apiVersion: apps/v1
kind: Deployment
metadata:
  name: hedgedoc-db
  namespace: hedgedoc
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hedgedoc-db
  template:
    metadata:
      labels:
        app: hedgedoc-db
    spec:
      containers:
        - name: postgresql
          image: bitnami/postgresql:15
          envFrom:
            - configMapRef:
                name: postgresql-config
          env:
            - name: POSTGRESQL_USERNAME
              valueFrom:
                secretKeyRef:
                  name: hedgedoc-secret
                  key: POSTGRESQL_USERNAME
            - name: POSTGRESQL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: hedgedoc-secret
                  key: POSTGRESQL_PASSWORD
            - name: POSTGRESQL_DATABASE
              valueFrom:
                secretKeyRef:
                  name: hedgedoc-secret
                  key: POSTGRESQL_DATABASE
          volumeMounts:
            - name: db-data
              mountPath: /bitnami/postgresql
      volumes:
        - name: db-data
          persistentVolumeClaim:
            claimName: hedgedoc-db-pvc
      securityContext:
        runAsUser: 999 # Ensure the container runs as the 'postgres' user (UID 999)
        fsGroup: 999 # Ensure the filesystem group is 'postgres' (GID 999)