billisdead
92ceb76f23
NOTES.txt:
- Detect ingress scheme dynamically (http/https based on .Values.ingress.tls)
- Include first path in ingress URL output
- Use .Values.service.port in port-forward example instead of hardcoded 80
- Add -n {{ .Release.Namespace }} to all kubectl commands
postiz-config.yaml:
- Merge temporal enabled/external branches: external address now also emits
TEMPORAL_NAMESPACE and TEMPORAL_TLS, not just TEMPORAL_ADDRESS
temporal-init-job.yaml:
- Use .Values.temporal.postgresql.seeds as PGHOST source (with fallback to
bitnami sub-chart service name) so init job and runtime use the same host
- Switch to quoted heredoc (<<-'SQL') + psql --set to pass credentials as
psql variables, preventing shell expansion from breaking on special chars
temporal-secret.yaml:
- Add required validation: temporal.postgresql.password must be set explicitly
when temporal.enabled=true
values.yaml:
- Remove hardcoded default passwords (postgresPassword, temporal.postgresql.password)
replaced with empty strings to avoid predictable default credentials
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
15 lines
491 B
YAML
15 lines
491 B
YAML
{{- if .Values.temporal.enabled }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "postiz.fullname" . }}-temporal-secret
|
|
labels:
|
|
{{- include "postiz.labels" . | nindent 4 }}
|
|
type: Opaque
|
|
data:
|
|
POSTGRES_PWD: {{ required "temporal.postgresql.password is required when temporal.enabled=true" .Values.temporal.postgresql.password | b64enc | quote }}
|
|
{{- if .Values.temporal.apiKey }}
|
|
TEMPORAL_API_KEY: {{ .Values.temporal.apiKey | b64enc | quote }}
|
|
{{- end }}
|
|
{{- end }}
|