---
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
  name: authentik
  namespace: security
spec:
  postgresVersion: 15
  patroni:
    dynamicConfiguration:
      synchronous_mode: true
      postgresql:
        synchronous_commit: "on"
  instances:
    - name: postgres
      replicas: 2
      dataVolumeClaimSpec:
        storageClassName: ceph-block
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 5Gi
  users:
    - name: authentik
      databases:
        - authentik
      options: "SUPERUSER"
  backups:
    pgbackrest:
      configuration:
        - secret:
            name: pgo-s3-creds
      global:
        archive-push-queue-max: 4GiB
        repo1-retention-full: "14"
        repo1-retention-full-type: time
        repo1-path: /authentik/repo1
        repo1-s3-uri-style: path
      manual:
        repoName: repo1
        options:
          - --type=full
      repos:
        - name: repo1
          schedules:
            full: "0 1 * * 0"
            differential: "0 1 * * 1-6"
          s3:
            bucket: "crunchy-postgres"
            endpoint: "erebor.hsn.dev"
            region: "us-east-1"