about summary refs log tree commit diff
path: root/chart/templates
AgeCommit message (Collapse)Author
2022-11-24Fix the command to create the admin user (#19827)Chris Funderburg
* fix the command to create the admin user * change Admin to Owner
2022-11-24Helm: Major refactoring regarding Deployments, Environment variables and ↵Sheogorath
more (#20733) * fix(chart): Remove non-functional Horizontal Pod Autoscaler The Horizontal Pod Autoscaler (HPA) refers to a Deployment that doesn't exist and therefore can not work. As a result it's pointless to carry it around in this chart and give the wrong impression it could work. This patch removes it from the helm chart and drops all references to it. * refactor(chart): Refactor sidekiq deployments to scale This patch reworks how the sidekiq deployment is set up, by splitting it into many sidekiq deployments, but at least one, which should allow to scale the number of sidekiq jobs as expected while being friendly to single user instances as well as larger ones. Further it introduces per deployment overwrites for the most relevant pod fields like resources, affinities and processed queues, number of jobs and the sidekiq security contexts. The exact implementation was inspired by an upstream issue: https://github.com/mastodon/mastodon/issues/20453 * fix(chart): Remove linode default values from values This patch drops the linode defaults from the values.yaml since these are not obvious and can cause unexpected connections as well as leaking secrets to linode, when other s3 storage backends are used and don't explicitly configure these options by accident. Mastodon will then try to authenticate to the linode backends and therefore disclose the authentication secrets. * refactor(chart): Rework reduce value reference duplication Since most of the values are simply setup like this: ``` {{- if .Values.someVariable }} SOME_VARIABLE: {{ .Values.someVariable }} {{- end }} ``` There is a lot of duplication in the references in order to full in the variables. There is an equivalent notation, which reduces the usage of the variable name to just once: ``` {{- with .Values.someVariable }} SOME_VARIABLE: {{ . }} {{- end }} ``` What seems like a pointless replacement, will reduce potential mistakes down the line by possibly only adjusting one of the two references. * fix(chart): Switch to new OMNIAUTH_ONLY variable This patch adjusts the helm chart to use the new `OMNIAUTH_ONLY` variable, which replaced the former `OAUTH_REDIRECT_AT_SIGN_IN` variable in the following commit: https://github.com/mastodon/mastodon/pull/17288 https://github.com/mastodon/mastodon/pull/17288/commits/3c8857917ea9b9b3a76adb7afcea5842c8e1c0d1 * fix(chart): Repair connection test to existing service Currently the connect test can't work, since it's connecting to a non-existing service this patch fixes the service name to make the job connect to the mastodon web service to verify the connection. * docs(chart): Adjust values.yaml to support helm-docs This patch updates most values to prepare an introduction of helm-docs. This should help to make the chart more user friendly by explaining the variables and provide a standardised README file, like many other helm charts do. References: https://github.com/norwoodj/helm-docs * refactor(chart): Allow individual overwrites for streaming and web deployment This patch works how the streaming and web deployments work by adding various fields to overwrite values such as affinities, resources, replica count, and security contexts. BREAKING CHANGE: This commit removes `.Values.replicaCount` in favour of `.Values.mastodon.web.replicas` and `.Values.mastodon.streaming.values`. * feat(chart): Add option for authorized fetch Currently the helm chart doesn't support authorized fetch aka. "Secure Mode" this patch fixes that by adding the needed config option to the values file and the configmap. * docs(chart): Improve helm-docs compatiblity This patch adjust a few more comments in the values.yaml to be picked up by helm-docs. This way, future adoption is properly prepared. * fix(chart): Add automatic detection of scheduler sidekiq queue This patch adds an automatic switch to the `Recreate` strategy for the sidekiq Pod in order to prevent accidental concurrency for the scheduler queue. * fix(chart): Repair broken DB_POOL variable
2022-11-13helm: Add helm chart tests (#20394)Erik Sundell
* helm: Fix consistent list indentation * helm: Add helm lint and helm template tests * helm: Add helm template --validate test * helm: Add helm install test
2022-11-13Add the option to configure external postgresql port (#20370)Cees-Jan Kiewiet
While the normal assumption of port `5432` for a postgresql server is pretty reliable I found that DigitalOcean puts them on a somewhat random port. This adds the ability to specify the port in the helm chart.
2022-11-13Helm: support statsd publishing (#20455)Alex Nordlund
* Allow statsd publishing from Helm * Apply suggestions from code review Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com> Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>
2022-11-10helm: fix consistent indentation, chomping, and use of with (#19918)Erik Sundell
2022-11-10Make enable_starttls configurable by envvars (#20321)F
ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting three values: 'auto' (the default), 'always', and 'never'. If ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In this way, this change should be fully backwards compatible. Resolves #20311
2022-11-10Give web container time to start (#19828)Joe Friedl
2022-11-10Helm chart improved for ingress (#19826)mickkael
* ingressClassName * ingress values must be optional
2022-11-10fix(chart): Fix gitops-incompatible random rolling (#20184)Sheogorath
This patch reworks the Pod rolling mechanism, which is supposed to update Pods with each migration run, but since the it generates a new random value on each helm execution, this will constantly roll all pods in a GitOps driven deployment, which reconciles the helm release. This is resolved by fixing the upgrade to the `.Release.Revision`, which should stay identical, unless config or helm release version have been changed. Further it introduces automatic rolls based on adjustments to the environment variables and secrets. The implementation uses a helper template, following the 1-2-N rule, and omitting code duplication. References: https://helm.sh/docs/chart_template_guide/builtin_objects/ https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
2022-11-08Assign unique set of labels to k8s deployments #19703 (#19706)Alex Nordlund
2022-11-08helm: Fix ingress pathType (#19729)Moritz Hedtke
2022-11-08Roll pods to pick up db migrations even if podAnnotations is empty (#19702)Alex Nordlund
2022-11-08Fix helm postgresql secret (#19678)Alex Nordlund
* Revert "Fix helm chart use of Postgres Password (#19537)" This reverts commit 6094a916b185ae0634e016004deb4cec11afbaca. * Revert "Fix PostgreSQL password reference for jobs (#19504)" This reverts commit dae954ef111b8e0ab17812d156f6c955b77d9859. * Revert "Fix PostgreSQL password reference (#19502)" This reverts commit 9bf6a8af82391fa8b32112deb4a36a0cfc68143e. * Correct default username in postgresql auth
2022-11-05Add S3 existing secret to sidekiq (#19778)Alex Nordlund
2022-10-30Fix helm chart use of Postgres Password (#19537)Ben Hardill
Fixes #19536
2022-10-28Fix PostgreSQL password reference for jobs (#19504)Kangwook Lee (이강욱)
2022-10-28Add option to enable single user mode (#19503)Kangwook Lee (이강욱)
2022-10-28Fix PostgreSQL password reference (#19502)Kangwook Lee (이강욱)
2022-08-25Mark job pods not to use Istio's envoy sidecar (#18415)James Smith
* Mark job pods not to use Istio's envoy sidecar Istio injects sidecars into pods to implement mTLS between pods. Jobs usually don't know about this, so they don't signal the Envoy process to stop when the job finishes. Since at least one process is running in the pod, Kubernetes doesn't consider the job to be completed, so it lingers. By adding the `sidecar.istio.io/inject` annotation set to `"false"`, we let Istio know that it should not inject the sidecar. If Istio is not installed, then this has no impact. * Support arbitrary job annotations in the Helm chart Rather than focus on Istio, this allows arbitrary annotations for job pods. * Add in-line documentation for pod/job annotations
2022-08-25Allow S3 to use an existing secret (#18997)Alex Nordlund
2022-08-10Fix broken dependencies in helm chart and allow using existing secrets in ↵Alex Nordlund
the chart (#18941) * Add ability to specify an existing Secret (#18139) Closes #18139 * Allow using secrets with external postgres * Upgrade CronJob to batch/v1 * Allow using redis.auth.existingSecret * Helmignore mastodon-*.tgz for easy local development * Upgrade helm dependencies * Upgrade postgresql to 11 * Allow putting SMTP password into a secret * Add optional login to SMTP secret This to allow setting LOGIN either in values.yaml or in the secret. * Switch to bitnami charts full archive This prevents older versions from disappearing, see https://github.com/bitnami/charts/issues/10539 for full context. Co-authored-by: Ted Tramonte <ted.tramonte@gmail.com>
2022-05-14Support STREAMING_API_BASE_URL in Helm Chart (#18408)James Smith
This adds a mastodon.streaming.base_url setting in the Helm chart values file to allow setting the STREAMING_API_BASE_URL in the Mastodon environnment config map.
2022-02-11Helm chart SSO support (#17205)bobbyd0g
* Add SAML support * move extAuth below essential components * Add CAS, PAM, LDAP support * Add WEB_DOMAIN and S3_ALIAS_HOST support * SAML defaults aligned * Bump chart version * SSO & WEB_DOMAIN support added * Add OIDC support * Correct typo * Notice for OIDC support Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-02-09Add support >= 1.22 (#17490)Takuya Yoshida
2021-02-19helm: add support for S3 storage (#15748)Alex Dunn
2021-02-15helm: standardize yaml configuration (#15728)Alex Dunn
- move application variables under `mastodon` namespace - restore standard yaml structure for ingress configuration - move values.yaml.template to values.yaml
2021-02-14helm: add option for external db (#15722)Alex Dunn
2020-11-02Fix postrgres secret name for cronjob (#15072)Patrice Ferlet
The cronjob tries to get key from `mastodon` secret instead of `mastodon-postgresql` - so the cronjob fails with this error: Error: couldn't find key postgresql-password in Secret [NS]/mastodon Another solution is to save the postgres password in mastodon secret, but that means that the password is placed in two places. Postgresql use <fullname>-postgresql name as secret name.
2020-10-13helm: add optional cron job to run `tootctl remove media` (#14396)Alex Dunn
2020-06-29Add Helm chart (#14090)Alex Dunn
* add Helm chart known issues/future work: - SSO is unsupported - S3/Minio/GCS is unsupported - Swift is unsupported - WEB_DOMAIN is unsupported - Tor is unsupported * helm: clarify how LOCAL_DOMAIN is set * helm: add chart description * helm: make DB_POOL and Sidekiq concurrency configurable * helm: only enforce pod affinity when using ReadWriteOnce * helm: clarify compatibility * helm: clean up application variables * helm: add job to create initial admin