diff --git a/mastodon/Chart.yaml b/mastodon/Chart.yaml index c3db0a9..1d3e885 100644 --- a/mastodon/Chart.yaml +++ b/mastodon/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.4 +version: 0.2.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 3.4.6 +appVersion: 3.5.1 dependencies: - name: elasticsearch diff --git a/mastodon/templates/configmap-env.yaml b/mastodon/templates/configmap-env.yaml index 701368e..5e06209 100644 --- a/mastodon/templates/configmap-env.yaml +++ b/mastodon/templates/configmap-env.yaml @@ -21,6 +21,9 @@ data: ES_PORT: "9200" {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} + {{- if .Values.mastodon.web_domain }} + WEB_DOMAIN: {{ .Values.mastodon.web_domain }} + {{- end }} # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior MALLOC_ARENA_MAX: "2" NODE_ENV: "production" @@ -36,6 +39,9 @@ data: {{- if .Values.mastodon.s3.region }} S3_REGION: {{ .Values.mastodon.s3.region }} {{- end }} + {{- if .Values.mastodon.s3.alias_host }} + S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}} + {{- end }} {{- end }} {{- if .Values.mastodon.smtp.auth_method }} SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} @@ -77,3 +83,221 @@ data: SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }} {{- end }} STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} + {{- if .Values.externalAuth.oidc.enabled }} + OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }} + OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }} + OIDC_ISSUER: {{ .Values.externalAuth.oidc.issuer }} + OIDC_DISCOVERY: {{ .Values.externalAuth.oidc.discovery | quote }} + OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }} + OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }} + OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }} + OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }} + OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }} + OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }} + {{- if .Values.externalAuth.oidc.client_auth_method }} + OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }} + {{- end }} + {{- if .Values.externalAuth.oidc.response_type }} + OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }} + {{- end }} + {{- if .Values.externalAuth.oidc.response_mode }} + OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }} + {{- end }} + {{- if .Values.externalAuth.oidc.display }} + OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }} + {{- end }} + {{- if .Values.externalAuth.oidc.prompt }} + OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }} + {{- end }} + {{- if .Values.externalAuth.oidc.send_nonce }} + OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }} + {{- end }} + {{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }} + OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }} + {{- end }} + {{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }} + OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }} + {{- end }} + {{- if .Values.externalAuth.oidc.http_scheme }} + OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }} + {{- end }} + {{- if .Values.externalAuth.oidc.host }} + OIDC_HOST: {{ .Values.externalAuth.oidc.host }} + {{- end }} + {{- if .Values.externalAuth.oidc.port }} + OIDC_PORT: {{ .Values.externalAuth.oidc.port }} + {{- end }} + {{- if .Values.externalAuth.oidc.jwks_uri }} + OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }} + {{- end }} + {{- if .Values.externalAuth.oidc.auth_endpoint }} + OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }} + {{- end }} + {{- if .Values.externalAuth.oidc.token_endpoint }} + OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }} + {{- end }} + {{- if .Values.externalAuth.oidc.user_info_endpoint }} + OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }} + {{- end }} + {{- if .Values.externalAuth.oidc.end_session_endpoint }} + OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }} + {{- end }} + {{- end }} + {{- if .Values.externalAuth.saml.enabled }} + SAML_ENABLED: {{ .Values.externalAuth.saml.enabled | quote }} + SAML_ACS_URL: {{ .Values.externalAuth.saml.acs_url }} + SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }} + SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }} + SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }} + {{- if .Values.externalAuth.saml.idp_cert_fingerprint }} + SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.name_identifier_format }} + SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }} + {{- end }} + {{- if .Values.externalAuth.saml.cert }} + SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.private_key }} + SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.want_assertion_signed }} + SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.want_assertion_encrypted }} + SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.assume_email_is_verified }} + SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.uid_attribute }} + SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }} + {{- end }} + {{- if .Values.externalAuth.saml.attributes_statements.uid }} + SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.attributes_statements.email }} + SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.attributes_statements.full_name }} + SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.attributes_statements.first_name }} + SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.attributes_statements.last_name }} + SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.attributes_statements.verified }} + SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }} + {{- end }} + {{- if .Values.externalAuth.saml.attributes_statements.verified_email }} + SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }} + {{- end }} + {{- end }} + {{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }} + OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.enabled }} + CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }} + CAS_URL: {{ .Values.externalAuth.cas.url }} + CAS_HOST: {{ .Values.externalAuth.cas.host }} + CAS_PORT: {{ .Values.externalAuth.cas.port }} + CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }} + {{- if .Values.externalAuth.cas.validate_url }} + CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }} + {{- end }} + {{- if .Values.externalAuth.cas.callback_url }} + CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }} + {{- end }} + {{- if .Values.externalAuth.cas.logout_url }} + CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }} + {{- end }} + {{- if .Values.externalAuth.cas.login_url }} + CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }} + {{- end }} + {{- if .Values.externalAuth.cas.uid_field }} + CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.ca_path }} + CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }} + {{- end }} + {{- if .Values.externalAuth.cas.disable_ssl_verification }} + CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.assume_email_is_verified }} + CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.uid }} + CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.name }} + CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.email }} + CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.nickname }} + CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.first_name }} + CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.last_name }} + CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.location }} + CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.image }} + CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }} + {{- end }} + {{- if .Values.externalAuth.cas.keys.phone }} + CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }} + {{- end }} + {{- end }} + {{- if .Values.externalAuth.pam.enabled }} + PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }} + {{- if .Values.externalAuth.pam.email_domain }} + PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }} + {{- end }} + {{- if .Values.externalAuth.pam.default_service }} + PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }} + {{- end }} + {{- if .Values.externalAuth.pam.controlled_service }} + PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }} + {{- end }} + {{- end }} + {{- if .Values.externalAuth.ldap.enabled }} + LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }} + LDAP_HOST: {{ .Values.externalAuth.ldap.host }} + LDAP_PORT: {{ .Values.externalAuth.ldap.port }} + LDAP_METHOD: {{ .Values.externalAuth.ldap.method }} + {{- if .Values.externalAuth.ldap.base }} + LDAP_BASE: {{ .Values.externalAuth.ldap.base }} + {{- end }} + {{- if .Values.externalAuth.ldap.bind_on }} + LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }} + {{- end }} + {{- if .Values.externalAuth.ldap.password }} + LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }} + {{- end }} + {{- if .Values.externalAuth.ldap.uid }} + LDAP_UID: {{ .Values.externalAuth.ldap.uid }} + {{- end }} + {{- if .Values.externalAuth.ldap.mail }} + LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }} + {{- end }} + {{- if .Values.externalAuth.ldap.search_filter }} + LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }} + {{- end }} + {{- if .Values.externalAuth.ldap.uid_conversion.enabled }} + LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }} + {{- end }} + {{- if .Values.externalAuth.ldap.uid_conversion.search }} + LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }} + {{- end }} + {{- if .Values.externalAuth.ldap.uid_conversion.replace }} + LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/mastodon/templates/ingress.yaml b/mastodon/templates/ingress.yaml index 8930d2c..7295297 100644 --- a/mastodon/templates/ingress.yaml +++ b/mastodon/templates/ingress.yaml @@ -2,7 +2,9 @@ {{- $fullName := include "mastodon.fullname" . -}} {{- $webPort := .Values.mastodon.web.port -}} {{- $streamingPort := .Values.mastodon.streaming.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 @@ -35,12 +37,32 @@ spec: {{- range .paths }} - path: {{ .path }} backend: + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + service: + name: {{ $fullName }}-web + port: + number: {{ $webPort }} + {{- else }} serviceName: {{ $fullName }}-web servicePort: {{ $webPort }} + {{- end }} + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + pathType: ImplementationSpecific + {{- end }} - path: {{ .path }}api/v1/streaming backend: + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + service: + name: {{ $fullName }}-streaming + port: + number: {{ $streamingPort }} + {{- else }} serviceName: {{ $fullName }}-streaming servicePort: {{ $streamingPort }} + {{- end }} + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + pathType: ImplementationSpecific + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/mastodon/values.yaml b/mastodon/values.yaml index c4e8474..b819fe1 100644 --- a/mastodon/values.yaml +++ b/mastodon/values.yaml @@ -8,7 +8,7 @@ image: # built from the most recent commit # # tag: latest - tag: v3.4.6 + tag: v3.5.1 # use `Always` when using `latest` tag pullPolicy: IfNotPresent @@ -85,9 +85,9 @@ mastodon: ingress: enabled: true - annotations: - kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: "true" + annotations: {} + #kubernetes.io/ingress.class: nginx + #kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: "letsencrypt" # # ensure that NGINX's upload size matches Mastodon's