diff options
Diffstat (limited to 'chart/templates')
| -rw-r--r-- | chart/templates/_helpers.tpl | 50 | ||||
| -rw-r--r-- | chart/templates/configmap-env.yaml | 6 | ||||
| -rw-r--r-- | chart/templates/cronjob-media-remove.yaml | 18 | ||||
| -rw-r--r-- | chart/templates/deployment-sidekiq.yaml | 25 | ||||
| -rw-r--r-- | chart/templates/deployment-streaming.yaml | 10 | ||||
| -rw-r--r-- | chart/templates/deployment-web.yaml | 24 | ||||
| -rw-r--r-- | chart/templates/job-assets-precompile.yaml | 16 | ||||
| -rw-r--r-- | chart/templates/job-chewy-upgrade.yaml | 16 | ||||
| -rw-r--r-- | chart/templates/job-create-admin.yaml | 16 | ||||
| -rw-r--r-- | chart/templates/job-db-migrate.yaml | 16 | ||||
| -rw-r--r-- | chart/templates/secrets.yaml | 10 |
11 files changed, 139 insertions, 68 deletions
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 5814a3120..71bb002ef 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -77,3 +77,53 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- define "mastodon.postgresql.fullname" -}} {{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Get the mastodon secret. +*/}} +{{- define "mastodon.secretName" -}} +{{- if .Values.mastodon.secrets.existingSecret }} + {{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the postgresql secret. +*/}} +{{- define "mastodon.postgresql.secretName" -}} +{{- if (and (or .Values.postgresql.enabled .Values.postgresql.postgresqlHostname) .Values.postgresql.auth.existingSecret) }} + {{- printf "%s" (tpl .Values.postgresql.auth.existingSecret $) -}} +{{- else if .Values.postgresql.enabled -}} + {{- printf "%s-postgresql" (tpl .Release.Name $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the redis secret. +*/}} +{{- define "mastodon.redis.secretName" -}} +{{- if .Values.redis.auth.existingSecret }} + {{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}} +{{- else if .Values.redis.existingSecret }} + {{- printf "%s" (tpl .Values.redis.existingSecret $) -}} +{{- else -}} + {{- printf "%s-redis" (tpl .Release.Name $) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a mastodon secret object should be created +*/}} +{{- define "mastodon.createSecret" -}} +{{- if (or + (and .Values.mastodon.s3.enabled (not .Values.mastodon.s3.existingSecret)) + (not .Values.mastodon.secrets.existingSecret ) + (and (not .Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret)) + ) -}} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml index aa242684f..f988477d9 100644 --- a/chart/templates/configmap-env.yaml +++ b/chart/templates/configmap-env.yaml @@ -10,14 +10,14 @@ data: {{- else }} DB_HOST: {{ .Values.postgresql.postgresqlHostname }} {{- end }} - DB_NAME: {{ .Values.postgresql.postgresqlDatabase }} + DB_NAME: {{ .Values.postgresql.auth.database }} DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} DB_PORT: "5432" - DB_USER: {{ .Values.postgresql.postgresqlUsername }} + DB_USER: {{ .Values.postgresql.auth.username }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} ES_ENABLED: "true" - ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master + ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl ES_PORT: "9200" {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} diff --git a/chart/templates/cronjob-media-remove.yaml b/chart/templates/cronjob-media-remove.yaml index 3d6e25cc6..160aee204 100644 --- a/chart/templates/cronjob-media-remove.yaml +++ b/chart/templates/cronjob-media-remove.yaml @@ -1,5 +1,5 @@ {{ if .Values.mastodon.cron.removeMedia.enabled }} -apiVersion: batch/v1beta1 +apiVersion: batch/v1 kind: CronJob metadata: name: {{ include "mastodon.fullname" . }}-media-remove @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-media-remove + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 12 }} + {{- end }} spec: restartPolicy: OnFailure {{- if (not .Values.mastodon.s3.enabled) }} @@ -49,21 +53,17 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/chart/templates/deployment-sidekiq.yaml b/chart/templates/deployment-sidekiq.yaml index baf6c2b2d..f1809bd85 100644 --- a/chart/templates/deployment-sidekiq.yaml +++ b/chart/templates/deployment-sidekiq.yaml @@ -70,22 +70,31 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password + {{- if .Values.mastodon.smtp.existingSecret }} + - name: "SMTP_LOGIN" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.smtp.existingSecret }} + key: login + optional: true + - name: "SMTP_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.smtp.existingSecret }} + key: password + {{- end -}} {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/chart/templates/deployment-streaming.yaml b/chart/templates/deployment-streaming.yaml index b332b686a..12203a530 100644 --- a/chart/templates/deployment-streaming.yaml +++ b/chart/templates/deployment-streaming.yaml @@ -43,16 +43,12 @@ spec: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.streaming.port | quote }} diff --git a/chart/templates/deployment-web.yaml b/chart/templates/deployment-web.yaml index 8b8bb4f29..ab722c77b 100644 --- a/chart/templates/deployment-web.yaml +++ b/chart/templates/deployment-web.yaml @@ -56,24 +56,32 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} + - name: "AWS_SECRET_ACCESS_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.s3.existingSecret }} + key: AWS_SECRET_ACCESS_KEY + - name: "AWS_ACCESS_KEY_ID" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.s3.existingSecret }} + key: AWS_ACCESS_KEY_ID + {{- end -}} {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/chart/templates/job-assets-precompile.yaml b/chart/templates/job-assets-precompile.yaml index 825a7e916..faa51a20d 100644 --- a/chart/templates/job-assets-precompile.yaml +++ b/chart/templates/job-assets-precompile.yaml @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-assets-precompile + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -50,21 +54,17 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/chart/templates/job-chewy-upgrade.yaml b/chart/templates/job-chewy-upgrade.yaml index cc68a3385..ae6fb38e1 100644 --- a/chart/templates/job-chewy-upgrade.yaml +++ b/chart/templates/job-chewy-upgrade.yaml @@ -13,6 +13,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-chewy-upgrade + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -51,21 +55,17 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/chart/templates/job-create-admin.yaml b/chart/templates/job-create-admin.yaml index ffb8bb059..659c00671 100644 --- a/chart/templates/job-create-admin.yaml +++ b/chart/templates/job-create-admin.yaml @@ -13,6 +13,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-create-admin + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -56,21 +60,17 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/chart/templates/job-db-migrate.yaml b/chart/templates/job-db-migrate.yaml index 72f910e3b..8e4f70dfb 100644 --- a/chart/templates/job-db-migrate.yaml +++ b/chart/templates/job-db-migrate.yaml @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-db-migrate + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} @@ -50,21 +54,17 @@ spec: - configMapRef: name: {{ include "mastodon.fullname" . }}-env - secretRef: - name: {{ template "mastodon.fullname" . }} + name: {{ template "mastodon.secretName" . }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - {{- else }} - name: {{ template "mastodon.fullname" . }} - {{- end }} - key: postgresql-password + name: {{ template "mastodon.postgresql.secretName" . }} + key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Release.Name }}-redis + name: {{ template "mastodon.redis.secretName" . }} key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index 0452a8ae1..135d5b61a 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{- if (include "mastodon.createSecret" .) }} apiVersion: v1 kind: Secret metadata: @@ -7,9 +8,12 @@ metadata: type: Opaque data: {{- if .Values.mastodon.s3.enabled }} + {{- if not .Values.mastodon.s3.existingSecret }} AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}" AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}" {{- end }} + {{- end }} + {{- if not .Values.mastodon.secrets.existingSecret }} {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" {{- else }} @@ -30,6 +34,10 @@ data: {{- else }} VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} {{- end }} + {{- end }} {{- if not .Values.postgresql.enabled }} - postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}" + {{- if not .Values.postgresql.auth.existingSecret }} + postgresql-password: "{{ .Values.postgresql.auth.password | b64enc }}" + {{- end }} {{- end }} +{{- end -}} |