From 890042fed803979227ff7ee92ce4e12752955af7 Mon Sep 17 00:00:00 2001 From: Roberto Santalla Date: Fri, 27 Jan 2023 21:57:49 +0100 Subject: [PATCH 01/57] allow to opt-out from `rollme` annotation --- templates/_helpers.tpl | 2 ++ values.yaml | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 0e1804f..016dfb3 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -55,7 +55,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} Rolling pod annotations */}} {{- define "mastodon.rollingPodAnnotations" -}} +{{- if .Values.revisionPodAnnotation }} rollme: {{ .Release.Revision | quote }} +{{- end }} checksum/config-secrets: {{ include ( print $.Template.BasePath "/secrets.yaml" ) . | sha256sum | quote }} checksum/config-configmap: {{ include ( print $.Template.BasePath "/configmap-env.yaml" ) . | sha256sum | quote }} {{- end }} diff --git a/values.yaml b/values.yaml index 0b926b8..63eec7b 100644 --- a/values.yaml +++ b/values.yaml @@ -399,7 +399,11 @@ serviceAccount: # set with podAnnotations will be added to all deployment-managed pods. podAnnotations: {} -# -- The annotations set with jobAnnotations will be added to all job pods. +# If set to true, an annotation with the current chart release number will be added to all mastodon pods. This will +# cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes. +revisionPodAnnotation: true + +# The annotations set with jobAnnotations will be added to all job pods. jobAnnotations: {} # -- Default resources for all Deployments and jobs unless overwritten From aa4cd09550a21ec3c7f0cb7a29ba75f92b76f146 Mon Sep 17 00:00:00 2001 From: Roberto Santalla Date: Fri, 27 Jan 2023 21:56:23 +0100 Subject: [PATCH 02/57] fix location of redis password placeholder --- values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/values.yaml b/values.yaml index 63eec7b..7bdcd61 100644 --- a/values.yaml +++ b/values.yaml @@ -261,12 +261,12 @@ redis: enabled: true hostname: "" port: 6379 - # -- you must set a password; the password generated by the redis chart will be - # rotated on each upgrade: - password: "" - # you can also specify the name of an existing Secret - # with a key of redis-password set to the password you want - # auth: + auth: + # -- you must set a password; the password generated by the redis chart will be + # rotated on each upgrade: + password: "" + # you can also specify the name of an existing Secret + # with a key of redis-password set to the password you want # existingSecret: "" # @ignored From a227f91a7f4018b584c68616024ad6c80fab4c38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radim=20Dost=C3=A1l?= Date: Thu, 29 Dec 2022 08:56:11 +0100 Subject: [PATCH 03/57] limited federation mode support --- templates/configmap-env.yaml | 3 +++ values.yaml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 60efedd..2651403 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -31,6 +31,9 @@ data: {{- with .Values.mastodon.authorizedFetch }} AUTHORIZED_FETCH: {{ . | quote }} {{- end }} + {{- with .Values.mastodon.limitedFederationMode }} + LIMITED_FEDERATION_MODE: {{ . | quote }} + {{- end }} # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior MALLOC_ARENA_MAX: "2" NODE_ENV: "production" diff --git a/values.yaml b/values.yaml index 7bdcd61..9e7c283 100644 --- a/values.yaml +++ b/values.yaml @@ -38,6 +38,8 @@ mastodon: singleUserMode: false # -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch authorizedFetch: false + # -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode + limitedFederationMode: false persistence: assets: # -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits From 61194296afa8dac0047071bfccedde309ecf7f03 Mon Sep 17 00:00:00 2001 From: Effy Elden Date: Fri, 9 Dec 2022 17:12:31 +1100 Subject: [PATCH 04/57] allow custom S3_PERMISSION env --- templates/configmap-env.yaml | 3 +++ values.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 2651403..804d453 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -50,6 +50,9 @@ data: S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} S3_PROTOCOL: "https" + {{- if .Values.mastodon.s3.permission }} + S3_PERMISSION: {{ .Values.mastodon.s3.permission }} + {{- end }} {{- with .Values.mastodon.s3.region }} S3_REGION: {{ . }} {{- end }} diff --git a/values.yaml b/values.yaml index 9e7c283..a1785fa 100644 --- a/values.yaml +++ b/values.yaml @@ -65,6 +65,7 @@ mastodon: endpoint: "" hostname: "" region: "" + permission: "" # -- If you have a caching proxy, enter its base URL here. alias_host: "" # these must be set manually; autogenerated keys are rotated on each upgrade From f5e3c27ab6ab1c92136a3c64f1bbdc1ea40ec595 Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Mon, 5 Dec 2022 20:49:56 +0000 Subject: [PATCH 05/57] feat(helm-chart): add values for various Puma related settings --- templates/deployment-web.yaml | 16 ++++++++++++++++ values.yaml | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index c1ec232..30308e2 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -74,6 +74,22 @@ spec: key: redis-password - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} + {{- if .Values.mastodon.web.minThreads }} + - name: "MIN_THREADS" + value: {{ .Values.mastodon.web.minThreads | quote }} + {{- end }} + {{- if .Values.mastodon.web.maxThreads }} + - name: "MAX_THREADS" + value: {{ .Values.mastodon.web.maxThreads | quote }} + {{- end }} + {{- if .Values.mastodon.web.workers }} + - name: "WEB_CONCURRENCY" + value: {{ .Values.mastodon.web.workers | quote }} + {{- end }} + {{- if .Values.mastodon.web.persistentTimeout }} + - name: "PERSISTENT_TIMEOUT" + value: {{ .Values.mastodon.web.persistentTimeout | quote }} + {{- end }} {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} - name: "AWS_SECRET_ACCESS_KEY" valueFrom: diff --git a/values.yaml b/values.yaml index a1785fa..16dfadf 100644 --- a/values.yaml +++ b/values.yaml @@ -190,6 +190,12 @@ mastodon: # requests: # cpu: 250m # memory: 768Mi + # -- Puma-specific options. Below values are based on default behavior in + # config/puma.rb when no custom values are provided. + minThreads: "5" + maxThreads: "5" + workers: "2" + persistentTimeout: "20" metrics: statsd: From 41152e0ed3f3248d0b77bb0d297016932f22d276 Mon Sep 17 00:00:00 2001 From: David Sanftenberg Date: Thu, 29 Dec 2022 21:47:07 +0000 Subject: [PATCH 06/57] Fix alias_host break on bad var reference (#34) --- templates/configmap-env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 804d453..e1b1896 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -57,7 +57,7 @@ data: S3_REGION: {{ . }} {{- end }} {{- with .Values.mastodon.s3.alias_host }} - S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}} + S3_ALIAS_HOST: {{ . }} {{- end }} {{- end }} {{- with .Values.mastodon.smtp.auth_method }} From b4302e04e6d89819da8bd7d5c9c4b30b1420b842 Mon Sep 17 00:00:00 2001 From: Roberto Santalla Date: Fri, 27 Jan 2023 22:05:37 +0100 Subject: [PATCH 07/57] store smtp credentials on a secret --- templates/_helpers.tpl | 11 +++++++++++ templates/configmap-env.yaml | 6 ------ templates/deployment-sidekiq.yaml | 24 +++++++++++------------- templates/secret-smtp.yaml | 16 ++++++++++++++++ values.yaml | 4 ++-- 5 files changed, 40 insertions(+), 21 deletions(-) create mode 100644 templates/secret-smtp.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 016dfb3..6331a26 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -100,6 +100,17 @@ Get the mastodon secret. {{- end -}} {{- end -}} +{{/* +Get the smtp secret. +*/}} +{{- define "mastodon.smtp.secretName" -}} +{{- if .Values.mastodon.smtp.existingSecret }} + {{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}} +{{- else -}} + {{- printf "%s-smtp" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + {{/* Get the postgresql secret. */}} diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index e1b1896..54e3874 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -81,15 +81,9 @@ data: {{- with .Values.mastodon.smtp.from_address }} SMTP_FROM_ADDRESS: {{ . }} {{- end }} - {{- with .Values.mastodon.smtp.login }} - SMTP_LOGIN: {{ . }} - {{- end }} {{- with .Values.mastodon.smtp.openssl_verify_mode }} SMTP_OPENSSL_VERIFY_MODE: {{ . }} {{- end }} - {{- with .Values.mastodon.smtp.password }} - SMTP_PASSWORD: {{ . }} - {{- end }} {{- with .Values.mastodon.smtp.port }} SMTP_PORT: {{ . | quote }} {{- end }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index a03019e..0736ad6 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -90,6 +90,17 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" $context }} key: redis-password + - name: "SMTP_LOGIN" + valueFrom: + secretKeyRef: + name: {{ include "mastodon.smtp.secretName" $context }} + key: login + optional: true + - name: "SMTP_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ include "mastodon.smtp.secretName" $context }} + key: password {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }} - name: "AWS_SECRET_ACCESS_KEY" valueFrom: @@ -102,19 +113,6 @@ spec: name: {{ $context.Values.mastodon.s3.existingSecret }} key: AWS_ACCESS_KEY_ID {{- end }} - {{- if $context.Values.mastodon.smtp.existingSecret }} - - name: "SMTP_LOGIN" - valueFrom: - secretKeyRef: - name: {{ $context.Values.mastodon.smtp.existingSecret }} - key: login - optional: true - - name: "SMTP_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ $context.Values.mastodon.smtp.existingSecret }} - key: password - {{- end }} {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/templates/secret-smtp.yaml b/templates/secret-smtp.yaml new file mode 100644 index 0000000..98b15f3 --- /dev/null +++ b/templates/secret-smtp.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.mastodon.smtp.existingSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-smtp" (include "common.names.fullname" .) }} + labels: + {{- include "mastodon.labels" . | nindent 4 }} +type: Opaque +data: + {{- with .Values.mastodon.smtp.login }} + login: {{ . | b64enc }} + {{- end }} + {{- with .Values.mastodon.smtp.password }} + password: {{ . | b64enc }} + {{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml index 16dfadf..3f65ddf 100644 --- a/values.yaml +++ b/values.yaml @@ -144,8 +144,8 @@ mastodon: tls: false login: password: - # -- you can also specify the name of an existing Secret - # with the keys login and password + # -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and + # password must be located in keys named `login` and `password` respectively. existingSecret: streaming: port: 4000 From 9806bbc8b1bb270e0f1d5cc951c5ce4f1077802d Mon Sep 17 00:00:00 2001 From: Roberto Santalla Date: Fri, 27 Jan 2023 22:33:49 +0100 Subject: [PATCH 08/57] add checksum for smtp secret to sidekiq deployments --- templates/deployment-sidekiq.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 0736ad6..8a0e9e8 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -31,6 +31,7 @@ spec: {{- end }} # roll the pods to pick up any db migrations or other changes {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} + checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} labels: {{- include "mastodon.selectorLabels" $context | nindent 8 }} app.kubernetes.io/component: sidekiq-{{ .name }} From 4fda7eea971e7dc09cbd01015444a3897551d3fe Mon Sep 17 00:00:00 2001 From: "Alexander \"Ananace\" Olofsson" Date: Fri, 17 Feb 2023 22:13:19 +0100 Subject: [PATCH 09/57] Fix and improve LDAP configuration (#3) Co-authored-by: Renaud Chaput --- templates/configmap-env.yaml | 13 ++++++++----- values.yaml | 5 +++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 54e3874..5c400db 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -288,13 +288,16 @@ data: {{- if .Values.externalAuth.ldap.enabled }} LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }} LDAP_HOST: {{ .Values.externalAuth.ldap.host }} - LDAP_PORT: {{ .Values.externalAuth.ldap.port }} + LDAP_PORT: {{ .Values.externalAuth.ldap.port | quote }} LDAP_METHOD: {{ .Values.externalAuth.ldap.method }} - {{- with .Values.externalAuth.ldap.base }} - LDAP_BASE: {{ . }} + {{- if .Values.externalAuth.ldap.tls_no_verify }} + LDAP_TLS_NO_VERIFY: {{ .Values.externalAuth.ldap.tls_no_verify | quote }} {{- end }} - {{- with .Values.externalAuth.ldap.bind_on }} - LDAP_BIND_ON: {{ . }} + {{- if .Values.externalAuth.ldap.base }} + LDAP_BASE: {{ .Values.externalAuth.ldap.base }} + {{- end }} + {{- if .Values.externalAuth.ldap.bind_dn }} + LDAP_BIND_DN: {{ .Values.externalAuth.ldap.bind_dn }} {{- end }} {{- with .Values.externalAuth.ldap.password }} LDAP_PASSWORD: {{ . }} diff --git a/values.yaml b/values.yaml index 3f65ddf..10c7785 100644 --- a/values.yaml +++ b/values.yaml @@ -369,10 +369,11 @@ externalAuth: ldap: enabled: false # host: myservice.namespace.svc - # port: 389 + # port: 636 # method: simple_tls + # tls_no_verify: true # base: - # bind_on: + # bind_dn: # password: # uid: cn # mail: mail From 6e6f8a36d10c374bb042b13cc416e906f2d2b636 Mon Sep 17 00:00:00 2001 From: Varac Date: Fri, 17 Feb 2023 17:26:34 +0100 Subject: [PATCH 10/57] Fix streaming route Until now, only /api/v1/streaming/ was routed to the streaming pod, while /api/v1/streaming/* was falsely routed to the web pod, which returned 404 for each request. Now everything below /api/v1/streaming will reach the streaming pod. Fixes: #36 --- .gitignore | 1 + templates/ingress.yaml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ee3892e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +charts/ diff --git a/templates/ingress.yaml b/templates/ingress.yaml index e5c5e1d..5a3409a 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -52,7 +52,7 @@ spec: {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} pathType: Prefix {{- end }} - - path: {{ .path }}api/v1/streaming/ + - path: {{ .path }}api/v1/streaming backend: {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} service: @@ -64,7 +64,7 @@ spec: servicePort: {{ $streamingPort }} {{- end }} {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} - pathType: Exact + pathType: Prefix {{- end }} {{- end }} {{- end }} From 3934da1d2185b5526798e7dd946a4ded5a0b2c4e Mon Sep 17 00:00:00 2001 From: Cees-Jan Kiewiet Date: Mon, 28 Nov 2022 14:52:41 +0100 Subject: [PATCH 11/57] Add the PREPARED_STATEMENTS environment variable and set it to its default value Being able to control it can be useful in situations where prepared statements don't work as expected. Once such case can be pgbouncer as provided by DigitalOcean for connection pooling. --- templates/configmap-env.yaml | 1 + values.yaml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 5c400db..265bd41 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -15,6 +15,7 @@ data: DB_NAME: {{ .Values.postgresql.auth.database }} DB_POOL: {{ include "mastodon.maxDbPool" . }} DB_USER: {{ .Values.postgresql.auth.username }} + PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} ES_ENABLED: "true" diff --git a/values.yaml b/values.yaml index 10c7785..711f000 100644 --- a/values.yaml +++ b/values.yaml @@ -202,6 +202,9 @@ mastodon: # -- Enable statsd publishing via STATSD_ADDR environment variable address: "" + # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements + preparedStatements: true + ingress: enabled: true annotations: From 94ffdc8f83307460106845db0fbd5e58fb7d4f5c Mon Sep 17 00:00:00 2001 From: Renaud Chaput Date: Tue, 14 Mar 2023 22:06:30 +0100 Subject: [PATCH 12/57] Update image repository to GHCR (#53) --- values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/values.yaml b/values.yaml index 711f000..930a5b3 100644 --- a/values.yaml +++ b/values.yaml @@ -1,6 +1,6 @@ image: - repository: tootsuite/mastodon - # https://hub.docker.com/r/tootsuite/mastodon/tags + repository: ghcr.io/mastodon/mastodon + # https://github.com/mastodon/mastodon/pkgs/container/mastodon # # alternatively, use `latest` for the latest release or `edge` for the image # built from the most recent commit From 1b503bb6b379b4e602c16357a17f97d0c2d0e08a Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Wed, 12 Apr 2023 08:18:09 -0700 Subject: [PATCH 13/57] Added SMTP_RETURN_PATH option --- templates/configmap-env.yaml | 3 +++ values.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 265bd41..fbb8788 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -82,6 +82,9 @@ data: {{- with .Values.mastodon.smtp.from_address }} SMTP_FROM_ADDRESS: {{ . }} {{- end }} + {{- with .Values.mastodon.smtp.return_path }} + SMTP_RETURN_PATH: {{ . }} + {{- end }} {{- with .Values.mastodon.smtp.openssl_verify_mode }} SMTP_OPENSSL_VERIFY_MODE: {{ . }} {{- end }} diff --git a/values.yaml b/values.yaml index 930a5b3..ea9848b 100644 --- a/values.yaml +++ b/values.yaml @@ -137,6 +137,7 @@ mastodon: domain: enable_starttls: 'auto' from_address: notifications@example.com + return_path: openssl_verify_mode: peer port: 587 reply_to: From 8f612abc721bffbf7fe9f5aeb730bc93cf5eb45e Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Wed, 19 Apr 2023 15:31:36 -0700 Subject: [PATCH 14/57] Added deployment annotations to chart --- templates/deployment-sidekiq.yaml | 4 ++++ templates/deployment-streaming.yaml | 4 ++++ templates/deployment-web.yaml | 4 ++++ values.yaml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 8a0e9e8..6aac6e8 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -9,6 +9,10 @@ metadata: {{- include "mastodon.labels" $context | nindent 4 }} app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails + annotations: + {{- with $context.Values.deployAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if (has "scheduler" .queues) }} {{- if (gt (int .replicas) 1) }} diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index dd80404..1e690ac 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -4,6 +4,10 @@ metadata: name: {{ include "mastodon.fullname" . }}-streaming labels: {{- include "mastodon.labels" . | nindent 4 }} + annotations: + {{- with .Values.deployAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.mastodon.streaming.replicas }} selector: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 30308e2..e707b3c 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -4,6 +4,10 @@ metadata: name: {{ include "mastodon.fullname" . }}-web labels: {{- include "mastodon.labels" . | nindent 4 }} + annotations: + {{- with .Values.deployAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.mastodon.web.replicas }} selector: diff --git a/values.yaml b/values.yaml index ea9848b..c8c5d96 100644 --- a/values.yaml +++ b/values.yaml @@ -408,6 +408,10 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" +# Custom annotations to apply to all created deployment objects. These can be +# used to help mastodon interact with other services in the cluster. +deployAnnotations: {} + # -- Kubernetes manages pods for jobs and pods for deployments differently, so you might # need to apply different annotations to the two different sets of pods. The annotations # set with podAnnotations will be added to all deployment-managed pods. From 4b6fd9f7e6273cb2708e5f8e16b87b1d07114eb8 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 20 Apr 2023 08:15:48 -0700 Subject: [PATCH 15/57] Rename deployment annotations var, allow deploy-specific annotations --- templates/deployment-sidekiq.yaml | 2 +- templates/deployment-streaming.yaml | 2 +- templates/deployment-web.yaml | 2 +- values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 6aac6e8..5dc9244 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails annotations: - {{- with $context.Values.deployAnnotations }} + {{- with $context.Values.deploymentAnnotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 1e690ac..ea08b1b 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} annotations: - {{- with .Values.deployAnnotations }} + {{- with (default .Values.deploymentAnnotations .Values.mastodon.streaming.deploymentAnnotations) }} {{- toYaml . | nindent 4 }} {{- end }} spec: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index e707b3c..420c277 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} annotations: - {{- with .Values.deployAnnotations }} + {{- with (default .Values.deploymentAnnotations .Values.mastodon.web.deploymentAnnotations) }} {{- toYaml . | nindent 4 }} {{- end }} spec: diff --git a/values.yaml b/values.yaml index c8c5d96..a4660e2 100644 --- a/values.yaml +++ b/values.yaml @@ -410,7 +410,7 @@ serviceAccount: # Custom annotations to apply to all created deployment objects. These can be # used to help mastodon interact with other services in the cluster. -deployAnnotations: {} +deploymentAnnotations: {} # -- Kubernetes manages pods for jobs and pods for deployments differently, so you might # need to apply different annotations to the two different sets of pods. The annotations From 1d0879b3c9bb3ac3fb9e8e385819cbe47a88e527 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 12 Dec 2023 10:17:17 +0100 Subject: [PATCH 16/57] Add extra env vars --- templates/configmap-env.yaml | 3 +++ values.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index fbb8788..74ad09e 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -328,3 +328,6 @@ data: {{- with .Values.mastodon.metrics.statsd.address }} STATSD_ADDR: {{ . }} {{- end }} + {{- range $k, $v := .Values.mastodon.extraEnvVars }} + {{ $k }}: {{ quote $v }} + {{- end }} diff --git a/values.yaml b/values.yaml index a4660e2..30e3ea8 100644 --- a/values.yaml +++ b/values.yaml @@ -206,6 +206,9 @@ mastodon: # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements preparedStatements: true + # Additional env vars defined in all pods + extraEnvVars: {} + ingress: enabled: true annotations: From 8014703818c1d71f3c8d2ee9dedba0837c9ff1d7 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 7 Dec 2023 16:00:07 +0100 Subject: [PATCH 17/57] Add hooks to jobs --- templates/job-assets-precompile.yaml | 2 ++ templates/job-db-migrate.yaml | 2 ++ values.yaml | 5 +++++ 3 files changed, 9 insertions(+) diff --git a/templates/job-assets-precompile.yaml b/templates/job-assets-precompile.yaml index bc5ff7b..3458fea 100644 --- a/templates/job-assets-precompile.yaml +++ b/templates/job-assets-precompile.yaml @@ -1,3 +1,4 @@ +{{- if .Values.mastodon.hooks.assetsPrecompile.enabled -}} apiVersion: batch/v1 kind: Job metadata: @@ -75,3 +76,4 @@ spec: - name: system mountPath: /opt/mastodon/public/system {{- end }} +{{- end -}} diff --git a/templates/job-db-migrate.yaml b/templates/job-db-migrate.yaml index 41324fb..e9a40a7 100644 --- a/templates/job-db-migrate.yaml +++ b/templates/job-db-migrate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.mastodon.hooks.dbMigrate.enabled -}} apiVersion: batch/v1 kind: Job metadata: @@ -75,3 +76,4 @@ spec: - name: system mountPath: /opt/mastodon/public/system {{- end }} +{{- end -}} diff --git a/values.yaml b/values.yaml index 30e3ea8..f0e0ad9 100644 --- a/values.yaml +++ b/values.yaml @@ -20,6 +20,11 @@ mastodon: username: not_gargron # @ignored email: not@example.com + hooks: + dbMigrate: + enabled: false + assetsPrecompile: + enabled: false cron: # -- run `tootctl media remove` every week removeMedia: From 94aa576b1eecd6949962639441113348299185d0 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 12 Dec 2023 10:14:45 +0100 Subject: [PATCH 18/57] Default hooks should be true --- values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/values.yaml b/values.yaml index f0e0ad9..602ec08 100644 --- a/values.yaml +++ b/values.yaml @@ -22,9 +22,9 @@ mastodon: email: not@example.com hooks: dbMigrate: - enabled: false + enabled: true assetsPrecompile: - enabled: false + enabled: true cron: # -- run `tootctl media remove` every week removeMedia: From bc19788acc9cdc71e6c470f043828f390ec12f11 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 7 Dec 2023 16:12:55 +0100 Subject: [PATCH 19/57] Add sidecar capability for statsd --- templates/_statsd.yaml | 54 ++++++++++++ templates/configmap-env.yaml | 6 +- templates/deployment-sidekiq.yaml | 3 + templates/deployment-web.yaml | 3 + templates/statsd-exporter-mappings.yaml | 107 ++++++++++++++++++++++++ values.yaml | 5 ++ 6 files changed, 176 insertions(+), 2 deletions(-) create mode 100644 templates/_statsd.yaml create mode 100644 templates/statsd-exporter-mappings.yaml diff --git a/templates/_statsd.yaml b/templates/_statsd.yaml new file mode 100644 index 0000000..410e4f1 --- /dev/null +++ b/templates/_statsd.yaml @@ -0,0 +1,54 @@ +{{/* + The exporter container attached to every Mastodon pod +*/}} + +{{- define "mastodon.statsdExporterContainer" }} +{{- with .Values.mastodon.metrics.statsd }} +{{- if and .exporter.enabled (not .address) }} +- name: statsd-exporter + image: prom/statsd-exporter + args: + - "--statsd.mapping-config=/statsd-mappings/mastodon.yml" + resources: + requests: + cpu: "0.1" + memory: "180M" + limits: + cpu: "0.5" + memory: "250M" + ports: + - name: statsd + containerPort: {{ .exporter.port }} + volumeMounts: + - name: statsd-mappings + mountPath: /statsd-mappings +{{- end }} +{{- end }} +{{- end }} + +{{/* + The volume needed for the container above +*/}} +{{- define "mastodon.statsdExporterVolume" }} +{{- with .Values.mastodon.metrics.statsd }} +{{- if and .exporter.enabled (not .address) }} +- name: statsd-mappings + configMap: + name: {{ include "mastodon.fullname" $ }}-statsd-mappings + items: + - key: mastodon-statsd-mappings.yml + path: mastodon.yml +{{- end }} +{{- end }} +{{- end }} + +{{/* + Labels added to every statsd_exporter-enabled pod +*/}} +{{- define "mastodon.statsdExporterLabels" }} +{{- with .Values.mastodon.metrics.statsd }} +{{- if and .exporter.enabled (not .address) }} +mastodon/statsd-exporter: "true" +{{- end }} +{{- end }} +{{- end }} diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 74ad09e..da9b174 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -325,8 +325,10 @@ data: LDAP_UID_CONVERSION_REPLACE: {{ . }} {{- end }} {{- end }} - {{- with .Values.mastodon.metrics.statsd.address }} - STATSD_ADDR: {{ . }} + {{- if .Values.mastodon.metrics.statsd.address }} + STATSD_ADDR: {{ .Values.mastodon.metrics.statsd.address }} + {{- else if .Values.mastodon.metrics.statsd.exporter.enabled }} + STATSD_ADDR: localhost:9125 {{- end }} {{- range $k, $v := .Values.mastodon.extraEnvVars }} {{ $k }}: {{ quote $v }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 5dc9244..3d269e1 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -38,6 +38,7 @@ spec: checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} labels: {{- include "mastodon.selectorLabels" $context | nindent 8 }} + {{- include "mastodon.statsdExporterLabels" $context | nindent 8 }} app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails spec: @@ -63,6 +64,7 @@ spec: persistentVolumeClaim: claimName: {{ template "mastodon.fullname" $context }}-system {{- end }} + {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} containers: - name: {{ $context.Chart.Name }} securityContext: @@ -127,6 +129,7 @@ spec: {{- end }} resources: {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} + {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} {{- with $context.Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 420c277..c206297 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -25,6 +25,7 @@ spec: {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} labels: {{- include "mastodon.selectorLabels" . | nindent 8 }} + {{- include "mastodon.statsdExporterLabels" . | nindent 8 }} app.kubernetes.io/component: web app.kubernetes.io/part-of: rails spec: @@ -45,6 +46,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-web @@ -134,6 +136,7 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/templates/statsd-exporter-mappings.yaml b/templates/statsd-exporter-mappings.yaml new file mode 100644 index 0000000..813af1d --- /dev/null +++ b/templates/statsd-exporter-mappings.yaml @@ -0,0 +1,107 @@ +{{- if and .Values.mastodon.metrics.statsd.exporter.enabled (not .Values.mastodon.metrics.statsd.address) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mastodon.fullname" . }}-statsd-mappings + labels: + {{- include "mastodon.labels" . | nindent 4 }} +data: + mastodon-statsd-mappings.yml: |- + ## From https://ipng.ch/assets/mastodon/statsd-mapping.yaml + ## Prometheus Statsd Exporter mapping for Mastodon 4.0+ + ## + ## Version 1.0, November 2022 + ## + ## Documentation: https://ipng.ch/s/articles/2022/11/27/mastodon-3.html + + mappings: + ## Web collector + - match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.status\.(.+) + match_type: regex + name: "mastodon_controller_status" + labels: + controller: $1 + action: $2 + format: $3 + status: $4 + mastodon: "web" + - match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.db_time + match_type: regex + name: "mastodon_controller_db_time" + labels: + controller: $1 + action: $2 + format: $3 + mastodon: "web" + - match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.view_time + match_type: regex + name: "mastodon_controller_view_time" + labels: + controller: $1 + action: $2 + format: $3 + mastodon: "web" + - match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.total_duration + match_type: regex + name: "mastodon_controller_duration" + labels: + controller: $1 + action: $2 + format: $3 + mastodon: "web" + + ## Database collector + - match: Mastodon\.production\.db\.tables\.(.+)\.queries\.(.+)\.duration + match_type: regex + name: "mastodon_db_operation" + labels: + table: "$1" + operation: "$2" + mastodon: "db" + + ## Cache collector + - match: Mastodon\.production\.cache\.(.+)\.duration + match_type: regex + name: "mastodon_cache_duration" + labels: + operation: "$1" + mastodon: "cache" + + ## Sidekiq collector + - match: Mastodon\.production\.sidekiq\.(.+)\.processing_time + match_type: regex + name: "mastodon_sidekiq_worker_processing_time" + labels: + worker: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.(.+)\.success + match_type: regex + name: "mastodon_sidekiq_worker_success_total" + labels: + worker: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.(.+)\.failure + match_type: regex + name: "mastodon_sidekiq_worker_failure_total" + labels: + worker: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.queues\.(.+)\.enqueued + match_type: regex + name: "mastodon_sidekiq_queue_enqueued" + labels: + queue: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.queues\.(.+)\.latency + match_type: regex + name: "mastodon_sidekiq_queue_latency" + labels: + queue: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.(.+) + match_type: regex + name: "mastodon_sidekiq_$1" + labels: + mastodon: "sidekiq" + +{{- end }} diff --git a/values.yaml b/values.yaml index 602ec08..34f7869 100644 --- a/values.yaml +++ b/values.yaml @@ -207,6 +207,11 @@ mastodon: statsd: # -- Enable statsd publishing via STATSD_ADDR environment variable address: "" + # -- Alternatively, you can use this to have a statsd_exporter sidecar container running along all Mastodon containers and exposing metrics in OpenMetric/Prometheus format on each pod + # Please note the exporter will not be enabled if metrics.statsd.address is not empty + exporter: + enabled: false + port: 9102 # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements preparedStatements: true From 4e742ac8e19b5f35e51a3cd1d4f1038f466aef7b Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 12 Dec 2023 10:39:27 +0100 Subject: [PATCH 20/57] Add global labels --- templates/_helpers.tpl | 10 ++++++++++ templates/deployment-sidekiq.yaml | 1 + templates/deployment-streaming.yaml | 1 + templates/deployment-web.yaml | 1 + 4 files changed, 13 insertions(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 6331a26..c69ebfa 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -31,12 +31,22 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} +{{/* +Labels added on every Mastodon resource +*/}} +{{- define "mastodon.globalLabels" -}} +{{- range $k, $v := .Values.mastodon.labels }} +{{ $k }}: {{ quote $v }} +{{- end -}} +{{- end }} + {{/* Common labels */}} {{- define "mastodon.labels" -}} helm.sh/chart: {{ include "mastodon.chart" . }} {{ include "mastodon.selectorLabels" . }} +{{ include "mastodon.globalLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 3d269e1..525343e 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -37,6 +37,7 @@ spec: {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} labels: + {{- include "mastodon.globalLabels" $context | nindent 8 }} {{- include "mastodon.selectorLabels" $context | nindent 8 }} {{- include "mastodon.statsdExporterLabels" $context | nindent 8 }} app.kubernetes.io/component: sidekiq-{{ .name }} diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index ea08b1b..5fc8d46 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -23,6 +23,7 @@ spec: # roll the pods to pick up any db migrations or other changes {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} labels: + {{- include "mastodon.globalLabels" . | nindent 8 }} {{- include "mastodon.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: streaming spec: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index c206297..7817276 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -24,6 +24,7 @@ spec: # roll the pods to pick up any db migrations or other changes {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} labels: + {{- include "mastodon.globalLabels" . | nindent 8 }} {{- include "mastodon.selectorLabels" . | nindent 8 }} {{- include "mastodon.statsdExporterLabels" . | nindent 8 }} app.kubernetes.io/component: web From b4f4811efd68525fdb2446e14ec153d4da2e5349 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 12 Dec 2023 11:38:54 +0100 Subject: [PATCH 21/57] Add field to values --- values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values.yaml b/values.yaml index 34f7869..bbaa11f 100644 --- a/values.yaml +++ b/values.yaml @@ -25,6 +25,8 @@ mastodon: enabled: true assetsPrecompile: enabled: true + # Custom labels to add to kubernetes resources + #labels: cron: # -- run `tootctl media remove` every week removeMedia: From 03ea7244d78939ec7ddffa03c2923bca6805a7e3 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Wed, 13 Dec 2023 15:26:14 +0100 Subject: [PATCH 22/57] Add deepl configuration --- templates/configmap-env.yaml | 4 ++++ templates/deployment-sidekiq.yaml | 7 +++++++ templates/deployment-web.yaml | 7 +++++++ values.yaml | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index da9b174..b956347 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -333,3 +333,7 @@ data: {{- range $k, $v := .Values.mastodon.extraEnvVars }} {{ $k }}: {{ quote $v }} {{- end }} + + {{- if .Values.mastodon.deepl.enabled }} + DEEPL_PLAN: {{ .Values.mastodon.deepl.plan }} + {{- end }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 525343e..7fdafd3 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -121,6 +121,13 @@ spec: name: {{ $context.Values.mastodon.s3.existingSecret }} key: AWS_ACCESS_KEY_ID {{- end }} + {{- if and $context.Values.mastodon.deepl.enabled }} + - name: "DEEPL_API_KEY" + valueFrom: + secretKeyRef: + name: {{ $context.Values.mastodon.deepl.apiKeySecretRef.name }} + key: {{ $context.Values.mastodon.deepl.apiKeySecretRef.key }} + {{- end }} {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 7817276..bfcce32 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -109,6 +109,13 @@ spec: name: {{ .Values.mastodon.s3.existingSecret }} key: AWS_ACCESS_KEY_ID {{- end }} + {{- if .Values.mastodon.deepl.enabled }} + - name: "DEEPL_API_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.deepl.apiKeySecretRef.name }} + key: {{ .Values.mastodon.deepl.apiKeySecretRef.key }} + {{- end }} {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/values.yaml b/values.yaml index bbaa11f..ab5b7d2 100644 --- a/values.yaml +++ b/values.yaml @@ -75,6 +75,12 @@ mastodon: permission: "" # -- If you have a caching proxy, enter its base URL here. alias_host: "" + deepl: + enabled: false + plan: + apiKeySecretRef: + name: + key: # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "" From 905f78fd725560b8100bf9426f2b09c19e10aebc Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 14 Dec 2023 23:11:13 -0800 Subject: [PATCH 23/57] Additional Elasticsearch options (#106) --- templates/_helpers.tpl | 13 +++++++++++++ templates/configmap-env.yaml | 7 +++++++ templates/cronjob-media-remove.yaml | 7 +++++++ templates/deployment-sidekiq.yaml | 7 +++++++ templates/deployment-web.yaml | 7 +++++++ templates/job-chewy-upgrade.yaml | 7 +++++++ values.yaml | 16 ++++++++++++++-- 7 files changed, 62 insertions(+), 2 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c69ebfa..2c50146 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -171,3 +171,16 @@ Find highest number of needed database connections to set DB_POOL variable {{- end }} {{- $poolSize | quote }} {{- end }} + +{{/* +Full hostname for a custom Elasticsearch cluster +*/}} +{{- define "mastodon.elasticsearch.fullHostname" -}} +{{- if not .Values.elasticsearch.enabled }} + {{- if .Values.elasticsearch.tls }} + {{- printf "https://%s" (tpl .Values.elasticsearch.hostname $) -}} + {{- else -}} + {{- printf "%s" (tpl .Values.elasticsearch.hostname $) -}} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index b956347..8cd7e5d 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -21,6 +21,13 @@ data: ES_ENABLED: "true" ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl ES_PORT: "9200" + {{- else if .Values.elasticsearch.hostname }} + ES_ENABLED: "true" + ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}} + ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }} + {{- end }} + {{- with .Values.elasticsearch.user }} + ES_USER: {{ . }} {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} {{- with .Values.mastodon.web_domain }} diff --git a/templates/cronjob-media-remove.yaml b/templates/cronjob-media-remove.yaml index d70afeb..33229a8 100644 --- a/templates/cronjob-media-remove.yaml +++ b/templates/cronjob-media-remove.yaml @@ -65,6 +65,13 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} key: redis-password + {{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }} + - name: "ES_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.elasticsearch.existingSecret }} + key: password + {{- end }} - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 7fdafd3..401bcea 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -98,6 +98,13 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" $context }} key: redis-password + {{- if and $context.Values.elasticsearch.existingSecret (or $context.Values.elasticsearch.enabled $context.Values.elasticsearch.hostname) }} + - name: "ES_PASS" + valueFrom: + secretKeyRef: + name: {{ $context.Values.elasticsearch.existingSecret }} + key: password + {{- end }} - name: "SMTP_LOGIN" valueFrom: secretKeyRef: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index bfcce32..db46120 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -79,6 +79,13 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} key: redis-password + {{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }} + - name: "ES_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.elasticsearch.existingSecret }} + key: password + {{- end }} - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} {{- if .Values.mastodon.web.minThreads }} diff --git a/templates/job-chewy-upgrade.yaml b/templates/job-chewy-upgrade.yaml index f86a4e3..33e9bf9 100644 --- a/templates/job-chewy-upgrade.yaml +++ b/templates/job-chewy-upgrade.yaml @@ -67,6 +67,13 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} key: redis-password + {{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }} + - name: "ES_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.elasticsearch.existingSecret }} + key: password + {{- end }} - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/values.yaml b/values.yaml index ab5b7d2..6827e54 100644 --- a/values.yaml +++ b/values.yaml @@ -255,17 +255,29 @@ ingress: # -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: - # `false` will disable full-text search + # Elasticsearch is powering full-text search. It is optional. + + # `false` will not install Elasticsearch as part of this chart # # if you enable ES after the initial install, you will need to manually run # RAILS_ENV=production bundle exec rake chewy:sync # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) - # @ignored enabled: true # @ignored image: tag: 7 + # If you are using an external ES cluster, use `enabled: false` and set the hostname, port, + # and whether the cluster uses TLS. + # hostname: + # port: 9200 + # tls: true + + # This is optional, use it if you ES cluster requires authentication + # user: + # Name of an existing secret with a password key + # existingSecret: + # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: # -- disable if you want to use an existing db; in which case the values below From 6d5a6004e3291caef0161e226c855cf8e5e89529 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 15 Dec 2023 08:30:22 +0100 Subject: [PATCH 24/57] Add topology spread constraints --- templates/deployment-sidekiq.yaml | 4 ++++ templates/deployment-streaming.yaml | 4 ++++ templates/deployment-web.yaml | 4 ++++ values.yaml | 14 ++++++++++++++ 4 files changed, 26 insertions(+) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 401bcea..d9bea05 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -56,6 +56,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with (default (default $context.Values.topologySpreadConstraints $context.Values.mastodon.sidekiq.topologySpreadConstraints) .topologySpreadConstraints) }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if (not $context.Values.mastodon.s3.enabled) }} volumes: - name: assets diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 5fc8d46..5aa8866 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -87,6 +87,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with (default .Values.topologySpreadConstraints .Values.mastodon.streaming.topologySpreadConstraints) }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index db46120..651043f 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -160,6 +160,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with (default .Values.topologySpreadConstraints .Values.mastodon.web.topologySpreadConstraints) }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/values.yaml b/values.yaml index 6827e54..254eb1c 100644 --- a/values.yaml +++ b/values.yaml @@ -101,6 +101,8 @@ mastodon: resources: {} # -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity affinity: {} + # -- Topology spread constraints for Sidekiq Pods, overwrites .Values.topologySpreadConstraints + topologySpreadConstraints: {} # limits: # cpu: "1" # memory: 768Mi @@ -117,6 +119,8 @@ mastodon: resources: {} # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity affinity: {} + # -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints + topologySpreadConstraints: {} # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument queues: @@ -174,6 +178,8 @@ mastodon: replicas: 1 # -- Affinity for Streaming Pods, overwrites .Values.affinity affinity: {} + # -- Topology spread constraints for Streaming Pods, overwrites .Values.topologySpreadConstraints + topologySpreadConstraints: {} # -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext podSecurityContext: {} # -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext @@ -192,6 +198,8 @@ mastodon: replicas: 1 # -- Affinity for Web Pods, overwrites .Values.affinity affinity: {} + # -- Topology spread constraints for Web Pods, overwrites .Values.topologySpreadConstraints + topologySpreadConstraints: {} # -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext podSecurityContext: {} # -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext @@ -478,3 +486,9 @@ tolerations: [] # -- Affinity for all pods unless overwritten affinity: {} + +# -- Topology Spread Constraints for all pods unless overwritten +# Please note that you need to use `matchLabelKeys` (Kubernetes 1.25+) if you +# want to spread each deployment independently, or override topologySpreadConstraints +# for each deployment +topologySpreadConstraints: {} From 61b643b05d048f237ef8a184ced9445c20e5c37e Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 15 Dec 2023 13:48:00 -0800 Subject: [PATCH 25/57] Add separate streaming ingress object (#111) --- templates/ingress-streaming.yml | 57 +++++++++++++++++++++++++++++++++ templates/ingress.yaml | 2 ++ values.yaml | 16 +++++++++ 3 files changed, 75 insertions(+) create mode 100644 templates/ingress-streaming.yml diff --git a/templates/ingress-streaming.yml b/templates/ingress-streaming.yml new file mode 100644 index 0000000..4e3ad72 --- /dev/null +++ b/templates/ingress-streaming.yml @@ -0,0 +1,57 @@ +{{- if .Values.ingress.streaming.enabled -}} +{{- $fullName := include "mastodon.fullname" . -}} +{{- $webPort := .Values.mastodon.web.port -}} +{{- $streamingPort := .Values.mastodon.streaming.port -}} +{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-streaming + labels: + {{- include "mastodon.labels" . | nindent 4 }} + {{- with .Values.ingress.streaming.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.streaming.ingressClassName }} + ingressClassName: {{ .Values.ingress.streaming.ingressClassName }} + {{- end }} + {{- if .Values.ingress.streaming.tls }} + tls: + {{- range .Values.ingress.streaming.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.streaming.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }}api/v1/streaming + backend: + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + service: + name: {{ $fullName }}-streaming + port: + number: {{ $streamingPort }} + {{- else }} + serviceName: {{ $fullName }}-streaming + servicePort: {{ $streamingPort }} + {{- end }} + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + pathType: Prefix + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 5a3409a..3da46ab 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -52,6 +52,7 @@ spec: {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} pathType: Prefix {{- end }} + {{- if not $.Values.ingress.streaming.enabled }} - path: {{ .path }}api/v1/streaming backend: {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} @@ -67,5 +68,6 @@ spec: pathType: Prefix {{- end }} {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/values.yaml b/values.yaml index 254eb1c..cee2a48 100644 --- a/values.yaml +++ b/values.yaml @@ -261,6 +261,22 @@ ingress: hosts: - mastodon.local + # This allows you to have a separate ingress for streaming + # When enabled, the main ingress will no longer handle streaming requests. + # You will also need to configure mastodon.streaming.base_url accordingly + streaming: + enabled: false + annotations: + ingressClassName: + hosts: + - host: streaming.mastodon.local + paths: + - path: "/" + tls: + - secretName: mastodon-tls + hosts: + - streaming.mastodon.local + # -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: # Elasticsearch is powering full-text search. It is optional. From 0c7466501c179c72c8620184685e29c6d21da2ec Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Mon, 18 Dec 2023 04:45:00 -0800 Subject: [PATCH 26/57] Custom docker images and database configs (#110) --- templates/deployment-sidekiq.yaml | 12 +++++++++++- templates/deployment-streaming.yaml | 2 +- templates/deployment-web.yaml | 12 +++++++++++- values.yaml | 20 ++++++++++++++++++++ 4 files changed, 43 insertions(+), 3 deletions(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index d9bea05..2b78359 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -70,11 +70,16 @@ spec: claimName: {{ template "mastodon.fullname" $context }}-system {{- end }} {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} + {{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }} + - name: config-database-yml + configMap: + name: {{ .customDatabaseConfigYml.configMapRef.name }} + {{- end }} containers: - name: {{ $context.Chart.Name }} securityContext: {{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }} - image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}" + image: "{{ coalesce (dig "image" "repository" false .) $context.Values.image.repository }}:{{ coalesce (dig "image" "tag" false .) $context.Values.image.tag $context.Chart.AppVersion }}" imagePullPolicy: {{ $context.Values.image.pullPolicy }} command: - bundle @@ -146,6 +151,11 @@ spec: - name: system mountPath: /opt/mastodon/public/system {{- end }} + {{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }} + - name: config-database-yml + mountPath: /opt/mastodon/config/database.yml + subPath: {{ .customDatabaseConfigYml.configMapRef.key }} + {{- end }} resources: {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 5aa8866..9924fe1 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -42,7 +42,7 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ coalesce .Values.mastodon.streaming.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - node diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 651043f..b724210 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -48,6 +48,11 @@ spec: persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} + {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} + - name: config-database-yml + configMap: + name: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} + {{- end }} {{- end }} containers: - name: {{ .Chart.Name }}-web @@ -55,7 +60,7 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - bundle @@ -130,6 +135,11 @@ spec: - name: system mountPath: /opt/mastodon/public/system {{- end }} + {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} + - name: config-database-yml + mountPath: /opt/mastodon/config/database.yml + subPath: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.key }} + {{- end }} ports: - name: http containerPort: {{ .Values.mastodon.web.port }} diff --git a/values.yaml b/values.yaml index cee2a48..72c21ec 100644 --- a/values.yaml +++ b/values.yaml @@ -130,6 +130,14 @@ mastodon: - mailers,2 - pull - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. + image: + repository: + tag: + # allows you to mount a custom database.yml from a configmap + customDatabaseConfigYml: + configMapRef: + name: + key: #- name: push-pull # concurrency: 50 # resources: {} @@ -166,6 +174,9 @@ mastodon: # password must be located in keys named `login` and `password` respectively. existingSecret: streaming: + image: + repository: + tag: port: 4000 # -- this should be set manually since os.cpus() returns the number of CPUs on # the node running the pod, which is unrelated to the resources allocated to @@ -218,6 +229,15 @@ mastodon: maxThreads: "5" workers: "2" persistentTimeout: "20" + image: + repository: + tag: + # allows you to mount a custom database.yml from a configmap + # for example if you want to use a read-only replica + customDatabaseConfigYml: + configMapRef: + name: + key: metrics: statsd: From 8f5e9dc971e79674591e14dec3b25bed0898dae5 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 11 Jan 2024 03:56:04 -0800 Subject: [PATCH 27/57] Add options for hcaptcha and cachebuster (#108) --- templates/configmap-env.yaml | 16 ++++++++++++++++ templates/deployment-sidekiq.yaml | 7 +++++++ templates/deployment-web.yaml | 14 ++++++++++++++ values.yaml | 18 ++++++++++++++++++ 4 files changed, 55 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 8cd7e5d..96e70c3 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -344,3 +344,19 @@ data: {{- if .Values.mastodon.deepl.enabled }} DEEPL_PLAN: {{ .Values.mastodon.deepl.plan }} {{- end }} + + {{- if .Values.mastodon.hcaptcha.enabled }} + HCAPTCHA_SITE_KEY: {{ .Values.mastodon.hcaptcha.siteId }} + {{- end }} + + {{- if .Values.mastodon.cacheBuster.enabled }} + CACHE_BUSTER_ENABLED: "true" + {{- if .Values.mastodon.cacheBuster.httpMethod }} + CACHE_BUSTER_HTTP_METHOD: {{ .Values.mastodon.cacheBuster.httpMethod }} + {{- end }} + {{- if .Values.mastodon.cacheBuster.authHeader }} + CACHE_BUSTER_SECRET_HEADER: {{ .Values.mastodon.cacheBuster.authHeader }} + {{- end }} + {{- else }} + CACHE_BUSTER_ENABLED: "false" + {{- end }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 2b78359..2f75309 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -144,6 +144,13 @@ spec: name: {{ $context.Values.mastodon.deepl.apiKeySecretRef.name }} key: {{ $context.Values.mastodon.deepl.apiKeySecretRef.key }} {{- end }} + {{- if and $context.Values.mastodon.cacheBuster.enabled $context.Values.mastodon.cacheBuster.authToken.existingSecret }} + - name: CACHE_BUSTER_SECRET + valueFrom: + secretKeyRef: + name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }} + key: password + {{- end }} {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index b724210..b736a9d 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -128,6 +128,20 @@ spec: name: {{ .Values.mastodon.deepl.apiKeySecretRef.name }} key: {{ .Values.mastodon.deepl.apiKeySecretRef.key }} {{- end }} + {{- if .Values.mastodon.hcaptcha.enabled }} + - name: "HCAPTCHA_SECRET_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.name }} + key: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.key }} + {{- end }} + {{- if and .Values.mastodon.cacheBuster.enabled .Values.mastodon.cacheBuster.authToken.existingSecret }} + - name: CACHE_BUSTER_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }} + key: password + {{- end }} {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/values.yaml b/values.yaml index 72c21ec..6a0abcf 100644 --- a/values.yaml +++ b/values.yaml @@ -81,6 +81,12 @@ mastodon: apiKeySecretRef: name: key: + hcaptcha: + enabled: false + siteId: + secretKeySecretRef: + name: + key: # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "" @@ -239,6 +245,18 @@ mastodon: name: key: + # HTTP cache buster configuration. + # See the documentation for more information about this feature: + # https://docs.joinmastodon.org/admin/config/#http-cache-buster + cacheBuster: + enabled: false + httpMethod: "GET" + # If the cache service requires authentication, specify the header name and + # secret/token here. + authHeader: + authToken: + existingSecret: + metrics: statsd: # -- Enable statsd publishing via STATSD_ADDR environment variable From 0072b14a6a7fb044ac2ecf916ba8061d34828a93 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 11 Jan 2024 03:56:14 -0800 Subject: [PATCH 28/57] Add support for read replica (#105) --- templates/configmap-env.yaml | 15 +++++++++++++++ templates/deployment-sidekiq.yaml | 7 +++++++ templates/deployment-streaming.yaml | 7 +++++++ templates/deployment-web.yaml | 7 +++++++ values.yaml | 13 +++++++++++++ 5 files changed, 49 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 96e70c3..51fc9da 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -15,6 +15,21 @@ data: DB_NAME: {{ .Values.postgresql.auth.database }} DB_POOL: {{ include "mastodon.maxDbPool" . }} DB_USER: {{ .Values.postgresql.auth.username }} + {{- if .Values.postgresql.readReplica.hostname }} + REPLICA_DB_HOST: {{ .Values.postgresql.readReplica.hostname }} + {{- end }} + {{- if .Values.postgresql.readReplica.port }} + REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port }} + {{- end }} + {{- if .Values.postgresql.readReplica.auth.database }} + REPLICA_DB_NAME: {{ .Values.postgresql.readReplica.auth.database }} + {{- end }} + {{- if .Values.postgresql.readReplica.auth.username }} + REPLICA_DB_USER: {{ .Values.postgresql.readReplica.auth.username }} + {{- end }} + {{- if .Values.postgresql.readReplica.auth.password }} + REPLICA_DB_PASS: {{ .Values.postgresql.readReplica.auth.password }} + {{- end }} PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 2f75309..9bece8f 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -102,6 +102,13 @@ spec: secretKeyRef: name: {{ template "mastodon.postgresql.secretName" $context }} key: password + {{- if $context.Values.postgresql.readReplica.auth.existingSecret }} + - name: "REPLICA_DB_PASS" + valueFrom: + secretKeyRef: + name: {{ $context.Values.postgresql.readReplica.auth.existingSecret }} + key: password + {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 9924fe1..7ce100a 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -56,6 +56,13 @@ spec: secretKeyRef: name: {{ template "mastodon.postgresql.secretName" . }} key: password + {{- if .Values.postgresql.readReplica.auth.existingSecret }} + - name: "REPLICA_DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.readReplica.auth.existingSecret }} + key: password + {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index b736a9d..5bf035f 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -79,6 +79,13 @@ spec: secretKeyRef: name: {{ template "mastodon.postgresql.secretName" . }} key: password + {{- if .Values.postgresql.readReplica.auth.existingSecret }} + - name: "REPLICA_DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.readReplica.auth.existingSecret}} + key: password + {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: diff --git a/values.yaml b/values.yaml index 6a0abcf..b9fd707 100644 --- a/values.yaml +++ b/values.yaml @@ -362,6 +362,19 @@ postgresql: # with a key of password set to the password you want existingSecret: "" + # Options for a read-only replica. + # If enabled, mastodon uses existing defaults for postgres for these values as well. + # Documentation for more information on this feature: + # https://docs.joinmastodon.org/admin/scaling/#read-replicas + readReplica: + hostname: + port: + auth: + database: + username: + password: + existingSecret: + # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: # disable if you want to use an existing redis instance; in which case the From da64454fc3c1f82df90c900fc8ec44e416e33f1d Mon Sep 17 00:00:00 2001 From: YDKK Date: Thu, 11 Jan 2024 21:01:40 +0900 Subject: [PATCH 29/57] fix accessModes misreference in pcv-assets (#112) --- templates/pvc-assets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/pvc-assets.yaml b/templates/pvc-assets.yaml index 36d5558..46c90ca 100644 --- a/templates/pvc-assets.yaml +++ b/templates/pvc-assets.yaml @@ -7,7 +7,7 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.mastodon.persistence.system.accessMode }} + - {{ .Values.mastodon.persistence.assets.accessMode }} {{- with .Values.mastodon.persistence.assets.resources }} resources: {{- toYaml . | nindent 4 }} From 9cb9df98b6262d38280970db77718956bb0abefd Mon Sep 17 00:00:00 2001 From: James Hammett Date: Thu, 11 Jan 2024 05:19:42 -0700 Subject: [PATCH 30/57] add ES_PRESET environment variable (#98) Co-authored-by: Tim Campbell --- templates/configmap-env.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 51fc9da..3ce6ced 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -34,6 +34,7 @@ data: DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} ES_ENABLED: "true" + ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }} ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl ES_PORT: "9200" {{- else if .Values.elasticsearch.hostname }} @@ -44,6 +45,9 @@ data: {{- with .Values.elasticsearch.user }} ES_USER: {{ . }} {{- end }} + {{- with .Values.elasticsearch.user }} + ES_USER: {{ . }} + {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} {{- with .Values.mastodon.web_domain }} WEB_DOMAIN: {{ . }} From 97c3d1dc90ba1aa47cde332df6b03ee715d48002 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Thu, 11 Jan 2024 14:15:36 +0000 Subject: [PATCH 31/57] Set default Redis replica count to 0 (#96) --- values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values.yaml b/values.yaml index b9fd707..100f560 100644 --- a/values.yaml +++ b/values.yaml @@ -389,6 +389,8 @@ redis: # you can also specify the name of an existing Secret # with a key of redis-password set to the password you want # existingSecret: "" + replica: + replicaCount: 0 # @ignored service: From 5527809faf1a0e78eed69e10ca2a9a599717fb52 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 03:39:42 -0800 Subject: [PATCH 32/57] Added custom volume mounts, additional small tweaks to match internal (#115) --- templates/deployment-sidekiq.yaml | 11 ++++- templates/deployment-streaming.yaml | 1 + templates/deployment-web.yaml | 11 ++++- values.yaml | 70 ++++++++++++++++------------- 4 files changed, 59 insertions(+), 34 deletions(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 9bece8f..8cae4f3 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -22,6 +22,7 @@ spec: type: Recreate {{- end }} replicas: {{ .replicas }} + revisionHistoryLimit: 2 selector: matchLabels: {{- include "mastodon.selectorLabels" $context | nindent 6 }} @@ -60,8 +61,8 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} - {{- if (not $context.Values.mastodon.s3.enabled) }} volumes: + {{- if (not $context.Values.mastodon.s3.enabled) }} - name: assets persistentVolumeClaim: claimName: {{ template "mastodon.fullname" $context }}-assets @@ -75,6 +76,9 @@ spec: configMap: name: {{ .customDatabaseConfigYml.configMapRef.name }} {{- end }} + {{- with $context.Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ $context.Chart.Name }} securityContext: @@ -158,8 +162,8 @@ spec: name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }} key: password {{- end }} - {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: + {{- if (not $context.Values.mastodon.s3.enabled) }} - name: assets mountPath: /opt/mastodon/public/assets - name: system @@ -170,6 +174,9 @@ spec: mountPath: /opt/mastodon/config/database.yml subPath: {{ .customDatabaseConfigYml.configMapRef.key }} {{- end }} + {{- with $context.Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 7ce100a..1e4acaa 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -10,6 +10,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.mastodon.streaming.replicas }} + revisionHistoryLimit: 2 selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 5bf035f..47aa0f6 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -10,6 +10,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.mastodon.web.replicas }} + revisionHistoryLimit: 2 selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} @@ -39,20 +40,23 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} volumes: + {{- if (not .Values.mastodon.s3.enabled) }} - name: assets persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-assets - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} - name: config-database-yml configMap: name: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-web @@ -149,8 +153,8 @@ spec: name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }} key: password {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: + {{- if (not .Values.mastodon.s3.enabled) }} - name: assets mountPath: /opt/mastodon/public/assets - name: system @@ -161,6 +165,9 @@ spec: mountPath: /opt/mastodon/config/database.yml subPath: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.key }} {{- end }} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} ports: - name: http containerPort: {{ .Values.mastodon.web.port }} diff --git a/values.yaml b/values.yaml index 100f560..7c995d0 100644 --- a/values.yaml +++ b/values.yaml @@ -11,6 +11,9 @@ image: pullPolicy: IfNotPresent mastodon: + # Labels added to every Mastodon-related object + labels: {} + # -- create an initial administrator user; the password is autogenerated and will # have to be reset createAdmin: @@ -116,34 +119,35 @@ mastodon: # cpu: 250m # memory: 512Mi workers: - - name: all-queues - # -- Number of threads / parallel sidekiq jobs that are executed per Pod - concurrency: 25 - # -- Number of Pod replicas deployed by the Deployment - replicas: 1 - # -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources - resources: {} - # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity - affinity: {} - # -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints - topologySpreadConstraints: {} - # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency - # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument - queues: - - default,8 - - push,6 - - ingress,4 - - mailers,2 - - pull - - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. - image: - repository: - tag: - # allows you to mount a custom database.yml from a configmap - customDatabaseConfigYml: - configMapRef: - name: - key: + - name: all-queues + # -- Number of threads / parallel sidekiq jobs that are executed per Pod + concurrency: 25 + # -- Number of Pod replicas deployed by the Deployment + replicas: 1 + # -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources + resources: {} + # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity + affinity: {} + # -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints + topologySpreadConstraints: {} + # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency + # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument + queues: + - default,8 + - push,6 + - ingress,4 + - mailers,2 + - pull + - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. + image: + repository: + tag: + # allows you to mount a custom database.yml from a configmap + # please note that we do not advise using a read-only replica for sidekiq workers + customDatabaseConfigYml: + configMapRef: + name: + key: #- name: push-pull # concurrency: 50 # resources: {} @@ -166,7 +170,7 @@ mastodon: ca_file: /etc/ssl/certs/ca-certificates.crt delivery_method: smtp domain: - enable_starttls: 'auto' + enable_starttls: "auto" from_address: notifications@example.com return_path: openssl_verify_mode: peer @@ -293,7 +297,7 @@ ingress: hosts: - host: mastodon.local paths: - - path: '/' + - path: "/" tls: - secretName: mastodon-tls hosts: @@ -561,3 +565,9 @@ affinity: {} # want to spread each deployment independently, or override topologySpreadConstraints # for each deployment topologySpreadConstraints: {} + +# Default volume mounts for all pods +volumeMounts: [] + +# Default volumes for all pods +volumes: [] From e327416da44139f1956e4de8f63e1c0ff931ce41 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 03:41:52 -0800 Subject: [PATCH 33/57] Set default chart version to 4.2, add version compatilibity notes (#113) --- values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 7c995d0..e606b8b 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ image: # built from the most recent commit # # tag: latest - tag: "" + tag: "v4.2" # use `Always` when using `latest` tag pullPolicy: IfNotPresent @@ -368,6 +368,7 @@ postgresql: # Options for a read-only replica. # If enabled, mastodon uses existing defaults for postgres for these values as well. + # NOTE: This feature is only available on Mastodon v4.2+ # Documentation for more information on this feature: # https://docs.joinmastodon.org/admin/scaling/#read-replicas readReplica: From fba8496f01db112c7f20a3be0059a04961d5baec Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 03:52:00 -0800 Subject: [PATCH 34/57] Quick rearrange for ES_PRESET, add to values file (#114) --- templates/configmap-env.yaml | 4 +--- values.yaml | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 3ce6ced..f2d989e 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -39,15 +39,13 @@ data: ES_PORT: "9200" {{- else if .Values.elasticsearch.hostname }} ES_ENABLED: "true" + ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }} ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}} ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }} {{- end }} {{- with .Values.elasticsearch.user }} ES_USER: {{ . }} {{- end }} - {{- with .Values.elasticsearch.user }} - ES_USER: {{ . }} - {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} {{- with .Values.mastodon.web_domain }} WEB_DOMAIN: {{ . }} diff --git a/values.yaml b/values.yaml index e606b8b..237ace5 100644 --- a/values.yaml +++ b/values.yaml @@ -338,6 +338,7 @@ elasticsearch: # hostname: # port: 9200 # tls: true + # preset: single_node_cluster # This is optional, use it if you ES cluster requires authentication # user: From 218f55b9091381e11bb93cd5ddc9b521721354d5 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 04:38:46 -0800 Subject: [PATCH 35/57] Updated chart/app version (#116) --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 1ebc973..cae84cd 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.0.0 +version: 4.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v4.0.2 +appVersion: v4.2.3 dependencies: - name: elasticsearch From 089adff9a52bd46a473ae5c4002bfe01b4ad8efc Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 06:10:15 -0800 Subject: [PATCH 36/57] Updated dependency lock file (#117) --- Chart.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.lock b/Chart.lock index 961e4fa..afc2440 100644 --- a/Chart.lock +++ b/Chart.lock @@ -8,5 +8,5 @@ dependencies: - name: redis repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami version: 16.13.2 -digest: sha256:17ea58a3264aa22faff18215c4269f47dabae956d0df273c684972f356416193 -generated: "2022-08-08T21:44:18.0195364+02:00" +digest: sha256:8be2c8069d65f295d0079bdda67c45691370f7bef73393c2e80eedbdd748b9af +generated: "2024-01-19T13:45:12.079125474+01:00" From 826d6e945f80f5618f3455c978f1a40a230e3060 Mon Sep 17 00:00:00 2001 From: James Hammett Date: Fri, 2 Feb 2024 06:03:35 -0700 Subject: [PATCH 37/57] add tolerations specific to web deployment to template (#100) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Norman <85173861+norman-zon@users.noreply.github.com> Co-authored-by: Alex Nordlund Co-authored-by: Effy Elden Co-authored-by: Sheogorath Co-authored-by: Chris Funderburg Co-authored-by: Roberto Santalla Co-authored-by: Radim Dostál Co-authored-by: Jim Myhrberg Co-authored-by: David Sanftenberg Co-authored-by: Alexander "Ananace" Olofsson Co-authored-by: Renaud Chaput Co-authored-by: Varac Co-authored-by: Cees-Jan Kiewiet Co-authored-by: Tim Campbell --- templates/deployment-web.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 47aa0f6..b8e8533 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -202,7 +202,7 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.mastodon.web.tolerations) }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} From f5c9cdc36482b094fcb536206c5c9f609af0fe19 Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Sat, 3 Feb 2024 13:36:54 +0100 Subject: [PATCH 38/57] feat(app): upgrade Mastodon to 4.2.5 The default `image.tag` value has been changed from `v4.2` to the exact `v4.2.5` version. With the non-exact version tag, patch upgrades on existing installs would be missed unless `image.pullPolicy` has been customized to `Always`. --- Chart.yaml | 4 ++-- values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index cae84cd..0809c9a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.1.0 +version: 4.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v4.2.3 +appVersion: v4.2.5 dependencies: - name: elasticsearch diff --git a/values.yaml b/values.yaml index 237ace5..352c203 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ image: # built from the most recent commit # # tag: latest - tag: "v4.2" + tag: "v4.2.5" # use `Always` when using `latest` tag pullPolicy: IfNotPresent From ef9e071c386ab860170be75d7e8ce0e6bde4b99c Mon Sep 17 00:00:00 2001 From: lleyton Date: Wed, 14 Feb 2024 09:08:13 -0800 Subject: [PATCH 39/57] Use unique annotation key for smtp secret checksum (#48) (#51) --- templates/deployment-sidekiq.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 8cae4f3..c6ba2eb 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -36,7 +36,7 @@ spec: {{- end }} # roll the pods to pick up any db migrations or other changes {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} - checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} + checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} labels: {{- include "mastodon.globalLabels" $context | nindent 8 }} {{- include "mastodon.selectorLabels" $context | nindent 8 }} From d7dea06a2e7be89172ea16a96d2a32a394d0f63c Mon Sep 17 00:00:00 2001 From: Daniel Jilg Date: Wed, 14 Feb 2024 18:14:03 +0100 Subject: [PATCH 40/57] Fix a typo in values.yaml (#123) --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 352c203..39e1ff9 100644 --- a/values.yaml +++ b/values.yaml @@ -48,7 +48,7 @@ mastodon: singleUserMode: false # -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch authorizedFetch: false - # -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode + # -- Enables "Limited Federation Mode" for more details see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode limitedFederationMode: false persistence: assets: From 84f04add25d4e3ba6de6b4623ee0bd5eed451349 Mon Sep 17 00:00:00 2001 From: Alistair Young Date: Fri, 16 Feb 2024 01:59:05 -0600 Subject: [PATCH 41/57] Enable supplementary environment variables. (#69) Co-authored-by: Tim Campbell --- templates/deployment-sidekiq.yaml | 4 ++++ templates/deployment-streaming.yaml | 4 ++++ templates/deployment-web.yaml | 4 ++++ values.yaml | 9 ++++++++- 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index c6ba2eb..cb98dc2 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -100,6 +100,10 @@ spec: name: {{ include "mastodon.fullname" $context }}-env - secretRef: name: {{ template "mastodon.secretName" $context }} + {{- if $context.Values.mastodon.extraEnvFrom }} + - configMapRef: + name: {{ $context.Values.mastodon.extraEnvFrom }} + {{- end}} env: - name: "DB_PASS" valueFrom: diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 1e4acaa..b3c26bd 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -51,6 +51,10 @@ spec: envFrom: - configMapRef: name: {{ include "mastodon.fullname" . }}-env + {{- if .Values.mastodon.extraEnvFrom }} + - configMapRef: + name: {{ .Values.mastodon.extraEnvFrom }} + {{- end}} env: - name: "DB_PASS" valueFrom: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index b8e8533..28490a7 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -77,6 +77,10 @@ spec: name: {{ include "mastodon.fullname" . }}-env - secretRef: name: {{ template "mastodon.secretName" . }} + {{- if .Values.mastodon.extraEnvFrom }} + - configMapRef: + name: {{ .Values.mastodon.extraEnvFrom }} + {{- end}} env: - name: "DB_PASS" valueFrom: diff --git a/values.yaml b/values.yaml index 39e1ff9..8378928 100644 --- a/values.yaml +++ b/values.yaml @@ -274,8 +274,15 @@ mastodon: # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements preparedStatements: true - # Additional env vars defined in all pods + + # Specify extra environment variables to be added to all Mastodon pods. + # These can be used for configuration not included in this chart (including configuration for Mastodon varietals.) extraEnvVars: {} + + # Alternatively specify extra environment variables stored in a ConfigMap. + # The specified ConfigMap should contain the additional environment variables in key-value format. + # extraEnvFrom: + ingress: enabled: true From e5b256d45c82eac3d94f46717748643586920368 Mon Sep 17 00:00:00 2001 From: Alexandra Catalina Date: Fri, 16 Feb 2024 02:21:29 -0800 Subject: [PATCH 42/57] move changes into separate CHANGELOG, add notes for 4.x (#124) --- CHANGELOG.md | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 54 ------------------------------- 2 files changed, 90 insertions(+), 54 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..8ef3161 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,90 @@ +# [4.0.0](https://github.com/mastodon/chart/compare/920cf37..ae892d5) + +- adds support for multiple Sidekiq deployments to be configured to manage + different sets of queues. + +- smtp: replaces `enable_starttls_auto` boolean with `enable_starttls` setting + that defaults to `auto`. + +- adds support for statsd publishing: + ``` + mastodon: + metrics: + statsd: + address: + ``` + +- allows disabling the included redis deployment in order to use an existing external redis server: + ``` + redis: + enabled: false + ``` + +- adds support for [authorized + fetch](https://docs.joinmastodon.org/admin/config/#authorized_fetch): + ``` + mastodon: + authorizedFetch: true + ``` + +- removed the `HorizontalPodAutoscaler` and the global autoscaling configuration. + +A number of other configuration options have been added, see [values.yaml](./values.yaml). + +# 3.0.0 + +skipped + +# 2.1.0 + +## ingressClassName and tls-acme changes +The annotations previously defaulting to nginx have been removed and support + for ingressClassName has been added. +```yaml +ingress: + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" +``` + +To restore the old functionality simply add the above snippet to your `values.yaml`, +but the recommendation is to replace these with `ingress.ingressClassName` and use +cert-manager's issuer/cluster-issuer instead of tls-acme. +If you're uncertain about your current setup leave `ingressClassName` empty and add +`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`. + +# 2.0.0 + +## Fixed labels +Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error: +```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"``` + +If you want an easy upgrade and you're comfortable with some downtime then +simply delete the -sidekiq, -web, and -streaming Deployments manually. + +If you require a no-downtime upgrade then: +1. run `helm template` instead of `helm upgrade` +2. Copy the new -web and -streaming services into `services.yml` +3. Copy the new -web and -streaming deployments into `deployments.yml` +4. Append -temp to the name of each deployment in `deployments.yml` +5. `kubectl apply -f deployments.yml` then wait until all pods are ready +6. `kubectl apply -f services.yml` +7. Delete the old -sidekiq, -web, and -streaming deployments manually +8. `helm upgrade` like normal +9. `kubectl delete -f deployments.yml` to clear out the temporary deployments + +## PostgreSQL passwords +If you've previously installed the chart and you're having problems with +postgres not accepting your password then make sure to set `username` to +`postgres` and `password` and `postgresPassword` to the same passwords. +```yaml +postgresql: + auth: + username: postgres + password: + postgresPassword: +``` + +And make sure to set `password` to the same value as `postgres-password` +in your `mastodon-postgresql` secret: +```kubectl edit secret mastodon-postgresql``` diff --git a/README.md b/README.md index 53f9599..a595a4d 100644 --- a/README.md +++ b/README.md @@ -64,57 +64,3 @@ Sidekiq deployments, it’s possible they will occur in the wrong order. After upgrading Mastodon versions, it may sometimes be necessary to manually delete the Rails and Sidekiq pods so that they are recreated against the latest migration. - -# Upgrades in 2.1.0 - -## ingressClassName and tls-acme changes -The annotations previously defaulting to nginx have been removed and support - for ingressClassName has been added. -```yaml -ingress: - annotations: - kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: "true" -``` - -To restore the old functionality simply add the above snippet to your `values.yaml`, -but the recommendation is to replace these with `ingress.ingressClassName` and use -cert-manager's issuer/cluster-issuer instead of tls-acme. -If you're uncertain about your current setup leave `ingressClassName` empty and add -`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`. - -# Upgrades in 2.0.0 - -## Fixed labels -Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error: -```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"``` - -If you want an easy upgrade and you're comfortable with some downtime then -simply delete the -sidekiq, -web, and -streaming Deployments manually. - -If you require a no-downtime upgrade then: -1. run `helm template` instead of `helm upgrade` -2. Copy the new -web and -streaming services into `services.yml` -3. Copy the new -web and -streaming deployments into `deployments.yml` -4. Append -temp to the name of each deployment in `deployments.yml` -5. `kubectl apply -f deployments.yml` then wait until all pods are ready -6. `kubectl apply -f services.yml` -7. Delete the old -sidekiq, -web, and -streaming deployments manually -8. `helm upgrade` like normal -9. `kubectl delete -f deployments.yml` to clear out the temporary deployments - -## PostgreSQL passwords -If you've previously installed the chart and you're having problems with -postgres not accepting your password then make sure to set `username` to -`postgres` and `password` and `postgresPassword` to the same passwords. -```yaml -postgresql: - auth: - username: postgres - password: - postgresPassword: -``` - -And make sure to set `password` to the same value as `postgres-password` -in your `mastodon-postgresql` secret: -```kubectl edit secret mastodon-postgresql``` \ No newline at end of file From 8e5ab7c0682151c6939aab6d6a11869a94c65d5d Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Fri, 16 Feb 2024 10:32:01 +0000 Subject: [PATCH 43/57] feat(deployments): make spec.revisionHistoryLimit configurable (#121) --- templates/deployment-sidekiq.yaml | 4 +++- templates/deployment-streaming.yaml | 4 +++- templates/deployment-web.yaml | 4 +++- values.yaml | 5 +++++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index cb98dc2..b906149 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -22,7 +22,9 @@ spec: type: Recreate {{- end }} replicas: {{ .replicas }} - revisionHistoryLimit: 2 + {{- if (ne (toString $context.Values.mastodon.revisionHistoryLimit) "") }} + revisionHistoryLimit: {{ $context.Values.mastodon.revisionHistoryLimit }} + {{- end }} selector: matchLabels: {{- include "mastodon.selectorLabels" $context | nindent 6 }} diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index b3c26bd..e64d38f 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -10,7 +10,9 @@ metadata: {{- end }} spec: replicas: {{ .Values.mastodon.streaming.replicas }} - revisionHistoryLimit: 2 + {{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "") }} + revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }} + {{- end }} selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 28490a7..b1bb0b8 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -10,7 +10,9 @@ metadata: {{- end }} spec: replicas: {{ .Values.mastodon.web.replicas }} - revisionHistoryLimit: 2 + {{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "") }} + revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }} + {{- end }} selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} diff --git a/values.yaml b/values.yaml index 8378928..617e3cd 100644 --- a/values.yaml +++ b/values.yaml @@ -101,6 +101,11 @@ mastodon: # with keys SECRET_KEY_BASE and OTP_SECRET and # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY existingSecret: "" + + # -- The number of old revisions to keep for each Deployment in Kubernetes. + # See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy + revisionHistoryLimit: 2 + sidekiq: # -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext podSecurityContext: {} From 59fa6f80c5c711e8be3267626d0b1aad6f300b0d Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 16 Feb 2024 19:01:46 +0100 Subject: [PATCH 44/57] Update app version to newest mastodon version --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 0809c9a..3716d39 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -20,7 +20,7 @@ version: 4.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v4.2.5 +appVersion: v4.2.7 dependencies: - name: elasticsearch From 28728a8760fb1c2fcea6a39c86a0871b7fba4bdc Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Mon, 19 Feb 2024 08:26:25 +0000 Subject: [PATCH 45/57] chore(deps): upgrade image tag to v4.2.7 and bump chart version (#127) --- Chart.yaml | 2 +- values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 3716d39..91c33d2 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.1.1 +version: 4.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/values.yaml b/values.yaml index 617e3cd..96d780c 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ image: # built from the most recent commit # # tag: latest - tag: "v4.2.5" + tag: "v4.2.7" # use `Always` when using `latest` tag pullPolicy: IfNotPresent From 3143ab1e34ad17faa87515ac7fa08e1782569061 Mon Sep 17 00:00:00 2001 From: Matthew Abbott Date: Tue, 12 Mar 2024 08:49:53 -0500 Subject: [PATCH 46/57] Add S3_OVERRIDE_PATH_STYLE to mastodon-env ConfigMap (#94) --- templates/configmap-env.yaml | 3 +++ values.yaml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index f2d989e..34fac72 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -84,6 +84,9 @@ data: {{- with .Values.mastodon.s3.alias_host }} S3_ALIAS_HOST: {{ . }} {{- end }} + {{- with .Values.mastodon.s3.override_path_style }} + S3_OVERRIDE_PATH_STYLE: "{{ . }}" + {{- end }} {{- end }} {{- with .Values.mastodon.smtp.auth_method }} SMTP_AUTH_METHOD: {{ . }} diff --git a/values.yaml b/values.yaml index 96d780c..3c7d948 100644 --- a/values.yaml +++ b/values.yaml @@ -78,6 +78,8 @@ mastodon: permission: "" # -- If you have a caching proxy, enter its base URL here. alias_host: "" + # -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming + # override_path_style: "true" deepl: enabled: false plan: From 63a052b6a5c19dabd172c15c1fd74298dcc544b2 Mon Sep 17 00:00:00 2001 From: Alexandra Catalina Date: Tue, 12 Mar 2024 06:50:27 -0700 Subject: [PATCH 47/57] deps: update to latest versions, switch to OCI repo [semver-major] (#125) --- .github/workflows/test-chart.yml | 5 ++++- Chart.lock | 16 ++++++++-------- Chart.yaml | 18 +++++++++--------- README.md | 2 +- 4 files changed, 22 insertions(+), 19 deletions(-) diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml index a4482b6..3e02fc6 100644 --- a/.github/workflows/test-chart.yml +++ b/.github/workflows/test-chart.yml @@ -76,7 +76,10 @@ jobs: # higher. # - k3s-channel: v1.21 - helm-version: v3.6.0 + helm-version: v3.8.0 + + env: + HELM_EXPERIMENTAL_OCI: "1" steps: - uses: actions/checkout@v3 diff --git a/Chart.lock b/Chart.lock index afc2440..e985f1a 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: elasticsearch - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 19.0.1 + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.19.2 - name: postgresql - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 11.1.3 + repository: oci://registry-1.docker.io/bitnamicharts + version: 14.2.3 - name: redis - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 16.13.2 -digest: sha256:8be2c8069d65f295d0079bdda67c45691370f7bef73393c2e80eedbdd748b9af -generated: "2024-01-19T13:45:12.079125474+01:00" + repository: oci://registry-1.docker.io/bitnamicharts + version: 18.16.1 +digest: sha256:684daaf2067d96e2aa6d93e9d29b7b13fc586f6ae929342e5e9c7c169b1c0748 +generated: "2024-02-23T15:14:47.536480528-08:00" diff --git a/Chart.yaml b/Chart.yaml index 91c33d2..fea5144 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,10 +12,10 @@ description: Mastodon is a free, open-source social network server based on Acti # pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. +# This is the chart version. This version number should be incremented each time +# you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.1.2 +version: 5.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,14 +24,14 @@ appVersion: v4.2.7 dependencies: - name: elasticsearch - version: 19.0.1 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 19.19.2 + repository: oci://registry-1.docker.io/bitnamicharts condition: elasticsearch.enabled - name: postgresql - version: 11.1.3 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 14.2.3 + repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql.enabled - name: redis - version: 16.13.2 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 18.16.1 + repository: oci://registry-1.docker.io/bitnamicharts condition: redis.enabled diff --git a/README.md b/README.md index a595a4d..c2b6ab1 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Kubernetes cluster. The basic usage is: 1. `helm dep update` 1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` -This chart is tested with k8s 1.21+ and helm 3.6.0+. +This chart is tested with k8s 1.21+ and helm 3.8.0+. # Configuration From 41f01b4d6e18c79f45901c0c92353f3f69facaf4 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 23 Feb 2024 10:51:55 +0100 Subject: [PATCH 48/57] Future deprecation notice --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index c2b6ab1..514f2ef 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,12 @@ Kubernetes cluster. The basic usage is: This chart is tested with k8s 1.21+ and helm 3.8.0+. +# NOTICE: Future Deprecation + +We have plans in the very near future to deprecate this chart in favor of a [new git repo](https://github.com/mastodon/helm-charts), which has proper helm repository support (e.g. `helm repo add`), and will contain multiple charts, both for mastodon and for supplementary components that we make use of. + +We still encourage suggestions and PRs to help make this chart better, and this repository will remain available after the new charts are ready to give users time to migrate. However, we will not be approving large PRs, or PRs that change fundamental chart functions, as those changes should be directed to the new charts. + # Configuration The variables that _must_ be configured are: From d91a52bba1ca4851f4c2b27c5a1c20687def7c00 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Mon, 26 Feb 2024 21:02:59 +0100 Subject: [PATCH 49/57] Add link to GitHub issue on the subject --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 514f2ef..6bee4a8 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,8 @@ We have plans in the very near future to deprecate this chart in favor of a [new We still encourage suggestions and PRs to help make this chart better, and this repository will remain available after the new charts are ready to give users time to migrate. However, we will not be approving large PRs, or PRs that change fundamental chart functions, as those changes should be directed to the new charts. +Please see the pinned [GitHub issue](https://github.com/mastodon/chart/issues/129) for more info & discussion. + # Configuration The variables that _must_ be configured are: From 2a7be687cdbb9a96a5ab6be5c1707346b9409567 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Wed, 17 Apr 2024 13:48:05 +0200 Subject: [PATCH 50/57] Added values for active record encryption --- CHANGELOG.md | 18 ++++++++++++++++++ Chart.yaml | 2 +- templates/_helpers.tpl | 6 +++--- templates/secrets.yaml | 15 +++++++++++++++ values.yaml | 18 ++++++++++++++---- 5 files changed, 51 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ef3161..2b6c100 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,21 @@ +# 5.1.0 + +- Added values for Active Record Encryption in Redis: + ```yaml + mastodon: + secrets: + activeRecordEncryption: + primaryKey: + deterministicKey: + keyDerivationSalt: + ``` + +- Small bugfix related to automatic secret generation + +# [5.0.0](https://github.com/mastodon/chart/commit/63a052b6a5c19dabd172c15c1fd74298dcc544b2) + +- Updated major versions of chart dependencies (postgres, redis, elasticsearch) + # [4.0.0](https://github.com/mastodon/chart/compare/920cf37..ae892d5) - adds support for multiple Sidekiq deployments to be configured to manage diff --git a/Chart.yaml b/Chart.yaml index fea5144..15efa48 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.0.0 +version: 5.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 2c50146..81872f9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -106,7 +106,7 @@ Get the mastodon secret. {{- if .Values.mastodon.secrets.existingSecret }} {{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}} {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} + {{- printf "%s" (include "mastodon.fullname" .) -}} {{- end -}} {{- end -}} @@ -117,7 +117,7 @@ Get the smtp secret. {{- if .Values.mastodon.smtp.existingSecret }} {{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}} {{- else -}} - {{- printf "%s-smtp" (include "common.names.fullname" .) -}} + {{- printf "%s-smtp" (include "mastodon.fullname" .) -}} {{- end -}} {{- end -}} @@ -130,7 +130,7 @@ Get the postgresql secret. {{- else if .Values.postgresql.enabled -}} {{- printf "%s-postgresql" (tpl .Release.Name $) -}} {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} + {{- printf "%s" (include "mastodon.fullname" .) -}} {{- end -}} {{- end -}} diff --git a/templates/secrets.yaml b/templates/secrets.yaml index d1776ac..0eec2ab 100644 --- a/templates/secrets.yaml +++ b/templates/secrets.yaml @@ -34,6 +34,21 @@ data: {{- else }} VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} {{- end }} + {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }} + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}" + {{- else }} + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }} + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}" + {{- else }} + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }} + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}" + {{- else }} + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }} + {{- end }} {{- end }} {{- if not .Values.postgresql.enabled }} {{- if not .Values.postgresql.auth.existingSecret }} diff --git a/values.yaml b/values.yaml index 3c7d948..3afcc10 100644 --- a/values.yaml +++ b/values.yaml @@ -78,7 +78,7 @@ mastodon: permission: "" # -- If you have a caching proxy, enter its base URL here. alias_host: "" - # -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming + # -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming # override_path_style: "true" deepl: enabled: false @@ -99,9 +99,19 @@ mastodon: vapid: private_key: "" public_key: "" + activeRecordEncryption: + primaryKey: "" + deterministicKey: "" + keyDerivationSalt: "" # -- you can also specify the name of an existing Secret - # with keys SECRET_KEY_BASE and OTP_SECRET and - # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY + # with keys: + # - SECRET_KEY_BASE + # - OTP_SECRET + # - VAPID_PRIVATE_KEY + # - VAPID_PUBLIC_KEY + # - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY + # - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY + # - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT existingSecret: "" # -- The number of old revisions to keep for each Deployment in Kubernetes. @@ -285,7 +295,7 @@ mastodon: # Specify extra environment variables to be added to all Mastodon pods. # These can be used for configuration not included in this chart (including configuration for Mastodon varietals.) extraEnvVars: {} - + # Alternatively specify extra environment variables stored in a ConfigMap. # The specified ConfigMap should contain the additional environment variables in key-value format. # extraEnvFrom: From 5fb5416a11ce986f3f4424fd1da3cde2250cf9a2 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Wed, 17 Apr 2024 13:51:47 +0200 Subject: [PATCH 51/57] Add dev values for testing --- dev-values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dev-values.yaml b/dev-values.yaml index b3a963e..18b4095 100644 --- a/dev-values.yaml +++ b/dev-values.yaml @@ -7,6 +7,11 @@ mastodon: vapid: private_key: dummy-vapid-private_key public_key: dummy-vapid-public_key + activeRecordEncryption: + primaryKey: dummy-are-primary_key + deterministicKey: dummy-are-deterministic_key + keyDerivationSalt: dummy-are-key_derivation_salt + # ref: https://github.com/bitnami/charts/tree/main/bitnami/redis#parameters redis: From 674d9c4252751095a1ce00b26270ab5c567ddd81 Mon Sep 17 00:00:00 2001 From: Matthew Abbott Date: Thu, 18 Apr 2024 04:47:34 -0500 Subject: [PATCH 52/57] Add values to inject trusted certs into streaming (#92) Co-authored-by: Tim Campbell --- templates/deployment-streaming.yaml | 28 ++++++++++++++++++++++++++++ values.yaml | 8 ++++++++ 2 files changed, 36 insertions(+) diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index e64d38f..8d66361 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -39,6 +39,16 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.mastodon.streaming.extraCerts }} + {{- $name := .name | default "extra-certs" }} + volumes: + - name: {{ $name }} + secret: + secretName: {{ .existingSecret }} + items: + - key: ca.crt + path: trusted-ca.crt + {{- end }} containers: - name: {{ .Chart.Name }}-streaming {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }} @@ -50,6 +60,12 @@ spec: command: - node - ./streaming + {{- with .Values.mastodon.streaming.extraCerts }} + {{- $name := .name | default "extra-certs" }} + volumeMounts: + - name: {{ $name }} + mountPath: "/usr/local/share/ca-certificates" + {{- end }} envFrom: - configMapRef: name: {{ include "mastodon.fullname" . }}-env @@ -58,6 +74,18 @@ spec: name: {{ .Values.mastodon.extraEnvFrom }} {{- end}} env: + {{- with .Values.mastodon.streaming.extraCerts }} + - name: "NODE_EXTRA_CA_CERTS" + value: "/usr/local/share/ca-certificates/trusted-ca.crt" + {{- with .sslMode }} + - name: "DB_SSLMODE" + value: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.postgresql.postgresqlReplicaHostname }} + - name: "DB_HOST" + value: {{ . }} + {{- end }} - name: "DB_PASS" valueFrom: secretKeyRef: diff --git a/values.yaml b/values.yaml index 3afcc10..e2cefda 100644 --- a/values.yaml +++ b/values.yaml @@ -230,6 +230,14 @@ mastodon: # requests: # cpu: 250m # memory: 128Mi + # -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database + extraCerts: {} + # -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format + # existingSecret: + # -- Optional volume name for mounting the .crt file, defaults to "extra-certs" + # name: + # -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify" + # sslMode: web: port: 3000 # -- Number of Web Pods running From 3e5322bb98b1f031bfee3cb3cb70ab98e54e6587 Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Thu, 18 Apr 2024 14:32:37 +0100 Subject: [PATCH 53/57] chore(deps): upgrade app to Mastodon v4.2.8 (#131) Co-authored-by: Tim Campbell --- Chart.yaml | 4 ++-- values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 15efa48..2ee7189 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.1.0 +version: 5.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v4.2.7 +appVersion: v4.2.8 dependencies: - name: elasticsearch diff --git a/values.yaml b/values.yaml index e2cefda..0120504 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ image: # built from the most recent commit # # tag: latest - tag: "v4.2.7" + tag: "v4.2.8" # use `Always` when using `latest` tag pullPolicy: IfNotPresent From fc24d7a2591451d5f8322068572b36e2a1d9dbb8 Mon Sep 17 00:00:00 2001 From: Cees-Jan Kiewiet Date: Thu, 18 Apr 2024 15:34:52 +0200 Subject: [PATCH 54/57] Helm dep should use install (#62) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6bee4a8..35303c0 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This is a [Helm](https://helm.sh/) chart for installing Mastodon into a Kubernetes cluster. The basic usage is: 1. edit `values.yaml` or create a separate yaml file for custom values -1. `helm dep update` +1. `helm dep install` 1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` This chart is tested with k8s 1.21+ and helm 3.8.0+. From 1cce47b250af0b87aa40be7d698623b0fc86a57b Mon Sep 17 00:00:00 2001 From: Jeremiah Lee <106775223+jeremiahlee@users.noreply.github.com> Date: Thu, 18 Apr 2024 15:42:06 +0200 Subject: [PATCH 55/57] Change default Secret name to not rely on Bitnami (#82) --- templates/secret-smtp.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/secret-smtp.yaml b/templates/secret-smtp.yaml index 98b15f3..893ecf7 100644 --- a/templates/secret-smtp.yaml +++ b/templates/secret-smtp.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-smtp" (include "common.names.fullname" .) }} + name: {{ printf "%s-smtp" (include "mastodon.fullname" .) }} labels: {{- include "mastodon.labels" . | nindent 4 }} type: Opaque From 6c902dccac3af4047d2474f46c937af4bff6c15f Mon Sep 17 00:00:00 2001 From: "T. Hinrichsmeyer" <120004353+hinricht@users.noreply.github.com> Date: Thu, 18 Apr 2024 16:10:26 +0200 Subject: [PATCH 56/57] Add s3.mastodon.multipart_threshold config option (#67) Co-authored-by: Tim Campbell --- templates/configmap-env.yaml | 3 +++ values.yaml | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 34fac72..526e29a 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -84,6 +84,9 @@ data: {{- with .Values.mastodon.s3.alias_host }} S3_ALIAS_HOST: {{ . }} {{- end }} + {{- with .Values.mastodon.s3.multipart_threshold }} + S3_MULTIPART_THRESHOLD: "{{ . }}" + {{- end }} {{- with .Values.mastodon.s3.override_path_style }} S3_OVERRIDE_PATH_STYLE: "{{ . }}" {{- end }} diff --git a/values.yaml b/values.yaml index 0120504..bd560bc 100644 --- a/values.yaml +++ b/values.yaml @@ -78,6 +78,10 @@ mastodon: permission: "" # -- If you have a caching proxy, enter its base URL here. alias_host: "" + # When uploading data to S3, if the number of bytes to send exceedes + # multipart_threshold then a multi part session is automatically started + # and the data is sent up in chunks. Defaults to 16777216 (16MB). + multipart_threshold: "" # -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming # override_path_style: "true" deepl: @@ -573,7 +577,8 @@ revisionPodAnnotation: true jobAnnotations: {} # -- Default resources for all Deployments and jobs unless overwritten -resources: {} +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following From d6d3f428a38d1c122cdc66c7ed93355b5473a119 Mon Sep 17 00:00:00 2001 From: "Alexander \"Ananace\" Olofsson" Date: Thu, 18 Apr 2024 16:12:36 +0200 Subject: [PATCH 57/57] Fix container create error on unauthenticated SMTP (#49) --- templates/deployment-sidekiq.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index b906149..f6e9c7e 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -142,6 +142,7 @@ spec: secretKeyRef: name: {{ include "mastodon.smtp.secretName" $context }} key: password + optional: true {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }} - name: "AWS_SECRET_ACCESS_KEY" valueFrom: