From 12cba35fde4b5a9069ef234de4e7727840cb95c6 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 5 Apr 2026 22:06:00 -0500 Subject: [PATCH] feat: add super --- .../postiz/templates/external-secret.yaml | 76 +++++++++++++------ clusters/cl01tl/helm/postiz/values.yaml | 6 +- 2 files changed, 56 insertions(+), 26 deletions(-) diff --git a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml b/clusters/cl01tl/helm/postiz/templates/external-secret.yaml index 51bb8c61b..00c889f8b 100644 --- a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/postiz/templates/external-secret.yaml @@ -17,6 +17,58 @@ spec: key: /cl01tl/postiz/config property: JWT_SECRET +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: postiz-oidc-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: postiz-oidc-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: client + remoteRef: + key: /authentik/oidc/postiz + property: client + - secretKey: secret + remoteRef: + key: /authentik/oidc/postiz + property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: postiz-elasticsearch-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: postiz-elasticsearch-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: username + remoteRef: + key: /cl01tl/postiz/elasticsearch + property: username + - secretKey: password + remoteRef: + key: /cl01tl/postiz/elasticsearch + property: password + - secretKey: roles + remoteRef: + key: /cl01tl/postiz/elasticsearch + property: roles + --- apiVersion: external-secrets.io/v1 kind: ExternalSecret @@ -48,27 +100,3 @@ spec: remoteRef: key: /cl01tl/postiz/valkey property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - key: /authentik/oidc/postiz - property: client - - secretKey: secret - remoteRef: - key: /authentik/oidc/postiz - property: secret diff --git a/clusters/cl01tl/helm/postiz/values.yaml b/clusters/cl01tl/helm/postiz/values.yaml index 32620d660..500344198 100644 --- a/clusters/cl01tl/helm/postiz/values.yaml +++ b/clusters/cl01tl/helm/postiz/values.yaml @@ -151,8 +151,8 @@ temporal: databaseName: app connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432 connectProtocol: "tcp" - user: app - existingSecret: postiz-postgresql-18-cluster-app + user: postgres + existingSecret: postiz-postgresql-18-cluster-superuser secretKey: password tls: enabled: false @@ -219,6 +219,8 @@ temporal: memory: 60Mi postgres-18-cluster: mode: recovery + cluster: + enableSuperuserAccess: true recovery: method: objectStore objectStore: