diff --git a/wiki/kustomization.yaml b/wiki/kustomization.yaml
new file mode 100644
index 0000000..f050713
--- /dev/null
+++ b/wiki/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: wiki
+
+resources:
+- ./application.yaml
+- ./mariadb.yaml
+- ./postgres.yaml
+- ssh://git@git.k-space.ee/secretspace/kube/wiki
diff --git a/wiki/postgres.yaml b/wiki/postgres.yaml
new file mode 100644
index 0000000..4652946
--- /dev/null
+++ b/wiki/postgres.yaml
@@ -0,0 +1,125 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+spec:
+  revisionHistoryLimit: 0
+  serviceName: postgres
+  selector:
+    matchLabels:
+      app: postgres
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: postgres
+      annotations:
+        prometheus.io/port: '9187'
+        prometheus.io/scrape: 'true'
+    spec:
+      containers:
+      - name: postgres
+        image: mirror.gcr.io/library/postgres:15
+        imagePullPolicy: Always
+        env:
+        - name: POSTGRES_APPUSER
+          value: "kspace_wiki"
+        - name: POSTGRES_APP_DB
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-root-password
+              key: POSTGRES_PASSWORD
+        - name: POSTGRES_APPUSER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-appuser-password
+              key: password
+        - name: EXPORTER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-expoter-password
+              key: EXPORTER_PASSWORD
+        volumeMounts:
+        - name: postgres-data
+          mountPath: /var/lib/postgresql
+        - name: postgres-init
+          mountPath: /docker-entrypoint-initdb.d
+      volumes:
+        - name: postgres-init
+          configMap:
+            name: postgres-init-config
+  volumeClaimTemplates:
+  - metadata:
+      name: postgres-data
+    spec:
+      storageClassName: ceph-rbd
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+spec:
+  ports:
+    - protocol: TCP
+      port: 5432
+  selector:
+    app: postgres
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: postgres-root-password
+spec:
+  size: 32
+  mapping:
+    - key: POSTGRES_PASSWORD
+      value: "%(plaintext)s"
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: postgres-appuser-password
+spec:
+  size: 32
+  mapping:
+    - key: password
+      value: "%(plaintext)s"
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: postgres-expoter-password
+spec:
+  size: 32
+  mapping:
+    - key: EXPORTER_PASSWORD
+      value: "%(plaintext)s"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-init-config
+data:
+  initdb.sh: |
+    #!/usr/bin/env bash
+    set -e
+
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+      CREATE USER exporter WITH PASSWORD '$EXPORTER_PASSWORD';
+      GRANT pg_read_all_stats TO exporter;
+      GRANT SELECT ON pg_catalog.pg_replication_slots TO exporter;
+      GRANT CONNECT ON DATABASE postgres TO exporter;
+
+      CREATE DATABASE "$POSTGRES_APP_DB";
+      CREATE USER "$POSTGRES_APPUSER" WITH PASSWORD '$POSTGRES_APPUSER_PASSWORD';
+      GRANT ALL PRIVILEGES ON database "$POSTGRES_APP_DB" TO "$POSTGRES_APPUSER";
+    EOSQL