From d511ca8aee1b3af036a152ce39d0f1df9ac8b099 Mon Sep 17 00:00:00 2001
From: kisfenyo <kisfenyo@dooplex.local>
Date: Sat, 27 Dec 2025 17:05:10 +0100
Subject: [PATCH] added authentik db

---
 database-system/authentik-postgres-db.yaml | 51 ++++++++++++++++++++++
 database-system/postgresql-cluster.yaml    |  2 +-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 database-system/authentik-postgres-db.yaml

diff --git a/database-system/authentik-postgres-db.yaml b/database-system/authentik-postgres-db.yaml
new file mode 100644
index 0000000..d6994e8
--- /dev/null
+++ b/database-system/authentik-postgres-db.yaml
@@ -0,0 +1,51 @@
+# database-system/postgresql/authentik-database.yaml
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: authentik
+  namespace: database-system
+spec:
+  cluster:
+    name: postgresql
+  name: authentik
+  owner: authentik
+---
+# Grant permissions job
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: authentik-grant-permissions
+  namespace: database-system
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: psql
+          image: ghcr.io/cloudnative-pg/postgresql:17.2
+          env:
+            - name: PGHOST
+              value: postgresql-rw
+            - name: PGUSER
+              value: postgres
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-superuser
+                  key: password
+          command:
+            - /bin/sh
+            - -c
+            - |
+              psql -c "CREATE USER authentik WITH PASSWORD '$(cat /secrets/authentik-password)';"
+              psql -d authentik -c "GRANT ALL PRIVILEGES ON SCHEMA public TO authentik;"
+              psql -d authentik -c "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO authentik;"
+              psql -d authentik -c "GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO authentik;"
+          volumeMounts:
+            - name: authentik-password
+              mountPath: /secrets
+      volumes:
+        - name: authentik-password
+          secret:
+            secretName: authentik-user
diff --git a/database-system/postgresql-cluster.yaml b/database-system/postgresql-cluster.yaml
index 37af966..af22fce 100644
--- a/database-system/postgresql-cluster.yaml
+++ b/database-system/postgresql-cluster.yaml
@@ -30,7 +30,7 @@ spec:
       cpu: "500m"
     limits:
       memory: "4Gi"
-      cpu: "2000m"
+      cpu: "2"
   
   # Monitoring
   monitoring: