Erich Blume
a79a33eeed
Attempted deployment fails on three independent blockers: 1. Container image doesn't exist (build-authentik-container) 2. PostgreSQL database doesn't exist (provision-authentik-database) 3. 1Password secrets don't exist (create-authentik-secrets) Created cards for each and added requires to goal card. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.1 KiB
1.1 KiB
| title | status | modified | tags | ||||
|---|---|---|---|---|---|---|---|
| Provision Authentik Database | active | 2026-02-20 |
|
Provision Authentik Database
Create a PostgreSQL database and user for Authentik on the existing CNPG cluster.
Context
Discovered while attempting deploy-authentik: Authentik requires a PostgreSQL database, but no authentik database exists on blumeops-pg. The CNPG cluster runs on indri (minikube) and is reachable from ringtail via Tailscale at blumeops-pg-rw.databases.svc:5432 or the Tailscale endpoint.
What to Do
- Create database
authentikand userauthentikon the CNPG cluster - Store credentials in 1Password (part of the "Authentik (blumeops)" item)
- Verify cross-cluster connectivity: ringtail pod → indri postgres via Tailscale
Open Questions
- What Tailscale hostname does the CNPG cluster expose? Need to check if there's a Tailscale Ingress for postgres or if we need to use the MagicDNS name directly.
- Should the database user have limited permissions or superuser access?
Related
- deploy-authentik — Parent goal
- postgresql — CNPG cluster reference