diff options
author | Erik Sundell <erik.i.sundell@gmail.com> | 2022-12-09 06:36:29 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-09 06:36:29 +0100 |
commit | 64bea717145521d9bc913ba90966b36595b6082b (patch) | |
tree | 98562ed94113c89e4307f9cfd451c6baf75d6f18 | |
parent | ed07f10ca8d4e65ec58958f300a8bb7c762ccbbd (diff) |
helm: cleanup helm chart, now in mastodon/chart (#21801)
28 files changed, 2 insertions, 2219 deletions
diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml deleted file mode 100644 index 4d7a27887..000000000 --- a/.github/workflows/test-chart.yml +++ /dev/null @@ -1,138 +0,0 @@ -# This is a GitHub workflow defining a set of jobs with a set of steps. -# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions -# -name: Test chart - -on: - pull_request: - paths: - - 'chart/**' - - '!**.md' - - '.github/workflows/test-chart.yml' - push: - paths: - - 'chart/**' - - '!**.md' - - '.github/workflows/test-chart.yml' - branches-ignore: - - 'dependabot/**' - workflow_dispatch: - -permissions: - contents: read - -defaults: - run: - working-directory: chart - -jobs: - lint-templates: - runs-on: ubuntu-22.04 - - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 - with: - python-version: '3.x' - - - name: Install dependencies (yamllint) - run: pip install yamllint - - - run: helm dependency update - - - name: helm lint - run: | - helm lint . \ - --values dev-values.yaml - - - name: helm template - run: | - helm template . \ - --values dev-values.yaml \ - --output-dir rendered-templates - - - name: yamllint (only on templates we manage) - run: | - rm -rf rendered-templates/mastodon/charts - - yamllint rendered-templates \ - --config-data "{rules: {indentation: {spaces: 2}, line-length: disable}}" - - # This job helps us validate that rendered templates are valid k8s resources - # against a k8s api-server, via "helm template --validate", but also that a - # basic configuration can be used to successfully startup mastodon. - # - test-install: - runs-on: ubuntu-22.04 - timeout-minutes: 15 - - strategy: - fail-fast: false - matrix: - include: - # k3s-channel reference: https://update.k3s.io/v1-release/channels - - k3s-channel: latest - - k3s-channel: stable - - # This represents the oldest configuration we test against. - # - # The k8s version chosen is based on the oldest still supported k8s - # version among two managed k8s services, GKE, EKS. - # - GKE: https://endoflife.date/google-kubernetes-engine - # - EKS: https://endoflife.date/amazon-eks - # - # The helm client's version can influence what helper functions is - # available for use in the templates, currently we need v3.6.0 or - # higher. - # - - k3s-channel: v1.21 - helm-version: v3.6.0 - - steps: - - uses: actions/checkout@v3 - - # This action starts a k8s cluster with NetworkPolicy enforcement and - # installs both kubectl and helm. - # - # ref: https://github.com/jupyterhub/action-k3s-helm#readme - # - - uses: jupyterhub/action-k3s-helm@v3 - with: - k3s-channel: ${{ matrix.k3s-channel }} - helm-version: ${{ matrix.helm-version }} - metrics-enabled: false - traefik-enabled: false - docker-enabled: false - - - run: helm dependency update - - # Validate rendered helm templates against the k8s api-server - - name: helm template --validate - run: | - helm template --validate mastodon . \ - --values dev-values.yaml - - - name: helm install - run: | - helm install mastodon . \ - --values dev-values.yaml \ - --timeout 10m - - # This actions provides a report about the state of the k8s cluster, - # providing logs etc on anything that has failed and workloads marked as - # important. - # - # ref: https://github.com/jupyterhub/action-k8s-namespace-report#readme - # - - name: Kubernetes namespace report - uses: jupyterhub/action-k8s-namespace-report@v1 - if: always() - with: - important-workloads: >- - deploy/mastodon-sidekiq - deploy/mastodon-streaming - deploy/mastodon-web - job/mastodon-assets-precompile - job/mastodon-chewy-upgrade - job/mastodon-create-admin - job/mastodon-db-migrate diff --git a/.gitignore b/.gitignore index 7d76b8275..2bc8b18c8 100644 --- a/.gitignore +++ b/.gitignore @@ -44,12 +44,6 @@ /redis /elasticsearch -# ignore Helm charts -/chart/*.tgz - -# ignore Helm dependency charts -/chart/charts/*.tgz - # Ignore Apple files .DS_Store diff --git a/.prettierignore b/.prettierignore index de7673eb6..f72354a42 100644 --- a/.prettierignore +++ b/.prettierignore @@ -44,9 +44,6 @@ /redis /elasticsearch -# ignore Helm dependency charts -/chart/charts/*.tgz - # Ignore Apple files .DS_Store @@ -67,9 +64,6 @@ yarn-debug.log # Ignore Docker option files docker-compose.override.yml -# Ignore Helm files -/chart - # Ignore emoji map file /app/javascript/mastodon/features/emoji/emoji_map.json diff --git a/chart/.helmignore b/chart/.helmignore deleted file mode 100644 index 0cbed473a..000000000 --- a/chart/.helmignore +++ /dev/null @@ -1,37 +0,0 @@ -# A helm chart's templates and default values can be packaged into a .tgz file. -# When doing that, not everything should be bundled into the .tgz file. This -# file describes what to not bundle. -# -# Manually added by us -# -------------------- -# -dev-values.yaml -mastodon-*.tgz - - -# Boilerplate .helmignore from `helm create mastodon` -# --------------------------------------------------- -# -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/chart/Chart.lock b/chart/Chart.lock deleted file mode 100644 index 961e4fa80..000000000 --- a/chart/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: elasticsearch - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 19.0.1 -- name: postgresql - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 11.1.3 -- name: redis - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 16.13.2 -digest: sha256:17ea58a3264aa22faff18215c4269f47dabae956d0df273c684972f356416193 -generated: "2022-08-08T21:44:18.0195364+02:00" diff --git a/chart/Chart.yaml b/chart/Chart.yaml deleted file mode 100644 index 8d67e55eb..000000000 --- a/chart/Chart.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v2 -name: mastodon -description: Mastodon is a free, open-source social network server based on ActivityPub. - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.0.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v4.0.2 - -dependencies: - - name: elasticsearch - version: 19.0.1 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - condition: elasticsearch.enabled - - name: postgresql - version: 11.1.3 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - condition: postgresql.enabled - - name: redis - version: 16.13.2 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami diff --git a/chart/README.md b/chart/README.md index 78d75368c..67cb18eec 100644 --- a/chart/README.md +++ b/chart/README.md @@ -1,103 +1,3 @@ -# Introduction +# This Helm chart has moved -This is a [Helm](https://helm.sh/) chart for installing Mastodon into a -Kubernetes cluster. The basic usage is: - -1. edit `values.yaml` or create a separate yaml file for custom values -1. `helm dep update` -1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` - -This chart is tested with k8s 1.21+ and helm 3.6.0+. - -# Configuration - -The variables that _must_ be configured are: - -- password and keys in the `mastodon.secrets`, `postgresql`, and `redis` groups; if - left blank, some of those values will be autogenerated, but will not persist - across upgrades. - -- SMTP settings for your mailer in the `mastodon.smtp` group. - -# Administration - -You can run [admin CLI](https://docs.joinmastodon.org/admin/tootctl/) commands in the web deployment. - -```bash -kubectl -n mastodon exec -it deployment/mastodon-web -- bash -tootctl accounts modify admin --reset-password -``` - -or -```bash -kubectl -n mastodon exec -it deployment/mastodon-web -- tootctl accounts modify admin --reset-password -``` - -# Missing features - -Currently this chart does _not_ support: - -- Hidden services -- Swift - -# Upgrading - -Because database migrations are managed as a Job separate from the Rails and -Sidekiq deployments, it’s possible they will occur in the wrong order. After -upgrading Mastodon versions, it may sometimes be necessary to manually delete -the Rails and Sidekiq pods so that they are recreated against the latest -migration. - -# Upgrades in 2.1.0 - -## ingressClassName and tls-acme changes -The annotations previously defaulting to nginx have been removed and support - for ingressClassName has been added. -```yaml -ingress: - annotations: - kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: "true" -``` - -To restore the old functionality simply add the above snippet to your `values.yaml`, -but the recommendation is to replace these with `ingress.ingressClassName` and use -cert-manager's issuer/cluster-issuer instead of tls-acme. -If you're uncertain about your current setup leave `ingressClassName` empty and add -`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`. - -# Upgrades in 2.0.0 - -## Fixed labels -Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error: -```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"``` - -If you want an easy upgrade and you're comfortable with some downtime then -simply delete the -sidekiq, -web, and -streaming Deployments manually. - -If you require a no-downtime upgrade then: -1. run `helm template` instead of `helm upgrade` -2. Copy the new -web and -streaming services into `services.yml` -3. Copy the new -web and -streaming deployments into `deployments.yml` -4. Append -temp to the name of each deployment in `deployments.yml` -5. `kubectl apply -f deployments.yml` then wait until all pods are ready -6. `kubectl apply -f services.yml` -7. Delete the old -sidekiq, -web, and -streaming deployments manually -8. `helm upgrade` like normal -9. `kubectl delete -f deployments.yml` to clear out the temporary deployments - -## PostgreSQL passwords -If you've previously installed the chart and you're having problems with -postgres not accepting your password then make sure to set `username` to -`postgres` and `password` and `postgresPassword` to the same passwords. -```yaml -postgresql: - auth: - username: postgres - password: <same password> - postgresPassword: <same password> -``` - -And make sure to set `password` to the same value as `postgres-password` -in your `mastodon-postgresql` secret: -```kubectl edit secret mastodon-postgresql``` \ No newline at end of file +The Mastodon Helm chart is now maintained in https://github.com/mastodon/chart. diff --git a/chart/dev-values.yaml b/chart/dev-values.yaml deleted file mode 100644 index b3a963ea1..000000000 --- a/chart/dev-values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Chart values used for testing the Helm chart. -# -mastodon: - secrets: - secret_key_base: dummy-secret_key_base - otp_secret: dummy-otp_secret - vapid: - private_key: dummy-vapid-private_key - public_key: dummy-vapid-public_key - -# ref: https://github.com/bitnami/charts/tree/main/bitnami/redis#parameters -redis: - replica: - replicaCount: 1 - -# ref: https://github.com/bitnami/charts/tree/main/bitnami/elasticsearch#parameters -elasticsearch: - master: - replicaCount: 1 - data: - replicaCount: 1 - coordinating: - replicaCount: 1 - ingest: - replicaCount: 1 diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt deleted file mode 100644 index b09c40bec..000000000 --- a/chart/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mastodon.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mastodon.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mastodon.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mastodon.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl deleted file mode 100644 index 0e1804f91..000000000 --- a/chart/templates/_helpers.tpl +++ /dev/null @@ -1,150 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mastodon.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mastodon.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mastodon.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "mastodon.labels" -}} -helm.sh/chart: {{ include "mastodon.chart" . }} -{{ include "mastodon.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "mastodon.selectorLabels" -}} -app.kubernetes.io/name: {{ include "mastodon.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Rolling pod annotations -*/}} -{{- define "mastodon.rollingPodAnnotations" -}} -rollme: {{ .Release.Revision | quote }} -checksum/config-secrets: {{ include ( print $.Template.BasePath "/secrets.yaml" ) . | sha256sum | quote }} -checksum/config-configmap: {{ include ( print $.Template.BasePath "/configmap-env.yaml" ) . | sha256sum | quote }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "mastodon.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "mastodon.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create a default fully qualified name for dependent services. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "mastodon.elasticsearch.fullname" -}} -{{- printf "%s-%s" .Release.Name "elasticsearch" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "mastodon.redis.fullname" -}} -{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "mastodon.postgresql.fullname" -}} -{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Get the mastodon secret. -*/}} -{{- define "mastodon.secretName" -}} -{{- if .Values.mastodon.secrets.existingSecret }} - {{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the postgresql secret. -*/}} -{{- define "mastodon.postgresql.secretName" -}} -{{- if (and (or .Values.postgresql.enabled .Values.postgresql.postgresqlHostname) .Values.postgresql.auth.existingSecret) }} - {{- printf "%s" (tpl .Values.postgresql.auth.existingSecret $) -}} -{{- else if .Values.postgresql.enabled -}} - {{- printf "%s-postgresql" (tpl .Release.Name $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the redis secret. -*/}} -{{- define "mastodon.redis.secretName" -}} -{{- if .Values.redis.auth.existingSecret }} - {{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}} -{{- else if .Values.redis.existingSecret }} - {{- printf "%s" (tpl .Values.redis.existingSecret $) -}} -{{- else -}} - {{- printf "%s-redis" (tpl .Release.Name $) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a mastodon secret object should be created -*/}} -{{- define "mastodon.createSecret" -}} -{{- if (or - (and .Values.mastodon.s3.enabled (not .Values.mastodon.s3.existingSecret)) - (not .Values.mastodon.secrets.existingSecret ) - (and (not .Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret)) - ) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Find highest number of needed database connections to set DB_POOL variable -*/}} -{{- define "mastodon.maxDbPool" -}} -{{/* Default MAX_THREADS for Puma is 5 */}} -{{- $poolSize := 5 }} -{{- range .Values.mastodon.sidekiq.workers }} -{{- $poolSize = max $poolSize .concurrency }} -{{- end }} -{{- $poolSize | quote }} -{{- end }} diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml deleted file mode 100644 index 4d0195568..000000000 --- a/chart/templates/configmap-env.yaml +++ /dev/null @@ -1,319 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mastodon.fullname" . }}-env - labels: - {{- include "mastodon.labels" . | nindent 4 }} -data: - {{- if .Values.postgresql.enabled }} - DB_HOST: {{ template "mastodon.postgresql.fullname" . }} - DB_PORT: "5432" - {{- else }} - DB_HOST: {{ .Values.postgresql.postgresqlHostname }} - DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }} - {{- end }} - DB_NAME: {{ .Values.postgresql.auth.database }} - DB_POOL: {{ include "mastodon.maxDbPool" . }} - DB_USER: {{ .Values.postgresql.auth.username }} - DEFAULT_LOCALE: {{ .Values.mastodon.locale }} - {{- if .Values.elasticsearch.enabled }} - ES_ENABLED: "true" - ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl - ES_PORT: "9200" - {{- end }} - LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} - {{- with .Values.mastodon.web_domain }} - WEB_DOMAIN: {{ . }} - {{- end }} - {{- with .Values.mastodon.singleUserMode }} - SINGLE_USER_MODE: "true" - {{- end }} - {{- with .Values.mastodon.authorizedFetch }} - AUTHORIZED_FETCH: {{ . | quote }} - {{- end }} - # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior - MALLOC_ARENA_MAX: "2" - NODE_ENV: "production" - RAILS_ENV: "production" - REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master - REDIS_PORT: "6379" - {{- if .Values.mastodon.s3.enabled }} - S3_BUCKET: {{ .Values.mastodon.s3.bucket }} - S3_ENABLED: "true" - S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} - S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} - S3_PROTOCOL: "https" - {{- with .Values.mastodon.s3.region }} - S3_REGION: {{ . }} - {{- end }} - {{- with .Values.mastodon.s3.alias_host }} - S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}} - {{- end }} - {{- end }} - {{- with .Values.mastodon.smtp.auth_method }} - SMTP_AUTH_METHOD: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.ca_file }} - SMTP_CA_FILE: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.delivery_method }} - SMTP_DELIVERY_METHOD: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.domain }} - SMTP_DOMAIN: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.enable_starttls }} - SMTP_ENABLE_STARTTLS: {{ . | quote }} - {{- end }} - {{- with .Values.mastodon.smtp.enable_starttls_auto }} - SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }} - {{- end }} - {{- with .Values.mastodon.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.login }} - SMTP_LOGIN: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.openssl_verify_mode }} - SMTP_OPENSSL_VERIFY_MODE: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.password }} - SMTP_PASSWORD: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.port }} - SMTP_PORT: {{ . | quote }} - {{- end }} - {{- with .Values.mastodon.smtp.reply_to }} - SMTP_REPLY_TO: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.server }} - SMTP_SERVER: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.tls }} - SMTP_TLS: {{ . | quote }} - {{- end }} - STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} - {{- with .Values.mastodon.streaming.base_url }} - STREAMING_API_BASE_URL: {{ . | quote }} - {{- end }} - {{- if .Values.externalAuth.oidc.enabled }} - OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }} - OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }} - OIDC_ISSUER: {{ .Values.externalAuth.oidc.issuer }} - OIDC_DISCOVERY: {{ .Values.externalAuth.oidc.discovery | quote }} - OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }} - OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }} - OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }} - OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }} - OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }} - OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }} - {{- with .Values.externalAuth.oidc.client_auth_method }} - OIDC_CLIENT_AUTH_METHOD: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.response_type }} - OIDC_RESPONSE_TYPE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.response_mode }} - OIDC_RESPONSE_MODE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.display }} - OIDC_DISPLAY: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.prompt }} - OIDC_PROMPT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.send_nonce }} - OIDC_SEND_NONCE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }} - OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }} - OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.http_scheme }} - OIDC_HTTP_SCHEME: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.host }} - OIDC_HOST: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.port }} - OIDC_PORT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.jwks_uri }} - OIDC_JWKS_URI: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.auth_endpoint }} - OIDC_AUTH_ENDPOINT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.token_endpoint }} - OIDC_TOKEN_ENDPOINT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.user_info_endpoint }} - OIDC_USER_INFO_ENDPOINT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.end_session_endpoint }} - OIDC_END_SESSION_ENDPOINT: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.externalAuth.saml.enabled }} - SAML_ENABLED: {{ .Values.externalAuth.saml.enabled | quote }} - SAML_ACS_URL: {{ .Values.externalAuth.saml.acs_url }} - SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }} - SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }} - SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }} - {{- with .Values.externalAuth.saml.idp_cert_fingerprint }} - SAML_IDP_CERT_FINGERPRINT: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.name_identifier_format }} - SAML_NAME_IDENTIFIER_FORMAT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.saml.cert }} - SAML_CERT: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.private_key }} - SAML_PRIVATE_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.want_assertion_signed }} - SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.want_assertion_encrypted }} - SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.assume_email_is_verified }} - SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.uid_attribute }} - SAML_UID_ATTRIBUTE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.uid }} - SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.email }} - SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.full_name }} - SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.first_name }} - SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.last_name }} - SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.verified }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.verified_email }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.externalAuth.oauth_global.omniauth_only }} - OMNIAUTH_ONLY: {{ . | quote }} - {{- end }} - {{- if .Values.externalAuth.cas.enabled }} - CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }} - CAS_URL: {{ .Values.externalAuth.cas.url }} - CAS_HOST: {{ .Values.externalAuth.cas.host }} - CAS_PORT: {{ .Values.externalAuth.cas.port }} - CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }} - {{- with .Values.externalAuth.cas.validate_url }} - CAS_VALIDATE_URL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.callback_url }} - CAS_CALLBACK_URL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.logout_url }} - CAS_LOGOUT_URL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.login_url }} - CAS_LOGIN_URL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.uid_field }} - CAS_UID_FIELD: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.ca_path }} - CAS_CA_PATH: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.disable_ssl_verification }} - CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.assume_email_is_verified }} - CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.uid }} - CAS_UID_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.name }} - CAS_NAME_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.email }} - CAS_EMAIL_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.nickname }} - CAS_NICKNAME_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.first_name }} - CAS_FIRST_NAME_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.last_name }} - CAS_LAST_NAME_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.location }} - CAS_LOCATION_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.image }} - CAS_IMAGE_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.phone }} - CAS_PHONE_KEY: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.externalAuth.pam.enabled }} - PAM_ENABLED: {{ . | quote }} - {{- with .Values.externalAuth.pam.email_domain }} - PAM_EMAIL_DOMAIN: {{ . }} - {{- end }} - {{- with .Values.externalAuth.pam.default_service }} - PAM_DEFAULT_SERVICE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.pam.controlled_service }} - PAM_CONTROLLED_SERVICE: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.externalAuth.ldap.enabled }} - LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }} - LDAP_HOST: {{ .Values.externalAuth.ldap.host }} - LDAP_PORT: {{ .Values.externalAuth.ldap.port }} - LDAP_METHOD: {{ .Values.externalAuth.ldap.method }} - {{- with .Values.externalAuth.ldap.base }} - LDAP_BASE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.bind_on }} - LDAP_BIND_ON: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.password }} - LDAP_PASSWORD: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.uid }} - LDAP_UID: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.mail }} - LDAP_MAIL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.search_filter }} - LDAP_SEARCH_FILTER: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.uid_conversion.enabled }} - LDAP_UID_CONVERSION_ENABLED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.ldap.uid_conversion.search }} - LDAP_UID_CONVERSION_SEARCH: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.uid_conversion.replace }} - LDAP_UID_CONVERSION_REPLACE: {{ . }} - {{- end }} - {{- end }} - {{- with .Values.mastodon.metrics.statsd.address }} - STATSD_ADDR: {{ . }} - {{- end }} diff --git a/chart/templates/cronjob-media-remove.yaml b/chart/templates/cronjob-media-remove.yaml deleted file mode 100644 index 41f1feb82..000000000 --- a/chart/templates/cronjob-media-remove.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{ if .Values.mastodon.cron.removeMedia.enabled -}} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "mastodon.fullname" . }}-media-remove - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - schedule: {{ .Values.mastodon.cron.removeMedia.schedule }} - jobTemplate: - spec: - template: - metadata: - name: {{ include "mastodon.fullname" . }}-media-remove - {{- with .Values.jobAnnotations }} - annotations: - {{- toYaml . | nindent 12 }} - {{- end }} - spec: - restartPolicy: OnFailure - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname - {{- end }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system - {{- end }} - containers: - - name: {{ include "mastodon.fullname" . }}-media-remove - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bin/tootctl - - media - - remove - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} -{{- end }} diff --git a/chart/templates/deployment-sidekiq.yaml b/chart/templates/deployment-sidekiq.yaml deleted file mode 100644 index c7e0c5470..000000000 --- a/chart/templates/deployment-sidekiq.yaml +++ /dev/null @@ -1,132 +0,0 @@ -{{- $context := . }} -{{- range .Values.mastodon.sidekiq.workers }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }} - labels: - {{- include "mastodon.labels" $context | nindent 4 }} - app.kubernetes.io/component: sidekiq-{{ .name }} - app.kubernetes.io/part-of: rails -spec: - replicas: {{ .replicas }} - {{- if (has "scheduler" .queues) }} - strategy: - type: Recreate - {{- end }} - selector: - matchLabels: - {{- include "mastodon.selectorLabels" $context | nindent 6 }} - app.kubernetes.io/component: sidekiq-{{ .name }} - app.kubernetes.io/part-of: rails - template: - metadata: - annotations: - {{- with $context.Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - # roll the pods to pick up any db migrations or other changes - {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} - labels: - {{- include "mastodon.selectorLabels" $context | nindent 8 }} - app.kubernetes.io/component: sidekiq-{{ .name }} - app.kubernetes.io/part-of: rails - spec: - {{- with $context.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "mastodon.serviceAccountName" $context }} - {{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if (not $context.Values.mastodon.s3.enabled) }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" $context }}-assets - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" $context }}-system - {{- end }} - containers: - - name: {{ $context.Chart.Name }} - securityContext: - {{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }} - image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}" - imagePullPolicy: {{ $context.Values.image.pullPolicy }} - command: - - bundle - - exec - - sidekiq - - -c - - {{ .concurrency | quote }} - {{- range .queues }} - - -q - - {{ . | quote }} - {{- end }} - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" $context }}-env - - secretRef: - name: {{ template "mastodon.secretName" $context }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" $context }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" $context }} - key: redis-password - {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }} - - name: "AWS_SECRET_ACCESS_KEY" - valueFrom: - secretKeyRef: - name: {{ $context.Values.mastodon.s3.existingSecret }} - key: AWS_SECRET_ACCESS_KEY - - name: "AWS_ACCESS_KEY_ID" - valueFrom: - secretKeyRef: - name: {{ .Values.mastodon.s3.existingSecret }} - key: AWS_ACCESS_KEY_ID - {{- end }} - {{- if $context.Values.mastodon.smtp.existingSecret }} - - name: "SMTP_LOGIN" - valueFrom: - secretKeyRef: - name: {{ $context.Values.mastodon.smtp.existingSecret }} - key: login - optional: true - - name: "SMTP_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ $context.Values.mastodon.smtp.existingSecret }} - key: password - {{- end }} - {{- if (not $context.Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} - resources: - {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} - {{- with $context.Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $context.Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/chart/templates/deployment-streaming.yaml b/chart/templates/deployment-streaming.yaml deleted file mode 100644 index dd804044c..000000000 --- a/chart/templates/deployment-streaming.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "mastodon.fullname" . }}-streaming - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.mastodon.streaming.replicas }} - selector: - matchLabels: - {{- include "mastodon.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: streaming - template: - metadata: - annotations: - {{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }} - {{- toYaml . | nindent 8 }} - {{- end }} - # roll the pods to pick up any db migrations or other changes - {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} - labels: - {{- include "mastodon.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: streaming - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "mastodon.serviceAccountName" . }} - {{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-streaming - {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - node - - ./streaming - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - - name: "PORT" - value: {{ .Values.mastodon.streaming.port | quote }} - ports: - - name: streaming - containerPort: {{ .Values.mastodon.streaming.port }} - protocol: TCP - livenessProbe: - httpGet: - path: /api/v1/streaming/health - port: streaming - readinessProbe: - httpGet: - path: /api/v1/streaming/health - port: streaming - {{- with (default .Values.resources .Values.mastodon.streaming.resources) }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/chart/templates/deployment-web.yaml b/chart/templates/deployment-web.yaml deleted file mode 100644 index c1ec2327e..000000000 --- a/chart/templates/deployment-web.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "mastodon.fullname" . }}-web - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.mastodon.web.replicas }} - selector: - matchLabels: - {{- include "mastodon.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: rails - template: - metadata: - annotations: - {{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }} - {{- toYaml . | nindent 8 }} - {{- end }} - # roll the pods to pick up any db migrations or other changes - {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} - labels: - {{- include "mastodon.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: rails - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "mastodon.serviceAccountName" . }} - {{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system - {{- end }} - containers: - - name: {{ .Chart.Name }}-web - {{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bundle - - exec - - puma - - -C - - config/puma.rb - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} - - name: "AWS_SECRET_ACCESS_KEY" - valueFrom: - secretKeyRef: - name: {{ .Values.mastodon.s3.existingSecret }} - key: AWS_SECRET_ACCESS_KEY - - name: "AWS_ACCESS_KEY_ID" - valueFrom: - secretKeyRef: - name: {{ .Values.mastodon.s3.existingSecret }} - key: AWS_ACCESS_KEY_ID - {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} - ports: - - name: http - containerPort: {{ .Values.mastodon.web.port }} - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - httpGet: - path: /health - port: http - startupProbe: - httpGet: - path: /health - port: http - failureThreshold: 30 - periodSeconds: 5 - {{- with (default .Values.resources .Values.mastodon.web.resources) }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with (default .Values.affinity .Values.mastodon.web.affinity) }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml deleted file mode 100644 index e5c5e1dc6..000000000 --- a/chart/templates/ingress.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "mastodon.fullname" . -}} -{{- $webPort := .Values.mastodon.web.port -}} -{{- $streamingPort := .Values.mastodon.streaming.port -}} -{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "mastodon.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - backend: - {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} - service: - name: {{ $fullName }}-web - port: - number: {{ $webPort }} - {{- else }} - serviceName: {{ $fullName }}-web - servicePort: {{ $webPort }} - {{- end }} - {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} - pathType: Prefix - {{- end }} - - path: {{ .path }}api/v1/streaming/ - backend: - {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} - service: - name: {{ $fullName }}-streaming - port: - number: {{ $streamingPort }} - {{- else }} - serviceName: {{ $fullName }}-streaming - servicePort: {{ $streamingPort }} - {{- end }} - {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} - pathType: Exact - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/chart/templates/job-assets-precompile.yaml b/chart/templates/job-assets-precompile.yaml deleted file mode 100644 index bc5ff7bfb..000000000 --- a/chart/templates/job-assets-precompile.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "mastodon.fullname" . }}-assets-precompile - labels: - {{- include "mastodon.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-2" -spec: - template: - metadata: - name: {{ include "mastodon.fullname" . }}-assets-precompile - {{- with .Values.jobAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: Never - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname - {{- end }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system - {{- end }} - containers: - - name: {{ include "mastodon.fullname" . }}-assets-precompile - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - -c - - | - bundle exec rake assets:precompile && yarn cache clean - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} diff --git a/chart/templates/job-chewy-upgrade.yaml b/chart/templates/job-chewy-upgrade.yaml deleted file mode 100644 index f86a4e34f..000000000 --- a/chart/templates/job-chewy-upgrade.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if .Values.elasticsearch.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "mastodon.fullname" . }}-chewy-upgrade - labels: - {{- include "mastodon.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-1" -spec: - template: - metadata: - name: {{ include "mastodon.fullname" . }}-chewy-upgrade - {{- with .Values.jobAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: Never - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname - {{- end }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system - {{- end }} - containers: - - name: {{ include "mastodon.fullname" . }}-chewy-setup - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bundle - - exec - - rake - - chewy:upgrade - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} -{{- end }} diff --git a/chart/templates/job-create-admin.yaml b/chart/templates/job-create-admin.yaml deleted file mode 100644 index 3d137f5c7..000000000 --- a/chart/templates/job-create-admin.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.mastodon.createAdmin.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "mastodon.fullname" . }}-create-admin - labels: - {{- include "mastodon.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-1" -spec: - template: - metadata: - name: {{ include "mastodon.fullname" . }}-create-admin - {{- with .Values.jobAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: Never - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname - {{- end }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system - {{- end }} - containers: - - name: {{ include "mastodon.fullname" . }}-create-admin - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bin/tootctl - - accounts - - create - - {{ .Values.mastodon.createAdmin.username }} - - --email - - {{ .Values.mastodon.createAdmin.email }} - - --confirmed - - --role - - Owner - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} -{{- end }} diff --git a/chart/templates/job-db-migrate.yaml b/chart/templates/job-db-migrate.yaml deleted file mode 100644 index 41324fbd0..000000000 --- a/chart/templates/job-db-migrate.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "mastodon.fullname" . }}-db-migrate - labels: - {{- include "mastodon.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-2" -spec: - template: - metadata: - name: {{ include "mastodon.fullname" . }}-db-migrate - {{- with .Values.jobAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: Never - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname - {{- end }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system - {{- end }} - containers: - - name: {{ include "mastodon.fullname" . }}-db-migrate - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bundle - - exec - - rake - - db:migrate - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} diff --git a/chart/templates/pvc-assets.yaml b/chart/templates/pvc-assets.yaml deleted file mode 100644 index 36d555898..000000000 --- a/chart/templates/pvc-assets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if (not .Values.mastodon.s3.enabled) -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "mastodon.fullname" . }}-assets - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - accessModes: - - {{ .Values.mastodon.persistence.system.accessMode }} - {{- with .Values.mastodon.persistence.assets.resources }} - resources: - {{- toYaml . | nindent 4 }} - {{- end }} - storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }} -{{- end }} diff --git a/chart/templates/pvc-system.yaml b/chart/templates/pvc-system.yaml deleted file mode 100644 index 9865346ea..000000000 --- a/chart/templates/pvc-system.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if (not .Values.mastodon.s3.enabled) -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "mastodon.fullname" . }}-system - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - accessModes: - - {{ .Values.mastodon.persistence.system.accessMode }} - {{- with .Values.mastodon.persistence.system.resources }} - resources: - {{- toYaml . | nindent 4 }} - {{- end }} - storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }} -{{- end }} diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml deleted file mode 100644 index d1776ac59..000000000 --- a/chart/templates/secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if (include "mastodon.createSecret" .) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "mastodon.fullname" . }} - labels: - {{- include "mastodon.labels" . | nindent 4 }} -type: Opaque -data: - {{- if .Values.mastodon.s3.enabled }} - {{- if not .Values.mastodon.s3.existingSecret }} - AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}" - AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}" - {{- end }} - {{- end }} - {{- if not .Values.mastodon.secrets.existingSecret }} - {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} - SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" - {{- else }} - SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.otp_secret) }} - OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}" - {{- else }} - OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.vapid.private_key) }} - VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}" - {{- else }} - VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.vapid.public_key) }} - VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}" - {{- else }} - VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} - {{- end }} - {{- end }} - {{- if not .Values.postgresql.enabled }} - {{- if not .Values.postgresql.auth.existingSecret }} - password: "{{ .Values.postgresql.auth.password | b64enc }}" - {{- end }} - {{- end }} -{{- end }} diff --git a/chart/templates/service-streaming.yaml b/chart/templates/service-streaming.yaml deleted file mode 100644 index bade7b1e5..000000000 --- a/chart/templates/service-streaming.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mastodon.fullname" . }}-streaming - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.mastodon.streaming.port }} - targetPort: streaming - protocol: TCP - name: streaming - selector: - {{- include "mastodon.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: streaming diff --git a/chart/templates/service-web.yaml b/chart/templates/service-web.yaml deleted file mode 100644 index acf1233dc..000000000 --- a/chart/templates/service-web.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mastodon.fullname" . }}-web - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.mastodon.web.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "mastodon.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: web diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml deleted file mode 100644 index b2f3d87c5..000000000 --- a/chart/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mastodon.serviceAccountName" . }} - labels: - {{- include "mastodon.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/chart/templates/tests/test-connection.yaml b/chart/templates/tests/test-connection.yaml deleted file mode 100644 index 185c037ab..000000000 --- a/chart/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "mastodon.fullname" . }}-test-connection" - labels: - {{- include "mastodon.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/chart/values.yaml b/chart/values.yaml deleted file mode 100644 index fabfeee7a..000000000 --- a/chart/values.yaml +++ /dev/null @@ -1,419 +0,0 @@ -image: - repository: tootsuite/mastodon - # https://hub.docker.com/r/tootsuite/mastodon/tags - # - # alternatively, use `latest` for the latest release or `edge` for the image - # built from the most recent commit - # - # tag: latest - tag: "" - # use `Always` when using `latest` tag - pullPolicy: IfNotPresent - -mastodon: - # -- create an initial administrator user; the password is autogenerated and will - # have to be reset - createAdmin: - # @ignored - enabled: false - # @ignored - username: not_gargron - # @ignored - email: not@example.com - cron: - # -- run `tootctl media remove` every week - removeMedia: - # @ignored - enabled: true - # @ignored - schedule: "0 0 * * 0" - # -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71 - locale: en - local_domain: mastodon.local - # -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation - # You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described - # Example: mastodon.example.com - web_domain: null - # -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled. - singleUserMode: false - # -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch - authorizedFetch: false - persistence: - assets: - # -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits - # scalability, since it requires the Rails and Sidekiq pods to run on the - # same node. - accessMode: ReadWriteOnce - resources: - requests: - storage: 10Gi - system: - accessMode: ReadWriteOnce - resources: - requests: - storage: 100Gi - s3: - enabled: false - access_key: "" - access_secret: "" - # -- you can also specify the name of an existing Secret - # with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY - existingSecret: "" - bucket: "" - endpoint: "" - hostname: "" - region: "" - # -- If you have a caching proxy, enter its base URL here. - alias_host: "" - # these must be set manually; autogenerated keys are rotated on each upgrade - secrets: - secret_key_base: "" - otp_secret: "" - vapid: - private_key: "" - public_key: "" - # -- you can also specify the name of an existing Secret - # with keys SECRET_KEY_BASE and OTP_SECRET and - # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY - existingSecret: "" - sidekiq: - # -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext - podSecurityContext: {} - # -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext - securityContext: {} - # -- Resources for all Sidekiq Deployments unless overwritten - resources: {} - # -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity - affinity: {} - # limits: - # cpu: "1" - # memory: 768Mi - # requests: - # cpu: 250m - # memory: 512Mi - workers: - - name: all-queues - # -- Number of threads / parallel sidekiq jobs that are executed per Pod - concurrency: 25 - # -- Number of Pod replicas deployed by the Deployment - replicas: 1 - # -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources - resources: {} - # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity - affinity: {} - # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency - # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument - queues: - - default - - push - - mailers - - pull - - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. - #- name: push-pull - # concurrency: 50 - # resources: {} - # replicas: 2 - # queues: - # - push - # - pull - #- name: mailers - # concurrency: 25 - # replicas: 2 - # queues: - # - mailers - #- name: default - # concurrency: 25 - # replicas: 2 - # queues: - # - default - smtp: - auth_method: plain - ca_file: /etc/ssl/certs/ca-certificates.crt - delivery_method: smtp - domain: - enable_starttls: 'auto' - from_address: notifications@example.com - openssl_verify_mode: peer - port: 587 - reply_to: - server: smtp.mailgun.org - tls: false - login: - password: - # -- you can also specify the name of an existing Secret - # with the keys login and password - existingSecret: - streaming: - port: 4000 - # -- this should be set manually since os.cpus() returns the number of CPUs on - # the node running the pod, which is unrelated to the resources allocated to - # the pod by k8s - workers: 1 - # -- The base url for streaming can be set if the streaming API is deployed to - # a different domain/subdomain. - base_url: null - # -- Number of Streaming Pods running - replicas: 1 - # -- Affinity for Streaming Pods, overwrites .Values.affinity - affinity: {} - # -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext - podSecurityContext: {} - # -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext - securityContext: {} - # -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources - resources: {} - # limits: - # cpu: "500m" - # memory: 512Mi - # requests: - # cpu: 250m - # memory: 128Mi - web: - port: 3000 - # -- Number of Web Pods running - replicas: 1 - # -- Affinity for Web Pods, overwrites .Values.affinity - affinity: {} - # -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext - podSecurityContext: {} - # -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext - securityContext: {} - # -- (Web Container) Resources for Web Pods, overwrites .Values.resources - resources: {} - # limits: - # cpu: "1" - # memory: 1280Mi - # requests: - # cpu: 250m - # memory: 768Mi - - metrics: - statsd: - # -- Enable statsd publishing via STATSD_ADDR environment variable - address: "" - -ingress: - enabled: true - annotations: - # For choosing an ingress ingressClassName is preferred over annotations - # kubernetes.io/ingress.class: nginx - # - # To automatically request TLS certificates use one of the following - # kubernetes.io/tls-acme: "true" - # cert-manager.io/cluster-issuer: "letsencrypt" - # - # ensure that NGINX's upload size matches Mastodon's - # for the K8s ingress controller: - # nginx.ingress.kubernetes.io/proxy-body-size: 40m - # for the NGINX ingress controller: - # nginx.org/client-max-body-size: 40m - # -- you can specify the ingressClassName if it differs from the default - ingressClassName: - hosts: - - host: mastodon.local - paths: - - path: '/' - tls: - - secretName: mastodon-tls - hosts: - - mastodon.local - -# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters -elasticsearch: - # `false` will disable full-text search - # - # if you enable ES after the initial install, you will need to manually run - # RAILS_ENV=production bundle exec rake chewy:sync - # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) - # @ignored - enabled: true - # @ignored - image: - tag: 7 - -# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters -postgresql: - # -- disable if you want to use an existing db; in which case the values below - # must match those of that external postgres instance - enabled: true - # postgresqlHostname: preexisting-postgresql - # postgresqlPort: 5432 - auth: - database: mastodon_production - username: mastodon - # you must set a password; the password generated by the postgresql chart will - # be rotated on each upgrade: - # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade - password: "" - # Set the password for the "postgres" admin user - # set this to the same value as above if you've previously installed - # this chart and you're having problems getting mastodon to connect to the DB - # postgresPassword: "" - # you can also specify the name of an existing Secret - # with a key of password set to the password you want - existingSecret: "" - -# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters -redis: - # -- you must set a password; the password generated by the redis chart will be - # rotated on each upgrade: - password: "" - # you can also specify the name of an existing Secret - # with a key of redis-password set to the password you want - # auth: - # existingSecret: "" - -# @ignored -service: - type: ClusterIP - port: 80 - -externalAuth: - oidc: - # -- OpenID Connect support is proposed in PR #16221 and awaiting merge. - enabled: false - # display_name: "example-label" - # issuer: https://login.example.space/auth/realms/example-space - # discovery: true - # scope: "openid,profile" - # uid_field: uid - # client_id: mastodon - # client_secret: SECRETKEY - # redirect_uri: https://example.com/auth/auth/openid_connect/callback - # assume_email_is_verified: true - # client_auth_method: - # response_type: - # response_mode: - # display: - # prompt: - # send_nonce: - # send_scope_to_token_endpoint: - # idp_logout_redirect_uri: - # http_scheme: - # host: - # port: - # jwks_uri: - # auth_endpoint: - # token_endpoint: - # user_info_endpoint: - # end_session_endpoint: - saml: - enabled: false - # acs_url: http://mastodon.example.com/auth/auth/saml/callback - # issuer: mastodon - # idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml - # idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----' - # idp_cert_fingerprint: - # name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - # cert: - # private_key: - # want_assertion_signed: true - # want_assertion_encrypted: true - # assume_email_is_verified: true - # uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1" - # attributes_statements: - # uid: "urn:oid:0.9.2342.19200300.100.1.1" - # email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" - # full_name: "urn:oid:2.16.840.1.113730.3.1.241" - # first_name: "urn:oid:2.5.4.42" - # last_name: "urn:oid:2.5.4.4" - # verified: - # verified_email: - oauth_global: - # -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In - omniauth_only: false - cas: - enabled: false - # url: https://sso.myserver.com - # host: sso.myserver.com - # port: 443 - # ssl: true - # validate_url: - # callback_url: - # logout_url: - # login_url: - # uid_field: 'user' - # ca_path: - # disable_ssl_verification: false - # assume_email_is_verified: true - # keys: - # uid: 'user' - # name: 'name' - # email: 'email' - # nickname: 'nickname' - # first_name: 'firstname' - # last_name: 'lastname' - # location: 'location' - # image: 'image' - # phone: 'phone' - pam: - enabled: false - # email_domain: example.com - # default_service: rpam - # controlled_service: rpam - ldap: - enabled: false - # host: myservice.namespace.svc - # port: 389 - # method: simple_tls - # base: - # bind_on: - # password: - # uid: cn - # mail: mail - # search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))" - # uid_conversion: - # enabled: true - # search: "., -" - # replace: _ - -# -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75 -# -# if you manually change the UID/GID environment variables, ensure these values -# match: -podSecurityContext: - runAsUser: 991 - runAsGroup: 991 - fsGroup: 991 - -# @ignored -securityContext: {} - -serviceAccount: - # -- Specifies whether a service account should be created - create: true - # -- Annotations to add to the service account - annotations: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might -# need to apply different annotations to the two different sets of pods. The annotations -# set with podAnnotations will be added to all deployment-managed pods. -podAnnotations: {} - -# -- The annotations set with jobAnnotations will be added to all job pods. -jobAnnotations: {} - -# -- Default resources for all Deployments and jobs unless overwritten -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# @ignored -nodeSelector: {} - -# @ignored -tolerations: [] - -# -- Affinity for all pods unless overwritten -affinity: {} |