alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

feat: add postiz temporal #5568

Merged
alexlebens merged 1 commits from tmp/postiz-1 into main 2026-04-06 01:53:40 +00:00
Conversation 0 Commits 1 Files Changed 7 +234 -29
7 changed files with 234 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 4a4534646f - Show all commits

7
clusters/cl01tl/helm/postiz/Chart.lock
View File

@@ -2,6 +2,9 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: temporal
repository: https://go.temporal.io/helm-charts
version: 1.0.0-rc.3
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
@@ -17,5 +20,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:1c7f2f341be8892e4b8e016c34676dee45f35caf75908a0eabe845b5683948c4
generated: "2026-04-05T19:40:33.153012-05:00"
digest: sha256:a5d285d997702cefaac9808ac6556a566d7974773c7fb2c7a0defb8f64226443
generated: "2026-04-05T20:33:43.946895-05:00"

9
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -8,8 +8,14 @@ keywords:
home: https://docs.alexlebens.dev/applications/plex/
sources:
- https://github.com/gitroomhq/postiz-app
- https://github.com/getsentry/spotlight
- https://github.com/gitroomhq/postiz-app/pkgs/container/postiz-app
- https://github.com/getsentry/spotlight/pkgs/container/spotlight
- https://hub.docker.com/r/temporalio/server
- https://hub.docker.com/r/temporalio/admin-tools
- https://hub.docker.com/r/temporalio/ui
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/temporalio/helm-charts/tree/main/charts/temporal
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
@@ -21,6 +27,9 @@ dependencies:
alias: postiz
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: temporal
repository: https://go.temporal.io/helm-charts
version: 1.0.0-rc.3
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0

30
clusters/cl01tl/helm/postiz/templates/elasticsearch.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch-postiz
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: elasticsearch-postiz
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}``
spec:
# renovate: datasource=docker depName=elasticsearch
version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
auth:
fileRealm:
- secretName: postiz-elasticsearch-secret
nodeSets:
- name: default
count: 2
config:
node.store.allow_mmap: false
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: ceph-block

58
clusters/cl01tl/helm/postiz/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: temporal-ui
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: temporal-ui
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- temporal-ui.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: temporal-ui
port: 8080
weight: 100
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: temporal-frontend
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: temporal-frontend
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- temporal-frontend.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: temporal-frontend
port: 80
weight: 100

153
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -10,17 +10,21 @@ postiz:
repository: ghcr.io/gitroomhq/postiz-app
tag: v2.21.4@sha256:a339e9ee256537526d0eda19e5919e01fa7649a40596ebec5d9e1389850836bc
env:
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: postiz-config-secret
key: JWT_SECRET
- name: MAIN_URL
value: https://postiz.alexlebens.dev
- name: FRONTEND_URL
value: https://postiz.alexlebens.dev
- name: NEXT_PUBLIC_BACKEND_URL
value: https://postiz.alexlebens.dev/api
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: postiz-config-secret
key: JWT_SECRET
- name: BACKEND_INTERNAL_URL
value: http://temporal:3000
- name: TEMPORAL_ADDRESS
value: http://temporal:3000
- name: DATABASE_URL
valueFrom:
secretKeyRef:
@@ -31,10 +35,12 @@ postiz:
secretKeyRef:
name: postiz-valkey-config
key: REDIS_URL
- name: BACKEND_INTERNAL_URL
value: http://localhost:3000
- name: IS_GENERAL
value: "true"
- name: DISABLE_REGISTRATION
value: "false"
- name: RUN_CRON
value: "true"
- name: STORAGE_PROVIDER
value: local
- name: UPLOAD_DIRECTORY
@@ -67,10 +73,27 @@ postiz:
key: secret
- name: POSTIZ_OAUTH_SCOPE
value: openid profile email
- name: NEXT_PUBLIC_SENTRY_DSN
value: http://spotlight:8969/stream
- name: SENTRY_SPOTLIGHT
value: "1"
resources:
requests:
cpu: 10m
memory: 1Gi
spotlight:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/getsentry/spotlight
tag: 4.11.3@sha256:be6eb5b5d0df882025dcef138c217d493e6dcb684aebc235bc1b2832eb347c7f
resources:
requests:
cpu: 10m
memory: 40Mi
service:
main:
controller: main
@@ -78,24 +101,12 @@ postiz:
http:
port: 80
targetPort: 5000
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- postiz.alexlebens.net
rules:
- backendRefs:
- name: postiz
port: 80
matches:
- path:
type: PathPrefix
value: /
spotlight:
controller: spotlight
ports:
http:
port: 8969
targetPort: 8969
persistence:
config:
forceRename: postiz-config
@@ -117,6 +128,94 @@ postiz:
main:
- path: /uploads
readOnly: false
temporal:
server:
image:
repository: temporalio/server
tag: 1.30.2@sha256:d5334ee3ddce1617efbe280a10afc85916cf8d81798415c98988dbda2b46773e
metrics:
serviceMonitor:
enabled: true
resources:
requests:
cpu: 10m
memory: 60Mi
config:
logLevel: "debug,info"
persistence:
datastores:
default:
sql:
pluginName: postgres12
driverName: postgres12
databaseName: app
connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432
user: app
existingSecret: postiz-postgresql-18-cluster-app
secretKey: password
tls:
enabled: false
visibility:
elasticsearch:
version: v8
url:
scheme: http
host: elasticsearch-postiz-es-http.postiz:9200
logLevel: error
indices:
visibility: temporal_visibility_v1
tls:
enabled: false
frontend:
ingress:
enabled: false
metrics:
serviceMonitor:
enabled: true
resources:
requests:
cpu: 10m
memory: 60Mi
history:
metrics:
serviceMonitor:
enabled: true
resources:
requests:
cpu: 10m
memory: 60Mi
matching:
metrics:
serviceMonitor:
enabled: true
resources:
requests:
cpu: 10m
memory: 60Mi
worker:
metrics:
serviceMonitor:
enabled: true
resources:
requests:
cpu: 10m
memory: 60Mi
admintools:
image:
repository: temporalio/admin-tools
tag: 1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3
resources:
requests:
cpu: 10m
memory: 60Mi
web:
image:
repository: temporalio/ui
tag: 2.48.1@sha256:edb5dd1b3e0ddb35611939dde9b573533afd6fbafbbf077b73c7131a30ca91ff
resources:
requests:
cpu: 10m
memory: 60Mi
postgres-18-cluster:
mode: recovery
recovery:
@@ -136,6 +235,10 @@ postgres-18-cluster:
immediate: true
schedule: "0 20 15 * * *"
backupName: garage-local
databases:
- name: temporal
ensure: present
owner: app
valkey:
valkey:
auth:

3
clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
View File

@@ -8,7 +8,8 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
version: 8.19.8
# renovate: datasource=docker depName=elasticsearch
version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
auth:
fileRealm:
- secretName: stalwart-elasticsearch-secret

3
clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml
View File

@@ -8,7 +8,8 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
version: 8.19.8
# renovate: datasource=docker depName=elasticsearch
version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
auth:
fileRealm:
- secretName: tubearchivist-elasticsearch-secret