From 008845d653d8faec8ce85c40edcc398c7f0b5cac Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Thu, 5 Feb 2026 22:35:53 -0600
Subject: [PATCH] fix: ensure ferret user

---
 .../komodo/templates/external-secret.yaml     | 23 +++++++++++++++++++
 clusters/cl01tl/helm/komodo/values.yaml       |  8 +++----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/clusters/cl01tl/helm/komodo/templates/external-secret.yaml b/clusters/cl01tl/helm/komodo/templates/external-secret.yaml
index d522800c4..9cae90090 100644
--- a/clusters/cl01tl/helm/komodo/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/komodo/templates/external-secret.yaml
@@ -47,3 +47,26 @@ spec:
         key: /authentik/oidc/komodo
         metadataPolicy: None
         property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: komodo-postgresql-17-fdb-cluster-ferret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: komodo-postgresql-17-fdb-cluster-ferret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: uri
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/komodo/config
+        metadataPolicy: None
+        property: uri
diff --git a/clusters/cl01tl/helm/komodo/values.yaml b/clusters/cl01tl/helm/komodo/values.yaml
index f5757666d..cbb353fee 100644
--- a/clusters/cl01tl/helm/komodo/values.yaml
+++ b/clusters/cl01tl/helm/komodo/values.yaml
@@ -53,10 +53,7 @@ komodo:
             - name: PERIPHERY_SSL_ENABLED
               value: false
             - name: DB_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: komodo-postgresql-17-fdb-cluster-app
-                  key: user
+              value: ferret
             - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef:
@@ -101,7 +98,7 @@ komodo:
             - name: FERRETDB_POSTGRESQL_URL
               valueFrom:
                 secretKeyRef:
-                  name: komodo-postgresql-17-fdb-cluster-superuser
+                  name: komodo-postgresql-17-fdb-cluster-ferret
                   key: uri
           resources:
             requests:
@@ -201,6 +198,7 @@ postgresql-17-fdb-cluster:
       postInitApplicationSQL:
         - CREATE EXTENSION IF NOT EXISTS pg_cron;
         - CREATE EXTENSION IF NOT EXISTS documentdb CASCADE;
+        - ALTER USER ferret WITH PASSWORD '${PASSWORD}';
         - GRANT documentdb_admin_role TO ferret;
         - GRANT USAGE ON SCHEMA documentdb_core TO ferret;
         - GRANT USAGE ON SCHEMA documentdb_api TO ferret;