about summary refs log tree commit diff
path: root/chart
diff options
context:
space:
mode:
authorAlex Dunn <dunn.alex@gmail.com>2021-02-19 00:52:32 -0800
committerGitHub <noreply@github.com>2021-02-19 09:52:32 +0100
commitfca4fd1daa09f7261753bc98103f653a9ce463b1 (patch)
tree376101238847eb33af9901a3e6894abfa99f4a70 /chart
parente31ed2748597c9f31afba87dcdf47082949f0f23 (diff)
helm: add support for S3 storage (#15748)
Diffstat (limited to 'chart')
-rw-r--r--chart/Chart.yaml2
-rw-r--r--chart/readme.md1
-rw-r--r--chart/templates/configmap-env.yaml10
-rw-r--r--chart/templates/cronjob-media-remove.yaml4
-rw-r--r--chart/templates/deployment-sidekiq.yaml4
-rw-r--r--chart/templates/deployment-web.yaml4
-rw-r--r--chart/templates/job-assets-precompile.yaml4
-rw-r--r--chart/templates/job-chewy-upgrade.yaml4
-rw-r--r--chart/templates/job-create-admin.yaml4
-rw-r--r--chart/templates/job-db-migrate.yaml4
-rw-r--r--chart/templates/pvc-assets.yaml3
-rw-r--r--chart/templates/pvc-system.yaml3
-rw-r--r--chart/templates/secrets.yaml4
-rw-r--r--chart/values.yaml8
14 files changed, 55 insertions, 4 deletions
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 8f95a1f63..d72b7df1a 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.0
+version: 1.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/chart/readme.md b/chart/readme.md
index e699542ff..9f7a88958 100644
--- a/chart/readme.md
+++ b/chart/readme.md
@@ -24,7 +24,6 @@ The variables that _must_ be configured are:
 Currently this chart does _not_ support:
 
 - Hidden services
-- S3/Minio/GCS
 - Single Sign-On
 - Swift
 - configurations using `WEB_DOMAIN`
diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml
index cc7231db4..701368e49 100644
--- a/chart/templates/configmap-env.yaml
+++ b/chart/templates/configmap-env.yaml
@@ -27,6 +27,16 @@ data:
   RAILS_ENV: "production"
   REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master
   REDIS_PORT: "6379"
+  {{- if .Values.mastodon.s3.enabled }}
+  S3_BUCKET: {{ .Values.mastodon.s3.bucket }}
+  S3_ENABLED: "true"
+  S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
+  S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
+  S3_PROTOCOL: "https"
+  {{- if .Values.mastodon.s3.region }}
+  S3_REGION: {{ .Values.mastodon.s3.region }}
+  {{- end }}
+  {{- end }}
   {{- if .Values.mastodon.smtp.auth_method }}
   SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
   {{- end }}
diff --git a/chart/templates/cronjob-media-remove.yaml b/chart/templates/cronjob-media-remove.yaml
index 8515e4002..3d6e25cc6 100644
--- a/chart/templates/cronjob-media-remove.yaml
+++ b/chart/templates/cronjob-media-remove.yaml
@@ -14,6 +14,7 @@ spec:
           name: {{ include "mastodon.fullname" . }}-media-remove
         spec:
           restartPolicy: OnFailure
+          {{- if (not .Values.mastodon.s3.enabled) }}
           # ensure we run on the same node as the other rails components; only
           # required when using PVCs that are ReadWriteOnce
           {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@@ -35,6 +36,7 @@ spec:
             - name: system
               persistentVolumeClaim:
                 claimName: {{ template "mastodon.fullname" . }}-system
+          {{- end }}
           containers:
             - name: {{ include "mastodon.fullname" . }}-media-remove
               image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -65,9 +67,11 @@ spec:
                       key: redis-password
                 - name: "PORT"
                   value: {{ .Values.mastodon.web.port | quote }}
+              {{- if (not .Values.mastodon.s3.enabled) }}
               volumeMounts:
                 - name: assets
                   mountPath: /opt/mastodon/public/assets
                 - name: system
                   mountPath: /opt/mastodon/public/system
+              {{- end }}
 {{- end }}
diff --git a/chart/templates/deployment-sidekiq.yaml b/chart/templates/deployment-sidekiq.yaml
index 8ef157d31..baf6c2b2d 100644
--- a/chart/templates/deployment-sidekiq.yaml
+++ b/chart/templates/deployment-sidekiq.yaml
@@ -31,6 +31,7 @@ spec:
       serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if (not .Values.mastodon.s3.enabled) }}
       # ensure we run on the same node as the other rails components; only
       # required when using PVCs that are ReadWriteOnce
       {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@@ -52,6 +53,7 @@ spec:
         - name: system
           persistentVolumeClaim:
             claimName: {{ template "mastodon.fullname" . }}-system
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -84,11 +86,13 @@ spec:
                 secretKeyRef:
                   name: {{ .Release.Name }}-redis
                   key: redis-password
+          {{- if (not .Values.mastodon.s3.enabled) }}
           volumeMounts:
             - name: assets
               mountPath: /opt/mastodon/public/assets
             - name: system
               mountPath: /opt/mastodon/public/system
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
diff --git a/chart/templates/deployment-web.yaml b/chart/templates/deployment-web.yaml
index 02aa7c9a5..8b8bb4f29 100644
--- a/chart/templates/deployment-web.yaml
+++ b/chart/templates/deployment-web.yaml
@@ -31,6 +31,7 @@ spec:
       serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if (not .Values.mastodon.s3.enabled) }}
       volumes:
         - name: assets
           persistentVolumeClaim:
@@ -38,6 +39,7 @@ spec:
         - name: system
           persistentVolumeClaim:
             claimName: {{ template "mastodon.fullname" . }}-system
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -72,11 +74,13 @@ spec:
                   key: redis-password
             - name: "PORT"
               value: {{ .Values.mastodon.web.port | quote }}
+          {{- if (not .Values.mastodon.s3.enabled) }}
           volumeMounts:
             - name: assets
               mountPath: /opt/mastodon/public/assets
             - name: system
               mountPath: /opt/mastodon/public/system
+          {{- end }}
           ports:
             - name: http
               containerPort: {{ .Values.mastodon.web.port }}
diff --git a/chart/templates/job-assets-precompile.yaml b/chart/templates/job-assets-precompile.yaml
index 2aae20582..825a7e916 100644
--- a/chart/templates/job-assets-precompile.yaml
+++ b/chart/templates/job-assets-precompile.yaml
@@ -14,6 +14,7 @@ spec:
       name: {{ include "mastodon.fullname" . }}-assets-precompile
     spec:
       restartPolicy: Never
+      {{- if (not .Values.mastodon.s3.enabled) }}
       # ensure we run on the same node as the other rails components; only
       # required when using PVCs that are ReadWriteOnce
       {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@@ -35,6 +36,7 @@ spec:
         - name: system
           persistentVolumeClaim:
             claimName: {{ template "mastodon.fullname" . }}-system
+      {{- end }}
       containers:
         - name: {{ include "mastodon.fullname" . }}-assets-precompile
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -66,8 +68,10 @@ spec:
                   key: redis-password
             - name: "PORT"
               value: {{ .Values.mastodon.web.port | quote }}
+          {{- if (not .Values.mastodon.s3.enabled) }}
           volumeMounts:
             - name: assets
               mountPath: /opt/mastodon/public/assets
             - name: system
               mountPath: /opt/mastodon/public/system
+          {{- end }}
diff --git a/chart/templates/job-chewy-upgrade.yaml b/chart/templates/job-chewy-upgrade.yaml
index 8647a9831..cc68a3385 100644
--- a/chart/templates/job-chewy-upgrade.yaml
+++ b/chart/templates/job-chewy-upgrade.yaml
@@ -15,6 +15,7 @@ spec:
       name: {{ include "mastodon.fullname" . }}-chewy-upgrade
     spec:
       restartPolicy: Never
+      {{- if (not .Values.mastodon.s3.enabled) }}
       # ensure we run on the same node as the other rails components; only
       # required when using PVCs that are ReadWriteOnce
       {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@@ -36,6 +37,7 @@ spec:
         - name: system
           persistentVolumeClaim:
             claimName: {{ template "mastodon.fullname" . }}-system
+      {{- end }}
       containers:
         - name: {{ include "mastodon.fullname" . }}-chewy-setup
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -67,9 +69,11 @@ spec:
                   key: redis-password
             - name: "PORT"
               value: {{ .Values.mastodon.web.port | quote }}
+          {{- if (not .Values.mastodon.s3.enabled) }}
           volumeMounts:
             - name: assets
               mountPath: /opt/mastodon/public/assets
             - name: system
               mountPath: /opt/mastodon/public/system
+          {{- end }}
 {{- end }}
diff --git a/chart/templates/job-create-admin.yaml b/chart/templates/job-create-admin.yaml
index 1a3d8222b..ffb8bb059 100644
--- a/chart/templates/job-create-admin.yaml
+++ b/chart/templates/job-create-admin.yaml
@@ -15,6 +15,7 @@ spec:
       name: {{ include "mastodon.fullname" . }}-create-admin
     spec:
       restartPolicy: Never
+      {{- if (not .Values.mastodon.s3.enabled) }}
       # ensure we run on the same node as the other rails components; only
       # required when using PVCs that are ReadWriteOnce
       {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@@ -36,6 +37,7 @@ spec:
         - name: system
           persistentVolumeClaim:
             claimName: {{ template "mastodon.fullname" . }}-system
+      {{- end }}
       containers:
         - name: {{ include "mastodon.fullname" . }}-create-admin
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -72,9 +74,11 @@ spec:
                   key: redis-password
             - name: "PORT"
               value: {{ .Values.mastodon.web.port | quote }}
+          {{- if (not .Values.mastodon.s3.enabled) }}
           volumeMounts:
             - name: assets
               mountPath: /opt/mastodon/public/assets
             - name: system
               mountPath: /opt/mastodon/public/system
+          {{- end }}
 {{- end }}
diff --git a/chart/templates/job-db-migrate.yaml b/chart/templates/job-db-migrate.yaml
index e107da4d0..72f910e3b 100644
--- a/chart/templates/job-db-migrate.yaml
+++ b/chart/templates/job-db-migrate.yaml
@@ -14,6 +14,7 @@ spec:
       name: {{ include "mastodon.fullname" . }}-db-migrate
     spec:
       restartPolicy: Never
+      {{- if (not .Values.mastodon.s3.enabled) }}
       # ensure we run on the same node as the other rails components; only
       # required when using PVCs that are ReadWriteOnce
       {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@@ -35,6 +36,7 @@ spec:
         - name: system
           persistentVolumeClaim:
             claimName: {{ template "mastodon.fullname" . }}-system
+      {{- end }}
       containers:
         - name: {{ include "mastodon.fullname" . }}-db-migrate
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -66,8 +68,10 @@ spec:
                   key: redis-password
             - name: "PORT"
               value: {{ .Values.mastodon.web.port | quote }}
+          {{- if (not .Values.mastodon.s3.enabled) }}
           volumeMounts:
             - name: assets
               mountPath: /opt/mastodon/public/assets
             - name: system
               mountPath: /opt/mastodon/public/system
+          {{- end }}
diff --git a/chart/templates/pvc-assets.yaml b/chart/templates/pvc-assets.yaml
index 12ac72eb3..58b2179df 100644
--- a/chart/templates/pvc-assets.yaml
+++ b/chart/templates/pvc-assets.yaml
@@ -1,4 +1,4 @@
----
+{{- if (not .Values.mastodon.s3.enabled) }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -11,3 +11,4 @@ spec:
   resources:
     {{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}}
   storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }}
+{{- end }}
diff --git a/chart/templates/pvc-system.yaml b/chart/templates/pvc-system.yaml
index 62dc1e708..52398f0da 100644
--- a/chart/templates/pvc-system.yaml
+++ b/chart/templates/pvc-system.yaml
@@ -1,4 +1,4 @@
----
+{{- if (not .Values.mastodon.s3.enabled) }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -11,3 +11,4 @@ spec:
   resources:
     {{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}}
   storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }}
+{{- end }}
diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml
index 63d01d3eb..0452a8ae1 100644
--- a/chart/templates/secrets.yaml
+++ b/chart/templates/secrets.yaml
@@ -6,6 +6,10 @@ metadata:
     {{- include "mastodon.labels" . | nindent 4 }}
 type: Opaque
 data:
+  {{- if .Values.mastodon.s3.enabled }}
+  AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
+  AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
+  {{- end }}
   {{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
   SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
   {{- else }}
diff --git a/chart/values.yaml b/chart/values.yaml
index d752e46ec..a638f4a7d 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -41,6 +41,14 @@ mastodon:
       resources:
         requests:
           storage: 100Gi
+  s3:
+    enabled: false
+    access_key: ""
+    access_secret: ""
+    bucket: ""
+    endpoint: https://us-east-1.linodeobjects.com
+    hostname: us-east-1.linodeobjects.com
+    region: ""
   # these must be set manually; autogenerated keys are rotated on each upgrade
   secrets:
     secret_key_base: ""