3
0
mirror of https://github.com/mastodon/chart synced 2025-03-15 21:41:50 +00:00

Merge branch 'main' into main

This commit is contained in:
John Stewart 2023-03-10 17:53:24 -05:00 committed by GitHub
commit b42a053666
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 104 additions and 38 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
charts/

View File

@ -55,7 +55,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Rolling pod annotations
*/}}
{{- define "mastodon.rollingPodAnnotations" -}}
{{- if .Values.revisionPodAnnotation }}
rollme: {{ .Release.Revision | quote }}
{{- end }}
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secrets.yaml" ) . | sha256sum | quote }}
checksum/config-configmap: {{ include ( print $.Template.BasePath "/configmap-env.yaml" ) . | sha256sum | quote }}
{{- end }}
@ -98,6 +100,17 @@ Get the mastodon secret.
{{- end -}}
{{- end -}}
{{/*
Get the smtp secret.
*/}}
{{- define "mastodon.smtp.secretName" -}}
{{- if .Values.mastodon.smtp.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}}
{{- else -}}
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the postgresql secret.
*/}}

View File

@ -15,6 +15,7 @@ data:
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }}
PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }}
ES_ENABLED: "true"
@ -31,6 +32,9 @@ data:
{{- with .Values.mastodon.authorizedFetch }}
AUTHORIZED_FETCH: {{ . | quote }}
{{- end }}
{{- with .Values.mastodon.limitedFederationMode }}
LIMITED_FEDERATION_MODE: {{ . | quote }}
{{- end }}
# https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
MALLOC_ARENA_MAX: "2"
NODE_ENV: "production"
@ -47,11 +51,14 @@ data:
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
S3_PROTOCOL: "https"
{{- if .Values.mastodon.s3.permission }}
S3_PERMISSION: {{ .Values.mastodon.s3.permission }}
{{- end }}
{{- with .Values.mastodon.s3.region }}
S3_REGION: {{ . }}
{{- end }}
{{- with .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
S3_ALIAS_HOST: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.mastodon.smtp.auth_method }}
@ -75,15 +82,9 @@ data:
{{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.login }}
SMTP_LOGIN: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.password }}
SMTP_PASSWORD: {{ . }}
{{- end }}
{{- with .Values.mastodon.smtp.port }}
SMTP_PORT: {{ . | quote }}
{{- end }}
@ -288,13 +289,16 @@ data:
{{- if .Values.externalAuth.ldap.enabled }}
LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }}
LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
LDAP_PORT: {{ .Values.externalAuth.ldap.port | quote }}
LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
{{- with .Values.externalAuth.ldap.base }}
LDAP_BASE: {{ . }}
{{- if .Values.externalAuth.ldap.tls_no_verify }}
LDAP_TLS_NO_VERIFY: {{ .Values.externalAuth.ldap.tls_no_verify | quote }}
{{- end }}
{{- with .Values.externalAuth.ldap.bind_on }}
LDAP_BIND_ON: {{ . }}
{{- if .Values.externalAuth.ldap.base }}
LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
{{- end }}
{{- if .Values.externalAuth.ldap.bind_dn }}
LDAP_BIND_DN: {{ .Values.externalAuth.ldap.bind_dn }}
{{- end }}
{{- with .Values.externalAuth.ldap.password }}
LDAP_PASSWORD: {{ . }}

View File

@ -31,6 +31,7 @@ spec:
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
labels:
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
@ -90,6 +91,17 @@ spec:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" $context }}
key: redis-password
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
name: {{ include "mastodon.smtp.secretName" $context }}
key: login
optional: true
- name: "SMTP_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ include "mastodon.smtp.secretName" $context }}
key: password
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
@ -102,19 +114,6 @@ spec:
name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if $context.Values.mastodon.smtp.existingSecret }}
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.smtp.existingSecret }}
key: login
optional: true
- name: "SMTP_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ $context.Values.mastodon.smtp.existingSecret }}
key: password
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets

View File

@ -74,6 +74,22 @@ spec:
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if .Values.mastodon.web.minThreads }}
- name: "MIN_THREADS"
value: {{ .Values.mastodon.web.minThreads | quote }}
{{- end }}
{{- if .Values.mastodon.web.maxThreads }}
- name: "MAX_THREADS"
value: {{ .Values.mastodon.web.maxThreads | quote }}
{{- end }}
{{- if .Values.mastodon.web.workers }}
- name: "WEB_CONCURRENCY"
value: {{ .Values.mastodon.web.workers | quote }}
{{- end }}
{{- if .Values.mastodon.web.persistentTimeout }}
- name: "PERSISTENT_TIMEOUT"
value: {{ .Values.mastodon.web.persistentTimeout | quote }}
{{- end }}
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:

View File

@ -52,7 +52,7 @@ spec:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Prefix
{{- end }}
- path: {{ .path }}api/v1/streaming/
- path: {{ .path }}api/v1/streaming
backend:
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
service:
@ -64,7 +64,7 @@ spec:
servicePort: {{ $streamingPort }}
{{- end }}
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
pathType: Exact
pathType: Prefix
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,16 @@
{{- if not .Values.mastodon.smtp.existingSecret -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-smtp" (include "common.names.fullname" .) }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
{{- with .Values.mastodon.smtp.login }}
login: {{ . | b64enc }}
{{- end }}
{{- with .Values.mastodon.smtp.password }}
password: {{ . | b64enc }}
{{- end }}
{{- end }}

View File

@ -38,6 +38,8 @@ mastodon:
singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch: false
# -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
limitedFederationMode: false
persistence:
assets:
# -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits
@ -63,6 +65,7 @@ mastodon:
endpoint: ""
hostname: ""
region: ""
permission: ""
# -- If you have a caching proxy, enter its base URL here.
alias_host: ""
# these must be set manually; autogenerated keys are rotated on each upgrade
@ -141,8 +144,8 @@ mastodon:
tls: false
login:
password:
# -- you can also specify the name of an existing Secret
# with the keys login and password
# -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and
# password must be located in keys named `login` and `password` respectively.
existingSecret:
streaming:
port: 4000
@ -223,12 +226,21 @@ mastodon:
port: http
failureThreshold: 20
periodSeconds: 3
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
minThreads: "5"
maxThreads: "5"
workers: "2"
persistentTimeout: "20"
metrics:
statsd:
# -- Enable statsd publishing via STATSD_ADDR environment variable
address: ""
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements: true
ingress:
enabled: true
annotations:
@ -297,12 +309,12 @@ redis:
enabled: true
hostname: ""
port: 6379
# -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# auth:
auth:
# -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# existingSecret: ""
# @ignored
@ -396,10 +408,11 @@ externalAuth:
ldap:
enabled: false
# host: myservice.namespace.svc
# port: 389
# port: 636
# method: simple_tls
# tls_no_verify: true
# base:
# bind_on:
# bind_dn:
# password:
# uid: cn
# mail: mail
@ -435,7 +448,11 @@ serviceAccount:
# set with podAnnotations will be added to all deployment-managed pods.
podAnnotations: {}
# -- The annotations set with jobAnnotations will be added to all job pods.
# If set to true, an annotation with the current chart release number will be added to all mastodon pods. This will
# cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes.
revisionPodAnnotation: true
# The annotations set with jobAnnotations will be added to all job pods.
jobAnnotations: {}
# -- Default resources for all Deployments and jobs unless overwritten