diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-11-28 14:17:00 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-28 14:17:00 +0100 |
| commit | 1a7aa37b60769a10077c585fa76ec848b6866d9a (patch) | |
| tree | 9ea5aa74454bee29bf7be75c516e269fae296440 /chart/templates | |
| parent | 6517b7b9f02f8590a8f9c5aa04e3ef9efeb4e757 (diff) | |
| parent | f51990bd62f434f377b5bbcbaa0ea205a87af403 (diff) | |
Merge pull request #1976 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'chart/templates')
| -rw-r--r-- | chart/templates/_helpers.tpl | 12 | ||||
| -rw-r--r-- | chart/templates/configmap-env.yaml | 325 | ||||
| -rw-r--r-- | chart/templates/deployment-sidekiq.yaml | 94 | ||||
| -rw-r--r-- | chart/templates/deployment-streaming.yaml | 16 | ||||
| -rw-r--r-- | chart/templates/deployment-web.yaml | 16 | ||||
| -rw-r--r-- | chart/templates/hpa.yaml | 28 | ||||
| -rw-r--r-- | chart/templates/job-create-admin.yaml | 2 | ||||
| -rw-r--r-- | chart/templates/tests/test-connection.yaml | 2 |
8 files changed, 240 insertions, 255 deletions
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 207780b34..0e1804f91 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -136,3 +136,15 @@ Return true if a mastodon secret object should be created {{- true -}} {{- end -}} {{- end -}} + +{{/* +Find highest number of needed database connections to set DB_POOL variable +*/}} +{{- define "mastodon.maxDbPool" -}} +{{/* Default MAX_THREADS for Puma is 5 */}} +{{- $poolSize := 5 }} +{{- range .Values.mastodon.sidekiq.workers }} +{{- $poolSize = max $poolSize .concurrency }} +{{- end }} +{{- $poolSize | quote }} +{{- end }} diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml index 5d0b96db8..4d0195568 100644 --- a/chart/templates/configmap-env.yaml +++ b/chart/templates/configmap-env.yaml @@ -13,7 +13,7 @@ data: DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }} {{- end }} DB_NAME: {{ .Values.postgresql.auth.database }} - DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} + DB_POOL: {{ include "mastodon.maxDbPool" . }} DB_USER: {{ .Values.postgresql.auth.username }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} @@ -22,12 +22,15 @@ data: ES_PORT: "9200" {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} - {{- if .Values.mastodon.web_domain }} - WEB_DOMAIN: {{ .Values.mastodon.web_domain }} + {{- with .Values.mastodon.web_domain }} + WEB_DOMAIN: {{ . }} {{- end }} - {{- if .Values.mastodon.singleUserMode }} + {{- with .Values.mastodon.singleUserMode }} SINGLE_USER_MODE: "true" {{- end }} + {{- with .Values.mastodon.authorizedFetch }} + AUTHORIZED_FETCH: {{ . | quote }} + {{- end }} # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior MALLOC_ARENA_MAX: "2" NODE_ENV: "production" @@ -40,58 +43,58 @@ data: S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} S3_PROTOCOL: "https" - {{- if .Values.mastodon.s3.region }} - S3_REGION: {{ .Values.mastodon.s3.region }} + {{- with .Values.mastodon.s3.region }} + S3_REGION: {{ . }} {{- end }} - {{- if .Values.mastodon.s3.alias_host }} + {{- with .Values.mastodon.s3.alias_host }} S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}} {{- end }} {{- end }} - {{- if .Values.mastodon.smtp.auth_method }} - SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} + {{- with .Values.mastodon.smtp.auth_method }} + SMTP_AUTH_METHOD: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.ca_file }} - SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }} + {{- with .Values.mastodon.smtp.ca_file }} + SMTP_CA_FILE: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.delivery_method }} - SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }} + {{- with .Values.mastodon.smtp.delivery_method }} + SMTP_DELIVERY_METHOD: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.domain }} - SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }} + {{- with .Values.mastodon.smtp.domain }} + SMTP_DOMAIN: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.enable_starttls }} - SMTP_ENABLE_STARTTLS: {{ .Values.mastodon.smtp.enable_starttls | quote }} + {{- with .Values.mastodon.smtp.enable_starttls }} + SMTP_ENABLE_STARTTLS: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.enable_starttls_auto }} - SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }} + {{- with .Values.mastodon.smtp.enable_starttls_auto }} + SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }} + {{- with .Values.mastodon.smtp.from_address }} + SMTP_FROM_ADDRESS: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.login }} - SMTP_LOGIN: {{ .Values.mastodon.smtp.login }} + {{- with .Values.mastodon.smtp.login }} + SMTP_LOGIN: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.openssl_verify_mode }} - SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }} + {{- with .Values.mastodon.smtp.openssl_verify_mode }} + SMTP_OPENSSL_VERIFY_MODE: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.password }} - SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }} + {{- with .Values.mastodon.smtp.password }} + SMTP_PASSWORD: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.port }} - SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }} + {{- with .Values.mastodon.smtp.port }} + SMTP_PORT: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.reply_to }} - SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }} + {{- with .Values.mastodon.smtp.reply_to }} + SMTP_REPLY_TO: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.server }} - SMTP_SERVER: {{ .Values.mastodon.smtp.server }} + {{- with .Values.mastodon.smtp.server }} + SMTP_SERVER: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.tls }} - SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }} + {{- with .Values.mastodon.smtp.tls }} + SMTP_TLS: {{ . | quote }} {{- end }} STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} - {{- if .Values.mastodon.streaming.base_url }} - STREAMING_API_BASE_URL: {{ .Values.mastodon.streaming.base_url | quote }} + {{- with .Values.mastodon.streaming.base_url }} + STREAMING_API_BASE_URL: {{ . | quote }} {{- end }} {{- if .Values.externalAuth.oidc.enabled }} OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }} @@ -104,53 +107,53 @@ data: OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }} OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }} OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }} - {{- if .Values.externalAuth.oidc.client_auth_method }} - OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }} + {{- with .Values.externalAuth.oidc.client_auth_method }} + OIDC_CLIENT_AUTH_METHOD: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.response_type }} - OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }} + {{- with .Values.externalAuth.oidc.response_type }} + OIDC_RESPONSE_TYPE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.response_mode }} - OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }} + {{- with .Values.externalAuth.oidc.response_mode }} + OIDC_RESPONSE_MODE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.display }} - OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }} + {{- with .Values.externalAuth.oidc.display }} + OIDC_DISPLAY: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.prompt }} - OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }} + {{- with .Values.externalAuth.oidc.prompt }} + OIDC_PROMPT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.send_nonce }} - OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }} + {{- with .Values.externalAuth.oidc.send_nonce }} + OIDC_SEND_NONCE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }} - OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }} + {{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }} + OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }} - OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }} + {{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }} + OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.http_scheme }} - OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }} + {{- with .Values.externalAuth.oidc.http_scheme }} + OIDC_HTTP_SCHEME: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.host }} - OIDC_HOST: {{ .Values.externalAuth.oidc.host }} + {{- with .Values.externalAuth.oidc.host }} + OIDC_HOST: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.port }} - OIDC_PORT: {{ .Values.externalAuth.oidc.port }} + {{- with .Values.externalAuth.oidc.port }} + OIDC_PORT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.jwks_uri }} - OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }} + {{- with .Values.externalAuth.oidc.jwks_uri }} + OIDC_JWKS_URI: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.auth_endpoint }} - OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }} + {{- with .Values.externalAuth.oidc.auth_endpoint }} + OIDC_AUTH_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.token_endpoint }} - OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }} + {{- with .Values.externalAuth.oidc.token_endpoint }} + OIDC_TOKEN_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.user_info_endpoint }} - OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }} + {{- with .Values.externalAuth.oidc.user_info_endpoint }} + OIDC_USER_INFO_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.end_session_endpoint }} - OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }} + {{- with .Values.externalAuth.oidc.end_session_endpoint }} + OIDC_END_SESSION_ENDPOINT: {{ . }} {{- end }} {{- end }} {{- if .Values.externalAuth.saml.enabled }} @@ -159,54 +162,54 @@ data: SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }} SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }} SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }} - {{- if .Values.externalAuth.saml.idp_cert_fingerprint }} - SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }} + {{- with .Values.externalAuth.saml.idp_cert_fingerprint }} + SAML_IDP_CERT_FINGERPRINT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.name_identifier_format }} - SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }} + {{- with .Values.externalAuth.saml.name_identifier_format }} + SAML_NAME_IDENTIFIER_FORMAT: {{ . }} {{- end }} - {{- if .Values.externalAuth.saml.cert }} - SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }} + {{- with .Values.externalAuth.saml.cert }} + SAML_CERT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.private_key }} - SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }} + {{- with .Values.externalAuth.saml.private_key }} + SAML_PRIVATE_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.want_assertion_signed }} - SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }} + {{- with .Values.externalAuth.saml.want_assertion_signed }} + SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.want_assertion_encrypted }} - SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }} + {{- with .Values.externalAuth.saml.want_assertion_encrypted }} + SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.assume_email_is_verified }} - SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }} + {{- with .Values.externalAuth.saml.assume_email_is_verified }} + SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.uid_attribute }} - SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }} + {{- with .Values.externalAuth.saml.uid_attribute }} + SAML_UID_ATTRIBUTE: {{ . }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.uid }} - SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.uid }} + SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.email }} - SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.email }} + SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.full_name }} - SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.full_name }} + SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.first_name }} - SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.first_name }} + SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.last_name }} - SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.last_name }} + SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.verified }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.verified }} + SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.verified_email }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.verified_email }} + SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }} {{- end }} {{- end }} - {{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }} - OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }} + {{- with .Values.externalAuth.oauth_global.omniauth_only }} + OMNIAUTH_ONLY: {{ . | quote }} {{- end }} {{- if .Values.externalAuth.cas.enabled }} CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }} @@ -214,68 +217,68 @@ data: CAS_HOST: {{ .Values.externalAuth.cas.host }} CAS_PORT: {{ .Values.externalAuth.cas.port }} CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }} - {{- if .Values.externalAuth.cas.validate_url }} - CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }} + {{- with .Values.externalAuth.cas.validate_url }} + CAS_VALIDATE_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.callback_url }} - CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }} + {{- with .Values.externalAuth.cas.callback_url }} + CAS_CALLBACK_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.logout_url }} - CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }} + {{- with .Values.externalAuth.cas.logout_url }} + CAS_LOGOUT_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.login_url }} - CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }} + {{- with .Values.externalAuth.cas.login_url }} + CAS_LOGIN_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.uid_field }} - CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }} + {{- with .Values.externalAuth.cas.uid_field }} + CAS_UID_FIELD: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.ca_path }} - CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }} + {{- with .Values.externalAuth.cas.ca_path }} + CAS_CA_PATH: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.disable_ssl_verification }} - CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }} + {{- with .Values.externalAuth.cas.disable_ssl_verification }} + CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.assume_email_is_verified }} - CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }} + {{- with .Values.externalAuth.cas.assume_email_is_verified }} + CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.uid }} - CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }} + {{- with .Values.externalAuth.cas.keys.uid }} + CAS_UID_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.name }} - CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }} + {{- with .Values.externalAuth.cas.keys.name }} + CAS_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.email }} - CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }} + {{- with .Values.externalAuth.cas.keys.email }} + CAS_EMAIL_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.nickname }} - CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }} + {{- with .Values.externalAuth.cas.keys.nickname }} + CAS_NICKNAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.first_name }} - CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }} + {{- with .Values.externalAuth.cas.keys.first_name }} + CAS_FIRST_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.last_name }} - CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }} + {{- with .Values.externalAuth.cas.keys.last_name }} + CAS_LAST_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.location }} - CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }} + {{- with .Values.externalAuth.cas.keys.location }} + CAS_LOCATION_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.image }} - CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }} + {{- with .Values.externalAuth.cas.keys.image }} + CAS_IMAGE_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.phone }} - CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }} + {{- with .Values.externalAuth.cas.keys.phone }} + CAS_PHONE_KEY: {{ . | quote }} {{- end }} {{- end }} - {{- if .Values.externalAuth.pam.enabled }} - PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }} - {{- if .Values.externalAuth.pam.email_domain }} - PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }} + {{- with .Values.externalAuth.pam.enabled }} + PAM_ENABLED: {{ . | quote }} + {{- with .Values.externalAuth.pam.email_domain }} + PAM_EMAIL_DOMAIN: {{ . }} {{- end }} - {{- if .Values.externalAuth.pam.default_service }} - PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }} + {{- with .Values.externalAuth.pam.default_service }} + PAM_DEFAULT_SERVICE: {{ . }} {{- end }} - {{- if .Values.externalAuth.pam.controlled_service }} - PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }} + {{- with .Values.externalAuth.pam.controlled_service }} + PAM_CONTROLLED_SERVICE: {{ . }} {{- end }} {{- end }} {{- if .Values.externalAuth.ldap.enabled }} @@ -283,32 +286,32 @@ data: LDAP_HOST: {{ .Values.externalAuth.ldap.host }} LDAP_PORT: {{ .Values.externalAuth.ldap.port }} LDAP_METHOD: {{ .Values.externalAuth.ldap.method }} - {{- if .Values.externalAuth.ldap.base }} - LDAP_BASE: {{ .Values.externalAuth.ldap.base }} + {{- with .Values.externalAuth.ldap.base }} + LDAP_BASE: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.bind_on }} - LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }} + {{- with .Values.externalAuth.ldap.bind_on }} + LDAP_BIND_ON: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.password }} - LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }} + {{- with .Values.externalAuth.ldap.password }} + LDAP_PASSWORD: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid }} - LDAP_UID: {{ .Values.externalAuth.ldap.uid }} + {{- with .Values.externalAuth.ldap.uid }} + LDAP_UID: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.mail }} - LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }} + {{- with .Values.externalAuth.ldap.mail }} + LDAP_MAIL: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.search_filter }} - LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }} + {{- with .Values.externalAuth.ldap.search_filter }} + LDAP_SEARCH_FILTER: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.enabled }} - LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }} + {{- with .Values.externalAuth.ldap.uid_conversion.enabled }} + LDAP_UID_CONVERSION_ENABLED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.search }} - LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }} + {{- with .Values.externalAuth.ldap.uid_conversion.search }} + LDAP_UID_CONVERSION_SEARCH: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.replace }} - LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }} + {{- with .Values.externalAuth.ldap.uid_conversion.replace }} + LDAP_UID_CONVERSION_REPLACE: {{ . }} {{- end }} {{- end }} {{- with .Values.mastodon.metrics.statsd.address }} diff --git a/chart/templates/deployment-sidekiq.yaml b/chart/templates/deployment-sidekiq.yaml index 94af99b11..c7e0c5470 100644 --- a/chart/templates/deployment-sidekiq.yaml +++ b/chart/templates/deployment-sidekiq.yaml @@ -1,96 +1,97 @@ +{{- $context := . }} +{{- range .Values.mastodon.sidekiq.workers }} +--- apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "mastodon.fullname" . }}-sidekiq + name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }} labels: - {{- include "mastodon.labels" . | nindent 4 }} + {{- include "mastodon.labels" $context | nindent 4 }} + app.kubernetes.io/component: sidekiq-{{ .name }} + app.kubernetes.io/part-of: rails spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} + replicas: {{ .replicas }} + {{- if (has "scheduler" .queues) }} + strategy: + type: Recreate {{- end }} selector: matchLabels: - {{- include "mastodon.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: sidekiq + {{- include "mastodon.selectorLabels" $context | nindent 6 }} + app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails template: metadata: annotations: - {{- with .Values.podAnnotations }} + {{- with $context.Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} # roll the pods to pick up any db migrations or other changes - {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} + {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} labels: - {{- include "mastodon.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: sidekiq + {{- include "mastodon.selectorLabels" $context | nindent 8 }} + app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails spec: - {{- with .Values.imagePullSecrets }} + {{- with $context.Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "mastodon.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} + serviceAccountName: {{ include "mastodon.serviceAccountName" $context }} + {{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} + {{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }} affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname + {{- toYaml . | nindent 8 }} {{- end }} + {{- if (not $context.Values.mastodon.s3.enabled) }} volumes: - name: assets persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets + claimName: {{ template "mastodon.fullname" $context }}-assets - name: system persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system + claimName: {{ template "mastodon.fullname" $context }}-system {{- end }} containers: - - name: {{ .Chart.Name }} + - name: {{ $context.Chart.Name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }} + image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}" + imagePullPolicy: {{ $context.Values.image.pullPolicy }} command: - bundle - exec - sidekiq - -c - - {{ .Values.mastodon.sidekiq.concurrency | quote }} + - {{ .concurrency | quote }} + {{- range .queues }} + - -q + - {{ . | quote }} + {{- end }} envFrom: - configMapRef: - name: {{ include "mastodon.fullname" . }}-env + name: {{ include "mastodon.fullname" $context }}-env - secretRef: - name: {{ template "mastodon.secretName" . }} + name: {{ template "mastodon.secretName" $context }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} + name: {{ template "mastodon.postgresql.secretName" $context }} key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} + name: {{ template "mastodon.redis.secretName" $context }} key: redis-password - {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} + {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }} - name: "AWS_SECRET_ACCESS_KEY" valueFrom: secretKeyRef: - name: {{ .Values.mastodon.s3.existingSecret }} + name: {{ $context.Values.mastodon.s3.existingSecret }} key: AWS_SECRET_ACCESS_KEY - name: "AWS_ACCESS_KEY_ID" valueFrom: @@ -98,20 +99,20 @@ spec: name: {{ .Values.mastodon.s3.existingSecret }} key: AWS_ACCESS_KEY_ID {{- end }} - {{- if .Values.mastodon.smtp.existingSecret }} + {{- if $context.Values.mastodon.smtp.existingSecret }} - name: "SMTP_LOGIN" valueFrom: secretKeyRef: - name: {{ .Values.mastodon.smtp.existingSecret }} + name: {{ $context.Values.mastodon.smtp.existingSecret }} key: login optional: true - name: "SMTP_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Values.mastodon.smtp.existingSecret }} + name: {{ $context.Values.mastodon.smtp.existingSecret }} key: password {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} + {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets @@ -119,12 +120,13 @@ spec: mountPath: /opt/mastodon/public/system {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} + {{- with $context.Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $context.Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/chart/templates/deployment-streaming.yaml b/chart/templates/deployment-streaming.yaml index 5d565765e..dd804044c 100644 --- a/chart/templates/deployment-streaming.yaml +++ b/chart/templates/deployment-streaming.yaml @@ -5,9 +5,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} + replicas: {{ .Values.mastodon.streaming.replicas }} selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} @@ -15,7 +13,7 @@ spec: template: metadata: annotations: - {{- with .Values.podAnnotations }} + {{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }} {{- toYaml . | nindent 8 }} {{- end }} # roll the pods to pick up any db migrations or other changes @@ -29,13 +27,13 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} + {{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} containers: - - name: {{ .Chart.Name }} - {{- with .Values.securityContext }} + - name: {{ .Chart.Name }}-streaming + {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} @@ -72,7 +70,7 @@ spec: httpGet: path: /api/v1/streaming/health port: streaming - {{- with .Values.resources }} + {{- with (default .Values.resources .Values.mastodon.streaming.resources) }} resources: {{- toYaml . | nindent 12 }} {{- end }} @@ -80,7 +78,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/chart/templates/deployment-web.yaml b/chart/templates/deployment-web.yaml index ec67481bf..c1ec2327e 100644 --- a/chart/templates/deployment-web.yaml +++ b/chart/templates/deployment-web.yaml @@ -5,9 +5,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} + replicas: {{ .Values.mastodon.web.replicas }} selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} @@ -16,7 +14,7 @@ spec: template: metadata: annotations: - {{- with .Values.podAnnotations }} + {{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }} {{- toYaml . | nindent 8 }} {{- end }} # roll the pods to pick up any db migrations or other changes @@ -31,7 +29,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} + {{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} @@ -45,8 +43,8 @@ spec: claimName: {{ template "mastodon.fullname" . }}-system {{- end }} containers: - - name: {{ .Chart.Name }} - {{- with .Values.securityContext }} + - name: {{ .Chart.Name }}-web + {{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} @@ -112,7 +110,7 @@ spec: port: http failureThreshold: 30 periodSeconds: 5 - {{- with .Values.resources }} + {{- with (default .Values.resources .Values.mastodon.web.resources) }} resources: {{- toYaml . | nindent 12 }} {{- end }} @@ -120,7 +118,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.mastodon.web.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/chart/templates/hpa.yaml b/chart/templates/hpa.yaml deleted file mode 100644 index b23b2cb16..000000000 --- a/chart/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "mastodon.fullname" . }} - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "mastodon.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/chart/templates/job-create-admin.yaml b/chart/templates/job-create-admin.yaml index f28cdab41..3d137f5c7 100644 --- a/chart/templates/job-create-admin.yaml +++ b/chart/templates/job-create-admin.yaml @@ -55,7 +55,7 @@ spec: - {{ .Values.mastodon.createAdmin.email }} - --confirmed - --role - - admin + - Owner envFrom: - configMapRef: name: {{ include "mastodon.fullname" . }}-env diff --git a/chart/templates/tests/test-connection.yaml b/chart/templates/tests/test-connection.yaml index 09d981691..185c037ab 100644 --- a/chart/templates/tests/test-connection.yaml +++ b/chart/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "mastodon.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}'] restartPolicy: Never |