From bb75b3237c3638e3b5b9a20fbe99c38277108bbd Mon Sep 17 00:00:00 2001
From: Flea Flicker <flea-flicker@paperclip.ing>
Date: Fri, 27 Mar 2026 17:57:57 +0000
Subject: [PATCH] chore: remove Bitnami dependency and add native PostgreSQL
 StatefulSet

Replaces Bitnami postgresql subchart with native StatefulSet + Service
using official postgres:16 image. Updates values.yaml schema, adds
postgresql-statefulset.yaml, postgresql-service.yaml, and fixes
db-credentials-secret.yaml to use shared password variable.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 charts/groombook/Chart.yaml                   |  5 --
 charts/groombook/templates/_helpers.tpl       |  2 +-
 .../templates/db-credentials-secret.yaml      |  6 +-
 .../templates/postgresql-service.yaml         | 19 +++++
 .../templates/postgresql-statefulset.yaml     | 72 +++++++++++++++++++
 charts/groombook/values.yaml                  | 10 +--
 6 files changed, 101 insertions(+), 13 deletions(-)
 create mode 100644 charts/groombook/templates/postgresql-service.yaml
 create mode 100644 charts/groombook/templates/postgresql-statefulset.yaml

diff --git a/charts/groombook/Chart.yaml b/charts/groombook/Chart.yaml
index 8a57063..131b413 100644
--- a/charts/groombook/Chart.yaml
+++ b/charts/groombook/Chart.yaml
@@ -15,8 +15,3 @@ keywords:
   - pet-grooming
   - scheduling
   - crm
-dependencies:
-  - name: postgresql
-    version: "16.x.x"
-    repository: https://charts.bitnami.com/bitnami
-    condition: postgresql.integrated.enabled
diff --git a/charts/groombook/templates/_helpers.tpl b/charts/groombook/templates/_helpers.tpl
index e900656..9c97648 100644
--- a/charts/groombook/templates/_helpers.tpl
+++ b/charts/groombook/templates/_helpers.tpl
@@ -98,7 +98,7 @@ Migrate image reference
 
 {{/*
 Database URL — differs by postgresql.mode
-Integrated: construct from Bitnami subchart values
+Integrated: construct from chart-managed PostgreSQL credentials
 Operator: read from credentialsSecret
 */}}
 {{- define "groombook.databaseSecretName" -}}
diff --git a/charts/groombook/templates/db-credentials-secret.yaml b/charts/groombook/templates/db-credentials-secret.yaml
index bb35344..6ef46d5 100644
--- a/charts/groombook/templates/db-credentials-secret.yaml
+++ b/charts/groombook/templates/db-credentials-secret.yaml
@@ -1,4 +1,5 @@
 {{- if eq .Values.postgresql.mode "integrated" }}
+{{- $password := default (randAlphaNum 16) .Values.postgresql.integrated.auth.password }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,5 +8,6 @@ metadata:
     {{- include "groombook.labels" . | nindent 4 }}
 type: Opaque
 stringData:
-  database-url: {{ printf "postgres://%s:%s@%s-postgresql:5432/%s" .Values.postgresql.integrated.auth.username (default (randAlphaNum 16) .Values.postgresql.integrated.auth.password) (include "groombook.fullname" .) .Values.postgresql.integrated.auth.database | quote }}
-{{- end }}
\ No newline at end of file
+  postgresql-password: {{ $password | quote }}
+  database-url: {{ printf "postgres://%s:%s@%s-postgresql:5432/%s" .Values.postgresql.integrated.auth.username $password (include "groombook.fullname" .) .Values.postgresql.integrated.auth.database | quote }}
+{{- end }}
diff --git a/charts/groombook/templates/postgresql-service.yaml b/charts/groombook/templates/postgresql-service.yaml
new file mode 100644
index 0000000..524831b
--- /dev/null
+++ b/charts/groombook/templates/postgresql-service.yaml
@@ -0,0 +1,19 @@
+{{- if eq .Values.postgresql.mode "integrated" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "groombook.fullname" . }}-postgresql
+  labels:
+    {{- include "groombook.labels" . | nindent 4 }}
+    app.kubernetes.io/component: postgresql
+spec:
+  type: ClusterIP
+  selector:
+    {{- include "groombook.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: postgresql
+  ports:
+    - port: 5432
+      targetPort: 5432
+      protocol: TCP
+      name: postgresql
+{{- end }}
diff --git a/charts/groombook/templates/postgresql-statefulset.yaml b/charts/groombook/templates/postgresql-statefulset.yaml
new file mode 100644
index 0000000..090680b
--- /dev/null
+++ b/charts/groombook/templates/postgresql-statefulset.yaml
@@ -0,0 +1,72 @@
+{{- if eq .Values.postgresql.mode "integrated" }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "groombook.fullname" . }}-postgresql
+  labels:
+    {{- include "groombook.labels" . | nindent 4 }}
+    app.kubernetes.io/component: postgresql
+spec:
+  serviceName: {{ include "groombook.fullname" . }}-postgresql
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "groombook.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: postgresql
+  template:
+    metadata:
+      labels:
+        {{- include "groombook.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: postgresql
+    spec:
+      containers:
+        - name: postgresql
+          image: {{ .Values.postgresql.integrated.image }}
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 5432
+              name: postgresql
+              protocol: TCP
+          env:
+            - name: POSTGRES_DB
+              value: {{ .Values.postgresql.integrated.auth.database | quote }}
+            - name: POSTGRES_USER
+              value: {{ .Values.postgresql.integrated.auth.username | quote }}
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "groombook.fullname" . }}-db-credentials
+                  key: postgresql-password
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql/data
+          readinessProbe:
+            exec:
+              command:
+                - pg_isready
+                - -U
+                - {{ .Values.postgresql.integrated.auth.username | quote }}
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          livenessProbe:
+            exec:
+              command:
+                - pg_isready
+                - -U
+                - {{ .Values.postgresql.integrated.auth.username | quote }}
+            initialDelaySeconds: 30
+            periodSeconds: 30
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        {{- if .Values.postgresql.integrated.storage.storageClass }}
+        storageClassName: {{ .Values.postgresql.integrated.storage.storageClass }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.postgresql.integrated.storage.size }}
+{{- end }}
diff --git a/charts/groombook/values.yaml b/charts/groombook/values.yaml
index 783ed38..5f888a5 100644
--- a/charts/groombook/values.yaml
+++ b/charts/groombook/values.yaml
@@ -52,18 +52,18 @@ migrate:
 
 # -- PostgreSQL configuration
 postgresql:
-  # Choose deployment mode: 'integrated' uses Bitnami subchart, 'operator' creates a CNPG Cluster CR
+  # Choose deployment mode: 'integrated' deploys a native PostgreSQL StatefulSet, 'operator' creates a CNPG Cluster CR
   mode: integrated
   integrated:
-    enabled: true  # set to false if mode is 'operator'
+    image: postgres:16
+    storage:
+      size: 10Gi
+      storageClass: ""
     auth:
       database: groombook
       username: groombook
       password: ""  # auto-generated if empty
       existingSecret: ""
-    primary:
-      persistence:
-        size: 8Gi
   operator:
     instances: 3
     storage: