apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
  name: acid-test-cluster
#  labels:
#    application: test-app
#    environment: demo
#  annotations:
#    "acid.zalan.do/controller": "second-operator"
#    "delete-date": "2020-08-31"  # can only be deleted on that day if "delete-date "key is configured
#    "delete-clustername": "acid-test-cluster"  # can only be deleted when name matches if "delete-clustername" key is configured
spec:
  dockerImage: ghcr.io/zalando/spilo-17:4.0-p3
  teamId: "acid"
  numberOfInstances: 2
  users:  # Application/Robot users
    zalando:
    - superuser
    - createdb
    foo_user: []
#    flyway: []
#  usersIgnoringSecretRotation:
#  - bar_user
#  usersWithSecretRotation:
#  - foo_user
#  usersWithInPlaceSecretRotation:
#  - flyway
#  - bar_owner_user
  enableMasterLoadBalancer: false
  enableReplicaLoadBalancer: false
  enableConnectionPooler: false # enable/disable connection pooler deployment
  enableReplicaConnectionPooler: false # set to enable connectionPooler for replica service
  enableMasterPoolerLoadBalancer: false
  enableReplicaPoolerLoadBalancer: false
  allowedSourceRanges:  # load balancers' source ranges for both master and replica services
  - 127.0.0.1/32
  databases:
    foo: zalando
  preparedDatabases:
    bar:
      defaultUsers: true
      extensions:
        pg_partman: public
        pgcrypto: public
      schemas:
        data: {}
        history:
          defaultRoles: true
          defaultUsers: false
  postgresql:
    version: "17"
    parameters:  # Expert section
      shared_buffers: "32MB"
      max_connections: "10"
      log_statement: "all"
#  env:
#  - name: wal_s3_bucket
#    value: my-custom-bucket

  volume:
    size: 1Gi
#    storageClass: my-sc
#    iops: 1000  # for EBS gp3
#    throughput: 250  # in MB/s for EBS gp3
#    selector:
#      matchExpressions:
#        - { key: flavour, operator: In, values: [ "banana", "chocolate" ] }
#      matchLabels:
#        environment: dev
#        service: postgres
#     subPath: $(NODE_NAME)/$(POD_NAME)
#     isSubPathExpr: true
  additionalVolumes:
    - name: empty
      mountPath: /opt/empty
      targetContainers:
        - all
      volumeSource:
        emptyDir: {}
#    - name: data
#      mountPath: /home/postgres/pgdata/partitions
#      targetContainers:
#        - postgres
#      volumeSource:
#        PersistentVolumeClaim:
#          claimName: pvc-postgresql-data-partitions
#          readyOnly: false
#    - name: data
#      mountPath: /home/postgres/pgdata/partitions
#      subPath: $(NODE_NAME)/$(POD_NAME)
#      isSubPathExpr: true
#      targetContainers:
#        - postgres
#      volumeSource:
#        PersistentVolumeClaim:
#          claimName: pvc-postgresql-data-partitions
#          readyOnly: false
#    - name: conf
#      mountPath: /etc/telegraf
#      subPath: telegraf.conf
#      targetContainers:
#        - telegraf-sidecar
#      volumeSource:
#        configMap:
#          name: my-config-map

  enableShmVolume: true
#  spiloRunAsUser: 101
#  spiloRunAsGroup: 103
#  spiloFSGroup: 103
#  podAnnotations:
#    annotation.key: value
#  serviceAnnotations:
#    annotation.key: value
#  podPriorityClassName: "spilo-pod-priority"
#  tolerations:
#  - key: postgres
#    operator: Exists
#    effect: NoSchedule
  resources:
    requests:
      cpu: 10m
      memory: 100Mi
#      hugepages-2Mi: 128Mi
#      hugepages-1Gi: 1Gi
    limits:
      cpu: 500m
      memory: 500Mi
#      hugepages-2Mi: 128Mi
#      hugepages-1Gi: 1Gi
  patroni:
    failsafe_mode: false
    initdb:
      encoding: "UTF8"
      locale: "en_US.UTF-8"
      data-checksums: "true"
#    pg_hba:
#      - hostssl all all 0.0.0.0/0 md5
#      - host    all all 0.0.0.0/0 md5
#    slots:
#      permanent_physical_1:
#        type: physical
#      permanent_logical_1:
#        type: logical
#        database: foo
#        plugin: pgoutput
    ttl: 30
    loop_wait: 10
    retry_timeout: 10
    synchronous_mode: false
    synchronous_mode_strict: false
    synchronous_node_count: 1
    maximum_lag_on_failover: 33554432

# restore a Postgres DB with point-in-time-recovery
# with a non-empty timestamp, clone from an S3 bucket using the latest backup before the timestamp
# with an empty/absent timestamp, clone from an existing alive cluster using pg_basebackup
#  clone:
#    uid: "efd12e58-5786-11e8-b5a7-06148230260c"
#    cluster: "acid-minimal-cluster"
#    timestamp: "2017-12-19T12:40:33+01:00"  # timezone required (offset relative to UTC, see RFC 3339 section 5.6)
#    s3_wal_path: "s3://custom/path/to/bucket"

# run periodic backups with k8s cron jobs
#  enableLogicalBackup: true
#  logicalBackupRetention: "3 months"
#  logicalBackupSchedule: "30 00 * * *"

#  maintenanceWindows:
#  - 01:00-06:00  #UTC
#  - Sat:00:00-04:00

# overwrite custom properties for connection pooler deployments
#  connectionPooler:
#    numberOfInstances: 2
#    mode: "transaction"
#    schema: "pooler"
#    user: "pooler"
#    maxDBConnections: 60
#    resources:
#      requests:
#        cpu: 300m
#        memory: 100Mi
#      limits:
#        cpu: "1"
#        memory: 100Mi

  initContainers:
  - name: date
    image: busybox
    command: [ "/bin/date" ]
#  sidecars:
#   - name: "telegraf-sidecar"
#     image: "telegraf:latest"
#     ports:
#     - name: metrics
#       containerPort: 8094
#       protocol: TCP
#     resources:
#       limits:
#         cpu: 500m
#         memory: 500Mi
#       requests:
#         cpu: 100m
#         memory: 100Mi
#     env:
#       - name: "USEFUL_VAR"
#         value: "perhaps-true"

# Custom TLS certificate. Disabled unless tls.secretName has a value.
  tls:
    secretName: ""  # should correspond to a Kubernetes Secret resource to load
    certificateFile: "tls.crt"
    privateKeyFile: "tls.key"
    caFile: ""  # optionally configure Postgres with a CA certificate
    caSecretName: "" # optionally the ca.crt can come from this secret instead.
# file names can be also defined with absolute path, and will no longer be relative
# to the "/tls/" path where the secret is being mounted by default, and "/tlsca/"
# where the caSecret is mounted by default.
# When TLS is enabled, also set spiloFSGroup parameter above to the relevant value.
# if unknown, set it to 103 which is the usual value in the default spilo images.
# In Openshift, there is no need to set spiloFSGroup/spilo_fsgroup.

# Add node affinity support by allowing postgres pods to schedule only on nodes that
# have label: "postgres-operator:enabled" set.
#  nodeAffinity:
#    requiredDuringSchedulingIgnoredDuringExecution:
#      nodeSelectorTerms:
#        - matchExpressions:
#            - key: postgres-operator
#              operator: In
#              values:
#                - enabled

# Enables change data capture streams for defined database tables
#  streams:
#  - applicationId: test-app
#    database: foo
#    tables:
#      data.state_pending_outbox:
#        eventType: test-app.status-pending
#      data.state_approved_outbox:
#        eventType: test-app.status-approved
#      data.orders_outbox:
#        eventType: test-app.order-completed
#        idColumn: o_id
#        payloadColumn: o_payload
#    # Optional. Filter ignores events before a certain txnId and lsn. Can be used to skip bad events
#    filter:
#      data.orders_outbox: "[?(@.source.txId > 500 && @.source.lsn > 123456)]"
#    batchSize: 1000