Erich Blume
fbf230b414
Mikado cards are discovered through failed attempts, not designed upfront — they don't belong in plans/. Cards now live where they topically belong (how-to/authentik/ for this chain). Updated agent-change-process to document this convention. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.1 KiB
1.1 KiB
| title | status | modified | tags | |||
|---|---|---|---|---|---|---|
| Provision Authentik Database | active | 2026-02-20 |
|
Provision Authentik Database
Create a PostgreSQL database and user for Authentik on the existing CNPG cluster.
Context
Discovered while attempting deploy-authentik: Authentik requires a PostgreSQL database, but no authentik database exists on blumeops-pg. The CNPG cluster runs on indri (minikube) and is reachable from ringtail via Tailscale at blumeops-pg-rw.databases.svc:5432 or the Tailscale endpoint.
What to Do
- Create database
authentikand userauthentikon the CNPG cluster - Store credentials in 1Password (part of the "Authentik (blumeops)" item)
- Verify cross-cluster connectivity: ringtail pod → indri postgres via Tailscale
Open Questions
- What Tailscale hostname does the CNPG cluster expose? Need to check if there's a Tailscale Ingress for postgres or if we need to use the MagicDNS name directly.
- Should the database user have limited permissions or superuser access?
Related
- deploy-authentik — Parent goal
- postgresql — CNPG cluster reference