| Age | Commit message (Collapse) | Author |
|---|
|
* Allow statsd publishing from Helm
* Apply suggestions from code review
Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>
Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>
|
|
|
|
ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting
three values: 'auto' (the default), 'always', and 'never'. If
ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In
this way, this change should be fully backwards compatible.
Resolves #20311
|
|
|
|
* ingressClassName
* ingress values must be optional
|
|
This patch reworks the Pod rolling mechanism, which is supposed to update Pods
with each migration run, but since the it generates a new random value on each
helm execution, this will constantly roll all pods in a GitOps driven deployment,
which reconciles the helm release.
This is resolved by fixing the upgrade to the `.Release.Revision`, which should
stay identical, unless config or helm release version have been changed. Further
it introduces automatic rolls based on adjustments to the environment variables
and secrets.
The implementation uses a helper template, following the 1-2-N rule, and omitting
code duplication.
References:
https://helm.sh/docs/chart_template_guide/builtin_objects/
https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
|
|
|
|
|
|
|
|
* Revert "Fix helm chart use of Postgres Password (#19537)"
This reverts commit 6094a916b185ae0634e016004deb4cec11afbaca.
* Revert "Fix PostgreSQL password reference for jobs (#19504)"
This reverts commit dae954ef111b8e0ab17812d156f6c955b77d9859.
* Revert "Fix PostgreSQL password reference (#19502)"
This reverts commit 9bf6a8af82391fa8b32112deb4a36a0cfc68143e.
* Correct default username in postgresql auth
|
|
|
|
Fixes #19536
|
|
|
|
|
|
|
|
* Mark job pods not to use Istio's envoy sidecar
Istio injects sidecars into pods to implement mTLS between pods. Jobs
usually don't know about this, so they don't signal the Envoy process
to stop when the job finishes. Since at least one process is running
in the pod, Kubernetes doesn't consider the job to be completed, so it
lingers.
By adding the `sidecar.istio.io/inject` annotation set to `"false"`,
we let Istio know that it should not inject the sidecar. If Istio is
not installed, then this has no impact.
* Support arbitrary job annotations in the Helm chart
Rather than focus on Istio, this allows arbitrary annotations for job pods.
* Add in-line documentation for pod/job annotations
|
|
|
|
the chart (#18941)
* Add ability to specify an existing Secret (#18139)
Closes #18139
* Allow using secrets with external postgres
* Upgrade CronJob to batch/v1
* Allow using redis.auth.existingSecret
* Helmignore mastodon-*.tgz for easy local development
* Upgrade helm dependencies
* Upgrade postgresql to 11
* Allow putting SMTP password into a secret
* Add optional login to SMTP secret
This to allow setting LOGIN either in values.yaml or
in the secret.
* Switch to bitnami charts full archive
This prevents older versions from disappearing, see
https://github.com/bitnami/charts/issues/10539 for
full context.
Co-authored-by: Ted Tramonte <ted.tramonte@gmail.com>
|
|
This adds a mastodon.streaming.base_url setting in the Helm chart values
file to allow setting the STREAMING_API_BASE_URL in the Mastodon environnment
config map.
|
|
* Add SAML support
* move extAuth below essential components
* Add CAS, PAM, LDAP support
* Add WEB_DOMAIN and S3_ALIAS_HOST support
* SAML defaults aligned
* Bump chart version
* SSO & WEB_DOMAIN support added
* Add OIDC support
* Correct typo
* Notice for OIDC support
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
|
|
|
|
|
|
- move application variables under `mastodon` namespace
- restore standard yaml structure for ingress configuration
- move values.yaml.template to values.yaml
|
|
|
|
The cronjob tries to get key from `mastodon` secret instead of
`mastodon-postgresql` - so the cronjob fails with this error:
Error: couldn't find key postgresql-password in Secret [NS]/mastodon
Another solution is to save the postgres password in mastodon secret,
but that means that the password is placed in two places.
Postgresql use <fullname>-postgresql name as secret name.
|
|
|
|
* add Helm chart
known issues/future work:
- SSO is unsupported
- S3/Minio/GCS is unsupported
- Swift is unsupported
- WEB_DOMAIN is unsupported
- Tor is unsupported
* helm: clarify how LOCAL_DOMAIN is set
* helm: add chart description
* helm: make DB_POOL and Sidekiq concurrency configurable
* helm: only enforce pod affinity when using ReadWriteOnce
* helm: clarify compatibility
* helm: clean up application variables
* helm: add job to create initial admin
|
