about summary refs log tree commit diff
path: root/chart/values.yaml
diff options
context:
space:
mode:
authorClaire <claire.github-309c@sitedethib.com>2022-08-15 16:35:15 +0200
committerGitHub <noreply@github.com>2022-08-15 16:35:15 +0200
commitaba0032f540407d88144ac637a59fce69625546f (patch)
tree4ce630b36a8b36c51b1224d87b97e198e63c2edf /chart/values.yaml
parent3f15326a05a926e9f001800a48ac2addbd3aa833 (diff)
parent41fa50ac8655e0c15cf5e93fa14f9ce847aec88f (diff)
Merge pull request #1825 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'chart/values.yaml')
-rw-r--r--chart/values.yaml100
1 files changed, 59 insertions, 41 deletions
diff --git a/chart/values.yaml b/chart/values.yaml
index 2cfa3484b..bd723567f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -48,6 +48,9 @@ mastodon:
     enabled: false
     access_key: ""
     access_secret: ""
+    # you can also specify the name of an existing Secret
+    # with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
+    existingSecret: ""
     bucket: ""
     endpoint: https://us-east-1.linodeobjects.com
     hostname: us-east-1.linodeobjects.com
@@ -61,6 +64,10 @@ mastodon:
     vapid:
       private_key: ""
       public_key: ""
+    # you can also specify the name of an existing Secret
+    # with keys SECRET_KEY_BASE and OTP_SECRET and
+    # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
+    existingSecret: ""
   sidekiq:
     concurrency: 25
   smtp:
@@ -70,13 +77,16 @@ mastodon:
     domain:
     enable_starttls_auto: true
     from_address: notifications@example.com
-    login:
     openssl_verify_mode: peer
-    password:
     port: 587
     reply_to:
     server: smtp.mailgun.org
     tls: false
+    login:
+    password:
+    # you can also specify the name of an existing Secret
+    # with the keys login and password
+    existingSecret:
   streaming:
     port: 4000
     # this should be set manually since os.cpus() returns the number of CPUs on
@@ -127,18 +137,26 @@ postgresql:
   # must match those of that external postgres instance
   enabled: true
   # postgresqlHostname: preexisting-postgresql
-  postgresqlDatabase: mastodon_production
-  # you must set a password; the password generated by the postgresql chart will
-  # be rotated on each upgrade:
-  # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
-  postgresqlPassword: ""
-  postgresqlUsername: postgres
+  auth:
+    database: mastodon_production
+    username: postgres
+    # you must set a password; the password generated by the postgresql chart will
+    # be rotated on each upgrade:
+    # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
+    password: ""
+    # you can also specify the name of an existing Secret
+    # with a key of postgres-password set to the password you want
+    existingSecret: ""
 
 # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
 redis:
   # you must set a password; the password generated by the redis chart will be
   # rotated on each upgrade:
   password: ""
+  # you can also specify the name of an existing Secret
+  # with a key of redis-password set to the password you want
+  # auth:
+    # existingSecret: ""
 
 service:
   type: ClusterIP
@@ -157,45 +175,45 @@ externalAuth:
     # client_secret: SECRETKEY
     # redirect_uri: https://example.com/auth/auth/openid_connect/callback
     # assume_email_is_verified: true
-    # client_auth_method: 
-    # response_type: 
-    # response_mode: 
-    # display: 
-    # prompt: 
-    # send_nonce: 
-    # send_scope_to_token_endpoint: 
-    # idp_logout_redirect_uri: 
-    # http_scheme: 
-    # host: 
-    # port: 
-    # jwks_uri: 
-    # auth_endpoint: 
-    # token_endpoint: 
-    # user_info_endpoint: 
-    # end_session_endpoint: 
+    # client_auth_method:
+    # response_type:
+    # response_mode:
+    # display:
+    # prompt:
+    # send_nonce:
+    # send_scope_to_token_endpoint:
+    # idp_logout_redirect_uri:
+    # http_scheme:
+    # host:
+    # port:
+    # jwks_uri:
+    # auth_endpoint:
+    # token_endpoint:
+    # user_info_endpoint:
+    # end_session_endpoint:
   saml:
     enabled: false
     # acs_url: http://mastodon.example.com/auth/auth/saml/callback
     # issuer: mastodon
     # idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
     # idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
-    # idp_cert_fingerprint: 
+    # idp_cert_fingerprint:
     # name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
-    # cert: 
-    # private_key: 
+    # cert:
+    # private_key:
     # want_assertion_signed: true
     # want_assertion_encrypted: true
     # assume_email_is_verified: true
     # uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
-    # attributes_statements: 
+    # attributes_statements:
     #   uid: "urn:oid:0.9.2342.19200300.100.1.1"
     #   email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
     #   full_name: "urn:oid:2.16.840.1.113730.3.1.241"
     #   first_name: "urn:oid:2.5.4.42"
     #   last_name: "urn:oid:2.5.4.4"
-    #   verified: 
-    #   verified_email: 
-  oauth_global: 
+    #   verified:
+    #   verified_email:
+  oauth_global:
     # Force redirect local login to CAS. Does not function with SAML or LDAP.
     oauth_redirect_at_sign_in: false
   cas:
@@ -204,15 +222,15 @@ externalAuth:
     # host: sso.myserver.com
     # port: 443
     # ssl: true
-    # validate_url: 
-    # callback_url: 
-    # logout_url: 
-    # login_url: 
+    # validate_url:
+    # callback_url:
+    # logout_url:
+    # login_url:
     # uid_field: 'user'
-    # ca_path: 
+    # ca_path:
     # disable_ssl_verification: false
     # assume_email_is_verified: true
-    # keys: 
+    # keys:
     #   uid: 'user'
     #   name: 'name'
     #   email: 'email'
@@ -222,7 +240,7 @@ externalAuth:
     #   location: 'location'
     #   image: 'image'
     #   phone: 'phone'
-  pam: 
+  pam:
     enabled: false
     # email_domain: example.com
     # default_service: rpam
@@ -232,9 +250,9 @@ externalAuth:
     # host: myservice.namespace.svc
     # port: 389
     # method: simple_tls
-    # base: 
-    # bind_on: 
-    # password: 
+    # base:
+    # bind_on:
+    # password:
     # uid: cn
     # mail: mail
     # search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"