alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions 1 Activity

Automated Manifest Update #5571

Merged
alexlebens merged 1 commits from auto/update-manifests into manifests 2026-04-06 01:57:16 +00:00
Conversation 0 Commits 1 Files Changed 25 +1405 -27
25 changed files with 1405 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
clusters/cl01tl/manifests/postiz/ConfigMap-postiz-temporal-config.yaml Normal file
View File

@@ -0,0 +1,111 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "postiz-temporal-config"
labels:
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
data:
config_template.yaml: |-
# enable-template
log:
stdout: true
level: "debug,info"
persistence:
datastores:
default:
sql:
connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432
databaseName: app
driverName: postgres12
password: {{ env "TEMPORAL_DEFAULT_STORE_PASSWORD" | quote }}
pluginName: postgres12
tls:
enabled: false
user: app
visibility:
elasticsearch:
indices:
visibility: temporal_visibility_v1
logLevel: error
tls:
enabled: false
url:
host: elasticsearch-postiz-es-http.postiz:9200
scheme: http
version: v8
defaultStore: default
numHistoryShards: 512
visibilityStore: visibility
global:
membership:
name: temporal
maxJoinDuration: 30s
broadcastAddress: {{ env "POD_IP" | quote }}
pprof:
port: 7936
metrics:
tags:
type: {{ env "TEMPORAL_SERVICES" | quote }}
prometheus:
listenAddress: 0.0.0.0:9090
timerType: histogram
services:
frontend:
rpc:
grpcPort: 7233
httpPort: 7243
membershipPort: 6933
bindOnIP: "0.0.0.0"
history:
rpc:
grpcPort: 7234
membershipPort: 6934
bindOnIP: "0.0.0.0"
matching:
rpc:
grpcPort: 7235
membershipPort: 6935
bindOnIP: "0.0.0.0"
worker:
rpc:
membershipPort: 6939
bindOnIP: "0.0.0.0"
clusterMetadata:
enableGlobalNamespace: false
failoverVersionIncrement: 10
masterClusterName: "active"
currentClusterName: "active"
clusterInformation:
active:
enabled: true
initialFailoverVersion: 1
rpcName: "temporal-frontend"
rpcAddress: "127.0.0.1:7233"
httpAddress: "127.0.0.1:7243"
dcRedirectionPolicy:
policy: "noop"
toDC: ""
archival:
status: "disabled"
publicClient:
hostPort: "postiz-temporal-frontend:7233"
dynamicConfigClient:
filepath: "/etc/temporal/dynamic_config/dynamic_config.yaml"
pollInterval: "10s"

13
clusters/cl01tl/manifests/postiz/ConfigMap-postiz-temporal-dynamic-config.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "postiz-temporal-dynamic-config"
labels:
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
data:
dynamic_config.yaml: ""

319
clusters/cl01tl/manifests/postiz/ConfigMap-postiz-temporal-shims.yaml Normal file
View File

@@ -0,0 +1,319 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "postiz-temporal-shims"
labels:
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
data:
dockerize: |-
#!/bin/sh
set -e
# Parse command line arguments
while [ $# -gt 0 ]; do
case "$1" in
-template)
shift
TEMPLATE="$1"
shift
;;
*)
# Ignore other arguments for compatibility
shift
;;
esac
done
# Process template if specified
if [ -n "$TEMPLATE" ]; then
# Split on colon to get source:destination
SRC="${TEMPLATE%%:*}"
DST="${TEMPLATE#*:}"
# Create destination directory if it doesn't exist
mkdir -p "$(dirname "$DST")"
# Copy the file
cp "$SRC" "$DST"
echo "Skipped dockerize, copied $SRC to $DST"
fi
temporal-elasticsearch-tool: |-
#!/bin/sh
set -e
if [ -x /usr/local/bin/temporal-elasticsearch-tool ]; then
exec /usr/local/bin/temporal-elasticsearch-tool "$@"
fi
# Build base URL from environment variables
ES_URL="${ES_SCHEME}://${ES_HOST}:${ES_PORT}"
# Build curl auth string if credentials are provided
CURL_AUTH=""
if [ -n "$ES_USER" ] && [ -n "$ES_PWD" ]; then
CURL_AUTH="--user ${ES_USER}:${ES_PWD}"
fi
# Helper function to make curl requests
curl_request() {
local method="$1"
local path="$2"
local data_file="$3"
local fail_silently="$4"
local curl_cmd="curl -X ${method} --silent --show-error ${CURL_AUTH} ${ES_URL}${path}"
if [ -n "$data_file" ]; then
curl_cmd="${curl_cmd} -H 'Content-Type: application/json' --data-binary @${data_file}"
fi
if [ "$fail_silently" != "true" ]; then
curl_cmd="${curl_cmd} --fail"
fi
curl_cmd="${curl_cmd} 2>&1"
eval "$curl_cmd"
}
# Parse command
COMMAND="${1:-}"
shift || true
case "$COMMAND" in
setup-schema)
# Setup cluster settings and index template
if [ -z "$ES_VERSION" ]; then
echo "Error: ES_VERSION environment variable is required" >&2
exit 1
fi
CLUSTER_SETTINGS_FILE="schema/elasticsearch/visibility/cluster_settings_v7.json"
TEMPLATE_FILE="schema/elasticsearch/visibility/index_template_${ES_VERSION}.json"
if [ ! -f "$TEMPLATE_FILE" ]; then
echo "Error: Template file not found: $TEMPLATE_FILE" >&2
exit 1
fi
FAIL_SILENTLY="false"
while [ $# -gt 0 ]; do
case "$1" in
--fail)
FAIL_SILENTLY="true"
shift
;;
*)
shift
;;
esac
done
# Setup cluster settings if file exists
if [ -f "$CLUSTER_SETTINGS_FILE" ]; then
echo "Setting up cluster settings..."
curl_request "PUT" "/_cluster/settings" "$CLUSTER_SETTINGS_FILE" "$FAIL_SILENTLY" >/dev/null
echo "Cluster settings setup complete"
else
echo "Warning: Cluster settings file not found: $CLUSTER_SETTINGS_FILE, skipping cluster settings"
fi
echo "Setting up index template..."
curl_request "PUT" "/_template/temporal_visibility_v1_template" "$TEMPLATE_FILE" "$FAIL_SILENTLY" >/dev/null
echo "Template setup complete"
;;
update-schema)
# Update index template and optionally index mappings
if [ -z "$ES_VERSION" ]; then
echo "Error: ES_VERSION environment variable is required" >&2
exit 1
fi
TEMPLATE_FILE="schema/elasticsearch/visibility/index_template_${ES_VERSION}.json"
if [ ! -f "$TEMPLATE_FILE" ]; then
echo "Error: Template file not found: $TEMPLATE_FILE" >&2
exit 1
fi
INDEX_NAME=""
FAIL_SILENTLY="false"
while [ $# -gt 0 ]; do
case "$1" in
--index)
shift
INDEX_NAME="$1"
shift
;;
--fail)
FAIL_SILENTLY="true"
shift
;;
*)
shift
;;
esac
done
echo "Updating index template..."
curl_request "PUT" "/_template/temporal_visibility_v1_template" "$TEMPLATE_FILE" "$FAIL_SILENTLY" >/dev/null
if [ -n "$INDEX_NAME" ]; then
echo "Updating index mappings for $INDEX_NAME..."
# Check if index exists
HTTP_CODE=$(curl --head --silent --write-out "%{http_code}" --output /dev/null ${CURL_AUTH} ${ES_URL}/${INDEX_NAME} 2>/dev/null)
if [ "$HTTP_CODE" != "200" ]; then
echo "Error: Index $INDEX_NAME does not exist" >&2
exit 1
fi
# Extract mappings from template using jq
MAPPINGS=$(jq -c '.mappings' "$TEMPLATE_FILE")
if [ -z "$MAPPINGS" ] || [ "$MAPPINGS" = "null" ]; then
echo "Error: No mappings found in template file" >&2
exit 1
fi
# Create temporary file with mappings
MAPPINGS_FILE=$(mktemp)
echo "$MAPPINGS" > "$MAPPINGS_FILE"
# Update index mappings
curl_request "PUT" "/${INDEX_NAME}/_mapping" "$MAPPINGS_FILE" "$FAIL_SILENTLY" >/dev/null
# Clean up temporary file
rm -f "$MAPPINGS_FILE"
echo "Index mappings updated successfully"
fi
echo "Schema update complete"
;;
create-index)
# Create visibility index
INDEX_NAME=""
FAIL_SILENTLY="false"
while [ $# -gt 0 ]; do
case "$1" in
--index)
shift
INDEX_NAME="$1"
shift
;;
--fail)
FAIL_SILENTLY="true"
shift
;;
*)
shift
;;
esac
done
# Use ES_VISIBILITY_INDEX env var if --index not provided
if [ -z "$INDEX_NAME" ]; then
INDEX_NAME="$ES_VISIBILITY_INDEX"
fi
if [ -z "$INDEX_NAME" ]; then
echo "Error: Index name required (use --index or ES_VISIBILITY_INDEX env var)" >&2
exit 1
fi
# Check if index already exists
HTTP_CODE=$(curl --head --silent --write-out "%{http_code}" --output /dev/null ${CURL_AUTH} ${ES_URL}/${INDEX_NAME} 2>/dev/null)
if [ "$HTTP_CODE" = "200" ]; then
echo "Index $INDEX_NAME already exists, skipping creation"
exit 0
fi
echo "Creating index $INDEX_NAME..."
# Create the index, handling the case where it already exists
# (as a fallback if the HEAD check above didn't catch it)
CREATE_OUTPUT=$(curl -X PUT --silent --show-error --write-out "\n%{http_code}" ${CURL_AUTH} ${ES_URL}/${INDEX_NAME} -H "Content-Type: application/json" 2>&1)
HTTP_CODE=$(echo "$CREATE_OUTPUT" | tail -n1)
CREATE_BODY=$(echo "$CREATE_OUTPUT" | head -n-1)
if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "201" ]; then
echo "Index created successfully"
elif [ "$HTTP_CODE" = "400" ] && echo "$CREATE_BODY" | jq -e '.error.type == "resource_already_exists_exception"' >/dev/null 2>&1; then
echo "Index $INDEX_NAME already exists, skipping creation"
exit 0
else
if [ "$FAIL_SILENTLY" != "true" ]; then
echo "Error: Failed to create index (HTTP $HTTP_CODE): $CREATE_BODY" >&2
exit 1
fi
fi
;;
drop-index)
# Delete visibility index
INDEX_NAME=""
FAIL_SILENTLY="false"
while [ $# -gt 0 ]; do
case "$1" in
--index)
shift
INDEX_NAME="$1"
shift
;;
--fail)
FAIL_SILENTLY="true"
shift
;;
*)
shift
;;
esac
done
# Use ES_VISIBILITY_INDEX env var if --index not provided
if [ -z "$INDEX_NAME" ]; then
INDEX_NAME="$ES_VISIBILITY_INDEX"
fi
if [ -z "$INDEX_NAME" ]; then
echo "Error: Index name required (use --index or ES_VISIBILITY_INDEX env var)" >&2
exit 1
fi
echo "Dropping index $INDEX_NAME..."
curl_request "DELETE" "/${INDEX_NAME}" "" "$FAIL_SILENTLY" >/dev/null
echo "Index dropped successfully"
;;
ping)
# Ping elasticsearch host
echo "Pinging Elasticsearch at ${ES_URL}..."
if curl --fail --silent --show-error ${CURL_AUTH} ${ES_URL} >/dev/null 2>&1; then
echo "Pong - Elasticsearch is reachable"
exit 0
else
echo "Ping failed - Elasticsearch is not reachable" >&2
exit 1
fi
;;
*)
echo "Usage: $0 {setup-schema|update-schema|create-index|drop-index|ping} [options]" >&2
echo "" >&2
echo "Commands:" >&2
echo " setup-schema Setup elasticsearch index template" >&2
echo " update-schema Update elasticsearch index template (and optionally index mappings with --index)" >&2
echo " create-index Create elasticsearch visibility index" >&2
echo " drop-index Delete elasticsearch visibility index" >&2
echo " ping Ping the elasticsearch host" >&2
echo "" >&2
echo "Environment variables:" >&2
echo " ES_SCHEME, ES_HOST, ES_PORT, ES_USER, ES_PWD, ES_VERSION, ES_VISIBILITY_INDEX" >&2
exit 1
;;
esac

21
clusters/cl01tl/manifests/postiz/Database-postiz-postgresql-18-database-temporal.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: postgresql.cnpg.io/v1
kind: Database
metadata:
name: postiz-postgresql-18-database-temporal
namespace: postiz
labels:
app.kubernetes.io/name: postiz-postgresql-18-database-temporal
helm.sh/chart: postgres-18-cluster-7.11.2
app.kubernetes.io/instance: postiz
app.kubernetes.io/part-of: postiz
app.kubernetes.io/version: "7.11.2"
app.kubernetes.io/managed-by: Helm
spec:
name: temporal
cluster:
name: postiz-postgresql-18-cluster
ensure: present
owner: app
template: template1
encoding: UTF8
databaseReclaimPolicy: retain

26
clusters/cl01tl/manifests/postiz/Deployment-postiz.yaml → clusters/cl01tl/manifests/postiz/Deployment-postiz-main.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postiz
name: postiz-main
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: postiz
@@ -35,17 +35,21 @@ spec:
dnsPolicy: ClusterFirst
containers:
- env:
- name: JWT_SECRET
valueFrom:
secretKeyRef:
key: JWT_SECRET
name: postiz-config-secret
- name: MAIN_URL
value: https://postiz.alexlebens.dev
- name: FRONTEND_URL
value: https://postiz.alexlebens.dev
- name: NEXT_PUBLIC_BACKEND_URL
value: https://postiz.alexlebens.dev/api
- name: JWT_SECRET
valueFrom:
secretKeyRef:
key: JWT_SECRET
name: postiz-config-secret
- name: BACKEND_INTERNAL_URL
value: http://temporal:3000
- name: TEMPORAL_ADDRESS
value: http://temporal:3000
- name: DATABASE_URL
valueFrom:
secretKeyRef:
@@ -56,10 +60,12 @@ spec:
secretKeyRef:
key: REDIS_URL
name: postiz-valkey-config
- name: BACKEND_INTERNAL_URL
value: http://localhost:3000
- name: IS_GENERAL
value: "true"
- name: DISABLE_REGISTRATION
value: "false"
- name: RUN_CRON
value: "true"
- name: STORAGE_PROVIDER
value: local
- name: UPLOAD_DIRECTORY
@@ -92,6 +98,10 @@ spec:
name: postiz-oidc-secret
- name: POSTIZ_OAUTH_SCOPE
value: openid profile email
- name: NEXT_PUBLIC_SENTRY_DSN
value: http://spotlight:8969/stream
- name: SENTRY_SPOTLIGHT
value: "1"
image: ghcr.io/gitroomhq/postiz-app:v2.21.4@sha256:a339e9ee256537526d0eda19e5919e01fa7649a40596ebec5d9e1389850836bc
name: main
resources:

42
clusters/cl01tl/manifests/postiz/Deployment-postiz-spotlight.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postiz-spotlight
labels:
app.kubernetes.io/controller: spotlight
app.kubernetes.io/instance: postiz
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postiz
helm.sh/chart: postiz-4.6.2
namespace: postiz
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: spotlight
app.kubernetes.io/name: postiz
app.kubernetes.io/instance: postiz
template:
metadata:
labels:
app.kubernetes.io/controller: spotlight
app.kubernetes.io/instance: postiz
app.kubernetes.io/name: postiz
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- image: ghcr.io/getsentry/spotlight:4.11.3@sha256:be6eb5b5d0df882025dcef138c217d493e6dcb684aebc235bc1b2832eb347c7f
name: main
resources:
requests:
cpu: 10m
memory: 40Mi

53
clusters/cl01tl/manifests/postiz/Deployment-postiz-temporal-admintools.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postiz-temporal-admintools
annotations:
labels:
app.kubernetes.io/component: admintools
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: admintools
template:
metadata:
annotations:
labels:
app.kubernetes.io/component: admintools
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
serviceAccountName: default
containers:
- name: admin-tools
image: "temporalio/admin-tools:1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3"
imagePullPolicy: IfNotPresent
env:
- name: TEMPORAL_CLI_ADDRESS
value: postiz-temporal-frontend:7233
- name: TEMPORAL_ADDRESS
value: postiz-temporal-frontend:7233
livenessProbe:
exec:
command:
- ls
- /
initialDelaySeconds: 5
periodSeconds: 5
resources:
requests:
cpu: 10m
memory: 60Mi

115
clusters/cl01tl/manifests/postiz/Deployment-postiz-temporal-frontend.yaml Normal file
View File

@@ -0,0 +1,115 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postiz-temporal-frontend
annotations:
labels:
app.kubernetes.io/component: frontend
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: frontend
template:
metadata:
annotations:
checksum/config: 288754e56c18963836a8e876b785b5effee831e52b33f00bfa9903e3ee20d827
prometheus.io/job: temporal-frontend
prometheus.io/scrape: 'true'
prometheus.io/scheme: http
prometheus.io/port: '9090'
labels:
app.kubernetes.io/component: frontend
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
serviceAccountName: default
securityContext:
fsGroup: 1000
runAsUser: 1000
containers:
- name: temporal-frontend
image: "temporalio/server:1.30.2@sha256:d5334ee3ddce1617efbe280a10afc85916cf8d81798415c98988dbda2b46773e"
imagePullPolicy: IfNotPresent
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICES
value: frontend
- name: TEMPORAL_SERVICES
value: frontend
- name: TEMPORAL_SERVER_CONFIG_FILE_PATH
value: /etc/temporal/config/config_template.yaml
- name: TEMPORAL_DEFAULT_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-postgresql-18-cluster-app
key: password
- name: TEMPORAL_VISIBILITY_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-temporal-visibility-store
key: password
ports:
- name: rpc
containerPort: 7233
protocol: TCP
- name: membership
containerPort: 6933
protocol: TCP
- name: http
containerPort: 7243
protocol: TCP
- name: metrics
containerPort: 9090
protocol: TCP
livenessProbe:
initialDelaySeconds: 150
tcpSocket:
port: rpc
readinessProbe:
grpc:
port: 7233
service: temporal.api.workflowservice.v1.WorkflowService
volumeMounts:
- name: config
mountPath: /etc/temporal/config/config_template.yaml
subPath: config_template.yaml
- name: dynamic-config
mountPath: /etc/temporal/dynamic_config
- name: shims
mountPath: /usr/local/bin/dockerize
subPath: dockerize
resources:
requests:
cpu: 10m
memory: 60Mi
volumes:
- name: shims
configMap:
name: "postiz-temporal-shims"
defaultMode: 0555
- name: config
configMap:
name: "postiz-temporal-config"
- name: dynamic-config
configMap:
name: "postiz-temporal-dynamic-config"
items:
- key: dynamic_config.yaml
path: dynamic_config.yaml
terminationGracePeriodSeconds:

108
clusters/cl01tl/manifests/postiz/Deployment-postiz-temporal-history.yaml Normal file
View File

@@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postiz-temporal-history
annotations:
labels:
app.kubernetes.io/component: history
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: history
template:
metadata:
annotations:
checksum/config: 288754e56c18963836a8e876b785b5effee831e52b33f00bfa9903e3ee20d827
prometheus.io/job: temporal-history
prometheus.io/scrape: 'true'
prometheus.io/scheme: http
prometheus.io/port: '9090'
labels:
app.kubernetes.io/component: history
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
serviceAccountName: default
securityContext:
fsGroup: 1000
runAsUser: 1000
containers:
- name: temporal-history
image: "temporalio/server:1.30.2@sha256:d5334ee3ddce1617efbe280a10afc85916cf8d81798415c98988dbda2b46773e"
imagePullPolicy: IfNotPresent
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICES
value: history
- name: TEMPORAL_SERVICES
value: history
- name: TEMPORAL_SERVER_CONFIG_FILE_PATH
value: /etc/temporal/config/config_template.yaml
- name: TEMPORAL_DEFAULT_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-postgresql-18-cluster-app
key: password
- name: TEMPORAL_VISIBILITY_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-temporal-visibility-store
key: password
ports:
- name: rpc
containerPort: 7234
protocol: TCP
- name: membership
containerPort: 6934
protocol: TCP
- name: metrics
containerPort: 9090
protocol: TCP
livenessProbe:
initialDelaySeconds: 150
tcpSocket:
port: rpc
volumeMounts:
- name: config
mountPath: /etc/temporal/config/config_template.yaml
subPath: config_template.yaml
- name: dynamic-config
mountPath: /etc/temporal/dynamic_config
- name: shims
mountPath: /usr/local/bin/dockerize
subPath: dockerize
resources:
requests:
cpu: 10m
memory: 60Mi
volumes:
- name: shims
configMap:
name: "postiz-temporal-shims"
defaultMode: 0555
- name: config
configMap:
name: "postiz-temporal-config"
- name: dynamic-config
configMap:
name: "postiz-temporal-dynamic-config"
items:
- key: dynamic_config.yaml
path: dynamic_config.yaml
terminationGracePeriodSeconds:

108
clusters/cl01tl/manifests/postiz/Deployment-postiz-temporal-matching.yaml Normal file
View File

@@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postiz-temporal-matching
annotations:
labels:
app.kubernetes.io/component: matching
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: matching
template:
metadata:
annotations:
checksum/config: 288754e56c18963836a8e876b785b5effee831e52b33f00bfa9903e3ee20d827
prometheus.io/job: temporal-matching
prometheus.io/scrape: 'true'
prometheus.io/scheme: http
prometheus.io/port: '9090'
labels:
app.kubernetes.io/component: matching
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
serviceAccountName: default
securityContext:
fsGroup: 1000
runAsUser: 1000
containers:
- name: temporal-matching
image: "temporalio/server:1.30.2@sha256:d5334ee3ddce1617efbe280a10afc85916cf8d81798415c98988dbda2b46773e"
imagePullPolicy: IfNotPresent
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICES
value: matching
- name: TEMPORAL_SERVICES
value: matching
- name: TEMPORAL_SERVER_CONFIG_FILE_PATH
value: /etc/temporal/config/config_template.yaml
- name: TEMPORAL_DEFAULT_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-postgresql-18-cluster-app
key: password
- name: TEMPORAL_VISIBILITY_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-temporal-visibility-store
key: password
ports:
- name: rpc
containerPort: 7235
protocol: TCP
- name: membership
containerPort: 6935
protocol: TCP
- name: metrics
containerPort: 9090
protocol: TCP
livenessProbe:
initialDelaySeconds: 150
tcpSocket:
port: rpc
volumeMounts:
- name: config
mountPath: /etc/temporal/config/config_template.yaml
subPath: config_template.yaml
- name: dynamic-config
mountPath: /etc/temporal/dynamic_config
- name: shims
mountPath: /usr/local/bin/dockerize
subPath: dockerize
resources:
requests:
cpu: 10m
memory: 60Mi
volumes:
- name: shims
configMap:
name: "postiz-temporal-shims"
defaultMode: 0555
- name: config
configMap:
name: "postiz-temporal-config"
- name: dynamic-config
configMap:
name: "postiz-temporal-dynamic-config"
items:
- key: dynamic_config.yaml
path: dynamic_config.yaml
terminationGracePeriodSeconds:

57
clusters/cl01tl/manifests/postiz/Deployment-postiz-temporal-web.yaml Normal file
View File

@@ -0,0 +1,57 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postiz-temporal-web
annotations:
labels:
app.kubernetes.io/component: web
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: web
template:
metadata:
annotations:
labels:
app.kubernetes.io/component: web
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
serviceAccountName: default
containers:
- name: temporal-web
image: "temporalio/ui:2.48.1@sha256:edb5dd1b3e0ddb35611939dde9b573533afd6fbafbbf077b73c7131a30ca91ff"
imagePullPolicy: IfNotPresent
env:
- name: TEMPORAL_ADDRESS
value: "postiz-temporal-frontend.postiz.svc:7233"
livenessProbe:
initialDelaySeconds: 10
tcpSocket:
port: http
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 10
ports:
- name: http
containerPort: 8080
protocol: TCP
resources:
requests:
cpu: 10m
memory: 60Mi

101
clusters/cl01tl/manifests/postiz/Deployment-postiz-temporal-worker.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postiz-temporal-worker
annotations:
labels:
app.kubernetes.io/component: worker
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: worker
template:
metadata:
annotations:
checksum/config: 288754e56c18963836a8e876b785b5effee831e52b33f00bfa9903e3ee20d827
prometheus.io/job: temporal-worker
prometheus.io/scrape: 'true'
prometheus.io/scheme: http
prometheus.io/port: '9090'
labels:
app.kubernetes.io/component: worker
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
serviceAccountName: default
securityContext:
fsGroup: 1000
runAsUser: 1000
containers:
- name: temporal-worker
image: "temporalio/server:1.30.2@sha256:d5334ee3ddce1617efbe280a10afc85916cf8d81798415c98988dbda2b46773e"
imagePullPolicy: IfNotPresent
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICES
value: worker
- name: TEMPORAL_SERVICES
value: worker
- name: TEMPORAL_SERVER_CONFIG_FILE_PATH
value: /etc/temporal/config/config_template.yaml
- name: TEMPORAL_DEFAULT_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-postgresql-18-cluster-app
key: password
- name: TEMPORAL_VISIBILITY_STORE_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-temporal-visibility-store
key: password
ports:
- name: membership
containerPort: 6939
protocol: TCP
- name: metrics
containerPort: 9090
protocol: TCP
volumeMounts:
- name: config
mountPath: /etc/temporal/config/config_template.yaml
subPath: config_template.yaml
- name: dynamic-config
mountPath: /etc/temporal/dynamic_config
- name: shims
mountPath: /usr/local/bin/dockerize
subPath: dockerize
resources:
requests:
cpu: 10m
memory: 60Mi
volumes:
- name: shims
configMap:
name: "postiz-temporal-shims"
defaultMode: 0555
- name: config
configMap:
name: "postiz-temporal-config"
- name: dynamic-config
configMap:
name: "postiz-temporal-dynamic-config"
items:
- key: dynamic_config.yaml
path: dynamic_config.yaml
terminationGracePeriodSeconds:

29
clusters/cl01tl/manifests/postiz/Elasticsearch-elasticsearch-postiz.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch-postiz
namespace: postiz
labels:
app.kubernetes.io/name: elasticsearch-postiz
app.kubernetes.io/instance: postiz
app.kubernetes.io/part-of: postiz``
spec:
version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
auth:
fileRealm:
- secretName: postiz-elasticsearch-secret
nodeSets:
- name: default
count: 2
config:
node.store.allow_mmap: false
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: ceph-block

28
clusters/cl01tl/manifests/postiz/HTTPRoute-postiz.yaml → clusters/cl01tl/manifests/postiz/HTTPRoute-temporal-frontend.yaml
View File

@@ -1,13 +1,12 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: postiz
labels:
app.kubernetes.io/instance: postiz
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postiz
helm.sh/chart: postiz-4.6.2
name: temporal-frontend
namespace: postiz
labels:
app.kubernetes.io/name: temporal-frontend
app.kubernetes.io/instance: postiz
app.kubernetes.io/part-of: postiz
spec:
parentRefs:
- group: gateway.networking.k8s.io
@@ -15,16 +14,15 @@ spec:
name: traefik-gateway
namespace: traefik
hostnames:
- "postiz.alexlebens.net"
- temporal-frontend.alexlebens.net
rules:
- backendRefs:
- group: ""
kind: Service
name: postiz
namespace: postiz
port: 80
weight: 1
matches:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: temporal-frontend
port: 80
weight: 100

28
clusters/cl01tl/manifests/postiz/HTTPRoute-temporal-ui.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: temporal-ui
namespace: postiz
labels:
app.kubernetes.io/name: temporal-ui
app.kubernetes.io/instance: postiz
app.kubernetes.io/part-of: postiz
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- temporal-ui.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: temporal-ui
port: 8080
weight: 100

122
clusters/cl01tl/manifests/postiz/Job-postiz-temporal-schema-1-0-0-rc-3-1.yaml Normal file
View File

@@ -0,0 +1,122 @@
apiVersion: batch/v1
kind: Job
metadata:
name: postiz-temporal-schema-1-0-0-rc-3-1
labels:
app.kubernetes.io/component: database
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
backoffLimit: 100
ttlSecondsAfterFinished: 86400
template:
metadata:
name: postiz-temporal-schema-1-0-0-rc-3-1
labels:
app.kubernetes.io/component: database
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
serviceAccountName: default
restartPolicy: OnFailure
initContainers:
- name: create-default-store
image: "temporalio/admin-tools:1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3"
imagePullPolicy: IfNotPresent
command: ['temporal-sql-tool', 'create-database']
env:
- name: SQL_PLUGIN
value: postgres12
- name: SQL_HOST
value: postiz-postgresql-18-cluster-rw.postiz
- name: SQL_PORT
value: "5432"
- name: SQL_DATABASE
value: app
- name: SQL_USER
value: "app"
- name: SQL_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-postgresql-18-cluster-app
key: password
- name: SQL_TLS
value: "false"
- name: manage-schema-default-store
image: "temporalio/admin-tools:1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3"
imagePullPolicy: IfNotPresent
command: ['sh', '-c']
args:
- temporal-sql-tool setup-schema -v 0.0 && temporal-sql-tool update-schema --schema-dir /etc/temporal/schema/postgresql/v12/temporal/versioned
env:
- name: SQL_PLUGIN
value: postgres12
- name: SQL_HOST
value: postiz-postgresql-18-cluster-rw.postiz
- name: SQL_PORT
value: "5432"
- name: SQL_DATABASE
value: app
- name: SQL_USER
value: "app"
- name: SQL_PASSWORD
valueFrom:
secretKeyRef:
name: postiz-postgresql-18-cluster-app
key: password
- name: SQL_TLS
value: "false"
volumeMounts:
- name: shims
mountPath: /usr/local/sbin/temporal-elasticsearch-tool
subPath: temporal-elasticsearch-tool
- name: manage-schema-visibility-store
image: "temporalio/admin-tools:1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3"
imagePullPolicy: IfNotPresent
command: ['sh', '-c']
args:
- temporal-elasticsearch-tool setup-schema && temporal-elasticsearch-tool create-index && temporal-elasticsearch-tool update-schema --index "$ES_VISIBILITY_INDEX"
env:
- name: ES_SCHEME
value: http
- name: ES_HOST
value: elasticsearch-postiz-es-http.postiz
- name: ES_PORT
value: "9200"
- name: ES_SERVER
value: http://elasticsearch-postiz-es-http.postiz:9200
- name: ES_USER
value:
- name: ES_PWD
valueFrom:
secretKeyRef:
name: postiz-temporal-visibility-store
key: password
- name: ES_VERSION
value: v8
- name: ES_VISIBILITY_INDEX
value: temporal_visibility_v1
- name: ES_TLS
value: "false"
volumeMounts:
- name: shims
mountPath: /usr/local/sbin/temporal-elasticsearch-tool
subPath: temporal-elasticsearch-tool
containers:
- name: done
image: "temporalio/admin-tools:1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3"
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'echo "Store setup completed"']
volumes:
- name: shims
configMap:
name: "postiz-temporal-shims"
defaultMode: 0555

25
clusters/cl01tl/manifests/postiz/Pod-postiz-temporal-test-cluster-health.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: Pod
metadata:
name: "postiz-temporal-test-cluster-health"
labels:
app.kubernetes.io/component: test
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
annotations:
"helm.sh/hook": test
spec:
serviceAccountName: default
containers:
- name: cluster-health
image: "temporalio/admin-tools:1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3"
imagePullPolicy: IfNotPresent
command: ["temporal", "operator", "cluster", "health"]
env:
- name: TEMPORAL_ADDRESS
value: postiz-temporal-frontend:7233
restartPolicy: Never

14
clusters/cl01tl/manifests/postiz/Secret-postiz-temporal-visibility-store.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Secret
metadata:
name: postiz-temporal-visibility-store
labels:
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
type: Opaque
data:
password: ""

4
clusters/cl01tl/manifests/postiz/Service-postiz.yaml → clusters/cl01tl/manifests/postiz/Service-postiz-main.yaml
View File

@@ -1,12 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: postiz
name: postiz-main
labels:
app.kubernetes.io/instance: postiz
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postiz
app.kubernetes.io/service: postiz
app.kubernetes.io/service: postiz-main
helm.sh/chart: postiz-4.6.2
namespace: postiz
spec:

22
clusters/cl01tl/manifests/postiz/Service-postiz-spotlight.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: Service
metadata:
name: postiz-spotlight
labels:
app.kubernetes.io/instance: postiz
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postiz
app.kubernetes.io/service: postiz-spotlight
helm.sh/chart: postiz-4.6.2
namespace: postiz
spec:
type: ClusterIP
ports:
- port: 8969
targetPort: 8969
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: spotlight
app.kubernetes.io/instance: postiz
app.kubernetes.io/name: postiz

29
clusters/cl01tl/manifests/postiz/Service-postiz-temporal-frontend.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v1
kind: Service
metadata:
name: postiz-temporal-frontend
labels:
app.kubernetes.io/component: frontend
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
type: ClusterIP
ports:
- port: 7233
targetPort: rpc
appProtocol: tcp
protocol: TCP
name: grpc-rpc
- port: 7243
targetPort: http
appProtocol: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: frontend

29
clusters/cl01tl/manifests/postiz/Service-postiz-temporal-internal-frontend.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v1
kind: Service
metadata:
name: postiz-temporal-internal-frontend
labels:
app.kubernetes.io/component: internal-frontend
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
type: ClusterIP
ports:
- port: 7236
targetPort: rpc
appProtocol: tcp
protocol: TCP
name: grpc-rpc
- port: 7246
targetPort: http
appProtocol: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: internal-frontend

24
clusters/cl01tl/manifests/postiz/Service-postiz-temporal-web.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v1
kind: Service
metadata:
name: postiz-temporal-web
labels:
app.kubernetes.io/component: web
app.kubernetes.io/name: temporal
helm.sh/chart: temporal-1.0.0-rc.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postiz
app.kubernetes.io/version: "1.30.2"
app.kubernetes.io/part-of: temporal
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: http
protocol: TCP
appProtocol: http
name: http
selector:
app.kubernetes.io/name: temporal
app.kubernetes.io/instance: postiz
app.kubernetes.io/component: web

2
clusters/cl01tl/manifests/stalwart/Elasticsearch-elasticsearch-stalwart.yaml
View File

@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: stalwart
app.kubernetes.io/part-of: stalwart
spec:
version: 8.19.8
version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
auth:
fileRealm:
- secretName: stalwart-elasticsearch-secret

2
clusters/cl01tl/manifests/tubearchivist/Elasticsearch-elasticsearch-tubearchivist.yaml
View File

@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/instance: tubearchivist
app.kubernetes.io/part-of: tubearchivist
spec:
version: 8.19.8
version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
auth:
fileRealm:
- secretName: tubearchivist-elasticsearch-secret