fix: ensure ferret user

clusters/cl01tl/helm/komodo/templates/external-secret.yaml

@@ -47,3 +47,26 @@ spec:
         key: /authentik/oidc/komodo
         metadataPolicy: None
         property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: komodo-postgresql-17-fdb-cluster-ferret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: komodo-postgresql-17-fdb-cluster-ferret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: uri
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/komodo/config
+        metadataPolicy: None
+        property: uri

clusters/cl01tl/helm/komodo/values.yaml

@@ -53,10 +53,7 @@ komodo:
             - name: PERIPHERY_SSL_ENABLED
               value: false
             - name: DB_USERNAME
-              valueFrom:
+              value: ferret
-                secretKeyRef:
-                  name: komodo-postgresql-17-fdb-cluster-app
-                  key: user
             - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef:
@@ -101,7 +98,7 @@ komodo:
             - name: FERRETDB_POSTGRESQL_URL
               valueFrom:
                 secretKeyRef:
-                  name: komodo-postgresql-17-fdb-cluster-superuser
+                  name: komodo-postgresql-17-fdb-cluster-ferret
                   key: uri
           resources:
             requests:
@@ -201,6 +198,7 @@ postgresql-17-fdb-cluster:
       postInitApplicationSQL:
         - CREATE EXTENSION IF NOT EXISTS pg_cron;
         - CREATE EXTENSION IF NOT EXISTS documentdb CASCADE;
+        - ALTER USER ferret WITH PASSWORD '${PASSWORD}';
         - GRANT documentdb_admin_role TO ferret;
         - GRANT USAGE ON SCHEMA documentdb_core TO ferret;
         - GRANT USAGE ON SCHEMA documentdb_api TO ferret;