mirror of
https://github.com/mastodon/chart
synced 2025-03-15 21:41:50 +00:00
Merge branch 'main' into main
This commit is contained in:
commit
b42a053666
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
charts/
|
|
@ -55,7 +55,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||
Rolling pod annotations
|
||||
*/}}
|
||||
{{- define "mastodon.rollingPodAnnotations" -}}
|
||||
{{- if .Values.revisionPodAnnotation }}
|
||||
rollme: {{ .Release.Revision | quote }}
|
||||
{{- end }}
|
||||
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secrets.yaml" ) . | sha256sum | quote }}
|
||||
checksum/config-configmap: {{ include ( print $.Template.BasePath "/configmap-env.yaml" ) . | sha256sum | quote }}
|
||||
{{- end }}
|
||||
|
@ -98,6 +100,17 @@ Get the mastodon secret.
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Get the smtp secret.
|
||||
*/}}
|
||||
{{- define "mastodon.smtp.secretName" -}}
|
||||
{{- if .Values.mastodon.smtp.existingSecret }}
|
||||
{{- printf "%s" (tpl .Values.mastodon.smtp.existingSecret $) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-smtp" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Get the postgresql secret.
|
||||
*/}}
|
||||
|
|
|
@ -15,6 +15,7 @@ data:
|
|||
DB_NAME: {{ .Values.postgresql.auth.database }}
|
||||
DB_POOL: {{ include "mastodon.maxDbPool" . }}
|
||||
DB_USER: {{ .Values.postgresql.auth.username }}
|
||||
PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }}
|
||||
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
|
||||
{{- if .Values.elasticsearch.enabled }}
|
||||
ES_ENABLED: "true"
|
||||
|
@ -31,6 +32,9 @@ data:
|
|||
{{- with .Values.mastodon.authorizedFetch }}
|
||||
AUTHORIZED_FETCH: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.limitedFederationMode }}
|
||||
LIMITED_FEDERATION_MODE: {{ . | quote }}
|
||||
{{- end }}
|
||||
# https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
|
||||
MALLOC_ARENA_MAX: "2"
|
||||
NODE_ENV: "production"
|
||||
|
@ -47,11 +51,14 @@ data:
|
|||
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
|
||||
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
|
||||
S3_PROTOCOL: "https"
|
||||
{{- if .Values.mastodon.s3.permission }}
|
||||
S3_PERMISSION: {{ .Values.mastodon.s3.permission }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.s3.region }}
|
||||
S3_REGION: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.s3.alias_host }}
|
||||
S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
|
||||
S3_ALIAS_HOST: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.smtp.auth_method }}
|
||||
|
@ -75,15 +82,9 @@ data:
|
|||
{{- with .Values.mastodon.smtp.from_address }}
|
||||
SMTP_FROM_ADDRESS: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.smtp.login }}
|
||||
SMTP_LOGIN: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
|
||||
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.smtp.password }}
|
||||
SMTP_PASSWORD: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.smtp.port }}
|
||||
SMTP_PORT: {{ . | quote }}
|
||||
{{- end }}
|
||||
|
@ -288,13 +289,16 @@ data:
|
|||
{{- if .Values.externalAuth.ldap.enabled }}
|
||||
LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }}
|
||||
LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
|
||||
LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
|
||||
LDAP_PORT: {{ .Values.externalAuth.ldap.port | quote }}
|
||||
LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
|
||||
{{- with .Values.externalAuth.ldap.base }}
|
||||
LDAP_BASE: {{ . }}
|
||||
{{- if .Values.externalAuth.ldap.tls_no_verify }}
|
||||
LDAP_TLS_NO_VERIFY: {{ .Values.externalAuth.ldap.tls_no_verify | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.externalAuth.ldap.bind_on }}
|
||||
LDAP_BIND_ON: {{ . }}
|
||||
{{- if .Values.externalAuth.ldap.base }}
|
||||
LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.bind_dn }}
|
||||
LDAP_BIND_DN: {{ .Values.externalAuth.ldap.bind_dn }}
|
||||
{{- end }}
|
||||
{{- with .Values.externalAuth.ldap.password }}
|
||||
LDAP_PASSWORD: {{ . }}
|
||||
|
|
|
@ -31,6 +31,7 @@ spec:
|
|||
{{- end }}
|
||||
# roll the pods to pick up any db migrations or other changes
|
||||
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
|
||||
checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }}
|
||||
labels:
|
||||
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
|
||||
app.kubernetes.io/component: sidekiq-{{ .name }}
|
||||
|
@ -90,6 +91,17 @@ spec:
|
|||
secretKeyRef:
|
||||
name: {{ template "mastodon.redis.secretName" $context }}
|
||||
key: redis-password
|
||||
- name: "SMTP_LOGIN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "mastodon.smtp.secretName" $context }}
|
||||
key: login
|
||||
optional: true
|
||||
- name: "SMTP_PASSWORD"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "mastodon.smtp.secretName" $context }}
|
||||
key: password
|
||||
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
|
||||
- name: "AWS_SECRET_ACCESS_KEY"
|
||||
valueFrom:
|
||||
|
@ -102,19 +114,6 @@ spec:
|
|||
name: {{ $context.Values.mastodon.s3.existingSecret }}
|
||||
key: AWS_ACCESS_KEY_ID
|
||||
{{- end }}
|
||||
{{- if $context.Values.mastodon.smtp.existingSecret }}
|
||||
- name: "SMTP_LOGIN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $context.Values.mastodon.smtp.existingSecret }}
|
||||
key: login
|
||||
optional: true
|
||||
- name: "SMTP_PASSWORD"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $context.Values.mastodon.smtp.existingSecret }}
|
||||
key: password
|
||||
{{- end }}
|
||||
{{- if (not $context.Values.mastodon.s3.enabled) }}
|
||||
volumeMounts:
|
||||
- name: assets
|
||||
|
|
|
@ -74,6 +74,22 @@ spec:
|
|||
key: redis-password
|
||||
- name: "PORT"
|
||||
value: {{ .Values.mastodon.web.port | quote }}
|
||||
{{- if .Values.mastodon.web.minThreads }}
|
||||
- name: "MIN_THREADS"
|
||||
value: {{ .Values.mastodon.web.minThreads | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.web.maxThreads }}
|
||||
- name: "MAX_THREADS"
|
||||
value: {{ .Values.mastodon.web.maxThreads | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.web.workers }}
|
||||
- name: "WEB_CONCURRENCY"
|
||||
value: {{ .Values.mastodon.web.workers | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.web.persistentTimeout }}
|
||||
- name: "PERSISTENT_TIMEOUT"
|
||||
value: {{ .Values.mastodon.web.persistentTimeout | quote }}
|
||||
{{- end }}
|
||||
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
|
||||
- name: "AWS_SECRET_ACCESS_KEY"
|
||||
valueFrom:
|
||||
|
|
|
@ -52,7 +52,7 @@ spec:
|
|||
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
|
||||
pathType: Prefix
|
||||
{{- end }}
|
||||
- path: {{ .path }}api/v1/streaming/
|
||||
- path: {{ .path }}api/v1/streaming
|
||||
backend:
|
||||
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
|
||||
service:
|
||||
|
@ -64,7 +64,7 @@ spec:
|
|||
servicePort: {{ $streamingPort }}
|
||||
{{- end }}
|
||||
{{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
|
||||
pathType: Exact
|
||||
pathType: Prefix
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
16
templates/secret-smtp.yaml
Normal file
16
templates/secret-smtp.yaml
Normal file
|
@ -0,0 +1,16 @@
|
|||
{{- if not .Values.mastodon.smtp.existingSecret -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%s-smtp" (include "common.names.fullname" .) }}
|
||||
labels:
|
||||
{{- include "mastodon.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- with .Values.mastodon.smtp.login }}
|
||||
login: {{ . | b64enc }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.smtp.password }}
|
||||
password: {{ . | b64enc }}
|
||||
{{- end }}
|
||||
{{- end }}
|
39
values.yaml
39
values.yaml
|
@ -38,6 +38,8 @@ mastodon:
|
|||
singleUserMode: false
|
||||
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
|
||||
authorizedFetch: false
|
||||
# -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
|
||||
limitedFederationMode: false
|
||||
persistence:
|
||||
assets:
|
||||
# -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits
|
||||
|
@ -63,6 +65,7 @@ mastodon:
|
|||
endpoint: ""
|
||||
hostname: ""
|
||||
region: ""
|
||||
permission: ""
|
||||
# -- If you have a caching proxy, enter its base URL here.
|
||||
alias_host: ""
|
||||
# these must be set manually; autogenerated keys are rotated on each upgrade
|
||||
|
@ -141,8 +144,8 @@ mastodon:
|
|||
tls: false
|
||||
login:
|
||||
password:
|
||||
# -- you can also specify the name of an existing Secret
|
||||
# with the keys login and password
|
||||
# -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and
|
||||
# password must be located in keys named `login` and `password` respectively.
|
||||
existingSecret:
|
||||
streaming:
|
||||
port: 4000
|
||||
|
@ -223,12 +226,21 @@ mastodon:
|
|||
port: http
|
||||
failureThreshold: 20
|
||||
periodSeconds: 3
|
||||
# -- Puma-specific options. Below values are based on default behavior in
|
||||
# config/puma.rb when no custom values are provided.
|
||||
minThreads: "5"
|
||||
maxThreads: "5"
|
||||
workers: "2"
|
||||
persistentTimeout: "20"
|
||||
|
||||
metrics:
|
||||
statsd:
|
||||
# -- Enable statsd publishing via STATSD_ADDR environment variable
|
||||
address: ""
|
||||
|
||||
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
|
||||
preparedStatements: true
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
|
@ -297,12 +309,12 @@ redis:
|
|||
enabled: true
|
||||
hostname: ""
|
||||
port: 6379
|
||||
# -- you must set a password; the password generated by the redis chart will be
|
||||
# rotated on each upgrade:
|
||||
password: ""
|
||||
# you can also specify the name of an existing Secret
|
||||
# with a key of redis-password set to the password you want
|
||||
# auth:
|
||||
auth:
|
||||
# -- you must set a password; the password generated by the redis chart will be
|
||||
# rotated on each upgrade:
|
||||
password: ""
|
||||
# you can also specify the name of an existing Secret
|
||||
# with a key of redis-password set to the password you want
|
||||
# existingSecret: ""
|
||||
|
||||
# @ignored
|
||||
|
@ -396,10 +408,11 @@ externalAuth:
|
|||
ldap:
|
||||
enabled: false
|
||||
# host: myservice.namespace.svc
|
||||
# port: 389
|
||||
# port: 636
|
||||
# method: simple_tls
|
||||
# tls_no_verify: true
|
||||
# base:
|
||||
# bind_on:
|
||||
# bind_dn:
|
||||
# password:
|
||||
# uid: cn
|
||||
# mail: mail
|
||||
|
@ -435,7 +448,11 @@ serviceAccount:
|
|||
# set with podAnnotations will be added to all deployment-managed pods.
|
||||
podAnnotations: {}
|
||||
|
||||
# -- The annotations set with jobAnnotations will be added to all job pods.
|
||||
# If set to true, an annotation with the current chart release number will be added to all mastodon pods. This will
|
||||
# cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes.
|
||||
revisionPodAnnotation: true
|
||||
|
||||
# The annotations set with jobAnnotations will be added to all job pods.
|
||||
jobAnnotations: {}
|
||||
|
||||
# -- Default resources for all Deployments and jobs unless overwritten
|
||||
|
|
Loading…
Reference in New Issue
Block a user