authentik cluster refactor

apps/authentik/cluster.yaml

@@ -1,9 +1,10 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: authentik-postgres
+  name: postgres-cluster
   namespace: authentik
   annotations:
+    # needed to allow for recovery from same name cluster backup
     cnpg.io/skipEmptyWalArchiveCheck: enabled
 spec:
   instances: 3
@@ -15,20 +16,21 @@ spec:
         login: true
 
   bootstrap:
-    # initdb:
+    initdb:
-    #   database: authentik
+      database: authentik
-    #   owner: authentik
+      owner: authentik
-    #   secret:
+      secret:
-    #     name: authentik-postgres-credentials
+        name: authentik-postgres-credentials
-    recovery:
+    # NOTE: uncomment this and commend the above initdb when recovering
-      source: authentik-postgres
+    # recovery:
+    #   source: postgres-cluster
 
   storage:
     size: 8Gi
     storageClass: longhorn-pg
 
   externalClusters:
-    - name: authentik-postgres
+    - name: postgres-cluster
       barmanObjectStore:
         destinationPath: "s3://mthomson-cnpg-backup/authentik/"
         endpointURL: "https://s3.ca-central-1.wasabisys.com"

apps/authentik/release.yaml

@@ -17,7 +17,7 @@ spec:
     authentik:
       secret_key: file:///secret-key/key
       postgresql:
-        host: authentik-postgres-rw
+        host: postgres-cluster-rw
         user: file:///postgres-creds/username
         password: file:///postgres-creds/password
     server:

apps/authentik/scheduled-backup.yaml

@@ -8,4 +8,4 @@ spec:
   backupOwnerReference: self
   #immediate: true
   cluster:
-    name: authentik-postgres
+    name: postgres-cluster