From 6d3125f9c0127095913a9f1dfd7043929ba3bb9d Mon Sep 17 00:00:00 2001 From: Alex Dunn Date: Mon, 29 Jun 2020 04:58:48 -0700 Subject: Add Helm chart (#14090) * add Helm chart known issues/future work: - SSO is unsupported - S3/Minio/GCS is unsupported - Swift is unsupported - WEB_DOMAIN is unsupported - Tor is unsupported * helm: clarify how LOCAL_DOMAIN is set * helm: add chart description * helm: make DB_POOL and Sidekiq concurrency configurable * helm: only enforce pod affinity when using ReadWriteOnce * helm: clarify compatibility * helm: clean up application variables * helm: add job to create initial admin --- chart/values.yaml.template | 163 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) create mode 100644 chart/values.yaml.template (limited to 'chart/values.yaml.template') diff --git a/chart/values.yaml.template b/chart/values.yaml.template new file mode 100644 index 000000000..2df6748a1 --- /dev/null +++ b/chart/values.yaml.template @@ -0,0 +1,163 @@ +replicaCount: 1 + +image: + repository: tootsuite/mastodon + pullPolicy: Always + # https://hub.docker.com/r/tootsuite/mastodon/tags + tag: v3.1.4 + # alternatively, use `latest` for the latest release or `edge` for the image + # built from the most recent commit + # + # tag: latest + +ingress: + enabled: false + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt" + # this value is used for LOCAL_DOMAIN + hostname: mastodon.local + tls: + - secretName: mastodon-tls + hosts: + - mastodon.local + +# create an initial administrator user; the password is autogenerated and will +# have to be reset +createAdmin: + enabled: false + username: not_gargron + email: not@example.com + +# available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 +locale: en + +application: + web: + port: 3000 + streaming: + port: 4000 + # this should be set manually since os.cpus() returns the number of CPUs on + # the node running the pod, which is unrelated to the resources allocated to + # the pod by k8s + workers: 1 + sidekiq: + concurrency: 25 + +# these must be set manually; autogenerated keys are rotated on each upgrade +secrets: + secret_key_base: "" + otp_secret: "" + vapid: + private_key: "" + public_key: "" + +smtp: + auth_method: plain + ca_file: + delivery_method: smtp + domain: + enable_starttls_auto: true + from_address: notifications@example.com + login: + openssl_verify_mode: peer + password: + port: 587 + reply_to: + server: smtp.mailgun.org + tls: false + +# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters +elasticsearch: + # `false` will disable full-text search + # + # if you enable ES after the initial install, you will need to manually run + # RAILS_ENV=production bundle exec rake chewy:sync + # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) + enabled: true + # may be removed once https://github.com/tootsuite/mastodon/pull/13828 is part + # of a tagged release + image: + tag: 6 + +# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters +postgresql: + postgresqlDatabase: mastodon_production + # you must set a password; the password generated by the postgresql chart will + # be rotated on each upgrade: + # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade + postgresqlPassword: "" + postgresqlUsername: postgres + +# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters +redis: + # you must set a password; the password generated by the redis chart will be + # rotated on each upgrade: + password: "" + +persistence: + assets: + # ReadWriteOnce is more widely supported than ReadWriteMany, but limits + # scalability, since it requires the Rails and Sidekiq pods to run on the + # same node. + accessMode: ReadWriteOnce + resources: + requests: + storage: 100Gi + system: + accessMode: ReadWriteOnce + resources: + requests: + storage: 10Gi + +service: + type: ClusterIP + port: 80 + +# https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88 +# +# if you manually change the UID/GID environment variables, ensure these values +# match: +podSecurityContext: + runAsUser: 991 + runAsGroup: 991 + fsGroup: 991 + +securityContext: {} + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} -- cgit