apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: postgres-cluster
  namespace: authentik
  annotations:
    # needed to allow for recovery from same name cluster backup
    cnpg.io/skipEmptyWalArchiveCheck: enabled
spec:
  instances: 2

  managed:
    roles:
      - name: authentik
        superuser: true
        login: true

  bootstrap:
    # initdb:
    #   database: authentik
    #   owner: authentik
    #   secret:
    #     name: authentik-postgres-credentials
    # NOTE: uncomment this and commend the above initdb when recovering
    recovery:
      source: postgres-cluster

  storage:
    size: 8Gi
    storageClass: longhorn-pg

  externalClusters:
    - name: postgres-cluster
      barmanObjectStore:
        destinationPath: "s3://mthomson-cnpg-backup/authentik/"
        endpointURL: "https://s3.ca-central-1.wasabisys.com"
        s3Credentials:
          accessKeyId:
            name: wasabi-secret
            key: ACCESS_KEY_ID
          secretAccessKey:
            name: wasabi-secret
            key: ACCESS_SECRET_KEY

  backup:
    barmanObjectStore:
      destinationPath: "s3://mthomson-cnpg-backup/authentik/"
      endpointURL: "https://s3.ca-central-1.wasabisys.com"
      s3Credentials:
        accessKeyId:
          name: wasabi-secret
          key: ACCESS_KEY_ID
        secretAccessKey:
          name: wasabi-secret
          key: ACCESS_SECRET_KEY
    retentionPolicy: "10d"