Merge pull request 'tmp/postiz-4' (#5582) from tmp/postiz-4 into main

Reviewed-on: #5582
2026-04-06 03:18:38 +00:00
parent c0e5873d0d 12cba35fde
commit bcd97d81a4
2 changed files with 56 additions and 26 deletions
--- a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/postiz/templates/external-secret.yaml
@@ -17,6 +17,58 @@ spec:
        key: /cl01tl/postiz/config
        property: JWT_SECRET

+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: postiz-oidc-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: postiz-oidc-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: client
+      remoteRef:
+        key: /authentik/oidc/postiz
+        property: client
+    - secretKey: secret
+      remoteRef:
+        key: /authentik/oidc/postiz
+        property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: postiz-elasticsearch-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: postiz-elasticsearch-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: username
+      remoteRef:
+        key: /cl01tl/postiz/elasticsearch
+        property: username
+    - secretKey: password
+      remoteRef:
+        key: /cl01tl/postiz/elasticsearch
+        property: password
+    - secretKey: roles
+      remoteRef:
+        key: /cl01tl/postiz/elasticsearch
+        property: roles
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
@@ -48,27 +100,3 @@ spec:
      remoteRef:
        key: /cl01tl/postiz/valkey
        property: password
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: postiz-oidc-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: postiz-oidc-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: client
-      remoteRef:
-        key: /authentik/oidc/postiz
-        property: client
-    - secretKey: secret
-      remoteRef:
-        key: /authentik/oidc/postiz
-        property: secret
--- a/clusters/cl01tl/helm/postiz/values.yaml
+++ b/clusters/cl01tl/helm/postiz/values.yaml
@@ -151,8 +151,8 @@ temporal:
              databaseName: app
              connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432
              connectProtocol: "tcp"
-              user: app
-              existingSecret: postiz-postgresql-18-cluster-app
+              user: postgres
+              existingSecret: postiz-postgresql-18-cluster-superuser
              secretKey: password
              tls:
                enabled: false
@@ -219,6 +219,8 @@ temporal:
        memory: 60Mi
 postgres-18-cluster:
  mode: recovery
+  cluster:
+    enableSuperuserAccess: true
  recovery:
    method: objectStore
    objectStore: