2021-02-09 23:28:44 +00:00
image :
2023-04-08 19:26:41 +00:00
repository : ghcr.io/mastodon/mastodon
# https://github.com/mastodon/mastodon/pkgs/container/mastodon
2021-08-09 14:16:20 +00:00
#
2021-02-09 23:28:44 +00:00
# alternatively, use `latest` for the latest release or `edge` for the image
# built from the most recent commit
#
# tag: latest
2024-07-04 22:19:55 +00:00
tag : "v4.2.10"
2021-08-09 14:16:20 +00:00
# use `Always` when using `latest` tag
pullPolicy : IfNotPresent
mastodon :
2024-06-01 00:42:03 +00:00
# Labels added to every Mastodon-related object
labels : {}
2023-04-08 19:26:41 +00:00
# -- create an initial administrator user; the password is autogenerated and will
2021-08-09 14:16:20 +00:00
# have to be reset
createAdmin :
2023-04-08 19:26:41 +00:00
# @ignored
2021-08-09 14:16:20 +00:00
enabled : false
2023-04-08 19:26:41 +00:00
# @ignored
2021-08-09 14:16:20 +00:00
username : not_gargron
2023-04-08 19:26:41 +00:00
# @ignored
2024-06-01 00:42:03 +00:00
password : not_gargron
# @ignored
2021-08-09 14:16:20 +00:00
email : not@example.com
2024-06-01 00:42:03 +00:00
hooks :
dbMigrate :
enabled : true
assetsPrecompile :
enabled : true
# Custom labels to add to kubernetes resources
#labels:
2021-08-09 14:16:20 +00:00
cron :
2023-04-08 19:26:41 +00:00
# -- run `tootctl media remove` every week
2021-08-09 14:16:20 +00:00
removeMedia :
2023-04-08 19:26:41 +00:00
# @ignored
2021-08-09 14:16:20 +00:00
enabled : true
2023-04-08 19:26:41 +00:00
# @ignored
2021-08-09 14:16:20 +00:00
schedule : "0 0 * * 0"
2023-04-08 19:26:41 +00:00
# -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
2021-08-09 14:16:20 +00:00
locale : en
local_domain : mastodon.local
2023-04-08 19:26:41 +00:00
# -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
2022-07-31 03:27:41 +00:00
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
2023-04-08 19:26:41 +00:00
# Example: mastodon.example.com
web_domain : null
2024-06-01 00:42:03 +00:00
# -- If you have multiple domains pointed at your Mastodon server, this setting will allow Mastodon to recognize
# itself when users are addressed using those other domains.
alternate_domains : [ ]
2023-04-08 19:26:41 +00:00
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
singleUserMode : false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch : false
2024-06-01 00:42:03 +00:00
# -- Enables "Limited Federation Mode" for more details see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
2023-04-08 19:26:41 +00:00
limitedFederationMode : false
2021-08-09 14:16:20 +00:00
persistence :
assets :
2023-04-08 19:26:41 +00:00
# -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits
2021-08-09 14:16:20 +00:00
# scalability, since it requires the Rails and Sidekiq pods to run on the
# same node.
accessMode : ReadWriteOnce
resources :
requests :
storage : 10Gi
2024-06-01 00:42:03 +00:00
# -- name of existing persistent volume claim to use for assets
existingClaim :
2021-08-09 14:16:20 +00:00
system :
accessMode : ReadWriteOnce
resources :
requests :
storage : 100Gi
2024-06-01 00:42:03 +00:00
# -- name of existing persistent volume claim to use for system
existingClaim :
2021-08-09 14:16:20 +00:00
s3 :
enabled : false
access_key : ""
access_secret : ""
2023-04-08 19:26:41 +00:00
# -- you can also specify the name of an existing Secret
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
existingSecret : ""
2021-08-09 14:16:20 +00:00
bucket : ""
2023-04-08 19:26:41 +00:00
endpoint : ""
hostname : ""
2021-08-09 14:16:20 +00:00
region : ""
2023-04-08 19:26:41 +00:00
permission : ""
# -- If you have a caching proxy, enter its base URL here.
2022-07-31 03:27:41 +00:00
alias_host : ""
2024-06-01 00:42:03 +00:00
# When uploading data to S3, if the number of bytes to send exceedes
# multipart_threshold then a multi part session is automatically started
# and the data is sent up in chunks. Defaults to 16777216 (16MB).
multipart_threshold : ""
# -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming
# override_path_style: "true"
deepl :
enabled : false
plan :
apiKeySecretRef :
name :
key :
hcaptcha :
enabled : false
siteId :
secretKeySecretRef :
name :
key :
2021-08-09 14:16:20 +00:00
# these must be set manually; autogenerated keys are rotated on each upgrade
secrets :
secret_key_base : ""
otp_secret : ""
vapid :
private_key : ""
public_key : ""
2024-06-01 00:42:03 +00:00
activeRecordEncryption :
primaryKey : ""
deterministicKey : ""
keyDerivationSalt : ""
2023-04-08 19:26:41 +00:00
# -- you can also specify the name of an existing Secret
2024-06-01 00:42:03 +00:00
# with keys:
# - SECRET_KEY_BASE
# - OTP_SECRET
# - VAPID_PRIVATE_KEY
# - VAPID_PUBLIC_KEY
# - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
# - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
# - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
2023-04-08 19:26:41 +00:00
existingSecret : ""
2024-06-01 00:42:03 +00:00
# -- The number of old revisions to keep for each Deployment in Kubernetes.
# See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
revisionHistoryLimit : 2
2021-08-09 14:16:20 +00:00
sidekiq :
2023-04-08 19:26:41 +00:00
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
podSecurityContext : {}
# -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext
securityContext : {}
# -- Resources for all Sidekiq Deployments unless overwritten
resources : {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity : {}
2024-06-01 00:42:03 +00:00
# -- Topology spread constraints for Sidekiq Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints : {}
2023-04-08 19:26:41 +00:00
# limits:
# cpu: "1"
# memory: 768Mi
# requests:
# cpu: 250m
# memory: 512Mi
workers :
2024-06-01 00:42:03 +00:00
- name : all-queues
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
concurrency : 25
# -- Number of Pod replicas deployed by the Deployment
replicas : 1
# -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources
resources : {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity : {}
# -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints
topologySpreadConstraints : {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues :
- default,8
- push,6
- ingress,4
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
image :
repository :
tag :
# allows you to mount a custom database.yml from a configmap
# please note that we do not advise using a read-only replica for sidekiq workers
customDatabaseConfigYml :
configMapRef :
name :
key :
2023-04-08 19:26:41 +00:00
#- name: push-pull
# concurrency: 50
# resources: {}
# replicas: 2
# queues:
# - push
# - pull
#- name: mailers
# concurrency: 25
# replicas: 2
# queues:
# - mailers
#- name: default
# concurrency: 25
# replicas: 2
# queues:
# - default
2021-08-09 14:16:20 +00:00
smtp :
auth_method : plain
2022-07-31 03:27:41 +00:00
ca_file : /etc/ssl/certs/ca-certificates.crt
2021-08-09 14:16:20 +00:00
delivery_method : smtp
domain :
2024-06-01 00:42:03 +00:00
enable_starttls : "auto"
2021-08-09 14:16:20 +00:00
from_address : notifications@example.com
2024-06-01 00:42:03 +00:00
return_path :
2021-08-09 14:16:20 +00:00
openssl_verify_mode : peer
port : 587
reply_to :
server : smtp.mailgun.org
tls : false
2023-04-08 19:26:41 +00:00
login :
password :
# -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and
# password must be located in keys named `login` and `password` respectively.
existingSecret :
2021-08-09 14:16:20 +00:00
streaming :
2024-06-01 00:42:03 +00:00
image :
repository :
tag :
2021-08-09 14:16:20 +00:00
port : 4000
2023-04-08 19:26:41 +00:00
# -- this should be set manually since os.cpus() returns the number of CPUs on
2021-08-09 14:16:20 +00:00
# the node running the pod, which is unrelated to the resources allocated to
# the pod by k8s
workers : 1
2023-04-08 19:26:41 +00:00
# -- The base url for streaming can be set if the streaming API is deployed to
2022-07-31 03:27:41 +00:00
# a different domain/subdomain.
2023-04-08 19:26:41 +00:00
base_url : null
# -- Number of Streaming Pods running
replicas : 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity : {}
2024-06-01 00:42:03 +00:00
# -- Topology spread constraints for Streaming Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints : {}
2023-04-08 19:26:41 +00:00
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
podSecurityContext : {}
# -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
securityContext : {}
# -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources
resources : {}
# limits:
# cpu: "500m"
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 128Mi
2024-06-01 00:42:03 +00:00
# -- PodDisruptionBudget configuration - See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
enable : false
# minAvailable: 1
# maxUnavailable: 1
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
# -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
extraCerts : {}
# -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
# existingSecret:
# -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
# name:
# -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
# sslMode:
# Specify extra environment variables to be added to streaming pods.
extraEnvVars : {}
2021-08-09 14:16:20 +00:00
web :
port : 3000
2023-04-08 19:26:41 +00:00
# -- Number of Web Pods running
replicas : 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity : {}
2024-06-01 00:42:03 +00:00
# -- Topology spread constraints for Web Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints : {}
2023-04-08 19:26:41 +00:00
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
podSecurityContext : {}
# -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext
securityContext : {}
# -- (Web Container) Resources for Web Pods, overwrites .Values.resources
resources : {}
# limits:
# cpu: "1"
# memory: 1280Mi
# requests:
# cpu: 250m
# memory: 768Mi
2024-06-01 00:42:03 +00:00
# -- PodDisruptionBudget configuration - See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
enable : false
# minAvailable: 1
# maxUnavailable: 1
2023-04-08 19:26:41 +00:00
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
minThreads : "5"
maxThreads : "5"
workers : "2"
persistentTimeout : "20"
2024-06-01 00:42:03 +00:00
image :
repository :
tag :
# allows you to mount a custom database.yml from a configmap
# for example if you want to use a read-only replica
customDatabaseConfigYml :
configMapRef :
name :
key :
# HTTP cache buster configuration.
# See the documentation for more information about this feature:
# https://docs.joinmastodon.org/admin/config/#http-cache-buster
cacheBuster :
enabled : false
httpMethod : "GET"
# If the cache service requires authentication, specify the header name and
# secret/token here.
authHeader :
authToken :
existingSecret :
2023-04-08 19:26:41 +00:00
metrics :
statsd :
# -- Enable statsd publishing via STATSD_ADDR environment variable
address : ""
2024-06-01 00:42:03 +00:00
# -- Alternatively, you can use this to have a statsd_exporter sidecar container running along all Mastodon containers and exposing metrics in OpenMetric/Prometheus format on each pod
# Please note the exporter will not be enabled if metrics.statsd.address is not empty
exporter :
enabled : false
port : 9102
2023-04-08 19:26:41 +00:00
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements : true
2021-02-09 23:28:44 +00:00
2024-06-01 00:42:03 +00:00
# Specify extra environment variables to be added to all Mastodon pods.
# These can be used for configuration not included in this chart (including configuration for Mastodon varietals.)
extraEnvVars : {}
# Alternatively specify extra environment variables stored in a ConfigMap.
# The specified ConfigMap should contain the additional environment variables in key-value format.
# extraEnvFrom: <config-map-name>
2021-02-09 23:28:44 +00:00
ingress :
2023-04-08 19:26:41 +00:00
enabled : true
annotations :
# For choosing an ingress ingressClassName is preferred over annotations
# kubernetes.io/ingress.class: nginx
#
# To automatically request TLS certificates use one of the following
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt"
#
# ensure that NGINX's upload size matches Mastodon's
# for the K8s ingress controller:
# nginx.ingress.kubernetes.io/proxy-body-size: 40m
# for the NGINX ingress controller:
# nginx.org/client-max-body-size: 40m
# -- you can specify the ingressClassName if it differs from the default
ingressClassName :
2021-08-09 14:16:20 +00:00
hosts :
2023-04-08 19:26:41 +00:00
- host : mastodon.local
2021-08-09 14:16:20 +00:00
paths :
2024-06-01 00:42:03 +00:00
- path : "/"
2023-04-08 19:26:41 +00:00
tls :
- secretName : mastodon-tls
hosts :
- mastodon.local
2021-02-09 23:28:44 +00:00
2024-06-01 00:42:03 +00:00
# This allows you to have a separate ingress for streaming
# When enabled, the main ingress will no longer handle streaming requests.
# You will also need to configure mastodon.streaming.base_url accordingly
streaming :
enabled : false
annotations :
ingressClassName :
hosts :
- host : streaming.mastodon.local
paths :
- path : "/"
tls :
- secretName : mastodon-tls
hosts :
- streaming.mastodon.local
2023-04-08 19:26:41 +00:00
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
2021-02-09 23:28:44 +00:00
elasticsearch :
2024-06-01 00:42:03 +00:00
# Elasticsearch is powering full-text search. It is optional.
# `false` will not install Elasticsearch as part of this chart
2021-02-09 23:28:44 +00:00
#
# if you enable ES after the initial install, you will need to manually run
# RAILS_ENV=production bundle exec rake chewy:sync
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
enabled : true
2023-04-08 19:26:41 +00:00
# @ignored
2021-08-09 14:16:20 +00:00
image :
2022-07-31 03:27:41 +00:00
tag : 7
2021-02-09 23:28:44 +00:00
2024-06-01 00:42:03 +00:00
# If you are using an external ES cluster, use `enabled: false` and set the hostname, port,
# and whether the cluster uses TLS.
# hostname:
# port: 9200
# tls: true
# preset: single_node_cluster
# This is optional, use it if you ES cluster requires authentication
# user:
# Name of an existing secret with a password key
# existingSecret:
2021-02-09 23:28:44 +00:00
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql :
2023-04-08 19:26:41 +00:00
# -- disable if you want to use an existing db; in which case the values below
2021-08-09 14:16:20 +00:00
# must match those of that external postgres instance
2021-02-09 23:28:44 +00:00
enabled : true
2021-08-09 14:16:20 +00:00
# postgresqlHostname: preexisting-postgresql
2023-04-08 19:26:41 +00:00
# postgresqlPort: 5432
auth :
database : mastodon_production
username : mastodon
# you must set a password; the password generated by the postgresql chart will
# be rotated on each upgrade:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
password : ""
# Set the password for the "postgres" admin user
# set this to the same value as above if you've previously installed
# this chart and you're having problems getting mastodon to connect to the DB
# postgresPassword: ""
# you can also specify the name of an existing Secret
# with a key of password set to the password you want
existingSecret : ""
2021-02-09 23:28:44 +00:00
2024-06-01 00:42:03 +00:00
# Options for a read-only replica.
# If enabled, mastodon uses existing defaults for postgres for these values as well.
# NOTE: This feature is only available on Mastodon v4.2+
# Documentation for more information on this feature:
# https://docs.joinmastodon.org/admin/scaling/#read-replicas
readReplica :
hostname :
port :
auth :
database :
username :
password :
existingSecret :
2021-02-09 23:28:44 +00:00
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis :
2023-04-08 19:26:41 +00:00
# disable if you want to use an existing redis instance; in which case the
# values below must match those of that external redis instance
enabled : true
hostname : ""
port : 6379
auth :
# -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password : ""
2024-06-01 00:42:03 +00:00
# setting password for an existing redis instance will store it in a new Secret
2023-04-08 19:26:41 +00:00
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# existingSecret: ""
2024-06-01 00:42:03 +00:00
replica :
replicaCount : 0
# Configuration for a separate redis instance only for sidekiq processing.
# If enabled, any values not specified will be copied from the base config.
# If set to false, the main redis instance will be used, and all values will
# be ignored.
sidekiq :
enabled : false
hostname : ""
port : 6379
auth :
password : ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
existingSecret : ""
# Configuration for a separate redis instance only for cache.
# If enabled, any values not specified will be copied from the base config.
# If set to false, the main redis instance will be used, and all values will
# be ignored.
cache :
enabled : false
hostname : ""
port : 6379
auth :
password : ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
existingSecret : ""
2021-02-09 23:28:44 +00:00
2023-04-08 19:26:41 +00:00
# @ignored
2021-02-09 23:28:44 +00:00
service :
type : ClusterIP
port : 80
2022-07-31 03:27:41 +00:00
externalAuth :
oidc :
2023-04-08 19:26:41 +00:00
# -- OpenID Connect support is proposed in PR #16221 and awaiting merge.
2022-07-31 03:27:41 +00:00
enabled : false
# display_name: "example-label"
# issuer: https://login.example.space/auth/realms/example-space
# discovery: true
# scope: "openid,profile"
# uid_field: uid
# client_id: mastodon
# client_secret: SECRETKEY
# redirect_uri: https://example.com/auth/auth/openid_connect/callback
# assume_email_is_verified: true
2023-04-08 19:26:41 +00:00
# client_auth_method:
# response_type:
# response_mode:
# display:
# prompt:
# send_nonce:
# send_scope_to_token_endpoint:
# idp_logout_redirect_uri:
# http_scheme:
# host:
# port:
# jwks_uri:
# auth_endpoint:
# token_endpoint:
# user_info_endpoint:
# end_session_endpoint:
2022-07-31 03:27:41 +00:00
saml :
enabled : false
# acs_url: http://mastodon.example.com/auth/auth/saml/callback
# issuer: mastodon
# idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
# idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
2023-04-08 19:26:41 +00:00
# idp_cert_fingerprint:
2022-07-31 03:27:41 +00:00
# name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-04-08 19:26:41 +00:00
# cert:
# private_key:
2022-07-31 03:27:41 +00:00
# want_assertion_signed: true
# want_assertion_encrypted: true
# assume_email_is_verified: true
# uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
2023-04-08 19:26:41 +00:00
# attributes_statements:
2022-07-31 03:27:41 +00:00
# uid: "urn:oid:0.9.2342.19200300.100.1.1"
# email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
# full_name: "urn:oid:2.16.840.1.113730.3.1.241"
# first_name: "urn:oid:2.5.4.42"
# last_name: "urn:oid:2.5.4.4"
2023-04-08 19:26:41 +00:00
# verified:
# verified_email:
oauth_global :
# -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In
omniauth_only : false
2022-07-31 03:27:41 +00:00
cas :
enabled : false
# url: https://sso.myserver.com
# host: sso.myserver.com
# port: 443
# ssl: true
2023-04-08 19:26:41 +00:00
# validate_url:
# callback_url:
# logout_url:
# login_url:
2022-07-31 03:27:41 +00:00
# uid_field: 'user'
2023-04-08 19:26:41 +00:00
# ca_path:
2022-07-31 03:27:41 +00:00
# disable_ssl_verification: false
# assume_email_is_verified: true
2023-04-08 19:26:41 +00:00
# keys:
2022-07-31 03:27:41 +00:00
# uid: 'user'
# name: 'name'
# email: 'email'
# nickname: 'nickname'
# first_name: 'firstname'
# last_name: 'lastname'
# location: 'location'
# image: 'image'
# phone: 'phone'
2023-04-08 19:26:41 +00:00
pam :
2022-07-31 03:27:41 +00:00
enabled : false
# email_domain: example.com
# default_service: rpam
# controlled_service: rpam
ldap :
enabled : false
# host: myservice.namespace.svc
2023-04-08 19:26:41 +00:00
# port: 636
2022-07-31 03:27:41 +00:00
# method: simple_tls
2023-04-08 19:26:41 +00:00
# tls_no_verify: true
# base:
# bind_dn:
# password:
2022-07-31 03:27:41 +00:00
# uid: cn
# mail: mail
# search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"
# uid_conversion:
# enabled: true
# search: "., -"
# replace: _
2023-04-08 19:26:41 +00:00
# -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75
2021-02-09 23:28:44 +00:00
#
# if you manually change the UID/GID environment variables, ensure these values
# match:
podSecurityContext :
runAsUser : 991
runAsGroup : 991
fsGroup : 991
2023-04-08 19:26:41 +00:00
# @ignored
2021-02-09 23:28:44 +00:00
securityContext : {}
serviceAccount :
2023-04-08 19:26:41 +00:00
# -- Specifies whether a service account should be created
2021-02-09 23:28:44 +00:00
create : true
2023-04-08 19:26:41 +00:00
# -- Annotations to add to the service account
2021-02-09 23:28:44 +00:00
annotations : {}
2023-04-08 19:26:41 +00:00
# -- The name of the service account to use.
2021-02-09 23:28:44 +00:00
# If not set and create is true, a name is generated using the fullname template
name : ""
2024-06-01 00:42:03 +00:00
# Custom annotations to apply to all created deployment objects. These can be
# used to help mastodon interact with other services in the cluster.
deploymentAnnotations : {}
2023-04-08 19:26:41 +00:00
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods.
2021-02-09 23:28:44 +00:00
podAnnotations : {}
2023-04-08 19:26:41 +00:00
# If set to true, an annotation with the current chart release number will be added to all mastodon pods. This will
# cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes.
revisionPodAnnotation : true
# The annotations set with jobAnnotations will be added to all job pods.
jobAnnotations : {}
# -- Default resources for all Deployments and jobs unless overwritten
2024-06-01 00:42:03 +00:00
resources :
{}
2021-02-09 23:28:44 +00:00
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
2023-04-08 19:26:41 +00:00
# @ignored
2021-02-09 23:28:44 +00:00
nodeSelector : {}
2023-04-08 19:26:41 +00:00
# @ignored
2021-02-09 23:28:44 +00:00
tolerations : [ ]
2023-04-08 19:26:41 +00:00
# -- Affinity for all pods unless overwritten
2021-02-09 23:28:44 +00:00
affinity : {}
2024-06-01 00:42:03 +00:00
# -- Timezone for all pods unless overwritten
timezone : UTC
# -- Topology Spread Constraints for all pods unless overwritten
# Please note that you need to use `matchLabelKeys` (Kubernetes 1.25+) if you
# want to spread each deployment independently, or override topologySpreadConstraints
# for each deployment
topologySpreadConstraints : {}
# Default volume mounts for all pods
volumeMounts : [ ]
# Default volumes for all pods
volumes : [ ]