viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

postiz: wire FACEBOOK_APP_ID/SECRET via ESO for IG-Business integration

Browse source
This commit is contained in:
Viktor Barzin 2026-05-09 09:19:43 +00:00
parent 60dd6c61b5
commit c2e61cdf31
No known key found for this signature in database
GPG key ID: 4056458DBDBF8863
1 changed files with 23 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

34
stacks/postiz/modules/postiz/main.tf
View file

@ -82,13 +82,20 @@ resource "kubernetes_manifest" "external_secret_jwt" {
name = "postiz-secrets" name = "postiz-secrets"
creationPolicy = "Merge" creationPolicy = "Merge"
} }
data = [{ data = [
secretKey = "JWT_SECRET" {
remoteRef = { secretKey = "JWT_SECRET"
key = "instagram-poster" remoteRef = { key = "instagram-poster", property = "postiz_jwt_secret" }
property = "postiz_jwt_secret" },
} {
}] secretKey = "FACEBOOK_APP_ID"
remoteRef = { key = "instagram-poster", property = "facebook_app_id" }
},
{
secretKey = "FACEBOOK_APP_SECRET"
remoteRef = { key = "instagram-poster", property = "facebook_app_secret" }
},
]
} }
} }
depends_on = [kubernetes_namespace.postiz] depends_on = [kubernetes_namespace.postiz]
@ -138,14 +145,19 @@ resource "helm_release" "postiz" {
# Postiz reads DATABASE_URL/REDIS_URL from this Secret. The chart does # Postiz reads DATABASE_URL/REDIS_URL from this Secret. The chart does
# NOT auto-wire bundled subcharts we have to point at the in-namespace # NOT auto-wire bundled subcharts we have to point at the in-namespace
# PG/Redis Services. ESO patches JWT_SECRET on top via creationPolicy=Merge. # PG/Redis Services. ESO patches JWT_SECRET + FACEBOOK_APP_* on top via
# creationPolicy=Merge from secret/instagram-poster.
# Subchart auth uses the chart defaults (postiz / postiz-password, # Subchart auth uses the chart defaults (postiz / postiz-password,
# postiz-redis-password) both Services are ClusterIP, only routable # postiz-redis-password) both Services are ClusterIP, only routable
# from inside the postiz namespace, so the well-known creds are safe. # from inside the postiz namespace, so the well-known creds are safe.
secrets = { secrets = {
DATABASE_URL = "postgresql://postiz:postiz-password@postiz-postgresql:5432/postiz" DATABASE_URL = "postgresql://postiz:postiz-password@postiz-postgresql:5432/postiz"
REDIS_URL = "redis://default:postiz-redis-password@postiz-redis-master:6379" REDIS_URL = "redis://default:postiz-redis-password@postiz-redis-master:6379"
JWT_SECRET = "" JWT_SECRET = ""
# IG-via-Facebook OAuth (Postiz Instagram-Business integration). Empty
# placeholder; ESO patches the real values from Vault below.
FACEBOOK_APP_ID = ""
FACEBOOK_APP_SECRET = ""
} }
# Use our PVC for uploads (overrides the chart's emptyDir default). # Use our PVC for uploads (overrides the chart's emptyDir default).