ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

postgres-operator: bump to v1.9.0, helm chart v1.9.0

Browse Source 
postgres-operator-ui: bump to v1.9.0, helm chart v1.9.0

astodon: bump to v4.1.2, helm chart v4.0.0
This commit is contained in:
ace
2023-04-08 22:26:41 +03:00
parent b0a01a4956
commit 8867ab5980
43 changed files with 1872 additions and 746 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
mastodon/templates/_helpers.tpl
View File

@ -51,6 +51,17 @@ app.kubernetes.io/name: {{ include "mastodon.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Rolling pod annotations
*/}}
{{- define "mastodon.rollingPodAnnotations" -}}
{{- if .Values.revisionPodAnnotation }}
rollme: {{ .Release.Revision | quote }}
{{- end }}
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secrets.yaml" ) . | sha256sum | quote }}
checksum/config-configmap: {{ include ( print $.Template.BasePath "/configmap-env.yaml" ) . | sha256sum | quote }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
@ -77,3 +88,76 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- define "mastodon.postgresql.fullname" -}}
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Get the mastodon secret.
*/}}
{{- define "mastodon.secretName" -}}
{{- if .Values.mastodon.secrets.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the smtp secret.
*/}}
{{- define "mastodon.smtp.secretName" -}}
{{- if .Values.mastodon.smtp.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}}
{{- else -}}
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the postgresql secret.
*/}}
{{- define "mastodon.postgresql.secretName" -}}
{{- if (and (or .Values.postgresql.enabled .Values.postgresql.postgresqlHostname) .Values.postgresql.auth.existingSecret) }}
{{- printf "%s" (tpl .Values.postgresql.auth.existingSecret $) -}}
{{- else if .Values.postgresql.enabled -}}
{{- printf "%s-postgresql" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret.
*/}}
{{- define "mastodon.redis.secretName" -}}
{{- if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a mastodon secret object should be created
*/}}
{{- define "mastodon.createSecret" -}}
{{- if (or
(and .Values.mastodon.s3.enabled (not .Values.mastodon.s3.existingSecret))
(not .Values.mastodon.secrets.existingSecret )
(and (not .Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret))
) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Find highest number of needed database connections to set DB_POOL variable
*/}}
{{- define "mastodon.maxDbPool" -}}
{{/* Default MAX_THREADS for Puma is 5 */}}
{{- $poolSize := 5 }}
{{- range .Values.mastodon.sidekiq.workers }}
{{- $poolSize = max $poolSize .concurrency }}
{{- end }}
{{- $poolSize | quote }}
{{- end }}

350
mastodon/templates/configmap-env.yaml
View File

@ -7,82 +7,100 @@ metadata:
data:
{{- if .Values.postgresql.enabled }}
DB_HOST: {{ template "mastodon.postgresql.fullname" . }}
DB_PORT: "5432"
{{- else }}
DB_HOST: {{ .Values.postgresql.postgresqlHostname }}
DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
{{- end }}
DB_NAME: {{ .Values.postgresql.postgresqlDatabase }}
DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }}
DB_PORT: "5432"
DB_USER: {{ .Values.postgresql.postgresqlUsername }}
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }}
PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }}
ES_ENABLED: "true"
ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master
ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl
ES_PORT: "9200"
{{- end }}
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
{{- if .Values.mastodon.web_domain }}
WEB_DOMAIN: {{ .Values.mastodon.web_domain }}
{{- with .Values.mastodon.web_domain }}
WEB_DOMAIN: {{ . }}
{{- end }}
{{- with .Values.mastodon.singleUserMode }}
SINGLE_USER_MODE: "true"
{{- end }}
{{- with .Values.mastodon.authorizedFetch }}
AUTHORIZED_FETCH: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.limitedFederationMode }}
LIMITED_FEDERATION_MODE: {{ . | quote }}
{{- end }}
# https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
MALLOC_ARENA_MAX: "2"
NODE_ENV: "production"
RAILS_ENV: "production"
{{- if .Values.redis.enabled }}
REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master
REDIS_PORT: "6379"
{{- else }}
REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }}
{{- end }}
REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- if .Values.mastodon.s3.enabled }}
S3_BUCKET: {{ .Values.mastodon.s3.bucket }}
S3_ENABLED: "true"
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
S3_PROTOCOL: "https"
{{- if .Values.mastodon.s3.region }}
S3_REGION: {{ .Values.mastodon.s3.region }}
{{- if .Values.mastodon.s3.permission }}
S3_PERMISSION: {{ .Values.mastodon.s3.permission }}
{{- end }}
{{- if .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
{{- with .Values.mastodon.s3.region }}
S3_REGION: {{ . }}
{{- end }}
{{- with .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
{{- with .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.ca_file }}
SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }}
{{- with .Values.mastodon.smtp.ca_file }}
SMTP_CA_FILE: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.delivery_method }}
SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }}
{{- with .Values.mastodon.smtp.delivery_method }}
SMTP_DELIVERY_METHOD: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.domain }}
SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }}
{{- with .Values.mastodon.smtp.domain }}
SMTP_DOMAIN: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.enable_starttls_auto }}
SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }}
{{- with .Values.mastodon.smtp.enable_starttls }}
SMTP_ENABLE_STARTTLS: {{ . | quote }}
{{- end }}
{{- if .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }}
{{- with .Values.mastodon.smtp.enable_starttls_auto }}
SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
{{- end }}
{{- if .Values.mastodon.smtp.login }}
SMTP_LOGIN: {{ .Values.mastodon.smtp.login }}
{{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }}
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.password }}
SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }}
{{- with .Values.mastodon.smtp.port }}
SMTP_PORT: {{ . | quote }}
{{- end }}
{{- if .Values.mastodon.smtp.port }}
SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }}
{{- with .Values.mastodon.smtp.reply_to }}
SMTP_REPLY_TO: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.reply_to }}
SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }}
{{- with .Values.mastodon.smtp.server }}
SMTP_SERVER: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.server }}
SMTP_SERVER: {{ .Values.mastodon.smtp.server }}
{{- end }}
{{- if .Values.mastodon.smtp.tls }}
SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }}
{{- with .Values.mastodon.smtp.tls }}
SMTP_TLS: {{ . | quote }}
{{- end }}
STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
{{- with .Values.mastodon.streaming.base_url }}
STREAMING_API_BASE_URL: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.oidc.enabled }}
OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }}
@ -94,53 +112,53 @@ data:
OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
{{- if .Values.externalAuth.oidc.client_auth_method }}
OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }}
{{- with .Values.externalAuth.oidc.client_auth_method }}
OIDC_CLIENT_AUTH_METHOD: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.response_type }}
OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }}
{{- with .Values.externalAuth.oidc.response_type }}
OIDC_RESPONSE_TYPE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.response_mode }}
OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }}
{{- with .Values.externalAuth.oidc.response_mode }}
OIDC_RESPONSE_MODE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.display }}
OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }}
{{- with .Values.externalAuth.oidc.display }}
OIDC_DISPLAY: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.prompt }}
OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }}
{{- with .Values.externalAuth.oidc.prompt }}
OIDC_PROMPT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.send_nonce }}
OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }}
{{- with .Values.externalAuth.oidc.send_nonce }}
OIDC_SEND_NONCE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }}
{{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }}
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }}
{{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }}
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.http_scheme }}
OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }}
{{- with .Values.externalAuth.oidc.http_scheme }}
OIDC_HTTP_SCHEME: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.host }}
OIDC_HOST: {{ .Values.externalAuth.oidc.host }}
{{- with .Values.externalAuth.oidc.host }}
OIDC_HOST: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.port }}
OIDC_PORT: {{ .Values.externalAuth.oidc.port }}
{{- with .Values.externalAuth.oidc.port }}
OIDC_PORT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.jwks_uri }}
OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }}
{{- with .Values.externalAuth.oidc.jwks_uri }}
OIDC_JWKS_URI: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.auth_endpoint }}
OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }}
{{- with .Values.externalAuth.oidc.auth_endpoint }}
OIDC_AUTH_ENDPOINT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.token_endpoint }}
OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }}
{{- with .Values.externalAuth.oidc.token_endpoint }}
OIDC_TOKEN_ENDPOINT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.user_info_endpoint }}
OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }}
{{- with .Values.externalAuth.oidc.user_info_endpoint }}
OIDC_USER_INFO_ENDPOINT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.end_session_endpoint }}
OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }}
{{- with .Values.externalAuth.oidc.end_session_endpoint }}
OIDC_END_SESSION_ENDPOINT: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.externalAuth.saml.enabled }}
@ -149,54 +167,54 @@ data:
SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
{{- if .Values.externalAuth.saml.idp_cert_fingerprint }}
SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }}
{{- with .Values.externalAuth.saml.idp_cert_fingerprint }}
SAML_IDP_CERT_FINGERPRINT: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.name_identifier_format }}
SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }}
{{- with .Values.externalAuth.saml.name_identifier_format }}
SAML_NAME_IDENTIFIER_FORMAT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.saml.cert }}
SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }}
{{- with .Values.externalAuth.saml.cert }}
SAML_CERT: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.private_key }}
SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }}
{{- with .Values.externalAuth.saml.private_key }}
SAML_PRIVATE_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.want_assertion_signed }}
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }}
{{- with .Values.externalAuth.saml.want_assertion_signed }}
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.want_assertion_encrypted }}
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }}
{{- with .Values.externalAuth.saml.want_assertion_encrypted }}
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.assume_email_is_verified }}
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }}
{{- with .Values.externalAuth.saml.assume_email_is_verified }}
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.uid_attribute }}
SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }}
{{- with .Values.externalAuth.saml.uid_attribute }}
SAML_UID_ATTRIBUTE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.uid }}
SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.uid }}
SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.email }}
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.email }}
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.full_name }}
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.full_name }}
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.first_name }}
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.first_name }}
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.last_name }}
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.last_name }}
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.verified }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.verified }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.verified_email }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.verified_email }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }}
{{- end }}
{{- end }}
{{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }}
OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }}
{{- with .Values.externalAuth.oauth_global.omniauth_only }}
OMNIAUTH_ONLY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.enabled }}
CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
@ -204,100 +222,106 @@ data:
CAS_HOST: {{ .Values.externalAuth.cas.host }}
CAS_PORT: {{ .Values.externalAuth.cas.port }}
CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
{{- if .Values.externalAuth.cas.validate_url }}
CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }}
{{- with .Values.externalAuth.cas.validate_url }}
CAS_VALIDATE_URL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.callback_url }}
CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }}
{{- with .Values.externalAuth.cas.callback_url }}
CAS_CALLBACK_URL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.logout_url }}
CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }}
{{- with .Values.externalAuth.cas.logout_url }}
CAS_LOGOUT_URL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.login_url }}
CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }}
{{- with .Values.externalAuth.cas.login_url }}
CAS_LOGIN_URL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.uid_field }}
CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }}
{{- with .Values.externalAuth.cas.uid_field }}
CAS_UID_FIELD: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.ca_path }}
CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }}
{{- with .Values.externalAuth.cas.ca_path }}
CAS_CA_PATH: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.disable_ssl_verification }}
CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }}
{{- with .Values.externalAuth.cas.disable_ssl_verification }}
CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.assume_email_is_verified }}
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }}
{{- with .Values.externalAuth.cas.assume_email_is_verified }}
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.uid }}
CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }}
{{- with .Values.externalAuth.cas.keys.uid }}
CAS_UID_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.name }}
CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }}
{{- with .Values.externalAuth.cas.keys.name }}
CAS_NAME_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.email }}
CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }}
{{- with .Values.externalAuth.cas.keys.email }}
CAS_EMAIL_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.nickname }}
CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }}
{{- with .Values.externalAuth.cas.keys.nickname }}
CAS_NICKNAME_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.first_name }}
CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }}
{{- with .Values.externalAuth.cas.keys.first_name }}
CAS_FIRST_NAME_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.last_name }}
CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }}
{{- with .Values.externalAuth.cas.keys.last_name }}
CAS_LAST_NAME_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.location }}
CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }}
{{- with .Values.externalAuth.cas.keys.location }}
CAS_LOCATION_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.image }}
CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }}
{{- with .Values.externalAuth.cas.keys.image }}
CAS_IMAGE_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.phone }}
CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }}
{{- with .Values.externalAuth.cas.keys.phone }}
CAS_PHONE_KEY: {{ . | quote }}
{{- end }}
{{- end }}
{{- if .Values.externalAuth.pam.enabled }}
PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }}
{{- if .Values.externalAuth.pam.email_domain }}
PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }}
{{- with .Values.externalAuth.pam.enabled }}
PAM_ENABLED: {{ . | quote }}
{{- with .Values.externalAuth.pam.email_domain }}
PAM_EMAIL_DOMAIN: {{ . }}
{{- end }}
{{- if .Values.externalAuth.pam.default_service }}
PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }}
{{- with .Values.externalAuth.pam.default_service }}
PAM_DEFAULT_SERVICE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.pam.controlled_service }}
PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }}
{{- with .Values.externalAuth.pam.controlled_service }}
PAM_CONTROLLED_SERVICE: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.externalAuth.ldap.enabled }}
LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }}
LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
LDAP_PORT: {{ .Values.externalAuth.ldap.port | quote }}
LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
{{- if .Values.externalAuth.ldap.tls_no_verify }}
LDAP_TLS_NO_VERIFY: {{ .Values.externalAuth.ldap.tls_no_verify | quote }}
{{- end }}
{{- if .Values.externalAuth.ldap.base }}
LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
{{- end }}
{{- if .Values.externalAuth.ldap.bind_on }}
LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }}
{{- if .Values.externalAuth.ldap.bind_dn }}
LDAP_BIND_DN: {{ .Values.externalAuth.ldap.bind_dn }}
{{- end }}
{{- if .Values.externalAuth.ldap.password }}
LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }}
{{- with .Values.externalAuth.ldap.password }}
LDAP_PASSWORD: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.uid }}
LDAP_UID: {{ .Values.externalAuth.ldap.uid }}
{{- with .Values.externalAuth.ldap.uid }}
LDAP_UID: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.mail }}
LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }}
{{- with .Values.externalAuth.ldap.mail }}
LDAP_MAIL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.search_filter }}
LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }}
{{- with .Values.externalAuth.ldap.search_filter }}
LDAP_SEARCH_FILTER: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.enabled }}
LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }}
{{- with .Values.externalAuth.ldap.uid_conversion.enabled }}
LDAP_UID_CONVERSION_ENABLED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.search }}
LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }}
{{- with .Values.externalAuth.ldap.uid_conversion.search }}
LDAP_UID_CONVERSION_SEARCH: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.replace }}
LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }}
{{- with .Values.externalAuth.ldap.uid_conversion.replace }}
LDAP_UID_CONVERSION_REPLACE: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.mastodon.metrics.statsd.address }}
STATSD_ADDR: {{ . }}
{{- end }}
{{- end }}

46
mastodon/templates/cronjob-media-remove.yaml
View File

@ -1,5 +1,5 @@
{{ if .Values.mastodon.cron.removeMedia.enabled }}
apiVersion: batch/v1beta1
{{ if .Values.mastodon.cron.removeMedia.enabled -}}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "mastodon.fullname" . }}-media-remove
@ -12,6 +12,10 @@ spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-media-remove
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- if (not .Values.mastodon.s3.enabled) }}
@ -21,13 +25,13 @@ spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: component
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
@ -49,24 +53,32 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_SECRET_ACCESS_KEY
- name: "AWS_ACCESS_KEY_ID"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets

129
mastodon/templates/deployment-sidekiq.yaml
View File

@ -1,92 +1,120 @@
{{- $context := . }}
{{- range .Values.mastodon.sidekiq.workers }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mastodon.fullname" . }}-sidekiq
name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- include "mastodon.labels" $context | nindent 4 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
{{- if (has "scheduler" .queues) }}
{{- if (gt (int .replicas) 1) }}
{{ fail "The scheduler queue should never have more than 1 replicas" }}
{{- end }}
strategy:
type: Recreate
{{- end }}
replicas: {{ .replicas }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
component: rails
{{- include "mastodon.selectorLabels" $context | nindent 6 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- with $context.Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
# roll the pods to pick up any db migrations
rollme: {{ randAlphaNum 5 | quote }}
{{- end }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
labels:
{{- include "mastodon.selectorLabels" . | nindent 8 }}
component: rails
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
{{- with .Values.imagePullSecrets }}
{{- with $context.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
serviceAccountName: {{ include "mastodon.serviceAccountName" $context }}
{{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: component
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.fullname" $context }}-assets
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.fullname" $context }}-system
{{- end }}
containers:
- name: {{ .Chart.Name }}
- name: {{ $context.Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
imagePullPolicy: {{ $context.Values.image.pullPolicy }}
command:
- bundle
- exec
- sidekiq
- -c
- {{ .Values.mastodon.sidekiq.concurrency | quote }}
- {{ .concurrency | quote }}
{{- range .queues }}
- -q
- {{ . | quote }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
name: {{ include "mastodon.fullname" $context }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" $context }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" $context }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" $context }}
key: redis-password
{{- if (not .Values.mastodon.s3.enabled) }}
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
name: {{ include "mastodon.smtp.secretName" $context }}
key: login
optional: true
- name: "SMTP_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ include "mastodon.smtp.secretName" $context }}
key: password
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_SECRET_ACCESS_KEY
- name: "AWS_ACCESS_KEY_ID"
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets
mountPath: /opt/mastodon/public/assets
@ -94,12 +122,13 @@ spec:
mountPath: /opt/mastodon/public/system
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
{{- with $context.Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with $context.Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

38
mastodon/templates/deployment-streaming.yaml
View File

@ -5,32 +5,38 @@ metadata:
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
replicas: {{ .Values.mastodon.streaming.replicas }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: streaming
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
labels:
{{- include "mastodon.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: streaming
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
{{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
- name: {{ .Chart.Name }}-streaming
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
@ -43,16 +49,12 @@ spec:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.streaming.port | quote }}
@ -68,13 +70,15 @@ spec:
httpGet:
path: /api/v1/streaming/health
port: streaming
{{- with (default .Values.resources .Values.mastodon.streaming.resources) }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}

83
mastodon/templates/deployment-web.yaml
View File

@ -5,32 +5,34 @@ metadata:
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
replicas: {{ .Values.mastodon.web.replicas }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
component: rails
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }}
{{- toYaml . | nindent 8 }}
# roll the pods to pick up any db migrations
rollme: {{ randAlphaNum 5 | quote }}
{{- end }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
labels:
{{- include "mastodon.selectorLabels" . | nindent 8 }}
component: rails
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
{{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumes:
- name: assets
@ -41,9 +43,11 @@ spec:
claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers:
- name: {{ .Chart.Name }}
- name: {{ .Chart.Name }}-web
{{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
@ -56,24 +60,48 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if .Values.mastodon.web.minThreads }}
- name: "MIN_THREADS"
value: {{ .Values.mastodon.web.minThreads | quote }}
{{- end }}
{{- if .Values.mastodon.web.maxThreads }}
- name: "MAX_THREADS"
value: {{ .Values.mastodon.web.maxThreads | quote }}
{{- end }}
{{- if .Values.mastodon.web.workers }}
- name: "WEB_CONCURRENCY"
value: {{ .Values.mastodon.web.workers | quote }}
{{- end }}
{{- if .Values.mastodon.web.persistentTimeout }}
- name: "PERSISTENT_TIMEOUT"
value: {{ .Values.mastodon.web.persistentTimeout | quote }}
{{- end }}
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_SECRET_ACCESS_KEY
- name: "AWS_ACCESS_KEY_ID"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets
@ -86,20 +114,27 @@ spec:
containerPort: {{ .Values.mastodon.web.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /health
tcpSocket:
port: http
readinessProbe:
httpGet:
path: /health
port: http
startupProbe:
httpGet:
path: /health
port: http
failureThreshold: 30
periodSeconds: 5
{{- with (default .Values.resources .Values.mastodon.web.resources) }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}

28
mastodon/templates/hpa.yaml
View File

@ -1,28 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "mastodon.fullname" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "mastodon.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

27
mastodon/templates/ingress.yaml
View File

@ -2,12 +2,7 @@
{{- $fullName := include "mastodon.fullname" . -}}
{{- $webPort := .Values.mastodon.web.port -}}
{{- $streamingPort := .Values.mastodon.streaming.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
@ -24,8 +19,8 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
@ -44,11 +39,8 @@ spec:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
service:
name: {{ $fullName }}-web
port:
@ -57,12 +49,12 @@ spec:
serviceName: {{ $fullName }}-web
servicePort: {{ $webPort }}
{{- end }}
- path: {{ .path }}api/v1/streaming
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
- path: {{ .path }}api/v1/streaming
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
service:
name: {{ $fullName }}-streaming
port:
@ -71,6 +63,9 @@ spec:
serviceName: {{ $fullName }}-streaming
servicePort: {{ $streamingPort }}
{{- end }}
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
{{- end }}
{{- end }}
{{- end }}

30
mastodon/templates/job-assets-precompile.yaml
View File

@ -12,6 +12,10 @@ spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-assets-precompile
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
@ -21,13 +25,13 @@ spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: component
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
@ -50,21 +54,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

32
mastodon/templates/job-chewy-upgrade.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.elasticsearch.enabled }}
{{- if .Values.elasticsearch.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
@ -13,6 +13,10 @@ spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-chewy-upgrade
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
@ -22,13 +26,13 @@ spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: component
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
@ -51,21 +55,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

22
mastodon/templates/job-create-admin.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.mastodon.createAdmin.enabled }}
{{- if .Values.mastodon.createAdmin.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
@ -13,6 +13,10 @@ spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-create-admin
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
@ -24,7 +28,7 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: component
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
@ -51,26 +55,22 @@ spec:
- {{ .Values.mastodon.createAdmin.email }}
- --confirmed
- --role
- admin
- Owner
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

30
mastodon/templates/job-db-migrate.yaml
View File

@ -12,6 +12,10 @@ spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-db-migrate
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
@ -21,13 +25,13 @@ spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: component
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
@ -50,21 +54,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

18
mastodon/templates/job-set-admin-password.yaml
View File

@ -1,8 +1,8 @@
{{- if .Values.mastodon.createAdmin.enabled }}
{{- if .Values.mastodon.createAdmin.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-create-admin
name: {{ include "mastodon.fullname" . }}-set-admin-password
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
@ -13,6 +13,10 @@ spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-create-admin
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
@ -24,7 +28,7 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: component
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
@ -50,21 +54,21 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
name: {{ template "mastodon.postgresql.secretName" . }}
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

6
mastodon/templates/pvc-assets.yaml
View File

@ -1,4 +1,4 @@
{{- if (not .Values.mastodon.s3.enabled) }}
{{- if (not .Values.mastodon.s3.enabled) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@ -8,7 +8,9 @@ metadata:
spec:
accessModes:
- {{ .Values.mastodon.persistence.system.accessMode }}
{{- with .Values.mastodon.persistence.assets.resources }}
resources:
{{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}}
{{- toYaml . | nindent 4 }}
{{- end }}
storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }}
{{- end }}

6
mastodon/templates/pvc-system.yaml
View File

@ -1,4 +1,4 @@
{{- if (not .Values.mastodon.s3.enabled) }}
{{- if (not .Values.mastodon.s3.enabled) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@ -8,7 +8,9 @@ metadata:
spec:
accessModes:
- {{ .Values.mastodon.persistence.system.accessMode }}
{{- with .Values.mastodon.persistence.system.resources }}
resources:
{{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}}
{{- toYaml . | nindent 4 }}
{{- end }}
storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }}
{{- end }}

16
mastodon/templates/secret-smtp.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if not .Values.mastodon.smtp.existingSecret -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-smtp" (include "common.names.fullname" .) }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
{{- with .Values.mastodon.smtp.login }}
login: {{ . | b64enc }}
{{- end }}
{{- with .Values.mastodon.smtp.password }}
password: {{ . | b64enc }}
{{- end }}
{{- end }}

12
mastodon/templates/secrets.yaml
View File

@ -1,3 +1,4 @@
{{- if (include "mastodon.createSecret" .) -}}
apiVersion: v1
kind: Secret
metadata:
@ -7,9 +8,12 @@ metadata:
type: Opaque
data:
{{- if .Values.mastodon.s3.enabled }}
{{- if not .Values.mastodon.s3.existingSecret }}
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
{{- end }}
{{- end }}
{{- if not .Values.mastodon.secrets.existingSecret }}
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
{{- else }}
@ -30,6 +34,10 @@ data:
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}"
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}
password: "{{ .Values.postgresql.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}

1
mastodon/templates/service-streaming.yaml
View File

@ -13,3 +13,4 @@ spec:
name: streaming
selector:
{{- include "mastodon.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: streaming

1
mastodon/templates/service-web.yaml
View File

@ -13,3 +13,4 @@ spec:
name: http
selector:
{{- include "mastodon.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: web

2
mastodon/templates/tests/test-connection.yaml
View File

@ -11,5 +11,5 @@ spec:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "mastodon.fullname" . }}:{{ .Values.service.port }}']
args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}']
restartPolicy: Never