mastodon: bump to v3.5.1, helm chart 0.2.5

2022-04-14 16:59:05 +03:00 · 2022-04-14 16:59:05 +03:00 · c54d2f5880
commit c54d2f5880
parent 4aecd19b56
4 changed files with 253 additions and 7 deletions
--- a/mastodon/Chart.yaml
+++ b/mastodon/Chart.yaml
@ -15,12 +15,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.4
+version: 0.2.5

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 3.4.6
+appVersion: 3.5.1

 dependencies:
  - name: elasticsearch
--- a/mastodon/templates/configmap-env.yaml
+++ b/mastodon/templates/configmap-env.yaml
@ -21,6 +21,9 @@ data:
  ES_PORT: "9200"
  {{- end }}
  LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
+  {{- if .Values.mastodon.web_domain }}
+  WEB_DOMAIN: {{ .Values.mastodon.web_domain }}
+  {{- end }}
  # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
  MALLOC_ARENA_MAX: "2"
  NODE_ENV: "production"
@ -36,6 +39,9 @@ data:
  {{- if .Values.mastodon.s3.region }}
  S3_REGION: {{ .Values.mastodon.s3.region }}
  {{- end }}
+  {{- if .Values.mastodon.s3.alias_host }}
+  S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
+  {{- end }}
  {{- end }}
  {{- if .Values.mastodon.smtp.auth_method }}
  SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
@ -77,3 +83,221 @@ data:
  SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }}
  {{- end }}
  STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
+  {{- if .Values.externalAuth.oidc.enabled }}
+  OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
+  OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }}
+  OIDC_ISSUER: {{ .Values.externalAuth.oidc.issuer }}
+  OIDC_DISCOVERY: {{ .Values.externalAuth.oidc.discovery | quote }}
+  OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }}
+  OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }}
+  OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }}
+  OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
+  OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
+  OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
+  {{- if .Values.externalAuth.oidc.client_auth_method }}
+  OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.response_type }}
+  OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.response_mode }}
+  OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.display }}
+  OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.prompt }}
+  OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.send_nonce }}
+  OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
+  OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }}
+  OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.http_scheme }}
+  OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.host }}
+  OIDC_HOST: {{ .Values.externalAuth.oidc.host }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.port }}
+  OIDC_PORT: {{ .Values.externalAuth.oidc.port }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.jwks_uri }}
+  OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.auth_endpoint }}
+  OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.token_endpoint }}
+  OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.user_info_endpoint }}
+  OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.end_session_endpoint }}
+  OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.enabled }}
+  SAML_ENABLED: {{ .Values.externalAuth.saml.enabled | quote }}
+  SAML_ACS_URL: {{ .Values.externalAuth.saml.acs_url }}
+  SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
+  SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
+  SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
+  {{- if .Values.externalAuth.saml.idp_cert_fingerprint }}
+  SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.name_identifier_format }}
+  SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.cert }}
+  SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.private_key }}
+  SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.want_assertion_signed }}
+  SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.want_assertion_encrypted }}
+  SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.assume_email_is_verified }}
+  SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.uid_attribute }}
+  SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.uid }}
+  SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.email }}
+  SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.full_name }}
+  SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.first_name }}
+  SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.last_name }}
+  SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.verified }}
+  SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.verified_email }}
+  SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }}
+  OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.enabled }}
+  CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
+  CAS_URL: {{ .Values.externalAuth.cas.url }}
+  CAS_HOST: {{ .Values.externalAuth.cas.host }}
+  CAS_PORT: {{ .Values.externalAuth.cas.port }}
+  CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
+  {{- if .Values.externalAuth.cas.validate_url }}
+  CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.callback_url }}
+  CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.logout_url }}
+  CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.login_url }}
+  CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.uid_field }}
+  CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.ca_path }}
+  CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.disable_ssl_verification }}
+  CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.assume_email_is_verified }}
+  CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.uid }}
+  CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.name }}
+  CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.email }}
+  CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.nickname }}
+  CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.first_name }}
+  CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.last_name }}
+  CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.location }}
+  CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.image }}
+  CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.phone }}
+  CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.pam.enabled }}
+  PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }}
+  {{- if .Values.externalAuth.pam.email_domain }}
+  PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }}
+  {{- end }}
+  {{- if .Values.externalAuth.pam.default_service }}
+  PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }}
+  {{- end }}
+  {{- if .Values.externalAuth.pam.controlled_service }}
+  PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.enabled }}
+  LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }}
+  LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
+  LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
+  LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
+  {{- if .Values.externalAuth.ldap.base }}
+  LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.bind_on }}
+  LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.password }}
+  LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.uid }}
+  LDAP_UID: {{ .Values.externalAuth.ldap.uid }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.mail }}
+  LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.search_filter }}
+  LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.uid_conversion.enabled }}
+  LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.uid_conversion.search }}
+  LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.uid_conversion.replace }}
+  LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }}
+  {{- end }}
+  {{- end }}
--- a/mastodon/templates/ingress.yaml
+++ b/mastodon/templates/ingress.yaml
@ -2,7 +2,9 @@
 {{- $fullName := include "mastodon.fullname" . -}}
 {{- $webPort := .Values.mastodon.web.port -}}
 {{- $streamingPort := .Values.mastodon.streaming.port -}}
-{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
@ -35,12 +37,32 @@ spec:
          {{- range .paths }}
          - path: {{ .path }}
            backend:
+              {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+              service:
+                name: {{ $fullName }}-web
+                port:
+                  number: {{ $webPort }}
+              {{- else }}
              serviceName: {{ $fullName }}-web
              servicePort: {{ $webPort }}
+              {{- end }}
+            {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+            pathType: ImplementationSpecific
+            {{- end }}
          - path: {{ .path }}api/v1/streaming
            backend:
+              {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+              service:
+                name: {{ $fullName }}-streaming
+                port:
+                  number: {{ $streamingPort }}
+              {{- else }}
              serviceName: {{ $fullName }}-streaming
              servicePort: {{ $streamingPort }}
+              {{- end }}
+            {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+            pathType: ImplementationSpecific
+            {{- end }}
          {{- end }}
    {{- end }}
 {{- end }}
--- a/mastodon/values.yaml
+++ b/mastodon/values.yaml
@ -8,7 +8,7 @@ image:
  # built from the most recent commit
  #
  # tag: latest
-  tag: v3.4.6
+  tag: v3.5.1
  # use `Always` when using `latest` tag
  pullPolicy: IfNotPresent

@ -85,9 +85,9 @@ mastodon:

 ingress:
  enabled: true
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    kubernetes.io/tls-acme: "true"
+  annotations: {}
+    #kubernetes.io/ingress.class: nginx
+    #kubernetes.io/tls-acme: "true"
    # cert-manager.io/cluster-issuer: "letsencrypt"
    #
    # ensure that NGINX's upload size matches Mastodon's