From 1d0879b3c9bb3ac3fb9e8e385819cbe47a88e527 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 12 Dec 2023 10:17:17 +0100 Subject: [PATCH 01/25] Add extra env vars --- templates/configmap-env.yaml | 3 +++ values.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index fbb8788..74ad09e 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -328,3 +328,6 @@ data: {{- with .Values.mastodon.metrics.statsd.address }} STATSD_ADDR: {{ . }} {{- end }} + {{- range $k, $v := .Values.mastodon.extraEnvVars }} + {{ $k }}: {{ quote $v }} + {{- end }} diff --git a/values.yaml b/values.yaml index a4660e2..30e3ea8 100644 --- a/values.yaml +++ b/values.yaml @@ -206,6 +206,9 @@ mastodon: # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements preparedStatements: true + # Additional env vars defined in all pods + extraEnvVars: {} + ingress: enabled: true annotations: From 8014703818c1d71f3c8d2ee9dedba0837c9ff1d7 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 7 Dec 2023 16:00:07 +0100 Subject: [PATCH 02/25] Add hooks to jobs --- templates/job-assets-precompile.yaml | 2 ++ templates/job-db-migrate.yaml | 2 ++ values.yaml | 5 +++++ 3 files changed, 9 insertions(+) diff --git a/templates/job-assets-precompile.yaml b/templates/job-assets-precompile.yaml index bc5ff7b..3458fea 100644 --- a/templates/job-assets-precompile.yaml +++ b/templates/job-assets-precompile.yaml @@ -1,3 +1,4 @@ +{{- if .Values.mastodon.hooks.assetsPrecompile.enabled -}} apiVersion: batch/v1 kind: Job metadata: @@ -75,3 +76,4 @@ spec: - name: system mountPath: /opt/mastodon/public/system {{- end }} +{{- end -}} diff --git a/templates/job-db-migrate.yaml b/templates/job-db-migrate.yaml index 41324fb..e9a40a7 100644 --- a/templates/job-db-migrate.yaml +++ b/templates/job-db-migrate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.mastodon.hooks.dbMigrate.enabled -}} apiVersion: batch/v1 kind: Job metadata: @@ -75,3 +76,4 @@ spec: - name: system mountPath: /opt/mastodon/public/system {{- end }} +{{- end -}} diff --git a/values.yaml b/values.yaml index 30e3ea8..f0e0ad9 100644 --- a/values.yaml +++ b/values.yaml @@ -20,6 +20,11 @@ mastodon: username: not_gargron # @ignored email: not@example.com + hooks: + dbMigrate: + enabled: false + assetsPrecompile: + enabled: false cron: # -- run `tootctl media remove` every week removeMedia: From 94aa576b1eecd6949962639441113348299185d0 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 12 Dec 2023 10:14:45 +0100 Subject: [PATCH 03/25] Default hooks should be true --- values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/values.yaml b/values.yaml index f0e0ad9..602ec08 100644 --- a/values.yaml +++ b/values.yaml @@ -22,9 +22,9 @@ mastodon: email: not@example.com hooks: dbMigrate: - enabled: false + enabled: true assetsPrecompile: - enabled: false + enabled: true cron: # -- run `tootctl media remove` every week removeMedia: From bc19788acc9cdc71e6c470f043828f390ec12f11 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 7 Dec 2023 16:12:55 +0100 Subject: [PATCH 04/25] Add sidecar capability for statsd --- templates/_statsd.yaml | 54 ++++++++++++ templates/configmap-env.yaml | 6 +- templates/deployment-sidekiq.yaml | 3 + templates/deployment-web.yaml | 3 + templates/statsd-exporter-mappings.yaml | 107 ++++++++++++++++++++++++ values.yaml | 5 ++ 6 files changed, 176 insertions(+), 2 deletions(-) create mode 100644 templates/_statsd.yaml create mode 100644 templates/statsd-exporter-mappings.yaml diff --git a/templates/_statsd.yaml b/templates/_statsd.yaml new file mode 100644 index 0000000..410e4f1 --- /dev/null +++ b/templates/_statsd.yaml @@ -0,0 +1,54 @@ +{{/* + The exporter container attached to every Mastodon pod +*/}} + +{{- define "mastodon.statsdExporterContainer" }} +{{- with .Values.mastodon.metrics.statsd }} +{{- if and .exporter.enabled (not .address) }} +- name: statsd-exporter + image: prom/statsd-exporter + args: + - "--statsd.mapping-config=/statsd-mappings/mastodon.yml" + resources: + requests: + cpu: "0.1" + memory: "180M" + limits: + cpu: "0.5" + memory: "250M" + ports: + - name: statsd + containerPort: {{ .exporter.port }} + volumeMounts: + - name: statsd-mappings + mountPath: /statsd-mappings +{{- end }} +{{- end }} +{{- end }} + +{{/* + The volume needed for the container above +*/}} +{{- define "mastodon.statsdExporterVolume" }} +{{- with .Values.mastodon.metrics.statsd }} +{{- if and .exporter.enabled (not .address) }} +- name: statsd-mappings + configMap: + name: {{ include "mastodon.fullname" $ }}-statsd-mappings + items: + - key: mastodon-statsd-mappings.yml + path: mastodon.yml +{{- end }} +{{- end }} +{{- end }} + +{{/* + Labels added to every statsd_exporter-enabled pod +*/}} +{{- define "mastodon.statsdExporterLabels" }} +{{- with .Values.mastodon.metrics.statsd }} +{{- if and .exporter.enabled (not .address) }} +mastodon/statsd-exporter: "true" +{{- end }} +{{- end }} +{{- end }} diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 74ad09e..da9b174 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -325,8 +325,10 @@ data: LDAP_UID_CONVERSION_REPLACE: {{ . }} {{- end }} {{- end }} - {{- with .Values.mastodon.metrics.statsd.address }} - STATSD_ADDR: {{ . }} + {{- if .Values.mastodon.metrics.statsd.address }} + STATSD_ADDR: {{ .Values.mastodon.metrics.statsd.address }} + {{- else if .Values.mastodon.metrics.statsd.exporter.enabled }} + STATSD_ADDR: localhost:9125 {{- end }} {{- range $k, $v := .Values.mastodon.extraEnvVars }} {{ $k }}: {{ quote $v }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 5dc9244..3d269e1 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -38,6 +38,7 @@ spec: checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} labels: {{- include "mastodon.selectorLabels" $context | nindent 8 }} + {{- include "mastodon.statsdExporterLabels" $context | nindent 8 }} app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails spec: @@ -63,6 +64,7 @@ spec: persistentVolumeClaim: claimName: {{ template "mastodon.fullname" $context }}-system {{- end }} + {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} containers: - name: {{ $context.Chart.Name }} securityContext: @@ -127,6 +129,7 @@ spec: {{- end }} resources: {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} + {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} {{- with $context.Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 420c277..c206297 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -25,6 +25,7 @@ spec: {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} labels: {{- include "mastodon.selectorLabels" . | nindent 8 }} + {{- include "mastodon.statsdExporterLabels" . | nindent 8 }} app.kubernetes.io/component: web app.kubernetes.io/part-of: rails spec: @@ -45,6 +46,7 @@ spec: - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-web @@ -134,6 +136,7 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/templates/statsd-exporter-mappings.yaml b/templates/statsd-exporter-mappings.yaml new file mode 100644 index 0000000..813af1d --- /dev/null +++ b/templates/statsd-exporter-mappings.yaml @@ -0,0 +1,107 @@ +{{- if and .Values.mastodon.metrics.statsd.exporter.enabled (not .Values.mastodon.metrics.statsd.address) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mastodon.fullname" . }}-statsd-mappings + labels: + {{- include "mastodon.labels" . | nindent 4 }} +data: + mastodon-statsd-mappings.yml: |- + ## From https://ipng.ch/assets/mastodon/statsd-mapping.yaml + ## Prometheus Statsd Exporter mapping for Mastodon 4.0+ + ## + ## Version 1.0, November 2022 + ## + ## Documentation: https://ipng.ch/s/articles/2022/11/27/mastodon-3.html + + mappings: + ## Web collector + - match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.status\.(.+) + match_type: regex + name: "mastodon_controller_status" + labels: + controller: $1 + action: $2 + format: $3 + status: $4 + mastodon: "web" + - match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.db_time + match_type: regex + name: "mastodon_controller_db_time" + labels: + controller: $1 + action: $2 + format: $3 + mastodon: "web" + - match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.view_time + match_type: regex + name: "mastodon_controller_view_time" + labels: + controller: $1 + action: $2 + format: $3 + mastodon: "web" + - match: Mastodon\.production\.web\.(.+)\.(.+)\.(.+)\.total_duration + match_type: regex + name: "mastodon_controller_duration" + labels: + controller: $1 + action: $2 + format: $3 + mastodon: "web" + + ## Database collector + - match: Mastodon\.production\.db\.tables\.(.+)\.queries\.(.+)\.duration + match_type: regex + name: "mastodon_db_operation" + labels: + table: "$1" + operation: "$2" + mastodon: "db" + + ## Cache collector + - match: Mastodon\.production\.cache\.(.+)\.duration + match_type: regex + name: "mastodon_cache_duration" + labels: + operation: "$1" + mastodon: "cache" + + ## Sidekiq collector + - match: Mastodon\.production\.sidekiq\.(.+)\.processing_time + match_type: regex + name: "mastodon_sidekiq_worker_processing_time" + labels: + worker: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.(.+)\.success + match_type: regex + name: "mastodon_sidekiq_worker_success_total" + labels: + worker: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.(.+)\.failure + match_type: regex + name: "mastodon_sidekiq_worker_failure_total" + labels: + worker: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.queues\.(.+)\.enqueued + match_type: regex + name: "mastodon_sidekiq_queue_enqueued" + labels: + queue: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.queues\.(.+)\.latency + match_type: regex + name: "mastodon_sidekiq_queue_latency" + labels: + queue: "$1" + mastodon: "sidekiq" + - match: Mastodon\.production\.sidekiq\.(.+) + match_type: regex + name: "mastodon_sidekiq_$1" + labels: + mastodon: "sidekiq" + +{{- end }} diff --git a/values.yaml b/values.yaml index 602ec08..34f7869 100644 --- a/values.yaml +++ b/values.yaml @@ -207,6 +207,11 @@ mastodon: statsd: # -- Enable statsd publishing via STATSD_ADDR environment variable address: "" + # -- Alternatively, you can use this to have a statsd_exporter sidecar container running along all Mastodon containers and exposing metrics in OpenMetric/Prometheus format on each pod + # Please note the exporter will not be enabled if metrics.statsd.address is not empty + exporter: + enabled: false + port: 9102 # Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements preparedStatements: true From 4e742ac8e19b5f35e51a3cd1d4f1038f466aef7b Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 12 Dec 2023 10:39:27 +0100 Subject: [PATCH 05/25] Add global labels --- templates/_helpers.tpl | 10 ++++++++++ templates/deployment-sidekiq.yaml | 1 + templates/deployment-streaming.yaml | 1 + templates/deployment-web.yaml | 1 + 4 files changed, 13 insertions(+) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 6331a26..c69ebfa 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -31,12 +31,22 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} +{{/* +Labels added on every Mastodon resource +*/}} +{{- define "mastodon.globalLabels" -}} +{{- range $k, $v := .Values.mastodon.labels }} +{{ $k }}: {{ quote $v }} +{{- end -}} +{{- end }} + {{/* Common labels */}} {{- define "mastodon.labels" -}} helm.sh/chart: {{ include "mastodon.chart" . }} {{ include "mastodon.selectorLabels" . }} +{{ include "mastodon.globalLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 3d269e1..525343e 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -37,6 +37,7 @@ spec: {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} labels: + {{- include "mastodon.globalLabels" $context | nindent 8 }} {{- include "mastodon.selectorLabels" $context | nindent 8 }} {{- include "mastodon.statsdExporterLabels" $context | nindent 8 }} app.kubernetes.io/component: sidekiq-{{ .name }} diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index ea08b1b..5fc8d46 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -23,6 +23,7 @@ spec: # roll the pods to pick up any db migrations or other changes {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} labels: + {{- include "mastodon.globalLabels" . | nindent 8 }} {{- include "mastodon.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: streaming spec: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index c206297..7817276 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -24,6 +24,7 @@ spec: # roll the pods to pick up any db migrations or other changes {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} labels: + {{- include "mastodon.globalLabels" . | nindent 8 }} {{- include "mastodon.selectorLabels" . | nindent 8 }} {{- include "mastodon.statsdExporterLabels" . | nindent 8 }} app.kubernetes.io/component: web From b4f4811efd68525fdb2446e14ec153d4da2e5349 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Tue, 12 Dec 2023 11:38:54 +0100 Subject: [PATCH 06/25] Add field to values --- values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values.yaml b/values.yaml index 34f7869..bbaa11f 100644 --- a/values.yaml +++ b/values.yaml @@ -25,6 +25,8 @@ mastodon: enabled: true assetsPrecompile: enabled: true + # Custom labels to add to kubernetes resources + #labels: cron: # -- run `tootctl media remove` every week removeMedia: From 03ea7244d78939ec7ddffa03c2923bca6805a7e3 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Wed, 13 Dec 2023 15:26:14 +0100 Subject: [PATCH 07/25] Add deepl configuration --- templates/configmap-env.yaml | 4 ++++ templates/deployment-sidekiq.yaml | 7 +++++++ templates/deployment-web.yaml | 7 +++++++ values.yaml | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index da9b174..b956347 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -333,3 +333,7 @@ data: {{- range $k, $v := .Values.mastodon.extraEnvVars }} {{ $k }}: {{ quote $v }} {{- end }} + + {{- if .Values.mastodon.deepl.enabled }} + DEEPL_PLAN: {{ .Values.mastodon.deepl.plan }} + {{- end }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 525343e..7fdafd3 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -121,6 +121,13 @@ spec: name: {{ $context.Values.mastodon.s3.existingSecret }} key: AWS_ACCESS_KEY_ID {{- end }} + {{- if and $context.Values.mastodon.deepl.enabled }} + - name: "DEEPL_API_KEY" + valueFrom: + secretKeyRef: + name: {{ $context.Values.mastodon.deepl.apiKeySecretRef.name }} + key: {{ $context.Values.mastodon.deepl.apiKeySecretRef.key }} + {{- end }} {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 7817276..bfcce32 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -109,6 +109,13 @@ spec: name: {{ .Values.mastodon.s3.existingSecret }} key: AWS_ACCESS_KEY_ID {{- end }} + {{- if .Values.mastodon.deepl.enabled }} + - name: "DEEPL_API_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.deepl.apiKeySecretRef.name }} + key: {{ .Values.mastodon.deepl.apiKeySecretRef.key }} + {{- end }} {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/values.yaml b/values.yaml index bbaa11f..ab5b7d2 100644 --- a/values.yaml +++ b/values.yaml @@ -75,6 +75,12 @@ mastodon: permission: "" # -- If you have a caching proxy, enter its base URL here. alias_host: "" + deepl: + enabled: false + plan: + apiKeySecretRef: + name: + key: # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "" From 905f78fd725560b8100bf9426f2b09c19e10aebc Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 14 Dec 2023 23:11:13 -0800 Subject: [PATCH 08/25] Additional Elasticsearch options (#106) --- templates/_helpers.tpl | 13 +++++++++++++ templates/configmap-env.yaml | 7 +++++++ templates/cronjob-media-remove.yaml | 7 +++++++ templates/deployment-sidekiq.yaml | 7 +++++++ templates/deployment-web.yaml | 7 +++++++ templates/job-chewy-upgrade.yaml | 7 +++++++ values.yaml | 16 ++++++++++++++-- 7 files changed, 62 insertions(+), 2 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c69ebfa..2c50146 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -171,3 +171,16 @@ Find highest number of needed database connections to set DB_POOL variable {{- end }} {{- $poolSize | quote }} {{- end }} + +{{/* +Full hostname for a custom Elasticsearch cluster +*/}} +{{- define "mastodon.elasticsearch.fullHostname" -}} +{{- if not .Values.elasticsearch.enabled }} + {{- if .Values.elasticsearch.tls }} + {{- printf "https://%s" (tpl .Values.elasticsearch.hostname $) -}} + {{- else -}} + {{- printf "%s" (tpl .Values.elasticsearch.hostname $) -}} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index b956347..8cd7e5d 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -21,6 +21,13 @@ data: ES_ENABLED: "true" ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl ES_PORT: "9200" + {{- else if .Values.elasticsearch.hostname }} + ES_ENABLED: "true" + ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}} + ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }} + {{- end }} + {{- with .Values.elasticsearch.user }} + ES_USER: {{ . }} {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} {{- with .Values.mastodon.web_domain }} diff --git a/templates/cronjob-media-remove.yaml b/templates/cronjob-media-remove.yaml index d70afeb..33229a8 100644 --- a/templates/cronjob-media-remove.yaml +++ b/templates/cronjob-media-remove.yaml @@ -65,6 +65,13 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} key: redis-password + {{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }} + - name: "ES_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.elasticsearch.existingSecret }} + key: password + {{- end }} - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 7fdafd3..401bcea 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -98,6 +98,13 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" $context }} key: redis-password + {{- if and $context.Values.elasticsearch.existingSecret (or $context.Values.elasticsearch.enabled $context.Values.elasticsearch.hostname) }} + - name: "ES_PASS" + valueFrom: + secretKeyRef: + name: {{ $context.Values.elasticsearch.existingSecret }} + key: password + {{- end }} - name: "SMTP_LOGIN" valueFrom: secretKeyRef: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index bfcce32..db46120 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -79,6 +79,13 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} key: redis-password + {{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }} + - name: "ES_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.elasticsearch.existingSecret }} + key: password + {{- end }} - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} {{- if .Values.mastodon.web.minThreads }} diff --git a/templates/job-chewy-upgrade.yaml b/templates/job-chewy-upgrade.yaml index f86a4e3..33e9bf9 100644 --- a/templates/job-chewy-upgrade.yaml +++ b/templates/job-chewy-upgrade.yaml @@ -67,6 +67,13 @@ spec: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} key: redis-password + {{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }} + - name: "ES_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.elasticsearch.existingSecret }} + key: password + {{- end }} - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/values.yaml b/values.yaml index ab5b7d2..6827e54 100644 --- a/values.yaml +++ b/values.yaml @@ -255,17 +255,29 @@ ingress: # -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: - # `false` will disable full-text search + # Elasticsearch is powering full-text search. It is optional. + + # `false` will not install Elasticsearch as part of this chart # # if you enable ES after the initial install, you will need to manually run # RAILS_ENV=production bundle exec rake chewy:sync # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) - # @ignored enabled: true # @ignored image: tag: 7 + # If you are using an external ES cluster, use `enabled: false` and set the hostname, port, + # and whether the cluster uses TLS. + # hostname: + # port: 9200 + # tls: true + + # This is optional, use it if you ES cluster requires authentication + # user: + # Name of an existing secret with a password key + # existingSecret: + # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: # -- disable if you want to use an existing db; in which case the values below From 6d5a6004e3291caef0161e226c855cf8e5e89529 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 15 Dec 2023 08:30:22 +0100 Subject: [PATCH 09/25] Add topology spread constraints --- templates/deployment-sidekiq.yaml | 4 ++++ templates/deployment-streaming.yaml | 4 ++++ templates/deployment-web.yaml | 4 ++++ values.yaml | 14 ++++++++++++++ 4 files changed, 26 insertions(+) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 401bcea..d9bea05 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -56,6 +56,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with (default (default $context.Values.topologySpreadConstraints $context.Values.mastodon.sidekiq.topologySpreadConstraints) .topologySpreadConstraints) }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if (not $context.Values.mastodon.s3.enabled) }} volumes: - name: assets diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 5fc8d46..5aa8866 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -87,6 +87,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with (default .Values.topologySpreadConstraints .Values.mastodon.streaming.topologySpreadConstraints) }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index db46120..651043f 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -160,6 +160,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with (default .Values.topologySpreadConstraints .Values.mastodon.web.topologySpreadConstraints) }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/values.yaml b/values.yaml index 6827e54..254eb1c 100644 --- a/values.yaml +++ b/values.yaml @@ -101,6 +101,8 @@ mastodon: resources: {} # -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity affinity: {} + # -- Topology spread constraints for Sidekiq Pods, overwrites .Values.topologySpreadConstraints + topologySpreadConstraints: {} # limits: # cpu: "1" # memory: 768Mi @@ -117,6 +119,8 @@ mastodon: resources: {} # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity affinity: {} + # -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints + topologySpreadConstraints: {} # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument queues: @@ -174,6 +178,8 @@ mastodon: replicas: 1 # -- Affinity for Streaming Pods, overwrites .Values.affinity affinity: {} + # -- Topology spread constraints for Streaming Pods, overwrites .Values.topologySpreadConstraints + topologySpreadConstraints: {} # -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext podSecurityContext: {} # -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext @@ -192,6 +198,8 @@ mastodon: replicas: 1 # -- Affinity for Web Pods, overwrites .Values.affinity affinity: {} + # -- Topology spread constraints for Web Pods, overwrites .Values.topologySpreadConstraints + topologySpreadConstraints: {} # -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext podSecurityContext: {} # -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext @@ -478,3 +486,9 @@ tolerations: [] # -- Affinity for all pods unless overwritten affinity: {} + +# -- Topology Spread Constraints for all pods unless overwritten +# Please note that you need to use `matchLabelKeys` (Kubernetes 1.25+) if you +# want to spread each deployment independently, or override topologySpreadConstraints +# for each deployment +topologySpreadConstraints: {} From 61b643b05d048f237ef8a184ced9445c20e5c37e Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 15 Dec 2023 13:48:00 -0800 Subject: [PATCH 10/25] Add separate streaming ingress object (#111) --- templates/ingress-streaming.yml | 57 +++++++++++++++++++++++++++++++++ templates/ingress.yaml | 2 ++ values.yaml | 16 +++++++++ 3 files changed, 75 insertions(+) create mode 100644 templates/ingress-streaming.yml diff --git a/templates/ingress-streaming.yml b/templates/ingress-streaming.yml new file mode 100644 index 0000000..4e3ad72 --- /dev/null +++ b/templates/ingress-streaming.yml @@ -0,0 +1,57 @@ +{{- if .Values.ingress.streaming.enabled -}} +{{- $fullName := include "mastodon.fullname" . -}} +{{- $webPort := .Values.mastodon.web.port -}} +{{- $streamingPort := .Values.mastodon.streaming.port -}} +{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-streaming + labels: + {{- include "mastodon.labels" . | nindent 4 }} + {{- with .Values.ingress.streaming.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.streaming.ingressClassName }} + ingressClassName: {{ .Values.ingress.streaming.ingressClassName }} + {{- end }} + {{- if .Values.ingress.streaming.tls }} + tls: + {{- range .Values.ingress.streaming.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.streaming.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }}api/v1/streaming + backend: + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + service: + name: {{ $fullName }}-streaming + port: + number: {{ $streamingPort }} + {{- else }} + serviceName: {{ $fullName }}-streaming + servicePort: {{ $streamingPort }} + {{- end }} + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + pathType: Prefix + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 5a3409a..3da46ab 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -52,6 +52,7 @@ spec: {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} pathType: Prefix {{- end }} + {{- if not $.Values.ingress.streaming.enabled }} - path: {{ .path }}api/v1/streaming backend: {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} @@ -67,5 +68,6 @@ spec: pathType: Prefix {{- end }} {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/values.yaml b/values.yaml index 254eb1c..cee2a48 100644 --- a/values.yaml +++ b/values.yaml @@ -261,6 +261,22 @@ ingress: hosts: - mastodon.local + # This allows you to have a separate ingress for streaming + # When enabled, the main ingress will no longer handle streaming requests. + # You will also need to configure mastodon.streaming.base_url accordingly + streaming: + enabled: false + annotations: + ingressClassName: + hosts: + - host: streaming.mastodon.local + paths: + - path: "/" + tls: + - secretName: mastodon-tls + hosts: + - streaming.mastodon.local + # -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: # Elasticsearch is powering full-text search. It is optional. From 0c7466501c179c72c8620184685e29c6d21da2ec Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Mon, 18 Dec 2023 04:45:00 -0800 Subject: [PATCH 11/25] Custom docker images and database configs (#110) --- templates/deployment-sidekiq.yaml | 12 +++++++++++- templates/deployment-streaming.yaml | 2 +- templates/deployment-web.yaml | 12 +++++++++++- values.yaml | 20 ++++++++++++++++++++ 4 files changed, 43 insertions(+), 3 deletions(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index d9bea05..2b78359 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -70,11 +70,16 @@ spec: claimName: {{ template "mastodon.fullname" $context }}-system {{- end }} {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} + {{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }} + - name: config-database-yml + configMap: + name: {{ .customDatabaseConfigYml.configMapRef.name }} + {{- end }} containers: - name: {{ $context.Chart.Name }} securityContext: {{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }} - image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}" + image: "{{ coalesce (dig "image" "repository" false .) $context.Values.image.repository }}:{{ coalesce (dig "image" "tag" false .) $context.Values.image.tag $context.Chart.AppVersion }}" imagePullPolicy: {{ $context.Values.image.pullPolicy }} command: - bundle @@ -146,6 +151,11 @@ spec: - name: system mountPath: /opt/mastodon/public/system {{- end }} + {{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }} + - name: config-database-yml + mountPath: /opt/mastodon/config/database.yml + subPath: {{ .customDatabaseConfigYml.configMapRef.key }} + {{- end }} resources: {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 5aa8866..9924fe1 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -42,7 +42,7 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ coalesce .Values.mastodon.streaming.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.streaming.image.tag .Values.image.tag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - node diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 651043f..b724210 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -48,6 +48,11 @@ spec: persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} + {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} + - name: config-database-yml + configMap: + name: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} + {{- end }} {{- end }} containers: - name: {{ .Chart.Name }}-web @@ -55,7 +60,7 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ coalesce .Values.mastodon.web.image.repository .Values.image.repository }}:{{ coalesce .Values.mastodon.web.image.tag .Values.image.tag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - bundle @@ -130,6 +135,11 @@ spec: - name: system mountPath: /opt/mastodon/public/system {{- end }} + {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} + - name: config-database-yml + mountPath: /opt/mastodon/config/database.yml + subPath: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.key }} + {{- end }} ports: - name: http containerPort: {{ .Values.mastodon.web.port }} diff --git a/values.yaml b/values.yaml index cee2a48..72c21ec 100644 --- a/values.yaml +++ b/values.yaml @@ -130,6 +130,14 @@ mastodon: - mailers,2 - pull - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. + image: + repository: + tag: + # allows you to mount a custom database.yml from a configmap + customDatabaseConfigYml: + configMapRef: + name: + key: #- name: push-pull # concurrency: 50 # resources: {} @@ -166,6 +174,9 @@ mastodon: # password must be located in keys named `login` and `password` respectively. existingSecret: streaming: + image: + repository: + tag: port: 4000 # -- this should be set manually since os.cpus() returns the number of CPUs on # the node running the pod, which is unrelated to the resources allocated to @@ -218,6 +229,15 @@ mastodon: maxThreads: "5" workers: "2" persistentTimeout: "20" + image: + repository: + tag: + # allows you to mount a custom database.yml from a configmap + # for example if you want to use a read-only replica + customDatabaseConfigYml: + configMapRef: + name: + key: metrics: statsd: From 8f5e9dc971e79674591e14dec3b25bed0898dae5 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 11 Jan 2024 03:56:04 -0800 Subject: [PATCH 12/25] Add options for hcaptcha and cachebuster (#108) --- templates/configmap-env.yaml | 16 ++++++++++++++++ templates/deployment-sidekiq.yaml | 7 +++++++ templates/deployment-web.yaml | 14 ++++++++++++++ values.yaml | 18 ++++++++++++++++++ 4 files changed, 55 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 8cd7e5d..96e70c3 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -344,3 +344,19 @@ data: {{- if .Values.mastodon.deepl.enabled }} DEEPL_PLAN: {{ .Values.mastodon.deepl.plan }} {{- end }} + + {{- if .Values.mastodon.hcaptcha.enabled }} + HCAPTCHA_SITE_KEY: {{ .Values.mastodon.hcaptcha.siteId }} + {{- end }} + + {{- if .Values.mastodon.cacheBuster.enabled }} + CACHE_BUSTER_ENABLED: "true" + {{- if .Values.mastodon.cacheBuster.httpMethod }} + CACHE_BUSTER_HTTP_METHOD: {{ .Values.mastodon.cacheBuster.httpMethod }} + {{- end }} + {{- if .Values.mastodon.cacheBuster.authHeader }} + CACHE_BUSTER_SECRET_HEADER: {{ .Values.mastodon.cacheBuster.authHeader }} + {{- end }} + {{- else }} + CACHE_BUSTER_ENABLED: "false" + {{- end }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 2b78359..2f75309 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -144,6 +144,13 @@ spec: name: {{ $context.Values.mastodon.deepl.apiKeySecretRef.name }} key: {{ $context.Values.mastodon.deepl.apiKeySecretRef.key }} {{- end }} + {{- if and $context.Values.mastodon.cacheBuster.enabled $context.Values.mastodon.cacheBuster.authToken.existingSecret }} + - name: CACHE_BUSTER_SECRET + valueFrom: + secretKeyRef: + name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }} + key: password + {{- end }} {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index b724210..b736a9d 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -128,6 +128,20 @@ spec: name: {{ .Values.mastodon.deepl.apiKeySecretRef.name }} key: {{ .Values.mastodon.deepl.apiKeySecretRef.key }} {{- end }} + {{- if .Values.mastodon.hcaptcha.enabled }} + - name: "HCAPTCHA_SECRET_KEY" + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.name }} + key: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.key }} + {{- end }} + {{- if and .Values.mastodon.cacheBuster.enabled .Values.mastodon.cacheBuster.authToken.existingSecret }} + - name: CACHE_BUSTER_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }} + key: password + {{- end }} {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: - name: assets diff --git a/values.yaml b/values.yaml index 72c21ec..6a0abcf 100644 --- a/values.yaml +++ b/values.yaml @@ -81,6 +81,12 @@ mastodon: apiKeySecretRef: name: key: + hcaptcha: + enabled: false + siteId: + secretKeySecretRef: + name: + key: # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "" @@ -239,6 +245,18 @@ mastodon: name: key: + # HTTP cache buster configuration. + # See the documentation for more information about this feature: + # https://docs.joinmastodon.org/admin/config/#http-cache-buster + cacheBuster: + enabled: false + httpMethod: "GET" + # If the cache service requires authentication, specify the header name and + # secret/token here. + authHeader: + authToken: + existingSecret: + metrics: statsd: # -- Enable statsd publishing via STATSD_ADDR environment variable From 0072b14a6a7fb044ac2ecf916ba8061d34828a93 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Thu, 11 Jan 2024 03:56:14 -0800 Subject: [PATCH 13/25] Add support for read replica (#105) --- templates/configmap-env.yaml | 15 +++++++++++++++ templates/deployment-sidekiq.yaml | 7 +++++++ templates/deployment-streaming.yaml | 7 +++++++ templates/deployment-web.yaml | 7 +++++++ values.yaml | 13 +++++++++++++ 5 files changed, 49 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 96e70c3..51fc9da 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -15,6 +15,21 @@ data: DB_NAME: {{ .Values.postgresql.auth.database }} DB_POOL: {{ include "mastodon.maxDbPool" . }} DB_USER: {{ .Values.postgresql.auth.username }} + {{- if .Values.postgresql.readReplica.hostname }} + REPLICA_DB_HOST: {{ .Values.postgresql.readReplica.hostname }} + {{- end }} + {{- if .Values.postgresql.readReplica.port }} + REPLICA_DB_PORT: {{ .Values.postgresql.readReplica.port }} + {{- end }} + {{- if .Values.postgresql.readReplica.auth.database }} + REPLICA_DB_NAME: {{ .Values.postgresql.readReplica.auth.database }} + {{- end }} + {{- if .Values.postgresql.readReplica.auth.username }} + REPLICA_DB_USER: {{ .Values.postgresql.readReplica.auth.username }} + {{- end }} + {{- if .Values.postgresql.readReplica.auth.password }} + REPLICA_DB_PASS: {{ .Values.postgresql.readReplica.auth.password }} + {{- end }} PREPARED_STATEMENTS: {{ .Values.mastodon.preparedStatements | quote }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 2f75309..9bece8f 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -102,6 +102,13 @@ spec: secretKeyRef: name: {{ template "mastodon.postgresql.secretName" $context }} key: password + {{- if $context.Values.postgresql.readReplica.auth.existingSecret }} + - name: "REPLICA_DB_PASS" + valueFrom: + secretKeyRef: + name: {{ $context.Values.postgresql.readReplica.auth.existingSecret }} + key: password + {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 9924fe1..7ce100a 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -56,6 +56,13 @@ spec: secretKeyRef: name: {{ template "mastodon.postgresql.secretName" . }} key: password + {{- if .Values.postgresql.readReplica.auth.existingSecret }} + - name: "REPLICA_DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.readReplica.auth.existingSecret }} + key: password + {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index b736a9d..5bf035f 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -79,6 +79,13 @@ spec: secretKeyRef: name: {{ template "mastodon.postgresql.secretName" . }} key: password + {{- if .Values.postgresql.readReplica.auth.existingSecret }} + - name: "REPLICA_DB_PASS" + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.readReplica.auth.existingSecret}} + key: password + {{- end }} - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: diff --git a/values.yaml b/values.yaml index 6a0abcf..b9fd707 100644 --- a/values.yaml +++ b/values.yaml @@ -362,6 +362,19 @@ postgresql: # with a key of password set to the password you want existingSecret: "" + # Options for a read-only replica. + # If enabled, mastodon uses existing defaults for postgres for these values as well. + # Documentation for more information on this feature: + # https://docs.joinmastodon.org/admin/scaling/#read-replicas + readReplica: + hostname: + port: + auth: + database: + username: + password: + existingSecret: + # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: # disable if you want to use an existing redis instance; in which case the From da64454fc3c1f82df90c900fc8ec44e416e33f1d Mon Sep 17 00:00:00 2001 From: YDKK Date: Thu, 11 Jan 2024 21:01:40 +0900 Subject: [PATCH 14/25] fix accessModes misreference in pcv-assets (#112) --- templates/pvc-assets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/pvc-assets.yaml b/templates/pvc-assets.yaml index 36d5558..46c90ca 100644 --- a/templates/pvc-assets.yaml +++ b/templates/pvc-assets.yaml @@ -7,7 +7,7 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.mastodon.persistence.system.accessMode }} + - {{ .Values.mastodon.persistence.assets.accessMode }} {{- with .Values.mastodon.persistence.assets.resources }} resources: {{- toYaml . | nindent 4 }} From 9cb9df98b6262d38280970db77718956bb0abefd Mon Sep 17 00:00:00 2001 From: James Hammett Date: Thu, 11 Jan 2024 05:19:42 -0700 Subject: [PATCH 15/25] add ES_PRESET environment variable (#98) Co-authored-by: Tim Campbell --- templates/configmap-env.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 51fc9da..3ce6ced 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -34,6 +34,7 @@ data: DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} ES_ENABLED: "true" + ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }} ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl ES_PORT: "9200" {{- else if .Values.elasticsearch.hostname }} @@ -44,6 +45,9 @@ data: {{- with .Values.elasticsearch.user }} ES_USER: {{ . }} {{- end }} + {{- with .Values.elasticsearch.user }} + ES_USER: {{ . }} + {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} {{- with .Values.mastodon.web_domain }} WEB_DOMAIN: {{ . }} From 97c3d1dc90ba1aa47cde332df6b03ee715d48002 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Thu, 11 Jan 2024 14:15:36 +0000 Subject: [PATCH 16/25] Set default Redis replica count to 0 (#96) --- values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values.yaml b/values.yaml index b9fd707..100f560 100644 --- a/values.yaml +++ b/values.yaml @@ -389,6 +389,8 @@ redis: # you can also specify the name of an existing Secret # with a key of redis-password set to the password you want # existingSecret: "" + replica: + replicaCount: 0 # @ignored service: From 5527809faf1a0e78eed69e10ca2a9a599717fb52 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 03:39:42 -0800 Subject: [PATCH 17/25] Added custom volume mounts, additional small tweaks to match internal (#115) --- templates/deployment-sidekiq.yaml | 11 ++++- templates/deployment-streaming.yaml | 1 + templates/deployment-web.yaml | 11 ++++- values.yaml | 70 ++++++++++++++++------------- 4 files changed, 59 insertions(+), 34 deletions(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 9bece8f..8cae4f3 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -22,6 +22,7 @@ spec: type: Recreate {{- end }} replicas: {{ .replicas }} + revisionHistoryLimit: 2 selector: matchLabels: {{- include "mastodon.selectorLabels" $context | nindent 6 }} @@ -60,8 +61,8 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} - {{- if (not $context.Values.mastodon.s3.enabled) }} volumes: + {{- if (not $context.Values.mastodon.s3.enabled) }} - name: assets persistentVolumeClaim: claimName: {{ template "mastodon.fullname" $context }}-assets @@ -75,6 +76,9 @@ spec: configMap: name: {{ .customDatabaseConfigYml.configMapRef.name }} {{- end }} + {{- with $context.Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ $context.Chart.Name }} securityContext: @@ -158,8 +162,8 @@ spec: name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }} key: password {{- end }} - {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: + {{- if (not $context.Values.mastodon.s3.enabled) }} - name: assets mountPath: /opt/mastodon/public/assets - name: system @@ -170,6 +174,9 @@ spec: mountPath: /opt/mastodon/config/database.yml subPath: {{ .customDatabaseConfigYml.configMapRef.key }} {{- end }} + {{- with $context.Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} {{- include "mastodon.statsdExporterContainer" $ | indent 8 }} diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index 7ce100a..1e4acaa 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -10,6 +10,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.mastodon.streaming.replicas }} + revisionHistoryLimit: 2 selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 5bf035f..47aa0f6 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -10,6 +10,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.mastodon.web.replicas }} + revisionHistoryLimit: 2 selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} @@ -39,20 +40,23 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} volumes: + {{- if (not .Values.mastodon.s3.enabled) }} - name: assets persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-assets - name: system persistentVolumeClaim: claimName: {{ template "mastodon.fullname" . }}-system + {{- end }} {{- include "mastodon.statsdExporterVolume" $ | indent 8 }} {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} - name: config-database-yml configMap: name: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }} {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-web @@ -149,8 +153,8 @@ spec: name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }} key: password {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} volumeMounts: + {{- if (not .Values.mastodon.s3.enabled) }} - name: assets mountPath: /opt/mastodon/public/assets - name: system @@ -161,6 +165,9 @@ spec: mountPath: /opt/mastodon/config/database.yml subPath: {{ .Values.mastodon.web.customDatabaseConfigYml.configMapRef.key }} {{- end }} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} ports: - name: http containerPort: {{ .Values.mastodon.web.port }} diff --git a/values.yaml b/values.yaml index 100f560..7c995d0 100644 --- a/values.yaml +++ b/values.yaml @@ -11,6 +11,9 @@ image: pullPolicy: IfNotPresent mastodon: + # Labels added to every Mastodon-related object + labels: {} + # -- create an initial administrator user; the password is autogenerated and will # have to be reset createAdmin: @@ -116,34 +119,35 @@ mastodon: # cpu: 250m # memory: 512Mi workers: - - name: all-queues - # -- Number of threads / parallel sidekiq jobs that are executed per Pod - concurrency: 25 - # -- Number of Pod replicas deployed by the Deployment - replicas: 1 - # -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources - resources: {} - # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity - affinity: {} - # -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints - topologySpreadConstraints: {} - # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency - # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument - queues: - - default,8 - - push,6 - - ingress,4 - - mailers,2 - - pull - - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. - image: - repository: - tag: - # allows you to mount a custom database.yml from a configmap - customDatabaseConfigYml: - configMapRef: - name: - key: + - name: all-queues + # -- Number of threads / parallel sidekiq jobs that are executed per Pod + concurrency: 25 + # -- Number of Pod replicas deployed by the Deployment + replicas: 1 + # -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources + resources: {} + # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity + affinity: {} + # -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints + topologySpreadConstraints: {} + # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency + # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument + queues: + - default,8 + - push,6 + - ingress,4 + - mailers,2 + - pull + - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. + image: + repository: + tag: + # allows you to mount a custom database.yml from a configmap + # please note that we do not advise using a read-only replica for sidekiq workers + customDatabaseConfigYml: + configMapRef: + name: + key: #- name: push-pull # concurrency: 50 # resources: {} @@ -166,7 +170,7 @@ mastodon: ca_file: /etc/ssl/certs/ca-certificates.crt delivery_method: smtp domain: - enable_starttls: 'auto' + enable_starttls: "auto" from_address: notifications@example.com return_path: openssl_verify_mode: peer @@ -293,7 +297,7 @@ ingress: hosts: - host: mastodon.local paths: - - path: '/' + - path: "/" tls: - secretName: mastodon-tls hosts: @@ -561,3 +565,9 @@ affinity: {} # want to spread each deployment independently, or override topologySpreadConstraints # for each deployment topologySpreadConstraints: {} + +# Default volume mounts for all pods +volumeMounts: [] + +# Default volumes for all pods +volumes: [] From e327416da44139f1956e4de8f63e1c0ff931ce41 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 03:41:52 -0800 Subject: [PATCH 18/25] Set default chart version to 4.2, add version compatilibity notes (#113) --- values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 7c995d0..e606b8b 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ image: # built from the most recent commit # # tag: latest - tag: "" + tag: "v4.2" # use `Always` when using `latest` tag pullPolicy: IfNotPresent @@ -368,6 +368,7 @@ postgresql: # Options for a read-only replica. # If enabled, mastodon uses existing defaults for postgres for these values as well. + # NOTE: This feature is only available on Mastodon v4.2+ # Documentation for more information on this feature: # https://docs.joinmastodon.org/admin/scaling/#read-replicas readReplica: From fba8496f01db112c7f20a3be0059a04961d5baec Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 03:52:00 -0800 Subject: [PATCH 19/25] Quick rearrange for ES_PRESET, add to values file (#114) --- templates/configmap-env.yaml | 4 +--- values.yaml | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml index 3ce6ced..f2d989e 100644 --- a/templates/configmap-env.yaml +++ b/templates/configmap-env.yaml @@ -39,15 +39,13 @@ data: ES_PORT: "9200" {{- else if .Values.elasticsearch.hostname }} ES_ENABLED: "true" + ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }} ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}} ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }} {{- end }} {{- with .Values.elasticsearch.user }} ES_USER: {{ . }} {{- end }} - {{- with .Values.elasticsearch.user }} - ES_USER: {{ . }} - {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} {{- with .Values.mastodon.web_domain }} WEB_DOMAIN: {{ . }} diff --git a/values.yaml b/values.yaml index e606b8b..237ace5 100644 --- a/values.yaml +++ b/values.yaml @@ -338,6 +338,7 @@ elasticsearch: # hostname: # port: 9200 # tls: true + # preset: single_node_cluster # This is optional, use it if you ES cluster requires authentication # user: From 218f55b9091381e11bb93cd5ddc9b521721354d5 Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 04:38:46 -0800 Subject: [PATCH 20/25] Updated chart/app version (#116) --- Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 1ebc973..cae84cd 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.0.0 +version: 4.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v4.0.2 +appVersion: v4.2.3 dependencies: - name: elasticsearch From 089adff9a52bd46a473ae5c4002bfe01b4ad8efc Mon Sep 17 00:00:00 2001 From: Tim Campbell Date: Fri, 19 Jan 2024 06:10:15 -0800 Subject: [PATCH 21/25] Updated dependency lock file (#117) --- Chart.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.lock b/Chart.lock index 961e4fa..afc2440 100644 --- a/Chart.lock +++ b/Chart.lock @@ -8,5 +8,5 @@ dependencies: - name: redis repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami version: 16.13.2 -digest: sha256:17ea58a3264aa22faff18215c4269f47dabae956d0df273c684972f356416193 -generated: "2022-08-08T21:44:18.0195364+02:00" +digest: sha256:8be2c8069d65f295d0079bdda67c45691370f7bef73393c2e80eedbdd748b9af +generated: "2024-01-19T13:45:12.079125474+01:00" From 826d6e945f80f5618f3455c978f1a40a230e3060 Mon Sep 17 00:00:00 2001 From: James Hammett Date: Fri, 2 Feb 2024 06:03:35 -0700 Subject: [PATCH 22/25] add tolerations specific to web deployment to template (#100) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Norman <85173861+norman-zon@users.noreply.github.com> Co-authored-by: Alex Nordlund Co-authored-by: Effy Elden Co-authored-by: Sheogorath Co-authored-by: Chris Funderburg Co-authored-by: Roberto Santalla Co-authored-by: Radim Dostál Co-authored-by: Jim Myhrberg Co-authored-by: David Sanftenberg Co-authored-by: Alexander "Ananace" Olofsson Co-authored-by: Renaud Chaput Co-authored-by: Varac Co-authored-by: Cees-Jan Kiewiet Co-authored-by: Tim Campbell --- templates/deployment-web.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 47aa0f6..b8e8533 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -202,7 +202,7 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.mastodon.web.tolerations) }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} From f5c9cdc36482b094fcb536206c5c9f609af0fe19 Mon Sep 17 00:00:00 2001 From: Jim Myhrberg Date: Sat, 3 Feb 2024 13:36:54 +0100 Subject: [PATCH 23/25] feat(app): upgrade Mastodon to 4.2.5 The default `image.tag` value has been changed from `v4.2` to the exact `v4.2.5` version. With the non-exact version tag, patch upgrades on existing installs would be missed unless `image.pullPolicy` has been customized to `Always`. --- Chart.yaml | 4 ++-- values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index cae84cd..0809c9a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.1.0 +version: 4.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v4.2.3 +appVersion: v4.2.5 dependencies: - name: elasticsearch diff --git a/values.yaml b/values.yaml index 237ace5..352c203 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ image: # built from the most recent commit # # tag: latest - tag: "v4.2" + tag: "v4.2.5" # use `Always` when using `latest` tag pullPolicy: IfNotPresent From ef9e071c386ab860170be75d7e8ce0e6bde4b99c Mon Sep 17 00:00:00 2001 From: lleyton Date: Wed, 14 Feb 2024 09:08:13 -0800 Subject: [PATCH 24/25] Use unique annotation key for smtp secret checksum (#48) (#51) --- templates/deployment-sidekiq.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index 8cae4f3..c6ba2eb 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -36,7 +36,7 @@ spec: {{- end }} # roll the pods to pick up any db migrations or other changes {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} - checksum/config-secrets: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} + checksum/config-secrets-smtp: {{ include ( print $.Template.BasePath "/secret-smtp.yaml" ) $context | sha256sum | quote }} labels: {{- include "mastodon.globalLabels" $context | nindent 8 }} {{- include "mastodon.selectorLabels" $context | nindent 8 }} From d7dea06a2e7be89172ea16a96d2a32a394d0f63c Mon Sep 17 00:00:00 2001 From: Daniel Jilg Date: Wed, 14 Feb 2024 18:14:03 +0100 Subject: [PATCH 25/25] Fix a typo in values.yaml (#123) --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 352c203..39e1ff9 100644 --- a/values.yaml +++ b/values.yaml @@ -48,7 +48,7 @@ mastodon: singleUserMode: false # -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch authorizedFetch: false - # -- Enables "Limited Federation Mode" for more detauls see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode + # -- Enables "Limited Federation Mode" for more details see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode limitedFederationMode: false persistence: assets: