagem da Container Factory (eStargz)
          # Substitua GITEA_HOST pelo hostname do seu Gitea (ex: gitea.kube.quest)
          image: GITEA_HOST_PLACEHOLDER/factory/postgresql:17
          imagePullPolicy: IfNotPresent

          ports:
            - containerPort: 5432
              name: postgresql
              protocol: TCP

          env:
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: postgresql-secret
                  key: username
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgresql-secret
                  key: password
            - name: POSTGRES_DB
              valueFrom:
                configMapKeyRef:
                  name: postgresql-config
                  key: database
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata

          resources:
            requests:
              memory: "512Mi"
              cpu: "100m"
            limits:
              memory: "1Gi"
              cpu: "500m"

          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data

          # Liveness: reinicia se PostgreSQL travar
          livenessProbe:
            exec:
              command:
                - /bin/sh
                - -c
                - pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 6

          # Readiness: remove do service se não estiver pronto
          readinessProbe:
            exec:
              command:
                - /bin/sh
                - -c
                - pg_isready -U $POSTGRES_USER -d $POSTGRES_DB
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 3
            failureThreshold: 3

          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: false
            capabilities:
              drop:
                - ALL

      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: postgresql-data