ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mastodon: bump to vv4.2.9, helm chart v5.1.2

Browse Source
This commit is contained in:
ace 2024-06-01 03:42:03 +03:00
parent 6b110c9f5b
commit 3a8be39de0
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
29 changed files with 1342 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
mastodon/.github/workflows/test-chart.yml vendored Normal file
View File

@ -0,0 +1,131 @@
# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
#
name: Test chart
on:
pull_request:
paths-ignore:
- "README.md"
push:
branches-ignore:
- "dependabot/**"
workflow_dispatch:
permissions:
contents: read
jobs:
lint-templates:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies (yamllint)
run: pip install yamllint
- run: helm dependency update
- name: helm lint
run: |
helm lint . \
--values dev-values.yaml
- name: helm template
run: |
helm template . \
--values dev-values.yaml \
--output-dir rendered-templates
- name: yamllint (only on templates we manage)
run: |
rm -rf rendered-templates/mastodon/charts
yamllint rendered-templates \
--config-data "{rules: {indentation: {spaces: 2}, line-length: disable}}"
# This job helps us validate that rendered templates are valid k8s resources
# against a k8s api-server, via "helm template --validate", but also that a
# basic configuration can be used to successfully startup mastodon.
#
test-install:
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
include:
# k3s-channel reference: https://update.k3s.io/v1-release/channels
- k3s-channel: latest
- k3s-channel: stable
# This represents the oldest configuration we test against.
#
# The k8s version chosen is based on the oldest still supported k8s
# version among two managed k8s services, GKE, EKS.
# - GKE: https://endoflife.date/google-kubernetes-engine
# - EKS: https://endoflife.date/amazon-eks
#
# The helm client's version can influence what helper functions is
# available for use in the templates, currently we need v3.6.0 or
# higher.
#
- k3s-channel: v1.21
helm-version: v3.8.0
env:
HELM_EXPERIMENTAL_OCI: "1"
steps:
- uses: actions/checkout@v3
# This action starts a k8s cluster with NetworkPolicy enforcement and
# installs both kubectl and helm.
#
# ref: https://github.com/jupyterhub/action-k3s-helm#readme
#
- uses: jupyterhub/action-k3s-helm@v3
with:
k3s-channel: ${{ matrix.k3s-channel }}
helm-version: ${{ matrix.helm-version }}
metrics-enabled: false
traefik-enabled: false
docker-enabled: false
- run: helm dependency update
# Validate rendered helm templates against the k8s api-server
- name: helm template --validate
run: |
helm template --validate mastodon . \
--values dev-values.yaml
- name: helm install
run: |
helm install mastodon . \
--values dev-values.yaml \
--timeout 10m
# This actions provides a report about the state of the k8s cluster,
# providing logs etc on anything that has failed and workloads marked as
# important.
#
# ref: https://github.com/jupyterhub/action-k8s-namespace-report#readme
#
- name: Kubernetes namespace report
uses: jupyterhub/action-k8s-namespace-report@v1
if: always()
with:
important-workloads: >-
deploy/mastodon-sidekiq
deploy/mastodon-streaming
deploy/mastodon-web
job/mastodon-assets-precompile
job/mastodon-chewy-upgrade
job/mastodon-create-admin
job/mastodon-db-migrate

108
mastodon/CHANGELOG.md Normal file
View File

@ -0,0 +1,108 @@
# 5.1.0
- Added values for Active Record Encryption in Redis:
```yaml
mastodon:
secrets:
activeRecordEncryption:
primaryKey:
deterministicKey:
keyDerivationSalt:
```
- Small bugfix related to automatic secret generation
# [5.0.0](https://github.com/mastodon/chart/commit/63a052b6a5c19dabd172c15c1fd74298dcc544b2)
- Updated major versions of chart dependencies (postgres, redis, elasticsearch)
# [4.0.0](https://github.com/mastodon/chart/compare/920cf37..ae892d5)
- adds support for multiple Sidekiq deployments to be configured to manage
different sets of queues.
- smtp: replaces `enable_starttls_auto` boolean with `enable_starttls` setting
that defaults to `auto`.
- adds support for statsd publishing:
```
mastodon:
metrics:
statsd:
address:
```
- allows disabling the included redis deployment in order to use an existing external redis server:
```
redis:
enabled: false
```
- adds support for [authorized
fetch](https://docs.joinmastodon.org/admin/config/#authorized_fetch):
```
mastodon:
authorizedFetch: true
```
- removed the `HorizontalPodAutoscaler` and the global autoscaling configuration.
A number of other configuration options have been added, see [values.yaml](./values.yaml).
# 3.0.0
skipped
# 2.1.0
## ingressClassName and tls-acme changes
The annotations previously defaulting to nginx have been removed and support
for ingressClassName has been added.
```yaml
ingress:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
```
To restore the old functionality simply add the above snippet to your `values.yaml`,
but the recommendation is to replace these with `ingress.ingressClassName` and use
cert-manager's issuer/cluster-issuer instead of tls-acme.
If you're uncertain about your current setup leave `ingressClassName` empty and add
`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`.
# 2.0.0
## Fixed labels
Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error:
```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"```
If you want an easy upgrade and you're comfortable with some downtime then
simply delete the -sidekiq, -web, and -streaming Deployments manually.
If you require a no-downtime upgrade then:
1. run `helm template` instead of `helm upgrade`
2. Copy the new -web and -streaming services into `services.yml`
3. Copy the new -web and -streaming deployments into `deployments.yml`
4. Append -temp to the name of each deployment in `deployments.yml`
5. `kubectl apply -f deployments.yml` then wait until all pods are ready
6. `kubectl apply -f services.yml`
7. Delete the old -sidekiq, -web, and -streaming deployments manually
8. `helm upgrade` like normal
9. `kubectl delete -f deployments.yml` to clear out the temporary deployments
## PostgreSQL passwords
If you've previously installed the chart and you're having problems with
postgres not accepting your password then make sure to set `username` to
`postgres` and `password` and `postgresPassword` to the same passwords.
```yaml
postgresql:
auth:
username: postgres
password: <same password>
postgresPassword: <same password>
```
And make sure to set `password` to the same value as `postgres-password`
in your `mastodon-postgresql` secret:
```kubectl edit secret mastodon-postgresql```

12
mastodon/Chart.lock Normal file
View File

@ -0,0 +1,12 @@
dependencies:
- name: elasticsearch
repository: oci://registry-1.docker.io/bitnamicharts
version: 19.19.2
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.2.3
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.16.1
digest: sha256:684daaf2067d96e2aa6d93e9d29b7b13fc586f6ae929342e5e9c7c169b1c0748
generated: "2024-02-23T15:14:47.536480528-08:00"

20
mastodon/Chart.yaml
View File

@ -12,26 +12,26 @@ description: Mastodon is a free, open-source social network server based on Acti
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# This is the chart version. This version number should be incremented each time
# you make changes to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 4.0.1
version: 5.1.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 4.1.4
appVersion: v4.2.9
dependencies:
- name: elasticsearch
version: 19.6.0
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 19.19.2
repository: oci://registry-1.docker.io/bitnamicharts
condition: elasticsearch.enabled
- name: postgresql
version: 12.2.7
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 14.2.3
repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled
- name: redis
version: 17.9.3
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 18.16.1
repository: oci://registry-1.docker.io/bitnamicharts
condition: redis.enabled

66
mastodon/README.md
View File

@ -4,10 +4,18 @@ This is a [Helm](https://helm.sh/) chart for installing Mastodon into a
Kubernetes cluster. The basic usage is:
1. edit `values.yaml` or create a separate yaml file for custom values
1. `helm dep update`
1. `helm dep install`
1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml`
This chart is tested with k8s 1.21+ and helm 3.6.0+.
This chart is tested with k8s 1.21+ and helm 3.8.0+.
# NOTICE: Future Deprecation
We have plans in the very near future to deprecate this chart in favor of a [new git repo](https://github.com/mastodon/helm-charts), which has proper helm repository support (e.g. `helm repo add`), and will contain multiple charts, both for mastodon and for supplementary components that we make use of.
We still encourage suggestions and PRs to help make this chart better, and this repository will remain available after the new charts are ready to give users time to migrate. However, we will not be approving large PRs, or PRs that change fundamental chart functions, as those changes should be directed to the new charts.
Please see the pinned [GitHub issue](https://github.com/mastodon/chart/issues/129) for more info & discussion.
# Configuration
@ -64,57 +72,3 @@ Sidekiq deployments, its possible they will occur in the wrong order. After
upgrading Mastodon versions, it may sometimes be necessary to manually delete
the Rails and Sidekiq pods so that they are recreated against the latest
migration.
# Upgrades in 2.1.0
## ingressClassName and tls-acme changes
The annotations previously defaulting to nginx have been removed and support
for ingressClassName has been added.
```yaml
ingress:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
```
To restore the old functionality simply add the above snippet to your `values.yaml`,
but the recommendation is to replace these with `ingress.ingressClassName` and use
cert-manager's issuer/cluster-issuer instead of tls-acme.
If you're uncertain about your current setup leave `ingressClassName` empty and add
`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`.
# Upgrades in 2.0.0
## Fixed labels
Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error:
```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"```
If you want an easy upgrade and you're comfortable with some downtime then
simply delete the -sidekiq, -web, and -streaming Deployments manually.
If you require a no-downtime upgrade then:
1. run `helm template` instead of `helm upgrade`
2. Copy the new -web and -streaming services into `services.yml`
3. Copy the new -web and -streaming deployments into `deployments.yml`
4. Append -temp to the name of each deployment in `deployments.yml`
5. `kubectl apply -f deployments.yml` then wait until all pods are ready
6. `kubectl apply -f services.yml`
7. Delete the old -sidekiq, -web, and -streaming deployments manually
8. `helm upgrade` like normal
9. `kubectl delete -f deployments.yml` to clear out the temporary deployments
## PostgreSQL passwords
If you've previously installed the chart and you're having problems with
postgres not accepting your password then make sure to set `username` to
`postgres` and `password` and `postgresPassword` to the same passwords.
```yaml
postgresql:
auth:
username: postgres
password: <same password>
postgresPassword: <same password>
```
And make sure to set `password` to the same value as `postgres-password`
in your `mastodon-postgresql` secret:
```kubectl edit secret mastodon-postgresql```

8
mastodon/dev-values.yaml
View File

@ -7,6 +7,11 @@ mastodon:
vapid:
private_key: dummy-vapid-private_key
public_key: dummy-vapid-public_key
activeRecordEncryption:
primaryKey: dummy-are-primary_key
deterministicKey: dummy-are-deterministic_key
keyDerivationSalt: dummy-are-key_derivation_salt
# ref: https://github.com/bitnami/charts/tree/main/bitnami/redis#parameters
redis:
@ -23,3 +28,6 @@ elasticsearch:
replicaCount: 1
ingest:
replicaCount: 1
# -- Timezone for all pods unless overwritten
timezone: UTC

83
mastodon/templates/_helpers.tpl
View File

@ -31,12 +31,22 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Labels added on every Mastodon resource
*/}}
{{- define "mastodon.globalLabels" -}}
{{- range $k, $v := .Values.mastodon.labels }}
{{ $k }}: {{ quote $v }}
{{- end -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "mastodon.labels" -}}
helm.sh/chart: {{ include "mastodon.chart" . }}
{{ include "mastodon.selectorLabels" . }}
{{ include "mastodon.globalLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -73,6 +83,28 @@ Create the name of the service account to use
{{- end }}
{{- end }}
{{/*
Create the name of the assets persistent volume to use
*/}}
{{- define "mastodon.pvc.assets" -}}
{{- if .Values.mastodon.persistence.assets.existingClaim }}
{{- printf "%s" (tpl .Values.mastodon.persistence.assets.existingClaim $) -}}
{{- else -}}
{{- printf "%s-assets" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the system persistent volume to use
*/}}
{{- define "mastodon.pvc.system" -}}
{{- if .Values.mastodon.persistence.system.existingClaim }}
{{- printf "%s" (tpl .Values.mastodon.persistence.system.existingClaim $) -}}
{{- else -}}
{{- printf "%s-system" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified name for dependent services.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -96,7 +128,7 @@ Get the mastodon secret.
{{- if .Values.mastodon.secrets.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- printf "%s" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -107,7 +139,7 @@ Get the smtp secret.
{{- if .Values.mastodon.smtp.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}}
{{- else -}}
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
{{- printf "%s-smtp" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -120,7 +152,7 @@ Get the postgresql secret.
{{- else if .Values.postgresql.enabled -}}
{{- printf "%s-postgresql" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- printf "%s" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -132,6 +164,38 @@ Get the redis secret.
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else if .Values.redis.enabled -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s-redis" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret (sidekiq).
*/}}
{{- define "mastodon.redis.sidekiq.secretName" -}}
{{- if .Values.redis.sidekiq.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.sidekiq.auth.existingSecret $) -}}
{{- else if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret (cache).
*/}}
{{- define "mastodon.redis.cache.secretName" -}}
{{- if .Values.redis.cache.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.cache.auth.existingSecret $) -}}
{{- else if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
@ -161,3 +225,16 @@ Find highest number of needed database connections to set DB_POOL variable
{{- end }}
{{- $poolSize | quote }}
{{- end }}
{{/*
Full hostname for a custom Elasticsearch cluster
*/}}
{{- define "mastodon.elasticsearch.fullHostname" -}}
{{- if not .Values.elasticsearch.enabled }}
{{- if .Values.elasticsearch.tls }}
{{- printf "https://%s" (tpl .Values.elasticsearch.hostname $) -}}
{{- else -}}
{{- printf "%s" (tpl .Values.elasticsearch.hostname $) -}}
{{- end }}
{{- end -}}
{{- end -}}

54
mastodon/templates/_statsd.yaml Normal file
View File

@ -0,0 +1,54 @@
{{/*
The exporter container attached to every Mastodon pod
*/}}
{{- define "mastodon.statsdExporterContainer" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
- name: statsd-exporter
image: prom/statsd-exporter
args:
- "--statsd.mapping-config=/statsd-mappings/mastodon.yml"
resources:
requests:
cpu: "0.1"
memory: "180M"
limits:
cpu: "0.5"
memory: "250M"
ports:
- name: statsd
containerPort: {{ .exporter.port }}
volumeMounts:
- name: statsd-mappings
mountPath: /statsd-mappings
{{- end }}
{{- end }}
{{- end }}
{{/*
The volume needed for the container above
*/}}
{{- define "mastodon.statsdExporterVolume" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
- name: statsd-mappings
configMap:
name: {{ include "mastodon.fullname" $ }}-statsd-mappings
items:
- key: mastodon-statsd-mappings.yml
path: mastodon.yml
{{- end }}
{{- end }}
{{- end }}
{{/*
Labels added to every statsd_exporter-enabled pod
*/}}
{{- define "mastodon.statsdExporterLabels" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
mastodon/statsd-exporter: "true"
{{- end }}
{{- end }}
{{- end }}

92
mastodon/templates/configmap-env.yaml
View File

@ -15,17 +15,44 @@ data:
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }}
{{- if .Values.postgresql.readReplica.hostname }}
REPLICA_DB_HOST: {{ .Values.postgresql.readReplica.hostname }}
{{- end }}
{{- if .Values.postgresql.readReplica.port }}
REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.database }}
REPLICA_DB_NAME: {{ .Values.postgresql.readReplica.auth.database }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.username }}
REPLICA_DB_USER: {{ .Values.postgresql.readReplica.auth.username }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.password }}
REPLICA_DB_PASS: {{ .Values.postgresql.readReplica.auth.password }}
{{- end }}
PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }}
ES_ENABLED: "true"
ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl
ES_PORT: "9200"
{{- else if .Values.elasticsearch.hostname }}
ES_ENABLED: "true"
ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}}
ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }}
{{- end }}
{{- with .Values.elasticsearch.user }}
ES_USER: {{ . }}
{{- end }}
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
{{- with .Values.mastodon.web_domain }}
WEB_DOMAIN: {{ . }}
{{- end }}
{{- with .Values.mastodon.alternate_domains }}
ALTERNATE_DOMAINS: {{ join "," . }}
{{- end }}
{{- with .Values.mastodon.singleUserMode }}
SINGLE_USER_MODE: "true"
{{- end }}
@ -45,6 +72,30 @@ data:
REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }}
{{- end }}
REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- if .Values.redis.sidekiq.enabled }}
{{- if .Values.redis.sidekiq.hostname }}
SIDEKIQ_REDIS_HOST: {{ .Values.redis.sidekiq.hostname }}
{{- else }}
SIDEKIQ_REDIS_HOST: {{ .Values.redis.hostname }}
{{- end }}
{{- if .Values.redis.sidekiq.port }}
SIDEKIQ_REDIS_PORT: {{ .Values.redis.sidekiq.port | quote }}
{{- else }}
SIDEKIQ_REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- end }}
{{- end }}
{{- if .Values.redis.cache.enabled }}
{{- if .Values.redis.cache.hostname }}
CACHE_REDIS_HOST: {{ .Values.redis.cache.hostname }}
{{- else }}
CACHE_REDIS_HOST: {{ .Values.redis.hostname}}
{{- end }}
{{- if .Values.redis.cache.port }}
CACHE_REDIS_PORT: {{ .Values.redis.cache.port | quote }}
{{- else }}
CACHE_REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- end }}
{{- end }}
{{- if .Values.mastodon.s3.enabled }}
S3_BUCKET: {{ .Values.mastodon.s3.bucket }}
S3_ENABLED: "true"
@ -60,6 +111,12 @@ data:
{{- with .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ . }}
{{- end }}
{{- with .Values.mastodon.s3.multipart_threshold }}
S3_MULTIPART_THRESHOLD: "{{ . }}"
{{- end }}
{{- with .Values.mastodon.s3.override_path_style }}
S3_OVERRIDE_PATH_STYLE: "{{ . }}"
{{- end }}
{{- end }}
{{- with .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ . }}
@ -82,6 +139,9 @@ data:
{{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.return_path }}
SMTP_RETURN_PATH: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
{{- end }}
@ -322,6 +382,34 @@ data:
LDAP_UID_CONVERSION_REPLACE: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.mastodon.metrics.statsd.address }}
STATSD_ADDR: {{ . }}
{{- if .Values.mastodon.metrics.statsd.address }}
STATSD_ADDR: {{ .Values.mastodon.metrics.statsd.address }}
{{- else if .Values.mastodon.metrics.statsd.exporter.enabled }}
STATSD_ADDR: localhost:9125
{{- end }}
{{- range $k, $v := .Values.mastodon.extraEnvVars }}
{{ $k }}: {{ quote $v }}
{{- end }}
{{- if .Values.mastodon.deepl.enabled }}
DEEPL_PLAN: {{ .Values.mastodon.deepl.plan }}
{{- end }}
{{- if .Values.mastodon.hcaptcha.enabled }}
HCAPTCHA_SITE_KEY: {{ .Values.mastodon.hcaptcha.siteId }}
{{- end }}
{{- if .Values.mastodon.cacheBuster.enabled }}
CACHE_BUSTER_ENABLED: "true"
{{- if .Values.mastodon.cacheBuster.httpMethod }}
CACHE_BUSTER_HTTP_METHOD: {{ .Values.mastodon.cacheBuster.httpMethod }}
{{- end }}
{{- if .Values.mastodon.cacheBuster.authHeader }}
CACHE_BUSTER_SECRET_HEADER: {{ .Values.mastodon.cacheBuster.authHeader }}
{{- end }}
{{- else }}
CACHE_BUSTER_ENABLED: "false"
{{- end }}
{{- with .Values.timezone }}
TZ: {{ . | quote }}
{{- end }}

25
mastodon/templates/cronjob-media-remove.yaml
View File

@ -36,10 +36,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-media-remove
@ -65,6 +65,27 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}

94
mastodon/templates/deployment-sidekiq.yaml
View File

@ -9,6 +9,10 @@ metadata:
{{- include "mastodon.labels" $context | nindent 4 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
annotations:
{{- with $context.Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if (has "scheduler" .queues) }}
{{- if (gt (int .replicas) 1) }}
@ -18,6 +22,9 @@ spec:
type: Recreate
{{- end }}
replicas: {{ .replicas }}
{{- if (ne (toString $context.Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ $context.Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" $context | nindent 6 }}
@ -31,9 +38,11 @@ spec:
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
labels:
{{- include "mastodon.globalLabels" $context | nindent 8 }}
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" $context | nindent 8 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
@ -50,20 +59,35 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
{{- with (default (default $context.Values.topologySpreadConstraints $context.Values.mastodon.sidekiq.topologySpreadConstraints) .topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if (not $context.Values.mastodon.s3.enabled) }}
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" $context }}-assets
claimName: {{ template "mastodon.pvc.assets" $context }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" $context }}-system
claimName: {{ template "mastodon.pvc.system" $context }}
{{- end }}
{{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
{{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
- name: config-database-yml
configMap:
name: {{ .customDatabaseConfigYml.configMapRef.name }}
{{- end }}
{{- with $context.Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ $context.Chart.Name }}
{{- with $context.Values.mastodon.sidekiq.securityContext | default $context.Values.securityContext }}
securityContext:
{{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ coalesce (dig "image" "repository" false .) $context.Values.image.repository }}:{{ coalesce (dig "image" "tag" false .) $context.Values.image.tag $context.Chart.AppVersion }}"
imagePullPolicy: {{ $context.Values.image.pullPolicy }}
command:
- bundle
@ -80,17 +104,49 @@ spec:
name: {{ include "mastodon.fullname" $context }}-env
- secretRef:
name: {{ template "mastodon.secretName" $context }}
{{- if $context.Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ $context.Values.mastodon.extraEnvFrom }}
{{- end}}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" $context }}
key: password
{{- if $context.Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ $context.Values.postgresql.readReplica.auth.existingSecret }}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" $context }}
key: redis-password
{{- if and $context.Values.redis.sidekiq.enabled $context.Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" $context }}
key: redis-password
{{- end }}
{{- if and $context.Values.redis.cache.enabled $context.Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" $context }}
key: redis-password
{{- end }}
{{- if and $context.Values.elasticsearch.existingSecret (or $context.Values.elasticsearch.enabled $context.Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ $context.Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
@ -102,6 +158,7 @@ spec:
secretKeyRef:
name: {{ include "mastodon.smtp.secretName" $context }}
key: password
optional: true
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
@ -114,15 +171,38 @@ spec:
name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
{{- if and $context.Values.mastodon.deepl.enabled }}
- name: "DEEPL_API_KEY"
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.deepl.apiKeySecretRef.name }}
key: {{ $context.Values.mastodon.deepl.apiKeySecretRef.key }}
{{- end }}
{{- if and $context.Values.mastodon.cacheBuster.enabled $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
- name: CACHE_BUSTER_SECRET
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
key: password
{{- end }}
volumeMounts:
{{- if (not $context.Values.mastodon.s3.enabled) }}
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
- name: config-database-yml
mountPath: /opt/mastodon/config/database.yml
subPath: {{ .customDatabaseConfigYml.configMapRef.key }}
{{- end }}
{{- with $context.Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with $context.Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

71
mastodon/templates/deployment-streaming.yaml
View File

@ -4,8 +4,15 @@ metadata:
name: {{ include "mastodon.fullname" . }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.streaming.deploymentAnnotations) }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.mastodon.streaming.replicas }}
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -19,6 +26,7 @@ spec:
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
labels:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: streaming
spec:
@ -31,33 +39,90 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.streaming.extraCerts }}
{{- $name := .name | default "extra-certs" }}
volumes:
- name: {{ $name }}
secret:
secretName: {{ .existingSecret }}
items:
- key: ca.crt
path: trusted-ca.crt
{{- end }}
containers:
- name: {{ .Chart.Name }}-streaming
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ coalesce .Values.mastodon.streaming.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- node
- ./streaming
{{- with .Values.mastodon.streaming.extraCerts }}
{{- $name := .name | default "extra-certs" }}
volumeMounts:
- name: {{ $name }}
mountPath: "/usr/local/share/ca-certificates"
{{- end }}
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
{{- if .Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}}
env:
{{- with .Values.mastodon.streaming.extraCerts }}
- name: "NODE_EXTRA_CA_CERTS"
value: "/usr/local/share/ca-certificates/trusted-ca.crt"
{{- with .sslMode }}
- name: "DB_SSLMODE"
value: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.postgresql.postgresqlReplicaHostname }}
- name: "DB_HOST"
value: {{ . }}
{{- end }}
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
{{- if .Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.readReplica.auth.existingSecret }}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.streaming.port | quote }}
{{- range $k, $v := .Values.mastodon.streaming.extraEnvVars }}
- name: {{ $k }}
value: {{ quote $v }}
{{- end }}
ports:
- name: streaming
containerPort: {{ .Values.mastodon.streaming.port }}
@ -82,6 +147,10 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.topologySpreadConstraints .Values.mastodon.streaming.topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}

96
mastodon/templates/deployment-web.yaml
View File

@ -4,8 +4,15 @@ metadata:
name: {{ include "mastodon.fullname" . }}-web
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.web.deploymentAnnotations) }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.mastodon.web.replicas }}
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -20,7 +27,9 @@ spec:
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
labels:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" . | nindent 8 }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
spec:
@ -33,14 +42,23 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumes:
{{- if (not .Values.mastodon.s3.enabled) }}
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
{{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
{{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
- name: config-database-yml
configMap:
name: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-web
@ -48,7 +66,7 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
@ -61,17 +79,49 @@ spec:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
{{- if .Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
{{- if .Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.readReplica.auth.existingSecret}}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if .Values.mastodon.web.minThreads }}
@ -102,13 +152,42 @@ spec:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
{{- if .Values.mastodon.deepl.enabled }}
- name: "DEEPL_API_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.deepl.apiKeySecretRef.name }}
key: {{ .Values.mastodon.deepl.apiKeySecretRef.key }}
{{- end }}
{{- if .Values.mastodon.hcaptcha.enabled }}
- name: "HCAPTCHA_SECRET_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.name }}
key: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.key }}
{{- end }}
{{- if and .Values.mastodon.cacheBuster.enabled .Values.mastodon.cacheBuster.authToken.existingSecret }}
- name: CACHE_BUSTER_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }}
key: password
{{- end }}
volumeMounts:
{{- if (not .Values.mastodon.s3.enabled) }}
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
- name: config-database-yml
mountPath: /opt/mastodon/config/database.yml
subPath: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.key }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.mastodon.web.port }}
@ -130,6 +209,7 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@ -138,7 +218,11 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with (default .Values.topologySpreadConstraints .Values.mastodon.web.topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.tolerations .Values.mastodon.web.tolerations) }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

57
mastodon/templates/ingress-streaming.yml Normal file
View File

@ -0,0 +1,57 @@
{{- if .Values.ingress.streaming.enabled -}}
{{- $fullName := include "mastodon.fullname" . -}}
{{- $webPort := .Values.mastodon.web.port -}}
{{- $streamingPort := .Values.mastodon.streaming.port -}}
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- with .Values.ingress.streaming.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.streaming.ingressClassName }}
ingressClassName: {{ .Values.ingress.streaming.ingressClassName }}
{{- end }}
{{- if .Values.ingress.streaming.tls }}
tls:
{{- range .Values.ingress.streaming.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.streaming.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}api/v1/streaming
backend:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
service:
name: {{ $fullName }}-streaming
port:
number: {{ $streamingPort }}
{{- else }}
serviceName: {{ $fullName }}-streaming
servicePort: {{ $streamingPort }}
{{- end }}
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
{{- end }}
{{- end }}
{{- end }}

2
mastodon/templates/ingress.yaml
View File

@ -52,6 +52,7 @@ spec:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
{{- if not $.Values.ingress.streaming.enabled }}
- path: {{ .path }}api/v1/streaming
backend:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
@ -69,3 +70,4 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}

20
mastodon/templates/job-assets-precompile.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.mastodon.hooks.assetsPrecompile.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
@ -36,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-assets-precompile
@ -66,6 +67,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
@ -75,3 +90,4 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}

25
mastodon/templates/job-chewy-upgrade.yaml
View File

@ -37,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-chewy-setup
@ -67,6 +67,27 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}

18
mastodon/templates/job-create-admin.yaml
View File

@ -37,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-create-admin
@ -72,6 +72,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}

20
mastodon/templates/job-db-migrate.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.mastodon.hooks.dbMigrate.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
@ -36,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-db-migrate
@ -66,6 +67,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
@ -75,3 +90,4 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}

2
mastodon/templates/job-set-admin-password.yaml
View File

@ -49,7 +49,7 @@ spec:
command:
- "/bin/bash"
- "-c"
- "echo \"account=Account.find_by(username:'{{ .Values.mastodon.createAdmin.username }}') ; user=User.find_by(account:account) ; user.password='{{ .Values.mastodon.createAdmin.password }}' ; user.save!\" | rails c"
- "echo \"account=Account.find_by(username:'{{ .Values.mastodon.createAdmin.username }}') ; user=User.find_by(account:account) ; user.password='{{ .Values.mastodon.createAdmin.password }}' ; user.save!\" | rails c && /opt/mastodon/bin/tootctl accounts approve {{ .Values.mastodon.createAdmin.username }}"
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env

19
mastodon/templates/pdb-streaming.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.mastodon.streaming.pdb.enable }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mastodon.fullname" . }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if .Values.mastodon.streaming.pdb.minAvailable }}
minAvailable: {{ .Values.mastodon.streaming.pdb.minAvailable }}
{{- end }}
{{- if .Values.mastodon.streaming.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.mastodon.streaming.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: streaming
{{- end }}

20
mastodon/templates/pdb-web.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if .Values.mastodon.web.pdb.enable }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mastodon.fullname" . }}-web
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if .Values.mastodon.web.pdb.minAvailable }}
minAvailable: {{ .Values.mastodon.web.pdb.minAvailable }}
{{- end }}
{{- if .Values.mastodon.web.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.mastodon.web.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
{{- end }}

4
mastodon/templates/pvc-assets.yaml
View File

@ -1,4 +1,4 @@
{{- if (not .Values.mastodon.s3.enabled) -}}
{{- if and (not .Values.mastodon.s3.enabled) (not .Values.mastodon.persistence.assets.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@ -7,7 +7,7 @@ metadata:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.mastodon.persistence.system.accessMode }}
- {{ .Values.mastodon.persistence.assets.accessMode }}
{{- with .Values.mastodon.persistence.assets.resources }}
resources:
{{- toYaml . | nindent 4 }}

2
mastodon/templates/pvc-system.yaml
View File

@ -1,4 +1,4 @@
{{- if (not .Values.mastodon.s3.enabled) -}}
{{- if and (not .Values.mastodon.s3.enabled) (not .Values.mastodon.persistence.system.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:

15
mastodon/templates/secret-redis.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if not .Values.redis.enabled }}
{{- if and (not .Values.redis.auth.existingSecret) (not .Values.redis.existingSecret) }}
{{- if .Values.redis.auth.password }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "mastodon.redis.secretName" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
redis-password: "{{ .Values.redis.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}

2
mastodon/templates/secret-smtp.yaml
View File

@ -2,7 +2,7 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-smtp" (include "common.names.fullname" .) }}
name: {{ printf "%s-smtp" (include "mastodon.fullname" .) }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque

15
mastodon/templates/secrets.yaml
View File

@ -34,6 +34,21 @@ data:
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
{{- end }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}

107
mastodon/templates/statsd-exporter-mappings.yaml Normal file
View File

@ -0,0 +1,107 @@
{{- if and .Values.mastodon.metrics.statsd.exporter.enabled (not .Values.mastodon.metrics.statsd.address) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mastodon.fullname" . }}-statsd-mappings
labels:
{{- include "mastodon.labels" . | nindent 4 }}
data:
mastodon-statsd-mappings.yml: |-
## From https://ipng.ch/assets/mastodon/statsd-mapping.yaml
## Prometheus Statsd Exporter mapping for Mastodon 4.0+
##
## Version 1.0, November 2022
##
## Documentation: https://ipng.ch/s/articles/2022/11/27/mastodon-3.html
mappings:
## Web collector
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.status\.(.+)
match_type: regex
name: "mastodon_controller_status"
labels:
controller: $1
action: $2
format: $3
status: $4
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.db_time
match_type: regex
name: "mastodon_controller_db_time"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.view_time
match_type: regex
name: "mastodon_controller_view_time"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.total_duration
match_type: regex
name: "mastodon_controller_duration"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
## Database collector
- match: Mastodon\.production\.db\.tables\.(.+)\.queries\.(.+)\.duration
match_type: regex
name: "mastodon_db_operation"
labels:
table: "$1"
operation: "$2"
mastodon: "db"
## Cache collector
- match: Mastodon\.production\.cache\.(.+)\.duration
match_type: regex
name: "mastodon_cache_duration"
labels:
operation: "$1"
mastodon: "cache"
## Sidekiq collector
- match: Mastodon\.production\.sidekiq\.(.+)\.processing_time
match_type: regex
name: "mastodon_sidekiq_worker_processing_time"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)\.success
match_type: regex
name: "mastodon_sidekiq_worker_success_total"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)\.failure
match_type: regex
name: "mastodon_sidekiq_worker_failure_total"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.queues\.(.+)\.enqueued
match_type: regex
name: "mastodon_sidekiq_queue_enqueued"
labels:
queue: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.queues\.(.+)\.latency
match_type: regex
name: "mastodon_sidekiq_queue_latency"
labels:
queue: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)
match_type: regex
name: "mastodon_sidekiq_$1"
labels:
mastodon: "sidekiq"
{{- end }}

245
mastodon/values.yaml
View File

@ -6,11 +6,14 @@ image:
# built from the most recent commit
#
# tag: latest
tag: "v4.1.4"
tag: "v4.2.9"
# use `Always` when using `latest` tag
pullPolicy: IfNotPresent
mastodon:
# Labels added to every Mastodon-related object
labels: {}
# -- create an initial administrator user; the password is autogenerated and will
# have to be reset
createAdmin:
@ -19,7 +22,16 @@ mastodon:
# @ignored
username: not_gargron
# @ignored
password: not_gargron
# @ignored
email: not@example.com
hooks:
dbMigrate:
enabled: true
assetsPrecompile:
enabled: true
# Custom labels to add to kubernetes resources
#labels:
cron:
# -- run `tootctl media remove` every week
removeMedia:
@ -34,11 +46,14 @@ mastodon:
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
# Example: mastodon.example.com
web_domain: null
# -- If you have multiple domains pointed at your Mastodon server, this setting will allow Mastodon to recognize
# itself when users are addressed using those other domains.
alternate_domains: []
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch: false
# -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
# -- Enables "Limited Federation Mode" for more details see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
limitedFederationMode: false
persistence:
assets:
@ -49,11 +64,15 @@ mastodon:
resources:
requests:
storage: 10Gi
# -- name of existing persistent volume claim to use for assets
existingClaim:
system:
accessMode: ReadWriteOnce
resources:
requests:
storage: 100Gi
# -- name of existing persistent volume claim to use for system
existingClaim:
s3:
enabled: false
access_key: ""
@ -68,6 +87,24 @@ mastodon:
permission: ""
# -- If you have a caching proxy, enter its base URL here.
alias_host: ""
# When uploading data to S3, if the number of bytes to send exceedes
# multipart_threshold then a multi part session is automatically started
# and the data is sent up in chunks. Defaults to 16777216 (16MB).
multipart_threshold: ""
# -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming
# override_path_style: "true"
deepl:
enabled: false
plan:
apiKeySecretRef:
name:
key:
hcaptcha:
enabled: false
siteId:
secretKeySecretRef:
name:
key:
# these must be set manually; autogenerated keys are rotated on each upgrade
secrets:
secret_key_base: ""
@ -75,10 +112,25 @@ mastodon:
vapid:
private_key: ""
public_key: ""
activeRecordEncryption:
primaryKey: ""
deterministicKey: ""
keyDerivationSalt: ""
# -- you can also specify the name of an existing Secret
# with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
# with keys:
# - SECRET_KEY_BASE
# - OTP_SECRET
# - VAPID_PRIVATE_KEY
# - VAPID_PUBLIC_KEY
# - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
# - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
# - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
existingSecret: ""
# -- The number of old revisions to keep for each Deployment in Kubernetes.
# See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
revisionHistoryLimit: 2
sidekiq:
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
@ -88,6 +140,8 @@ mastodon:
resources: {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity: {}
# -- Topology spread constraints for Sidekiq Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# limits:
# cpu: "1"
# memory: 768Mi
@ -104,6 +158,8 @@ mastodon:
resources: {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity: {}
# -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues:
@ -113,6 +169,15 @@ mastodon:
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
image:
repository:
tag:
# allows you to mount a custom database.yml from a configmap
# please note that we do not advise using a read-only replica for sidekiq workers
customDatabaseConfigYml:
configMapRef:
name:
key:
#- name: push-pull
# concurrency: 50
# resources: {}
@ -135,8 +200,9 @@ mastodon:
ca_file: /etc/ssl/certs/ca-certificates.crt
delivery_method: smtp
domain:
enable_starttls: 'auto'
enable_starttls: "auto"
from_address: notifications@example.com
return_path:
openssl_verify_mode: peer
port: 587
reply_to:
@ -148,6 +214,9 @@ mastodon:
# password must be located in keys named `login` and `password` respectively.
existingSecret:
streaming:
image:
repository:
tag:
port: 4000
# -- this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to
@ -160,6 +229,8 @@ mastodon:
replicas: 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity: {}
# -- Topology spread constraints for Streaming Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
@ -172,12 +243,33 @@ mastodon:
# requests:
# cpu: 250m
# memory: 128Mi
# -- PodDisruptionBudget configuration - See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
enable: false
# minAvailable: 1
# maxUnavailable: 1
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
# -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
extraCerts: {}
# -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
# existingSecret:
# -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
# name:
# -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
# sslMode:
# Specify extra environment variables to be added to streaming pods.
extraEnvVars: {}
web:
port: 3000
# -- Number of Web Pods running
replicas: 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity: {}
# -- Topology spread constraints for Web Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext
@ -190,21 +282,62 @@ mastodon:
# requests:
# cpu: 250m
# memory: 768Mi
# -- PodDisruptionBudget configuration - See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
enable: false
# minAvailable: 1
# maxUnavailable: 1
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
minThreads: "5"
maxThreads: "5"
workers: "2"
persistentTimeout: "20"
image:
repository:
tag:
# allows you to mount a custom database.yml from a configmap
# for example if you want to use a read-only replica
customDatabaseConfigYml:
configMapRef:
name:
key:
# HTTP cache buster configuration.
# See the documentation for more information about this feature:
# https://docs.joinmastodon.org/admin/config/#http-cache-buster
cacheBuster:
enabled: false
httpMethod: "GET"
# If the cache service requires authentication, specify the header name and
# secret/token here.
authHeader:
authToken:
existingSecret:
metrics:
statsd:
# -- Enable statsd publishing via STATSD_ADDR environment variable
address: ""
# -- Alternatively, you can use this to have a statsd_exporter sidecar container running along all Mastodon containers and exposing metrics in OpenMetric/Prometheus format on each pod
# Please note the exporter will not be enabled if metrics.statsd.address is not empty
exporter:
enabled: false
port: 9102
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements: true
# Specify extra environment variables to be added to all Mastodon pods.
# These can be used for configuration not included in this chart (including configuration for Mastodon varietals.)
extraEnvVars: {}
# Alternatively specify extra environment variables stored in a ConfigMap.
# The specified ConfigMap should contain the additional environment variables in key-value format.
# extraEnvFrom: <config-map-name>
ingress:
enabled: true
annotations:
@ -225,25 +358,54 @@ ingress:
hosts:
- host: mastodon.local
paths:
- path: '/'
- path: "/"
tls:
- secretName: mastodon-tls
hosts:
- mastodon.local
# This allows you to have a separate ingress for streaming
# When enabled, the main ingress will no longer handle streaming requests.
# You will also need to configure mastodon.streaming.base_url accordingly
streaming:
enabled: false
annotations:
ingressClassName:
hosts:
- host: streaming.mastodon.local
paths:
- path: "/"
tls:
- secretName: mastodon-tls
hosts:
- streaming.mastodon.local
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
elasticsearch:
# `false` will disable full-text search
# Elasticsearch is powering full-text search. It is optional.
# `false` will not install Elasticsearch as part of this chart
#
# if you enable ES after the initial install, you will need to manually run
# RAILS_ENV=production bundle exec rake chewy:sync
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
# @ignored
enabled: true
# @ignored
image:
tag: 7
# If you are using an external ES cluster, use `enabled: false` and set the hostname, port,
# and whether the cluster uses TLS.
# hostname:
# port: 9200
# tls: true
# preset: single_node_cluster
# This is optional, use it if you ES cluster requires authentication
# user:
# Name of an existing secret with a password key
# existingSecret:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql:
# -- disable if you want to use an existing db; in which case the values below
@ -266,6 +428,20 @@ postgresql:
# with a key of password set to the password you want
existingSecret: ""
# Options for a read-only replica.
# If enabled, mastodon uses existing defaults for postgres for these values as well.
# NOTE: This feature is only available on Mastodon v4.2+
# Documentation for more information on this feature:
# https://docs.joinmastodon.org/admin/scaling/#read-replicas
readReplica:
hostname:
port:
auth:
database:
username:
password:
existingSecret:
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis:
# disable if you want to use an existing redis instance; in which case the
@ -277,9 +453,40 @@ redis:
# -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# setting password for an existing redis instance will store it in a new Secret
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# existingSecret: ""
replica:
replicaCount: 0
# Configuration for a separate redis instance only for sidekiq processing.
# If enabled, any values not specified will be copied from the base config.
# If set to false, the main redis instance will be used, and all values will
# be ignored.
sidekiq:
enabled: false
hostname: ""
port: 6379
auth:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
existingSecret: ""
# Configuration for a separate redis instance only for cache.
# If enabled, any values not specified will be copied from the base config.
# If set to false, the main redis instance will be used, and all values will
# be ignored.
cache:
enabled: false
hostname: ""
port: 6379
auth:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
existingSecret: ""
# @ignored
service:
@ -407,6 +614,10 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
# Custom annotations to apply to all created deployment objects. These can be
# used to help mastodon interact with other services in the cluster.
deploymentAnnotations: {}
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods.
@ -420,7 +631,8 @@ revisionPodAnnotation: true
jobAnnotations: {}
# -- Default resources for all Deployments and jobs unless overwritten
resources: {}
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
@ -440,3 +652,18 @@ tolerations: []
# -- Affinity for all pods unless overwritten
affinity: {}
# -- Timezone for all pods unless overwritten
timezone: UTC
# -- Topology Spread Constraints for all pods unless overwritten
# Please note that you need to use `matchLabelKeys` (Kubernetes 1.25+) if you
# want to spread each deployment independently, or override topologySpreadConstraints
# for each deployment
topologySpreadConstraints: {}
# Default volume mounts for all pods
volumeMounts: []
# Default volumes for all pods
volumes: []