From fd0366d059285c4d3ac4e42b8216279a1290ec9d Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 12 Sep 2024 15:59:12 +0200 Subject: [PATCH 01/19] Better control of labels/annotations for deployments and pods (#149) --- Chart.yaml | 2 +- templates/deployment-sidekiq.yaml | 12 ++++++++++ templates/deployment-streaming.yaml | 20 ++++++++++++---- templates/deployment-web.yaml | 16 +++++++++++-- values.yaml | 36 +++++++++++++++++++++++++++++ 5 files changed, 79 insertions(+), 7 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index cf68afc..8d078ca 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.3.3 +version: 5.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 8898715..0fcb239 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -7,12 +7,18 @@ metadata: name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }} labels: {{- include "mastodon.labels" $context | nindent 4 }} + {{- with $context.Values.mastodon.sidekiq.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails annotations: {{- with $context.Values.deploymentAnnotations }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with $context.Values.mastodon.sidekiq.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if (has "scheduler" .queues) }} {{- if (gt (int .replicas) 1) }} @@ -37,6 +43,9 @@ spec: {{- with $context.Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with $context.Values.mastodon.sidekiq.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} # roll the pods to pick up any db migrations or other changes {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} @@ -44,6 +53,9 @@ spec: {{- include "mastodon.globalLabels" $context | nindent 8 }} {{- include "mastodon.selectorLabels" $context | nindent 8 }} {{- include "mastodon.statsdExporterLabels" $context | nindent 8 }} + {{- with $context.Values.mastodon.sidekiq.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails spec: diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 89bd06a..9f4a6b9 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -4,8 +4,14 @@ metadata: name: {{ include "mastodon.fullname" . }}-streaming labels: {{- include "mastodon.labels" . | nindent 4 }} + {{- with .Values.mastodon.streaming.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: - {{- with (default .Values.deploymentAnnotations .Values.mastodon.streaming.deploymentAnnotations) }} + {{- with .Values.deploymentAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.mastodon.streaming.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: @@ -13,8 +19,8 @@ spec: {{- if (ne (toString .Values.mastodon.revisionHistoryLimit) "") }} revisionHistoryLimit: {{ .Values.mastodon.revisionHistoryLimit }} {{- end }} - {{- if .Values.mastodon.web.updateStrategy }} - strategy: {{- toYaml .Values.mastodon.web.updateStrategy | nindent 4 }} + {{- if .Values.mastodon.streaming.updateStrategy }} + strategy: {{- toYaml .Values.mastodon.streaming.updateStrategy | nindent 4 }} {{- end }} selector: matchLabels: @@ -23,7 +29,10 @@ spec: template: metadata: annotations: - {{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mastodon.streaming.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} # roll the pods to pick up any db migrations or other changes @@ -31,6 +40,9 @@ spec: labels: {{- include "mastodon.globalLabels" . | nindent 8 }} {{- include "mastodon.selectorLabels" . | nindent 8 }} + {{- with .Values.mastodon.streaming.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} app.kubernetes.io/component: streaming spec: {{- with .Values.imagePullSecrets }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index b3a2620..c7b288f 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -4,8 +4,14 @@ metadata: name: {{ include "mastodon.fullname" . }}-web labels: {{- include "mastodon.labels" . | nindent 4 }} + {{- with .Values.mastodon.web.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: - {{- with (default .Values.deploymentAnnotations .Values.mastodon.web.deploymentAnnotations) }} + {{- with .Values.deploymentAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.mastodon.web.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: @@ -24,7 +30,10 @@ spec: template: metadata: annotations: - {{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mastodon.web.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} # roll the pods to pick up any db migrations or other changes @@ -33,6 +42,9 @@ spec: {{- include "mastodon.globalLabels" . | nindent 8 }} {{- include "mastodon.selectorLabels" . | nindent 8 }} {{- include "mastodon.statsdExporterLabels" . | nindent 8 }} + {{- with .Values.mastodon.web.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} app.kubernetes.io/component: web app.kubernetes.io/part-of: rails spec: diff --git a/values.yaml b/values.yaml index f0ea98d..5117a6d 100644 --- a/values.yaml +++ b/values.yaml @@ -141,6 +141,18 @@ mastodon: resources: {} # -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity affinity: {} + # -- Annotations to apply to the deployment object(s) for sidekiq. + # -- These are applied in addition to deploymentAnnotations. + annotations: {} + # -- Labels to apply to the deployment object(s) for sidekiq. + # -- These are applied in addition to mastodon.labels. + labels: {} + # -- Annotations to apply to the sidekiq pods. + # -- These are applied in addition to the global podAnnotations. + podAnnotations: {} + # -- Labels to apply to the sidekiq pods. + # -- These are applied in addition to mastodon.labels. + podLabels: {} # Rollout strategy to use when updating pods. # Recreate will help reduce the number of retried jobs when updating when # the code introduces a new job as the pods are all replaced immediately. @@ -255,6 +267,18 @@ mastodon: replicas: 1 # -- Affinity for Streaming Pods, overwrites .Values.affinity affinity: {} + # -- Annotations to apply to the deployment object for streaming. + # -- These are applied in addition to deploymentAnnotations. + annotations: {} + # -- Labels to apply to the deployment object for streaming. + # -- These are applied in addition to mastodon.labels. + labels: {} + # -- Annotations to apply to the streaming pods. + # -- These are applied in addition to the global podAnnotations. + podAnnotations: {} + # -- Labels to apply to the streaming pods. + # -- These are applied in addition to mastodon.labels. + podLabels: {} # Rollout strategy to use when updating pods # ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: @@ -301,6 +325,18 @@ mastodon: replicas: 1 # -- Affinity for Web Pods, overwrites .Values.affinity affinity: {} + # -- Annotations to apply to the deployment object for web. + # -- These are applied in addition to deploymentAnnotations. + annotations: {} + # -- Labels to apply to the deployment object for web. + # -- These are applied in addition to mastodon.labels. + labels: {} + # -- Annotations to apply to the web pods. + # -- These are applied in addition to the global podAnnotations. + podAnnotations: {} + # -- Labels to apply to the web pods. + # -- These are applied in addition to mastodon.labels. + podLabels: {} # Rollout strategy to use when updating pods # ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: From 29a3645210077a2ae63ccc5c46c5ad4be6bb34d8 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Mon, 30 Sep 2024 16:22:26 +0200 Subject: [PATCH 02/19] Add additional OTEL options (#152) --- Chart.yaml | 2 +- templates/deployment-sidekiq.yaml | 2 ++ templates/deployment-web.yaml | 2 ++ values.yaml | 3 +++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 8d078ca..6993897 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.4.0 +version: 5.4.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 0fcb239..f59cade 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -203,6 +203,8 @@ spec: value: {{ coalesce $context.Values.mastodon.sidekiq.otel.endpointUri $context.Values.mastodon.otel.endpointUri }} - name: OTEL_SERVICE_NAME_PREFIX value: {{ coalesce $context.Values.mastodon.sidekiq.otel.namePrefix $context.Values.mastodon.otel.namePrefix }} + - name: OTEL_SERVICE_NAME_SEPARATOR + value: {{ coalesce $context.Values.mastodon.sidekiq.otel.nameSeparator $context.Values.mastodon.otel.nameSeparator }} {{- end }} volumeMounts: {{- if (not $context.Values.mastodon.s3.enabled) }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index c7b288f..ae8db55 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -193,6 +193,8 @@ spec: value: {{ coalesce .Values.mastodon.web.otel.endpointUri .Values.mastodon.otel.endpointUri }} - name: OTEL_SERVICE_NAME_PREFIX value: {{ coalesce .Values.mastodon.web.otel.namePrefix .Values.mastodon.otel.namePrefix }} + - name: OTEL_SERVICE_NAME_SEPARATOR + value: {{ coalesce .Values.mastodon.web.otel.nameSeparator .Values.mastodon.otel.nameSeparator }} {{- end }} volumeMounts: {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/values.yaml b/values.yaml index 5117a6d..3afa7ae 100644 --- a/values.yaml +++ b/values.yaml @@ -185,6 +185,7 @@ mastodon: enabled: exporterUri: namePrefix: + nameSeparator: workers: - name: all-queues @@ -384,6 +385,7 @@ mastodon: enabled: exporterUri: namePrefix: + nameSeparator: # HTTP cache buster configuration. # See the documentation for more information about this feature: @@ -413,6 +415,7 @@ mastodon: enabled: false exporterUri: namePrefix: mastodon + nameSeparator: "-" # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements preparedStatements: true From abe868d95ce5ce7c4cdfc99742b6b098cb84ad75 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 1 Oct 2024 11:33:30 +0200 Subject: [PATCH 03/19] Minor fix for otel separator value (#154) --- templates/deployment-sidekiq.yaml | 2 +- templates/deployment-web.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index f59cade..1b3042d 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -204,7 +204,7 @@ spec: - name: OTEL_SERVICE_NAME_PREFIX value: {{ coalesce $context.Values.mastodon.sidekiq.otel.namePrefix $context.Values.mastodon.otel.namePrefix }} - name: OTEL_SERVICE_NAME_SEPARATOR - value: {{ coalesce $context.Values.mastodon.sidekiq.otel.nameSeparator $context.Values.mastodon.otel.nameSeparator }} + value: "{{ coalesce $context.Values.mastodon.sidekiq.otel.nameSeparator $context.Values.mastodon.otel.nameSeparator }}" {{- end }} volumeMounts: {{- if (not $context.Values.mastodon.s3.enabled) }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index ae8db55..d787c3f 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -194,7 +194,7 @@ spec: - name: OTEL_SERVICE_NAME_PREFIX value: {{ coalesce .Values.mastodon.web.otel.namePrefix .Values.mastodon.otel.namePrefix }} - name: OTEL_SERVICE_NAME_SEPARATOR - value: {{ coalesce .Values.mastodon.web.otel.nameSeparator .Values.mastodon.otel.nameSeparator }} + value: "{{ coalesce .Values.mastodon.web.otel.nameSeparator .Values.mastodon.otel.nameSeparator }}" {{- end }} volumeMounts: {{- if (not .Values.mastodon.s3.enabled) }} From 9f5d8eed4f90d4a3859c35b90e48f1e0694b1430 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 1 Oct 2024 11:33:43 +0200 Subject: [PATCH 04/19] S3 upload (#150) Co-authored-by: Renaud Chaput --- Chart.yaml | 2 +- templates/job-assets-copy.yaml | 90 ++++++++++++++++++++++++++++++++++ values.yaml | 21 ++++++++ 3 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 templates/job-assets-copy.yaml diff --git a/Chart.yaml b/Chart.yaml index 6993897..e6155e9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.4.1 +version: 5.5.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/templates/job-assets-copy.yaml b/templates/job-assets-copy.yaml new file mode 100644 index 0000000..f4ec87f --- /dev/null +++ b/templates/job-assets-copy.yaml @@ -0,0 +1,90 @@ +{{- if .Values.mastodon.hooks.s3Upload.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "mastodon.fullname" . }}-assets-upload + labels: + {{- include "mastodon.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "-1" +spec: + template: + metadata: + name: {{ include "mastodon.fullname" . }}-assets-upload + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + restartPolicy: Never + initContainers: + - name: extract-assets + image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}" + imagePullPolicy: Always + command: + - cp + args: + - -rv + - public + - /assets + volumeMounts: + - mountPath: /assets + name: assets + containers: + - name: upload-assets + image: rclone/rclone:1 + imagePullPolicy: Always + env: + - name: RCLONE_S3_NO_CHECK_BUCKET + value: "true" + - name: RCLONE_CONFIG_REMOTE_TYPE + value: s3 + - name: RCLONE_CONFIG_REMOTE_PROVIDER + value: AWS + - name: RCLONE_CONFIG_REMOTE_ENDPOINT + value: {{ required "Please specify an endpoint for S3 asset uploads" .Values.mastodon.hooks.s3Upload.endpoint }} + - name: RCLONE_CONFIG_REMOTE_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ required "Please specify a secret with S3 credentials for S3 asset uploads" .Values.mastodon.hooks.s3Upload.secretRef.name }} + key: {{ .Values.mastodon.hooks.s3Upload.secretRef.keys.accesKeyId }} + - name: RCLONE_CONFIG_REMOTE_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ required "Please specify a secret with S3 credentials for S3 asset uploads" .Values.mastodon.hooks.s3Upload.secretRef.name }} + key: {{ .Values.mastodon.hooks.s3Upload.secretRef.keys.secretAccessKey }} + {{- with .Values.mastodon.hooks.s3Upload.rclone.env }} + {{- toYaml . | nindent 12 }} + {{- end }} + command: + - rclone + args: + - copy + - /assets/public + - "remote:{{ required "Please specify a bucket for S3 asset uploads" .Values.mastodon.hooks.s3Upload.bucket }}" + - --fast-list + - --transfers=32 + - --include + - "{assets,packs}/**" + - --progress + - -vv + volumeMounts: + - mountPath: /assets + name: assets + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + memory: 500Mi + volumes: + - name: assets + emptyDir: {} +{{- end -}} diff --git a/values.yaml b/values.yaml index 3afa7ae..e6ab46d 100644 --- a/values.yaml +++ b/values.yaml @@ -28,6 +28,27 @@ mastodon: enabled: true assetsPrecompile: enabled: true + # Upload website assets to S3 before deploying using rclone. + # Whenever there is an update to Mastodon, sometimes there are assets files + # that are renamed. As the pods are getting redeployed, and old/new pods are + # present simultaneously, there is a chance that old asset files are + # requested from pods that don't have them anymore, or new asset files are + # requested from old pods. Uploading asset files to S3 in this manner solves + # this potential conflict. + # Note that you will need to CDN/proxy to send all requests to /assets and + # /packs to this bucket. + s3Upload: + enabled: false + endpoint: + bucket: + secretRef: + name: + keys: + accesKeyId: acces-key-id + secretAccessKey: secret-access-key + rclone: + # Any additional environment variables to pass to rclone. + env: {} # Custom labels to add to kubernetes resources #labels: cron: From b4bf53cc3906fdca10362df8e36e58ee3cf84509 Mon Sep 17 00:00:00 2001 From: Jeremiah Lee <106775223+jeremiahlee@users.noreply.github.com> Date: Tue, 1 Oct 2024 06:15:34 -0400 Subject: [PATCH 05/19] chore(deps): upgrade app to Mastodon v4.2.13 (#153) --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index e6155e9..98e085b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.5.0 +version: 5.5.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: "v4.2.12" +appVersion: "v4.2.13" dependencies: - name: elasticsearch From 4f8599872242b01c6cbd90fc7522f09a99d6a64f Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 1 Oct 2024 14:14:36 +0200 Subject: [PATCH 06/19] S3 upload acl fix (#155) --- Chart.yaml | 2 +- templates/job-assets-copy.yaml | 2 ++ values.yaml | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 98e085b..5008330 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.5.1 +version: 5.5.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/templates/job-assets-copy.yaml b/templates/job-assets-copy.yaml index f4ec87f..d35a7bc 100644 --- a/templates/job-assets-copy.yaml +++ b/templates/job-assets-copy.yaml @@ -44,6 +44,8 @@ spec: env: - name: RCLONE_S3_NO_CHECK_BUCKET value: "true" + - name: RCLONE_S3_ACL + value: {{ required "Please specify a canned ACL for S3 asset uploads" .Values.mastodon.hooks.s3Upload.acl }} - name: RCLONE_CONFIG_REMOTE_TYPE value: s3 - name: RCLONE_CONFIG_REMOTE_PROVIDER diff --git a/values.yaml b/values.yaml index e6ab46d..1bf977d 100644 --- a/values.yaml +++ b/values.yaml @@ -41,6 +41,7 @@ mastodon: enabled: false endpoint: bucket: + acl: public-read secretRef: name: keys: From 5ef48e7cb89181bf73e8f538c61ecfdf0eee8442 Mon Sep 17 00:00:00 2001 From: Florian Schwab <231497+ydkn@users.noreply.github.com> Date: Mon, 10 Feb 2025 10:44:36 +0100 Subject: [PATCH 07/19] quote smtp from, return and reply addresses (#162) --- templates/configmap-env.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index fe365a7..5327d04 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -137,10 +137,10 @@ data: SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }} {{- end }} {{- with .Values.mastodon.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ . }} + SMTP_FROM_ADDRESS: {{ . | quote }} {{- end }} {{- with .Values.mastodon.smtp.return_path }} - SMTP_RETURN_PATH: {{ . }} + SMTP_RETURN_PATH: {{ . | quote }} {{- end }} {{- with .Values.mastodon.smtp.openssl_verify_mode }} SMTP_OPENSSL_VERIFY_MODE: {{ . }} @@ -149,7 +149,7 @@ data: SMTP_PORT: {{ . | quote }} {{- end }} {{- with .Values.mastodon.smtp.reply_to }} - SMTP_REPLY_TO: {{ . }} + SMTP_REPLY_TO: {{ . | quote }} {{- end }} {{- with .Values.mastodon.smtp.server }} SMTP_SERVER: {{ . }} From 2d2d10c6b33ccce3db891abe0f2563a421b7224e Mon Sep 17 00:00:00 2001 From: Sem Schilder Date: Mon, 24 Feb 2025 12:25:51 +0100 Subject: [PATCH 08/19] Make sure to quote replica db port value (#165) --- templates/configmap-env.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 5327d04..64f6681 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -19,7 +19,7 @@ data: REPLICA_DB_HOST: {{ .Values.postgresql.readReplica.hostname }} {{- end }} {{- if .Values.postgresql.readReplica.port }} - REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port }} + REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port | quote }} {{- end }} {{- if .Values.postgresql.readReplica.auth.database }} REPLICA_DB_NAME: {{ .Values.postgresql.readReplica.auth.database }} From 18272009b2b67953d98a724adc2dcd811ebbbe51 Mon Sep 17 00:00:00 2001 From: Sem Schilder Date: Mon, 3 Mar 2025 08:53:59 +0100 Subject: [PATCH 09/19] Update mastodon version (#166) --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 5008330..01f754e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.5.2 +version: 5.5.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: "v4.2.13" +appVersion: "v4.2.17" dependencies: - name: elasticsearch From cbd5259b698f799d1e24af1d1fd54eb89bd433d0 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 4 Mar 2025 16:21:46 +0100 Subject: [PATCH 10/19] Create new pre/post migrate jobs (#163) --- templates/_db-migrate.tpl | 107 ++++++++++++++++++++++++++++++ templates/_helpers.tpl | 27 ++++++++ templates/_secrets.tpl | 72 ++++++++++++++++++++ templates/configmap-env.yaml | 15 +---- templates/job-db-migrate.yaml | 94 +------------------------- templates/job-db-pre-migrate.yaml | 1 + templates/job-db-prepare.yaml | 4 ++ templates/secret-prepare.yml | 4 ++ templates/secrets.yaml | 57 +--------------- values.yaml | 7 +- 10 files changed, 226 insertions(+), 162 deletions(-) create mode 100644 templates/_db-migrate.tpl create mode 100644 templates/_secrets.tpl create mode 100644 templates/job-db-pre-migrate.yaml create mode 100644 templates/job-db-prepare.yaml create mode 100644 templates/secret-prepare.yml diff --git a/templates/_db-migrate.tpl b/templates/_db-migrate.tpl new file mode 100644 index 0000000..042faf3 --- /dev/null +++ b/templates/_db-migrate.tpl @@ -0,0 +1,107 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Spec template for DB migration pre- and post-install/upgrade jobs. +*/}} +{{- define "mastodon.dbMigrateJob" -}} +apiVersion: batch/v1 +kind: Job +metadata: + {{- if .prepare }} + name: {{ include "mastodon.fullname" . }}-db-prepare + {{- else if .preDeploy }} + name: {{ include "mastodon.fullname" . }}-db-pre-migrate + {{- else }} + name: {{ include "mastodon.fullname" . }}-db-post-migrate + {{- end }} + labels: + {{- include "mastodon.labels" . | nindent 4 }} + annotations: + {{- if .prepare }} + "helm.sh/hook": pre-install + {{- else if .preDeploy }} + "helm.sh/hook": pre-upgrade + {{- else }} + "helm.sh/hook": post-install,post-upgrade + {{- end }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-2" +spec: + template: + metadata: + name: {{ include "mastodon.fullname" . }}-db-migrate + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: Never + containers: + - name: {{ include "mastodon.fullname" . }}-db-migrate + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - bundle + - exec + - rake + {{- if .prepare }} + - db:prepare + {{- else }} + - db:migrate + {{- end }} + envFrom: + - secretRef: + {{- if and .prepare (not .Values.mastodon.secrets.existingSecret) }} + name: {{ template "mastodon.secretName" . }}-prepare + {{- else }} + name: {{ template "mastodon.secretName" . }} + {{- end }} + env: + - name: "DB_HOST" + value: {{ template "mastodon.postgres.host" . }} + - name: "DB_PORT" + value: {{ template "mastodon.postgres.port" . }} + - name: "DB_NAME" + value: {{ .Values.postgresql.auth.database }} + - name: "DB_USER" + value: {{ .Values.postgresql.auth.username }} + - name: "DB_PASS" + valueFrom: + secretKeyRef: + name: {{ template "mastodon.postgresql.secretName" . }} + key: password + - name: "REDIS_HOST" + value: {{ template "mastodon.redis.host" . }} + - name: "REDIS_PORT" + value: {{ .Values.redis.port | default "6379" | quote }} + {{- if .Values.redis.sidekiq.enabled }} + {{- if .Values.redis.sidekiq.hostname }} + - name: SIDEKIQ_REDIS_HOST + value: {{ .Values.redis.sidekiq.hostname }} + {{- end }} + {{- if .Values.redis.sidekiq.port }} + - name: SIDEKIQ_REDIS_PORT + value: {{ .Values.redis.sidekiq.port | quote }} + {{- end }} + {{- end }} + {{- if .Values.redis.cache.enabled }} + {{- if .Values.redis.cache.hostname }} + - name: CACHE_REDIS_HOST + value: {{ .Values.redis.cache.hostname }} + {{- end }} + {{- if .Values.redis.cache.port }} + - name: CACHE_REDIS_PORT + value: {{ .Values.redis.cache.port | quote }} + {{- end }} + {{- end }} + - name: "REDIS_DRIVER" + value: "ruby" + - name: "REDIS_PASSWORD" + valueFrom: + secretKeyRef: + name: {{ template "mastodon.redis.secretName" . }} + key: redis-password + {{- if .preDeploy }} + - name: "SKIP_POST_DEPLOYMENT_MIGRATIONS" + value: "true" + {{- end }} +{{- end }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index ff7dcfc..91409e0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -121,6 +121,33 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Establish which values we will use for remote connections +*/}} +{{- define "mastodon.postgres.host" -}} +{{- if .Values.postgresql.enabled }} +{{- printf "%s" (include "mastodon.postgresql.fullname" .) -}} +{{- else }} +{{- printf "%s" .Values.postgresql.postgresqlHostname -}} +{{- end }} +{{- end }} + +{{- define "mastodon.postgres.port" -}} +{{- if .Values.postgresql.enabled }} +{{- printf "%d" 5432 | int | quote -}} +{{- else }} +{{- printf "%d" | default 5432 .Values.postgresql.postgresqlPort | int | quote -}} +{{- end }} +{{- end }} + +{{- define "mastodon.redis.host" -}} +{{- if .Values.redis.enabled }} +{{- printf "%s-%s" (include "mastodon.redis.fullname" .) "master" -}} +{{- else }} +{{- printf "%s" (required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname) -}} +{{- end }} +{{- end }} + {{/* Get the mastodon secret. */}} diff --git a/templates/_secrets.tpl b/templates/_secrets.tpl new file mode 100644 index 0000000..0bbaa20 --- /dev/null +++ b/templates/_secrets.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Spec template for mastodon secrets object. +*/}} +{{- define "mastodon.secrets.object" -}} +apiVersion: v1 +kind: Secret +metadata: + {{- if .prepare }} + name: {{ template "mastodon.fullname" . }}-prepare + {{- else }} + name: {{ template "mastodon.fullname" . }} + {{- end }} + labels: + {{- include "mastodon.labels" . | nindent 4 }} + annotations: + {{- if .prepare }} + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-3" + {{- end }} +type: Opaque +data: + {{- if .Values.mastodon.s3.enabled }} + {{- if not .Values.mastodon.s3.existingSecret }} + AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}" + AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}" + {{- end }} + {{- end }} + {{- if not .Values.mastodon.secrets.existingSecret }} + {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} + SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" + {{- else }} + SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.otp_secret) }} + OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}" + {{- else }} + OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.vapid.private_key) }} + VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}" + {{- else }} + VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.vapid.public_key) }} + VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}" + {{- else }} + VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }} + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}" + {{- else }} + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }} + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}" + {{- else }} + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }} + {{- end }} + {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }} + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}" + {{- else }} + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }} + {{- end }} + {{- end }} + {{- if not .Values.postgresql.enabled }} + {{- if not .Values.postgresql.auth.existingSecret }} + password: "{{ .Values.postgresql.auth.password | b64enc }}" + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 64f6681..ad0a0a9 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -5,13 +5,8 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} data: - {{- if .Values.postgresql.enabled }} - DB_HOST: {{ template "mastodon.postgresql.fullname" . }} - DB_PORT: "5432" - {{- else }} - DB_HOST: {{ .Values.postgresql.postgresqlHostname }} - DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }} - {{- end }} + DB_HOST: {{ template "mastodon.postgres.host" . }} + DB_PORT: {{ template "mastodon.postgres.port" . }} DB_NAME: {{ .Values.postgresql.auth.database }} DB_POOL: {{ include "mastodon.maxDbPool" . }} DB_USER: {{ .Values.postgresql.auth.username }} @@ -66,11 +61,7 @@ data: MALLOC_ARENA_MAX: "2" NODE_ENV: "production" RAILS_ENV: "production" - {{- if .Values.redis.enabled }} - REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master - {{- else }} - REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }} - {{- end }} + REDIS_HOST: {{ template "mastodon.redis.host" . }} REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }} {{- if .Values.redis.sidekiq.enabled }} {{- if .Values.redis.sidekiq.hostname }} diff --git a/templates/job-db-migrate.yaml b/templates/job-db-migrate.yaml index 9b0745f..da7503a 100644 --- a/templates/job-db-migrate.yaml +++ b/templates/job-db-migrate.yaml @@ -1,93 +1 @@ -{{- if .Values.mastodon.hooks.dbMigrate.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "mastodon.fullname" . }}-db-migrate - labels: - {{- include "mastodon.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-2" -spec: - template: - metadata: - name: {{ include "mastodon.fullname" . }}-db-migrate - {{- with .Values.jobAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: Never - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname - {{- end }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.pvc.assets" . }} - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.pvc.system" . }} - {{- end }} - containers: - - name: {{ include "mastodon.fullname" . }}-db-migrate - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bundle - - exec - - rake - - db:migrate - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - {{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }} - - name: "SIDEKIQ_REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.sidekiq.secretName" . }} - key: redis-password - {{- end }} - {{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }} - - name: "CACHE_REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.cache.secretName" . }} - key: redis-password - {{- end }} - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} -{{- end -}} +{{- include "mastodon.dbMigrateJob" (merge (dict "preDeploy" false ) .) }} diff --git a/templates/job-db-pre-migrate.yaml b/templates/job-db-pre-migrate.yaml new file mode 100644 index 0000000..2f29716 --- /dev/null +++ b/templates/job-db-pre-migrate.yaml @@ -0,0 +1 @@ +{{- include "mastodon.dbMigrateJob" (merge (dict "preDeploy" true ) .) }} diff --git a/templates/job-db-prepare.yaml b/templates/job-db-prepare.yaml new file mode 100644 index 0000000..5f0b5ab --- /dev/null +++ b/templates/job-db-prepare.yaml @@ -0,0 +1,4 @@ +# Does not work with included database because of helm install order. +{{- if not .Values.postgresql.enabled }} +{{- include "mastodon.dbMigrateJob" (merge (dict "prepare" true ) .) }} +{{- end }} diff --git a/templates/secret-prepare.yml b/templates/secret-prepare.yml new file mode 100644 index 0000000..8cfac53 --- /dev/null +++ b/templates/secret-prepare.yml @@ -0,0 +1,4 @@ +# Does not work with included database because of helm install order. +{{- if and (include "mastodon.createSecret" .) (not .Values.postgresql.enabled) -}} +{{- include "mastodon.secrets.object" (merge (dict "prepare" true ) .) }} +{{- end }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml index 0eec2ab..584177c 100644 --- a/templates/secrets.yaml +++ b/templates/secrets.yaml @@ -1,58 +1,3 @@ {{- if (include "mastodon.createSecret" .) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "mastodon.fullname" . }} - labels: - {{- include "mastodon.labels" . | nindent 4 }} -type: Opaque -data: - {{- if .Values.mastodon.s3.enabled }} - {{- if not .Values.mastodon.s3.existingSecret }} - AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}" - AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}" - {{- end }} - {{- end }} - {{- if not .Values.mastodon.secrets.existingSecret }} - {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} - SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" - {{- else }} - SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.otp_secret) }} - OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}" - {{- else }} - OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.vapid.private_key) }} - VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}" - {{- else }} - VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.vapid.public_key) }} - VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}" - {{- else }} - VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }} - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}" - {{- else }} - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }} - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}" - {{- else }} - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }} - {{- end }} - {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }} - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}" - {{- else }} - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }} - {{- end }} - {{- end }} - {{- if not .Values.postgresql.enabled }} - {{- if not .Values.postgresql.auth.existingSecret }} - password: "{{ .Values.postgresql.auth.password | b64enc }}" - {{- end }} - {{- end }} +{{- include "mastodon.secrets.object" . }} {{- end }} diff --git a/values.yaml b/values.yaml index 1bf977d..7ad93af 100644 --- a/values.yaml +++ b/values.yaml @@ -24,6 +24,9 @@ mastodon: # @ignored email: not@example.com hooks: + # Whether to perform DB migrations on `helm install|upgrade`. + # Please note that initial DB schema creation on `helm install` does not + # work when using the included database (postgresql.enabled=true). dbMigrate: enabled: true assetsPrecompile: @@ -523,7 +526,9 @@ elasticsearch: # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: # -- disable if you want to use an existing db; in which case the values below - # must match those of that external postgres instance + # must match those of that external postgres instance. + # Please note that certain features do not work when enabling the included + # database, namely automatic schema creation when the app is first installed. enabled: true # postgresqlHostname: preexisting-postgresql # postgresqlPort: 5432 From 98801d7c09880d4d80e81c8753420db418f2be27 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 4 Mar 2025 17:47:01 +0100 Subject: [PATCH 11/19] Fix asset upload (#167) --- templates/job-assets-copy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/job-assets-copy.yaml b/templates/job-assets-copy.yaml index d35a7bc..2ac51fa 100644 --- a/templates/job-assets-copy.yaml +++ b/templates/job-assets-copy.yaml @@ -7,7 +7,7 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} annotations: "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded "helm.sh/hook-weight": "-1" spec: template: From ac8cd229d8ada9fd57b2eb51ba94f32291365bd3 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 4 Mar 2025 18:01:51 +0100 Subject: [PATCH 12/19] Added additional DB connection fields to deal with connection pooler migrations (#169) --- templates/_db-migrate.tpl | 6 +++--- templates/_helpers.tpl | 27 +++++++++++++++++++++++++++ values.yaml | 10 ++++++++++ 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/templates/_db-migrate.tpl b/templates/_db-migrate.tpl index 042faf3..c3792c7 100644 --- a/templates/_db-migrate.tpl +++ b/templates/_db-migrate.tpl @@ -57,11 +57,11 @@ spec: {{- end }} env: - name: "DB_HOST" - value: {{ template "mastodon.postgres.host" . }} + value: {{ template "mastodon.postgres.direct.host" . }} - name: "DB_PORT" - value: {{ template "mastodon.postgres.port" . }} + value: {{ template "mastodon.postgres.direct.port" . }} - name: "DB_NAME" - value: {{ .Values.postgresql.auth.database }} + value: {{ template "mastodon.postgres.direct.database" . }} - name: "DB_USER" value: {{ .Values.postgresql.auth.username }} - name: "DB_PASS" diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 91409e0..b34ff95 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -140,6 +140,33 @@ Establish which values we will use for remote connections {{- end }} {{- end }} +{{/* +Establish which values we will use for direct remote DB connections +*/}} +{{- define "mastodon.postgres.direct.host" -}} +{{- if .Values.postgresql.direct.hostname }} +{{- printf "%s" .Values.postgresql.direct.hostname -}} +{{- else }} +{{- printf "%s" (include "mastodon.postgres.host" .) -}} +{{- end }} +{{- end }} + +{{- define "mastodon.postgres.direct.port" -}} +{{- if .Values.postgresql.direct.port }} +{{- printf "%d" (int .Values.postgresql.direct.port) | quote -}} +{{- else }} +{{- printf "%s" (include "mastodon.postgres.port" .) -}} +{{- end }} +{{- end }} + +{{- define "mastodon.postgres.direct.database" -}} +{{- if .Values.postgresql.direct.database }} +{{- printf "%s" .Values.postgresql.direct.database -}} +{{- else }} +{{- printf "%s" .Values.postgresql.auth.database -}} +{{- end }} +{{- end }} + {{- define "mastodon.redis.host" -}} {{- if .Values.redis.enabled }} {{- printf "%s-%s" (include "mastodon.redis.fullname" .) "master" -}} diff --git a/values.yaml b/values.yaml index 7ad93af..5b1ec64 100644 --- a/values.yaml +++ b/values.yaml @@ -532,6 +532,16 @@ postgresql: enabled: true # postgresqlHostname: preexisting-postgresql # postgresqlPort: 5432 + + # If using a connection pooler such as pgbouncer, please specify a hostname/IP + # that serves as a "direct" connection to the database, rather than going + # through the connection pooler. This is required for migrations to work + # properly. + direct: + hostname: + port: + database: + auth: database: mastodon_production username: mastodon From 8ea5eadf9985837652c18d11a0f4f19ce9f4e0ca Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 4 Mar 2025 22:33:26 +0100 Subject: [PATCH 13/19] Fix some helm typos (comments interfering with manifests) (#172) --- templates/job-db-prepare.yaml | 1 - templates/secret-prepare.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/templates/job-db-prepare.yaml b/templates/job-db-prepare.yaml index 5f0b5ab..5e9a6a2 100644 --- a/templates/job-db-prepare.yaml +++ b/templates/job-db-prepare.yaml @@ -1,4 +1,3 @@ -# Does not work with included database because of helm install order. {{- if not .Values.postgresql.enabled }} {{- include "mastodon.dbMigrateJob" (merge (dict "prepare" true ) .) }} {{- end }} diff --git a/templates/secret-prepare.yml b/templates/secret-prepare.yml index 8cfac53..375f047 100644 --- a/templates/secret-prepare.yml +++ b/templates/secret-prepare.yml @@ -1,4 +1,3 @@ -# Does not work with included database because of helm install order. {{- if and (include "mastodon.createSecret" .) (not .Values.postgresql.enabled) -}} {{- include "mastodon.secrets.object" (merge (dict "prepare" true ) .) }} {{- end }} From 1120b745e6b51ab84b9b9150ba4b1e5b5a164d88 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 6 Mar 2025 09:53:04 +0100 Subject: [PATCH 14/19] Add puma metrics for web and sidekiq pods (#170) --- templates/deployment-sidekiq.yaml | 19 +++++++++++++++++ templates/deployment-web.yaml | 35 +++++++++++++++++++++++++++++++ values.yaml | 18 ++++++++++++++++ 3 files changed, 72 insertions(+) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 1b3042d..5951bd6 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -206,6 +206,25 @@ spec: - name: OTEL_SERVICE_NAME_SEPARATOR value: "{{ coalesce $context.Values.mastodon.sidekiq.otel.nameSeparator $context.Values.mastodon.otel.nameSeparator }}" {{- end }} + {{- if $context.Values.mastodon.metrics.prometheus.enabled }} + - name: MASTODON_PROMETHEUS_EXPORTER_ENABLED + value: "true" + - name: MASTODON_PROMETHEUS_EXPORTER_LOCAL + value: "true" + - name: MASTODON_PROMETHEUS_EXPORTER_HOST + value: "0.0.0.0" + - name: MASTODON_PROMETHEUS_EXPORTER_PORT + value: "{{ $context.Values.mastodon.metrics.prometheus.port }}" + {{- if $context.Values.mastodon.metrics.prometheus.sidekiq.detailed }} + - name: MASTODON_PROMETHEUS_EXPORTER_SIDEKIQ_DETAILED_METRICS + value: "true" + {{- end }} + {{- end }} + {{- if $context.Values.mastodon.metrics.prometheus.enabled }} + ports: + - name: prometheus + containerPort: {{ $context.Values.mastodon.metrics.prometheus.port }} + {{- end }} volumeMounts: {{- if (not $context.Values.mastodon.s3.enabled) }} - name: assets diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index d787c3f..078bb5f 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -196,6 +196,20 @@ spec: - name: OTEL_SERVICE_NAME_SEPARATOR value: "{{ coalesce .Values.mastodon.web.otel.nameSeparator .Values.mastodon.otel.nameSeparator }}" {{- end }} + {{- if .Values.mastodon.metrics.prometheus.enabled }} + - name: MASTODON_PROMETHEUS_EXPORTER_ENABLED + value: "true" + - name: PROMETHEUS_EXPORTER_HOST + value: "127.0.0.1" + - name: PROMETHEUS_EXPORTER_PORT + value: "{{ .Values.mastodon.metrics.prometheus.port }}" + {{- if .Values.mastodon.metrics.prometheus.web.detailed }} + - name: MASTODON_PROMETHEUS_EXPORTER_WEB_DETAILED_METRICS + value: "true" + {{- end }} + {{- end }} + - name: TEST_ENV_VALUE + value: {{ .Values.mastodon.metrics.statsd.address }} volumeMounts: {{- if (not .Values.mastodon.s3.enabled) }} - name: assets @@ -233,6 +247,27 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.mastodon.metrics.prometheus.enabled }} + - name: prometheus-exporter + image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}" + command: + - ./bin/prometheus_exporter + args: + - "--bind" + - "0.0.0.0" + - "--port" + - "{{ .Values.mastodon.metrics.prometheus.port }}" + resources: + requests: + cpu: "0.1" + memory: "180M" + limits: + cpu: "0.5" + memory: "250M" + ports: + - name: prometheus + containerPort: {{ .Values.mastodon.metrics.prometheus.port }} + {{- end }} {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/values.yaml b/values.yaml index 5b1ec64..bcb6a44 100644 --- a/values.yaml +++ b/values.yaml @@ -434,6 +434,24 @@ mastodon: enabled: false port: 9102 + # Settings for Prometheus metrics. NOTE: Only available in Mastodon v4.4. + # For more information, see: + # https://docs.joinmastodon.org/admin/config/#prometheus + prometheus: + enabled: false + # Port for the exporter to listen on + port: 9394 + + # Prometheus for web pods + web: + # Collect per-controller/action metrics for every request + detailed: false + + # Prometheus for sidekiq pods + sidekiq: + # Collect per-job metrics for every job + detailed: false + # Open Telemetry configuration for all deployments. Component-specific # configuration will override these values. otel: From 8f2fc2d8bf7878d4195906ab356a189b62765efb Mon Sep 17 00:00:00 2001 From: Alistair Young Date: Thu, 6 Mar 2025 03:42:20 -0600 Subject: [PATCH 15/19] Allow dual-stack operation on clusters so equipped. (#68) --- templates/service-streaming.yaml | 1 + templates/service-web.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/templates/service-streaming.yaml b/templates/service-streaming.yaml index bade7b1..d52eeee 100644 --- a/templates/service-streaming.yaml +++ b/templates/service-streaming.yaml @@ -11,6 +11,7 @@ spec: targetPort: streaming protocol: TCP name: streaming + ipFamilyPolicy: PreferDualStack selector: {{- include "mastodon.selectorLabels" . | nindent 4 }} app.kubernetes.io/component: streaming diff --git a/templates/service-web.yaml b/templates/service-web.yaml index acf1233..b08cc66 100644 --- a/templates/service-web.yaml +++ b/templates/service-web.yaml @@ -11,6 +11,7 @@ spec: targetPort: http protocol: TCP name: http + ipFamilyPolicy: PreferDualStack selector: {{- include "mastodon.selectorLabels" . | nindent 4 }} app.kubernetes.io/component: web From 5801e444c26e3849cc952b533e54a6014a90311c Mon Sep 17 00:00:00 2001 From: Matthew Abbott Date: Thu, 6 Mar 2025 03:42:34 -0600 Subject: [PATCH 16/19] (Updated) Upgrade app to 4.3 (#161) Co-authored-by: Jeremiah Lee <106775223+jeremiahlee@users.noreply.github.com> Co-authored-by: Tim Campbell --- .github/workflows/test-chart.yml | 10 ++- .gitignore | 1 + Chart.yaml | 4 +- templates/deployment-streaming.yaml | 2 +- templates/job-assets-precompile.yaml | 93 ------------------------- templates/job-chewy-upgrade.yaml | 100 --------------------------- values.yaml | 10 +-- 7 files changed, 13 insertions(+), 207 deletions(-) delete mode 100644 templates/job-assets-precompile.yaml delete mode 100644 templates/job-chewy-upgrade.yaml diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml index 3e02fc6..09e1519 100644 --- a/.github/workflows/test-chart.yml +++ b/.github/workflows/test-chart.yml @@ -17,7 +17,7 @@ permissions: jobs: lint-templates: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v3 @@ -53,7 +53,7 @@ jobs: # basic configuration can be used to successfully startup mastodon. # test-install: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 15 strategy: @@ -75,7 +75,7 @@ jobs: # available for use in the templates, currently we need v3.6.0 or # higher. # - - k3s-channel: v1.21 + - k3s-channel: v1.28 helm-version: v3.8.0 env: @@ -109,7 +109,7 @@ jobs: run: | helm install mastodon . \ --values dev-values.yaml \ - --timeout 10m + --timeout 15m # This actions provides a report about the state of the k8s cluster, # providing logs etc on anything that has failed and workloads marked as @@ -125,7 +125,5 @@ jobs: deploy/mastodon-sidekiq deploy/mastodon-streaming deploy/mastodon-web - job/mastodon-assets-precompile - job/mastodon-chewy-upgrade job/mastodon-create-admin job/mastodon-db-migrate diff --git a/.gitignore b/.gitignore index ee3892e..a5b65d3 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ charts/ +.DS_Store diff --git a/Chart.yaml b/Chart.yaml index 01f754e..9dcb978 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 5.5.3 +version: 6.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: "v4.2.17" +appVersion: "v4.3.4" dependencies: - name: elasticsearch diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 9f4a6b9..1139f9d 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -70,7 +70,7 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: "{{ coalesce .Values.mastodon.streaming.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}" + image: "{{ .Values.mastodon.streaming.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - node diff --git a/templates/job-assets-precompile.yaml b/templates/job-assets-precompile.yaml deleted file mode 100644 index f3b8fa7..0000000 --- a/templates/job-assets-precompile.yaml +++ /dev/null @@ -1,93 +0,0 @@ -{{- if .Values.mastodon.hooks.assetsPrecompile.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "mastodon.fullname" . }}-assets-precompile - labels: - {{- include "mastodon.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-2" -spec: - template: - metadata: - name: {{ include "mastodon.fullname" . }}-assets-precompile - {{- with .Values.jobAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: Never - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname - {{- end }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.pvc.assets" . }} - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.pvc.system" . }} - {{- end }} - containers: - - name: {{ include "mastodon.fullname" . }}-assets-precompile - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - -c - - | - bundle exec rake assets:precompile && yarn cache clean - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - {{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }} - - name: "SIDEKIQ_REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.sidekiq.secretName" . }} - key: redis-password - {{- end }} - {{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }} - - name: "CACHE_REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.cache.secretName" . }} - key: redis-password - {{- end }} - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} -{{- end -}} diff --git a/templates/job-chewy-upgrade.yaml b/templates/job-chewy-upgrade.yaml deleted file mode 100644 index e760f34..0000000 --- a/templates/job-chewy-upgrade.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{- if .Values.elasticsearch.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "mastodon.fullname" . }}-chewy-upgrade - labels: - {{- include "mastodon.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-1" -spec: - template: - metadata: - name: {{ include "mastodon.fullname" . }}-chewy-upgrade - {{- with .Values.jobAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: Never - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname - {{- end }} - volumes: - - name: assets - persistentVolumeClaim: - claimName: {{ template "mastodon.pvc.assets" . }} - - name: system - persistentVolumeClaim: - claimName: {{ template "mastodon.pvc.system" . }} - {{- end }} - containers: - - name: {{ include "mastodon.fullname" . }}-chewy-setup - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bundle - - exec - - rake - - chewy:upgrade - envFrom: - - configMapRef: - name: {{ include "mastodon.fullname" . }}-env - - secretRef: - name: {{ template "mastodon.secretName" . }} - env: - - name: "DB_PASS" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} - key: password - - name: "REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} - key: redis-password - {{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }} - - name: "SIDEKIQ_REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.sidekiq.secretName" . }} - key: redis-password - {{- end }} - {{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }} - - name: "CACHE_REDIS_PASSWORD" - valueFrom: - secretKeyRef: - name: {{ template "mastodon.redis.cache.secretName" . }} - key: redis-password - {{- end }} - {{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }} - - name: "ES_PASS" - valueFrom: - secretKeyRef: - name: {{ .Values.elasticsearch.existingSecret }} - key: password - {{- end }} - - name: "PORT" - value: {{ .Values.mastodon.web.port | quote }} - {{- if (not .Values.mastodon.s3.enabled) }} - volumeMounts: - - name: assets - mountPath: /opt/mastodon/public/assets - - name: system - mountPath: /opt/mastodon/public/system - {{- end }} -{{- end }} diff --git a/values.yaml b/values.yaml index bcb6a44..93d4d9e 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ image: # built from the most recent commit # # tag: latest - tag: null + tag: "" # use `Always` when using `latest` tag pullPolicy: IfNotPresent @@ -29,8 +29,6 @@ mastodon: # work when using the included database (postgresql.enabled=true). dbMigrate: enabled: true - assetsPrecompile: - enabled: true # Upload website assets to S3 before deploying using rclone. # Whenever there is an update to Mastodon, sometimes there are assets files # that are renamed. As the pods are getting redeployed, and old/new pods are @@ -279,8 +277,10 @@ mastodon: existingSecret: streaming: image: - repository: - tag: + # streaming image split in Mastodon v4.3.0 + repository: ghcr.io/mastodon/mastodon-streaming + # other options: `latest` for the latest release or `edge` for most recent commit + tag: "" port: 4000 # -- this should be set manually since os.cpus() returns the number of CPUs on # the node running the pod, which is unrelated to the resources allocated to From e43a23e378be4937bf7dc13a297811274293aa01 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 6 Mar 2025 10:42:44 +0100 Subject: [PATCH 17/19] Update changelog for chart v6 (app 4.3) (#171) --- CHANGELOG.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2b6c100..a348392 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,46 @@ +# 6.0.0 + +### !! BREAKING CHANGES !! +- Services for web & streaming now use `ipFamilyPolicy: PreferDualStack`. This will cause upgrades on existing deployments to fail, as kubernetes cannot patch this field. Please remove both service objects before running `helm upgrade` (services are `mastodon-web` and `mastodon-streaming` by default). + +### Features +- Added prometheus metrics config for web and sidekiq pods (feature will be available with Mastodon v4.4). +```yaml +mastodon: + metrics: + prometheus: +``` +- Added ability to automatically upload assets to an S3 bucket: +```yaml +mastodon: + hooks: + s3Upload: +``` +- Added OpenTelemetry metrics: +```yaml +mastodon: + otel: +--- +mastodon: + sidekiq: + otel: +--- +mastodon: + web: + otel: +``` +- Fine-grained control of labels and annotations for both pods and deployments. +- Additional redis options for separate instances (app, sidekiq, cache). +- Configurable PodDisruptionBudgets for web and streaming pods. + +### Fixes +- Various database migrations fixes + - Fixed first-time install DB setup on self-managed databases + - Fixed running migrations through a connection pooler. +- Removed old, unused jobs: + - chewy upgrade (use `tootctl search deploy` instead) + - assets precompile + # 5.1.0 - Added values for Active Record Encryption in Redis: From 36581ab5b7217eff698d6e8d0ee13d1acecc572c Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 6 Mar 2025 11:02:43 +0100 Subject: [PATCH 18/19] Fix migrations running even when hook is disabled (#173) --- templates/job-db-migrate.yaml | 2 ++ templates/job-db-pre-migrate.yaml | 2 ++ templates/job-db-prepare.yaml | 2 +- values.yaml | 2 +- 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/templates/job-db-migrate.yaml b/templates/job-db-migrate.yaml index da7503a..748420c 100644 --- a/templates/job-db-migrate.yaml +++ b/templates/job-db-migrate.yaml @@ -1 +1,3 @@ +{{- if .Values.mastodon.hooks.dbMigrate.enabled }} {{- include "mastodon.dbMigrateJob" (merge (dict "preDeploy" false ) .) }} +{{- end }} diff --git a/templates/job-db-pre-migrate.yaml b/templates/job-db-pre-migrate.yaml index 2f29716..bae1717 100644 --- a/templates/job-db-pre-migrate.yaml +++ b/templates/job-db-pre-migrate.yaml @@ -1 +1,3 @@ +{{- if .Values.mastodon.hooks.dbMigrate.enabled }} {{- include "mastodon.dbMigrateJob" (merge (dict "preDeploy" true ) .) }} +{{- end }} diff --git a/templates/job-db-prepare.yaml b/templates/job-db-prepare.yaml index 5e9a6a2..1959cd5 100644 --- a/templates/job-db-prepare.yaml +++ b/templates/job-db-prepare.yaml @@ -1,3 +1,3 @@ -{{- if not .Values.postgresql.enabled }} +{{- if and .Values.mastodon.hooks.dbMigrate.enabled (not .Values.postgresql.enabled) }} {{- include "mastodon.dbMigrateJob" (merge (dict "prepare" true ) .) }} {{- end }} diff --git a/values.yaml b/values.yaml index 93d4d9e..837dae9 100644 --- a/values.yaml +++ b/values.yaml @@ -24,7 +24,7 @@ mastodon: # @ignored email: not@example.com hooks: - # Whether to perform DB migrations on `helm install|upgrade`. + # Whether to perform DB preparations & migrations on `helm install|upgrade`. # Please note that initial DB schema creation on `helm install` does not # work when using the included database (postgresql.enabled=true). dbMigrate: From ad5d09a5d60620787f8e0d4430fb11ff15fd6dcf Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 6 Mar 2025 12:33:17 +0100 Subject: [PATCH 19/19] Fix ordering for db:prepare and db:migrate (#174) --- CHANGELOG.md | 12 ++++++++++++ Chart.yaml | 2 +- templates/_db-migrate.tpl | 4 ++++ templates/job-db-prepare.yaml | 2 +- values.yaml | 12 +++++++++--- 5 files changed, 27 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a348392..75627e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +# 6.0.1 + +- Added additional values to separate out `db:prepare` and `db:migrate` jobs and whether they should run: +```yaml +mastodon: + hooks: + dbPrepare: + enabled: true + dbMigrate: + enabled: true +``` + # 6.0.0 ### !! BREAKING CHANGES !! diff --git a/Chart.yaml b/Chart.yaml index 9dcb978..e172e94 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 6.0.0 +version: 6.0.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/templates/_db-migrate.tpl b/templates/_db-migrate.tpl index c3792c7..12972f3 100644 --- a/templates/_db-migrate.tpl +++ b/templates/_db-migrate.tpl @@ -24,7 +24,11 @@ metadata: "helm.sh/hook": post-install,post-upgrade {{- end }} "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- if .prepare }} + "helm.sh/hook-weight": "-3" + {{- else }} "helm.sh/hook-weight": "-2" + {{- end }} spec: template: metadata: diff --git a/templates/job-db-prepare.yaml b/templates/job-db-prepare.yaml index 1959cd5..0b6d8ba 100644 --- a/templates/job-db-prepare.yaml +++ b/templates/job-db-prepare.yaml @@ -1,3 +1,3 @@ -{{- if and .Values.mastodon.hooks.dbMigrate.enabled (not .Values.postgresql.enabled) }} +{{- if and .Values.mastodon.hooks.dbPrepare.enabled (not .Values.postgresql.enabled) }} {{- include "mastodon.dbMigrateJob" (merge (dict "prepare" true ) .) }} {{- end }} diff --git a/values.yaml b/values.yaml index 837dae9..dde120d 100644 --- a/values.yaml +++ b/values.yaml @@ -24,9 +24,15 @@ mastodon: # @ignored email: not@example.com hooks: - # Whether to perform DB preparations & migrations on `helm install|upgrade`. - # Please note that initial DB schema creation on `helm install` does not - # work when using the included database (postgresql.enabled=true). + # Whether to perform DB schema creation on `helm install`. + # Please note that this does not work when using the included database + # (postgresql.enabled=true). + # NOTE: When using certain GitOps solutions such as Argo CD, this should be + # disabled, as these apps do not necessarily differentiate between `pre-install` + # and `pre-upgrade`. + dbPrepare: + enabled: true + # Whether to perform DB migrations on `helm upgrade`. dbMigrate: enabled: true # Upload website assets to S3 before deploying using rclone.