postgres-operator/manifests/complete-postgres-manifest.yaml

apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
  name: acid-test-cluster
#  labels:
#    environment: demo
#  annotations:
#    "acid.zalan.do/controller": "second-operator"
#    "delete-date": "2020-08-31"  # can only be deleted on that day if "delete-date "key is configured
#    "delete-clustername": "acid-test-cluster"  # can only be deleted when name matches if "delete-clustername" key is configured
spec:
  dockerImage: registry.opensource.zalan.do/acid/spilo-12:1.6-p3
  teamId: "acid"
  numberOfInstances: 2
  users:  # Application/Robot users
    zalando:
    - superuser
    - createdb
  enableMasterLoadBalancer: false
  enableReplicaLoadBalancer: false
#  enableConnectionPooler: true  # not needed when connectionPooler section is present (see below)
  allowedSourceRanges:  # load balancers' source ranges for both master and replica services
  - 127.0.0.1/32
  databases:
    foo: zalando
  preparedDatabases:
    bar:
      defaultUsers: true
      extensions:
        pg_partman: public
        pgcrypto: public
      schemas:
        data: {}
        history:
          defaultRoles: true
          defaultUsers: false
  postgresql:
    version: "12"
    parameters:  # Expert section
      shared_buffers: "32MB"
      max_connections: "10"
      log_statement: "all"
  volume:
    size: 1Gi
#    storageClass: my-sc
  additionalVolumes:
    - name: empty
      mountPath: /opt/empty
      targetContainers:
        - all
      volumeSource:
        emptyDir: {}
#    - name: data
#      mountPath: /home/postgres/pgdata/partitions
#      targetContainers:
#        - postgres
#      volumeSource:
#        PersistentVolumeClaim:
#          claimName: pvc-postgresql-data-partitions
#          readyOnly: false
#    - name: conf
#      mountPath: /etc/telegraf
#      subPath: telegraf.conf
#      targetContainers:
#        - telegraf-sidecar
#      volumeSource:
#        configMap:
#          name: my-config-map

  enableShmVolume: true
#  spiloRunAsUser: 101
#  spiloRunAsGroup: 103
#  spiloFSGroup: 103
#  podAnnotations:
#    annotation.key: value
#  serviceAnnotations:
#    annotation.key: value
#  podPriorityClassName: "spilo-pod-priority"
#  tolerations:
#  - key: postgres
#    operator: Exists
#    effect: NoSchedule
  resources:
    requests:
      cpu: 10m
      memory: 100Mi
    limits:
      cpu: 500m
      memory: 500Mi
  patroni:
    initdb:
      encoding: "UTF8"
      locale: "en_US.UTF-8"
      data-checksums: "true"
    pg_hba:
    - hostssl all all 0.0.0.0/0 md5
    - host    all all 0.0.0.0/0 md5
#    slots:
#      permanent_physical_1:
#        type: physical
#      permanent_logical_1:
#        type: logical
#        database: foo
#        plugin: pgoutput
    ttl: 30
    loop_wait: &loop_wait 10
    retry_timeout: 10
    synchronous_mode: false
    synchronous_mode_strict: false
    maximum_lag_on_failover: 33554432

# restore a Postgres DB with point-in-time-recovery
# with a non-empty timestamp, clone from an S3 bucket using the latest backup before the timestamp
# with an empty/absent timestamp, clone from an existing alive cluster using pg_basebackup
#  clone:
#    uid: "efd12e58-5786-11e8-b5a7-06148230260c"
#    cluster: "acid-batman"
#    timestamp: "2017-12-19T12:40:33+01:00"  # timezone required (offset relative to UTC, see RFC 3339 section 5.6)
#    s3_wal_path: "s3://custom/path/to/bucket"

# run periodic backups with k8s cron jobs
#  enableLogicalBackup: true
#  logicalBackupSchedule: "30 00 * * *"

#  maintenanceWindows:
#  - 01:00-06:00  #UTC
#  - Sat:00:00-04:00

  connectionPooler:
    numberOfInstances: 2
    mode: "transaction"
    schema: "pooler"
    user: "pooler"
    resources:
      requests:
        cpu: 300m
        memory: 100Mi
      limits:
        cpu: "1"
        memory: 100Mi

  initContainers:
  - name: date
    image: busybox
    command: [ "/bin/date" ]
#  sidecars:
#    - name: "telegraf-sidecar"
#      image: "telegraf:latest"
#      resources:
#        limits:
#          cpu: 500m
#          memory: 500Mi
#        requests:
#          cpu: 100m
#          memory: 100Mi
#      env:
#        - name: "USEFUL_VAR"
#          value: "perhaps-true"

# Custom TLS certificate. Disabled unless tls.secretName has a value.
  tls:
    secretName: ""  # should correspond to a Kubernetes Secret resource to load
    certificateFile: "tls.crt"
    privateKeyFile: "tls.key"
    caFile: ""  # optionally configure Postgres with a CA certificate
    caSecretName: "" # optionally the ca.crt can come from this secret instead.
# file names can be also defined with absolute path, and will no longer be relative
# to the "/tls/" path where the secret is being mounted by default, and "/tlsca/"
# where the caSecret is mounted by default.
# When TLS is enabled, also set spiloFSGroup parameter above to the relevant value.
# if unknown, set it to 103 which is the usual value in the default spilo images.
# In Openshift, there is no need to set spiloFSGroup/spilo_fsgroup.