feat(helm): add Temporal support and expand env coverage for v2.21.8

- Chart.yaml: bump to version 1.1.0, appVersion v2.21.8 - values.yaml: add temporal section (enabled/address/namespace/tls/apiKey/postgresql), expand env (~40 non-sensitive vars) and secrets (~60 sensitive vars) to match current Postiz documentation — covers all social providers, email SMTP, OAuth OIDC, AI/generation, analytics, MCP, payments, short-link services - postiz-config.yaml: inject TEMPORAL_ADDRESS (auto-computed or override), TEMPORAL_NAMESPACE and TEMPORAL_TLS when temporal.enabled or address is set - temporal-deployment.yaml: temporalio/auto-setup:1.28.1, postgres12 backend, ES disabled, dynamicconfig volume mount, liveness/readiness probes - temporal-service.yaml: ClusterIP on port 7233 (gRPC) - temporal-dynamicconfig.yaml: ConfigMap with development-sql.yaml content - temporal-init-job.yaml: post-install/upgrade Job that creates the temporal PostgreSQL user via the postgres superuser before Temporal starts - temporal-secret.yaml: Secret for temporal PostgreSQL credentials - NOTES.txt: post-install guidance, search-attribute creation reminder, multi-replica/local-storage warning, backup reminder Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-16 17:53:18 +02:00
parent 5d6a9de2d5
commit fc931e4707
9 changed files with 452 additions and 22 deletions
@@ -0,0 +1,46 @@
+Postiz has been deployed!
+
+Access URL:
+{{- if .Values.ingress.enabled }}
+  https://{{ (first .Values.ingress.hosts).host }}
+{{- else if eq .Values.service.type "NodePort" }}
+  http://<node-ip>:{{ .Values.service.nodePort }}
+{{- else }}
+  kubectl port-forward svc/{{ include "postiz.fullname" . }} 5000:80
+  http://localhost:5000
+{{- end }}
+
+{{- if .Values.temporal.enabled }}
+
+Temporal:
+  Internal address : {{ include "postiz.fullname" . }}-temporal:7233
+  Status           : kubectl get pods -l app.kubernetes.io/component=temporal
+  Init job logs    : kubectl logs job/{{ include "postiz.fullname" . }}-temporal-init
+
+  After first deploy, create Temporal search attributes:
+    kubectl exec deploy/{{ include "postiz.fullname" . }}-temporal -- \
+      temporal operator search-attribute create \
+        --namespace {{ .Values.temporal.namespace | default "default" }} \
+        --name organizationId --type Keyword \
+        --name postId --type Keyword
+{{- else if .Values.temporal.address }}
+
+Temporal (external): {{ .Values.temporal.address }}
+{{- else }}
+
+WARNING: Temporal is disabled and no address is configured.
+  Postiz v2.12.0+ requires Temporal for post scheduling.
+  Set temporal.enabled=true or provide temporal.address.
+{{- end }}
+
+{{- if and (gt (.Values.replicaCount | int) 1) (eq (.Values.env.STORAGE_PROVIDER | default "local") "local") }}
+
+WARNING: replicaCount={{ .Values.replicaCount }} with STORAGE_PROVIDER=local is unsupported.
+  Local uploads are not shared across replicas. Use Cloudflare R2 or an RWX PVC.
+{{- end }}
+
+Upgrade reminder:
+  Always back up the PostgreSQL database before upgrading Postiz:
+    kubectl exec -n <namespace> <postgresql-pod> -- \
+      pg_dump -U {{ .Values.postgresql.auth.username }} {{ .Values.postgresql.auth.database }} \
+      > postiz-backup-$(date +%Y%m%d).sql
@@ -7,4 +7,11 @@ metadata:
 data:
  {{- range $key, $value := .Values.env }}
  {{ $key }}: {{ $value | quote }}
-  {{- end }}
+  {{- end }}
+  {{- if .Values.temporal.enabled }}
+  TEMPORAL_ADDRESS: {{ default (printf "%s-temporal:7233" (include "postiz.fullname" .)) .Values.temporal.address | quote }}
+  TEMPORAL_NAMESPACE: {{ .Values.temporal.namespace | default "default" | quote }}
+  TEMPORAL_TLS: {{ .Values.temporal.tls | toString | quote }}
+  {{- else if .Values.temporal.address }}
+  TEMPORAL_ADDRESS: {{ .Values.temporal.address | quote }}
+  {{- end }}
@@ -0,0 +1,68 @@
+{{- if .Values.temporal.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "postiz.fullname" . }}-temporal
+  labels:
+    {{- include "postiz.labels" . | nindent 4 }}
+    app.kubernetes.io/component: temporal
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "postiz.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: temporal
+  template:
+    metadata:
+      labels:
+        {{- include "postiz.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: temporal
+    spec:
+      containers:
+        - name: temporal
+          image: "{{ .Values.temporal.image.repository }}:{{ .Values.temporal.image.tag }}"
+          imagePullPolicy: {{ .Values.temporal.image.pullPolicy }}
+          ports:
+            - name: grpc
+              containerPort: 7233
+              protocol: TCP
+          env:
+            - name: DB
+              value: "postgres12"
+            - name: DB_PORT
+              value: "5432"
+            - name: POSTGRES_USER
+              value: {{ .Values.temporal.postgresql.user | quote }}
+            - name: POSTGRES_PWD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "postiz.fullname" . }}-temporal-secret
+                  key: POSTGRES_PWD
+            - name: POSTGRES_SEEDS
+              value: {{ default (printf "%s-postgresql" .Release.Name) .Values.temporal.postgresql.seeds | quote }}
+            - name: DYNAMIC_CONFIG_FILE_PATH
+              value: "config/dynamicconfig/development-sql.yaml"
+            - name: ENABLE_ES
+              value: "false"
+            - name: TEMPORAL_NAMESPACE
+              value: {{ .Values.temporal.namespace | default "default" | quote }}
+          volumeMounts:
+            - name: dynamicconfig
+              mountPath: /etc/temporal/config/dynamicconfig
+          livenessProbe:
+            tcpSocket:
+              port: grpc
+            initialDelaySeconds: 30
+            periodSeconds: 15
+            failureThreshold: 5
+          readinessProbe:
+            tcpSocket:
+              port: grpc
+            initialDelaySeconds: 15
+            periodSeconds: 10
+            failureThreshold: 5
+      volumes:
+        - name: dynamicconfig
+          configMap:
+            name: {{ include "postiz.fullname" . }}-temporal-dynamicconfig
+{{- end }}
@@ -0,0 +1,16 @@
+{{- if .Values.temporal.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "postiz.fullname" . }}-temporal-dynamicconfig
+  labels:
+    {{- include "postiz.labels" . | nindent 4 }}
+data:
+  development-sql.yaml: |
+    limit.maxIDLength:
+      - value: 255
+        constraints: {}
+    system.forceSearchAttributesCacheRefreshOnRead:
+      - value: true
+        constraints: {}
+{{- end }}
@@ -0,0 +1,73 @@
+{{- if .Values.temporal.enabled }}
+{{- if .Values.postgresql.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "postiz.fullname" . }}-temporal-init
+  labels:
+    {{- include "postiz.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 6
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: temporal-init
+        {{- include "postiz.selectorLabels" . | nindent 8 }}
+    spec:
+      restartPolicy: OnFailure
+      initContainers:
+        - name: wait-for-postgres
+          image: postgres:16-alpine
+          command:
+            - sh
+            - -c
+            - |
+              until pg_isready -h $PGHOST -p 5432 -U postgres; do
+                echo "Waiting for PostgreSQL..."; sleep 3
+              done
+          env:
+            - name: PGHOST
+              value: {{ printf "%s-postgresql" .Release.Name | quote }}
+      containers:
+        - name: create-temporal-user
+          image: postgres:16-alpine
+          command:
+            - sh
+            - -c
+            - |
+              export PGPASSWORD="$POSTGRES_PASSWORD"
+              psql -h "$PGHOST" -U postgres <<-SQL
+                DO \$\$ BEGIN
+                  IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '$TEMPORAL_USER') THEN
+                    EXECUTE format(
+                      'CREATE ROLE %I WITH LOGIN PASSWORD %L CREATEDB',
+                      '$TEMPORAL_USER',
+                      '$TEMPORAL_PWD'
+                    );
+                    RAISE NOTICE 'Role $TEMPORAL_USER created.';
+                  ELSE
+                    RAISE NOTICE 'Role $TEMPORAL_USER already exists, skipping.';
+                  END IF;
+                END \$\$;
+              SQL
+          env:
+            - name: PGHOST
+              value: {{ printf "%s-postgresql" .Release.Name | quote }}
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ printf "%s-postgresql" .Release.Name | quote }}
+                  key: postgres-password
+            - name: TEMPORAL_USER
+              value: {{ .Values.temporal.postgresql.user | quote }}
+            - name: TEMPORAL_PWD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "postiz.fullname" . }}-temporal-secret
+                  key: POSTGRES_PWD
+{{- end }}
+{{- end }}
@@ -0,0 +1,14 @@
+{{- if .Values.temporal.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "postiz.fullname" . }}-temporal-secret
+  labels:
+    {{- include "postiz.labels" . | nindent 4 }}
+type: Opaque
+data:
+  POSTGRES_PWD: {{ .Values.temporal.postgresql.password | b64enc | quote }}
+  {{- if .Values.temporal.apiKey }}
+  TEMPORAL_API_KEY: {{ .Values.temporal.apiKey | b64enc | quote }}
+  {{- end }}
+{{- end }}
@@ -0,0 +1,19 @@
+{{- if .Values.temporal.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "postiz.fullname" . }}-temporal
+  labels:
+    {{- include "postiz.labels" . | nindent 4 }}
+    app.kubernetes.io/component: temporal
+spec:
+  type: ClusterIP
+  ports:
+    - port: 7233
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+  selector:
+    {{- include "postiz.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: temporal
+{{- end }}