diff --git a/clusters/cl01tl/helm/postiz/Chart.lock b/clusters/cl01tl/helm/postiz/Chart.lock index a1e1b5a00..9b1b7079b 100644 --- a/clusters/cl01tl/helm/postiz/Chart.lock +++ b/clusters/cl01tl/helm/postiz/Chart.lock @@ -2,6 +2,9 @@ dependencies: - name: app-template repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 +- name: temporal + repository: https://go.temporal.io/helm-charts + version: 1.0.0-rc.3 - name: cloudflared repository: oci://harbor.alexlebens.net/helm-charts version: 2.4.0 @@ -17,5 +20,5 @@ dependencies: - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:1c7f2f341be8892e4b8e016c34676dee45f35caf75908a0eabe845b5683948c4 -generated: "2026-04-05T19:40:33.153012-05:00" +digest: sha256:a5d285d997702cefaac9808ac6556a566d7974773c7fb2c7a0defb8f64226443 +generated: "2026-04-05T20:33:43.946895-05:00" diff --git a/clusters/cl01tl/helm/postiz/Chart.yaml b/clusters/cl01tl/helm/postiz/Chart.yaml index 2f96f9abd..124336b7d 100644 --- a/clusters/cl01tl/helm/postiz/Chart.yaml +++ b/clusters/cl01tl/helm/postiz/Chart.yaml @@ -8,8 +8,14 @@ keywords: home: https://docs.alexlebens.dev/applications/plex/ sources: - https://github.com/gitroomhq/postiz-app + - https://github.com/getsentry/spotlight - https://github.com/gitroomhq/postiz-app/pkgs/container/postiz-app + - https://github.com/getsentry/spotlight/pkgs/container/spotlight + - https://hub.docker.com/r/temporalio/server + - https://hub.docker.com/r/temporalio/admin-tools + - https://hub.docker.com/r/temporalio/ui - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://github.com/temporalio/helm-charts/tree/main/charts/temporal - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey @@ -21,6 +27,9 @@ dependencies: alias: postiz repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 + - name: temporal + repository: https://go.temporal.io/helm-charts + version: 1.0.0-rc.3 - name: cloudflared repository: oci://harbor.alexlebens.net/helm-charts version: 2.4.0 diff --git a/clusters/cl01tl/helm/postiz/templates/elasticsearch.yaml b/clusters/cl01tl/helm/postiz/templates/elasticsearch.yaml new file mode 100644 index 000000000..e1876794e --- /dev/null +++ b/clusters/cl01tl/helm/postiz/templates/elasticsearch.yaml @@ -0,0 +1,30 @@ +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: elasticsearch-postiz + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: elasticsearch-postiz + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }}`` +spec: + # renovate: datasource=docker depName=elasticsearch + version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4 + auth: + fileRealm: + - secretName: postiz-elasticsearch-secret + nodeSets: + - name: default + count: 2 + config: + node.store.allow_mmap: false + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: ceph-block diff --git a/clusters/cl01tl/helm/postiz/templates/http-route.yaml b/clusters/cl01tl/helm/postiz/templates/http-route.yaml new file mode 100644 index 000000000..89111f547 --- /dev/null +++ b/clusters/cl01tl/helm/postiz/templates/http-route.yaml @@ -0,0 +1,58 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: temporal-ui + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: temporal-ui + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - temporal-ui.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: temporal-ui + port: 8080 + weight: 100 + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: temporal-frontend + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: temporal-frontend + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - temporal-frontend.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: temporal-frontend + port: 80 + weight: 100 diff --git a/clusters/cl01tl/helm/postiz/values.yaml b/clusters/cl01tl/helm/postiz/values.yaml index b91292d72..c5e3a7f1a 100644 --- a/clusters/cl01tl/helm/postiz/values.yaml +++ b/clusters/cl01tl/helm/postiz/values.yaml @@ -10,17 +10,21 @@ postiz: repository: ghcr.io/gitroomhq/postiz-app tag: v2.21.4@sha256:a339e9ee256537526d0eda19e5919e01fa7649a40596ebec5d9e1389850836bc env: + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: postiz-config-secret + key: JWT_SECRET - name: MAIN_URL value: https://postiz.alexlebens.dev - name: FRONTEND_URL value: https://postiz.alexlebens.dev - name: NEXT_PUBLIC_BACKEND_URL value: https://postiz.alexlebens.dev/api - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: postiz-config-secret - key: JWT_SECRET + - name: BACKEND_INTERNAL_URL + value: http://temporal:3000 + - name: TEMPORAL_ADDRESS + value: http://temporal:3000 - name: DATABASE_URL valueFrom: secretKeyRef: @@ -31,10 +35,12 @@ postiz: secretKeyRef: name: postiz-valkey-config key: REDIS_URL - - name: BACKEND_INTERNAL_URL - value: http://localhost:3000 - name: IS_GENERAL value: "true" + - name: DISABLE_REGISTRATION + value: "false" + - name: RUN_CRON + value: "true" - name: STORAGE_PROVIDER value: local - name: UPLOAD_DIRECTORY @@ -67,10 +73,27 @@ postiz: key: secret - name: POSTIZ_OAUTH_SCOPE value: openid profile email + - name: NEXT_PUBLIC_SENTRY_DSN + value: http://spotlight:8969/stream + - name: SENTRY_SPOTLIGHT + value: "1" resources: requests: cpu: 10m memory: 1Gi + spotlight: + type: deployment + replicas: 1 + strategy: Recreate + containers: + main: + image: + repository: ghcr.io/getsentry/spotlight + tag: 4.11.3@sha256:be6eb5b5d0df882025dcef138c217d493e6dcb684aebc235bc1b2832eb347c7f + resources: + requests: + cpu: 10m + memory: 40Mi service: main: controller: main @@ -78,24 +101,12 @@ postiz: http: port: 80 targetPort: 5000 - route: - main: - kind: HTTPRoute - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - postiz.alexlebens.net - rules: - - backendRefs: - - name: postiz - port: 80 - matches: - - path: - type: PathPrefix - value: / + spotlight: + controller: spotlight + ports: + http: + port: 8969 + targetPort: 8969 persistence: config: forceRename: postiz-config @@ -117,6 +128,94 @@ postiz: main: - path: /uploads readOnly: false +temporal: + server: + image: + repository: temporalio/server + tag: 1.30.2@sha256:d5334ee3ddce1617efbe280a10afc85916cf8d81798415c98988dbda2b46773e + metrics: + serviceMonitor: + enabled: true + resources: + requests: + cpu: 10m + memory: 60Mi + config: + logLevel: "debug,info" + persistence: + datastores: + default: + sql: + pluginName: postgres12 + driverName: postgres12 + databaseName: app + connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432 + user: app + existingSecret: postiz-postgresql-18-cluster-app + secretKey: password + tls: + enabled: false + visibility: + elasticsearch: + version: v8 + url: + scheme: http + host: elasticsearch-postiz-es-http.postiz:9200 + logLevel: error + indices: + visibility: temporal_visibility_v1 + tls: + enabled: false + frontend: + ingress: + enabled: false + metrics: + serviceMonitor: + enabled: true + resources: + requests: + cpu: 10m + memory: 60Mi + history: + metrics: + serviceMonitor: + enabled: true + resources: + requests: + cpu: 10m + memory: 60Mi + matching: + metrics: + serviceMonitor: + enabled: true + resources: + requests: + cpu: 10m + memory: 60Mi + worker: + metrics: + serviceMonitor: + enabled: true + resources: + requests: + cpu: 10m + memory: 60Mi + admintools: + image: + repository: temporalio/admin-tools + tag: 1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3 + resources: + requests: + cpu: 10m + memory: 60Mi + web: + image: + repository: temporalio/ui + tag: 2.48.1@sha256:edb5dd1b3e0ddb35611939dde9b573533afd6fbafbbf077b73c7131a30ca91ff + resources: + requests: + cpu: 10m + memory: 60Mi postgres-18-cluster: mode: recovery recovery: @@ -136,6 +235,10 @@ postgres-18-cluster: immediate: true schedule: "0 20 15 * * *" backupName: garage-local + databases: + - name: temporal + ensure: present + owner: app valkey: valkey: auth: diff --git a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml index 837d698c3..395e3df9c 100644 --- a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml @@ -8,7 +8,8 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - version: 8.19.8 + # renovate: datasource=docker depName=elasticsearch + version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4 auth: fileRealm: - secretName: stalwart-elasticsearch-secret diff --git a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml b/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml index 1f92e2d21..dc0b4e2c5 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml @@ -8,7 +8,8 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - version: 8.19.8 + # renovate: datasource=docker depName=elasticsearch + version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4 auth: fileRealm: - secretName: tubearchivist-elasticsearch-secret