ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

postgres-operator: bump to v1.9.0, helm chart v1.9.0

Browse Source 
postgres-operator-ui: bump to v1.9.0, helm chart v1.9.0

astodon: bump to v4.1.2, helm chart v4.0.0
This commit is contained in:
ace
2023-04-08 22:26:41 +03:00
parent b0a01a4956
commit 8867ab5980
43 changed files with 1872 additions and 746 deletions
Download Patch File Download Diff File Expand all files Collapse all files

343
mastodon/values.yaml
View File

@ -1,40 +1,48 @@
replicaCount: 1
image:
repository: tootsuite/mastodon
# https://hub.docker.com/r/tootsuite/mastodon/tags
repository: ghcr.io/mastodon/mastodon
# https://github.com/mastodon/mastodon/pkgs/container/mastodon
#
# alternatively, use `latest` for the latest release or `edge` for the image
# built from the most recent commit
#
# tag: latest
tag: v3.5.3
tag: "v4.1.2"
# use `Always` when using `latest` tag
pullPolicy: IfNotPresent
mastodon:
# create an initial administrator user; the password is autogenerated and will
# -- create an initial administrator user; the password is autogenerated and will
# have to be reset
# CHANGE PASSWORD!!
createAdmin:
# @ignored
enabled: false
# @ignored
username: not_gargron
password: mystronpassword
# @ignored
email: not@example.com
cron:
# run `tootctl media remove` every week
# -- run `tootctl media remove` every week
removeMedia:
# @ignored
enabled: true
# @ignored
schedule: "0 0 * * 0"
# available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43
# -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
locale: en
local_domain: mastodon.local
# Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
# -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
# web_domain: mastodon.example.com
# Example: mastodon.example.com
web_domain: null
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch: false
# -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
limitedFederationMode: false
persistence:
assets:
# ReadWriteOnce is more widely supported than ReadWriteMany, but limits
# -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits
# scalability, since it requires the Rails and Sidekiq pods to run on the
# same node.
accessMode: ReadWriteOnce
@ -50,11 +58,15 @@ mastodon:
enabled: false
access_key: ""
access_secret: ""
# -- you can also specify the name of an existing Secret
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
existingSecret: ""
bucket: ""
endpoint: https://us-east-1.linodeobjects.com
hostname: us-east-1.linodeobjects.com
endpoint: ""
hostname: ""
region: ""
# If you have a caching proxy, enter its base URL here.
permission: ""
# -- If you have a caching proxy, enter its base URL here.
alias_host: ""
# these must be set manually; autogenerated keys are rotated on each upgrade
secrets:
@ -63,88 +75,220 @@ mastodon:
vapid:
private_key: ""
public_key: ""
# -- you can also specify the name of an existing Secret
# with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
existingSecret: ""
sidekiq:
concurrency: 25
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext
securityContext: {}
# -- Resources for all Sidekiq Deployments unless overwritten
resources: {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity: {}
# limits:
# cpu: "1"
# memory: 768Mi
# requests:
# cpu: 250m
# memory: 512Mi
workers:
- name: all-queues
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
concurrency: 25
# -- Number of Pod replicas deployed by the Deployment
replicas: 1
# -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources
resources: {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity: {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues:
- default,8
- push,6
- ingress,4
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
#- name: push-pull
# concurrency: 50
# resources: {}
# replicas: 2
# queues:
# - push
# - pull
#- name: mailers
# concurrency: 25
# replicas: 2
# queues:
# - mailers
#- name: default
# concurrency: 25
# replicas: 2
# queues:
# - default
smtp:
auth_method: plain
ca_file: /etc/ssl/certs/ca-certificates.crt
delivery_method: smtp
domain:
enable_starttls_auto: true
enable_starttls: 'auto'
from_address: notifications@example.com
login:
openssl_verify_mode: peer
password:
port: 587
reply_to:
server: smtp.mailgun.org
tls: false
login:
password:
# -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and
# password must be located in keys named `login` and `password` respectively.
existingSecret:
streaming:
port: 4000
# this should be set manually since os.cpus() returns the number of CPUs on
# -- this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to
# the pod by k8s
workers: 1
# The base url for streaming can be set if the streaming API is deployed to
# -- The base url for streaming can be set if the streaming API is deployed to
# a different domain/subdomain.
# base_url: wws://streaming.example.com
base_url: null
# -- Number of Streaming Pods running
replicas: 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity: {}
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
securityContext: {}
# -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources
resources: {}
# limits:
# cpu: "500m"
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 128Mi
web:
port: 3000
# -- Number of Web Pods running
replicas: 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity: {}
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext
securityContext: {}
# -- (Web Container) Resources for Web Pods, overwrites .Values.resources
resources: {}
# limits:
# cpu: "1"
# memory: 1280Mi
# requests:
# cpu: 250m
# memory: 768Mi
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
minThreads: "5"
maxThreads: "5"
workers: "2"
persistentTimeout: "20"
metrics:
statsd:
# -- Enable statsd publishing via STATSD_ADDR environment variable
address: ""
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements: true
ingress:
enabled: false
className: ""
annotations: {}
# nginx.ingress.kubernetes.io/proxy-body-size: "0"
# nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
# nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
enabled: true
annotations:
# For choosing an ingress ingressClassName is preferred over annotations
# kubernetes.io/ingress.class: nginx
#
# To automatically request TLS certificates use one of the following
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt"
#
# ensure that NGINX's upload size matches Mastodon's
# for the K8s ingress controller:
# nginx.ingress.kubernetes.io/proxy-body-size: 40m
# for the NGINX ingress controller:
# nginx.org/client-max-body-size: 40m
# -- you can specify the ingressClassName if it differs from the default
ingressClassName:
hosts:
- host: chart-example.local
- host: mastodon.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
- path: '/'
tls:
- secretName: mastodon-tls
hosts:
- mastodon.local
# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
elasticsearch:
# `false` will disable full-text search
#
# if you enable ES after the initial install, you will need to manually run
# RAILS_ENV=production bundle exec rake chewy:sync
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
# @ignored
enabled: true
# @ignored
image:
tag: 7
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql:
# disable if you want to use an existing db; in which case the values below
# -- disable if you want to use an existing db; in which case the values below
# must match those of that external postgres instance
enabled: true
# postgresqlHostname: preexisting-postgresql
postgresqlDatabase: mastodon_production
# you must set a password; the password generated by the postgresql chart will
# be rotated on each upgrade:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
postgresqlPassword: ""
postgresqlUsername: postgres
# postgresqlPort: 5432
auth:
database: mastodon_production
username: mastodon
# you must set a password; the password generated by the postgresql chart will
# be rotated on each upgrade:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
password: ""
# Set the password for the "postgres" admin user
# set this to the same value as above if you've previously installed
# this chart and you're having problems getting mastodon to connect to the DB
# postgresPassword: ""
# you can also specify the name of an existing Secret
# with a key of password set to the password you want
existingSecret: ""
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis:
# you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# disable if you want to use an existing redis instance; in which case the
# values below must match those of that external redis instance
enabled: true
hostname: ""
port: 6379
auth:
# -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# existingSecret: ""
# @ignored
service:
type: ClusterIP
port: 80
externalAuth:
oidc:
# OpenID Connect support is proposed in PR #16221 and awaiting merge.
# -- OpenID Connect support is proposed in PR #16221 and awaiting merge.
enabled: false
# display_name: "example-label"
# issuer: https://login.example.space/auth/realms/example-space
@ -155,62 +299,62 @@ externalAuth:
# client_secret: SECRETKEY
# redirect_uri: https://example.com/auth/auth/openid_connect/callback
# assume_email_is_verified: true
# client_auth_method:
# response_type:
# response_mode:
# display:
# prompt:
# send_nonce:
# send_scope_to_token_endpoint:
# idp_logout_redirect_uri:
# http_scheme:
# host:
# port:
# jwks_uri:
# auth_endpoint:
# token_endpoint:
# user_info_endpoint:
# end_session_endpoint:
# client_auth_method:
# response_type:
# response_mode:
# display:
# prompt:
# send_nonce:
# send_scope_to_token_endpoint:
# idp_logout_redirect_uri:
# http_scheme:
# host:
# port:
# jwks_uri:
# auth_endpoint:
# token_endpoint:
# user_info_endpoint:
# end_session_endpoint:
saml:
enabled: false
# acs_url: http://mastodon.example.com/auth/auth/saml/callback
# issuer: mastodon
# idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
# idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
# idp_cert_fingerprint:
# idp_cert_fingerprint:
# name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
# cert:
# private_key:
# cert:
# private_key:
# want_assertion_signed: true
# want_assertion_encrypted: true
# assume_email_is_verified: true
# uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
# attributes_statements:
# attributes_statements:
# uid: "urn:oid:0.9.2342.19200300.100.1.1"
# email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
# full_name: "urn:oid:2.16.840.1.113730.3.1.241"
# first_name: "urn:oid:2.5.4.42"
# last_name: "urn:oid:2.5.4.4"
# verified:
# verified_email:
oauth_global:
# Force redirect local login to CAS. Does not function with SAML or LDAP.
oauth_redirect_at_sign_in: false
# verified:
# verified_email:
oauth_global:
# -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In
omniauth_only: false
cas:
enabled: false
# url: https://sso.myserver.com
# host: sso.myserver.com
# port: 443
# ssl: true
# validate_url:
# callback_url:
# logout_url:
# login_url:
# validate_url:
# callback_url:
# logout_url:
# login_url:
# uid_field: 'user'
# ca_path:
# ca_path:
# disable_ssl_verification: false
# assume_email_is_verified: true
# keys:
# keys:
# uid: 'user'
# name: 'name'
# email: 'email'
@ -220,7 +364,7 @@ externalAuth:
# location: 'location'
# image: 'image'
# phone: 'phone'
pam:
pam:
enabled: false
# email_domain: example.com
# default_service: rpam
@ -228,11 +372,12 @@ externalAuth:
ldap:
enabled: false
# host: myservice.namespace.svc
# port: 389
# port: 636
# method: simple_tls
# base:
# bind_on:
# password:
# tls_no_verify: true
# base:
# bind_dn:
# password:
# uid: cn
# mail: mail
# search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"
@ -241,7 +386,7 @@ externalAuth:
# search: "., -"
# replace: _
# https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88
# -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75
#
# if you manually change the UID/GID environment variables, ensure these values
# match:
@ -250,19 +395,31 @@ podSecurityContext:
runAsGroup: 991
fsGroup: 991
# @ignored
securityContext: {}
serviceAccount:
# Specifies whether a service account should be created
# -- Specifies whether a service account should be created
create: true
# Annotations to add to the service account
# -- Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods.
podAnnotations: {}
# If set to true, an annotation with the current chart release number will be added to all mastodon pods. This will
# cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes.
revisionPodAnnotation: true
# The annotations set with jobAnnotations will be added to all job pods.
jobAnnotations: {}
# -- Default resources for all Deployments and jobs unless overwritten
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
@ -275,15 +432,11 @@ resources: {}
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# @ignored
nodeSelector: {}
# @ignored
tolerations: []
# -- Affinity for all pods unless overwritten
affinity: {}