306 lines
8.3 KiB
YAML
306 lines
8.3 KiB
YAML
postiz:
|
|
controllers:
|
|
main:
|
|
type: deployment
|
|
replicas: 1
|
|
strategy: Recreate
|
|
containers:
|
|
main:
|
|
image:
|
|
repository: ghcr.io/gitroomhq/postiz-app
|
|
tag: v2.21.4@sha256:a339e9ee256537526d0eda19e5919e01fa7649a40596ebec5d9e1389850836bc
|
|
env:
|
|
- name: JWT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postiz-config-secret
|
|
key: JWT_SECRET
|
|
- name: MAIN_URL
|
|
value: https://postiz.alexlebens.dev
|
|
- name: FRONTEND_URL
|
|
value: https://postiz.alexlebens.dev
|
|
- name: NEXT_PUBLIC_BACKEND_URL
|
|
value: https://postiz.alexlebens.dev/api
|
|
- name: BACKEND_INTERNAL_URL
|
|
value: http://localhost:3000
|
|
- name: TEMPORAL_ADDRESS
|
|
value: postiz-temporal-frontend:7233
|
|
- name: DATABASE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postiz-postgresql-18-cluster-app
|
|
key: uri
|
|
- name: REDIS_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postiz-valkey-config
|
|
key: REDIS_URL
|
|
- name: IS_GENERAL
|
|
value: "true"
|
|
- name: DISABLE_REGISTRATION
|
|
value: "false"
|
|
- name: RUN_CRON
|
|
value: "true"
|
|
- name: STORAGE_PROVIDER
|
|
value: local
|
|
- name: UPLOAD_DIRECTORY
|
|
value: /uploads
|
|
- name: NEXT_PUBLIC_UPLOAD_DIRECTORY
|
|
value: /uploads
|
|
- name: NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME
|
|
value: Authentik
|
|
- name: NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL
|
|
value: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
|
|
- name: POSTIZ_GENERIC_OAUTH
|
|
value: "true"
|
|
- name: POSTIZ_OAUTH_URL
|
|
value: https://auth.alexlebens.dev
|
|
- name: POSTIZ_OAUTH_AUTH_URL
|
|
value: https://auth.alexlebens.dev/application/o/authorize/
|
|
- name: POSTIZ_OAUTH_TOKEN_URL
|
|
value: https://auth.alexlebens.dev/application/o/token/
|
|
- name: POSTIZ_OAUTH_USERINFO_URL
|
|
value: https://auth.alexlebens.dev/application/o/userinfo/
|
|
- name: POSTIZ_OAUTH_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postiz-oidc-secret
|
|
key: client
|
|
- name: POSTIZ_OAUTH_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postiz-oidc-secret
|
|
key: secret
|
|
- name: POSTIZ_OAUTH_SCOPE
|
|
value: openid profile email
|
|
- name: NEXT_PUBLIC_SENTRY_DSN
|
|
value: http://key@postiz-spotlight.postiz:8969/1
|
|
- name: SENTRY_SPOTLIGHT
|
|
value: http://postiz-spotlight.postiz:8969/stream
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 1Gi
|
|
spotlight:
|
|
type: deployment
|
|
replicas: 1
|
|
strategy: Recreate
|
|
containers:
|
|
main:
|
|
image:
|
|
repository: ghcr.io/getsentry/spotlight
|
|
tag: 4.11.3@sha256:be6eb5b5d0df882025dcef138c217d493e6dcb684aebc235bc1b2832eb347c7f
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 40Mi
|
|
service:
|
|
main:
|
|
controller: main
|
|
ports:
|
|
http:
|
|
port: 80
|
|
targetPort: 5000
|
|
spotlight:
|
|
controller: spotlight
|
|
ports:
|
|
http:
|
|
port: 8969
|
|
targetPort: 8969
|
|
route:
|
|
main:
|
|
kind: HTTPRoute
|
|
parentRefs:
|
|
- group: gateway.networking.k8s.io
|
|
kind: Gateway
|
|
name: traefik-gateway
|
|
namespace: traefik
|
|
hostnames:
|
|
- postiz-spotlight.alexlebens.net
|
|
rules:
|
|
- backendRefs:
|
|
- name: postiz-spotlight
|
|
port: 8969
|
|
matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /
|
|
persistence:
|
|
config:
|
|
forceRename: postiz-config
|
|
storageClass: ceph-block
|
|
accessMode: ReadWriteOnce
|
|
size: 2Gi
|
|
advancedMounts:
|
|
main:
|
|
main:
|
|
- path: /config
|
|
readOnly: false
|
|
uploads:
|
|
forceRename: postiz-uploads
|
|
storageClass: ceph-block
|
|
accessMode: ReadWriteOnce
|
|
size: 10Gi
|
|
advancedMounts:
|
|
main:
|
|
main:
|
|
- path: /uploads
|
|
readOnly: false
|
|
temporal:
|
|
server:
|
|
image:
|
|
repository: temporalio/server
|
|
tag: 1.30.3@sha256:a3d0f727caad0ecca5dc6e94766135aab448551f2c6c0d33d3c67576458e6a0d
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 60Mi
|
|
config:
|
|
logLevel: "debug,info"
|
|
persistence:
|
|
datastores:
|
|
default:
|
|
sql:
|
|
pluginName: postgres12
|
|
driverName: postgres12
|
|
databaseName: temporal
|
|
connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432
|
|
connectProtocol: "tcp"
|
|
user: postgres
|
|
existingSecret: postiz-postgresql-18-cluster-superuser
|
|
secretKey: password
|
|
tls:
|
|
enabled: false
|
|
visibility:
|
|
sql:
|
|
pluginName: postgres12
|
|
driverName: postgres12
|
|
databaseName: temporal_visibility
|
|
connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432
|
|
connectProtocol: "tcp"
|
|
user: postgres
|
|
existingSecret: postiz-postgresql-18-cluster-superuser
|
|
secretKey: password
|
|
tls:
|
|
enabled: false
|
|
namespaces:
|
|
create: true
|
|
namespace:
|
|
- name: default
|
|
retention: 30d
|
|
frontend:
|
|
ingress:
|
|
enabled: false
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 60Mi
|
|
history:
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 60Mi
|
|
matching:
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 60Mi
|
|
worker:
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 60Mi
|
|
admintools:
|
|
image:
|
|
repository: temporalio/admin-tools
|
|
tag: 1.30.3@sha256:2c2272b008f1af295b3719963e6feeef64f838d1105d895cf6acfcf96dd31741
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 60Mi
|
|
web:
|
|
image:
|
|
repository: temporalio/ui
|
|
tag: 2.48.1@sha256:edb5dd1b3e0ddb35611939dde9b573533afd6fbafbbf077b73c7131a30ca91ff
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 60Mi
|
|
postgres-18-cluster:
|
|
mode: standalone
|
|
cluster:
|
|
enableSuperuserAccess: true
|
|
recovery:
|
|
method: objectStore
|
|
objectStore:
|
|
index: 1
|
|
backup:
|
|
objectStore:
|
|
- name: garage-local
|
|
index: 1
|
|
destinationBucket: postgres-backups
|
|
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
|
isWALArchiver: true
|
|
scheduledBackups:
|
|
- name: live-backup
|
|
suspend: false
|
|
immediate: true
|
|
schedule: "0 20 15 * * *"
|
|
backupName: garage-local
|
|
databases:
|
|
- name: temporal
|
|
ensure: present
|
|
owner: app
|
|
- name: temporal_visibility
|
|
ensure: present
|
|
owner: app
|
|
valkey:
|
|
valkey:
|
|
auth:
|
|
enabled: true
|
|
usersExistingSecret: postiz-valkey-config
|
|
aclUsers:
|
|
default:
|
|
permissions: "~* &* +@all"
|
|
# No option to configure metrics when auth is enabled
|
|
# https://github.com/valkey-io/valkey-helm/issues/135
|
|
metrics:
|
|
enabled: false
|
|
volsync-target-config:
|
|
pvcTarget: postiz-config
|
|
local:
|
|
enabled: true
|
|
schedule: 52 8 * * *
|
|
remote:
|
|
enabled: true
|
|
schedule: 52 9 * * *
|
|
external:
|
|
enabled: true
|
|
schedule: 52 10 * * *
|
|
volsync-target-upload:
|
|
pvcTarget: postiz-uploads
|
|
local:
|
|
enabled: true
|
|
schedule: 54 8 * * *
|
|
remote:
|
|
enabled: true
|
|
schedule: 54 9 * * *
|
|
external:
|
|
enabled: true
|
|
schedule: 54 10 * * *
|