🚀 How to Deploy PostgreSQL in Kubernetes (Like a Pro, but for Kids!)

👋 Hey there, young coder! Today, we’re going to deploy PostgreSQL inside Kubernetes just like building a LEGO tower! 🏗️ But wait—this isn’t just any setup. We’re making it super strong with magical treasure chests (persistent storage), secret vaults (security), enchanted scrolls (configurations)! 🚀

I remember the first time I tried to deploy PostgreSQL in Kubernetes… It was a total disaster! 😅 My database disappeared twice before I realized I forgot to set up the treasure chest. But don’t worry, you won’t make the same mistakes—because we’re doing this the right way from the start! 🎉

1. We Need a Safe Storage Box! (Persistent Volume Claim) 🔒

Kubernetes likes to clean up things when it restarts. But we don’t want PostgreSQL to be one of those things! That’s why we need a magical treasure chest that keeps everything safe! 🎁

📜 Create a file called postgres-pvc.yaml:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

🔑 What’s Happening Here?

🏷️ PersistentVolumeClaim (PVC) – Think of this as a treasure chest where PostgreSQL stores all its magical data.
🔄 ReadWriteOnce – Only one wizard (pod) can write to this chest at a time (but many can read!).
📦 10Gi of Storage – That’s 10GB of space to keep all your precious treasures safe.

Apply the magic spell:

kubectl apply -f postgres-pvc.yaml

✅ Now, PostgreSQL has a special treasure chest for its data! 🏴‍☠️

2. Building a Magical Shield (Network Policy) 🛡️

We don’t want bad wizards (hackers) sneaking into our treasure chest! Let’s create a magical shield to protect it.

📜 Create a file called postgres-network-policy.yaml:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: postgres-network-policy
spec:
  podSelector:
    matchLabels:
      app: postgres
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: my-app
    ports:
    - protocol: TCP
      port: 5432

🔑 What’s Happening Here?

🚪 NetworkPolicy – This is our magical shield that keeps out bad wizards! 🛡️
🔍 PodSelector – Only friendly creatures (like your app) can talk to PostgreSQL.
🔒 Port 5432 – Think of this as the door PostgreSQL listens through. Only trusted friends get the key!

Apply the shield:

kubectl apply -f postgres-network-policy.yaml

✅ PostgreSQL is now protected like a fortress! 🏰

3. Setting Up the Magic Scroll (ConfigMap) 📜

We need a scroll to tell PostgreSQL its secrets—like which spells (settings) to use.

📜 Create a file called postgres-configmap.yaml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: postgres-config
data:
  POSTGRES_DB: "mydatabase"
  POSTGRES_USER: "admin"

🔑 What’s Happening Here?

📜 ConfigMap – Think of this as a magical scroll that holds PostgreSQL’s important instructions.
🗂️ POSTGRES_DB & POSTGRES_USER – These are PostgreSQL’s magic words—like its username and the name of the database.
Apply the spell:

kubectl apply -f postgres-configmap.yaml

✅ PostgreSQL now knows which magic spells to use! ✨

4. Locking Secrets in a Vault (Secret) 🔐

We don’t want anyone to see our super-secret passwords. Let’s lock them in a vault!

📜 Create a file called postgres-secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: postgres-secret
type: Opaque
data:
  POSTGRES_PASSWORD: c3VwZXJzZWN1cmVwYXNzd29yZA==  # This is "supersecurepassword" encoded in Base64

🔑 What’s Happening Here?

🔐 Secret – This is like hiding your password in a vault with a magic lock.
🔑 POSTGRES_PASSWORD – The password is encoded (disguised) so no sneaky goblins can read it easily.
Lock the vault:

kubectl apply -f postgres-secret.yaml

✅ Our password is now safe and sound! 🔒

5. Building the Magic Tower (StatefulSet) 🏰

PostgreSQL needs a magical tower to live in. That’s where the StatefulSet comes in!

📜 Create a file called postgres-statefulset.yaml:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
spec:
  serviceName: "postgres"
  replicas: 1
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
      - name: postgres
        image: postgres:15
        ports:
        - containerPort: 5432
        envFrom:
        - configMapRef:
            name: postgres-config
        - secretRef:
            name: postgres-secret
        volumeMounts:
        - name: postgres-storage
          mountPath: /var/lib/postgresql/data
  volumeClaimTemplates:
  - metadata:
      name: postgres-storage
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 10Gi

🔑 What’s Happening Here?

🏰 StatefulSet – This is like building a magical tower that remembers PostgreSQL’s secrets even if it falls down.
🗂️ ConfigMap & Secret – PostgreSQL reads the magic scrolls and vaults to get its settings.
💾 VolumeClaimTemplates – This is PostgreSQL’s storage room where it keeps all its important scrolls.
Build the tower:

kubectl apply -f postgres-statefulset.yaml

✅ PostgreSQL’s magical tower is now standing tall! 🏰

6. Giving PostgreSQL a Door (Service) 🚪

How will our apps talk to PostgreSQL? They need a doorway!

📜 Create a file called postgres-service.yaml:

apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  selector:
    app: postgres
  ports:
    - protocol: TCP
      port: 5432
      targetPort: 5432
  type: ClusterIP

🔑 What’s Happening Here?

🚪 Service – This is like adding a door to PostgreSQL’s tower so other apps can visit.
🗝️ Port 5432 – This is the magic keyhole where apps can knock to get PostgreSQL’s attention.
Open the door:

kubectl apply -f postgres-service.yaml

✅ PostgreSQL is ready to welcome visitors (apps)! 🚪