Compare commits

..

3 Commits

40 changed files with 1473 additions and 259 deletions

View File

@ -0,0 +1,131 @@
# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
#
name: Test chart
on:
pull_request:
paths-ignore:
- "README.md"
push:
branches-ignore:
- "dependabot/**"
workflow_dispatch:
permissions:
contents: read
jobs:
lint-templates:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies (yamllint)
run: pip install yamllint
- run: helm dependency update
- name: helm lint
run: |
helm lint . \
--values dev-values.yaml
- name: helm template
run: |
helm template . \
--values dev-values.yaml \
--output-dir rendered-templates
- name: yamllint (only on templates we manage)
run: |
rm -rf rendered-templates/mastodon/charts
yamllint rendered-templates \
--config-data "{rules: {indentation: {spaces: 2}, line-length: disable}}"
# This job helps us validate that rendered templates are valid k8s resources
# against a k8s api-server, via "helm template --validate", but also that a
# basic configuration can be used to successfully startup mastodon.
#
test-install:
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
include:
# k3s-channel reference: https://update.k3s.io/v1-release/channels
- k3s-channel: latest
- k3s-channel: stable
# This represents the oldest configuration we test against.
#
# The k8s version chosen is based on the oldest still supported k8s
# version among two managed k8s services, GKE, EKS.
# - GKE: https://endoflife.date/google-kubernetes-engine
# - EKS: https://endoflife.date/amazon-eks
#
# The helm client's version can influence what helper functions is
# available for use in the templates, currently we need v3.6.0 or
# higher.
#
- k3s-channel: v1.21
helm-version: v3.8.0
env:
HELM_EXPERIMENTAL_OCI: "1"
steps:
- uses: actions/checkout@v3
# This action starts a k8s cluster with NetworkPolicy enforcement and
# installs both kubectl and helm.
#
# ref: https://github.com/jupyterhub/action-k3s-helm#readme
#
- uses: jupyterhub/action-k3s-helm@v3
with:
k3s-channel: ${{ matrix.k3s-channel }}
helm-version: ${{ matrix.helm-version }}
metrics-enabled: false
traefik-enabled: false
docker-enabled: false
- run: helm dependency update
# Validate rendered helm templates against the k8s api-server
- name: helm template --validate
run: |
helm template --validate mastodon . \
--values dev-values.yaml
- name: helm install
run: |
helm install mastodon . \
--values dev-values.yaml \
--timeout 10m
# This actions provides a report about the state of the k8s cluster,
# providing logs etc on anything that has failed and workloads marked as
# important.
#
# ref: https://github.com/jupyterhub/action-k8s-namespace-report#readme
#
- name: Kubernetes namespace report
uses: jupyterhub/action-k8s-namespace-report@v1
if: always()
with:
important-workloads: >-
deploy/mastodon-sidekiq
deploy/mastodon-streaming
deploy/mastodon-web
job/mastodon-assets-precompile
job/mastodon-chewy-upgrade
job/mastodon-create-admin
job/mastodon-db-migrate

108
mastodon/CHANGELOG.md Normal file
View File

@ -0,0 +1,108 @@
# 5.1.0
- Added values for Active Record Encryption in Redis:
```yaml
mastodon:
secrets:
activeRecordEncryption:
primaryKey:
deterministicKey:
keyDerivationSalt:
```
- Small bugfix related to automatic secret generation
# [5.0.0](https://github.com/mastodon/chart/commit/63a052b6a5c19dabd172c15c1fd74298dcc544b2)
- Updated major versions of chart dependencies (postgres, redis, elasticsearch)
# [4.0.0](https://github.com/mastodon/chart/compare/920cf37..ae892d5)
- adds support for multiple Sidekiq deployments to be configured to manage
different sets of queues.
- smtp: replaces `enable_starttls_auto` boolean with `enable_starttls` setting
that defaults to `auto`.
- adds support for statsd publishing:
```
mastodon:
metrics:
statsd:
address:
```
- allows disabling the included redis deployment in order to use an existing external redis server:
```
redis:
enabled: false
```
- adds support for [authorized
fetch](https://docs.joinmastodon.org/admin/config/#authorized_fetch):
```
mastodon:
authorizedFetch: true
```
- removed the `HorizontalPodAutoscaler` and the global autoscaling configuration.
A number of other configuration options have been added, see [values.yaml](./values.yaml).
# 3.0.0
skipped
# 2.1.0
## ingressClassName and tls-acme changes
The annotations previously defaulting to nginx have been removed and support
for ingressClassName has been added.
```yaml
ingress:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
```
To restore the old functionality simply add the above snippet to your `values.yaml`,
but the recommendation is to replace these with `ingress.ingressClassName` and use
cert-manager's issuer/cluster-issuer instead of tls-acme.
If you're uncertain about your current setup leave `ingressClassName` empty and add
`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`.
# 2.0.0
## Fixed labels
Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error:
```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"```
If you want an easy upgrade and you're comfortable with some downtime then
simply delete the -sidekiq, -web, and -streaming Deployments manually.
If you require a no-downtime upgrade then:
1. run `helm template` instead of `helm upgrade`
2. Copy the new -web and -streaming services into `services.yml`
3. Copy the new -web and -streaming deployments into `deployments.yml`
4. Append -temp to the name of each deployment in `deployments.yml`
5. `kubectl apply -f deployments.yml` then wait until all pods are ready
6. `kubectl apply -f services.yml`
7. Delete the old -sidekiq, -web, and -streaming deployments manually
8. `helm upgrade` like normal
9. `kubectl delete -f deployments.yml` to clear out the temporary deployments
## PostgreSQL passwords
If you've previously installed the chart and you're having problems with
postgres not accepting your password then make sure to set `username` to
`postgres` and `password` and `postgresPassword` to the same passwords.
```yaml
postgresql:
auth:
username: postgres
password: <same password>
postgresPassword: <same password>
```
And make sure to set `password` to the same value as `postgres-password`
in your `mastodon-postgresql` secret:
```kubectl edit secret mastodon-postgresql```

12
mastodon/Chart.lock Normal file
View File

@ -0,0 +1,12 @@
dependencies:
- name: elasticsearch
repository: oci://registry-1.docker.io/bitnamicharts
version: 19.19.2
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.2.3
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.16.1
digest: sha256:684daaf2067d96e2aa6d93e9d29b7b13fc586f6ae929342e5e9c7c169b1c0748
generated: "2024-02-23T15:14:47.536480528-08:00"

View File

@ -12,26 +12,26 @@ description: Mastodon is a free, open-source social network server based on Acti
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# This is the chart version. This version number should be incremented each time
# you make changes to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 4.0.1
version: 5.1.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 4.1.4
appVersion: v4.2.9
dependencies:
- name: elasticsearch
version: 19.6.0
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 19.19.2
repository: oci://registry-1.docker.io/bitnamicharts
condition: elasticsearch.enabled
- name: postgresql
version: 12.2.7
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 14.2.3
repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled
- name: redis
version: 17.9.3
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 18.16.1
repository: oci://registry-1.docker.io/bitnamicharts
condition: redis.enabled

View File

@ -4,10 +4,18 @@ This is a [Helm](https://helm.sh/) chart for installing Mastodon into a
Kubernetes cluster. The basic usage is:
1. edit `values.yaml` or create a separate yaml file for custom values
1. `helm dep update`
1. `helm dep install`
1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml`
This chart is tested with k8s 1.21+ and helm 3.6.0+.
This chart is tested with k8s 1.21+ and helm 3.8.0+.
# NOTICE: Future Deprecation
We have plans in the very near future to deprecate this chart in favor of a [new git repo](https://github.com/mastodon/helm-charts), which has proper helm repository support (e.g. `helm repo add`), and will contain multiple charts, both for mastodon and for supplementary components that we make use of.
We still encourage suggestions and PRs to help make this chart better, and this repository will remain available after the new charts are ready to give users time to migrate. However, we will not be approving large PRs, or PRs that change fundamental chart functions, as those changes should be directed to the new charts.
Please see the pinned [GitHub issue](https://github.com/mastodon/chart/issues/129) for more info & discussion.
# Configuration
@ -64,57 +72,3 @@ Sidekiq deployments, its possible they will occur in the wrong order. After
upgrading Mastodon versions, it may sometimes be necessary to manually delete
the Rails and Sidekiq pods so that they are recreated against the latest
migration.
# Upgrades in 2.1.0
## ingressClassName and tls-acme changes
The annotations previously defaulting to nginx have been removed and support
for ingressClassName has been added.
```yaml
ingress:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
```
To restore the old functionality simply add the above snippet to your `values.yaml`,
but the recommendation is to replace these with `ingress.ingressClassName` and use
cert-manager's issuer/cluster-issuer instead of tls-acme.
If you're uncertain about your current setup leave `ingressClassName` empty and add
`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`.
# Upgrades in 2.0.0
## Fixed labels
Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error:
```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"```
If you want an easy upgrade and you're comfortable with some downtime then
simply delete the -sidekiq, -web, and -streaming Deployments manually.
If you require a no-downtime upgrade then:
1. run `helm template` instead of `helm upgrade`
2. Copy the new -web and -streaming services into `services.yml`
3. Copy the new -web and -streaming deployments into `deployments.yml`
4. Append -temp to the name of each deployment in `deployments.yml`
5. `kubectl apply -f deployments.yml` then wait until all pods are ready
6. `kubectl apply -f services.yml`
7. Delete the old -sidekiq, -web, and -streaming deployments manually
8. `helm upgrade` like normal
9. `kubectl delete -f deployments.yml` to clear out the temporary deployments
## PostgreSQL passwords
If you've previously installed the chart and you're having problems with
postgres not accepting your password then make sure to set `username` to
`postgres` and `password` and `postgresPassword` to the same passwords.
```yaml
postgresql:
auth:
username: postgres
password: <same password>
postgresPassword: <same password>
```
And make sure to set `password` to the same value as `postgres-password`
in your `mastodon-postgresql` secret:
```kubectl edit secret mastodon-postgresql```

View File

@ -7,6 +7,11 @@ mastodon:
vapid:
private_key: dummy-vapid-private_key
public_key: dummy-vapid-public_key
activeRecordEncryption:
primaryKey: dummy-are-primary_key
deterministicKey: dummy-are-deterministic_key
keyDerivationSalt: dummy-are-key_derivation_salt
# ref: https://github.com/bitnami/charts/tree/main/bitnami/redis#parameters
redis:
@ -23,3 +28,6 @@ elasticsearch:
replicaCount: 1
ingest:
replicaCount: 1
# -- Timezone for all pods unless overwritten
timezone: UTC

View File

@ -31,12 +31,22 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Labels added on every Mastodon resource
*/}}
{{- define "mastodon.globalLabels" -}}
{{- range $k, $v := .Values.mastodon.labels }}
{{ $k }}: {{ quote $v }}
{{- end -}}
{{- end }}
{{/*
Common labels
*/}}
{{- define "mastodon.labels" -}}
helm.sh/chart: {{ include "mastodon.chart" . }}
{{ include "mastodon.selectorLabels" . }}
{{ include "mastodon.globalLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -73,6 +83,28 @@ Create the name of the service account to use
{{- end }}
{{- end }}
{{/*
Create the name of the assets persistent volume to use
*/}}
{{- define "mastodon.pvc.assets" -}}
{{- if .Values.mastodon.persistence.assets.existingClaim }}
{{- printf "%s" (tpl .Values.mastodon.persistence.assets.existingClaim $) -}}
{{- else -}}
{{- printf "%s-assets" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the system persistent volume to use
*/}}
{{- define "mastodon.pvc.system" -}}
{{- if .Values.mastodon.persistence.system.existingClaim }}
{{- printf "%s" (tpl .Values.mastodon.persistence.system.existingClaim $) -}}
{{- else -}}
{{- printf "%s-system" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified name for dependent services.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -96,7 +128,7 @@ Get the mastodon secret.
{{- if .Values.mastodon.secrets.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- printf "%s" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -107,7 +139,7 @@ Get the smtp secret.
{{- if .Values.mastodon.smtp.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}}
{{- else -}}
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
{{- printf "%s-smtp" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -120,7 +152,7 @@ Get the postgresql secret.
{{- else if .Values.postgresql.enabled -}}
{{- printf "%s-postgresql" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- printf "%s" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
@ -132,6 +164,38 @@ Get the redis secret.
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else if .Values.redis.enabled -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s-redis" (include "mastodon.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret (sidekiq).
*/}}
{{- define "mastodon.redis.sidekiq.secretName" -}}
{{- if .Values.redis.sidekiq.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.sidekiq.auth.existingSecret $) -}}
{{- else if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret (cache).
*/}}
{{- define "mastodon.redis.cache.secretName" -}}
{{- if .Values.redis.cache.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.cache.auth.existingSecret $) -}}
{{- else if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
@ -161,3 +225,16 @@ Find highest number of needed database connections to set DB_POOL variable
{{- end }}
{{- $poolSize | quote }}
{{- end }}
{{/*
Full hostname for a custom Elasticsearch cluster
*/}}
{{- define "mastodon.elasticsearch.fullHostname" -}}
{{- if not .Values.elasticsearch.enabled }}
{{- if .Values.elasticsearch.tls }}
{{- printf "https://%s" (tpl .Values.elasticsearch.hostname $) -}}
{{- else -}}
{{- printf "%s" (tpl .Values.elasticsearch.hostname $) -}}
{{- end }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,54 @@
{{/*
The exporter container attached to every Mastodon pod
*/}}
{{- define "mastodon.statsdExporterContainer" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
- name: statsd-exporter
image: prom/statsd-exporter
args:
- "--statsd.mapping-config=/statsd-mappings/mastodon.yml"
resources:
requests:
cpu: "0.1"
memory: "180M"
limits:
cpu: "0.5"
memory: "250M"
ports:
- name: statsd
containerPort: {{ .exporter.port }}
volumeMounts:
- name: statsd-mappings
mountPath: /statsd-mappings
{{- end }}
{{- end }}
{{- end }}
{{/*
The volume needed for the container above
*/}}
{{- define "mastodon.statsdExporterVolume" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
- name: statsd-mappings
configMap:
name: {{ include "mastodon.fullname" $ }}-statsd-mappings
items:
- key: mastodon-statsd-mappings.yml
path: mastodon.yml
{{- end }}
{{- end }}
{{- end }}
{{/*
Labels added to every statsd_exporter-enabled pod
*/}}
{{- define "mastodon.statsdExporterLabels" }}
{{- with .Values.mastodon.metrics.statsd }}
{{- if and .exporter.enabled (not .address) }}
mastodon/statsd-exporter: "true"
{{- end }}
{{- end }}
{{- end }}

View File

@ -15,17 +15,44 @@ data:
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }}
{{- if .Values.postgresql.readReplica.hostname }}
REPLICA_DB_HOST: {{ .Values.postgresql.readReplica.hostname }}
{{- end }}
{{- if .Values.postgresql.readReplica.port }}
REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.database }}
REPLICA_DB_NAME: {{ .Values.postgresql.readReplica.auth.database }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.username }}
REPLICA_DB_USER: {{ .Values.postgresql.readReplica.auth.username }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.password }}
REPLICA_DB_PASS: {{ .Values.postgresql.readReplica.auth.password }}
{{- end }}
PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }}
ES_ENABLED: "true"
ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl
ES_PORT: "9200"
{{- else if .Values.elasticsearch.hostname }}
ES_ENABLED: "true"
ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}}
ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }}
{{- end }}
{{- with .Values.elasticsearch.user }}
ES_USER: {{ . }}
{{- end }}
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
{{- with .Values.mastodon.web_domain }}
WEB_DOMAIN: {{ . }}
{{- end }}
{{- with .Values.mastodon.alternate_domains }}
ALTERNATE_DOMAINS: {{ join "," . }}
{{- end }}
{{- with .Values.mastodon.singleUserMode }}
SINGLE_USER_MODE: "true"
{{- end }}
@ -45,6 +72,30 @@ data:
REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }}
{{- end }}
REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- if .Values.redis.sidekiq.enabled }}
{{- if .Values.redis.sidekiq.hostname }}
SIDEKIQ_REDIS_HOST: {{ .Values.redis.sidekiq.hostname }}
{{- else }}
SIDEKIQ_REDIS_HOST: {{ .Values.redis.hostname }}
{{- end }}
{{- if .Values.redis.sidekiq.port }}
SIDEKIQ_REDIS_PORT: {{ .Values.redis.sidekiq.port | quote }}
{{- else }}
SIDEKIQ_REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- end }}
{{- end }}
{{- if .Values.redis.cache.enabled }}
{{- if .Values.redis.cache.hostname }}
CACHE_REDIS_HOST: {{ .Values.redis.cache.hostname }}
{{- else }}
CACHE_REDIS_HOST: {{ .Values.redis.hostname}}
{{- end }}
{{- if .Values.redis.cache.port }}
CACHE_REDIS_PORT: {{ .Values.redis.cache.port | quote }}
{{- else }}
CACHE_REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- end }}
{{- end }}
{{- if .Values.mastodon.s3.enabled }}
S3_BUCKET: {{ .Values.mastodon.s3.bucket }}
S3_ENABLED: "true"
@ -60,6 +111,12 @@ data:
{{- with .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ . }}
{{- end }}
{{- with .Values.mastodon.s3.multipart_threshold }}
S3_MULTIPART_THRESHOLD: "{{ . }}"
{{- end }}
{{- with .Values.mastodon.s3.override_path_style }}
S3_OVERRIDE_PATH_STYLE: "{{ . }}"
{{- end }}
{{- end }}
{{- with .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ . }}
@ -82,6 +139,9 @@ data:
{{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.return_path }}
SMTP_RETURN_PATH: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
{{- end }}
@ -322,6 +382,34 @@ data:
LDAP_UID_CONVERSION_REPLACE: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.mastodon.metrics.statsd.address }}
STATSD_ADDR: {{ . }}
{{- if .Values.mastodon.metrics.statsd.address }}
STATSD_ADDR: {{ .Values.mastodon.metrics.statsd.address }}
{{- else if .Values.mastodon.metrics.statsd.exporter.enabled }}
STATSD_ADDR: localhost:9125
{{- end }}
{{- range $k, $v := .Values.mastodon.extraEnvVars }}
{{ $k }}: {{ quote $v }}
{{- end }}
{{- if .Values.mastodon.deepl.enabled }}
DEEPL_PLAN: {{ .Values.mastodon.deepl.plan }}
{{- end }}
{{- if .Values.mastodon.hcaptcha.enabled }}
HCAPTCHA_SITE_KEY: {{ .Values.mastodon.hcaptcha.siteId }}
{{- end }}
{{- if .Values.mastodon.cacheBuster.enabled }}
CACHE_BUSTER_ENABLED: "true"
{{- if .Values.mastodon.cacheBuster.httpMethod }}
CACHE_BUSTER_HTTP_METHOD: {{ .Values.mastodon.cacheBuster.httpMethod }}
{{- end }}
{{- if .Values.mastodon.cacheBuster.authHeader }}
CACHE_BUSTER_SECRET_HEADER: {{ .Values.mastodon.cacheBuster.authHeader }}
{{- end }}
{{- else }}
CACHE_BUSTER_ENABLED: "false"
{{- end }}
{{- with .Values.timezone }}
TZ: {{ . | quote }}
{{- end }}

View File

@ -36,10 +36,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-media-remove
@ -65,6 +65,27 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}

View File

@ -9,6 +9,10 @@ metadata:
{{- include "mastodon.labels" $context | nindent 4 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
annotations:
{{- with $context.Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if (has "scheduler" .queues) }}
{{- if (gt (int .replicas) 1) }}
@ -18,6 +22,9 @@ spec:
type: Recreate
{{- end }}
replicas: {{ .replicas }}
{{- if (ne (toString $context.Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ $context.Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" $context | nindent 6 }}
@ -31,9 +38,11 @@ spec:
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
labels:
{{- include "mastodon.globalLabels" $context | nindent 8 }}
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" $context | nindent 8 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
@ -50,20 +59,35 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
{{- with (default (default $context.Values.topologySpreadConstraints $context.Values.mastodon.sidekiq.topologySpreadConstraints) .topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if (not $context.Values.mastodon.s3.enabled) }}
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" $context }}-assets
claimName: {{ template "mastodon.pvc.assets" $context }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" $context }}-system
claimName: {{ template "mastodon.pvc.system" $context }}
{{- end }}
{{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
{{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
- name: config-database-yml
configMap:
name: {{ .customDatabaseConfigYml.configMapRef.name }}
{{- end }}
{{- with $context.Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ $context.Chart.Name }}
{{- with $context.Values.mastodon.sidekiq.securityContext | default $context.Values.securityContext }}
securityContext:
{{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ coalesce (dig "image" "repository" false .) $context.Values.image.repository }}:{{ coalesce (dig "image" "tag" false .) $context.Values.image.tag $context.Chart.AppVersion }}"
imagePullPolicy: {{ $context.Values.image.pullPolicy }}
command:
- bundle
@ -80,17 +104,49 @@ spec:
name: {{ include "mastodon.fullname" $context }}-env
- secretRef:
name: {{ template "mastodon.secretName" $context }}
{{- if $context.Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ $context.Values.mastodon.extraEnvFrom }}
{{- end}}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" $context }}
key: password
{{- if $context.Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ $context.Values.postgresql.readReplica.auth.existingSecret }}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" $context }}
key: redis-password
{{- if and $context.Values.redis.sidekiq.enabled $context.Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" $context }}
key: redis-password
{{- end }}
{{- if and $context.Values.redis.cache.enabled $context.Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" $context }}
key: redis-password
{{- end }}
{{- if and $context.Values.elasticsearch.existingSecret (or $context.Values.elasticsearch.enabled $context.Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ $context.Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
@ -102,6 +158,7 @@ spec:
secretKeyRef:
name: {{ include "mastodon.smtp.secretName" $context }}
key: password
optional: true
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
@ -114,15 +171,38 @@ spec:
name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
{{- if and $context.Values.mastodon.deepl.enabled }}
- name: "DEEPL_API_KEY"
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.deepl.apiKeySecretRef.name }}
key: {{ $context.Values.mastodon.deepl.apiKeySecretRef.key }}
{{- end }}
{{- if and $context.Values.mastodon.cacheBuster.enabled $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
- name: CACHE_BUSTER_SECRET
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
key: password
{{- end }}
volumeMounts:
{{- if (not $context.Values.mastodon.s3.enabled) }}
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
- name: config-database-yml
mountPath: /opt/mastodon/config/database.yml
subPath: {{ .customDatabaseConfigYml.configMapRef.key }}
{{- end }}
{{- with $context.Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with $context.Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

View File

@ -4,8 +4,15 @@ metadata:
name: {{ include "mastodon.fullname" . }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.streaming.deploymentAnnotations) }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.mastodon.streaming.replicas }}
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -19,6 +26,7 @@ spec:
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
labels:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: streaming
spec:
@ -31,33 +39,90 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.streaming.extraCerts }}
{{- $name := .name | default "extra-certs" }}
volumes:
- name: {{ $name }}
secret:
secretName: {{ .existingSecret }}
items:
- key: ca.crt
path: trusted-ca.crt
{{- end }}
containers:
- name: {{ .Chart.Name }}-streaming
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ coalesce .Values.mastodon.streaming.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- node
- ./streaming
{{- with .Values.mastodon.streaming.extraCerts }}
{{- $name := .name | default "extra-certs" }}
volumeMounts:
- name: {{ $name }}
mountPath: "/usr/local/share/ca-certificates"
{{- end }}
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
{{- if .Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}}
env:
{{- with .Values.mastodon.streaming.extraCerts }}
- name: "NODE_EXTRA_CA_CERTS"
value: "/usr/local/share/ca-certificates/trusted-ca.crt"
{{- with .sslMode }}
- name: "DB_SSLMODE"
value: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.postgresql.postgresqlReplicaHostname }}
- name: "DB_HOST"
value: {{ . }}
{{- end }}
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
{{- if .Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.readReplica.auth.existingSecret }}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.streaming.port | quote }}
{{- range $k, $v := .Values.mastodon.streaming.extraEnvVars }}
- name: {{ $k }}
value: {{ quote $v }}
{{- end }}
ports:
- name: streaming
containerPort: {{ .Values.mastodon.streaming.port }}
@ -82,6 +147,10 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.topologySpreadConstraints .Values.mastodon.streaming.topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}

View File

@ -4,8 +4,15 @@ metadata:
name: {{ include "mastodon.fullname" . }}-web
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.web.deploymentAnnotations) }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.mastodon.web.replicas }}
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -20,7 +27,9 @@ spec:
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
labels:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" . | nindent 8 }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
spec:
@ -33,14 +42,23 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumes:
{{- if (not .Values.mastodon.s3.enabled) }}
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
{{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
{{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
- name: config-database-yml
configMap:
name: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-web
@ -48,7 +66,7 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
@ -61,17 +79,49 @@ spec:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
{{- if .Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
{{- if .Values.postgresql.readReplica.auth.existingSecret }}
- name: "REPLICA_DB_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.readReplica.auth.existingSecret}}
key: password
{{- end }}
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if .Values.mastodon.web.minThreads }}
@ -102,13 +152,42 @@ spec:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
{{- if .Values.mastodon.deepl.enabled }}
- name: "DEEPL_API_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.deepl.apiKeySecretRef.name }}
key: {{ .Values.mastodon.deepl.apiKeySecretRef.key }}
{{- end }}
{{- if .Values.mastodon.hcaptcha.enabled }}
- name: "HCAPTCHA_SECRET_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.name }}
key: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.key }}
{{- end }}
{{- if and .Values.mastodon.cacheBuster.enabled .Values.mastodon.cacheBuster.authToken.existingSecret }}
- name: CACHE_BUSTER_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }}
key: password
{{- end }}
volumeMounts:
{{- if (not .Values.mastodon.s3.enabled) }}
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
- name: config-database-yml
mountPath: /opt/mastodon/config/database.yml
subPath: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.key }}
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.mastodon.web.port }}
@ -130,6 +209,7 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@ -138,7 +218,11 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with (default .Values.topologySpreadConstraints .Values.mastodon.web.topologySpreadConstraints) }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.tolerations .Values.mastodon.web.tolerations) }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

View File

@ -0,0 +1,57 @@
{{- if .Values.ingress.streaming.enabled -}}
{{- $fullName := include "mastodon.fullname" . -}}
{{- $webPort := .Values.mastodon.web.port -}}
{{- $streamingPort := .Values.mastodon.streaming.port -}}
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- with .Values.ingress.streaming.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.streaming.ingressClassName }}
ingressClassName: {{ .Values.ingress.streaming.ingressClassName }}
{{- end }}
{{- if .Values.ingress.streaming.tls }}
tls:
{{- range .Values.ingress.streaming.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.streaming.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}api/v1/streaming
backend:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
service:
name: {{ $fullName }}-streaming
port:
number: {{ $streamingPort }}
{{- else }}
serviceName: {{ $fullName }}-streaming
servicePort: {{ $streamingPort }}
{{- end }}
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -52,6 +52,7 @@ spec:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
{{- if not $.Values.ingress.streaming.enabled }}
- path: {{ .path }}api/v1/streaming
backend:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
@ -67,5 +68,6 @@ spec:
pathType: Prefix
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,3 +1,4 @@
{{- if .Values.mastodon.hooks.assetsPrecompile.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
@ -36,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-assets-precompile
@ -66,6 +67,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
@ -75,3 +90,4 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}

View File

@ -37,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-chewy-setup
@ -67,6 +67,27 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}

View File

@ -37,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-create-admin
@ -72,6 +72,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}

View File

@ -1,3 +1,4 @@
{{- if .Values.mastodon.hooks.dbMigrate.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
@ -36,10 +37,10 @@ spec:
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-db-migrate
@ -66,6 +67,20 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
@ -75,3 +90,4 @@ spec:
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}

View File

@ -49,7 +49,7 @@ spec:
command:
- "/bin/bash"
- "-c"
- "echo \"account=Account.find_by(username:'{{ .Values.mastodon.createAdmin.username }}') ; user=User.find_by(account:account) ; user.password='{{ .Values.mastodon.createAdmin.password }}' ; user.save!\" | rails c"
- "echo \"account=Account.find_by(username:'{{ .Values.mastodon.createAdmin.username }}') ; user=User.find_by(account:account) ; user.password='{{ .Values.mastodon.createAdmin.password }}' ; user.save!\" | rails c && /opt/mastodon/bin/tootctl accounts approve {{ .Values.mastodon.createAdmin.username }}"
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env

View File

@ -0,0 +1,19 @@
{{- if .Values.mastodon.streaming.pdb.enable }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mastodon.fullname" . }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if .Values.mastodon.streaming.pdb.minAvailable }}
minAvailable: {{ .Values.mastodon.streaming.pdb.minAvailable }}
{{- end }}
{{- if .Values.mastodon.streaming.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.mastodon.streaming.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: streaming
{{- end }}

View File

@ -0,0 +1,20 @@
{{- if .Values.mastodon.web.pdb.enable }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "mastodon.fullname" . }}-web
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if .Values.mastodon.web.pdb.minAvailable }}
minAvailable: {{ .Values.mastodon.web.pdb.minAvailable }}
{{- end }}
{{- if .Values.mastodon.web.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.mastodon.web.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
{{- end }}

View File

@ -1,4 +1,4 @@
{{- if (not .Values.mastodon.s3.enabled) -}}
{{- if and (not .Values.mastodon.s3.enabled) (not .Values.mastodon.persistence.assets.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@ -7,7 +7,7 @@ metadata:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.mastodon.persistence.system.accessMode }}
- {{ .Values.mastodon.persistence.assets.accessMode }}
{{- with .Values.mastodon.persistence.assets.resources }}
resources:
{{- toYaml . | nindent 4 }}

View File

@ -1,4 +1,4 @@
{{- if (not .Values.mastodon.s3.enabled) -}}
{{- if and (not .Values.mastodon.s3.enabled) (not .Values.mastodon.persistence.system.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:

View File

@ -0,0 +1,15 @@
{{- if not .Values.redis.enabled }}
{{- if and (not .Values.redis.auth.existingSecret) (not .Values.redis.existingSecret) }}
{{- if .Values.redis.auth.password }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "mastodon.redis.secretName" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
redis-password: "{{ .Values.redis.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}

View File

@ -2,7 +2,7 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-smtp" (include "common.names.fullname" .) }}
name: {{ printf "%s-smtp" (include "mastodon.fullname" .) }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque

View File

@ -34,6 +34,21 @@ data:
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
{{- end }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}

View File

@ -0,0 +1,107 @@
{{- if and .Values.mastodon.metrics.statsd.exporter.enabled (not .Values.mastodon.metrics.statsd.address) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mastodon.fullname" . }}-statsd-mappings
labels:
{{- include "mastodon.labels" . | nindent 4 }}
data:
mastodon-statsd-mappings.yml: |-
## From https://ipng.ch/assets/mastodon/statsd-mapping.yaml
## Prometheus Statsd Exporter mapping for Mastodon 4.0+
##
## Version 1.0, November 2022
##
## Documentation: https://ipng.ch/s/articles/2022/11/27/mastodon-3.html
mappings:
## Web collector
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.status\.(.+)
match_type: regex
name: "mastodon_controller_status"
labels:
controller: $1
action: $2
format: $3
status: $4
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.db_time
match_type: regex
name: "mastodon_controller_db_time"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.view_time
match_type: regex
name: "mastodon_controller_view_time"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
- match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.total_duration
match_type: regex
name: "mastodon_controller_duration"
labels:
controller: $1
action: $2
format: $3
mastodon: "web"
## Database collector
- match: Mastodon\.production\.db\.tables\.(.+)\.queries\.(.+)\.duration
match_type: regex
name: "mastodon_db_operation"
labels:
table: "$1"
operation: "$2"
mastodon: "db"
## Cache collector
- match: Mastodon\.production\.cache\.(.+)\.duration
match_type: regex
name: "mastodon_cache_duration"
labels:
operation: "$1"
mastodon: "cache"
## Sidekiq collector
- match: Mastodon\.production\.sidekiq\.(.+)\.processing_time
match_type: regex
name: "mastodon_sidekiq_worker_processing_time"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)\.success
match_type: regex
name: "mastodon_sidekiq_worker_success_total"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)\.failure
match_type: regex
name: "mastodon_sidekiq_worker_failure_total"
labels:
worker: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.queues\.(.+)\.enqueued
match_type: regex
name: "mastodon_sidekiq_queue_enqueued"
labels:
queue: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.queues\.(.+)\.latency
match_type: regex
name: "mastodon_sidekiq_queue_latency"
labels:
queue: "$1"
mastodon: "sidekiq"
- match: Mastodon\.production\.sidekiq\.(.+)
match_type: regex
name: "mastodon_sidekiq_$1"
labels:
mastodon: "sidekiq"
{{- end }}

View File

@ -6,11 +6,14 @@ image:
# built from the most recent commit
#
# tag: latest
tag: "v4.1.4"
tag: "v4.2.9"
# use `Always` when using `latest` tag
pullPolicy: IfNotPresent
mastodon:
# Labels added to every Mastodon-related object
labels: {}
# -- create an initial administrator user; the password is autogenerated and will
# have to be reset
createAdmin:
@ -19,7 +22,16 @@ mastodon:
# @ignored
username: not_gargron
# @ignored
password: not_gargron
# @ignored
email: not@example.com
hooks:
dbMigrate:
enabled: true
assetsPrecompile:
enabled: true
# Custom labels to add to kubernetes resources
#labels:
cron:
# -- run `tootctl media remove` every week
removeMedia:
@ -34,11 +46,14 @@ mastodon:
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
# Example: mastodon.example.com
web_domain: null
# -- If you have multiple domains pointed at your Mastodon server, this setting will allow Mastodon to recognize
# itself when users are addressed using those other domains.
alternate_domains: []
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch: false
# -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
# -- Enables "Limited Federation Mode" for more details see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
limitedFederationMode: false
persistence:
assets:
@ -49,11 +64,15 @@ mastodon:
resources:
requests:
storage: 10Gi
# -- name of existing persistent volume claim to use for assets
existingClaim:
system:
accessMode: ReadWriteOnce
resources:
requests:
storage: 100Gi
# -- name of existing persistent volume claim to use for system
existingClaim:
s3:
enabled: false
access_key: ""
@ -68,6 +87,24 @@ mastodon:
permission: ""
# -- If you have a caching proxy, enter its base URL here.
alias_host: ""
# When uploading data to S3, if the number of bytes to send exceedes
# multipart_threshold then a multi part session is automatically started
# and the data is sent up in chunks. Defaults to 16777216 (16MB).
multipart_threshold: ""
# -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming
# override_path_style: "true"
deepl:
enabled: false
plan:
apiKeySecretRef:
name:
key:
hcaptcha:
enabled: false
siteId:
secretKeySecretRef:
name:
key:
# these must be set manually; autogenerated keys are rotated on each upgrade
secrets:
secret_key_base: ""
@ -75,10 +112,25 @@ mastodon:
vapid:
private_key: ""
public_key: ""
activeRecordEncryption:
primaryKey: ""
deterministicKey: ""
keyDerivationSalt: ""
# -- you can also specify the name of an existing Secret
# with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
# with keys:
# - SECRET_KEY_BASE
# - OTP_SECRET
# - VAPID_PRIVATE_KEY
# - VAPID_PUBLIC_KEY
# - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
# - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
# - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
existingSecret: ""
# -- The number of old revisions to keep for each Deployment in Kubernetes.
# See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
revisionHistoryLimit: 2
sidekiq:
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
@ -88,6 +140,8 @@ mastodon:
resources: {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity: {}
# -- Topology spread constraints for Sidekiq Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# limits:
# cpu: "1"
# memory: 768Mi
@ -95,24 +149,35 @@ mastodon:
# cpu: 250m
# memory: 512Mi
workers:
- name: all-queues
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
concurrency: 25
# -- Number of Pod replicas deployed by the Deployment
replicas: 1
# -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources
resources: {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity: {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues:
- default,8
- push,6
- ingress,4
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
- name: all-queues
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
concurrency: 25
# -- Number of Pod replicas deployed by the Deployment
replicas: 1
# -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources
resources: {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity: {}
# -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues:
- default,8
- push,6
- ingress,4
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
image:
repository:
tag:
# allows you to mount a custom database.yml from a configmap
# please note that we do not advise using a read-only replica for sidekiq workers
customDatabaseConfigYml:
configMapRef:
name:
key:
#- name: push-pull
# concurrency: 50
# resources: {}
@ -135,8 +200,9 @@ mastodon:
ca_file: /etc/ssl/certs/ca-certificates.crt
delivery_method: smtp
domain:
enable_starttls: 'auto'
enable_starttls: "auto"
from_address: notifications@example.com
return_path:
openssl_verify_mode: peer
port: 587
reply_to:
@ -148,6 +214,9 @@ mastodon:
# password must be located in keys named `login` and `password` respectively.
existingSecret:
streaming:
image:
repository:
tag:
port: 4000
# -- this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to
@ -160,6 +229,8 @@ mastodon:
replicas: 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity: {}
# -- Topology spread constraints for Streaming Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
@ -172,12 +243,33 @@ mastodon:
# requests:
# cpu: 250m
# memory: 128Mi
# -- PodDisruptionBudget configuration - See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
enable: false
# minAvailable: 1
# maxUnavailable: 1
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
# -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
extraCerts: {}
# -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
# existingSecret:
# -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
# name:
# -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
# sslMode:
# Specify extra environment variables to be added to streaming pods.
extraEnvVars: {}
web:
port: 3000
# -- Number of Web Pods running
replicas: 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity: {}
# -- Topology spread constraints for Web Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext
@ -190,21 +282,62 @@ mastodon:
# requests:
# cpu: 250m
# memory: 768Mi
# -- PodDisruptionBudget configuration - See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
enable: false
# minAvailable: 1
# maxUnavailable: 1
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
minThreads: "5"
maxThreads: "5"
workers: "2"
persistentTimeout: "20"
image:
repository:
tag:
# allows you to mount a custom database.yml from a configmap
# for example if you want to use a read-only replica
customDatabaseConfigYml:
configMapRef:
name:
key:
# HTTP cache buster configuration.
# See the documentation for more information about this feature:
# https://docs.joinmastodon.org/admin/config/#http-cache-buster
cacheBuster:
enabled: false
httpMethod: "GET"
# If the cache service requires authentication, specify the header name and
# secret/token here.
authHeader:
authToken:
existingSecret:
metrics:
statsd:
# -- Enable statsd publishing via STATSD_ADDR environment variable
address: ""
# -- Alternatively, you can use this to have a statsd_exporter sidecar container running along all Mastodon containers and exposing metrics in OpenMetric/Prometheus format on each pod
# Please note the exporter will not be enabled if metrics.statsd.address is not empty
exporter:
enabled: false
port: 9102
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements: true
# Specify extra environment variables to be added to all Mastodon pods.
# These can be used for configuration not included in this chart (including configuration for Mastodon varietals.)
extraEnvVars: {}
# Alternatively specify extra environment variables stored in a ConfigMap.
# The specified ConfigMap should contain the additional environment variables in key-value format.
# extraEnvFrom: <config-map-name>
ingress:
enabled: true
annotations:
@ -225,25 +358,54 @@ ingress:
hosts:
- host: mastodon.local
paths:
- path: '/'
- path: "/"
tls:
- secretName: mastodon-tls
hosts:
- mastodon.local
# This allows you to have a separate ingress for streaming
# When enabled, the main ingress will no longer handle streaming requests.
# You will also need to configure mastodon.streaming.base_url accordingly
streaming:
enabled: false
annotations:
ingressClassName:
hosts:
- host: streaming.mastodon.local
paths:
- path: "/"
tls:
- secretName: mastodon-tls
hosts:
- streaming.mastodon.local
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
elasticsearch:
# `false` will disable full-text search
# Elasticsearch is powering full-text search. It is optional.
# `false` will not install Elasticsearch as part of this chart
#
# if you enable ES after the initial install, you will need to manually run
# RAILS_ENV=production bundle exec rake chewy:sync
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
# @ignored
enabled: true
# @ignored
image:
tag: 7
# If you are using an external ES cluster, use `enabled: false` and set the hostname, port,
# and whether the cluster uses TLS.
# hostname:
# port: 9200
# tls: true
# preset: single_node_cluster
# This is optional, use it if you ES cluster requires authentication
# user:
# Name of an existing secret with a password key
# existingSecret:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql:
# -- disable if you want to use an existing db; in which case the values below
@ -266,6 +428,20 @@ postgresql:
# with a key of password set to the password you want
existingSecret: ""
# Options for a read-only replica.
# If enabled, mastodon uses existing defaults for postgres for these values as well.
# NOTE: This feature is only available on Mastodon v4.2+
# Documentation for more information on this feature:
# https://docs.joinmastodon.org/admin/scaling/#read-replicas
readReplica:
hostname:
port:
auth:
database:
username:
password:
existingSecret:
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis:
# disable if you want to use an existing redis instance; in which case the
@ -277,9 +453,40 @@ redis:
# -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# setting password for an existing redis instance will store it in a new Secret
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# existingSecret: ""
replica:
replicaCount: 0
# Configuration for a separate redis instance only for sidekiq processing.
# If enabled, any values not specified will be copied from the base config.
# If set to false, the main redis instance will be used, and all values will
# be ignored.
sidekiq:
enabled: false
hostname: ""
port: 6379
auth:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
existingSecret: ""
# Configuration for a separate redis instance only for cache.
# If enabled, any values not specified will be copied from the base config.
# If set to false, the main redis instance will be used, and all values will
# be ignored.
cache:
enabled: false
hostname: ""
port: 6379
auth:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
existingSecret: ""
# @ignored
service:
@ -407,6 +614,10 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
# Custom annotations to apply to all created deployment objects. These can be
# used to help mastodon interact with other services in the cluster.
deploymentAnnotations: {}
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods.
@ -420,7 +631,8 @@ revisionPodAnnotation: true
jobAnnotations: {}
# -- Default resources for all Deployments and jobs unless overwritten
resources: {}
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
@ -440,3 +652,18 @@ tolerations: []
# -- Affinity for all pods unless overwritten
affinity: {}
# -- Timezone for all pods unless overwritten
timezone: UTC
# -- Topology Spread Constraints for all pods unless overwritten
# Please note that you need to use `matchLabelKeys` (Kubernetes 1.25+) if you
# want to spread each deployment independently, or override topologySpreadConstraints
# for each deployment
topologySpreadConstraints: {}
# Default volume mounts for all pods
volumeMounts: []
# Default volumes for all pods
volumes: []

View File

@ -1,7 +1,7 @@
apiVersion: v2
name: postgres-operator-ui
version: 1.11.0
appVersion: 1.11.0
version: 1.12.0
appVersion: 1.12.0
home: https://github.com/zalando/postgres-operator
description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience
keywords:

View File

@ -1,9 +1,32 @@
apiVersion: v1
entries:
postgres-operator-ui:
- apiVersion: v2
appVersion: 1.12.0
created: "2024-05-24T16:34:14.027533755+02:00"
description: Postgres Operator UI provides a graphical interface for a convenient
database-as-a-service user experience
digest: 498b8254dc0e24bc3cdc98e250a5640dc104b75e1dbba5d9fdb90a3b39e7eb8c
home: https://github.com/zalando/postgres-operator
keywords:
- postgres
- operator
- ui
- cloud-native
- patroni
- spilo
maintainers:
- email: opensource@zalando.de
name: Zalando
name: postgres-operator-ui
sources:
- https://github.com/zalando/postgres-operator
urls:
- postgres-operator-ui-1.12.0.tgz
version: 1.12.0
- apiVersion: v2
appVersion: 1.11.0
created: "2024-03-14T17:12:46.692800586+01:00"
created: "2024-05-24T16:34:14.02529813+02:00"
description: Postgres Operator UI provides a graphical interface for a convenient
database-as-a-service user experience
digest: a45f2284045c2a9a79750a36997386444f39b01ac722b17c84b431457577a3a2
@ -26,7 +49,7 @@ entries:
version: 1.11.0
- apiVersion: v2
appVersion: 1.10.1
created: "2024-03-14T17:12:46.691746076+01:00"
created: "2024-05-24T16:34:14.023186291+02:00"
description: Postgres Operator UI provides a graphical interface for a convenient
database-as-a-service user experience
digest: 2e5e7a82aebee519ec57c6243eb8735124aa4585a3a19c66ffd69638fbeb11ce
@ -49,7 +72,7 @@ entries:
version: 1.10.1
- apiVersion: v2
appVersion: 1.10.0
created: "2024-03-14T17:12:46.690807634+01:00"
created: "2024-05-24T16:34:14.021045516+02:00"
description: Postgres Operator UI provides a graphical interface for a convenient
database-as-a-service user experience
digest: 47413650e3188539ae778a601998efa2c4f80b8aa16e3668a2fc7b72e014b605
@ -72,7 +95,7 @@ entries:
version: 1.10.0
- apiVersion: v2
appVersion: 1.9.0
created: "2024-03-14T17:12:46.696626932+01:00"
created: "2024-05-24T16:34:14.031516234+02:00"
description: Postgres Operator UI provides a graphical interface for a convenient
database-as-a-service user experience
digest: df434af6c8b697fe0631017ecc25e3c79e125361ae6622347cea41a545153bdc
@ -95,7 +118,7 @@ entries:
version: 1.9.0
- apiVersion: v2
appVersion: 1.8.2
created: "2024-03-14T17:12:46.69565936+01:00"
created: "2024-05-24T16:34:14.029536821+02:00"
description: Postgres Operator UI provides a graphical interface for a convenient
database-as-a-service user experience
digest: fbfc90fa8fd007a08a7c02e0ec9108bb8282cbb42b8c976d88f2193d6edff30c
@ -116,50 +139,4 @@ entries:
urls:
- postgres-operator-ui-1.8.2.tgz
version: 1.8.2
- apiVersion: v2
appVersion: 1.8.1
created: "2024-03-14T17:12:46.694691362+01:00"
description: Postgres Operator UI provides a graphical interface for a convenient
database-as-a-service user experience
digest: d26342e385ea51a0fbfbe23477999863e9489664ae803ea5c56da8897db84d24
home: https://github.com/zalando/postgres-operator
keywords:
- postgres
- operator
- ui
- cloud-native
- patroni
- spilo
maintainers:
- email: opensource@zalando.de
name: Zalando
name: postgres-operator-ui
sources:
- https://github.com/zalando/postgres-operator
urls:
- postgres-operator-ui-1.8.1.tgz
version: 1.8.1
- apiVersion: v1
appVersion: 1.8.0
created: "2024-03-14T17:12:46.693750873+01:00"
description: Postgres Operator UI provides a graphical interface for a convenient
database-as-a-service user experience
digest: d4a7b40c23fd167841cc28342afdbd5ecc809181913a5c31061c83139187f148
home: https://github.com/zalando/postgres-operator
keywords:
- postgres
- operator
- ui
- cloud-native
- patroni
- spilo
maintainers:
- email: opensource@zalando.de
name: Zalando
name: postgres-operator-ui
sources:
- https://github.com/zalando/postgres-operator
urls:
- postgres-operator-ui-1.8.0.tgz
version: 1.8.0
generated: "2024-03-14T17:12:46.689654615+01:00"
generated: "2024-05-24T16:34:14.018381989+02:00"

View File

@ -94,3 +94,12 @@ spec:
{{- if .Values.extraEnvs }}
{{- .Values.extraEnvs | toYaml | nindent 12 }}
{{- end }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}

View File

@ -6,9 +6,9 @@ replicaCount: 1
# configure ui image
image:
registry: registry.opensource.zalan.do
repository: acid/postgres-operator-ui
tag: v1.11.0
registry: ghcr.io
repository: zalando/postgres-operator-ui
tag: v1.12.0
pullPolicy: "IfNotPresent"
# Optionally specify an array of imagePullSecrets.
@ -111,3 +111,18 @@ ingress:
# - secretName: ui-tls
# hosts:
# - ui.exmaple.org
# priority class for operator-ui pod
priorityClassName: ""
# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
# Tolerations for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []

View File

@ -1,7 +1,7 @@
apiVersion: v2
name: postgres-operator
version: 1.11.0
appVersion: 1.11.0
version: 1.12.0
appVersion: 1.12.0
home: https://github.com/zalando/postgres-operator
description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes
keywords:

View File

@ -68,7 +68,7 @@ spec:
type: string
docker_image:
type: string
default: "ghcr.io/zalando/spilo-16:3.2-p2"
default: "ghcr.io/zalando/spilo-16:3.2-p3"
enable_crd_registration:
type: boolean
default: true
@ -211,6 +211,9 @@ spec:
enable_init_containers:
type: boolean
default: true
enable_secrets_deletion:
type: boolean
default: true
enable_persistent_volume_claim_deletion:
type: boolean
default: true
@ -281,6 +284,9 @@ spec:
oauth_token_secret_name:
type: string
default: "postgresql-operator"
pdb_master_label_selector:
type: boolean
default: true
pdb_name_format:
type: string
default: "postgres-{cluster}-pdb"
@ -502,7 +508,7 @@ spec:
pattern: '^(\d+m|\d+(\.\d{1,3})?)$'
logical_backup_docker_image:
type: string
default: "registry.opensource.zalan.do/acid/logical-backup:v1.11.0"
default: "ghcr.io/zalando/postgres-operator/logical-backup:v1.12.0"
logical_backup_google_application_credentials:
type: string
logical_backup_job_prefix:
@ -525,6 +531,8 @@ spec:
type: string
logical_backup_s3_bucket:
type: string
logical_backup_s3_bucket_prefix:
type: string
logical_backup_s3_endpoint:
type: string
logical_backup_s3_region:

View File

@ -87,10 +87,14 @@ spec:
- mountPath
- volumeSource
properties:
isSubPathExpr:
type: boolean
name:
type: string
mountPath:
type: string
subPath:
type: string
targetContainers:
type: array
nullable: true
@ -99,8 +103,6 @@ spec:
volumeSource:
type: object
x-kubernetes-preserve-unknown-fields: true
subPath:
type: string
allowedSourceRanges:
type: array
nullable: true
@ -215,6 +217,8 @@ spec:
items:
type: object
x-kubernetes-preserve-unknown-fields: true
logicalBackupRetention:
type: string
logicalBackupSchedule:
type: string
pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$'
@ -632,6 +636,8 @@ spec:
required:
- size
properties:
isSubPathExpr:
type: boolean
iops:
type: integer
selector:

View File

@ -2,11 +2,33 @@ apiVersion: v1
entries:
postgres-operator:
- apiVersion: v2
appVersion: 1.11.0
created: "2024-03-14T17:11:54.311938906+01:00"
appVersion: 1.12.0
created: "2024-05-24T16:33:38.650770727+02:00"
description: Postgres Operator creates and manages PostgreSQL clusters running
in Kubernetes
digest: f12f5ae9282dd77d37e3bfd0aa47be58ed0b2f02056889d8f1111bdb2b9fe286
digest: d56e9471096d3e0dfd3a35619bfd8e81895979e95a0cad44eb021335814d19cf
home: https://github.com/zalando/postgres-operator
keywords:
- postgres
- operator
- cloud-native
- patroni
- spilo
maintainers:
- email: opensource@zalando.de
name: Zalando
name: postgres-operator
sources:
- https://github.com/zalando/postgres-operator
urls:
- postgres-operator-1.12.0.tgz
version: 1.12.0
- apiVersion: v2
appVersion: 1.11.0
created: "2024-05-24T16:33:38.644616857+02:00"
description: Postgres Operator creates and manages PostgreSQL clusters running
in Kubernetes
digest: 3914b5e117bda0834f05c9207f007e2ac372864cf6e86dcc2e1362bbe46c14d9
home: https://github.com/zalando/postgres-operator
keywords:
- postgres
@ -25,7 +47,7 @@ entries:
version: 1.11.0
- apiVersion: v2
appVersion: 1.10.1
created: "2024-03-14T17:11:54.3101439+01:00"
created: "2024-05-24T16:33:38.638769428+02:00"
description: Postgres Operator creates and manages PostgreSQL clusters running
in Kubernetes
digest: cc3baa41753da92466223d0b334df27e79c882296577b404a8e9071411fcf19c
@ -47,7 +69,7 @@ entries:
version: 1.10.1
- apiVersion: v2
appVersion: 1.10.0
created: "2024-03-14T17:11:54.308561116+01:00"
created: "2024-05-24T16:33:38.633634768+02:00"
description: Postgres Operator creates and manages PostgreSQL clusters running
in Kubernetes
digest: 60fc5c8059dfed175d14e1034b40997d9c59d33ec8ea158c0597f7228ab04b51
@ -69,7 +91,7 @@ entries:
version: 1.10.0
- apiVersion: v2
appVersion: 1.9.0
created: "2024-03-14T17:11:54.3194627+01:00"
created: "2024-05-24T16:33:38.663765707+02:00"
description: Postgres Operator creates and manages PostgreSQL clusters running
in Kubernetes
digest: 64df90c898ca591eb3a330328173ffaadfbf9ddd474d8c42ed143edc9e3f4276
@ -91,7 +113,7 @@ entries:
version: 1.9.0
- apiVersion: v2
appVersion: 1.8.2
created: "2024-03-14T17:11:54.317846817+01:00"
created: "2024-05-24T16:33:38.658286963+02:00"
description: Postgres Operator creates and manages PostgreSQL clusters running
in Kubernetes
digest: f77ffad2e98b72a621e5527015cf607935d3ed688f10ba4b626435acb9631b5b
@ -111,48 +133,4 @@ entries:
urls:
- postgres-operator-1.8.2.tgz
version: 1.8.2
- apiVersion: v2
appVersion: 1.8.1
created: "2024-03-14T17:11:54.315242584+01:00"
description: Postgres Operator creates and manages PostgreSQL clusters running
in Kubernetes
digest: ee0c3bb6ba72fa4289ba3b1c6060e5b312dd023faba2a61b4cb7d9e5e2cc57a5
home: https://github.com/zalando/postgres-operator
keywords:
- postgres
- operator
- cloud-native
- patroni
- spilo
maintainers:
- email: opensource@zalando.de
name: Zalando
name: postgres-operator
sources:
- https://github.com/zalando/postgres-operator
urls:
- postgres-operator-1.8.1.tgz
version: 1.8.1
- apiVersion: v1
appVersion: 1.8.0
created: "2024-03-14T17:11:54.313632778+01:00"
description: Postgres Operator creates and manages PostgreSQL clusters running
in Kubernetes
digest: 3ae232cf009e09aa2ad11c171484cd2f1b72e63c59735e58fbe2b6eb842f4c86
home: https://github.com/zalando/postgres-operator
keywords:
- postgres
- operator
- cloud-native
- patroni
- spilo
maintainers:
- email: opensource@zalando.de
name: Zalando
name: postgres-operator
sources:
- https://github.com/zalando/postgres-operator
urls:
- postgres-operator-1.8.0.tgz
version: 1.8.0
generated: "2024-03-14T17:11:54.305930529+01:00"
generated: "2024-05-24T16:33:38.62797266+02:00"

View File

@ -70,8 +70,8 @@ Flatten nested config options when ConfigMap is used as ConfigTarget
{{- $list := list }}
{{- range $subKey, $subValue := $value }}
{{- $list = append $list (printf "%s:%s" $subKey $subValue) }}
{{ $key }}: {{ join "," $list | quote }}
{{- end }}
{{ $key }}: {{ join "," $list | quote }}
{{- else }}
{{ $key }}: {{ $value | quote }}
{{- end }}

View File

@ -14,7 +14,7 @@ configuration:
users:
{{ tpl (toYaml .Values.configUsers) . | indent 4 }}
major_version_upgrade:
{{ toYaml .Values.configMajorVersionUpgrade | indent 4 }}
{{ tpl (toYaml .Values.configMajorVersionUpgrade) . | indent 4 }}
kubernetes:
{{- if .Values.podPriorityClassName.name }}
pod_priority_class_name: {{ .Values.podPriorityClassName.name }}
@ -23,23 +23,23 @@ configuration:
oauth_token_secret_name: {{ template "postgres-operator.fullname" . }}
{{ tpl (toYaml .Values.configKubernetes) . | indent 4 }}
postgres_pod_resources:
{{ toYaml .Values.configPostgresPodResources | indent 4 }}
{{ tpl (toYaml .Values.configPostgresPodResources) . | indent 4 }}
timeouts:
{{ toYaml .Values.configTimeouts | indent 4 }}
{{ tpl (toYaml .Values.configTimeouts) . | indent 4 }}
load_balancer:
{{ toYaml .Values.configLoadBalancer | indent 4 }}
{{ tpl (toYaml .Values.configLoadBalancer) . | indent 4 }}
aws_or_gcp:
{{ toYaml .Values.configAwsOrGcp | indent 4 }}
{{ tpl (toYaml .Values.configAwsOrGcp) . | indent 4 }}
logical_backup:
{{ toYaml .Values.configLogicalBackup | indent 4 }}
{{ tpl (toYaml .Values.configLogicalBackup) . | indent 4 }}
debug:
{{ toYaml .Values.configDebug | indent 4 }}
{{ tpl (toYaml .Values.configDebug) . | indent 4 }}
teams_api:
{{ tpl (toYaml .Values.configTeamsApi) . | indent 4 }}
logging_rest_api:
{{ toYaml .Values.configLoggingRestApi | indent 4 }}
{{ tpl (toYaml .Values.configLoggingRestApi) . | indent 4 }}
connection_pooler:
{{ toYaml .Values.configConnectionPooler | indent 4 }}
{{ tpl (toYaml .Values.configConnectionPooler) . | indent 4 }}
patroni:
{{ toYaml .Values.configPatroni | indent 4 }}
{{ tpl (toYaml .Values.configPatroni) . | indent 4 }}
{{- end }}

View File

@ -1,7 +1,7 @@
image:
registry: registry.opensource.zalan.do
repository: acid/postgres-operator
tag: v1.11.0
registry: ghcr.io
repository: zalando/postgres-operator
tag: v1.12.0
pullPolicy: "IfNotPresent"
# Optionally specify an array of imagePullSecrets.
@ -38,7 +38,7 @@ configGeneral:
# etcd connection string for Patroni. Empty uses K8s-native DCS.
etcd_host: ""
# Spilo docker image
docker_image: ghcr.io/zalando/spilo-16:3.2-p2
docker_image: ghcr.io/zalando/spilo-16:3.2-p3
# key name for annotation to ignore globally configured instance limits
# ignore_instance_limits_annotation_key: ""
@ -129,6 +129,8 @@ configKubernetes:
enable_finalizers: false
# enables initContainers to run actions before Spilo is started
enable_init_containers: true
# toggles if operator should delete secrets on cluster deletion
enable_secrets_deletion: true
# toggles if operator should delete PVCs on cluster deletion
enable_persistent_volume_claim_deletion: true
# toggles pod anti affinity on the Postgres pods
@ -169,7 +171,9 @@ configKubernetes:
# namespaced name of the secret containing the OAuth2 token to pass to the teams API
# oauth_token_secret_name: postgresql-operator
# defines the template for PDB (Pod Disruption Budget) names
# toggle if `spilo-role=master` selector should be added to the PDB (Pod Disruption Budget)
pdb_master_label_selector: true
# defines the template for PDB names
pdb_name_format: "postgres-{cluster}-pdb"
# specify the PVC retention policy when scaling down and/or deleting
persistent_volume_claim_retention_policy:
@ -358,7 +362,7 @@ configLogicalBackup:
# logical_backup_memory_request: ""
# image for pods of the logical backup job (example runs pg_dumpall)
logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.11.0"
logical_backup_docker_image: "ghcr.io/zalando/postgres-operator/logical-backup:v1.12.0"
# path of google cloud service account json file
# logical_backup_google_application_credentials: ""
@ -370,6 +374,8 @@ configLogicalBackup:
logical_backup_s3_access_key_id: ""
# S3 bucket to store backup results
logical_backup_s3_bucket: "my-bucket-url"
# S3 bucket prefix to use
logical_backup_s3_bucket_prefix: "spilo"
# S3 region of bucket
logical_backup_s3_region: ""
# S3 endpoint url when not using AWS