mirror of
https://github.com/mastodon/chart
synced 2025-03-14 21:11:50 +00:00
Added values for active record encryption
This commit is contained in:
parent
d91a52bba1
commit
2a7be687cd
18
CHANGELOG.md
18
CHANGELOG.md
|
@ -1,3 +1,21 @@
|
|||
# 5.1.0
|
||||
|
||||
- Added values for Active Record Encryption in Redis:
|
||||
```yaml
|
||||
mastodon:
|
||||
secrets:
|
||||
activeRecordEncryption:
|
||||
primaryKey:
|
||||
deterministicKey:
|
||||
keyDerivationSalt:
|
||||
```
|
||||
|
||||
- Small bugfix related to automatic secret generation
|
||||
|
||||
# [5.0.0](https://github.com/mastodon/chart/commit/63a052b6a5c19dabd172c15c1fd74298dcc544b2)
|
||||
|
||||
- Updated major versions of chart dependencies (postgres, redis, elasticsearch)
|
||||
|
||||
# [4.0.0](https://github.com/mastodon/chart/compare/920cf37..ae892d5)
|
||||
|
||||
- adds support for multiple Sidekiq deployments to be configured to manage
|
||||
|
|
|
@ -15,7 +15,7 @@ type: application
|
|||
# This is the chart version. This version number should be incremented each time
|
||||
# you make changes to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 5.0.0
|
||||
version: 5.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
|
|
@ -106,7 +106,7 @@ Get the mastodon secret.
|
|||
{{- if .Values.mastodon.secrets.existingSecret }}
|
||||
{{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" (include "common.names.fullname" .) -}}
|
||||
{{- printf "%s" (include "mastodon.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
@ -117,7 +117,7 @@ Get the smtp secret.
|
|||
{{- if .Values.mastodon.smtp.existingSecret }}
|
||||
{{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
|
||||
{{- printf "%s-smtp" (include "mastodon.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
@ -130,7 +130,7 @@ Get the postgresql secret.
|
|||
{{- else if .Values.postgresql.enabled -}}
|
||||
{{- printf "%s-postgresql" (tpl .Release.Name $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" (include "common.names.fullname" .) -}}
|
||||
{{- printf "%s" (include "mastodon.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
|
|
@ -34,6 +34,21 @@ data:
|
|||
{{- else }}
|
||||
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
|
||||
{{- else }}
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
|
||||
{{- else }}
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
|
||||
{{- else }}
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not .Values.postgresql.enabled }}
|
||||
{{- if not .Values.postgresql.auth.existingSecret }}
|
||||
|
|
18
values.yaml
18
values.yaml
|
@ -78,7 +78,7 @@ mastodon:
|
|||
permission: ""
|
||||
# -- If you have a caching proxy, enter its base URL here.
|
||||
alias_host: ""
|
||||
# -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming
|
||||
# -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming
|
||||
# override_path_style: "true"
|
||||
deepl:
|
||||
enabled: false
|
||||
|
@ -99,9 +99,19 @@ mastodon:
|
|||
vapid:
|
||||
private_key: ""
|
||||
public_key: ""
|
||||
activeRecordEncryption:
|
||||
primaryKey: ""
|
||||
deterministicKey: ""
|
||||
keyDerivationSalt: ""
|
||||
# -- you can also specify the name of an existing Secret
|
||||
# with keys SECRET_KEY_BASE and OTP_SECRET and
|
||||
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
|
||||
# with keys:
|
||||
# - SECRET_KEY_BASE
|
||||
# - OTP_SECRET
|
||||
# - VAPID_PRIVATE_KEY
|
||||
# - VAPID_PUBLIC_KEY
|
||||
# - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
||||
# - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
|
||||
# - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
|
||||
existingSecret: ""
|
||||
|
||||
# -- The number of old revisions to keep for each Deployment in Kubernetes.
|
||||
|
@ -285,7 +295,7 @@ mastodon:
|
|||
# Specify extra environment variables to be added to all Mastodon pods.
|
||||
# These can be used for configuration not included in this chart (including configuration for Mastodon varietals.)
|
||||
extraEnvVars: {}
|
||||
|
||||
|
||||
# Alternatively specify extra environment variables stored in a ConfigMap.
|
||||
# The specified ConfigMap should contain the additional environment variables in key-value format.
|
||||
# extraEnvFrom: <config-map-name>
|
||||
|
|
Loading…
Reference in New Issue
Block a user