feat(f1-stream): wire optional REDDIT_* env for replays activation
Some checks failed
ci/woodpecker/push/default Pipeline failed

Adds REDDIT_CLIENT_ID / REDDIT_CLIENT_SECRET to the f1-stream deployment,
sourced from the f1-stream-secrets Secret with optional=true so the pod still
starts before the credentials exist. This activates the replays feature (app
repo ADR-0002) once reddit_client_id / reddit_client_secret are added to the
Vault "f1-stream" key (auto-synced via the ExternalSecret's dataFrom.extract)
and the pod is restarted. Dormant/no-op until then.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-07-04 20:57:43 +00:00
parent 37bdb3cb1e
commit d7a4453f32

View file

@ -166,6 +166,33 @@ resource "kubernetes_deployment" "f1-stream" {
name = "DISCORD_CHANNELS" name = "DISCORD_CHANNELS"
value = var.discord_f1_channel_ids value = var.discord_f1_channel_ids
} }
# Replays feature (app repo ADR-0002). optional=true so the pod still
# starts before the Reddit app credentials exist; the app treats missing
# creds as "replays off" (logs "Replays pipeline disabled"). The
# ExternalSecret above uses dataFrom.extract on the Vault "f1-stream"
# key, so adding reddit_client_id / reddit_client_secret there auto-syncs
# them into this Secret no ExternalSecret change needed, just a pod
# restart to pick them up.
env {
name = "REDDIT_CLIENT_ID"
value_from {
secret_key_ref {
name = "f1-stream-secrets"
key = "reddit_client_id"
optional = true
}
}
}
env {
name = "REDDIT_CLIENT_SECRET"
value_from {
secret_key_ref {
name = "f1-stream-secrets"
key = "reddit_client_secret"
optional = true
}
}
}
# Verifier connects to in-cluster headed Chromium pool see # Verifier connects to in-cluster headed Chromium pool see
# stacks/chrome-service/. Falls back to in-process headless if unset. # stacks/chrome-service/. Falls back to in-process headless if unset.
# 2026-06-04: migrated WS (:3000 / path-token) CDP (:9222 / # 2026-06-04: migrated WS (:3000 / path-token) CDP (:9222 /