ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mastodon: bump to v4.4.1, helm chart v6.5.0

Browse Source
This commit is contained in:
ace
2025-07-14 00:14:20 +03:00
parent bca2de6613
commit f3dea682a5
28 changed files with 1144 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mastodon/.github/workflows/test-chart.yml vendored
View File

@ -17,7 +17,7 @@ permissions:
jobs:
lint-templates:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v3
@ -53,7 +53,7 @@ jobs:
# basic configuration can be used to successfully startup mastodon.
#
test-install:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
timeout-minutes: 15
strategy:
@ -75,7 +75,7 @@ jobs:
# available for use in the templates, currently we need v3.6.0 or
# higher.
#
- k3s-channel: v1.21
- k3s-channel: v1.28
helm-version: v3.8.0
env:
@ -109,7 +109,7 @@ jobs:
run: |
helm install mastodon . \
--values dev-values.yaml \
--timeout 10m
--timeout 15m
# This actions provides a report about the state of the k8s cluster,
# providing logs etc on anything that has failed and workloads marked as
@ -125,7 +125,5 @@ jobs:
deploy/mastodon-sidekiq
deploy/mastodon-streaming
deploy/mastodon-web
job/mastodon-assets-precompile
job/mastodon-chewy-upgrade
job/mastodon-create-admin
job/mastodon-db-migrate

1
mastodon/.gitignore vendored
View File

@ -1 +1,2 @@
charts/
.DS_Store

135
mastodon/CHANGELOG.md
View File

@ -1,3 +1,138 @@
# 6.5.0
Updated the Mastodon version to v4.4.1. Please read the [4.4.0 release notes](https://github.com/mastodon/mastodon/releases/tag/v4.4.0) before updating from a version < 4.4. In particular:
- Redis & Postgres minimum versions have been bumped to 6.2 and 13 respectively
- Redis namespace support has been dropped
- No-downtime updates from versions before 4.3.0 are not supported
- Elasticsearch mappings need to be updated manually via `tootctl` after deploying this new version
- The new experimental Fediverse Auxiliary Service (`fasp`) Sidekiq queue needs to be added to the list of processed queues if you changed the default Sidekiq values
# 6.4.0
- Added configuration for [bulk SMTP](https://docs.joinmastodon.org/admin/config/#optional-bulk-email-settings):
```yaml
mastodon:
smtp:
bulk:
```
# 6.3.4
- Updated the Mastodon version to v4.3.9
# 6.3.3
- Updated the Mastodon version to v4.3.8
# 6.3.2
- No longer sets `DEFAULT_LOCALE` to `en` by default; leaves this value unset.
# 6.3.1
- Removed DB_POOL from the ConfigMap as we should never have to override this.
# 6.3.0
- Added `nodeSelector` fields for every resource type for better fine-grain tuning of where resources end up.
# 6.2.4
- Fixed an issue where redis secrets specified in values or the helm CLI wouldn't be used by the db-prepare job on install.
# 6.2.3
- Updated the Mastodon version to v4.3.7
# 6.2.2
- `app.kubernetes.io/version` shortens any potential digest hash to 7 characters to avoid hitting the 63 character label limit.
# 6.2.1
- Fixed some situations where disabling all bitnami charts caused it to error.
- Fixed a potential null postgresql host value error.
# 6.2.0
- Added ability to add pod labels to pods created from Deployment objects at the global level
# 6.1.1
- Updated the Mastodon version to v4.3.6
# 6.1.0
- Added a new job to re/build elasticsearch indices as a post-upgrade hook:
```yaml
mastodon:
hooks:
deploySearch:
```
# 6.0.3
- Updated the Mastodon version to v4.3.5
# 6.0.2
- Helm version tagging now utilizes `.Values.image.tag` when set.
# 6.0.1
- Added additional values to separate out `db:prepare` and `db:migrate` jobs and whether they should run:
```yaml
mastodon:
hooks:
dbPrepare:
enabled: true
dbMigrate:
enabled: true
```
# 6.0.0
### !! BREAKING CHANGES !!
- Services for web & streaming now use `ipFamilyPolicy: PreferDualStack`. This will cause upgrades on existing deployments to fail, as kubernetes cannot patch this field. Please remove both service objects before running `helm upgrade` (services are `mastodon-web` and `mastodon-streaming` by default).
### Features
- Added prometheus metrics config for web and sidekiq pods (feature will be available with Mastodon v4.4).
```yaml
mastodon:
metrics:
prometheus:
```
- Added ability to automatically upload assets to an S3 bucket:
```yaml
mastodon:
hooks:
s3Upload:
```
- Added OpenTelemetry metrics:
```yaml
mastodon:
otel:
---
mastodon:
sidekiq:
otel:
---
mastodon:
web:
otel:
```
- Fine-grained control of labels and annotations for both pods and deployments.
- Additional redis options for separate instances (app, sidekiq, cache).
- Configurable PodDisruptionBudgets for web and streaming pods.
### Fixes
- Various database migrations fixes
- Fixed first-time install DB setup on self-managed databases
- Fixed running migrations through a connection pooler.
- Removed old, unused jobs:
- chewy upgrade (use `tootctl search deploy` instead)
- assets precompile
# 5.1.0
- Added values for Active Record Encryption in Redis:

4
mastodon/Chart.yaml
View File

@ -15,12 +15,12 @@ type: application
# This is the chart version. This version number should be incremented each time
# you make changes to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 5.1.9
version: 6.5.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: v4.2.22
appVersion: "v4.4.1"
dependencies:
- name: elasticsearch

111
mastodon/templates/_db-migrate.tpl Normal file
View File

@ -0,0 +1,111 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Spec template for DB migration pre- and post-install/upgrade jobs.
*/}}
{{- define "mastodon.dbMigrateJob" -}}
apiVersion: batch/v1
kind: Job
metadata:
{{- if .prepare }}
name: {{ include "mastodon.fullname" . }}-db-prepare
{{- else if .preDeploy }}
name: {{ include "mastodon.fullname" . }}-db-pre-migrate
{{- else }}
name: {{ include "mastodon.fullname" . }}-db-post-migrate
{{- end }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- if .prepare }}
"helm.sh/hook": pre-install
{{- else if .preDeploy }}
"helm.sh/hook": pre-upgrade
{{- else }}
"helm.sh/hook": post-install,post-upgrade
{{- end }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- if .prepare }}
"helm.sh/hook-weight": "-3"
{{- else }}
"helm.sh/hook-weight": "-2"
{{- end }}
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-db-migrate
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
containers:
- name: {{ include "mastodon.fullname" . }}-db-migrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
- exec
- rake
{{- if .prepare }}
- db:prepare
{{- else }}
- db:migrate
{{- end }}
envFrom:
- secretRef:
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_HOST"
value: {{ template "mastodon.postgres.direct.host" . }}
- name: "DB_PORT"
value: {{ template "mastodon.postgres.direct.port" . }}
- name: "DB_NAME"
value: {{ template "mastodon.postgres.direct.database" . }}
- name: "DB_USER"
value: {{ .Values.postgresql.auth.username }}
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_HOST"
value: {{ template "mastodon.redis.host" . }}
- name: "REDIS_PORT"
value: {{ .Values.redis.port | default "6379" | quote }}
{{- if .Values.redis.sidekiq.enabled }}
{{- if .Values.redis.sidekiq.hostname }}
- name: SIDEKIQ_REDIS_HOST
value: {{ .Values.redis.sidekiq.hostname }}
{{- end }}
{{- if .Values.redis.sidekiq.port }}
- name: SIDEKIQ_REDIS_PORT
value: {{ .Values.redis.sidekiq.port | quote }}
{{- end }}
{{- end }}
{{- if .Values.redis.cache.enabled }}
{{- if .Values.redis.cache.hostname }}
- name: CACHE_REDIS_HOST
value: {{ .Values.redis.cache.hostname }}
{{- end }}
{{- if .Values.redis.cache.port }}
- name: CACHE_REDIS_PORT
value: {{ .Values.redis.cache.port | quote }}
{{- end }}
{{- end }}
- name: "REDIS_DRIVER"
value: "ruby"
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
{{- if and (.prepare) (not .Values.redis.enabled) (not .Values.redis.auth.existingSecret) (not .Values.redis.existingSecret) (.Values.redis.auth.password) }}
name: {{ template "mastodon.redis.secretName" . }}-pre-install
{{- else }}
name: {{ template "mastodon.redis.secretName" . }}
{{- end }}
key: redis-password
{{- if .preDeploy }}
- name: "SKIP_POST_DEPLOYMENT_MIGRATIONS"
value: "true"
{{- end }}
{{- end }}

84
mastodon/templates/_helpers.tpl
View File

@ -47,7 +47,9 @@ Common labels
helm.sh/chart: {{ include "mastodon.chart" . }}
{{ include "mastodon.selectorLabels" . }}
{{ include "mastodon.globalLabels" . }}
{{- if .Chart.AppVersion }}
{{- if .Values.image.tag }}
app.kubernetes.io/version: {{ regexReplaceAll "@(\\w+:\\w{0,7})\\w*" .Values.image.tag "@${1}" | quote }}
{{- else if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
@ -90,7 +92,7 @@ Create the name of the assets persistent volume to use
{{- if .Values.mastodon.persistence.assets.existingClaim }}
{{- printf "%s" (tpl .Values.mastodon.persistence.assets.existingClaim $) -}}
{{- else -}}
{{- printf "%s-assets" (include "common.names.fullname" .) -}}
{{- printf "%s-assets" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -101,7 +103,7 @@ Create the name of the system persistent volume to use
{{- if .Values.mastodon.persistence.system.existingClaim }}
{{- printf "%s" (tpl .Values.mastodon.persistence.system.existingClaim $) -}}
{{- else -}}
{{- printf "%s-system" (include "common.names.fullname" .) -}}
{{- printf "%s-system" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -121,6 +123,60 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Establish which values we will use for remote connections
*/}}
{{- define "mastodon.postgres.host" -}}
{{- if .Values.postgresql.enabled }}
{{- printf "%s" (include "mastodon.postgresql.fullname" .) -}}
{{- else }}
{{- printf "%s" (required "When the postgresql chart is disabled .Values.postgresql.postgresqlHostname is required" .Values.postgresql.postgresqlHostname) -}}
{{- end }}
{{- end }}
{{- define "mastodon.postgres.port" -}}
{{- if .Values.postgresql.enabled }}
{{- printf "%d" 5432 | int | quote -}}
{{- else }}
{{- printf "%d" | default 5432 .Values.postgresql.postgresqlPort | int | quote -}}
{{- end }}
{{- end }}
{{/*
Establish which values we will use for direct remote DB connections
*/}}
{{- define "mastodon.postgres.direct.host" -}}
{{- if .Values.postgresql.direct.hostname }}
{{- printf "%s" .Values.postgresql.direct.hostname -}}
{{- else }}
{{- printf "%s" (include "mastodon.postgres.host" .) -}}
{{- end }}
{{- end }}
{{- define "mastodon.postgres.direct.port" -}}
{{- if .Values.postgresql.direct.port }}
{{- printf "%d" (int .Values.postgresql.direct.port) | quote -}}
{{- else }}
{{- printf "%s" (include "mastodon.postgres.port" .) -}}
{{- end }}
{{- end }}
{{- define "mastodon.postgres.direct.database" -}}
{{- if .Values.postgresql.direct.database }}
{{- printf "%s" .Values.postgresql.direct.database -}}
{{- else }}
{{- printf "%s" .Values.postgresql.auth.database -}}
{{- end }}
{{- end }}
{{- define "mastodon.redis.host" -}}
{{- if .Values.redis.enabled }}
{{- printf "%s-%s" (include "mastodon.redis.fullname" .) "master" -}}
{{- else }}
{{- printf "%s" (required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname) -}}
{{- end }}
{{- end }}
{{/*
Get the mastodon secret.
*/}}
@ -133,7 +189,7 @@ Get the mastodon secret.
{{- end -}}
{{/*
Get the smtp secret.
Get the smtp secrets.
*/}}
{{- define "mastodon.smtp.secretName" -}}
{{- if .Values.mastodon.smtp.existingSecret }}
@ -143,6 +199,14 @@ Get the smtp secret.
{{- end -}}
{{- end -}}
{{- define "mastodon.smtp.bulk.secretName" -}}
{{- if .Values.mastodon.smtp.bulk.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.smtp.bulk.existingSecret $) -}}
{{- else -}}
{{- printf "%s-smtp-bulk" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the postgresql secret.
*/}}
@ -214,18 +278,6 @@ Return true if a mastodon secret object should be created
{{- end -}}
{{- end -}}
{{/*
Find highest number of needed database connections to set DB_POOL variable
*/}}
{{- define "mastodon.maxDbPool" -}}
{{/* Default MAX_THREADS for Puma is 5 */}}
{{- $poolSize := 5 }}
{{- range .Values.mastodon.sidekiq.workers }}
{{- $poolSize = max $poolSize .concurrency }}
{{- end }}
{{- $poolSize | quote }}
{{- end }}
{{/*
Full hostname for a custom Elasticsearch cluster
*/}}

65
mastodon/templates/_secrets.tpl Normal file
View File

@ -0,0 +1,65 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Spec template for mastodon secrets object.
*/}}
{{- define "mastodon.secrets.object" -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "mastodon.fullname" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "-4"
type: Opaque
data:
{{- if .Values.mastodon.s3.enabled }}
{{- if not .Values.mastodon.s3.existingSecret }}
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
{{- end }}
{{- end }}
{{- if not .Values.mastodon.secrets.existingSecret }}
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
{{- else }}
SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.otp_secret) }}
OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}"
{{- else }}
OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.vapid.private_key) }}
VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}"
{{- else }}
VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.vapid.public_key) }}
VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}"
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
{{- end }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}
password: "{{ .Values.postgresql.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}

61
mastodon/templates/configmap-env.yaml
View File

@ -5,21 +5,15 @@ metadata:
labels:
{{- include "mastodon.labels" . | nindent 4 }}
data:
{{- if .Values.postgresql.enabled }}
DB_HOST: {{ template "mastodon.postgresql.fullname" . }}
DB_PORT: "5432"
{{- else }}
DB_HOST: {{ .Values.postgresql.postgresqlHostname }}
DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
{{- end }}
DB_HOST: {{ template "mastodon.postgres.host" . }}
DB_PORT: {{ template "mastodon.postgres.port" . }}
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }}
{{- if .Values.postgresql.readReplica.hostname }}
REPLICA_DB_HOST: {{ .Values.postgresql.readReplica.hostname }}
{{- end }}
{{- if .Values.postgresql.readReplica.port }}
REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port }}
REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port | quote }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.database }}
REPLICA_DB_NAME: {{ .Values.postgresql.readReplica.auth.database }}
@ -31,7 +25,9 @@ data:
REPLICA_DB_PASS: {{ .Values.postgresql.readReplica.auth.password }}
{{- end }}
PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }}
{{- if .Values.mastodon.locale }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- end }}
{{- if .Values.elasticsearch.enabled }}
ES_ENABLED: "true"
ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
@ -66,11 +62,7 @@ data:
MALLOC_ARENA_MAX: "2"
NODE_ENV: "production"
RAILS_ENV: "production"
{{- if .Values.redis.enabled }}
REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master
{{- else }}
REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }}
{{- end }}
REDIS_HOST: {{ template "mastodon.redis.host" . }}
REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- if .Values.redis.sidekiq.enabled }}
{{- if .Values.redis.sidekiq.hostname }}
@ -137,10 +129,10 @@ data:
SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ . }}
SMTP_FROM_ADDRESS: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.return_path }}
SMTP_RETURN_PATH: {{ . }}
SMTP_RETURN_PATH: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
@ -149,7 +141,7 @@ data:
SMTP_PORT: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.reply_to }}
SMTP_REPLY_TO: {{ . }}
SMTP_REPLY_TO: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.server }}
SMTP_SERVER: {{ . }}
@ -157,10 +149,45 @@ data:
{{- with .Values.mastodon.smtp.tls }}
SMTP_TLS: {{ . | quote }}
{{- end }}
{{- if .Values.mastodon.smtp.bulk.enabled }}
{{- with .Values.mastodon.smtp.bulk.auth_method }}
BULK_SMTP_AUTH_METHOD: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.ca_file }}
BULK_SMTP_CA_FILE: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.domain }}
BULK_SMTP_DOMAIN: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.enable_starttls }}
BULK_SMTP_ENABLE_STARTTLS: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.enable_starttls_auto }}
BULK_SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.from_address }}
BULK_SMTP_FROM_ADDRESS: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.openssl_verify_mode }}
BULK_SMTP_OPENSSL_VERIFY_MODE: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.port }}
BULK_SMTP_PORT: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.server }}
BULK_SMTP_SERVER: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.tls }}
BULK_SMTP_TLS: {{ . | quote }}
{{- end }}
{{- end }}
STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
{{- with .Values.mastodon.streaming.base_url }}
STREAMING_API_BASE_URL: {{ . | quote }}
{{- end }}
{{- if .Values.mastodon.trusted_proxy_ip }}
TRUSTED_PROXY_IP: {{ .Values.mastodon.trusted_proxy_ip }}
{{ end }}
{{- if .Values.externalAuth.oidc.enabled }}
OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }}

4
mastodon/templates/cronjob-media-remove.yaml
View File

@ -107,4 +107,8 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- with coalesce .Values.mastodon.cron.removeMedia.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- end }}

77
mastodon/templates/deployment-sidekiq.yaml
View File

@ -7,19 +7,26 @@ metadata:
name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }}
labels:
{{- include "mastodon.labels" $context | nindent 4 }}
{{- with $context.Values.mastodon.sidekiq.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
annotations:
{{- with $context.Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $context.Values.mastodon.sidekiq.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if (has "scheduler" .queues) }}
{{- if (gt (int .replicas) 1) }}
{{ fail "The scheduler queue should never have more than 1 replicas" }}
{{- end }}
strategy:
type: Recreate
{{- end }}
{{- if $context.Values.mastodon.sidekiq.updateStrategy }}
strategy: {{- toYaml $context.Values.mastodon.sidekiq.updateStrategy | nindent 4 }}
{{- end }}
replicas: {{ .replicas }}
{{- if (ne (toString $context.Values.mastodon.revisionHistoryLimit) "<nil>") }}
@ -36,6 +43,9 @@ spec:
{{- with $context.Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $context.Values.mastodon.sidekiq.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
@ -43,6 +53,12 @@ spec:
{{- include "mastodon.globalLabels" $context | nindent 8 }}
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" $context | nindent 8 }}
{{- with $context.Values.mastodon.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $context.Values.mastodon.sidekiq.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
@ -159,6 +175,20 @@ spec:
name: {{ include "mastodon.smtp.secretName" $context }}
key: password
optional: true
{{- if $context.Values.mastodon.smtp.bulk.enabled }}
- name: "BULK_SMTP_LOGIN"
valueFrom:
secretKeyRef:
name: {{ include "mastodon.smtp.bulk.secretName" $context }}
key: login
optional: true
- name: "BULK_SMTP_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ include "mastodon.smtp.bulk.secretName" $context }}
key: password
optional: true
{{- end }}
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
@ -185,6 +215,33 @@ spec:
name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
key: password
{{- end }}
{{- if or $context.Values.mastodon.sidekiq.otel.enabled (and $context.Values.mastodon.otel.enabled (ne $context.Values.mastodon.sidekiq.otel.enabled false)) }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ coalesce $context.Values.mastodon.sidekiq.otel.endpointUri $context.Values.mastodon.otel.endpointUri }}
- name: OTEL_SERVICE_NAME_PREFIX
value: {{ coalesce $context.Values.mastodon.sidekiq.otel.namePrefix $context.Values.mastodon.otel.namePrefix }}
- name: OTEL_SERVICE_NAME_SEPARATOR
value: "{{ coalesce $context.Values.mastodon.sidekiq.otel.nameSeparator $context.Values.mastodon.otel.nameSeparator }}"
{{- end }}
{{- if $context.Values.mastodon.metrics.prometheus.enabled }}
- name: MASTODON_PROMETHEUS_EXPORTER_ENABLED
value: "true"
- name: MASTODON_PROMETHEUS_EXPORTER_LOCAL
value: "true"
- name: MASTODON_PROMETHEUS_EXPORTER_HOST
value: "0.0.0.0"
- name: MASTODON_PROMETHEUS_EXPORTER_PORT
value: "{{ $context.Values.mastodon.metrics.prometheus.port }}"
{{- if $context.Values.mastodon.metrics.prometheus.sidekiq.detailed }}
- name: MASTODON_PROMETHEUS_EXPORTER_SIDEKIQ_DETAILED_METRICS
value: "true"
{{- end }}
{{- end }}
{{- if $context.Values.mastodon.metrics.prometheus.enabled }}
ports:
- name: prometheus
containerPort: {{ $context.Values.mastodon.metrics.prometheus.port }}
{{- end }}
volumeMounts:
{{- if (not $context.Values.mastodon.s3.enabled) }}
- name: assets
@ -200,12 +257,24 @@ spec:
{{- with $context.Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if $context.Values.mastodon.sidekiq.readinessProbe.enabled }}
readinessProbe:
failureThreshold: {{ default 10 $context.Values.mastodon.sidekiq.readinessProbe.failureThreshold }}
exec:
command:
- cat
- {{ required "A valid sidekiq readiness path is required." $context.Values.mastodon.sidekiq.readinessProbe.path }}
initialDelaySeconds: {{ default 10 $context.Values.mastodon.sidekiq.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ default 2 $context.Values.mastodon.sidekiq.readinessProbe.periodSeconds }}
successThreshold: {{ default 1 $context.Values.mastodon.sidekiq.readinessProbe.successThreshold }}
timeoutSeconds: {{ default 1 $context.Values.mastodon.sidekiq.readinessProbe.timeoutSeconds }}
{{- end }}
resources:
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with $context.Values.nodeSelector }}
{{- with coalesce .nodeSelector $context.Values.mastodon.sidekiq.nodeSelector $context.Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- with $context.Values.tolerations }}
tolerations:

35
mastodon/templates/deployment-streaming.yaml
View File

@ -4,8 +4,14 @@ metadata:
name: {{ include "mastodon.fullname" . }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- with .Values.mastodon.streaming.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.streaming.deploymentAnnotations) }}
{{- with .Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.mastodon.streaming.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
@ -13,6 +19,9 @@ spec:
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
{{- if .Values.mastodon.streaming.updateStrategy }}
strategy: {{- toYaml .Values.mastodon.streaming.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -20,7 +29,10 @@ spec:
template:
metadata:
annotations:
{{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.streaming.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
@ -28,6 +40,12 @@ spec:
labels:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
{{- with .Values.mastodon.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.streaming.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: streaming
spec:
{{- with .Values.imagePullSecrets }}
@ -55,7 +73,7 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ coalesce .Values.mastodon.streaming.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}"
image: "{{ .Values.mastodon.streaming.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- node
@ -135,13 +153,20 @@ spec:
httpGet:
path: /api/v1/streaming/health
port: streaming
startupProbe:
httpGet:
path: /api/v1/streaming/health
port: streaming
initialDelaySeconds: 5
failureThreshold: 15
periodSeconds: 5
{{- with (default .Values.resources .Values.mastodon.streaming.resources) }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
{{- with coalesce .Values.mastodon.streaming.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }}
affinity:

70
mastodon/templates/deployment-web.yaml
View File

@ -4,8 +4,14 @@ metadata:
name: {{ include "mastodon.fullname" . }}-web
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- with .Values.mastodon.web.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.web.deploymentAnnotations) }}
{{- with .Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.mastodon.web.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
@ -13,6 +19,9 @@ spec:
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
{{- if .Values.mastodon.web.updateStrategy }}
strategy: {{- toYaml .Values.mastodon.web.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -21,7 +30,10 @@ spec:
template:
metadata:
annotations:
{{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.web.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
@ -30,6 +42,12 @@ spec:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" . | nindent 8 }}
{{- with .Values.mastodon.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.web.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
spec:
@ -173,6 +191,28 @@ spec:
name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }}
key: password
{{- end }}
{{- if or .Values.mastodon.web.otel.enabled (and .Values.mastodon.otel.enabled (ne .Values.mastodon.web.otel.enabled false)) }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ coalesce .Values.mastodon.web.otel.endpointUri .Values.mastodon.otel.endpointUri }}
- name: OTEL_SERVICE_NAME_PREFIX
value: {{ coalesce .Values.mastodon.web.otel.namePrefix .Values.mastodon.otel.namePrefix }}
- name: OTEL_SERVICE_NAME_SEPARATOR
value: "{{ coalesce .Values.mastodon.web.otel.nameSeparator .Values.mastodon.otel.nameSeparator }}"
{{- end }}
{{- if .Values.mastodon.metrics.prometheus.enabled }}
- name: MASTODON_PROMETHEUS_EXPORTER_ENABLED
value: "true"
- name: PROMETHEUS_EXPORTER_HOST
value: "127.0.0.1"
- name: PROMETHEUS_EXPORTER_PORT
value: "{{ .Values.mastodon.metrics.prometheus.port }}"
{{- if .Values.mastodon.metrics.prometheus.web.detailed }}
- name: MASTODON_PROMETHEUS_EXPORTER_WEB_DETAILED_METRICS
value: "true"
{{- end }}
{{- end }}
- name: TEST_ENV_VALUE
value: {{ .Values.mastodon.metrics.statsd.address }}
volumeMounts:
{{- if (not .Values.mastodon.s3.enabled) }}
- name: assets
@ -203,16 +243,38 @@ spec:
httpGet:
path: /health
port: http
initialDelaySeconds: 15
failureThreshold: 30
periodSeconds: 5
{{- with (default .Values.resources .Values.mastodon.web.resources) }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.mastodon.metrics.prometheus.enabled }}
- name: prometheus-exporter
image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}"
command:
- ./bin/prometheus_exporter
args:
- "--bind"
- "0.0.0.0"
- "--port"
- "{{ .Values.mastodon.metrics.prometheus.port }}"
resources:
requests:
cpu: "0.1"
memory: "180M"
limits:
cpu: "0.5"
memory: "250M"
ports:
- name: prometheus
containerPort: {{ .Values.mastodon.metrics.prometheus.port }}
{{- end }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with .Values.nodeSelector }}
{{- with coalesce .Values.mastodon.web.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
affinity:

97
mastodon/templates/job-assets-copy.yaml Normal file
View File

@ -0,0 +1,97 @@
{{- if .Values.mastodon.hooks.s3Upload.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-assets-upload
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-1"
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-assets-upload
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
restartPolicy: Never
initContainers:
- name: extract-assets
image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: Always
command:
- cp
args:
- -rv
- public
- /assets
volumeMounts:
- mountPath: /assets
name: assets
containers:
- name: upload-assets
image: rclone/rclone:1
imagePullPolicy: Always
env:
- name: RCLONE_S3_NO_CHECK_BUCKET
value: "true"
- name: RCLONE_S3_ACL
value: {{ required "Please specify a canned ACL for S3 asset uploads" .Values.mastodon.hooks.s3Upload.acl }}
- name: RCLONE_CONFIG_REMOTE_TYPE
value: s3
- name: RCLONE_CONFIG_REMOTE_PROVIDER
value: AWS
- name: RCLONE_CONFIG_REMOTE_ENDPOINT
value: {{ required "Please specify an endpoint for S3 asset uploads" .Values.mastodon.hooks.s3Upload.endpoint }}
- name: RCLONE_CONFIG_REMOTE_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ required "Please specify a secret with S3 credentials for S3 asset uploads" .Values.mastodon.hooks.s3Upload.secretRef.name }}
key: {{ .Values.mastodon.hooks.s3Upload.secretRef.keys.accesKeyId }}
- name: RCLONE_CONFIG_REMOTE_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ required "Please specify a secret with S3 credentials for S3 asset uploads" .Values.mastodon.hooks.s3Upload.secretRef.name }}
key: {{ .Values.mastodon.hooks.s3Upload.secretRef.keys.secretAccessKey }}
{{- with .Values.mastodon.hooks.s3Upload.rclone.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
command:
- rclone
args:
- copy
- /assets/public
- "remote:{{ required "Please specify a bucket for S3 asset uploads" .Values.mastodon.hooks.s3Upload.bucket }}"
- --fast-list
- --transfers=32
- --include
- "{assets,packs}/**"
- --progress
- -vv
volumeMounts:
- mountPath: /assets
name: assets
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 500Mi
volumes:
- name: assets
emptyDir: {}
{{- with coalesce .Values.mastodon.hooks.s3Upload.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- end -}}

100
mastodon/templates/job-chewy-upgrade.yaml
View File

@ -1,100 +0,0 @@
{{- if .Values.elasticsearch.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-chewy-upgrade
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-1"
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-chewy-upgrade
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-chewy-setup
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
- exec
- rake
- chewy:upgrade
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end }}

4
mastodon/templates/job-create-admin.yaml
View File

@ -95,4 +95,8 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- with coalesce .Values.mastodon.createAdmin.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}

98
mastodon/templates/job-db-migrate.yaml
View File

@ -1,93 +1,7 @@
{{- if .Values.mastodon.hooks.dbMigrate.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-db-migrate
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-2"
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-db-migrate
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- if .Values.mastodon.hooks.dbMigrate.enabled }}
{{- include "mastodon.dbMigrateJob" (merge (dict "preDeploy" false ) .) }}
{{- with coalesce .Values.mastodon.hooks.dbMigrate.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- . | toYaml | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-db-migrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
- exec
- rake
- db:migrate
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}
{{- end }}

7
mastodon/templates/job-db-pre-migrate.yaml Normal file
View File

@ -0,0 +1,7 @@
{{- if .Values.mastodon.hooks.dbMigrate.enabled }}
{{- include "mastodon.dbMigrateJob" (merge (dict "preDeploy" true ) .) }}
{{- with coalesce .Values.mastodon.hooks.dbMigrate.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}

7
mastodon/templates/job-db-prepare.yaml Normal file
View File

@ -0,0 +1,7 @@
{{- if and .Values.mastodon.hooks.dbPrepare.enabled (not .Values.postgresql.enabled) }}
{{- include "mastodon.dbMigrateJob" (merge (dict "prepare" true ) .) }}
{{- with coalesce .Values.mastodon.hooks.dbPrepare.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}

80
mastodon/templates/job-assets-precompile.yaml → mastodon/templates/job-deploy-search.yaml
View File

@ -1,18 +1,19 @@
{{- if .Values.mastodon.hooks.assetsPrecompile.enabled -}}
{{- if and .Values.mastodon.hooks.deploySearch.enabled .Values.elasticsearch.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-assets-precompile
name: {{ include "mastodon.fullname" . }}-deploy-search
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-2"
spec:
suspend: false
template:
metadata:
name: {{ include "mastodon.fullname" . }}-assets-precompile
name: {{ include "mastodon.fullname" . }}-deploy-search
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
@ -22,40 +23,63 @@ spec:
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.assets" . }}
claimName: {{ template "mastodon.fullname" . }}-assets
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.system" . }}
claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-assets-precompile
- name: {{ include "mastodon.fullname" . }}-deploy-search
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.mastodon.hooks.deploySearch }}
{{- with .resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
command:
- bash
- -c
- |
bundle exec rake assets:precompile && yarn cache clean
- bin/tootctl
- search
- deploy
{{- with .concurrency }}
- '--concurrency'
- {{ . | quote }}
{{- end }}
{{- if .resetChewy }}
- '--reset-chewy'
{{- end }}
{{- with .batchSize }}
- '--batch-size'
- {{ . | quote }}
{{- end }}
{{- with .only }}
{{- if not (has . (list "instances" "accounts" "tags" "statuses" "public_statuses")) -}}
{{ fail "mastodon.hooks.deploySearch.only: Value must be one of the following words: instances, accounts, tags, statuses, public_statuses"}}
{{- end }}
- '--only'
- {{ . | quote }}
{{- end }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
name: {{ template "mastodon.secretName" $ }}
env:
- name: "DB_PASS"
valueFrom:
@ -67,20 +91,6 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
@ -90,4 +100,4 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}
{{- end }}

22
mastodon/templates/job-set-admin-password.yaml
View File

@ -37,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-set-admin-password
@ -70,6 +70,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
@ -79,4 +93,8 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- with coalesce .Values.mastodon.createAdmin.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}

3
mastodon/templates/secret-prepare.yml Normal file
View File

@ -0,0 +1,3 @@
{{- if and (include "mastodon.createSecret" .) (not .Values.postgresql.enabled) -}}
{{- include "mastodon.secrets.object" (merge (dict "prepare" true ) .) }}
{{- end }}

19
mastodon/templates/secret-redis-preinstall.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if not .Values.redis.enabled }}
{{- if and (not .Values.redis.auth.existingSecret) (not .Values.redis.existingSecret) }}
{{- if .Values.redis.auth.password }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "mastodon.redis.secretName" . }}-pre-install
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-install
helm.sh/hook-weight: "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
type: Opaque
data:
redis-password: "{{ .Values.redis.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}

6
mastodon/templates/secret-redis.yaml
View File

@ -1,4 +1,4 @@
{{- if not .Values.redis.enabled }}
{{- if .Values.redis.enabled }}
{{- if and (not .Values.redis.auth.existingSecret) (not .Values.redis.existingSecret) }}
{{- if .Values.redis.auth.password }}
apiVersion: v1
@ -7,6 +7,10 @@ metadata:
name: {{ include "mastodon.redis.secretName" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-install
helm.sh/hook-weight: "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
type: Opaque
data:
redis-password: "{{ .Values.redis.auth.password | b64enc }}"

16
mastodon/templates/secret-smtp-bulk.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if and .Values.mastodon.smtp.bulk.enabled (not .Values.mastodon.smtp.bulk.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-smtp-bulk" (include "mastodon.fullname" .) }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
{{- with .Values.mastodon.smtp.bulk.login }}
login: {{ . | b64enc }}
{{- end }}
{{- with .Values.mastodon.smtp.bulk.password }}
password: {{ . | b64enc }}
{{- end }}
{{- end }}

57
mastodon/templates/secrets.yaml
View File

@ -1,58 +1,3 @@
{{- if (include "mastodon.createSecret" .) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "mastodon.fullname" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.mastodon.s3.enabled }}
{{- if not .Values.mastodon.s3.existingSecret }}
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
{{- end }}
{{- end }}
{{- if not .Values.mastodon.secrets.existingSecret }}
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
{{- else }}
SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.otp_secret) }}
OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}"
{{- else }}
OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.vapid.private_key) }}
VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}"
{{- else }}
VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.vapid.public_key) }}
VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}"
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
{{- end }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}
password: "{{ .Values.postgresql.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- include "mastodon.secrets.object" . }}
{{- end }}

1
mastodon/templates/service-streaming.yaml
View File

@ -11,6 +11,7 @@ spec:
targetPort: streaming
protocol: TCP
name: streaming
ipFamilyPolicy: PreferDualStack
selector:
{{- include "mastodon.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: streaming

1
mastodon/templates/service-web.yaml
View File

@ -11,6 +11,7 @@ spec:
targetPort: http
protocol: TCP
name: http
ipFamilyPolicy: PreferDualStack
selector:
{{- include "mastodon.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: web

330
mastodon/values.yaml
View File

@ -6,13 +6,15 @@ image:
# built from the most recent commit
#
# tag: latest
tag: "v4.2.22"
tag: ""
# use `Always` when using `latest` tag
pullPolicy: IfNotPresent
mastodon:
# Labels added to every Mastodon-related object
labels: {}
# Labes added to every deployed mastodon pod
podLabels: {}
# -- create an initial administrator user; the password is autogenerated and will
# have to be reset
@ -25,13 +27,81 @@ mastodon:
password: not_gargron
# @ignored
email: not@example.com
# Node(s) on which we will deploy this job
nodeSelector: {}
hooks:
# Whether to perform DB schema creation on `helm install`.
# Please note that this does not work when using the included database
# (postgresql.enabled=true).
# NOTE: When using certain GitOps solutions such as Argo CD, this should be
# disabled, as these apps do not necessarily differentiate between `pre-install`
# and `pre-upgrade`.
dbPrepare:
enabled: true
# Node(s) on which we will deploy this job
nodeSelector: {}
# Whether to perform DB migrations on `helm upgrade`.
dbMigrate:
enabled: true
assetsPrecompile:
enabled: true
# Node(s) on which we will deploy this job
nodeSelector: {}
# WARNING: deploySearch is potentially a very expensive job!
# Only enable this once at a time, when you deploy elasticsearch or when
# the upgrade notes for a new mastodon version request rebuilding search.
# Recommended use is via `-f mastodon.hooks.deploySearch.enabled=true`
# to ensure the job is only dispatched for a single upgrade when required.
# This job may take days to run on very large instances. Even small
# instances may take long enough to trigger helm's completion timeout, so
# DO NOT PANIC if helm complains; simply verify the job is still running.
#
# Builds or rebuilds the elasticsearch indices via `tootctl deploy search`
# with timing hooks to ensure the job runs immediately after install/upgrade
# and will be restarted if another, corrective upgrade is triggered.
# Please check the tootctl documentation and upgrade notes to pick values.
#
# NOTE: The resource stanza set below is intentionally very conservative.
# Consider assigning a liberal chunk of your cluster's typical headroom.
deploySearch:
enabled: false
resetChewy: true
# one index name. Possible values: instances, accounts, tags, statuses, public_statuses
only: ""
concurrency: 5
resources: # this accepts any keys in a full container resources stanza.
requests:
cpu: 250m
memory: 256Mi
limits:
cpu: 500m
# Upload website assets to S3 before deploying using rclone.
# Whenever there is an update to Mastodon, sometimes there are assets files
# that are renamed. As the pods are getting redeployed, and old/new pods are
# present simultaneously, there is a chance that old asset files are
# requested from pods that don't have them anymore, or new asset files are
# requested from old pods. Uploading asset files to S3 in this manner solves
# this potential conflict.
# Note that you will need to CDN/proxy to send all requests to /assets and
# /packs to this bucket.
s3Upload:
enabled: false
endpoint:
bucket:
acl: public-read
secretRef:
name:
keys:
accesKeyId: acces-key-id
secretAccessKey: secret-access-key
rclone:
# Any additional environment variables to pass to rclone.
env: {}
# Node(s) on which we will deploy this job
nodeSelector: {}
# Custom labels to add to kubernetes resources
#labels:
cron:
# -- run `tootctl media remove` every week
removeMedia:
@ -39,8 +109,15 @@ mastodon:
enabled: true
# @ignored
schedule: "0 0 * * 0"
# Node(s) on which we will deploy this job
nodeSelector: {}
# Sets the default locale for this server.
# NOTICE: This will force this locale on every user who is not logged in, and
# the instance will no longer do any local detection for clients.
# -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
locale: en
locale:
local_domain: mastodon.local
# -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
@ -49,6 +126,9 @@ mastodon:
# -- If you have multiple domains pointed at your Mastodon server, this setting will allow Mastodon to recognize
# itself when users are addressed using those other domains.
alternate_domains: []
# -- Comma-separated list of public IP addresses of trusted reverse proxy servers reaching Mastodon web and streaming servers
# Specifying overrides default list. More info: https://docs.joinmastodon.org/admin/config/#trusted_proxy_ip
# trusted_proxy_ip:
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
@ -140,6 +220,39 @@ mastodon:
resources: {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity: {}
# Node(s) on which we will deploy sidekiq in general
# Any worker-specific configuration will override this setting.
nodeSelector: {}
# -- Annotations to apply to the deployment object(s) for sidekiq.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object(s) for sidekiq.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the sidekiq pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the sidekiq pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods.
# Recreate will help reduce the number of retried jobs when updating when
# the code introduces a new job as the pods are all replaced immediately.
# RollingUpdate can help with larger clusters if job retries aren't an
# issue, as it will reduce strain by replacing pods more slowly. It is
# strongly recommended to enable the readinessProbe when using RollingUpdate.
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
updateStrategy:
type: Recreate
# Readiness probe configuration
# NOTE: Readiness probe will only work on versions of Mastodon built after 2024-07-10.
readinessProbe:
enabled: false
path: /opt/mastodon/tmp/sidekiq_process_has_started_and_will_begin_processing_jobs
initialDelaySeconds: 10
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
# -- Topology spread constraints for Sidekiq Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# limits:
@ -148,6 +261,14 @@ mastodon:
# requests:
# cpu: 250m
# memory: 512Mi
# Open Telemetry configuration for sidekiq pods. Overrides global settings.
otel:
enabled:
exporterUri:
namePrefix:
nameSeparator:
workers:
- name: all-queues
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
@ -158,8 +279,11 @@ mastodon:
resources: {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity: {}
# -- Node(s) on which we will deploy this sidekiq worker
nodeSelector: {}
# -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues:
@ -169,6 +293,7 @@ mastodon:
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
- fasp
image:
repository:
tag:
@ -213,10 +338,35 @@ mastodon:
# -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and
# password must be located in keys named `login` and `password` respectively.
existingSecret:
# Configuration for bulk/broadcast messages.
# Some transactional email providers require customers to use a separate set
# of SMTP credentials to send emails that are not transactional in nature.
# For more information, refer to the docs:
# https://docs.joinmastodon.org/admin/config/#optional-bulk-email-settings
bulk:
enabled: false
auth_method: plain
ca_file: /etc/ssl/certs/ca-certificates.crt
domain:
enable_starttls: "auto"
from_address: notifications@example.com
openssl_verify_mode: peer
port: 587
server: smtp.mailgun.org
tls:
login:
password:
# -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and
# password must be located in keys named `login` and `password` respectively.
existingSecret:
streaming:
image:
repository:
tag:
# streaming image split in Mastodon v4.3.0
repository: ghcr.io/mastodon/mastodon-streaming
# other options: `latest` for the latest release or `edge` for most recent commit
tag: ""
port: 4000
# -- this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to
@ -229,6 +379,27 @@ mastodon:
replicas: 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity: {}
# -- Node(s) on which we will deploy the streaming pods
nodeSelector: {}
# -- Annotations to apply to the deployment object for streaming.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object for streaming.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the streaming pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the streaming pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 10%
maxUnavailable: 25%
# -- Topology spread constraints for Streaming Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
@ -268,6 +439,27 @@ mastodon:
replicas: 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity: {}
# -- Node(s) on which we will deploy the web pods
nodeSelector: {}
# -- Annotations to apply to the deployment object for web.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object for web.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the web pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the web pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 10%
maxUnavailable: 25%
# -- Topology spread constraints for Web Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
@ -287,8 +479,10 @@ mastodon:
enable: false
# minAvailable: 1
# maxUnavailable: 1
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
minThreads: "5"
maxThreads: "5"
workers: "2"
@ -303,6 +497,13 @@ mastodon:
name:
key:
# Open Telemetry configuration for web pods. Overrides global settings.
otel:
enabled:
exporterUri:
namePrefix:
nameSeparator:
# HTTP cache buster configuration.
# See the documentation for more information about this feature:
# https://docs.joinmastodon.org/admin/config/#http-cache-buster
@ -316,6 +517,8 @@ mastodon:
existingSecret:
metrics:
# NOTE: This feature was dropped in v4.3.0, and will not work for any versions beyond this.
statsd:
# -- Enable statsd publishing via STATSD_ADDR environment variable
address: ""
@ -325,6 +528,32 @@ mastodon:
enabled: false
port: 9102
# Settings for Prometheus metrics.
# For more information, see:
# https://docs.joinmastodon.org/admin/config/#prometheus
prometheus:
enabled: false
# Port for the exporter to listen on
port: 9394
# Prometheus for web pods
web:
# Collect per-controller/action metrics for every request
detailed: false
# Prometheus for sidekiq pods
sidekiq:
# Collect per-job metrics for every job
detailed: false
# Open Telemetry configuration for all deployments. Component-specific
# configuration will override these values.
otel:
enabled: false
exporterUri:
namePrefix: mastodon
nameSeparator: "-"
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements: true
@ -380,7 +609,13 @@ ingress:
hosts:
- streaming.mastodon.local
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
# Configuration for Elasticsearch.
# When enabled, the bitnami helm chart is used for Elasticsearch deployment, and
# all values here correspond to their values file. Please see the bitnami chart
# documentation:
# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
#
# Please note that we recommend using your own deployment for better management.
elasticsearch:
# Elasticsearch is powering full-text search. It is optional.
@ -406,13 +641,43 @@ elasticsearch:
# Name of an existing secret with a password key
# existingSecret:
# -- Node(s) on which we will deploy the various elasticsearch pods
master:
nodeSelector: {}
data:
nodeSelector: {}
coordinating:
nodeSelector: {}
ingest:
nodeSelector: {}
metrics:
nodeSelector: {}
# Configuration for PostgreSQL.
# When enabled, the bitnami helm chart is used for PostgreSQL deployment, and
# all values here correspond to their values file. Please see the bitnami chart
# documentation:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
#
# Please note that we recommend using your own deployment for better management.
postgresql:
# -- disable if you want to use an existing db; in which case the values below
# must match those of that external postgres instance
# must match those of that external postgres instance.
# Please note that certain features do not work when enabling the included
# database, namely automatic schema creation when the app is first installed.
enabled: true
# postgresqlHostname: preexisting-postgresql
# postgresqlPort: 5432
# If using a connection pooler such as pgbouncer, please specify a hostname/IP
# that serves as a "direct" connection to the database, rather than going
# through the connection pooler. This is required for migrations to work
# properly.
direct:
hostname:
port:
database:
auth:
database: mastodon_production
username: mastodon
@ -442,7 +707,22 @@ postgresql:
password:
existingSecret:
# -- Node(s) on which we will deploy the various database pods
primary:
nodeSelector: {}
readReplicas:
nodeSelector: {}
backup:
cronjob:
nodeSelector: {}
# Configuration for Redis.
# When enabled, the bitnami helm chart used for Redis deployment, and all values
# here correspond to their values file. Please see the bitnami chart
# documentation:
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
#
# Please note that we recommend using your own deployment for better management.
redis:
# disable if you want to use an existing redis instance; in which case the
# values below must match those of that external redis instance
@ -488,6 +768,12 @@ redis:
# with a key of redis-password set to the password you want
existingSecret: ""
# -- Node(s) on which we will deploy the various redis pods
master:
nodeSelector: {}
replica:
nodeSelector: {}
# @ignored
service:
type: ClusterIP
@ -614,23 +900,23 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
# Custom annotations to apply to all created deployment objects. These can be
# used to help mastodon interact with other services in the cluster.
# Custom annotations to apply to all created mastodon deployment objects. These
# can be used to help mastodon interact with other services in the cluster.
deploymentAnnotations: {}
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods.
# set with podAnnotations will be added to all mastodon deployment-managed pods.
podAnnotations: {}
# If set to true, an annotation with the current chart release number will be added to all mastodon pods. This will
# cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes.
revisionPodAnnotation: true
# The annotations set with jobAnnotations will be added to all job pods.
# The annotations set with jobAnnotations will be added to all mastodon job pods
jobAnnotations: {}
# -- Default resources for all Deployments and jobs unless overwritten
# -- Default resources for all mastodon Deployments and jobs unless overwritten
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
@ -644,26 +930,28 @@ resources:
# cpu: 100m
# memory: 128Mi
# @ignored
nodeSelector: {}
# @ignored
tolerations: []
# -- Affinity for all pods unless overwritten
# -- Affinity for all mastodon pods unless overwritten
affinity: {}
# -- Timezone for all pods unless overwritten
# Node(s) on which we will deploy all resources.
# Any node selectors specified for individual resources will override this
# setting.
nodeSelector: {}
# -- Timezone for all mastodon pods unless overwritten
timezone: UTC
# -- Topology Spread Constraints for all pods unless overwritten
# -- Topology Spread Constraints for all mastodon pods unless overwritten
# Please note that you need to use `matchLabelKeys` (Kubernetes 1.25+) if you
# want to spread each deployment independently, or override topologySpreadConstraints
# for each deployment
topologySpreadConstraints: {}
# Default volume mounts for all pods
# Default volume mounts for all mastodon pods
volumeMounts: []
# Default volumes for all pods
# Default volumes for all mastodon pods
volumes: []