feat(postiz): Deploy postiz

k8s/apps/communications/kustomization.yaml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - jitsi.k8s.yaml
+  - postiz.k8s.yaml

k8s/apps/communications/postiz.k8s.yaml

@@ -0,0 +1,15 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: postiz
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ./k8s/apps/communications/postiz
+  dependsOn:
+    - name: ingress
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: emnt-ops

k8s/apps/communications/postiz/deployment.k8s.yaml

@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postiz
+  namespace: postiz
+  labels:
+    app.kubernetes.io/name: postiz
+    app.kubernetes.io/instance: postiz
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: postiz
+      app.kubernetes.io/instance: postiz
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: postiz
+        app.kubernetes.io/instance: postiz
+    spec:
+      containers:
+        - name: postiz
+          image: ghcr.io/gitroomhq/postiz-app:v1.31.1-amd64
+          env:
+            - name: MAIN_URL
+              value: https://postiz.${CLUSTER_DOMAIN}
+            - name: FRONTEND_URL
+              value: https://postiz.${CLUSTER_DOMAIN}
+            - name: NEXT_PUBLIC_BACKEND_URL
+              value: https://postiz.${CLUSTER_DOMAIN}/api
+            - name: BACKEND_INTERNAL_URL
+              value: http://localhost:3000
+            - name: IS_GENERAL
+              value: "true"
+            - name: STORAGE_PROVIDER
+              value: "local"
+            - name: UPLOAD_DIRECTORY
+              value: "/uploads"
+            - name: NEXT_PUBLIC_UPLOAD_DIRECTORY
+              value: "/uploads"
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: pg-url
+                  key: PG_URL
+            - name: REDIS_URL
+              valueFrom:
+                secretKeyRef:
+                  name: keydb-url
+                  key: KEYDB_URL
+          envFrom:
+            - secretRef:
+                name: postiz-secrets
+          ports:
+            - name: http
+              containerPort: 5000
+          volumeMounts:
+            - name: uploads
+              mountPath: /uploads
+      volumes:
+        - name: uploads
+          persistentVolumeClaim:
+            claimName: postiz-uploads

k8s/apps/communications/postiz/ingress.k8s.yaml

@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postiz
+  namespace: postiz
+  labels:
+    app.kubernetes.io/name: postiz
+    app.kubernetes.io/instance: postiz
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: postiz
+    app.kubernetes.io/instance: postiz
+  ports:
+    - name: http
+      port: 5000
+      targetPort: http
+      protocol: TCP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: postiz
+  namespace: postiz
+  labels:
+    app.kubernetes.io/name: postiz
+    app.kubernetes.io/instance: postiz
+spec:
+  ingressClassName: ingress-internal-traefik
+  rules:
+    - host: postiz.${CLUSTER_DOMAIN}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: postiz
+                port:
+                  name: http

k8s/apps/communications/postiz/keydb-url-template.k8s.yaml

@@ -0,0 +1,43 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: keydb-url-template
+  namespace: postiz
+spec:
+  secretStoreRef:
+    kind: SecretStore
+    name: postiz-secrets
+  target:
+    name: keydb-url
+    template:
+      engineVersion: v2
+      data:
+        KEYDB_URL: "redis://postiz-postiz-keydb.postiz.svc.cluster.local:6379/?password={{ .password }}"
+  data:
+    - secretKey: password
+      remoteRef:
+        key: keydb-creds
+        property: password
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pg-url-template
+  namespace: postiz
+spec:
+  secretStoreRef:
+    kind: SecretStore
+    name: postiz-secrets
+  target:
+    name: pg-url
+    template:
+      engineVersion: v2
+      data:
+        PG_URL: "{{ .uri }}?schema=postiz"
+  data:
+    - secretKey: uri
+      remoteRef:
+        key: postiz-pg-pguser-postiz
+        property: uri

k8s/apps/communications/postiz/keydb.k8s.yaml

@@ -0,0 +1,32 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: postiz-keydb
+  namespace: flux-system
+spec:
+  interval: 30m
+  targetNamespace: postiz
+  chart:
+    spec:
+      chart: keydb
+      version: 0.48.0
+      sourceRef:
+        kind: HelmRepository
+        name: enapter
+        namespace: flux-system
+      interval: 30m
+  values:
+    existingSecret: keydb-creds
+    existingSecretKey: password
+    readinessProbeRandomUuid: 1e1554a3-f51a-466b-8182-169ff1ba2bf9
+    persistentVolume:
+      storageClass: freenas-api-iscsi-csi
+    serviceMonitor:
+      enabled: true
+      labels:
+        release: prometheus
+    exporter:
+      enabled: true
+    scripts:
+      enabled: true

k8s/apps/communications/postiz/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.k8s.yaml
+  - deployment.k8s.yaml
+  - pvc.k8s.yaml
+  - ingress.k8s.yaml
+  - postgres.k8s.yaml
+  - keydb.k8s.yaml
+  - secrets.sops.yaml
+  - secretstore.k8s.yaml
+  - keydb-url-template.k8s.yaml

k8s/apps/communications/postiz/namespace.k8s.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postiz

k8s/apps/communications/postiz/postgres.k8s.yaml

@@ -0,0 +1,98 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-creds
+  namespace: postiz
+  annotations:
+    reflector.v1.k8s.emberstack.com/reflects: "local-backup-s3/pgbackrest-postiz-s3creds"
+data: {}
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+  name: postiz-pg
+  namespace: postiz
+  annotations:
+    postgres-operator.crunchydata.com/autoCreateUserSchema: "true"
+spec:
+  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.7-1
+  postgresVersion: 15
+  users:
+    - name: postiz
+      password:
+        type: AlphaNumeric
+      databases:
+        - postiz
+  instances:
+    - name: instance1
+      metadata:
+        labels:
+          app.kubernetes.io/name: postgresql
+          app.kubernetes.io/instance: postiz-pg
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          memory: 512Mi
+      sidecars:
+        replicaCertCopy:
+          resources:
+            requests:
+              cpu: 10m
+              memory: 2Mi
+            limits:
+              memory: 16Mi
+      dataVolumeClaimSpec:
+        storageClassName: freenas-api-iscsi-csi
+        accessModes:
+          - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: 10Gi
+  patroni:
+    dynamicConfiguration:
+      # Prevents failovers due to latency issues with etcd, useful for non-HA controlplane
+      failsafe_mode: true
+      postgresql:
+        parameters:
+          max_slot_wal_keep_size: 1GB
+          max_wal_size: 1GB
+  backups:
+    pgbackrest:
+      image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
+      global:
+        repo1-s3-uri-style: path
+        repo1-path: /pgbackrest-postiz/postiz-pg/repo1
+        repo1-retention-full: "30"
+        repo1-retention-full-type: time
+      jobs:
+        resources:
+          requests:
+            cpu: 10m
+            memory: 32Mi
+          limits:
+            memory: 128Mi
+      configuration:
+        - secret:
+            name: s3-creds
+      repos:
+        - name: repo1
+          s3:
+            endpoint: https://backup-s3.${CLUSTER_DOMAIN}
+            region: us-west-1
+            bucket: pgbackrest
+          schedules:
+            full: 0 6 * * 0
+            incremental: 0 6 * * 1-6
+  monitoring:
+    pgmonitor:
+      exporter:
+        resources:
+          requests:
+            cpu: 10m
+            memory: 16Mi
+          limits:
+            memory: 64Mi
+        image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.3.1-0

k8s/apps/communications/postiz/pvc.k8s.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postiz-uploads
+  namespace: postiz
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 50Gi
+  storageClassName: freenas-api-iscsi-csi