From 55a6b54f8ee6b04845f1a4a8507ba9907670a739 Mon Sep 17 00:00:00 2001 From: Alex Dunn Date: Sun, 14 Feb 2021 11:16:32 -0800 Subject: helm: add option for external db (#15722) --- chart/templates/secrets.yaml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'chart/templates/secrets.yaml') diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index 74f4b1516..80f24a121 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -26,3 +26,6 @@ data: {{- else }} VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.secrets.vapid.public_key }} {{- end }} + {{- if not .Values.postgresql.enabled }} + postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}" + {{- end }} -- cgit From 9c273c2a59755a46ff3933470b02df857537a4af Mon Sep 17 00:00:00 2001 From: Alex Dunn Date: Sun, 14 Feb 2021 23:00:54 -0800 Subject: helm: standardize yaml configuration (#15728) - move application variables under `mastodon` namespace - restore standard yaml structure for ingress configuration - move values.yaml.template to values.yaml --- .gitignore | 1 - chart/Chart.yaml | 2 +- chart/readme.md | 16 +-- chart/templates/NOTES.txt | 5 +- chart/templates/configmap-env.yaml | 60 +++++----- chart/templates/cronjob-media-remove.yaml | 8 +- chart/templates/deployment-sidekiq.yaml | 4 +- chart/templates/deployment-streaming.yaml | 4 +- chart/templates/deployment-web.yaml | 4 +- chart/templates/ingress.yaml | 17 ++- chart/templates/job-assets-precompile.yaml | 4 +- chart/templates/job-chewy-upgrade.yaml | 4 +- chart/templates/job-create-admin.yaml | 10 +- chart/templates/job-db-migrate.yaml | 4 +- chart/templates/pvc-assets.yaml | 6 +- chart/templates/pvc-system.yaml | 6 +- chart/templates/secrets.yaml | 24 ++-- chart/templates/service-streaming.yaml | 2 +- chart/templates/service-web.yaml | 2 +- chart/values.yaml | 178 ++++++++++++++++++++++++++++ chart/values.yaml.template | 179 ----------------------------- 21 files changed, 269 insertions(+), 271 deletions(-) create mode 100644 chart/values.yaml delete mode 100644 chart/values.yaml.template (limited to 'chart/templates/secrets.yaml') diff --git a/.gitignore b/.gitignore index 4545270b3..8d921392b 100644 --- a/.gitignore +++ b/.gitignore @@ -46,7 +46,6 @@ # ignore Helm lockfile, dependency charts, and local values file /chart/Chart.lock /chart/charts/*.tgz -/chart/values.yaml # Ignore Apple files .DS_Store diff --git a/chart/Chart.yaml b/chart/Chart.yaml index a1db340e6..8f95a1f63 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/chart/readme.md b/chart/readme.md index 804e98094..e699542ff 100644 --- a/chart/readme.md +++ b/chart/readme.md @@ -3,12 +3,9 @@ This is a [Helm](https://helm.sh/) chart for installing Mastodon into a Kubernetes cluster. The basic usage is: -``` -cp values.yaml.template values.yaml -edit values.yaml # configure required settings -helm dep update -helm upgrade --install my-mastodon ./ -``` +1. edit `values.yaml` or create a separate yaml file for custom values +1. `helm dep update` +1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` This chart has been tested on Helm 3.0.1 and above. @@ -16,14 +13,11 @@ This chart has been tested on Helm 3.0.1 and above. The variables that _must_ be configured are: -- `ingress.hostname`; even if you aren’t using an Ingress, this value is used to - set `LOCAL_DOMAIN`. - -- password and keys in the `secrets`, `postgresql`, and `redis` groups; if +- password and keys in the `mastodon.secrets`, `postgresql`, and `redis` groups; if left blank, some of those values will be autogenerated, but will not persist across upgrades. -- SMTP settings for your mailer in the `smtp` group. +- SMTP settings for your mailer in the `mastodon.smtp` group. # Missing features diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt index 36cced67a..b09c40bec 100644 --- a/chart/templates/NOTES.txt +++ b/chart/templates/NOTES.txt @@ -2,7 +2,7 @@ {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} @@ -16,6 +16,7 @@ echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mastodon.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml index 2f93a4b3c..cc7231db4 100644 --- a/chart/templates/configmap-env.yaml +++ b/chart/templates/configmap-env.yaml @@ -11,59 +11,59 @@ data: DB_HOST: {{ .Values.postgresql.postgresqlHostname }} {{- end }} DB_NAME: {{ .Values.postgresql.postgresqlDatabase }} - DB_POOL: {{ .Values.application.sidekiq.concurrency | quote }} + DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} DB_PORT: "5432" DB_USER: {{ .Values.postgresql.postgresqlUsername }} - DEFAULT_LOCALE: {{ .Values.locale }} + DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} ES_ENABLED: "true" ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master ES_PORT: "9200" {{- end }} - LOCAL_DOMAIN: {{ .Values.ingress.hostname }} + LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior MALLOC_ARENA_MAX: "2" NODE_ENV: "production" RAILS_ENV: "production" REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master REDIS_PORT: "6379" - {{- if .Values.smtp.auth_method }} - SMTP_AUTH_METHOD: {{ .Values.smtp.auth_method }} + {{- if .Values.mastodon.smtp.auth_method }} + SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} {{- end }} - {{- if .Values.smtp.ca_file }} - SMTP_CA_FILE: {{ .Values.smtp.ca_file }} + {{- if .Values.mastodon.smtp.ca_file }} + SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }} {{- end }} - {{- if .Values.smtp.delivery_method }} - SMTP_DELIVERY_METHOD: {{ .Values.smtp.delivery_method }} + {{- if .Values.mastodon.smtp.delivery_method }} + SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }} {{- end }} - {{- if .Values.smtp.domain }} - SMTP_DOMAIN: {{ .Values.smtp.domain }} + {{- if .Values.mastodon.smtp.domain }} + SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }} {{- end }} - {{- if .Values.smtp.enable_starttls_auto }} - SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.smtp.enable_starttls_auto | quote }} + {{- if .Values.mastodon.smtp.enable_starttls_auto }} + SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }} {{- end }} - {{- if .Values.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ .Values.smtp.from_address }} + {{- if .Values.mastodon.smtp.from_address }} + SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }} {{- end }} - {{- if .Values.smtp.login }} - SMTP_LOGIN: {{ .Values.smtp.login }} + {{- if .Values.mastodon.smtp.login }} + SMTP_LOGIN: {{ .Values.mastodon.smtp.login }} {{- end }} - {{- if .Values.smtp.openssl_verify_mode }} - SMTP_OPENSSL_VERIFY_MODE: {{ .Values.smtp.openssl_verify_mode }} + {{- if .Values.mastodon.smtp.openssl_verify_mode }} + SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }} {{- end }} - {{- if .Values.smtp.password }} - SMTP_PASSWORD: {{ .Values.smtp.password }} + {{- if .Values.mastodon.smtp.password }} + SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }} {{- end }} - {{- if .Values.smtp.port }} - SMTP_PORT: {{ .Values.smtp.port | quote }} + {{- if .Values.mastodon.smtp.port }} + SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }} {{- end }} - {{- if .Values.smtp.reply_to }} - SMTP_REPLY_TO: {{ .Values.smtp.reply_to }} + {{- if .Values.mastodon.smtp.reply_to }} + SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }} {{- end }} - {{- if .Values.smtp.server }} - SMTP_SERVER: {{ .Values.smtp.server }} + {{- if .Values.mastodon.smtp.server }} + SMTP_SERVER: {{ .Values.mastodon.smtp.server }} {{- end }} - {{- if .Values.smtp.tls }} - SMTP_TLS: {{ .Values.smtp.tls | quote }} + {{- if .Values.mastodon.smtp.tls }} + SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }} {{- end }} - STREAMING_CLUSTER_NUM: {{ .Values.application.streaming.workers | quote }} + STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} diff --git a/chart/templates/cronjob-media-remove.yaml b/chart/templates/cronjob-media-remove.yaml index 5d78f3395..8515e4002 100644 --- a/chart/templates/cronjob-media-remove.yaml +++ b/chart/templates/cronjob-media-remove.yaml @@ -1,4 +1,4 @@ -{{ if .Values.cron.removeMedia.enabled }} +{{ if .Values.mastodon.cron.removeMedia.enabled }} apiVersion: batch/v1beta1 kind: CronJob metadata: @@ -6,7 +6,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: - schedule: {{ .Values.cron.removeMedia.schedule }} + schedule: {{ .Values.mastodon.cron.removeMedia.schedule }} jobTemplate: spec: template: @@ -16,7 +16,7 @@ spec: restartPolicy: OnFailure # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -64,7 +64,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/deployment-sidekiq.yaml b/chart/templates/deployment-sidekiq.yaml index f300a5e63..8ef157d31 100644 --- a/chart/templates/deployment-sidekiq.yaml +++ b/chart/templates/deployment-sidekiq.yaml @@ -33,7 +33,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -63,7 +63,7 @@ spec: - exec - sidekiq - -c - - {{ .Values.application.sidekiq.concurrency | quote }} + - {{ .Values.mastodon.sidekiq.concurrency | quote }} envFrom: - configMapRef: name: {{ include "mastodon.fullname" . }}-env diff --git a/chart/templates/deployment-streaming.yaml b/chart/templates/deployment-streaming.yaml index 02efcc3dc..b332b686a 100644 --- a/chart/templates/deployment-streaming.yaml +++ b/chart/templates/deployment-streaming.yaml @@ -55,10 +55,10 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.streaming.port | quote }} + value: {{ .Values.mastodon.streaming.port | quote }} ports: - name: streaming - containerPort: {{ .Values.application.streaming.port }} + containerPort: {{ .Values.mastodon.streaming.port }} protocol: TCP livenessProbe: httpGet: diff --git a/chart/templates/deployment-web.yaml b/chart/templates/deployment-web.yaml index a531aa487..02aa7c9a5 100644 --- a/chart/templates/deployment-web.yaml +++ b/chart/templates/deployment-web.yaml @@ -71,7 +71,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets @@ -79,7 +79,7 @@ spec: mountPath: /opt/mastodon/public/system ports: - name: http - containerPort: {{ .Values.application.web.port }} + containerPort: {{ .Values.mastodon.web.port }} protocol: TCP livenessProbe: httpGet: diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index 947bf5b70..8930d2c10 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -1,6 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "mastodon.fullname" . -}} -{{- $svcPort := .Values.service.port -}} +{{- $webPort := .Values.mastodon.web.port -}} +{{- $streamingPort := .Values.mastodon.streaming.port -}} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} @@ -27,15 +28,19 @@ spec: {{- end }} {{- end }} rules: - - host: {{ .Values.ingress.hostname | quote }} + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} http: paths: - - path: '/' + {{- range .paths }} + - path: {{ .path }} backend: serviceName: {{ $fullName }}-web - servicePort: {{ $svcPort }} - - path: '/api/v1/streaming' + servicePort: {{ $webPort }} + - path: {{ .path }}api/v1/streaming backend: serviceName: {{ $fullName }}-streaming - servicePort: {{ .Values.application.streaming.port }} + servicePort: {{ $streamingPort }} + {{- end }} + {{- end }} {{- end }} diff --git a/chart/templates/job-assets-precompile.yaml b/chart/templates/job-assets-precompile.yaml index 32e5c71d3..2aae20582 100644 --- a/chart/templates/job-assets-precompile.yaml +++ b/chart/templates/job-assets-precompile.yaml @@ -16,7 +16,7 @@ spec: restartPolicy: Never # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -65,7 +65,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/job-chewy-upgrade.yaml b/chart/templates/job-chewy-upgrade.yaml index 4d645168a..8647a9831 100644 --- a/chart/templates/job-chewy-upgrade.yaml +++ b/chart/templates/job-chewy-upgrade.yaml @@ -17,7 +17,7 @@ spec: restartPolicy: Never # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -66,7 +66,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/job-create-admin.yaml b/chart/templates/job-create-admin.yaml index aabb593ac..1a3d8222b 100644 --- a/chart/templates/job-create-admin.yaml +++ b/chart/templates/job-create-admin.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createAdmin.enabled }} +{{- if .Values.mastodon.createAdmin.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -17,7 +17,7 @@ spec: restartPolicy: Never # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -44,9 +44,9 @@ spec: - bin/tootctl - accounts - create - - {{ .Values.createAdmin.username }} + - {{ .Values.mastodon.createAdmin.username }} - --email - - {{ .Values.createAdmin.email }} + - {{ .Values.mastodon.createAdmin.email }} - --confirmed - --role - admin @@ -71,7 +71,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/job-db-migrate.yaml b/chart/templates/job-db-migrate.yaml index dd687a066..e107da4d0 100644 --- a/chart/templates/job-db-migrate.yaml +++ b/chart/templates/job-db-migrate.yaml @@ -16,7 +16,7 @@ spec: restartPolicy: Never # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -65,7 +65,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/pvc-assets.yaml b/chart/templates/pvc-assets.yaml index 5c5315100..12ac72eb3 100644 --- a/chart/templates/pvc-assets.yaml +++ b/chart/templates/pvc-assets.yaml @@ -7,7 +7,7 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.persistence.system.accessMode }} + - {{ .Values.mastodon.persistence.system.accessMode }} resources: - {{- toYaml .Values.persistence.assets.resources | nindent 4}} - storageClassName: {{ .Values.persistence.assets.storageClassName }} + {{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}} + storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }} diff --git a/chart/templates/pvc-system.yaml b/chart/templates/pvc-system.yaml index 028551151..62dc1e708 100644 --- a/chart/templates/pvc-system.yaml +++ b/chart/templates/pvc-system.yaml @@ -7,7 +7,7 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.persistence.system.accessMode }} + - {{ .Values.mastodon.persistence.system.accessMode }} resources: - {{- toYaml .Values.persistence.system.resources | nindent 4}} - storageClassName: {{ .Values.persistence.system.storageClassName }} + {{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}} + storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }} diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index 80f24a121..63d01d3eb 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -6,25 +6,25 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} type: Opaque data: - {{- if not (empty .Values.secrets.secret_key_base) }} - SECRET_KEY_BASE: "{{ .Values.secrets.secret_key_base | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} + SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" {{- else }} - SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.secrets.secret_key_base }} + SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }} {{- end }} - {{- if not (empty .Values.secrets.otp_secret) }} - OTP_SECRET: "{{ .Values.secrets.otp_secret | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.otp_secret) }} + OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}" {{- else }} - OTP_SECRET: {{ required "otp_secret is required" .Values.secrets.otp_secret }} + OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }} {{- end }} - {{- if not (empty .Values.secrets.vapid.private_key) }} - VAPID_PRIVATE_KEY: "{{ .Values.secrets.vapid.private_key | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.vapid.private_key) }} + VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}" {{- else }} - VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.secrets.vapid.private_key }} + VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }} {{- end }} - {{- if not (empty .Values.secrets.vapid.public_key) }} - VAPID_PUBLIC_KEY: "{{ .Values.secrets.vapid.public_key | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.vapid.public_key) }} + VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}" {{- else }} - VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.secrets.vapid.public_key }} + VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} {{- end }} {{- if not .Values.postgresql.enabled }} postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}" diff --git a/chart/templates/service-streaming.yaml b/chart/templates/service-streaming.yaml index ff5dc13ea..a005e617c 100644 --- a/chart/templates/service-streaming.yaml +++ b/chart/templates/service-streaming.yaml @@ -7,7 +7,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.application.streaming.port }} + - port: {{ .Values.mastodon.streaming.port }} targetPort: streaming protocol: TCP name: streaming diff --git a/chart/templates/service-web.yaml b/chart/templates/service-web.yaml index e0df35b25..3563fde70 100644 --- a/chart/templates/service-web.yaml +++ b/chart/templates/service-web.yaml @@ -7,7 +7,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.mastodon.web.port }} targetPort: http protocol: TCP name: http diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 000000000..d752e46ec --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,178 @@ +replicaCount: 1 + +image: + repository: tootsuite/mastodon + # https://hub.docker.com/r/tootsuite/mastodon/tags + # + # alternatively, use `latest` for the latest release or `edge` for the image + # built from the most recent commit + # + # tag: latest + tag: v3.3.0 + # use `Always` when using `latest` tag + pullPolicy: IfNotPresent + +mastodon: + # create an initial administrator user; the password is autogenerated and will + # have to be reset + createAdmin: + enabled: false + username: not_gargron + email: not@example.com + cron: + # run `tootctl media remove` every week + removeMedia: + enabled: true + schedule: "0 0 * * 0" + # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 + locale: en + local_domain: mastodon.local + persistence: + assets: + # ReadWriteOnce is more widely supported than ReadWriteMany, but limits + # scalability, since it requires the Rails and Sidekiq pods to run on the + # same node. + accessMode: ReadWriteOnce + resources: + requests: + storage: 10Gi + system: + accessMode: ReadWriteOnce + resources: + requests: + storage: 100Gi + # these must be set manually; autogenerated keys are rotated on each upgrade + secrets: + secret_key_base: "" + otp_secret: "" + vapid: + private_key: "" + public_key: "" + sidekiq: + concurrency: 25 + smtp: + auth_method: plain + ca_file: + delivery_method: smtp + domain: + enable_starttls_auto: true + from_address: notifications@example.com + login: + openssl_verify_mode: peer + password: + port: 587 + reply_to: + server: smtp.mailgun.org + tls: false + streaming: + port: 4000 + # this should be set manually since os.cpus() returns the number of CPUs on + # the node running the pod, which is unrelated to the resources allocated to + # the pod by k8s + workers: 1 + web: + port: 3000 + +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt" + # + # ensure that NGINX's upload size matches Mastodon's + # for the K8s ingress controller: + # nginx.ingress.kubernetes.io/proxy-body-size: 40m + # for the NGINX ingress controller: + # nginx.org/client-max-body-size: 40m + hosts: + - host: mastodon.local + paths: + - path: '/' + tls: + - secretName: mastodon-tls + hosts: + - mastodon.local + +# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters +elasticsearch: + # `false` will disable full-text search + # + # if you enable ES after the initial install, you will need to manually run + # RAILS_ENV=production bundle exec rake chewy:sync + # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) + enabled: true + # may be removed once https://github.com/tootsuite/mastodon/pull/13828 is part + # of a tagged release + image: + tag: 6 + +# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters +postgresql: + # disable if you want to use an existing db; in which case the values below + # must match those of that external postgres instance + enabled: true + # postgresqlHostname: preexisting-postgresql + postgresqlDatabase: mastodon_production + # you must set a password; the password generated by the postgresql chart will + # be rotated on each upgrade: + # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade + postgresqlPassword: "" + postgresqlUsername: postgres + +# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters +redis: + # you must set a password; the password generated by the redis chart will be + # rotated on each upgrade: + password: "" + +service: + type: ClusterIP + port: 80 + +# https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88 +# +# if you manually change the UID/GID environment variables, ensure these values +# match: +podSecurityContext: + runAsUser: 991 + runAsGroup: 991 + fsGroup: 991 + +securityContext: {} + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/chart/values.yaml.template b/chart/values.yaml.template deleted file mode 100644 index a57621b9e..000000000 --- a/chart/values.yaml.template +++ /dev/null @@ -1,179 +0,0 @@ -replicaCount: 1 - -image: - repository: tootsuite/mastodon - pullPolicy: Always - # https://hub.docker.com/r/tootsuite/mastodon/tags - tag: v3.3.0 - # alternatively, use `latest` for the latest release or `edge` for the image - # built from the most recent commit - # - # tag: latest - -ingress: - enabled: false - annotations: - kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: "true" - # cert-manager.io/cluster-issuer: "letsencrypt" - # - # ensure that NGINX's upload size matches Mastodon's - # for the K8s ingress controller: - # nginx.ingress.kubernetes.io/proxy-body-size: 40m - # for the NGINX ingress controller: - # nginx.org/client-max-body-size: 40m - # this value is used for LOCAL_DOMAIN - hostname: mastodon.local - tls: - - secretName: mastodon-tls - hosts: - - mastodon.local - -# create an initial administrator user; the password is autogenerated and will -# have to be reset -createAdmin: - enabled: false - username: not_gargron - email: not@example.com - -# available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 -locale: en - -cron: - # run `tootctl media remove` every week - removeMedia: - enabled: true - schedule: "0 0 * * 0" - -application: - web: - port: 3000 - streaming: - port: 4000 - # this should be set manually since os.cpus() returns the number of CPUs on - # the node running the pod, which is unrelated to the resources allocated to - # the pod by k8s - workers: 1 - sidekiq: - concurrency: 25 - -# these must be set manually; autogenerated keys are rotated on each upgrade -secrets: - secret_key_base: "" - otp_secret: "" - vapid: - private_key: "" - public_key: "" - -smtp: - auth_method: plain - ca_file: - delivery_method: smtp - domain: - enable_starttls_auto: true - from_address: notifications@example.com - login: - openssl_verify_mode: peer - password: - port: 587 - reply_to: - server: smtp.mailgun.org - tls: false - -# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters -elasticsearch: - # `false` will disable full-text search - # - # if you enable ES after the initial install, you will need to manually run - # RAILS_ENV=production bundle exec rake chewy:sync - # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) - enabled: true - # may be removed once https://github.com/tootsuite/mastodon/pull/13828 is part - # of a tagged release - image: - tag: 6 - -# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters -postgresql: - # disable if you want to use an existing db; in which case the values below - # must match those of that external postgres instance - enabled: true - # postgresqlHostname: preexisting-postgresql - postgresqlDatabase: mastodon_production - # you must set a password; the password generated by the postgresql chart will - # be rotated on each upgrade: - # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade - postgresqlPassword: "" - postgresqlUsername: postgres - -# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters -redis: - # you must set a password; the password generated by the redis chart will be - # rotated on each upgrade: - password: "" - -persistence: - assets: - # ReadWriteOnce is more widely supported than ReadWriteMany, but limits - # scalability, since it requires the Rails and Sidekiq pods to run on the - # same node. - accessMode: ReadWriteOnce - resources: - requests: - storage: 10Gi - system: - accessMode: ReadWriteOnce - resources: - requests: - storage: 100Gi - -service: - type: ClusterIP - port: 80 - -# https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88 -# -# if you manually change the UID/GID environment variables, ensure these values -# match: -podSecurityContext: - runAsUser: 991 - runAsGroup: 991 - fsGroup: 991 - -securityContext: {} - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} -- cgit From fca4fd1daa09f7261753bc98103f653a9ce463b1 Mon Sep 17 00:00:00 2001 From: Alex Dunn Date: Fri, 19 Feb 2021 00:52:32 -0800 Subject: helm: add support for S3 storage (#15748) --- chart/Chart.yaml | 2 +- chart/readme.md | 1 - chart/templates/configmap-env.yaml | 10 ++++++++++ chart/templates/cronjob-media-remove.yaml | 4 ++++ chart/templates/deployment-sidekiq.yaml | 4 ++++ chart/templates/deployment-web.yaml | 4 ++++ chart/templates/job-assets-precompile.yaml | 4 ++++ chart/templates/job-chewy-upgrade.yaml | 4 ++++ chart/templates/job-create-admin.yaml | 4 ++++ chart/templates/job-db-migrate.yaml | 4 ++++ chart/templates/pvc-assets.yaml | 3 ++- chart/templates/pvc-system.yaml | 3 ++- chart/templates/secrets.yaml | 4 ++++ chart/values.yaml | 8 ++++++++ 14 files changed, 55 insertions(+), 4 deletions(-) (limited to 'chart/templates/secrets.yaml') diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 8f95a1f63..d72b7df1a 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 +version: 1.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/chart/readme.md b/chart/readme.md index e699542ff..9f7a88958 100644 --- a/chart/readme.md +++ b/chart/readme.md @@ -24,7 +24,6 @@ The variables that _must_ be configured are: Currently this chart does _not_ support: - Hidden services -- S3/Minio/GCS - Single Sign-On - Swift - configurations using `WEB_DOMAIN` diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml index cc7231db4..701368e49 100644 --- a/chart/templates/configmap-env.yaml +++ b/chart/templates/configmap-env.yaml @@ -27,6 +27,16 @@ data: RAILS_ENV: "production" REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master REDIS_PORT: "6379" + {{- if .Values.mastodon.s3.enabled }} + S3_BUCKET: {{ .Values.mastodon.s3.bucket }} + S3_ENABLED: "true" + S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} + S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} + S3_PROTOCOL: "https" + {{- if .Values.mastodon.s3.region }} + S3_REGION: {{ .Values.mastodon.s3.region }} + {{- end }} + {{- end }} {{- if .Values.mastodon.smtp.auth_method }} SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} {{- end }} diff --git a/chart/templates/cronjob-media-remove.yaml b/chart/templates/cronjob-media-remove.yaml index 8515e4002..3d6e25cc6 100644 --- a/chart/templates/cronjob-media-remove.yaml +++ b/chart/templates/cronjob-media-remove.yaml @@ -14,6 +14,7 @@ spec: name: {{ include "mastodon.fullname" . }}-media-remove spec: restartPolicy: OnFailure + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} @@ -35,6 +36,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-media-remove image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -65,9 +67,11 @@ spec: key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} {{- end }} diff --git a/chart/templates/deployment-sidekiq.yaml b/chart/templates/deployment-sidekiq.yaml index 8ef157d31..baf6c2b2d 100644 --- a/chart/templates/deployment-sidekiq.yaml +++ b/chart/templates/deployment-sidekiq.yaml @@ -31,6 +31,7 @@ spec: serviceAccountName: {{ include "mastodon.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} @@ -52,6 +53,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -84,11 +86,13 @@ spec: secretKeyRef: name: {{ .Release.Name }}-redis key: redis-password + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/chart/templates/deployment-web.yaml b/chart/templates/deployment-web.yaml index 02aa7c9a5..8b8bb4f29 100644 --- a/chart/templates/deployment-web.yaml +++ b/chart/templates/deployment-web.yaml @@ -31,6 +31,7 @@ spec: serviceAccountName: {{ include "mastodon.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if (not .Values.mastodon.s3.enabled) }} volumes: - name: assets persistentVolumeClaim: @@ -38,6 +39,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -72,11 +74,13 @@ spec: key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} ports: - name: http containerPort: {{ .Values.mastodon.web.port }} diff --git a/chart/templates/job-assets-precompile.yaml b/chart/templates/job-assets-precompile.yaml index 2aae20582..825a7e916 100644 --- a/chart/templates/job-assets-precompile.yaml +++ b/chart/templates/job-assets-precompile.yaml @@ -14,6 +14,7 @@ spec: name: {{ include "mastodon.fullname" . }}-assets-precompile spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} @@ -35,6 +36,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-assets-precompile image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -66,8 +68,10 @@ spec: key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} diff --git a/chart/templates/job-chewy-upgrade.yaml b/chart/templates/job-chewy-upgrade.yaml index 8647a9831..cc68a3385 100644 --- a/chart/templates/job-chewy-upgrade.yaml +++ b/chart/templates/job-chewy-upgrade.yaml @@ -15,6 +15,7 @@ spec: name: {{ include "mastodon.fullname" . }}-chewy-upgrade spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} @@ -36,6 +37,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-chewy-setup image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -67,9 +69,11 @@ spec: key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} {{- end }} diff --git a/chart/templates/job-create-admin.yaml b/chart/templates/job-create-admin.yaml index 1a3d8222b..ffb8bb059 100644 --- a/chart/templates/job-create-admin.yaml +++ b/chart/templates/job-create-admin.yaml @@ -15,6 +15,7 @@ spec: name: {{ include "mastodon.fullname" . }}-create-admin spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} @@ -36,6 +37,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-create-admin image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -72,9 +74,11 @@ spec: key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} {{- end }} diff --git a/chart/templates/job-db-migrate.yaml b/chart/templates/job-db-migrate.yaml index e107da4d0..72f910e3b 100644 --- a/chart/templates/job-db-migrate.yaml +++ b/chart/templates/job-db-migrate.yaml @@ -14,6 +14,7 @@ spec: name: {{ include "mastodon.fullname" . }}-db-migrate spec: restartPolicy: Never + {{- if (not .Values.mastodon.s3.enabled) }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} @@ -35,6 +36,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} containers: - name: {{ include "mastodon.fullname" . }}-db-migrate image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -66,8 +68,10 @@ spec: key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system + {{- end }} diff --git a/chart/templates/pvc-assets.yaml b/chart/templates/pvc-assets.yaml index 12ac72eb3..58b2179df 100644 --- a/chart/templates/pvc-assets.yaml +++ b/chart/templates/pvc-assets.yaml @@ -1,4 +1,4 @@ ---- +{{- if (not .Values.mastodon.s3.enabled) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -11,3 +11,4 @@ spec: resources: {{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}} storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }} +{{- end }} diff --git a/chart/templates/pvc-system.yaml b/chart/templates/pvc-system.yaml index 62dc1e708..52398f0da 100644 --- a/chart/templates/pvc-system.yaml +++ b/chart/templates/pvc-system.yaml @@ -1,4 +1,4 @@ ---- +{{- if (not .Values.mastodon.s3.enabled) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -11,3 +11,4 @@ spec: resources: {{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}} storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }} +{{- end }} diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index 63d01d3eb..0452a8ae1 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -6,6 +6,10 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} type: Opaque data: + {{- if .Values.mastodon.s3.enabled }} + AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}" + AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}" + {{- end }} {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" {{- else }} diff --git a/chart/values.yaml b/chart/values.yaml index d752e46ec..a638f4a7d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -41,6 +41,14 @@ mastodon: resources: requests: storage: 100Gi + s3: + enabled: false + access_key: "" + access_secret: "" + bucket: "" + endpoint: https://us-east-1.linodeobjects.com + hostname: us-east-1.linodeobjects.com + region: "" # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "" -- cgit