billisdead/postiz-helmchart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: billisdead/postiz-helmchart:b3f447d0a7c1a2f474343623f377aa2a33c53dfc
Branches Tags
billisdead/postiz-helmchart:main billisdead/postiz-helmchart:feat/temporal-support
billisdead/postiz-helmchart:upstream-1.0.5 billisdead/postiz-helmchart:1.0.5 billisdead/postiz-helmchart:1.0.4 billisdead/postiz-helmchart:1.0.2 billisdead/postiz-helmchart:1.0.1 billisdead/postiz-helmchart:0.0.1
..
compare: billisdead/postiz-helmchart:main
Branches Tags
billisdead/postiz-helmchart:main billisdead/postiz-helmchart:feat/temporal-support
billisdead/postiz-helmchart:upstream-1.0.5 billisdead/postiz-helmchart:1.0.5 billisdead/postiz-helmchart:1.0.4 billisdead/postiz-helmchart:1.0.2 billisdead/postiz-helmchart:1.0.1 billisdead/postiz-helmchart:0.0.1

4 Commits
b3f447d0a7 .. main

Author SHA1 Message Date
billisdead 336ad5bd38 chore(values): set explicit passwords for local deployment
Helm Chart CI/CD / lint-test (push) Has been cancelled
Details
Helm Chart CI/CD / publish (push) Has been cancelled
Details 
Required since temporal-secret.yaml now validates via required().
Values match the credentials used at initial cluster install.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-17 08:41:56 +02:00
billisdead 92ceb76f23 fix(helm): address CodeRabbit review findings 
NOTES.txt:
- Detect ingress scheme dynamically (http/https based on .Values.ingress.tls)
- Include first path in ingress URL output
- Use .Values.service.port in port-forward example instead of hardcoded 80
- Add -n {{ .Release.Namespace }} to all kubectl commands

postiz-config.yaml:
- Merge temporal enabled/external branches: external address now also emits
  TEMPORAL_NAMESPACE and TEMPORAL_TLS, not just TEMPORAL_ADDRESS

temporal-init-job.yaml:
- Use .Values.temporal.postgresql.seeds as PGHOST source (with fallback to
  bitnami sub-chart service name) so init job and runtime use the same host
- Switch to quoted heredoc (<<-'SQL') + psql --set to pass credentials as
  psql variables, preventing shell expansion from breaking on special chars

temporal-secret.yaml:
- Add required validation: temporal.postgresql.password must be set explicitly
  when temporal.enabled=true

values.yaml:
- Remove hardcoded default passwords (postgresPassword, temporal.postgresql.password)
  replaced with empty strings to avoid predictable default credentials

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-17 08:41:15 +02:00
billisdead 98231d5eaf fix(helm): skip temporal init job when reusing postgresql main user
Helm Chart CI/CD / lint-test (push) Has been cancelled
Details
Helm Chart CI/CD / publish (push) Has been cancelled
Details 
When temporal.postgresql.user == postgresql.auth.username, the user
already exists with CREATEDB — temporalio/auto-setup handles database
creation itself. The init job only runs for a distinct dedicated user.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-16 18:38:05 +02:00
billisdead 6b0e1ff5f3 chore: ignore SQL dump files 2026-06-16 18:17:02 +02:00
6 changed files with 24 additions and 21 deletions
Expand all files Collapse all files
.gitignore
+1
View File
@@ -1 +1,2 @@
.DS_Store .DS_Store
*.sql
charts/postiz/templates/NOTES.txt
+6 -6
View File
@@ -2,11 +2,11 @@ Postiz has been deployed!
Access URL: Access URL:
{{- if .Values.ingress.enabled }} {{- if .Values.ingress.enabled }}
https://{{ (first .Values.ingress.hosts).host }} {{ if .Values.ingress.tls }}https{{ else }}http{{ end }}://{{ (first .Values.ingress.hosts).host }}{{ (first (first .Values.ingress.hosts).paths).path }}
{{- else if eq .Values.service.type "NodePort" }} {{- else if eq .Values.service.type "NodePort" }}
http://<node-ip>:{{ .Values.service.nodePort }} http://<node-ip>:{{ .Values.service.nodePort }}
{{- else }} {{- else }}
kubectl port-forward svc/{{ include "postiz.fullname" . }} 5000:80 kubectl port-forward svc/{{ include "postiz.fullname" . }} 5000:{{ .Values.service.port }}
http://localhost:5000 http://localhost:5000
{{- end }} {{- end }}
@@ -14,11 +14,11 @@ Access URL:
Temporal: Temporal:
Internal address : {{ include "postiz.fullname" . }}-temporal:7233 Internal address : {{ include "postiz.fullname" . }}-temporal:7233
Status : kubectl get pods -l app.kubernetes.io/component=temporal Status : kubectl -n {{ .Release.Namespace }} get pods -l app.kubernetes.io/component=temporal
Init job logs : kubectl logs job/{{ include "postiz.fullname" . }}-temporal-init Init job logs : kubectl -n {{ .Release.Namespace }} logs job/{{ include "postiz.fullname" . }}-temporal-init
After first deploy, create Temporal search attributes: After first deploy, create Temporal search attributes:
kubectl exec deploy/{{ include "postiz.fullname" . }}-temporal -- \ kubectl -n {{ .Release.Namespace }} exec deploy/{{ include "postiz.fullname" . }}-temporal -- \
temporal operator search-attribute create \ temporal operator search-attribute create \
--namespace {{ .Values.temporal.namespace | default "default" }} \ --namespace {{ .Values.temporal.namespace | default "default" }} \
--name organizationId --type Keyword \ --name organizationId --type Keyword \
@@ -41,6 +41,6 @@ WARNING: replicaCount={{ .Values.replicaCount }} with STORAGE_PROVIDER=local is
Upgrade reminder: Upgrade reminder:
Always back up the PostgreSQL database before upgrading Postiz: Always back up the PostgreSQL database before upgrading Postiz:
kubectl exec -n <namespace> <postgresql-pod> -- \ kubectl exec -n {{ .Release.Namespace }} <postgresql-pod> -- \
pg_dump -U {{ .Values.postgresql.auth.username }} {{ .Values.postgresql.auth.database }} \ pg_dump -U {{ .Values.postgresql.auth.username }} {{ .Values.postgresql.auth.database }} \
> postiz-backup-$(date +%Y%m%d).sql > postiz-backup-$(date +%Y%m%d).sql
charts/postiz/templates/postiz-config.yaml
+1 -3
View File
@@ -8,10 +8,8 @@ data:
{{- range $key, $value := .Values.env }} {{- range $key, $value := .Values.env }}
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
{{- end }} {{- end }}
{{- if .Values.temporal.enabled }} {{- if or .Values.temporal.enabled .Values.temporal.address }}
TEMPORAL_ADDRESS: {{ default (printf "%s-temporal:7233" (include "postiz.fullname" .)) .Values.temporal.address | quote }} TEMPORAL_ADDRESS: {{ default (printf "%s-temporal:7233" (include "postiz.fullname" .)) .Values.temporal.address | quote }}
TEMPORAL_NAMESPACE: {{ .Values.temporal.namespace | default "default" | quote }} TEMPORAL_NAMESPACE: {{ .Values.temporal.namespace | default "default" | quote }}
TEMPORAL_TLS: {{ .Values.temporal.tls | toString | quote }} TEMPORAL_TLS: {{ .Values.temporal.tls | toString | quote }}
{{- else if .Values.temporal.address }}
TEMPORAL_ADDRESS: {{ .Values.temporal.address | quote }}
{{- end }} {{- end }}
charts/postiz/templates/temporal-init-job.yaml
+14 -10
View File
@@ -1,5 +1,6 @@
{{- if .Values.temporal.enabled }} {{- if .Values.temporal.enabled }}
{{- if .Values.postgresql.enabled }} {{- if .Values.postgresql.enabled }}
{{- if ne .Values.temporal.postgresql.user .Values.postgresql.auth.username }}
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
@@ -31,7 +32,7 @@ spec:
done done
env: env:
- name: PGHOST - name: PGHOST
value: {{ printf "%s-postgresql" .Release.Name | quote }} value: {{ default (printf "%s-postgresql" .Release.Name) .Values.temporal.postgresql.seeds | splitList "," | first | quote }}
containers: containers:
- name: create-temporal-user - name: create-temporal-user
image: postgres:16-alpine image: postgres:16-alpine
@@ -40,23 +41,25 @@ spec:
- -c - -c
- | - |
export PGPASSWORD="$POSTGRES_PASSWORD" export PGPASSWORD="$POSTGRES_PASSWORD"
psql -h "$PGHOST" -U postgres <<-SQL psql -h "$PGHOST" -U postgres \
DO \$\$ BEGIN --set=temporal_user="$TEMPORAL_USER" \
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '$TEMPORAL_USER') THEN --set=temporal_pwd="$TEMPORAL_PWD" <<-'SQL'
DO $$ BEGIN
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = :'temporal_user') THEN
EXECUTE format( EXECUTE format(
'CREATE ROLE %I WITH LOGIN PASSWORD %L CREATEDB', 'CREATE ROLE %I WITH LOGIN PASSWORD %L CREATEDB',
'$TEMPORAL_USER', :'temporal_user',
'$TEMPORAL_PWD' :'temporal_pwd'
); );
RAISE NOTICE 'Role $TEMPORAL_USER created.'; RAISE NOTICE 'Role created.';
ELSE ELSE
RAISE NOTICE 'Role $TEMPORAL_USER already exists, skipping.'; RAISE NOTICE 'Role already exists, skipping.';
END IF; END IF;
END \$\$; END $$;
SQL SQL
env: env:
- name: PGHOST - name: PGHOST
value: {{ printf "%s-postgresql" .Release.Name | quote }} value: {{ default (printf "%s-postgresql" .Release.Name) .Values.temporal.postgresql.seeds | splitList "," | first | quote }}
- name: POSTGRES_PASSWORD - name: POSTGRES_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -71,3 +74,4 @@ spec:
key: POSTGRES_PWD key: POSTGRES_PWD
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
charts/postiz/templates/temporal-secret.yaml
+1 -1
View File
@@ -7,7 +7,7 @@ metadata:
{{- include "postiz.labels" . | nindent 4 }} {{- include "postiz.labels" . | nindent 4 }}
type: Opaque type: Opaque
data: data:
POSTGRES_PWD: {{ .Values.temporal.postgresql.password | b64enc | quote }} POSTGRES_PWD: {{ required "temporal.postgresql.password is required when temporal.enabled=true" .Values.temporal.postgresql.password | b64enc | quote }}
{{- if .Values.temporal.apiKey }} {{- if .Values.temporal.apiKey }}
TEMPORAL_API_KEY: {{ .Values.temporal.apiKey | b64enc | quote }} TEMPORAL_API_KEY: {{ .Values.temporal.apiKey | b64enc | quote }}
{{- end }} {{- end }}
charts/postiz/values.yaml
+1 -1
View File
@@ -67,7 +67,7 @@ postgresql:
# postgresPassword is used by the temporal init job to create the temporal user. # postgresPassword is used by the temporal init job to create the temporal user.
# Set this explicitly; if left empty, Bitnami generates a random password # Set this explicitly; if left empty, Bitnami generates a random password
# that the init job cannot retrieve. # that the init job cannot retrieve.
postgresPassword: postgres-admin-password postgresPassword: "postgres-admin-password"
service: service:
ports: ports:
postgresql: 5432 postgresql: 5432