added authentik db

database-system/authentik-postgres-db.yaml

@@ -0,0 +1,51 @@
+# database-system/postgresql/authentik-database.yaml
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: authentik
+  namespace: database-system
+spec:
+  cluster:
+    name: postgresql
+  name: authentik
+  owner: authentik
+---
+# Grant permissions job
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: authentik-grant-permissions
+  namespace: database-system
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: psql
+          image: ghcr.io/cloudnative-pg/postgresql:17.2
+          env:
+            - name: PGHOST
+              value: postgresql-rw
+            - name: PGUSER
+              value: postgres
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-superuser
+                  key: password
+          command:
+            - /bin/sh
+            - -c
+            - |
+              psql -c "CREATE USER authentik WITH PASSWORD '$(cat /secrets/authentik-password)';"
+              psql -d authentik -c "GRANT ALL PRIVILEGES ON SCHEMA public TO authentik;"
+              psql -d authentik -c "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO authentik;"
+              psql -d authentik -c "GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO authentik;"
+          volumeMounts:
+            - name: authentik-password
+              mountPath: /secrets
+      volumes:
+        - name: authentik-password
+          secret:
+            secretName: authentik-user

database-system/postgresql-cluster.yaml

@@ -30,7 +30,7 @@ spec:
       cpu: "500m"
     limits:
       memory: "4Gi"
-      cpu: "2000m"
+      cpu: "2"
   
   # Monitoring
   monitoring: