about summary refs log tree commit diff
path: root/chart/templates
diff options
context:
space:
mode:
Diffstat (limited to 'chart/templates')
-rw-r--r--chart/templates/configmap-env.yaml224
-rw-r--r--chart/templates/ingress.yaml24
2 files changed, 247 insertions, 1 deletions
diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml
index 701368e49..5e0620998 100644
--- a/chart/templates/configmap-env.yaml
+++ b/chart/templates/configmap-env.yaml
@@ -21,6 +21,9 @@ data:
   ES_PORT: "9200"
   {{- end }}
   LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
+  {{- if .Values.mastodon.web_domain }}
+  WEB_DOMAIN: {{ .Values.mastodon.web_domain }}
+  {{- end }}
   # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
   MALLOC_ARENA_MAX: "2"
   NODE_ENV: "production"
@@ -36,6 +39,9 @@ data:
   {{- if .Values.mastodon.s3.region }}
   S3_REGION: {{ .Values.mastodon.s3.region }}
   {{- end }}
+  {{- if .Values.mastodon.s3.alias_host }}
+  S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
+  {{- end }}
   {{- end }}
   {{- if .Values.mastodon.smtp.auth_method }}
   SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
@@ -77,3 +83,221 @@ data:
   SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }}
   {{- end }}
   STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
+  {{- if .Values.externalAuth.oidc.enabled }}
+  OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
+  OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }}
+  OIDC_ISSUER: {{ .Values.externalAuth.oidc.issuer }}
+  OIDC_DISCOVERY: {{ .Values.externalAuth.oidc.discovery | quote }}
+  OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }}
+  OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }}
+  OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }}
+  OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
+  OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
+  OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
+  {{- if .Values.externalAuth.oidc.client_auth_method }}
+  OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.response_type }}
+  OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.response_mode }}
+  OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.display }}
+  OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.prompt }}
+  OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.send_nonce }}
+  OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
+  OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }}
+  OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.http_scheme }}
+  OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.host }}
+  OIDC_HOST: {{ .Values.externalAuth.oidc.host }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.port }}
+  OIDC_PORT: {{ .Values.externalAuth.oidc.port }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.jwks_uri }}
+  OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.auth_endpoint }}
+  OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.token_endpoint }}
+  OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.user_info_endpoint }}
+  OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }}
+  {{- end }}
+  {{- if .Values.externalAuth.oidc.end_session_endpoint }}
+  OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.enabled }}
+  SAML_ENABLED: {{ .Values.externalAuth.saml.enabled | quote }}
+  SAML_ACS_URL: {{ .Values.externalAuth.saml.acs_url }}
+  SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
+  SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
+  SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
+  {{- if .Values.externalAuth.saml.idp_cert_fingerprint }}
+  SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.name_identifier_format }}
+  SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.cert }}
+  SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.private_key }}
+  SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.want_assertion_signed }}
+  SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.want_assertion_encrypted }}
+  SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.assume_email_is_verified }}
+  SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.uid_attribute }}
+  SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.uid }}
+  SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.email }}
+  SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.full_name }}
+  SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.first_name }}
+  SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.last_name }}
+  SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.verified }}
+  SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.attributes_statements.verified_email }}
+  SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }}
+  OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.enabled }}
+  CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
+  CAS_URL: {{ .Values.externalAuth.cas.url }}
+  CAS_HOST: {{ .Values.externalAuth.cas.host }}
+  CAS_PORT: {{ .Values.externalAuth.cas.port }}
+  CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
+  {{- if .Values.externalAuth.cas.validate_url }}
+  CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.callback_url }}
+  CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.logout_url }}
+  CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.login_url }}
+  CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.uid_field }}
+  CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.ca_path }}
+  CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.disable_ssl_verification }}
+  CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.assume_email_is_verified }}
+  CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.uid }}
+  CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.name }}
+  CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.email }}
+  CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.nickname }}
+  CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.first_name }}
+  CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.last_name }}
+  CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.location }}
+  CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.image }}
+  CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.cas.keys.phone }}
+  CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.pam.enabled }}
+  PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }}
+  {{- if .Values.externalAuth.pam.email_domain }}
+  PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }}
+  {{- end }}
+  {{- if .Values.externalAuth.pam.default_service }}
+  PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }}
+  {{- end }}
+  {{- if .Values.externalAuth.pam.controlled_service }}
+  PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.enabled }}
+  LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }}
+  LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
+  LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
+  LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
+  {{- if .Values.externalAuth.ldap.base }}
+  LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.bind_on }}
+  LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.password }}
+  LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.uid }}
+  LDAP_UID: {{ .Values.externalAuth.ldap.uid }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.mail }}
+  LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.search_filter }}
+  LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.uid_conversion.enabled }}
+  LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.uid_conversion.search }}
+  LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.uid_conversion.replace }}
+  LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }}
+  {{- end }}
+  {{- end }}
\ No newline at end of file
diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml
index 8930d2c10..7295297fb 100644
--- a/chart/templates/ingress.yaml
+++ b/chart/templates/ingress.yaml
@@ -2,7 +2,9 @@
 {{- $fullName := include "mastodon.fullname" . -}}
 {{- $webPort := .Values.mastodon.web.port -}}
 {{- $streamingPort := .Values.mastodon.streaming.port -}}
-{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
@@ -35,12 +37,32 @@ spec:
           {{- range .paths }}
           - path: {{ .path }}
             backend:
+              {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+              service:
+                name: {{ $fullName }}-web
+                port:
+                  number: {{ $webPort }}
+              {{- else }}
               serviceName: {{ $fullName }}-web
               servicePort: {{ $webPort }}
+              {{- end }}
+            {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+            pathType: ImplementationSpecific
+            {{- end }}
           - path: {{ .path }}api/v1/streaming
             backend:
+              {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+              service:
+                name: {{ $fullName }}-streaming
+                port:
+                  number: {{ $streamingPort }}
+              {{- else }}
               serviceName: {{ $fullName }}-streaming
               servicePort: {{ $streamingPort }}
+              {{- end }}
+            {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
+            pathType: ImplementationSpecific
+            {{- end }}
           {{- end }}
     {{- end }}
 {{- end }}