From 3831aa6cb65dfc3013f367ce57aa4b19dd9e6825 Mon Sep 17 00:00:00 2001 From: ace Date: Mon, 9 Aug 2021 17:16:20 +0300 Subject: [PATCH] update mastodon helm chart for v3.4.1 --- mastodon/Chart.yaml | 10 +- mastodon/readme.md | 17 +- mastodon/templates/NOTES.txt | 5 +- mastodon/templates/configmap-env.yaml | 72 ++++--- mastodon/templates/cronjob-media-remove.yaml | 20 +- mastodon/templates/deployment-sidekiq.yaml | 16 +- mastodon/templates/deployment-streaming.yaml | 12 +- mastodon/templates/deployment-web.yaml | 16 +- mastodon/templates/ingress.yaml | 17 +- mastodon/templates/job-assets-precompile.yaml | 16 +- mastodon/templates/job-chewy-upgrade.yaml | 16 +- mastodon/templates/job-create-admin.yaml | 22 ++- mastodon/templates/job-db-migrate.yaml | 16 +- .../templates/job-set-admin-password.yaml | 26 +-- mastodon/templates/pvc-assets.yaml | 9 +- mastodon/templates/pvc-system.yaml | 9 +- mastodon/templates/secrets.yaml | 33 ++-- mastodon/templates/service-streaming.yaml | 2 +- mastodon/templates/service-web.yaml | 2 +- mastodon/values.yaml | 187 +++++++++--------- 20 files changed, 283 insertions(+), 240 deletions(-) diff --git a/mastodon/Chart.yaml b/mastodon/Chart.yaml index 715fc1b..76b4961 100644 --- a/mastodon/Chart.yaml +++ b/mastodon/Chart.yaml @@ -15,23 +15,23 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 3.3.0 +appVersion: 3.4.1 dependencies: - name: elasticsearch - version: "14.2.1" repository: https://charts.bitnami.com/bitnami + version: 15.10.3 condition: elasticsearch.enabled - name: postgresql - version: "10.2.7" repository: https://charts.bitnami.com/bitnami + version: 10.9.1 condition: postgresql.enabled - name: redis - version: "12.7.2" repository: https://charts.bitnami.com/bitnami + version: 14.8.8 condition: redis.enabled diff --git a/mastodon/readme.md b/mastodon/readme.md index 804e980..9f7a889 100644 --- a/mastodon/readme.md +++ b/mastodon/readme.md @@ -3,12 +3,9 @@ This is a [Helm](https://helm.sh/) chart for installing Mastodon into a Kubernetes cluster. The basic usage is: -``` -cp values.yaml.template values.yaml -edit values.yaml # configure required settings -helm dep update -helm upgrade --install my-mastodon ./ -``` +1. edit `values.yaml` or create a separate yaml file for custom values +1. `helm dep update` +1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` This chart has been tested on Helm 3.0.1 and above. @@ -16,21 +13,17 @@ This chart has been tested on Helm 3.0.1 and above. The variables that _must_ be configured are: -- `ingress.hostname`; even if you aren’t using an Ingress, this value is used to - set `LOCAL_DOMAIN`. - -- password and keys in the `secrets`, `postgresql`, and `redis` groups; if +- password and keys in the `mastodon.secrets`, `postgresql`, and `redis` groups; if left blank, some of those values will be autogenerated, but will not persist across upgrades. -- SMTP settings for your mailer in the `smtp` group. +- SMTP settings for your mailer in the `mastodon.smtp` group. # Missing features Currently this chart does _not_ support: - Hidden services -- S3/Minio/GCS - Single Sign-On - Swift - configurations using `WEB_DOMAIN` diff --git a/mastodon/templates/NOTES.txt b/mastodon/templates/NOTES.txt index 36cced6..b09c40b 100644 --- a/mastodon/templates/NOTES.txt +++ b/mastodon/templates/NOTES.txt @@ -2,7 +2,7 @@ {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} @@ -16,6 +16,7 @@ echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mastodon.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/mastodon/templates/configmap-env.yaml b/mastodon/templates/configmap-env.yaml index 528ccb5..701368e 100644 --- a/mastodon/templates/configmap-env.yaml +++ b/mastodon/templates/configmap-env.yaml @@ -8,62 +8,72 @@ data: {{- if .Values.postgresql.enabled }} DB_HOST: {{ template "mastodon.postgresql.fullname" . }} {{- else }} - DB_HOST: {{ .Values.postgresql.postgresqlHost }} + DB_HOST: {{ .Values.postgresql.postgresqlHostname }} {{- end }} DB_NAME: {{ .Values.postgresql.postgresqlDatabase }} - DB_POOL: {{ .Values.application.sidekiq.concurrency | quote }} + DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} DB_PORT: "5432" DB_USER: {{ .Values.postgresql.postgresqlUsername }} - DEFAULT_LOCALE: {{ .Values.locale }} + DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} ES_ENABLED: "true" ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master ES_PORT: "9200" {{- end }} - LOCAL_DOMAIN: {{ .Values.ingress.hostname }} + LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior MALLOC_ARENA_MAX: "2" NODE_ENV: "production" RAILS_ENV: "production" REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master REDIS_PORT: "6379" - {{- if .Values.smtp.auth_method }} - SMTP_AUTH_METHOD: {{ .Values.smtp.auth_method }} + {{- if .Values.mastodon.s3.enabled }} + S3_BUCKET: {{ .Values.mastodon.s3.bucket }} + S3_ENABLED: "true" + S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} + S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} + S3_PROTOCOL: "https" + {{- if .Values.mastodon.s3.region }} + S3_REGION: {{ .Values.mastodon.s3.region }} {{- end }} - {{- if .Values.smtp.ca_file }} - SMTP_CA_FILE: {{ .Values.smtp.ca_file }} {{- end }} - {{- if .Values.smtp.delivery_method }} - SMTP_DELIVERY_METHOD: {{ .Values.smtp.delivery_method }} + {{- if .Values.mastodon.smtp.auth_method }} + SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} {{- end }} - {{- if .Values.smtp.domain }} - SMTP_DOMAIN: {{ .Values.smtp.domain }} + {{- if .Values.mastodon.smtp.ca_file }} + SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }} {{- end }} - {{- if .Values.smtp.enable_starttls_auto }} - SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.smtp.enable_starttls_auto | quote }} + {{- if .Values.mastodon.smtp.delivery_method }} + SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }} {{- end }} - {{- if .Values.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ .Values.smtp.from_address }} + {{- if .Values.mastodon.smtp.domain }} + SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }} {{- end }} - {{- if .Values.smtp.login }} - SMTP_LOGIN: {{ .Values.smtp.login }} + {{- if .Values.mastodon.smtp.enable_starttls_auto }} + SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }} {{- end }} - {{- if .Values.smtp.openssl_verify_mode }} - SMTP_OPENSSL_VERIFY_MODE: {{ .Values.smtp.openssl_verify_mode }} + {{- if .Values.mastodon.smtp.from_address }} + SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }} {{- end }} - {{- if .Values.smtp.password }} - SMTP_PASSWORD: {{ .Values.smtp.password }} + {{- if .Values.mastodon.smtp.login }} + SMTP_LOGIN: {{ .Values.mastodon.smtp.login }} {{- end }} - {{- if .Values.smtp.port }} - SMTP_PORT: {{ .Values.smtp.port | quote }} + {{- if .Values.mastodon.smtp.openssl_verify_mode }} + SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }} {{- end }} - {{- if .Values.smtp.reply_to }} - SMTP_REPLY_TO: {{ .Values.smtp.reply_to }} + {{- if .Values.mastodon.smtp.password }} + SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }} {{- end }} - {{- if .Values.smtp.server }} - SMTP_SERVER: {{ .Values.smtp.server }} + {{- if .Values.mastodon.smtp.port }} + SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }} {{- end }} - {{- if .Values.smtp.tls }} - SMTP_TLS: {{ .Values.smtp.tls | quote }} + {{- if .Values.mastodon.smtp.reply_to }} + SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }} {{- end }} - STREAMING_CLUSTER_NUM: {{ .Values.application.streaming.workers | quote }} + {{- if .Values.mastodon.smtp.server }} + SMTP_SERVER: {{ .Values.mastodon.smtp.server }} + {{- end }} + {{- if .Values.mastodon.smtp.tls }} + SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }} + {{- end }} + STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} diff --git a/mastodon/templates/cronjob-media-remove.yaml b/mastodon/templates/cronjob-media-remove.yaml index 8d95c1e..3d6e25c 100644 --- a/mastodon/templates/cronjob-media-remove.yaml +++ b/mastodon/templates/cronjob-media-remove.yaml @@ -1,4 +1,4 @@ -{{ if .Values.cron.removeMedia.enabled }} +{{ if .Values.mastodon.cron.removeMedia.enabled }} apiVersion: batch/v1beta1 kind: CronJob metadata: @@ -6,7 +6,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: - schedule: {{ .Values.cron.removeMedia.schedule }} + schedule: {{ .Values.mastodon.cron.removeMedia.schedule }} jobTemplate: spec: template: @@ -14,9 +14,10 @@ spec: name: {{ include "mastodon.fullname" . }}-media-remove spec: restartPolicy: OnFailure + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -35,6 +36,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-media-remove image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -50,24 +52,26 @@ spec: name: {{ template "mastodon.fullname" . }} env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} {{- end }} diff --git a/mastodon/templates/deployment-sidekiq.yaml b/mastodon/templates/deployment-sidekiq.yaml index d7d1c46..baf6c2b 100644 --- a/mastodon/templates/deployment-sidekiq.yaml +++ b/mastodon/templates/deployment-sidekiq.yaml @@ -31,9 +31,10 @@ spec: serviceAccountName: {{ include "mastodon.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -52,6 +53,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -63,7 +65,7 @@ spec: - exec - sidekiq - -c - - {{ .Values.application.sidekiq.concurrency | quote }} + - {{ .Values.mastodon.sidekiq.concurrency | quote }} envFrom: - configMapRef: name: {{ include "mastodon.fullname" . }}-env @@ -71,24 +73,26 @@ spec: name: {{ template "mastodon.fullname" . }} env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/mastodon/templates/deployment-streaming.yaml b/mastodon/templates/deployment-streaming.yaml index 4bcd2e8..b332b68 100644 --- a/mastodon/templates/deployment-streaming.yaml +++ b/mastodon/templates/deployment-streaming.yaml @@ -41,24 +41,24 @@ spec: name: {{ include "mastodon.fullname" . }}-env env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.streaming.port | quote }} + value: {{ .Values.mastodon.streaming.port | quote }} ports: - name: streaming - containerPort: {{ .Values.application.streaming.port }} + containerPort: {{ .Values.mastodon.streaming.port }} protocol: TCP livenessProbe: httpGet: diff --git a/mastodon/templates/deployment-web.yaml b/mastodon/templates/deployment-web.yaml index aa7d3a1..8b8bb4f 100644 --- a/mastodon/templates/deployment-web.yaml +++ b/mastodon/templates/deployment-web.yaml @@ -31,6 +31,7 @@ spec: serviceAccountName: {{ include "mastodon.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if (not .Values.mastodon.s3.enabled) }} volumes: - name: assets persistentVolumeClaim: @@ -38,6 +39,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -57,29 +59,31 @@ spec: name: {{ template "mastodon.fullname" . }} env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} ports: - name: http - containerPort: {{ .Values.application.web.port }} + containerPort: {{ .Values.mastodon.web.port }} protocol: TCP livenessProbe: httpGet: diff --git a/mastodon/templates/ingress.yaml b/mastodon/templates/ingress.yaml index 947bf5b..8930d2c 100644 --- a/mastodon/templates/ingress.yaml +++ b/mastodon/templates/ingress.yaml @@ -1,6 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "mastodon.fullname" . -}} -{{- $svcPort := .Values.service.port -}} +{{- $webPort := .Values.mastodon.web.port -}} +{{- $streamingPort := .Values.mastodon.streaming.port -}} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} @@ -27,15 +28,19 @@ spec: {{- end }} {{- end }} rules: - - host: {{ .Values.ingress.hostname | quote }} + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} http: paths: - - path: '/' + {{- range .paths }} + - path: {{ .path }} backend: serviceName: {{ $fullName }}-web - servicePort: {{ $svcPort }} - - path: '/api/v1/streaming' + servicePort: {{ $webPort }} + - path: {{ .path }}api/v1/streaming backend: serviceName: {{ $fullName }}-streaming - servicePort: {{ .Values.application.streaming.port }} + servicePort: {{ $streamingPort }} + {{- end }} + {{- end }} {{- end }} diff --git a/mastodon/templates/job-assets-precompile.yaml b/mastodon/templates/job-assets-precompile.yaml index e3aae0d..825a7e9 100644 --- a/mastodon/templates/job-assets-precompile.yaml +++ b/mastodon/templates/job-assets-precompile.yaml @@ -14,9 +14,10 @@ spec: name: {{ include "mastodon.fullname" . }}-assets-precompile spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -35,6 +36,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-assets-precompile image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -51,23 +53,25 @@ spec: name: {{ template "mastodon.fullname" . }} env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} diff --git a/mastodon/templates/job-chewy-upgrade.yaml b/mastodon/templates/job-chewy-upgrade.yaml index 2bb3e66..cc68a33 100644 --- a/mastodon/templates/job-chewy-upgrade.yaml +++ b/mastodon/templates/job-chewy-upgrade.yaml @@ -15,9 +15,10 @@ spec: name: {{ include "mastodon.fullname" . }}-chewy-upgrade spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -36,6 +37,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-chewy-setup image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -52,24 +54,26 @@ spec: name: {{ template "mastodon.fullname" . }} env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} {{- end }} diff --git a/mastodon/templates/job-create-admin.yaml b/mastodon/templates/job-create-admin.yaml index 2d14140..ffb8bb0 100644 --- a/mastodon/templates/job-create-admin.yaml +++ b/mastodon/templates/job-create-admin.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createAdmin.enabled }} +{{- if .Values.mastodon.createAdmin.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -15,9 +15,10 @@ spec: name: {{ include "mastodon.fullname" . }}-create-admin spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -36,6 +37,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-create-admin image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -44,9 +46,9 @@ spec: - bin/tootctl - accounts - create - - {{ .Values.createAdmin.username }} + - {{ .Values.mastodon.createAdmin.username }} - --email - - {{ .Values.createAdmin.email }} + - {{ .Values.mastodon.createAdmin.email }} - --confirmed - --role - admin @@ -57,24 +59,26 @@ spec: name: {{ template "mastodon.fullname" . }} env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} {{- end }} diff --git a/mastodon/templates/job-db-migrate.yaml b/mastodon/templates/job-db-migrate.yaml index 8501f79..72f910e 100644 --- a/mastodon/templates/job-db-migrate.yaml +++ b/mastodon/templates/job-db-migrate.yaml @@ -14,9 +14,10 @@ spec: name: {{ include "mastodon.fullname" . }}-db-migrate spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -35,6 +36,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-db-migrate image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -51,23 +53,25 @@ spec: name: {{ template "mastodon.fullname" . }} env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} diff --git a/mastodon/templates/job-set-admin-password.yaml b/mastodon/templates/job-set-admin-password.yaml index 45934fd..1ff4246 100644 --- a/mastodon/templates/job-set-admin-password.yaml +++ b/mastodon/templates/job-set-admin-password.yaml @@ -1,23 +1,24 @@ -{{- if .Values.createAdmin.enabled }} +{{- if .Values.mastodon.createAdmin.enabled }} apiVersion: batch/v1 kind: Job metadata: - name: {{ include "mastodon.fullname" . }}-set-admin-password + name: {{ include "mastodon.fullname" . }}-create-admin labels: {{- include "mastodon.labels" . | nindent 4 }} annotations: "helm.sh/hook": post-install "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "100" + "helm.sh/hook-weight": "-1" spec: template: metadata: - name: {{ include "mastodon.fullname" . }}-set-admin-password + name: {{ include "mastodon.fullname" . }}-create-admin spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -36,6 +37,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-set-admin-password image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -43,7 +45,7 @@ spec: command: - "/bin/bash" - "-c" - - "echo \"account=Account.find_by(username:'{{ .Values.createAdmin.username }}') ; user=User.find_by(account:account) ; user.password='{{ .Values.createAdmin.password }}' ; user.save!\" | rails c" + - "echo \"account=Account.find_by(username:'{{ .Values.mastodon.createAdmin.username }}') ; user=User.find_by(account:account) ; user.password='{{ .Values.mastodon.createAdmin.password }}' ; user.save!\" | rails c" envFrom: - configMapRef: name: {{ include "mastodon.fullname" . }}-env @@ -51,24 +53,26 @@ spec: name: {{ template "mastodon.fullname" . }} env: - name: "DB_PASS" - {{- if .Values.postgresql.enabled }} valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} key: postgresql-password - {{- else }} - value: {{ .Values.postgresql.postgresqlPassword | quote }} - {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} {{- end }} diff --git a/mastodon/templates/pvc-assets.yaml b/mastodon/templates/pvc-assets.yaml index 5c53151..58b2179 100644 --- a/mastodon/templates/pvc-assets.yaml +++ b/mastodon/templates/pvc-assets.yaml @@ -1,4 +1,4 @@ ---- +{{- if (not .Values.mastodon.s3.enabled) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -7,7 +7,8 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.persistence.system.accessMode }} + - {{ .Values.mastodon.persistence.system.accessMode }} resources: - {{- toYaml .Values.persistence.assets.resources | nindent 4}} - storageClassName: {{ .Values.persistence.assets.storageClassName }} + {{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}} + storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }} +{{- end }} diff --git a/mastodon/templates/pvc-system.yaml b/mastodon/templates/pvc-system.yaml index 0285511..52398f0 100644 --- a/mastodon/templates/pvc-system.yaml +++ b/mastodon/templates/pvc-system.yaml @@ -1,4 +1,4 @@ ---- +{{- if (not .Values.mastodon.s3.enabled) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -7,7 +7,8 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.persistence.system.accessMode }} + - {{ .Values.mastodon.persistence.system.accessMode }} resources: - {{- toYaml .Values.persistence.system.resources | nindent 4}} - storageClassName: {{ .Values.persistence.system.storageClassName }} + {{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}} + storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }} +{{- end }} diff --git a/mastodon/templates/secrets.yaml b/mastodon/templates/secrets.yaml index 74f4b15..0452a8a 100644 --- a/mastodon/templates/secrets.yaml +++ b/mastodon/templates/secrets.yaml @@ -6,23 +6,30 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} type: Opaque data: - {{- if not (empty .Values.secrets.secret_key_base) }} - SECRET_KEY_BASE: "{{ .Values.secrets.secret_key_base | b64enc }}" - {{- else }} - SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.secrets.secret_key_base }} + {{- if .Values.mastodon.s3.enabled }} + AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}" + AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}" {{- end }} - {{- if not (empty .Values.secrets.otp_secret) }} - OTP_SECRET: "{{ .Values.secrets.otp_secret | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} + SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" {{- else }} - OTP_SECRET: {{ required "otp_secret is required" .Values.secrets.otp_secret }} + SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }} {{- end }} - {{- if not (empty .Values.secrets.vapid.private_key) }} - VAPID_PRIVATE_KEY: "{{ .Values.secrets.vapid.private_key | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.otp_secret) }} + OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}" {{- else }} - VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.secrets.vapid.private_key }} + OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }} {{- end }} - {{- if not (empty .Values.secrets.vapid.public_key) }} - VAPID_PUBLIC_KEY: "{{ .Values.secrets.vapid.public_key | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.vapid.private_key) }} + VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}" {{- else }} - VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.secrets.vapid.public_key }} + VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.vapid.public_key) }} + VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}" + {{- else }} + VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} + {{- end }} + {{- if not .Values.postgresql.enabled }} + postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}" {{- end }} diff --git a/mastodon/templates/service-streaming.yaml b/mastodon/templates/service-streaming.yaml index ff5dc13..a005e61 100644 --- a/mastodon/templates/service-streaming.yaml +++ b/mastodon/templates/service-streaming.yaml @@ -7,7 +7,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.application.streaming.port }} + - port: {{ .Values.mastodon.streaming.port }} targetPort: streaming protocol: TCP name: streaming diff --git a/mastodon/templates/service-web.yaml b/mastodon/templates/service-web.yaml index e0df35b..3563fde 100644 --- a/mastodon/templates/service-web.yaml +++ b/mastodon/templates/service-web.yaml @@ -7,7 +7,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.mastodon.web.port }} targetPort: http protocol: TCP name: http diff --git a/mastodon/values.yaml b/mastodon/values.yaml index f0e46e8..f9e4f92 100644 --- a/mastodon/values.yaml +++ b/mastodon/values.yaml @@ -2,16 +2,89 @@ replicaCount: 1 image: repository: tootsuite/mastodon - pullPolicy: Always # https://hub.docker.com/r/tootsuite/mastodon/tags - tag: v3.3.0 + # # alternatively, use `latest` for the latest release or `edge` for the image # built from the most recent commit # # tag: latest + tag: v3.4.1 + # use `Always` when using `latest` tag + pullPolicy: IfNotPresent + +mastodon: + # create an initial administrator user; the password is autogenerated and will + # have to be reset + # CHANGE PASSWORD!! + createAdmin: + enabled: false + username: not_gargron + password: mystronpassword + email: not@example.com + cron: + # run `tootctl media remove` every week + removeMedia: + enabled: true + schedule: "0 0 * * 0" + # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 + locale: en + local_domain: mastodon.local + persistence: + assets: + # ReadWriteOnce is more widely supported than ReadWriteMany, but limits + # scalability, since it requires the Rails and Sidekiq pods to run on the + # same node. + accessMode: ReadWriteOnce + resources: + requests: + storage: 10Gi + system: + accessMode: ReadWriteOnce + resources: + requests: + storage: 100Gi + s3: + enabled: false + access_key: "" + access_secret: "" + bucket: "" + endpoint: https://us-east-1.linodeobjects.com + hostname: us-east-1.linodeobjects.com + region: "" + # these must be set manually; autogenerated keys are rotated on each upgrade + secrets: + secret_key_base: "" + otp_secret: "" + vapid: + private_key: "" + public_key: "" + sidekiq: + concurrency: 25 + smtp: + auth_method: plain + ca_file: + delivery_method: smtp + domain: + enable_starttls_auto: true + from_address: notifications@example.com + login: + openssl_verify_mode: peer + password: + port: 587 + reply_to: + server: smtp.mailgun.org + tls: false + streaming: + port: 4000 + # this should be set manually since os.cpus() returns the number of CPUs on + # the node running the pod, which is unrelated to the resources allocated to + # the pod by k8s + workers: 1 + web: + port: 3000 ingress: - enabled: false + enabled: true annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" @@ -22,65 +95,15 @@ ingress: # nginx.ingress.kubernetes.io/proxy-body-size: 40m # for the NGINX ingress controller: # nginx.org/client-max-body-size: 40m - # this value is used for LOCAL_DOMAIN - hostname: mastodon.local + hosts: + - host: mastodon.local + paths: + - path: '/' tls: - secretName: mastodon-tls hosts: - mastodon.local -# create an initial administrator user -# CHANGE PASSWORD! -createAdmin: - enabled: false - username: not_gargron - password: mystronpassword - email: not@example.com - -# available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 -locale: en - -cron: - # run `tootctl media remove` every week - removeMedia: - enabled: true - schedule: "0 0 * * 0" - -application: - web: - port: 3000 - streaming: - port: 4000 - # this should be set manually since os.cpus() returns the number of CPUs on - # the node running the pod, which is unrelated to the resources allocated to - # the pod by k8s - workers: 1 - sidekiq: - concurrency: 25 - -# these must be set manually; autogenerated keys are rotated on each upgrade -secrets: - secret_key_base: "" - otp_secret: "" - vapid: - private_key: "" - public_key: "" - -smtp: - auth_method: plain - ca_file: - delivery_method: smtp - domain: - enable_starttls_auto: true - from_address: notifications@example.com - login: - openssl_verify_mode: peer - password: - port: 587 - reply_to: - server: smtp.mailgun.org - tls: false - # https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: # `false` will disable full-text search @@ -89,29 +112,18 @@ elasticsearch: # RAILS_ENV=production bundle exec rake chewy:sync # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) enabled: true - master: - name: master - ## Number of master-eligible node(s) replicas to deploy - ## - replicas: 2 - coordinating: - ## Number of coordinating-only node(s) replicas to deploy - ## - replicas: 2 - data: - name: data - ## Number of data node(s) replicas to deploy - ## - replicas: 2 - + # may be removed once https://github.com/tootsuite/mastodon/pull/13828 is part + # of a tagged release + image: + tag: 6 # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: - # Disable for external PostgreSQL + # disable if you want to use an existing db; in which case the values below + # must match those of that external postgres instance enabled: true - # Set for external PostgreSQL - # postgresqlHost: postgresql.local - postgresqlDatabase: mastodon + # postgresqlHostname: preexisting-postgresql + postgresqlDatabase: mastodon_production # you must set a password; the password generated by the postgresql chart will # be rotated on each upgrade: # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade @@ -121,27 +133,8 @@ postgresql: # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: enabled: true - usePassword: true - # you must set a password; the password generated by the redis chart will be - # rotated on each upgrade: - password: "" - cluster: - enabled: true - -persistence: - assets: - # ReadWriteOnce is more widely supported than ReadWriteMany, but limits - # scalability, since it requires the Rails and Sidekiq pods to run on the - # same node. - accessMode: ReadWriteOnce - resources: - requests: - storage: 10Gi - system: - accessMode: ReadWriteOnce - resources: - requests: - storage: 100Gi + auth: + password: "" service: type: ClusterIP