diff options
Diffstat (limited to 'chart/values.yaml')
| -rw-r--r-- | chart/values.yaml | 106 |
1 files changed, 65 insertions, 41 deletions
diff --git a/chart/values.yaml b/chart/values.yaml index 2cfa3484b..4b18a9dfa 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -48,6 +48,9 @@ mastodon: enabled: false access_key: "" access_secret: "" + # you can also specify the name of an existing Secret + # with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY + existingSecret: "" bucket: "" endpoint: https://us-east-1.linodeobjects.com hostname: us-east-1.linodeobjects.com @@ -61,6 +64,10 @@ mastodon: vapid: private_key: "" public_key: "" + # you can also specify the name of an existing Secret + # with keys SECRET_KEY_BASE and OTP_SECRET and + # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY + existingSecret: "" sidekiq: concurrency: 25 smtp: @@ -70,13 +77,16 @@ mastodon: domain: enable_starttls_auto: true from_address: notifications@example.com - login: openssl_verify_mode: peer - password: port: 587 reply_to: server: smtp.mailgun.org tls: false + login: + password: + # you can also specify the name of an existing Secret + # with the keys login and password + existingSecret: streaming: port: 4000 # this should be set manually since os.cpus() returns the number of CPUs on @@ -127,18 +137,26 @@ postgresql: # must match those of that external postgres instance enabled: true # postgresqlHostname: preexisting-postgresql - postgresqlDatabase: mastodon_production - # you must set a password; the password generated by the postgresql chart will - # be rotated on each upgrade: - # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade - postgresqlPassword: "" - postgresqlUsername: postgres + auth: + database: mastodon_production + username: postgres + # you must set a password; the password generated by the postgresql chart will + # be rotated on each upgrade: + # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade + password: "" + # you can also specify the name of an existing Secret + # with a key of postgres-password set to the password you want + existingSecret: "" # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: # you must set a password; the password generated by the redis chart will be # rotated on each upgrade: password: "" + # you can also specify the name of an existing Secret + # with a key of redis-password set to the password you want + # auth: + # existingSecret: "" service: type: ClusterIP @@ -157,45 +175,45 @@ externalAuth: # client_secret: SECRETKEY # redirect_uri: https://example.com/auth/auth/openid_connect/callback # assume_email_is_verified: true - # client_auth_method: - # response_type: - # response_mode: - # display: - # prompt: - # send_nonce: - # send_scope_to_token_endpoint: - # idp_logout_redirect_uri: - # http_scheme: - # host: - # port: - # jwks_uri: - # auth_endpoint: - # token_endpoint: - # user_info_endpoint: - # end_session_endpoint: + # client_auth_method: + # response_type: + # response_mode: + # display: + # prompt: + # send_nonce: + # send_scope_to_token_endpoint: + # idp_logout_redirect_uri: + # http_scheme: + # host: + # port: + # jwks_uri: + # auth_endpoint: + # token_endpoint: + # user_info_endpoint: + # end_session_endpoint: saml: enabled: false # acs_url: http://mastodon.example.com/auth/auth/saml/callback # issuer: mastodon # idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml # idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----' - # idp_cert_fingerprint: + # idp_cert_fingerprint: # name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - # cert: - # private_key: + # cert: + # private_key: # want_assertion_signed: true # want_assertion_encrypted: true # assume_email_is_verified: true # uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1" - # attributes_statements: + # attributes_statements: # uid: "urn:oid:0.9.2342.19200300.100.1.1" # email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" # full_name: "urn:oid:2.16.840.1.113730.3.1.241" # first_name: "urn:oid:2.5.4.42" # last_name: "urn:oid:2.5.4.4" - # verified: - # verified_email: - oauth_global: + # verified: + # verified_email: + oauth_global: # Force redirect local login to CAS. Does not function with SAML or LDAP. oauth_redirect_at_sign_in: false cas: @@ -204,15 +222,15 @@ externalAuth: # host: sso.myserver.com # port: 443 # ssl: true - # validate_url: - # callback_url: - # logout_url: - # login_url: + # validate_url: + # callback_url: + # logout_url: + # login_url: # uid_field: 'user' - # ca_path: + # ca_path: # disable_ssl_verification: false # assume_email_is_verified: true - # keys: + # keys: # uid: 'user' # name: 'name' # email: 'email' @@ -222,7 +240,7 @@ externalAuth: # location: 'location' # image: 'image' # phone: 'phone' - pam: + pam: enabled: false # email_domain: example.com # default_service: rpam @@ -232,9 +250,9 @@ externalAuth: # host: myservice.namespace.svc # port: 389 # method: simple_tls - # base: - # bind_on: - # password: + # base: + # bind_on: + # password: # uid: cn # mail: mail # search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))" @@ -263,8 +281,14 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" +# Kubernetes manages pods for jobs and pods for deployments differently, so you might +# need to apply different annotations to the two different sets of pods. The annotations +# set with podAnnotations will be added to all deployment-managed pods. podAnnotations: {} +# The annotations set with jobAnnotations will be added to all job pods. +jobAnnotations: {} + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little |