From 95204ab87d1cca267d585a9a671bea922048aaf9 Mon Sep 17 00:00:00 2001
From: Michael Thomson <michael@michaelthomson.dev>
Date: Tue, 10 Jun 2025 16:32:29 -0400
Subject: [PATCH] authentik cluster refactor

---
 apps/authentik/cluster.yaml          | 20 +++++++++++---------
 apps/authentik/release.yaml          |  2 +-
 apps/authentik/scheduled-backup.yaml |  2 +-
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/apps/authentik/cluster.yaml b/apps/authentik/cluster.yaml
index 34febdc..0d4f9f5 100644
--- a/apps/authentik/cluster.yaml
+++ b/apps/authentik/cluster.yaml
@@ -1,9 +1,10 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: authentik-postgres
+  name: postgres-cluster
   namespace: authentik
   annotations:
+    # needed to allow for recovery from same name cluster backup
     cnpg.io/skipEmptyWalArchiveCheck: enabled
 spec:
   instances: 3
@@ -15,20 +16,21 @@ spec:
         login: true
 
   bootstrap:
-    # initdb:
-    #   database: authentik
-    #   owner: authentik
-    #   secret:
-    #     name: authentik-postgres-credentials
-    recovery:
-      source: authentik-postgres
+    initdb:
+      database: authentik
+      owner: authentik
+      secret:
+        name: authentik-postgres-credentials
+    # NOTE: uncomment this and commend the above initdb when recovering
+    # recovery:
+    #   source: postgres-cluster
 
   storage:
     size: 8Gi
     storageClass: longhorn-pg
 
   externalClusters:
-    - name: authentik-postgres
+    - name: postgres-cluster
       barmanObjectStore:
         destinationPath: "s3://mthomson-cnpg-backup/authentik/"
         endpointURL: "https://s3.ca-central-1.wasabisys.com"
diff --git a/apps/authentik/release.yaml b/apps/authentik/release.yaml
index 495c588..20a83bd 100644
--- a/apps/authentik/release.yaml
+++ b/apps/authentik/release.yaml
@@ -17,7 +17,7 @@ spec:
     authentik:
       secret_key: file:///secret-key/key
       postgresql:
-        host: authentik-postgres-rw
+        host: postgres-cluster-rw
         user: file:///postgres-creds/username
         password: file:///postgres-creds/password
     server:
diff --git a/apps/authentik/scheduled-backup.yaml b/apps/authentik/scheduled-backup.yaml
index 5c81170..b22bf03 100644
--- a/apps/authentik/scheduled-backup.yaml
+++ b/apps/authentik/scheduled-backup.yaml
@@ -8,4 +8,4 @@ spec:
   backupOwnerReference: self
   #immediate: true
   cluster:
-    name: authentik-postgres
+    name: postgres-cluster