mastodon: bump to v4.5.3, helm chart 6.6.3

2026-01-05 17:42:05 +03:00
parent 54bf53262d
commit c77693c0e1
16 changed files with 162 additions and 13 deletions
--- a/mastodon/.github/workflows/test-chart.yml
+++ b/mastodon/.github/workflows/test-chart.yml
@@ -75,21 +75,21 @@ jobs:
          # available for use in the templates, currently we need v3.6.0 or
          # higher.
          #
-          - k3s-channel: v1.28
+          - k3s-channel: v1.33
-            helm-version: v3.8.0
+            helm-version: v3.19.0
    env:
      HELM_EXPERIMENTAL_OCI: "1"
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
      # This action starts a k8s cluster with NetworkPolicy enforcement and
      # installs both kubectl and helm.
      #
      # ref: https://github.com/jupyterhub/action-k3s-helm#readme
      #
-      - uses: jupyterhub/action-k3s-helm@v3
+      - uses: jupyterhub/action-k3s-helm@v4
        with:
          k3s-channel: ${{ matrix.k3s-channel }}
          helm-version: ${{ matrix.helm-version }}
--- a/mastodon/CHANGELOG.md
+++ b/mastodon/CHANGELOG.md
@@ -1,3 +1,64 @@
 # 6.6.3
 - Update the mastodon version to v4.5.3
 # 6.6.2
 - Update the mastodon version to v4.5.2
 # 6.6.1
 - Update the mastodon version to v4.5.1
 # 6.6.0
 - Update the mastodon version to v4.5.0. Please refer to the [release notes](https://github.com/mastodon/mastodon/releases/tag/v4.5.0) for important changes.
 # 6.5.8
 - Update the mastodon version to v4.4.8
 # 6.5.7
 - Updated all dependent chart images to bitnami legacy repositories.
 - Updated chart test jobs.
 - Added additional configuration options:
 ```yaml
 mastodon:
  s3:
    protocol: https
 ...
 elasticsearch:
  caSecret:
  indexPrefix:
 ...
 jobLabels:
 ```
 # 6.5.6
 - Update the mastodon version to v4.4.7
 # 6.5.5
 - Update the mastodon version to v4.4.6
 # 6.5.4
 - Update the mastodon version to v4.4.5
 # 6.5.3
 - Update the mastodon version to v4.4.4
 # 6.5.2
 - Update the Mastodon version to v4.4.3
 # 6.5.1
 - Updated the Mastodon version to v4.4.2
 # 6.5.0
 Updated the Mastodon version to v4.4.1. Please read the [4.4.0 release notes](https://github.com/mastodon/mastodon/releases/tag/v4.4.0) before updating from a version < 4.4. In particular:
--- a/mastodon/Chart.lock
+++ b/mastodon/Chart.lock
@@ -7,6 +7,6 @@ dependencies:
  version: 14.2.3
 - name: redis
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 18.16.1
+  version: 22.0.7
-digest: sha256:684daaf2067d96e2aa6d93e9d29b7b13fc586f6ae929342e5e9c7c169b1c0748
+digest: sha256:003679b2c163c0b349b0d621475cdb85c0556f803f2f959a50cef350d3ce956e
-generated: "2024-02-23T15:14:47.536480528-08:00"
+generated: "2025-10-08T05:16:23.08106463Z"
--- a/mastodon/Chart.yaml
+++ b/mastodon/Chart.yaml
@@ -15,12 +15,12 @@ type: application
 # This is the chart version. This version number should be incremented each time
 # you make changes to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 6.5.4
+version: 6.6.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "v4.4.8"
+appVersion: "v4.5.3"
 dependencies:
  - name: elasticsearch
@@ -32,6 +32,6 @@ dependencies:
    repository: oci://registry-1.docker.io/bitnamicharts
    condition: postgresql.enabled
  - name: redis
-    version: 18.16.1
+    version: 22.0.7
    repository: oci://registry-1.docker.io/bitnamicharts
    condition: redis.enabled
--- a/mastodon/templates/_db-migrate.tpl
+++ b/mastodon/templates/_db-migrate.tpl
@@ -33,6 +33,10 @@ spec:
  template:
    metadata:
      name: {{ include "mastodon.fullname" . }}-db-migrate
      {{- with .Values.jobLabels }}
      labels:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.jobAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
--- a/mastodon/templates/configmap-env.yaml
+++ b/mastodon/templates/configmap-env.yaml
@@ -5,6 +5,8 @@ metadata:
  labels:
    {{- include "mastodon.labels" . | nindent 4 }}
 data:
  RAILS_LOG_LEVEL: {{ .Values.mastodon.logLevel.rails | default "info" }}
  LOG_LEVEL: {{ .Values.mastodon.logLevel.streaming | default "info" }}
  DB_HOST: {{ template "mastodon.postgres.host" . }}
  DB_PORT: {{ template "mastodon.postgres.port" . }}
  DB_NAME: {{ .Values.postgresql.auth.database }}
@@ -38,10 +40,16 @@ data:
  ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
  ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}}
  ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }}
  {{- if .Values.elasticsearch.caSecret }}
  ES_CA_FILE: /opt/opensearch/config/ca.certs
  {{- end }}
  {{- end }}
  {{- with .Values.elasticsearch.user }}
  ES_USER: {{ . }}
  {{- end }}
  {{- if .Values.elasticsearch.indexPrefix }}
  ES_PREFIX: {{ .Values.elasticsearch.indexPrefix | quote }}
  {{- end }}
  LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
  {{- with .Values.mastodon.web_domain }}
  WEB_DOMAIN: {{ . }}
@@ -93,7 +101,7 @@ data:
  S3_ENABLED: "true"
  S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
  S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
-  S3_PROTOCOL: "https"
+  S3_PROTOCOL: {{ .Values.mastodon.s3.protocol }}
  {{- if .Values.mastodon.s3.permission }}
  S3_PERMISSION: {{ .Values.mastodon.s3.permission }}
  {{- end }}
@@ -195,7 +203,7 @@ data:
  OIDC_DISCOVERY: {{ .Values.externalAuth.oidc.discovery | quote }}
  OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }}
  OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }}
-  OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }}
+  OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id | quote }}
  OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
  OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
  OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
--- a/mastodon/templates/cronjob-media-remove.yaml
+++ b/mastodon/templates/cronjob-media-remove.yaml
@@ -12,6 +12,10 @@ spec:
      template:
        metadata:
          name: {{ include "mastodon.fullname" . }}-media-remove
          {{- with .Values.jobLabels }}
          labels:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.jobAnnotations }}
          annotations:
            {{- toYaml . | nindent 12 }}
--- a/mastodon/templates/deployment-sidekiq.yaml
+++ b/mastodon/templates/deployment-sidekiq.yaml
@@ -88,6 +88,11 @@ spec:
          persistentVolumeClaim:
            claimName: {{ template "mastodon.pvc.system" $context }}
      {{- end }}
      {{- if $context.Values.elasticsearch.caSecret.name }}
        - name: elasticsearch-ca
          secret:
            secretName: {{ $context.Values.elasticsearch.caSecret.name }}
      {{- end }}
      {{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
      {{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
        - name: config-database-yml
@@ -249,6 +254,12 @@ spec:
            - name: system
              mountPath: /opt/mastodon/public/system
          {{- end }}
          {{- if $context.Values.elasticsearch.caSecret.name }}
            - name: elasticsearch-ca
              mountPath: /opt/opensearch/config/ca.certs
              subPath: {{ $context.Values.elasticsearch.caSecret.key }}
              readOnly: true
          {{- end }}
          {{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
            - name: config-database-yml
              mountPath: /opt/mastodon/config/database.yml
--- a/mastodon/templates/deployment-web.yaml
+++ b/mastodon/templates/deployment-web.yaml
@@ -69,6 +69,11 @@ spec:
          persistentVolumeClaim:
            claimName: {{ template "mastodon.pvc.system" . }}
      {{- end }}
      {{- if .Values.elasticsearch.caSecret.name }}
        - name: elasticsearch-ca
          secret:
            secretName: {{ .Values.elasticsearch.caSecret.name}}
      {{- end }}
      {{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
      {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
        - name: config-database-yml
@@ -220,6 +225,12 @@ spec:
            - name: system
              mountPath: /opt/mastodon/public/system
          {{- end }}
          {{- if .Values.elasticsearch.caSecret.name }}
            - name: elasticsearch-ca
              mountPath: /opt/opensearch/config/ca.certs
              subPath: {{ .Values.elasticsearch.caSecret.key }}
              readOnly: true
          {{- end }}
          {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
            - name: config-database-yml
              mountPath: /opt/mastodon/config/database.yml
--- a/mastodon/templates/job-assets-copy.yaml
+++ b/mastodon/templates/job-assets-copy.yaml
@@ -13,6 +13,10 @@ spec:
  template:
    metadata:
      name: {{ include "mastodon.fullname" . }}-assets-upload
      {{- with .Values.jobLabels }}
      labels:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.jobAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
--- a/mastodon/templates/job-create-admin.yaml
+++ b/mastodon/templates/job-create-admin.yaml
@@ -13,6 +13,10 @@ spec:
  template:
    metadata:
      name: {{ include "mastodon.fullname" . }}-create-admin
      {{- with .Values.jobLabels }}
      labels:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.jobAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
--- a/mastodon/templates/job-deploy-search.yaml
+++ b/mastodon/templates/job-deploy-search.yaml
@@ -14,6 +14,10 @@ spec:
  template:
    metadata:
      name: {{ include "mastodon.fullname" . }}-deploy-search
      {{- with .Values.jobLabels }}
      labels:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.jobAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
--- a/mastodon/templates/job-set-admin-password.yaml
+++ b/mastodon/templates/job-set-admin-password.yaml
@@ -13,6 +13,10 @@ spec:
  template:
    metadata:
      name: {{ include "mastodon.fullname" . }}-create-admin
      {{- with .Values.jobLabels }}
      labels:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.jobAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
--- a/mastodon/templates/pvc-assets.yaml
+++ b/mastodon/templates/pvc-assets.yaml
@@ -5,6 +5,10 @@ metadata:
  name: {{ template "mastodon.fullname" . }}-assets
  labels:
    {{- include "mastodon.labels" . | nindent 4 }}
  {{- if .Values.mastodon.persistence.assets.keepAfterDelete }}
  annotations:
    helm.sh/hook-delete-policy: keep
  {{- end }}
 spec:
  accessModes:
    - {{ .Values.mastodon.persistence.assets.accessMode }}
--- a/mastodon/templates/pvc-system.yaml
+++ b/mastodon/templates/pvc-system.yaml
@@ -5,6 +5,10 @@ metadata:
  name: {{ template "mastodon.fullname" . }}-system
  labels:
    {{- include "mastodon.labels" . | nindent 4 }}
  {{- if .Values.mastodon.persistence.system.keepAfterDelete }}
  annotations:
    helm.sh/hook-delete-policy: keep
  {{- end }}
 spec:
  accessModes:
    - {{ .Values.mastodon.persistence.system.accessMode }}
--- a/mastodon/values.yaml
+++ b/mastodon/values.yaml
@@ -11,6 +11,12 @@ image:
  pullPolicy: IfNotPresent
 mastodon:
  logLevel:
    # Set log level for the web and Sidekiq processes.
    rails: info
    # Set log level for the streaming process.
    streaming: info
  # Labels added to every Mastodon-related object
  labels: {}
  # Labes added to every deployed mastodon pod
@@ -141,6 +147,7 @@ mastodon:
      # scalability, since it requires the Rails and Sidekiq pods to run on the
      # same node.
      accessMode: ReadWriteOnce
      keepAfterDelete: true
      resources:
        requests:
          storage: 10Gi
@@ -148,6 +155,7 @@ mastodon:
      existingClaim:
    system:
      accessMode: ReadWriteOnce
      keepAfterDelete: true
      resources:
        requests:
          storage: 100Gi
@@ -162,6 +170,7 @@ mastodon:
    existingSecret: ""
    bucket: ""
    endpoint: ""
    protocol: https
    hostname: ""
    region: ""
    permission: ""
@@ -625,8 +634,8 @@ elasticsearch:
  # RAILS_ENV=production bundle exec rake chewy:sync
  # (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
  enabled: true
  # @ignored
  image:
    repository: bitnamilegacy/elasticsearch
    tag: 7
  # If you are using an external ES cluster, use `enabled: false` and set the hostname, port,
@@ -653,6 +662,15 @@ elasticsearch:
  metrics:
    nodeSelector: {}
  caSecret: {}
  #  # caSecret.name is the name of the secret containing the CA certificate.
  #  name:
  #  # caSecret.key is the key in the secret containing the CA certificate.
  #  key: ca.crt
  # elasticsearchIndexPrefix specifies the prefix for Elasticsearch indices used by this Mastodon server
  # indexPrefix: ""
 # Configuration for PostgreSQL.
 # When enabled, the bitnami helm chart is used for PostgreSQL deployment, and
 # all values here correspond to their values file. Please see the bitnami chart
@@ -666,6 +684,8 @@ postgresql:
  # Please note that certain features do not work when enabling the included
  # database, namely automatic schema creation when the app is first installed.
  enabled: true
  image:
    repository: bitnamilegacy/postgresql
  # postgresqlHostname: preexisting-postgresql
  # postgresqlPort: 5432
@@ -727,6 +747,9 @@ redis:
  # disable if you want to use an existing redis instance; in which case the
  # values below must match those of that external redis instance
  enabled: true
  image:
    registry: docker.io
    repository: bitnamilegacy/redis
  hostname: ""
  port: 6379
  auth:
@@ -913,6 +936,9 @@ podAnnotations: {}
 # cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes.
 revisionPodAnnotation: true
 # The labels set with jobLabels will be added to all mastodon job pods
 jobLabels: {}
 # The annotations set with jobAnnotations will be added to all mastodon job pods
 jobAnnotations: {}