infra/mastodon-chart-mirror
3
0
Fork 0
mirror of https://github.com/mastodon/chart synced 2025-05-18 13:03:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into accept-self-signed-certs-in-streaming

Browse Source
This commit is contained in:
Tim Campbell 2024-04-17 04:53:39 -07:00 committed by GitHub
commit 10acd97ef8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 164 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/test-chart.yml vendored
View File

@ -76,7 +76,10 @@ jobs:
# higher. # higher.
# #
- k3s-channel: v1.21 - k3s-channel: v1.21
helm-version: v3.6.0 helm-version: v3.8.0
env:
HELM_EXPERIMENTAL_OCI: "1"
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3

90
CHANGELOG.md Normal file
View File

@ -0,0 +1,90 @@
# [4.0.0](https://github.com/mastodon/chart/compare/920cf37..ae892d5)
- adds support for multiple Sidekiq deployments to be configured to manage
different sets of queues.
- smtp: replaces `enable_starttls_auto` boolean with `enable_starttls` setting
that defaults to `auto`.
- adds support for statsd publishing:
```
mastodon:
metrics:
statsd:
address:
```
- allows disabling the included redis deployment in order to use an existing external redis server:
```
redis:
enabled: false
```
- adds support for [authorized
fetch](https://docs.joinmastodon.org/admin/config/#authorized_fetch):
```
mastodon:
authorizedFetch: true
```
- removed the `HorizontalPodAutoscaler` and the global autoscaling configuration.
A number of other configuration options have been added, see [values.yaml](./values.yaml).
# 3.0.0
skipped
# 2.1.0
## ingressClassName and tls-acme changes
The annotations previously defaulting to nginx have been removed and support
for ingressClassName has been added.
```yaml
ingress:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
```
To restore the old functionality simply add the above snippet to your `values.yaml`,
but the recommendation is to replace these with `ingress.ingressClassName` and use
cert-manager's issuer/cluster-issuer instead of tls-acme.
If you're uncertain about your current setup leave `ingressClassName` empty and add
`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`.
# 2.0.0
## Fixed labels
Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error:
```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"```
If you want an easy upgrade and you're comfortable with some downtime then
simply delete the -sidekiq, -web, and -streaming Deployments manually.
If you require a no-downtime upgrade then:
1. run `helm template` instead of `helm upgrade`
2. Copy the new -web and -streaming services into `services.yml`
3. Copy the new -web and -streaming deployments into `deployments.yml`
4. Append -temp to the name of each deployment in `deployments.yml`
5. `kubectl apply -f deployments.yml` then wait until all pods are ready
6. `kubectl apply -f services.yml`
7. Delete the old -sidekiq, -web, and -streaming deployments manually
8. `helm upgrade` like normal
9. `kubectl delete -f deployments.yml` to clear out the temporary deployments
## PostgreSQL passwords
If you've previously installed the chart and you're having problems with
postgres not accepting your password then make sure to set `username` to
`postgres` and `password` and `postgresPassword` to the same passwords.
```yaml
postgresql:
auth:
username: postgres
password: <same password>
postgresPassword: <same password>
```
And make sure to set `password` to the same value as `postgres-password`
in your `mastodon-postgresql` secret:
```kubectl edit secret mastodon-postgresql```

16
Chart.lock
View File

@ -1,12 +1,12 @@
dependencies: dependencies:
- name: elasticsearch - name: elasticsearch
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami repository: oci://registry-1.docker.io/bitnamicharts
version: 19.0.1 version: 19.19.2
- name: postgresql - name: postgresql
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami repository: oci://registry-1.docker.io/bitnamicharts
version: 11.1.3 version: 14.2.3
- name: redis - name: redis
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami repository: oci://registry-1.docker.io/bitnamicharts
version: 16.13.2 version: 18.16.1
digest: sha256:8be2c8069d65f295d0079bdda67c45691370f7bef73393c2e80eedbdd748b9af digest: sha256:684daaf2067d96e2aa6d93e9d29b7b13fc586f6ae929342e5e9c7c169b1c0748
generated: "2024-01-19T13:45:12.079125474+01:00" generated: "2024-02-23T15:14:47.536480528-08:00"

20
Chart.yaml
View File

@ -12,26 +12,26 @@ description: Mastodon is a free, open-source social network server based on Acti
# pipeline. Library charts do not define any templates and therefore cannot be deployed. # pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time
# to the chart and its templates, including the app version. # you make changes to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 4.1.0 version: 5.0.0
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using. # follow Semantic Versioning. They should reflect the version the application is using.
appVersion: v4.2.3 appVersion: v4.2.7
dependencies: dependencies:
- name: elasticsearch - name: elasticsearch
version: 19.0.1 version: 19.19.2
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami repository: oci://registry-1.docker.io/bitnamicharts
condition: elasticsearch.enabled condition: elasticsearch.enabled
- name: postgresql - name: postgresql
version: 11.1.3 version: 14.2.3
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled condition: postgresql.enabled
- name: redis - name: redis
version: 16.13.2 version: 18.16.1
repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami repository: oci://registry-1.docker.io/bitnamicharts
condition: redis.enabled condition: redis.enabled

64
README.md
View File

@ -7,7 +7,15 @@ Kubernetes cluster. The basic usage is:
1. `helm dep update` 1. `helm dep update`
1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` 1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml`
This chart is tested with k8s 1.21+ and helm 3.6.0+. This chart is tested with k8s 1.21+ and helm 3.8.0+.
# NOTICE: Future Deprecation
We have plans in the very near future to deprecate this chart in favor of a [new git repo](https://github.com/mastodon/helm-charts), which has proper helm repository support (e.g. `helm repo add`), and will contain multiple charts, both for mastodon and for supplementary components that we make use of.
We still encourage suggestions and PRs to help make this chart better, and this repository will remain available after the new charts are ready to give users time to migrate. However, we will not be approving large PRs, or PRs that change fundamental chart functions, as those changes should be directed to the new charts.
Please see the pinned [GitHub issue](https://github.com/mastodon/chart/issues/129) for more info & discussion.
# Configuration # Configuration
@ -64,57 +72,3 @@ Sidekiq deployments, its possible they will occur in the wrong order. After
upgrading Mastodon versions, it may sometimes be necessary to manually delete upgrading Mastodon versions, it may sometimes be necessary to manually delete
the Rails and Sidekiq pods so that they are recreated against the latest the Rails and Sidekiq pods so that they are recreated against the latest
migration. migration.
# Upgrades in 2.1.0
## ingressClassName and tls-acme changes
The annotations previously defaulting to nginx have been removed and support
for ingressClassName has been added.
```yaml
ingress:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
```
To restore the old functionality simply add the above snippet to your `values.yaml`,
but the recommendation is to replace these with `ingress.ingressClassName` and use
cert-manager's issuer/cluster-issuer instead of tls-acme.
If you're uncertain about your current setup leave `ingressClassName` empty and add
`kubernetes.io/tls-acme` to `ingress.annotations` in your `values.yaml`.
# Upgrades in 2.0.0
## Fixed labels
Because of the changes in [#19706](https://github.com/mastodon/mastodon/pull/19706) the upgrade may fail with the following error:
```Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"```
If you want an easy upgrade and you're comfortable with some downtime then
simply delete the -sidekiq, -web, and -streaming Deployments manually.
If you require a no-downtime upgrade then:
1. run `helm template` instead of `helm upgrade`
2. Copy the new -web and -streaming services into `services.yml`
3. Copy the new -web and -streaming deployments into `deployments.yml`
4. Append -temp to the name of each deployment in `deployments.yml`
5. `kubectl apply -f deployments.yml` then wait until all pods are ready
6. `kubectl apply -f services.yml`
7. Delete the old -sidekiq, -web, and -streaming deployments manually
8. `helm upgrade` like normal
9. `kubectl delete -f deployments.yml` to clear out the temporary deployments
## PostgreSQL passwords
If you've previously installed the chart and you're having problems with
postgres not accepting your password then make sure to set `username` to
`postgres` and `password` and `postgresPassword` to the same passwords.
```yaml
postgresql:
auth:
username: postgres
password: <same password>
postgresPassword: <same password>
```
And make sure to set `password` to the same value as `postgres-password`
in your `mastodon-postgresql` secret:
```kubectl edit secret mastodon-postgresql```

3
templates/configmap-env.yaml
View File

@ -84,6 +84,9 @@ data:
{{- with .Values.mastodon.s3.alias_host }} {{- with .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ . }} S3_ALIAS_HOST: {{ . }}
{{- end }} {{- end }}
{{- with .Values.mastodon.s3.override_path_style }}
S3_OVERRIDE_PATH_STYLE: "{{ . }}"
{{- end }}
{{- end }} {{- end }}
{{- with .Values.mastodon.smtp.auth_method }} {{- with .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ . }} SMTP_AUTH_METHOD: {{ . }}

10
templates/deployment-sidekiq.yaml
View File

@ -22,7 +22,9 @@ spec:
type: Recreate type: Recreate
{{- end }} {{- end }}
replicas: {{ .replicas }} replicas: {{ .replicas }}
revisionHistoryLimit: 2 {{- if (ne (toString $context.Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ $context.Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector: selector:
matchLabels: matchLabels:
{{- include "mastodon.selectorLabels" $context | nindent 6 }} {{- include "mastodon.selectorLabels" $context | nindent 6 }}
@ -36,7 +38,7 @@ spec:
{{- end }} {{- end }}
# roll the pods to pick up any db migrations or other changes # roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
labels: labels:
{{- include "mastodon.globalLabels" $context | nindent 8 }} {{- include "mastodon.globalLabels" $context | nindent 8 }}
{{- include "mastodon.selectorLabels" $context | nindent 8 }} {{- include "mastodon.selectorLabels" $context | nindent 8 }}
@ -100,6 +102,10 @@ spec:
name: {{ include "mastodon.fullname" $context }}-env name: {{ include "mastodon.fullname" $context }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.secretName" $context }} name: {{ template "mastodon.secretName" $context }}
{{- if $context.Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ $context.Values.mastodon.extraEnvFrom }}
{{- end}}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:

8
templates/deployment-streaming.yaml
View File

@ -10,7 +10,9 @@ metadata:
{{- end }} {{- end }}
spec: spec:
replicas: {{ .Values.mastodon.streaming.replicas }} replicas: {{ .Values.mastodon.streaming.replicas }}
revisionHistoryLimit: 2 {{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector: selector:
matchLabels: matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }} {{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -67,6 +69,10 @@ spec:
envFrom: envFrom:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
{{- if .Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}}
env: env:
{{- with .Values.mastodon.streaming.extraCerts }} {{- with .Values.mastodon.streaming.extraCerts }}
- name: "NODE_EXTRA_CA_CERTS" - name: "NODE_EXTRA_CA_CERTS"

10
templates/deployment-web.yaml
View File

@ -10,7 +10,9 @@ metadata:
{{- end }} {{- end }}
spec: spec:
replicas: {{ .Values.mastodon.web.replicas }} replicas: {{ .Values.mastodon.web.replicas }}
revisionHistoryLimit: 2 {{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
selector: selector:
matchLabels: matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }} {{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -77,6 +79,10 @@ spec:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.secretName" . }} name: {{ template "mastodon.secretName" . }}
{{- if .Values.mastodon.extraEnvFrom }}
- configMapRef:
name: {{ .Values.mastodon.extraEnvFrom }}
{{- end}}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
@ -202,7 +208,7 @@ spec:
topologySpreadConstraints: topologySpreadConstraints:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.tolerations }} {{- with (default .Values.tolerations .Values.mastodon.web.tolerations) }}
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

20
values.yaml
View File

@ -6,7 +6,7 @@ image:
# built from the most recent commit # built from the most recent commit
# #
# tag: latest # tag: latest
tag: "v4.2" tag: "v4.2.7"
# use `Always` when using `latest` tag # use `Always` when using `latest` tag
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@ -48,7 +48,7 @@ mastodon:
singleUserMode: false singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch # -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch: false authorizedFetch: false
# -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode # -- Enables "Limited Federation Mode" for more details see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
limitedFederationMode: false limitedFederationMode: false
persistence: persistence:
assets: assets:
@ -78,6 +78,8 @@ mastodon:
permission: "" permission: ""
# -- If you have a caching proxy, enter its base URL here. # -- If you have a caching proxy, enter its base URL here.
alias_host: "" alias_host: ""
# -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming
# override_path_style: "true"
deepl: deepl:
enabled: false enabled: false
plan: plan:
@ -101,6 +103,11 @@ mastodon:
# with keys SECRET_KEY_BASE and OTP_SECRET and # with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
existingSecret: "" existingSecret: ""
# -- The number of old revisions to keep for each Deployment in Kubernetes.
# See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
revisionHistoryLimit: 2
sidekiq: sidekiq:
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext # -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
podSecurityContext: {} podSecurityContext: {}
@ -282,9 +289,16 @@ mastodon:
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements: true preparedStatements: true
# Additional env vars defined in all pods
# Specify extra environment variables to be added to all Mastodon pods.
# These can be used for configuration not included in this chart (including configuration for Mastodon varietals.)
extraEnvVars: {} extraEnvVars: {}
# Alternatively specify extra environment variables stored in a ConfigMap.
# The specified ConfigMap should contain the additional environment variables in key-value format.
# extraEnvFrom: <config-map-name>
ingress: ingress:
enabled: true enabled: true
annotations: annotations: