postiz + instagram-poster: deploy fixes after first apply
- postiz: pin chart name to 'postiz-app' (was 'postiz', wrong path) and override bundled bitnami subchart images to bitnamilegacy/* — Bitnami removed bitnami/postgresql + bitnami/redis from DockerHub in Aug 2025 (Broadcom acquisition). - postiz: enable initial registration (DISABLE_REGISTRATION=false) so first admin user can be created in UI; tighten after. - instagram-poster: add securityContext (fsGroup/runAsUser=10001) so kubelet chowns the PVC mount for the non-root 'poster' user; was crashing on alembic with 'unable to open database file'. - instagram-poster: bump image_tag to 24935ab4 (uvicorn now binds to port 8000 to match Service contract; was 8080 -> probe 404).
This commit is contained in:
parent
d5a01b6ad2
commit
71e3439650
3 changed files with 23 additions and 2 deletions
|
|
@ -152,6 +152,15 @@ resource "kubernetes_deployment" "instagram_poster" {
|
|||
name = "registry-credentials"
|
||||
}
|
||||
|
||||
# PVC mounts as root by default; pod runs as uid/gid 10001 (poster).
|
||||
# fs_group makes kubelet chown the volume to gid 10001 on mount.
|
||||
security_context {
|
||||
fs_group = 10001
|
||||
run_as_user = 10001
|
||||
run_as_group = 10001
|
||||
run_as_non_root = true
|
||||
}
|
||||
|
||||
container {
|
||||
name = "instagram-poster"
|
||||
image = local.image
|
||||
|
|
|
|||
|
|
@ -19,5 +19,5 @@ dependency "external-secrets" {
|
|||
|
||||
inputs = {
|
||||
# Bump per deploy. Use 8-char git SHA — :latest causes stale pull-through cache.
|
||||
image_tag = "23f8b4ed"
|
||||
image_tag = "24935ab4"
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue