From d7a4453f323be678221c8808bd9b4ccd108fd849 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sat, 4 Jul 2026 20:57:43 +0000 Subject: [PATCH] feat(f1-stream): wire optional REDDIT_* env for replays activation Adds REDDIT_CLIENT_ID / REDDIT_CLIENT_SECRET to the f1-stream deployment, sourced from the f1-stream-secrets Secret with optional=true so the pod still starts before the credentials exist. This activates the replays feature (app repo ADR-0002) once reddit_client_id / reddit_client_secret are added to the Vault "f1-stream" key (auto-synced via the ExternalSecret's dataFrom.extract) and the pod is restarted. Dormant/no-op until then. Co-Authored-By: Claude Opus 4.8 --- stacks/f1-stream/main.tf | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/stacks/f1-stream/main.tf b/stacks/f1-stream/main.tf index 0bf47f34..bf1bbb74 100644 --- a/stacks/f1-stream/main.tf +++ b/stacks/f1-stream/main.tf @@ -166,6 +166,33 @@ resource "kubernetes_deployment" "f1-stream" { name = "DISCORD_CHANNELS" value = var.discord_f1_channel_ids } + # Replays feature (app repo ADR-0002). optional=true so the pod still + # starts before the Reddit app credentials exist; the app treats missing + # creds as "replays off" (logs "Replays pipeline disabled"). The + # ExternalSecret above uses dataFrom.extract on the Vault "f1-stream" + # key, so adding reddit_client_id / reddit_client_secret there auto-syncs + # them into this Secret — no ExternalSecret change needed, just a pod + # restart to pick them up. + env { + name = "REDDIT_CLIENT_ID" + value_from { + secret_key_ref { + name = "f1-stream-secrets" + key = "reddit_client_id" + optional = true + } + } + } + env { + name = "REDDIT_CLIENT_SECRET" + value_from { + secret_key_ref { + name = "f1-stream-secrets" + key = "reddit_client_secret" + optional = true + } + } + } # Verifier connects to in-cluster headed Chromium pool — see # stacks/chrome-service/. Falls back to in-process headless if unset. # 2026-06-04: migrated WS (:3000 / path-token) → CDP (:9222 /