infra/mastodon-chart-mirror
3
0
Fork 0
mirror of https://github.com/mastodon/chart synced 2025-05-17 20:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into fix-app-version-tagging

Browse Source
This commit is contained in:
Tim Campbell 2025-03-06 15:13:11 +01:00
commit 87565c0883
22 changed files with 620 additions and 379 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/test-chart.yml vendored
View File

@ -17,7 +17,7 @@ permissions:
jobs:
lint-templates:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v3
@ -53,7 +53,7 @@ jobs:
# basic configuration can be used to successfully startup mastodon.
#
test-install:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
timeout-minutes: 15
strategy:
@ -75,7 +75,7 @@ jobs:
# available for use in the templates, currently we need v3.6.0 or
# higher.
#
- k3s-channel: v1.21
- k3s-channel: v1.28
helm-version: v3.8.0
env:
@ -109,7 +109,7 @@ jobs:
run: |
helm install mastodon . \
--values dev-values.yaml \
--timeout 10m
--timeout 15m
# This actions provides a report about the state of the k8s cluster,
# providing logs etc on anything that has failed and workloads marked as
@ -125,7 +125,5 @@ jobs:
deploy/mastodon-sidekiq
deploy/mastodon-streaming
deploy/mastodon-web
job/mastodon-assets-precompile
job/mastodon-chewy-upgrade
job/mastodon-create-admin
job/mastodon-db-migrate

1
.gitignore vendored
View File

@ -1 +1,2 @@
charts/
.DS_Store

55
CHANGELOG.md
View File

@ -1,3 +1,58 @@
# 6.0.1
- Added additional values to separate out `db:prepare` and `db:migrate` jobs and whether they should run:
```yaml
mastodon:
hooks:
dbPrepare:
enabled: true
dbMigrate:
enabled: true
```
# 6.0.0
### !! BREAKING CHANGES !!
- Services for web & streaming now use `ipFamilyPolicy: PreferDualStack`. This will cause upgrades on existing deployments to fail, as kubernetes cannot patch this field. Please remove both service objects before running `helm upgrade` (services are `mastodon-web` and `mastodon-streaming` by default).
### Features
- Added prometheus metrics config for web and sidekiq pods (feature will be available with Mastodon v4.4).
```yaml
mastodon:
metrics:
prometheus:
```
- Added ability to automatically upload assets to an S3 bucket:
```yaml
mastodon:
hooks:
s3Upload:
```
- Added OpenTelemetry metrics:
```yaml
mastodon:
otel:
---
mastodon:
sidekiq:
otel:
---
mastodon:
web:
otel:
```
- Fine-grained control of labels and annotations for both pods and deployments.
- Additional redis options for separate instances (app, sidekiq, cache).
- Configurable PodDisruptionBudgets for web and streaming pods.
### Fixes
- Various database migrations fixes
- Fixed first-time install DB setup on self-managed databases
- Fixed running migrations through a connection pooler.
- Removed old, unused jobs:
- chewy upgrade (use `tootctl search deploy` instead)
- assets precompile
# 5.1.0
- Added values for Active Record Encryption in Redis:

4
Chart.yaml
View File

@ -15,12 +15,12 @@ type: application
# This is the chart version. This version number should be incremented each time
# you make changes to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 5.3.4
version: 6.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: "v4.2.12"
appVersion: "v4.3.4"
dependencies:
- name: elasticsearch

111
templates/_db-migrate.tpl Normal file
View File

@ -0,0 +1,111 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Spec template for DB migration pre- and post-install/upgrade jobs.
*/}}
{{- define "mastodon.dbMigrateJob" -}}
apiVersion: batch/v1
kind: Job
metadata:
{{- if .prepare }}
name: {{ include "mastodon.fullname" . }}-db-prepare
{{- else if .preDeploy }}
name: {{ include "mastodon.fullname" . }}-db-pre-migrate
{{- else }}
name: {{ include "mastodon.fullname" . }}-db-post-migrate
{{- end }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- if .prepare }}
"helm.sh/hook": pre-install
{{- else if .preDeploy }}
"helm.sh/hook": pre-upgrade
{{- else }}
"helm.sh/hook": post-install,post-upgrade
{{- end }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- if .prepare }}
"helm.sh/hook-weight": "-3"
{{- else }}
"helm.sh/hook-weight": "-2"
{{- end }}
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-db-migrate
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
containers:
- name: {{ include "mastodon.fullname" . }}-db-migrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
- exec
- rake
{{- if .prepare }}
- db:prepare
{{- else }}
- db:migrate
{{- end }}
envFrom:
- secretRef:
{{- if and .prepare (not .Values.mastodon.secrets.existingSecret) }}
name: {{ template "mastodon.secretName" . }}-prepare
{{- else }}
name: {{ template "mastodon.secretName" . }}
{{- end }}
env:
- name: "DB_HOST"
value: {{ template "mastodon.postgres.direct.host" . }}
- name: "DB_PORT"
value: {{ template "mastodon.postgres.direct.port" . }}
- name: "DB_NAME"
value: {{ template "mastodon.postgres.direct.database" . }}
- name: "DB_USER"
value: {{ .Values.postgresql.auth.username }}
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_HOST"
value: {{ template "mastodon.redis.host" . }}
- name: "REDIS_PORT"
value: {{ .Values.redis.port | default "6379" | quote }}
{{- if .Values.redis.sidekiq.enabled }}
{{- if .Values.redis.sidekiq.hostname }}
- name: SIDEKIQ_REDIS_HOST
value: {{ .Values.redis.sidekiq.hostname }}
{{- end }}
{{- if .Values.redis.sidekiq.port }}
- name: SIDEKIQ_REDIS_PORT
value: {{ .Values.redis.sidekiq.port | quote }}
{{- end }}
{{- end }}
{{- if .Values.redis.cache.enabled }}
{{- if .Values.redis.cache.hostname }}
- name: CACHE_REDIS_HOST
value: {{ .Values.redis.cache.hostname }}
{{- end }}
{{- if .Values.redis.cache.port }}
- name: CACHE_REDIS_PORT
value: {{ .Values.redis.cache.port | quote }}
{{- end }}
{{- end }}
- name: "REDIS_DRIVER"
value: "ruby"
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if .preDeploy }}
- name: "SKIP_POST_DEPLOYMENT_MIGRATIONS"
value: "true"
{{- end }}
{{- end }}

54
templates/_helpers.tpl
View File

@ -123,6 +123,60 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Establish which values we will use for remote connections
*/}}
{{- define "mastodon.postgres.host" -}}
{{- if .Values.postgresql.enabled }}
{{- printf "%s" (include "mastodon.postgresql.fullname" .) -}}
{{- else }}
{{- printf "%s" .Values.postgresql.postgresqlHostname -}}
{{- end }}
{{- end }}
{{- define "mastodon.postgres.port" -}}
{{- if .Values.postgresql.enabled }}
{{- printf "%d" 5432 | int | quote -}}
{{- else }}
{{- printf "%d" | default 5432 .Values.postgresql.postgresqlPort | int | quote -}}
{{- end }}
{{- end }}
{{/*
Establish which values we will use for direct remote DB connections
*/}}
{{- define "mastodon.postgres.direct.host" -}}
{{- if .Values.postgresql.direct.hostname }}
{{- printf "%s" .Values.postgresql.direct.hostname -}}
{{- else }}
{{- printf "%s" (include "mastodon.postgres.host" .) -}}
{{- end }}
{{- end }}
{{- define "mastodon.postgres.direct.port" -}}
{{- if .Values.postgresql.direct.port }}
{{- printf "%d" (int .Values.postgresql.direct.port) | quote -}}
{{- else }}
{{- printf "%s" (include "mastodon.postgres.port" .) -}}
{{- end }}
{{- end }}
{{- define "mastodon.postgres.direct.database" -}}
{{- if .Values.postgresql.direct.database }}
{{- printf "%s" .Values.postgresql.direct.database -}}
{{- else }}
{{- printf "%s" .Values.postgresql.auth.database -}}
{{- end }}
{{- end }}
{{- define "mastodon.redis.host" -}}
{{- if .Values.redis.enabled }}
{{- printf "%s-%s" (include "mastodon.redis.fullname" .) "master" -}}
{{- else }}
{{- printf "%s" (required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname) -}}
{{- end }}
{{- end }}
{{/*
Get the mastodon secret.
*/}}

72
templates/_secrets.tpl Normal file
View File

@ -0,0 +1,72 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Spec template for mastodon secrets object.
*/}}
{{- define "mastodon.secrets.object" -}}
apiVersion: v1
kind: Secret
metadata:
{{- if .prepare }}
name: {{ template "mastodon.fullname" . }}-prepare
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
{{- if .prepare }}
"helm.sh/hook": pre-install
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-3"
{{- end }}
type: Opaque
data:
{{- if .Values.mastodon.s3.enabled }}
{{- if not .Values.mastodon.s3.existingSecret }}
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
{{- end }}
{{- end }}
{{- if not .Values.mastodon.secrets.existingSecret }}
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
{{- else }}
SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.otp_secret) }}
OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}"
{{- else }}
OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.vapid.private_key) }}
VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}"
{{- else }}
VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.vapid.public_key) }}
VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}"
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
{{- end }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}
password: "{{ .Values.postgresql.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}

23
templates/configmap-env.yaml
View File

@ -5,13 +5,8 @@ metadata:
labels:
{{- include "mastodon.labels" . | nindent 4 }}
data:
{{- if .Values.postgresql.enabled }}
DB_HOST: {{ template "mastodon.postgresql.fullname" . }}
DB_PORT: "5432"
{{- else }}
DB_HOST: {{ .Values.postgresql.postgresqlHostname }}
DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
{{- end }}
DB_HOST: {{ template "mastodon.postgres.host" . }}
DB_PORT: {{ template "mastodon.postgres.port" . }}
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }}
@ -19,7 +14,7 @@ data:
REPLICA_DB_HOST: {{ .Values.postgresql.readReplica.hostname }}
{{- end }}
{{- if .Values.postgresql.readReplica.port }}
REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port }}
REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port | quote }}
{{- end }}
{{- if .Values.postgresql.readReplica.auth.database }}
REPLICA_DB_NAME: {{ .Values.postgresql.readReplica.auth.database }}
@ -66,11 +61,7 @@ data:
MALLOC_ARENA_MAX: "2"
NODE_ENV: "production"
RAILS_ENV: "production"
{{- if .Values.redis.enabled }}
REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master
{{- else }}
REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }}
{{- end }}
REDIS_HOST: {{ template "mastodon.redis.host" . }}
REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
{{- if .Values.redis.sidekiq.enabled }}
{{- if .Values.redis.sidekiq.hostname }}
@ -137,10 +128,10 @@ data:
SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ . }}
SMTP_FROM_ADDRESS: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.return_path }}
SMTP_RETURN_PATH: {{ . }}
SMTP_RETURN_PATH: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
@ -149,7 +140,7 @@ data:
SMTP_PORT: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.reply_to }}
SMTP_REPLY_TO: {{ . }}
SMTP_REPLY_TO: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.smtp.server }}
SMTP_SERVER: {{ . }}

33
templates/deployment-sidekiq.yaml
View File

@ -7,12 +7,18 @@ metadata:
name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }}
labels:
{{- include "mastodon.labels" $context | nindent 4 }}
{{- with $context.Values.mastodon.sidekiq.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
annotations:
{{- with $context.Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $context.Values.mastodon.sidekiq.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if (has "scheduler" .queues) }}
{{- if (gt (int .replicas) 1) }}
@ -37,6 +43,9 @@ spec:
{{- with $context.Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $context.Values.mastodon.sidekiq.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
@ -44,6 +53,9 @@ spec:
{{- include "mastodon.globalLabels" $context | nindent 8 }}
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" $context | nindent 8 }}
{{- with $context.Values.mastodon.sidekiq.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
@ -191,7 +203,28 @@ spec:
value: {{ coalesce $context.Values.mastodon.sidekiq.otel.endpointUri $context.Values.mastodon.otel.endpointUri }}
- name: OTEL_SERVICE_NAME_PREFIX
value: {{ coalesce $context.Values.mastodon.sidekiq.otel.namePrefix $context.Values.mastodon.otel.namePrefix }}
- name: OTEL_SERVICE_NAME_SEPARATOR
value: "{{ coalesce $context.Values.mastodon.sidekiq.otel.nameSeparator $context.Values.mastodon.otel.nameSeparator }}"
{{- end }}
{{- if $context.Values.mastodon.metrics.prometheus.enabled }}
- name: MASTODON_PROMETHEUS_EXPORTER_ENABLED
value: "true"
- name: MASTODON_PROMETHEUS_EXPORTER_LOCAL
value: "true"
- name: MASTODON_PROMETHEUS_EXPORTER_HOST
value: "0.0.0.0"
- name: MASTODON_PROMETHEUS_EXPORTER_PORT
value: "{{ $context.Values.mastodon.metrics.prometheus.port }}"
{{- if $context.Values.mastodon.metrics.prometheus.sidekiq.detailed }}
- name: MASTODON_PROMETHEUS_EXPORTER_SIDEKIQ_DETAILED_METRICS
value: "true"
{{- end }}
{{- end }}
{{- if $context.Values.mastodon.metrics.prometheus.enabled }}
ports:
- name: prometheus
containerPort: {{ $context.Values.mastodon.metrics.prometheus.port }}
{{- end }}
volumeMounts:
{{- if (not $context.Values.mastodon.s3.enabled) }}
- name: assets

22
templates/deployment-streaming.yaml
View File

@ -4,8 +4,14 @@ metadata:
name: {{ include "mastodon.fullname" . }}-streaming
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- with .Values.mastodon.streaming.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.streaming.deploymentAnnotations) }}
{{- with .Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.mastodon.streaming.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
@ -13,8 +19,8 @@ spec:
{{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "<nil>") }}
revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }}
{{- end }}
{{- if .Values.mastodon.web.updateStrategy }}
strategy: {{- toYaml .Values.mastodon.web.updateStrategy | nindent 4 }}
{{- if .Values.mastodon.streaming.updateStrategy }}
strategy: {{- toYaml .Values.mastodon.streaming.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels:
@ -23,7 +29,10 @@ spec:
template:
metadata:
annotations:
{{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.streaming.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
@ -31,6 +40,9 @@ spec:
labels:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
{{- with .Values.mastodon.streaming.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: streaming
spec:
{{- with .Values.imagePullSecrets }}
@ -58,7 +70,7 @@ spec:
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ coalesce .Values.mastodon.streaming.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}"
image: "{{ .Values.mastodon.streaming.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- node

53
templates/deployment-web.yaml
View File

@ -4,8 +4,14 @@ metadata:
name: {{ include "mastodon.fullname" . }}-web
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- with .Values.mastodon.web.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with (default .Values.deploymentAnnotations .Values.mastodon.web.deploymentAnnotations) }}
{{- with .Values.deploymentAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.mastodon.web.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
@ -24,7 +30,10 @@ spec:
template:
metadata:
annotations:
{{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mastodon.web.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
@ -33,6 +42,9 @@ spec:
{{- include "mastodon.globalLabels" . | nindent 8 }}
{{- include "mastodon.selectorLabels" . | nindent 8 }}
{{- include "mastodon.statsdExporterLabels" . | nindent 8 }}
{{- with .Values.mastodon.web.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: rails
spec:
@ -181,7 +193,23 @@ spec:
value: {{ coalesce .Values.mastodon.web.otel.endpointUri .Values.mastodon.otel.endpointUri }}
- name: OTEL_SERVICE_NAME_PREFIX
value: {{ coalesce .Values.mastodon.web.otel.namePrefix .Values.mastodon.otel.namePrefix }}
- name: OTEL_SERVICE_NAME_SEPARATOR
value: "{{ coalesce .Values.mastodon.web.otel.nameSeparator .Values.mastodon.otel.nameSeparator }}"
{{- end }}
{{- if .Values.mastodon.metrics.prometheus.enabled }}
- name: MASTODON_PROMETHEUS_EXPORTER_ENABLED
value: "true"
- name: PROMETHEUS_EXPORTER_HOST
value: "127.0.0.1"
- name: PROMETHEUS_EXPORTER_PORT
value: "{{ .Values.mastodon.metrics.prometheus.port }}"
{{- if .Values.mastodon.metrics.prometheus.web.detailed }}
- name: MASTODON_PROMETHEUS_EXPORTER_WEB_DETAILED_METRICS
value: "true"
{{- end }}
{{- end }}
- name: TEST_ENV_VALUE
value: {{ .Values.mastodon.metrics.statsd.address }}
volumeMounts:
{{- if (not .Values.mastodon.s3.enabled) }}
- name: assets
@ -219,6 +247,27 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.mastodon.metrics.prometheus.enabled }}
- name: prometheus-exporter
image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}"
command:
- ./bin/prometheus_exporter
args:
- "--bind"
- "0.0.0.0"
- "--port"
- "{{ .Values.mastodon.metrics.prometheus.port }}"
resources:
requests:
cpu: "0.1"
memory: "180M"
limits:
cpu: "0.5"
memory: "250M"
ports:
- name: prometheus
containerPort: {{ .Values.mastodon.metrics.prometheus.port }}
{{- end }}
{{- include "mastodon.statsdExporterContainer" $ | indent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:

92
templates/job-assets-copy.yaml Normal file
View File

@ -0,0 +1,92 @@
{{- if .Values.mastodon.hooks.s3Upload.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-assets-upload
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-1"
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-assets-upload
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
restartPolicy: Never
initContainers:
- name: extract-assets
image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}"
imagePullPolicy: Always
command:
- cp
args:
- -rv
- public
- /assets
volumeMounts:
- mountPath: /assets
name: assets
containers:
- name: upload-assets
image: rclone/rclone:1
imagePullPolicy: Always
env:
- name: RCLONE_S3_NO_CHECK_BUCKET
value: "true"
- name: RCLONE_S3_ACL
value: {{ required "Please specify a canned ACL for S3 asset uploads" .Values.mastodon.hooks.s3Upload.acl }}
- name: RCLONE_CONFIG_REMOTE_TYPE
value: s3
- name: RCLONE_CONFIG_REMOTE_PROVIDER
value: AWS
- name: RCLONE_CONFIG_REMOTE_ENDPOINT
value: {{ required "Please specify an endpoint for S3 asset uploads" .Values.mastodon.hooks.s3Upload.endpoint }}
- name: RCLONE_CONFIG_REMOTE_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ required "Please specify a secret with S3 credentials for S3 asset uploads" .Values.mastodon.hooks.s3Upload.secretRef.name }}
key: {{ .Values.mastodon.hooks.s3Upload.secretRef.keys.accesKeyId }}
- name: RCLONE_CONFIG_REMOTE_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ required "Please specify a secret with S3 credentials for S3 asset uploads" .Values.mastodon.hooks.s3Upload.secretRef.name }}
key: {{ .Values.mastodon.hooks.s3Upload.secretRef.keys.secretAccessKey }}
{{- with .Values.mastodon.hooks.s3Upload.rclone.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
command:
- rclone
args:
- copy
- /assets/public
- "remote:{{ required "Please specify a bucket for S3 asset uploads" .Values.mastodon.hooks.s3Upload.bucket }}"
- --fast-list
- --transfers=32
- --include
- "{assets,packs}/**"
- --progress
- -vv
volumeMounts:
- mountPath: /assets
name: assets
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 500Mi
volumes:
- name: assets
emptyDir: {}
{{- end -}}

93
templates/job-assets-precompile.yaml
View File

@ -1,93 +0,0 @@
{{- if .Values.mastodon.hooks.assetsPrecompile.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-assets-precompile
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-2"
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-assets-precompile
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-assets-precompile
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bash
- -c
- |
bundle exec rake assets:precompile && yarn cache clean
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}

100
templates/job-chewy-upgrade.yaml
View File

@ -1,100 +0,0 @@
{{- if .Values.elasticsearch.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-chewy-upgrade
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-1"
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-chewy-upgrade
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-chewy-setup
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
- exec
- rake
- chewy:upgrade
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
valueFrom:
secretKeyRef:
name: {{ .Values.elasticsearch.existingSecret }}
key: password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end }}

96
templates/job-db-migrate.yaml
View File

@ -1,93 +1,3 @@
{{- if .Values.mastodon.hooks.dbMigrate.enabled -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "mastodon.fullname" . }}-db-migrate
labels:
{{- include "mastodon.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-2"
spec:
template:
metadata:
name: {{ include "mastodon.fullname" . }}-db-migrate
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }}
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.assets" . }}
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.pvc.system" . }}
{{- end }}
containers:
- name: {{ include "mastodon.fullname" . }}-db-migrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bundle
- exec
- rake
- db:migrate
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets
mountPath: /opt/mastodon/public/assets
- name: system
mountPath: /opt/mastodon/public/system
{{- end }}
{{- end -}}
{{- if .Values.mastodon.hooks.dbMigrate.enabled }}
{{- include "mastodon.dbMigrateJob" (merge (dict "preDeploy" false ) .) }}
{{- end }}

3
templates/job-db-pre-migrate.yaml Normal file
View File

@ -0,0 +1,3 @@
{{- if .Values.mastodon.hooks.dbMigrate.enabled }}
{{- include "mastodon.dbMigrateJob" (merge (dict "preDeploy" true ) .) }}
{{- end }}

3
templates/job-db-prepare.yaml Normal file
View File

@ -0,0 +1,3 @@
{{- if and .Values.mastodon.hooks.dbPrepare.enabled (not .Values.postgresql.enabled) }}
{{- include "mastodon.dbMigrateJob" (merge (dict "prepare" true ) .) }}
{{- end }}

3
templates/secret-prepare.yml Normal file
View File

@ -0,0 +1,3 @@
{{- if and (include "mastodon.createSecret" .) (not .Values.postgresql.enabled) -}}
{{- include "mastodon.secrets.object" (merge (dict "prepare" true ) .) }}
{{- end }}

57
templates/secrets.yaml
View File

@ -1,58 +1,3 @@
{{- if (include "mastodon.createSecret" .) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "mastodon.fullname" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.mastodon.s3.enabled }}
{{- if not .Values.mastodon.s3.existingSecret }}
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
{{- end }}
{{- end }}
{{- if not .Values.mastodon.secrets.existingSecret }}
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
{{- else }}
SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.otp_secret) }}
OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}"
{{- else }}
OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.vapid.private_key) }}
VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}"
{{- else }}
VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.vapid.public_key) }}
VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}"
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
{{- end }}
{{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
{{- else }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
{{- end }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}
password: "{{ .Values.postgresql.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- include "mastodon.secrets.object" . }}
{{- end }}

1
templates/service-streaming.yaml
View File

@ -11,6 +11,7 @@ spec:
targetPort: streaming
protocol: TCP
name: streaming
ipFamilyPolicy: PreferDualStack
selector:
{{- include "mastodon.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: streaming

1
templates/service-web.yaml
View File

@ -11,6 +11,7 @@ spec:
targetPort: http
protocol: TCP
name: http
ipFamilyPolicy: PreferDualStack
selector:
{{- include "mastodon.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: web

112
values.yaml
View File

@ -6,7 +6,7 @@ image:
# built from the most recent commit
#
# tag: latest
tag: null
tag: ""
# use `Always` when using `latest` tag
pullPolicy: IfNotPresent
@ -24,10 +24,39 @@ mastodon:
# @ignored
email: not@example.com
hooks:
# Whether to perform DB schema creation on `helm install`.
# Please note that this does not work when using the included database
# (postgresql.enabled=true).
# NOTE: When using certain GitOps solutions such as Argo CD, this should be
# disabled, as these apps do not necessarily differentiate between `pre-install`
# and `pre-upgrade`.
dbPrepare:
enabled: true
# Whether to perform DB migrations on `helm upgrade`.
dbMigrate:
enabled: true
assetsPrecompile:
enabled: true
# Upload website assets to S3 before deploying using rclone.
# Whenever there is an update to Mastodon, sometimes there are assets files
# that are renamed. As the pods are getting redeployed, and old/new pods are
# present simultaneously, there is a chance that old asset files are
# requested from pods that don't have them anymore, or new asset files are
# requested from old pods. Uploading asset files to S3 in this manner solves
# this potential conflict.
# Note that you will need to CDN/proxy to send all requests to /assets and
# /packs to this bucket.
s3Upload:
enabled: false
endpoint:
bucket:
acl: public-read
secretRef:
name:
keys:
accesKeyId: acces-key-id
secretAccessKey: secret-access-key
rclone:
# Any additional environment variables to pass to rclone.
env: {}
# Custom labels to add to kubernetes resources
#labels:
cron:
@ -141,6 +170,18 @@ mastodon:
resources: {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity: {}
# -- Annotations to apply to the deployment object(s) for sidekiq.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object(s) for sidekiq.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the sidekiq pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the sidekiq pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods.
# Recreate will help reduce the number of retried jobs when updating when
# the code introduces a new job as the pods are all replaced immediately.
@ -173,6 +214,7 @@ mastodon:
enabled:
exporterUri:
namePrefix:
nameSeparator:
workers:
- name: all-queues
@ -241,8 +283,10 @@ mastodon:
existingSecret:
streaming:
image:
repository:
tag:
# streaming image split in Mastodon v4.3.0
repository: ghcr.io/mastodon/mastodon-streaming
# other options: `latest` for the latest release or `edge` for most recent commit
tag: ""
port: 4000
# -- this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to
@ -255,6 +299,18 @@ mastodon:
replicas: 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity: {}
# -- Annotations to apply to the deployment object for streaming.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object for streaming.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the streaming pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the streaming pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
updateStrategy:
@ -301,6 +357,18 @@ mastodon:
replicas: 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity: {}
# -- Annotations to apply to the deployment object for web.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object for web.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the web pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the web pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
updateStrategy:
@ -348,6 +416,7 @@ mastodon:
enabled:
exporterUri:
namePrefix:
nameSeparator:
# HTTP cache buster configuration.
# See the documentation for more information about this feature:
@ -371,12 +440,31 @@ mastodon:
enabled: false
port: 9102
# Settings for Prometheus metrics. NOTE: Only available in Mastodon v4.4.
# For more information, see:
# https://docs.joinmastodon.org/admin/config/#prometheus
prometheus:
enabled: false
# Port for the exporter to listen on
port: 9394
# Prometheus for web pods
web:
# Collect per-controller/action metrics for every request
detailed: false
# Prometheus for sidekiq pods
sidekiq:
# Collect per-job metrics for every job
detailed: false
# Open Telemetry configuration for all deployments. Component-specific
# configuration will override these values.
otel:
enabled: false
exporterUri:
namePrefix: mastodon
nameSeparator: "-"
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements: true
@ -462,10 +550,22 @@ elasticsearch:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql:
# -- disable if you want to use an existing db; in which case the values below
# must match those of that external postgres instance
# must match those of that external postgres instance.
# Please note that certain features do not work when enabling the included
# database, namely automatic schema creation when the app is first installed.
enabled: true
# postgresqlHostname: preexisting-postgresql
# postgresqlPort: 5432
# If using a connection pooler such as pgbouncer, please specify a hostname/IP
# that serves as a "direct" connection to the database, rather than going
# through the connection pooler. This is required for migrations to work
# properly.
direct:
hostname:
port:
database:
auth:
database: mastodon_production
username: mastodon