ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mastodon: bump to vv4.2.9, helm chart v5.1.2

Browse Source
This commit is contained in:
ace
2024-06-01 03:42:03 +03:00
parent 6b110c9f5b
commit 3a8be39de0
29 changed files with 1342 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
mastodon/templates/_helpers.tpl
View File

@ -31,12 +31,22 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Labels added on every Mastodon resource
*/}}
{{- define "mastodon.globalLabels" -}}
{{- range $k, $v := .Values.mastodon.labels }}
{{ $k }}: {{ quote $v }}
{{- end -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "mastodon.labels" -}}
helm.sh/chart: {{ include "mastodon.chart" . }}
{{ include "mastodon.selectorLabels" . }}
{{ include "mastodon.globalLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -73,6 +83,28 @@ Create the name of the service account to use
{{- end }}
{{- end }}
{{/*
Create the name of the assets persistent volume to use
*/}}
{{- define "mastodon.pvc.assets" -}}
{{- if .Values.mastodon.persistence.assets.existingClaim }}
{{- printf "%s" (tpl .Values.mastodon.persistence.assets.existingClaim $) -}}
{{- else -}}
{{- printf "%s-assets" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the system persistent volume to use
*/}}
{{- define "mastodon.pvc.system" -}}
{{- if .Values.mastodon.persistence.system.existingClaim }}
{{- printf "%s" (tpl .Values.mastodon.persistence.system.existingClaim $) -}}
{{- else -}}
{{- printf "%s-system" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified name for dependent services.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -96,7 +128,7 @@ Get the mastodon secret.
{{- if .Values.mastodon.secrets.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- printf "%s" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -107,7 +139,7 @@ Get the smtp secret.
{{- if .Values.mastodon.smtp.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}}
{{- else -}}
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
{{- printf "%s-smtp" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -120,7 +152,7 @@ Get the postgresql secret.
{{- else if .Values.postgresql.enabled -}}
{{- printf "%s-postgresql" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- printf "%s" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -132,6 +164,38 @@ Get the redis secret.
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else if .Values.redis.enabled -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s-redis" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret (sidekiq).
*/}}
{{- define "mastodon.redis.sidekiq.secretName" -}}
{{- if .Values.redis.sidekiq.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.sidekiq.auth.existingSecret $) -}}
{{- else if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret (cache).
*/}}
{{- define "mastodon.redis.cache.secretName" -}}
{{- if .Values.redis.cache.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.cache.auth.existingSecret $) -}}
{{- else if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
@ -161,3 +225,16 @@ Find highest number of needed database connections to set DB_POOL variable
{{- end }}
{{- $poolSize | quote }}
{{- end }}
{{/*
Full hostname for a custom Elasticsearch cluster
*/}}
{{- define "mastodon.elasticsearch.fullHostname" -}}
{{- if not .Values.elasticsearch.enabled }}
{{- if .Values.elasticsearch.tls }}
{{- printf "https://%s" (tpl .Values.elasticsearch.hostname $) -}}
{{- else -}}
{{- printf "%s" (tpl .Values.elasticsearch.hostname $) -}}
{{- end }}
{{- end -}}
{{- end -}}

54
mastodon/templates/_statsd.yaml Normal file
View File

@ -0,0 +1,54 @@
{{/*
The exporter container attached to every Mastodon pod
*/}}
{{- define "mastodon.statsdExporterContainer" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
- name: statsd-exporter
image: prom/statsd-exporter
args:
- "--statsd.mapping-config=/statsd-mappings/mastodon.yml"
resources:
requests:
cpu: "0.1"
memory: "180M"
limits:
cpu: "0.5"
memory: "250M"
ports:
- name: statsd
containerPort: {{ .exporter.port }}
volumeMounts:
- name: statsd-mappings
mountPath: /statsd-mappings
{{- end }}
{{- end }}
{{- end }}
{{/*
The volume needed for the container above
*/}}
{{- define "mastodon.statsdExporterVolume" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
- name: statsd-mappings
configMap:
name: {{ include "mastodon.fullname" $ }}-statsd-mappings
items:
- key: mastodon-statsd-mappings.yml
path: mastodon.yml
{{- end }}
{{- end }}
{{- end }}
{{/*
Labels added to every statsd_exporter-enabled pod
*/}}
{{- define "mastodon.statsdExporterLabels" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
mastodon/statsd-exporter: "true"
{{- end }}
{{- end }}
{{- end }}

92
mastodon/templates/configmap-env.yaml
View File

@ -15,17 +15,44 @@ data:
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }}
{{- if .Values.postgresql.readReplica.hostname }}
REPLICA_DB_HOST: {{ .Values.postgresql.readReplica.hostname }}
{{- end }}
{{- if .Values.postgresql.readReplica.port }}
REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.database }}
REPLICA_DB_NAME: {{ .Values.postgresql.readReplica.auth.database }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.username }}
REPLICA_DB_USER: {{ .Values.postgresql.readReplica.auth.username }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.password }}
REPLICA_DB_PASS: {{ .Values.postgresql.readReplica.auth.password }}
{{- end }}
PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }}
ES_ENABLED: "true"
ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl
ES_PORT: "9200"
{{- else if .Values.elasticsearch.hostname }}
ES_ENABLED: "true"
ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}}
ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }}
{{- end }}
{{- with .Values.elasticsearch.user }}
ES_USER: {{ . }}
{{- end }}
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
{{- with .Values.mastodon.web_domain }}
WEB_DOMAIN: {{ . }}
{{- end }}
{{- with .Values.mastodon.alternate_domains }}
ALTERNATE_DOMAINS: {{ join "," . }}
{{- end }}
{{- with .Values.mastodon.singleUserMode }}
SINGLE_USER_MODE: "true"
{{- end }}
@ -45,6 +72,30 @@ data:
REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }}
{{- end }}
REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- if .Values.redis.sidekiq.enabled }}
{{- if .Values.redis.sidekiq.hostname }}
SIDEKIQ_REDIS_HOST: {{ .Values.redis.sidekiq.hostname }}
{{- else }}
SIDEKIQ_REDIS_HOST: {{ .Values.redis.hostname }}
{{- end }}
{{- if .Values.redis.sidekiq.port }}
SIDEKIQ_REDIS_PORT: {{ .Values.redis.sidekiq.port | quote }}
{{- else }}
SIDEKIQ_REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- end }}
{{- end }}
{{- if .Values.redis.cache.enabled }}
{{- if .Values.redis.cache.hostname }}
CACHE_REDIS_HOST: {{ .Values.redis.cache.hostname }}
{{- else }}
CACHE_REDIS_HOST: {{ .Values.redis.hostname}}
{{- end }}
{{- if .Values.redis.cache.port }}
CACHE_REDIS_PORT: {{ .Values.redis.cache.port | quote }}
{{- else }}
CACHE_REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- end }}
{{- end }}
{{- if .Values.mastodon.s3.enabled }}
S3_BUCKET: {{ .Values.mastodon.s3.bucket }}
S3_ENABLED: "true"
@ -60,6 +111,12 @@ data:
{{- with .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ . }}
{{- end }}
{{- with .Values.mastodon.s3.multipart_threshold }}
S3_MULTIPART_THRESHOLD: "{{ . }}"
{{- end }}
{{- with .Values.mastodon.s3.override_path_style }}
S3_OVERRIDE_PATH_STYLE: "{{ . }}"
{{- end }}
{{- end }}
{{- with .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ . }}
@ -82,6 +139,9 @@ data:
{{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.return_path }}
SMTP_RETURN_PATH: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
{{- end }}
@ -322,6 +382,34 @@ data:
LDAP_UID_CONVERSION_REPLACE: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.mastodon.metrics.statsd.address }}
STATSD_ADDR: {{ . }}
{{- if .Values.mastodon.metrics.statsd.address }}
STATSD_ADDR: {{ .Values.mastodon.metrics.statsd.address }}
{{- else if .Values.mastodon.metrics.statsd.exporter.enabled }}
STATSD_ADDR: localhost:9125
{{- end }}
{{- range $k, $v := .Values.mastodon.extraEnvVars }}
{{ $k }}: {{ quote $v }}
{{- end }}
{{- if .Values.mastodon.deepl.enabled }}
DEEPL_PLAN: {{ .Values.mastodon.deepl.plan }}
{{- end }}
{{- if .Values.mastodon.hcaptcha.enabled }}
HCAPTCHA_SITE_KEY: {{ .Values.mastodon.hcaptcha.siteId }}
{{- end }}
{{- if .Values.mastodon.cacheBuster.enabled }}
CACHE_BUSTER_ENABLED: "true"
{{- if .Values.mastodon.cacheBuster.httpMethod }}
CACHE_BUSTER_HTTP_METHOD: {{ .Values.mastodon.cacheBuster.httpMethod }}
{{- end }}
{{- if .Values.mastodon.cacheBuster.authHeader }}
CACHE_BUSTER_SECRET_HEADER: {{ .Values.mastodon.cacheBuster.authHeader }}
{{- end }}
{{- else }}
CACHE_BUSTER_ENABLED: "false"
{{- end }}
{{- with .Values.timezone }}
TZ: {{ . | quote }}
{{- end }}

25
mastodon/templates/cronjob-media-remove.yaml
View File

@ -36,10 +36,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-media-remove
@ -65,6 +65,27 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}

94
mastodon/templates/deployment-sidekiq.yaml
View File

@ -9,6 +9,10 @@ metadata:
{{- include "mastodon.labels" $context | nindent 4 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
annotations:
{{- with $context.Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if (has "scheduler" .queues) }}
{{- if (gt (int .replicas) 1) }}
@ -18,6 +22,9 @@ spec:
type: Recreate
{{- end }}
replicas: {{ .replicas }}
{{- if (ne (toString $context.Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ $context.Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" $context | nindent 6 }}
@ -31,9 +38,11 @@ spec:
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
labels:
{{- include "mastodon.globalLabels" $context | nindent 8 }}
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" $context | nindent 8 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
@ -50,20 +59,35 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
{{- with (default (default $context.Values.topologySpreadConstraints $context.Values.mastodon.sidekiq.topologySpreadConstraints) .topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if (not $context.Values.mastodon.s3.enabled) }}
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" $context }}-assets
claimName: {{ template "mastodon.pvc.assets" $context }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" $context }}-system
claimName: {{ template "mastodon.pvc.system" $context }}
{{- end }}
{{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
{{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
- name: config-database-yml
configMap:
name: {{ .customDatabaseConfigYml.configMapRef.name }}
{{- end }}
{{- with $context.Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ $context.Chart.Name }}
{{- with $context.Values.mastodon.sidekiq.securityContext | default $context.Values.securityContext }}
securityContext:
{{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ coalesce (dig "image" "repository" false .) $context.Values.image.repository }}:{{ coalesce (dig "image" "tag" false .) $context.Values.image.tag $context.Chart.AppVersion }}"
imagePullPolicy: {{ $context.Values.image.pullPolicy }}
command:
- bundle
@ -80,17 +104,49 @@ spec:
name: {{ include "mastodon.fullname" $context }}-env
- secretRef:
name: {{ template "mastodon.secretName" $context }}
{{- if $context.Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ $context.Values.mastodon.extraEnvFrom }}
{{- end}}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" $context }}
key: password
{{- if $context.Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ $context.Values.postgresql.readReplica.auth.existingSecret }}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" $context }}
key: redis-password
{{- if and $context.Values.redis.sidekiq.enabled $context.Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" $context }}
key: redis-password
{{- end }}
{{- if and $context.Values.redis.cache.enabled $context.Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" $context }}
key: redis-password
{{- end }}
{{- if and $context.Values.elasticsearch.existingSecret (or $context.Values.elasticsearch.enabled $context.Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ $context.Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
@ -102,6 +158,7 @@ spec:
secretKeyRef:
name: {{ include "mastodon.smtp.secretName" $context }}
key: password
optional: true
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
@ -114,15 +171,38 @@ spec:
name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
{{- if and $context.Values.mastodon.deepl.enabled }}
- name: "DEEPL_API_KEY"
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.deepl.apiKeySecretRef.name }}
key: {{ $context.Values.mastodon.deepl.apiKeySecretRef.key }}
{{- end }}
{{- if and $context.Values.mastodon.cacheBuster.enabled $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
- name: CACHE_BUSTER_SECRET
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
key: password
{{- end }}
volumeMounts:
{{- if (not $context.Values.mastodon.s3.enabled) }}
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
- name: config-database-yml
mountPath: /opt/mastodon/config/database.yml
subPath: {{ .customDatabaseConfigYml.configMapRef.key }}
{{- end }}
{{- with $context.Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with $context.Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

71
mastodon/templates/deployment-streaming.yaml
View File

@ -4,8 +4,15 @@ metadata:
name: {{ include "mastodon.fullname" . }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.streaming.deploymentAnnotations) }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.mastodon.streaming.replicas }}
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -19,6 +26,7 @@ spec:
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
labels:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: streaming
spec:
@ -31,33 +39,90 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.streaming.extraCerts }}
{{- $name := .name | default "extra-certs" }}
volumes:
- name: {{ $name }}
secret:
secretName: {{ .existingSecret }}
items:
- key: ca.crt
path: trusted-ca.crt
{{- end }}
containers:
- name: {{ .Chart.Name }}-streaming
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ coalesce .Values.mastodon.streaming.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- node
- ./streaming
{{- with .Values.mastodon.streaming.extraCerts }}
{{- $name := .name | default "extra-certs" }}
volumeMounts:
- name: {{ $name }}
mountPath: "/usr/local/share/ca-certificates"
{{- end }}
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
{{- if .Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}}
env:
{{- with .Values.mastodon.streaming.extraCerts }}
- name: "NODE_EXTRA_CA_CERTS"
value: "/usr/local/share/ca-certificates/trusted-ca.crt"
{{- with .sslMode }}
- name: "DB_SSLMODE"
value: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.postgresql.postgresqlReplicaHostname }}
- name: "DB_HOST"
value: {{ . }}
{{- end }}
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
{{- if .Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.readReplica.auth.existingSecret }}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.streaming.port | quote }}
{{- range $k, $v := .Values.mastodon.streaming.extraEnvVars }}
- name: {{ $k }}
value: {{ quote $v }}
{{- end }}
ports:
- name: streaming
containerPort: {{ .Values.mastodon.streaming.port }}
@ -82,6 +147,10 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.topologySpreadConstraints .Values.mastodon.streaming.topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}

96
mastodon/templates/deployment-web.yaml
View File

@ -4,8 +4,15 @@ metadata:
name: {{ include "mastodon.fullname" . }}-web
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.web.deploymentAnnotations) }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.mastodon.web.replicas }}
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -20,7 +27,9 @@ spec:
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
labels:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" . | nindent 8 }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
spec:
@ -33,14 +42,23 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumes:
{{- if (not .Values.mastodon.s3.enabled) }}
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
{{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
{{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
- name: config-database-yml
configMap:
name: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-web
@ -48,7 +66,7 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
@ -61,17 +79,49 @@ spec:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
{{- if .Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
{{- if .Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.readReplica.auth.existingSecret}}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if .Values.mastodon.web.minThreads }}
@ -102,13 +152,42 @@ spec:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
{{- if .Values.mastodon.deepl.enabled }}
- name: "DEEPL_API_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.deepl.apiKeySecretRef.name }}
key: {{ .Values.mastodon.deepl.apiKeySecretRef.key }}
{{- end }}
{{- if .Values.mastodon.hcaptcha.enabled }}
- name: "HCAPTCHA_SECRET_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.name }}
key: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.key }}
{{- end }}
{{- if and .Values.mastodon.cacheBuster.enabled .Values.mastodon.cacheBuster.authToken.existingSecret }}
- name: CACHE_BUSTER_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }}
key: password
{{- end }}
volumeMounts:
{{- if (not .Values.mastodon.s3.enabled) }}
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
- name: config-database-yml
mountPath: /opt/mastodon/config/database.yml
subPath: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.key }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.mastodon.web.port }}
@ -130,6 +209,7 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@ -138,7 +218,11 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with (default .Values.topologySpreadConstraints .Values.mastodon.web.topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.tolerations .Values.mastodon.web.tolerations) }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

57
mastodon/templates/ingress-streaming.yml Normal file
View File

@ -0,0 +1,57 @@
{{- if .Values.ingress.streaming.enabled -}}
{{- $fullName := include "mastodon.fullname" . -}}
{{- $webPort := .Values.mastodon.web.port -}}
{{- $streamingPort := .Values.mastodon.streaming.port -}}
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- with .Values.ingress.streaming.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.streaming.ingressClassName }}
ingressClassName: {{ .Values.ingress.streaming.ingressClassName }}
{{- end }}
{{- if .Values.ingress.streaming.tls }}
tls:
{{- range .Values.ingress.streaming.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.streaming.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}api/v1/streaming
backend:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
service:
name: {{ $fullName }}-streaming
port:
number: {{ $streamingPort }}
{{- else }}
serviceName: {{ $fullName }}-streaming
servicePort: {{ $streamingPort }}
{{- end }}
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
{{- end }}
{{- end }}
{{- end }}

2
mastodon/templates/ingress.yaml
View File

@ -52,6 +52,7 @@ spec:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
{{- if not $.Values.ingress.streaming.enabled }}
- path: {{ .path }}api/v1/streaming
backend:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
@ -67,5 +68,6 @@ spec:
pathType: Prefix
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

20
mastodon/templates/job-assets-precompile.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.mastodon.hooks.assetsPrecompile.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
@ -36,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-assets-precompile
@ -66,6 +67,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
@ -75,3 +90,4 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}

25
mastodon/templates/job-chewy-upgrade.yaml
View File

@ -37,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-chewy-setup
@ -67,6 +67,27 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}

18
mastodon/templates/job-create-admin.yaml
View File

@ -37,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-create-admin
@ -72,6 +72,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}

20
mastodon/templates/job-db-migrate.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.mastodon.hooks.dbMigrate.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
@ -36,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-db-migrate
@ -66,6 +67,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
@ -75,3 +90,4 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}

2
mastodon/templates/job-set-admin-password.yaml
View File

@ -49,7 +49,7 @@ spec:
command:
- "/bin/bash"
- "-c"
- "echo \"account=Account.find_by(username:'{{ .Values.mastodon.createAdmin.username }}') ; user=User.find_by(account:account) ; user.password='{{ .Values.mastodon.createAdmin.password }}' ; user.save!\" | rails c"
- "echo \"account=Account.find_by(username:'{{ .Values.mastodon.createAdmin.username }}') ; user=User.find_by(account:account) ; user.password='{{ .Values.mastodon.createAdmin.password }}' ; user.save!\" | rails c && /opt/mastodon/bin/tootctl accounts approve {{ .Values.mastodon.createAdmin.username }}"
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env

19
mastodon/templates/pdb-streaming.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.mastodon.streaming.pdb.enable }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mastodon.fullname" . }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if .Values.mastodon.streaming.pdb.minAvailable }}
minAvailable: {{ .Values.mastodon.streaming.pdb.minAvailable }}
{{- end }}
{{- if .Values.mastodon.streaming.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.mastodon.streaming.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: streaming
{{- end }}

20
mastodon/templates/pdb-web.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if .Values.mastodon.web.pdb.enable }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mastodon.fullname" . }}-web
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if .Values.mastodon.web.pdb.minAvailable }}
minAvailable: {{ .Values.mastodon.web.pdb.minAvailable }}
{{- end }}
{{- if .Values.mastodon.web.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.mastodon.web.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
{{- end }}

4
mastodon/templates/pvc-assets.yaml
View File

@ -1,4 +1,4 @@
{{- if (not .Values.mastodon.s3.enabled) -}}
{{- if and (not .Values.mastodon.s3.enabled) (not .Values.mastodon.persistence.assets.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@ -7,7 +7,7 @@ metadata:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.mastodon.persistence.system.accessMode }}
- {{ .Values.mastodon.persistence.assets.accessMode }}
{{- with .Values.mastodon.persistence.assets.resources }}
resources:
{{- toYaml . | nindent 4 }}

2
mastodon/templates/pvc-system.yaml
View File

@ -1,4 +1,4 @@
{{- if (not .Values.mastodon.s3.enabled) -}}
{{- if and (not .Values.mastodon.s3.enabled) (not .Values.mastodon.persistence.system.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:

15
mastodon/templates/secret-redis.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if not .Values.redis.enabled }}
{{- if and (not .Values.redis.auth.existingSecret) (not .Values.redis.existingSecret) }}
{{- if .Values.redis.auth.password }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "mastodon.redis.secretName" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
redis-password: "{{ .Values.redis.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}

2
mastodon/templates/secret-smtp.yaml
View File

@ -2,7 +2,7 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-smtp" (include "common.names.fullname" .) }}
name: {{ printf "%s-smtp" (include "mastodon.fullname" .) }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque

15
mastodon/templates/secrets.yaml
View File

@ -34,6 +34,21 @@ data:
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
{{- end }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}

107
mastodon/templates/statsd-exporter-mappings.yaml Normal file
View File

@ -0,0 +1,107 @@
{{- if and .Values.mastodon.metrics.statsd.exporter.enabled (not .Values.mastodon.metrics.statsd.address) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mastodon.fullname" . }}-statsd-mappings
labels:
{{- include "mastodon.labels" . | nindent 4 }}
data:
mastodon-statsd-mappings.yml: |-
## From https://ipng.ch/assets/mastodon/statsd-mapping.yaml
## Prometheus Statsd Exporter mapping for Mastodon 4.0+
##
## Version 1.0, November 2022
##
## Documentation: https://ipng.ch/s/articles/2022/11/27/mastodon-3.html
mappings:
## Web collector
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.status\.(.+)
match_type: regex
name: "mastodon_controller_status"
labels:
controller: $1
action: $2
format: $3
status: $4
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.db_time
match_type: regex
name: "mastodon_controller_db_time"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.view_time
match_type: regex
name: "mastodon_controller_view_time"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.total_duration
match_type: regex
name: "mastodon_controller_duration"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
## Database collector
- match: Mastodon\.production\.db\.tables\.(.+)\.queries\.(.+)\.duration
match_type: regex
name: "mastodon_db_operation"
labels:
table: "$1"
operation: "$2"
mastodon: "db"
## Cache collector
- match: Mastodon\.production\.cache\.(.+)\.duration
match_type: regex
name: "mastodon_cache_duration"
labels:
operation: "$1"
mastodon: "cache"
## Sidekiq collector
- match: Mastodon\.production\.sidekiq\.(.+)\.processing_time
match_type: regex
name: "mastodon_sidekiq_worker_processing_time"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)\.success
match_type: regex
name: "mastodon_sidekiq_worker_success_total"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)\.failure
match_type: regex
name: "mastodon_sidekiq_worker_failure_total"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.queues\.(.+)\.enqueued
match_type: regex
name: "mastodon_sidekiq_queue_enqueued"
labels:
queue: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.queues\.(.+)\.latency
match_type: regex
name: "mastodon_sidekiq_queue_latency"
labels:
queue: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)
match_type: regex
name: "mastodon_sidekiq_$1"
labels:
mastodon: "sidekiq"
{{- end }}