Refactor chart sidekiq queues (#1)

Co-authored-by: Effy Elden <effy@effy.space>
Co-authored-by: Sheogorath <sheogorath@shivering-isles.com>
Co-authored-by: Chris Funderburg <chris@funderburg.me>
This commit is contained in:
Alex Nordlund 2022-12-03 05:44:39 +01:00 committed by GitHub
parent 543fdf7446
commit ae892d539e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 405 additions and 310 deletions

View File

@ -5,15 +5,9 @@ name: Test chart
on: on:
pull_request: pull_request:
paths: paths-ignore:
- "chart/**" - "README.md"
- "!**.md"
- ".github/workflows/test-chart.yml"
push: push:
paths:
- "chart/**"
- "!**.md"
- ".github/workflows/test-chart.yml"
branches-ignore: branches-ignore:
- "dependabot/**" - "dependabot/**"
workflow_dispatch: workflow_dispatch:
@ -21,10 +15,6 @@ on:
permissions: permissions:
contents: read contents: read
defaults:
run:
working-directory: chart
jobs: jobs:
lint-templates: lint-templates:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04

View File

@ -15,12 +15,12 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 2.3.0 version: 4.0.0
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using. # follow Semantic Versioning. They should reflect the version the application is using.
appVersion: v3.5.3 appVersion: v4.0.2
dependencies: dependencies:
- name: elasticsearch - name: elasticsearch

View File

@ -19,6 +19,23 @@ The variables that _must_ be configured are:
- SMTP settings for your mailer in the `mastodon.smtp` group. - SMTP settings for your mailer in the `mastodon.smtp` group.
If your PersistentVolumeClaim is `ReadWriteOnce` and you're unable to use a S3-compatible service or
run a self-hosted compatible service like [Minio](https://min.io/docs/minio/kubernetes/upstream/index.html)
then you need to set the pod affinity so the web and sidekiq pods are scheduled to the same node.
Example configuration:
```yaml
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
```
# Administration # Administration
You can run [admin CLI](https://docs.joinmastodon.org/admin/tootctl/) commands in the web deployment. You can run [admin CLI](https://docs.joinmastodon.org/admin/tootctl/) commands in the web deployment.

View File

@ -136,3 +136,15 @@ Return true if a mastodon secret object should be created
{{- true -}} {{- true -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Find highest number of needed database connections to set DB_POOL variable
*/}}
{{- define "mastodon.maxDbPool" -}}
{{/* Default MAX_THREADS for Puma is 5 */}}
{{- $poolSize := 5 }}
{{- range .Values.mastodon.sidekiq.workers }}
{{- $poolSize = max $poolSize .concurrency }}
{{- end }}
{{- $poolSize | quote }}
{{- end }}

View File

@ -13,7 +13,7 @@ data:
DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }} DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
{{- end }} {{- end }}
DB_NAME: {{ .Values.postgresql.auth.database }} DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }} DB_USER: {{ .Values.postgresql.auth.username }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }} {{- if .Values.elasticsearch.enabled }}
@ -22,12 +22,15 @@ data:
ES_PORT: "9200" ES_PORT: "9200"
{{- end }} {{- end }}
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
{{- if .Values.mastodon.web_domain }} {{- with .Values.mastodon.web_domain }}
WEB_DOMAIN: {{ .Values.mastodon.web_domain }} WEB_DOMAIN: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.singleUserMode }} {{- with .Values.mastodon.singleUserMode }}
SINGLE_USER_MODE: "true" SINGLE_USER_MODE: "true"
{{- end }} {{- end }}
{{- with .Values.mastodon.authorizedFetch }}
AUTHORIZED_FETCH: {{ . | quote }}
{{- end }}
# https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
MALLOC_ARENA_MAX: "2" MALLOC_ARENA_MAX: "2"
NODE_ENV: "production" NODE_ENV: "production"
@ -44,58 +47,58 @@ data:
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
S3_PROTOCOL: "https" S3_PROTOCOL: "https"
{{- if .Values.mastodon.s3.region }} {{- with .Values.mastodon.s3.region }}
S3_REGION: {{ .Values.mastodon.s3.region }} S3_REGION: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.s3.alias_host }} {{- with .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}} S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.auth_method }} {{- with .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} SMTP_AUTH_METHOD: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.ca_file }} {{- with .Values.mastodon.smtp.ca_file }}
SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }} SMTP_CA_FILE: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.delivery_method }} {{- with .Values.mastodon.smtp.delivery_method }}
SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }} SMTP_DELIVERY_METHOD: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.domain }} {{- with .Values.mastodon.smtp.domain }}
SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }} SMTP_DOMAIN: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.enable_starttls }} {{- with .Values.mastodon.smtp.enable_starttls }}
SMTP_ENABLE_STARTTLS: {{ .Values.mastodon.smtp.enable_starttls | quote }} SMTP_ENABLE_STARTTLS: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.enable_starttls_auto }} {{- with .Values.mastodon.smtp.enable_starttls_auto }}
SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }} SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.from_address }} {{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }} SMTP_FROM_ADDRESS: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.login }} {{- with .Values.mastodon.smtp.login }}
SMTP_LOGIN: {{ .Values.mastodon.smtp.login }} SMTP_LOGIN: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.openssl_verify_mode }} {{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }} SMTP_OPENSSL_VERIFY_MODE: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.password }} {{- with .Values.mastodon.smtp.password }}
SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }} SMTP_PASSWORD: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.port }} {{- with .Values.mastodon.smtp.port }}
SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }} SMTP_PORT: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.reply_to }} {{- with .Values.mastodon.smtp.reply_to }}
SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }} SMTP_REPLY_TO: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.server }} {{- with .Values.mastodon.smtp.server }}
SMTP_SERVER: {{ .Values.mastodon.smtp.server }} SMTP_SERVER: {{ . }}
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.tls }} {{- with .Values.mastodon.smtp.tls }}
SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }} SMTP_TLS: {{ . | quote }}
{{- end }} {{- end }}
STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
{{- if .Values.mastodon.streaming.base_url }} {{- with .Values.mastodon.streaming.base_url }}
STREAMING_API_BASE_URL: {{ .Values.mastodon.streaming.base_url | quote }} STREAMING_API_BASE_URL: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.enabled }} {{- if .Values.externalAuth.oidc.enabled }}
OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }} OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
@ -108,53 +111,53 @@ data:
OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }} OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }} OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }} OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
{{- if .Values.externalAuth.oidc.client_auth_method }} {{- with .Values.externalAuth.oidc.client_auth_method }}
OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }} OIDC_CLIENT_AUTH_METHOD: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.response_type }} {{- with .Values.externalAuth.oidc.response_type }}
OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }} OIDC_RESPONSE_TYPE: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.response_mode }} {{- with .Values.externalAuth.oidc.response_mode }}
OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }} OIDC_RESPONSE_MODE: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.display }} {{- with .Values.externalAuth.oidc.display }}
OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }} OIDC_DISPLAY: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.prompt }} {{- with .Values.externalAuth.oidc.prompt }}
OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }} OIDC_PROMPT: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.send_nonce }} {{- with .Values.externalAuth.oidc.send_nonce }}
OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }} OIDC_SEND_NONCE: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }} {{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }} OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }} {{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }}
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }} OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.http_scheme }} {{- with .Values.externalAuth.oidc.http_scheme }}
OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }} OIDC_HTTP_SCHEME: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.host }} {{- with .Values.externalAuth.oidc.host }}
OIDC_HOST: {{ .Values.externalAuth.oidc.host }} OIDC_HOST: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.port }} {{- with .Values.externalAuth.oidc.port }}
OIDC_PORT: {{ .Values.externalAuth.oidc.port }} OIDC_PORT: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.jwks_uri }} {{- with .Values.externalAuth.oidc.jwks_uri }}
OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }} OIDC_JWKS_URI: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.auth_endpoint }} {{- with .Values.externalAuth.oidc.auth_endpoint }}
OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }} OIDC_AUTH_ENDPOINT: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.token_endpoint }} {{- with .Values.externalAuth.oidc.token_endpoint }}
OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }} OIDC_TOKEN_ENDPOINT: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.user_info_endpoint }} {{- with .Values.externalAuth.oidc.user_info_endpoint }}
OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }} OIDC_USER_INFO_ENDPOINT: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oidc.end_session_endpoint }} {{- with .Values.externalAuth.oidc.end_session_endpoint }}
OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }} OIDC_END_SESSION_ENDPOINT: {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.enabled }} {{- if .Values.externalAuth.saml.enabled }}
@ -163,54 +166,54 @@ data:
SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }} SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }} SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }} SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
{{- if .Values.externalAuth.saml.idp_cert_fingerprint }} {{- with .Values.externalAuth.saml.idp_cert_fingerprint }}
SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }} SAML_IDP_CERT_FINGERPRINT: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.name_identifier_format }} {{- with .Values.externalAuth.saml.name_identifier_format }}
SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }} SAML_NAME_IDENTIFIER_FORMAT: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.cert }} {{- with .Values.externalAuth.saml.cert }}
SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }} SAML_CERT: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.private_key }} {{- with .Values.externalAuth.saml.private_key }}
SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }} SAML_PRIVATE_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.want_assertion_signed }} {{- with .Values.externalAuth.saml.want_assertion_signed }}
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }} SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.want_assertion_encrypted }} {{- with .Values.externalAuth.saml.want_assertion_encrypted }}
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }} SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.assume_email_is_verified }} {{- with .Values.externalAuth.saml.assume_email_is_verified }}
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }} SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.uid_attribute }} {{- with .Values.externalAuth.saml.uid_attribute }}
SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }} SAML_UID_ATTRIBUTE: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.uid }} {{- with .Values.externalAuth.saml.attributes_statements.uid }}
SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }} SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.email }} {{- with .Values.externalAuth.saml.attributes_statements.email }}
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }} SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.full_name }} {{- with .Values.externalAuth.saml.attributes_statements.full_name }}
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }} SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.first_name }} {{- with .Values.externalAuth.saml.attributes_statements.first_name }}
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }} SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.last_name }} {{- with .Values.externalAuth.saml.attributes_statements.last_name }}
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }} SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.verified }} {{- with .Values.externalAuth.saml.attributes_statements.verified }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }} SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.verified_email }} {{- with .Values.externalAuth.saml.attributes_statements.verified_email }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }} SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }} {{- with .Values.externalAuth.oauth_global.omniauth_only }}
OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }} OMNIAUTH_ONLY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.enabled }} {{- if .Values.externalAuth.cas.enabled }}
CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }} CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
@ -218,68 +221,68 @@ data:
CAS_HOST: {{ .Values.externalAuth.cas.host }} CAS_HOST: {{ .Values.externalAuth.cas.host }}
CAS_PORT: {{ .Values.externalAuth.cas.port }} CAS_PORT: {{ .Values.externalAuth.cas.port }}
CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }} CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
{{- if .Values.externalAuth.cas.validate_url }} {{- with .Values.externalAuth.cas.validate_url }}
CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }} CAS_VALIDATE_URL: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.callback_url }} {{- with .Values.externalAuth.cas.callback_url }}
CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }} CAS_CALLBACK_URL: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.logout_url }} {{- with .Values.externalAuth.cas.logout_url }}
CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }} CAS_LOGOUT_URL: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.login_url }} {{- with .Values.externalAuth.cas.login_url }}
CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }} CAS_LOGIN_URL: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.uid_field }} {{- with .Values.externalAuth.cas.uid_field }}
CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }} CAS_UID_FIELD: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.ca_path }} {{- with .Values.externalAuth.cas.ca_path }}
CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }} CAS_CA_PATH: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.disable_ssl_verification }} {{- with .Values.externalAuth.cas.disable_ssl_verification }}
CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }} CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.assume_email_is_verified }} {{- with .Values.externalAuth.cas.assume_email_is_verified }}
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }} CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.uid }} {{- with .Values.externalAuth.cas.keys.uid }}
CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }} CAS_UID_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.name }} {{- with .Values.externalAuth.cas.keys.name }}
CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }} CAS_NAME_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.email }} {{- with .Values.externalAuth.cas.keys.email }}
CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }} CAS_EMAIL_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.nickname }} {{- with .Values.externalAuth.cas.keys.nickname }}
CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }} CAS_NICKNAME_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.first_name }} {{- with .Values.externalAuth.cas.keys.first_name }}
CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }} CAS_FIRST_NAME_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.last_name }} {{- with .Values.externalAuth.cas.keys.last_name }}
CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }} CAS_LAST_NAME_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.location }} {{- with .Values.externalAuth.cas.keys.location }}
CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }} CAS_LOCATION_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.image }} {{- with .Values.externalAuth.cas.keys.image }}
CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }} CAS_IMAGE_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.cas.keys.phone }} {{- with .Values.externalAuth.cas.keys.phone }}
CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }} CAS_PHONE_KEY: {{ . | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.pam.enabled }} {{- with .Values.externalAuth.pam.enabled }}
PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }} PAM_ENABLED: {{ . | quote }}
{{- if .Values.externalAuth.pam.email_domain }} {{- with .Values.externalAuth.pam.email_domain }}
PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }} PAM_EMAIL_DOMAIN: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.pam.default_service }} {{- with .Values.externalAuth.pam.default_service }}
PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }} PAM_DEFAULT_SERVICE: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.pam.controlled_service }} {{- with .Values.externalAuth.pam.controlled_service }}
PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }} PAM_CONTROLLED_SERVICE: {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.enabled }} {{- if .Values.externalAuth.ldap.enabled }}
@ -287,32 +290,32 @@ data:
LDAP_HOST: {{ .Values.externalAuth.ldap.host }} LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
LDAP_PORT: {{ .Values.externalAuth.ldap.port }} LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
LDAP_METHOD: {{ .Values.externalAuth.ldap.method }} LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
{{- if .Values.externalAuth.ldap.base }} {{- with .Values.externalAuth.ldap.base }}
LDAP_BASE: {{ .Values.externalAuth.ldap.base }} LDAP_BASE: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.bind_on }} {{- with .Values.externalAuth.ldap.bind_on }}
LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }} LDAP_BIND_ON: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.password }} {{- with .Values.externalAuth.ldap.password }}
LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }} LDAP_PASSWORD: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.uid }} {{- with .Values.externalAuth.ldap.uid }}
LDAP_UID: {{ .Values.externalAuth.ldap.uid }} LDAP_UID: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.mail }} {{- with .Values.externalAuth.ldap.mail }}
LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }} LDAP_MAIL: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.search_filter }} {{- with .Values.externalAuth.ldap.search_filter }}
LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }} LDAP_SEARCH_FILTER: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.enabled }} {{- with .Values.externalAuth.ldap.uid_conversion.enabled }}
LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }} LDAP_UID_CONVERSION_ENABLED: {{ . | quote }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.search }} {{- with .Values.externalAuth.ldap.uid_conversion.search }}
LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }} LDAP_UID_CONVERSION_SEARCH: {{ . }}
{{- end }} {{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.replace }} {{- with .Values.externalAuth.ldap.uid_conversion.replace }}
LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }} LDAP_UID_CONVERSION_REPLACE: {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- with .Values.mastodon.metrics.statsd.address }} {{- with .Values.mastodon.metrics.statsd.address }}

View File

@ -67,6 +67,18 @@ spec:
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_SECRET_ACCESS_KEY
- name: "AWS_ACCESS_KEY_ID"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }} {{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets

View File

@ -1,117 +1,121 @@
{{- $context := . }}
{{- range .Values.mastodon.sidekiq.workers }}
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "mastodon.fullname" . }}-sidekiq name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }}
labels: labels:
{{- include "mastodon.labels" . | nindent 4 }} {{- include "mastodon.labels" $context | nindent 4 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec: spec:
{{- if not .Values.autoscaling.enabled }} {{- if (has "scheduler" .queues) }}
replicas: {{ .Values.replicaCount }} {{- if (gt (int .replicas) 1) }}
{{ fail "The scheduler queue should never have more than 1 replicas" }}
{{- end }} {{- end }}
strategy:
type: Recreate
{{- end }}
replicas: {{ .replicas }}
selector: selector:
matchLabels: matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }} {{- include "mastodon.selectorLabels" $context | nindent 6 }}
app.kubernetes.io/component: sidekiq app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails app.kubernetes.io/part-of: rails
template: template:
metadata: metadata:
annotations: annotations:
{{- with .Values.podAnnotations }} {{- with $context.Values.podAnnotations }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
# roll the pods to pick up any db migrations or other changes # roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
labels: labels:
{{- include "mastodon.selectorLabels" . | nindent 8 }} {{- include "mastodon.selectorLabels" $context | nindent 8 }}
app.kubernetes.io/component: sidekiq app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails app.kubernetes.io/part-of: rails
spec: spec:
{{- with .Values.imagePullSecrets }} {{- with $context.Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }} serviceAccountName: {{ include "mastodon.serviceAccountName" $context }}
{{- with .Values.podSecurityContext }} {{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }}
securityContext: securityContext:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- if (not .Values.mastodon.s3.enabled) }} {{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
affinity: affinity:
podAffinity: {{- toYaml . | nindent 8 }}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- end }} {{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
volumes: volumes:
- name: assets - name: assets
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets claimName: {{ template "mastodon.fullname" $context }}-assets
- name: system - name: system
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" $context }}-system
{{- end }} {{- end }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ $context.Chart.Name }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ $context.Values.image.pullPolicy }}
command: command:
- bundle - bundle
- exec - exec
- sidekiq - sidekiq
- -c - -c
- {{ .Values.mastodon.sidekiq.concurrency | quote }} - {{ .concurrency | quote }}
{{- range .queues }}
- -q
- {{ . | quote }}
{{- end }}
envFrom: envFrom:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" $context }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.secretName" . }} name: {{ template "mastodon.secretName" $context }}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }} name: {{ template "mastodon.postgresql.secretName" $context }}
key: password key: password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }} name: {{ template "mastodon.redis.secretName" $context }}
key: redis-password key: redis-password
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY" - name: "AWS_SECRET_ACCESS_KEY"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }} name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: "AWS_ACCESS_KEY_ID" - name: "AWS_ACCESS_KEY_ID"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }} name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
{{- end }} {{- end }}
{{- if .Values.mastodon.smtp.existingSecret }} {{- if $context.Values.mastodon.smtp.existingSecret }}
- name: "SMTP_LOGIN" - name: "SMTP_LOGIN"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.mastodon.smtp.existingSecret }} name: {{ $context.Values.mastodon.smtp.existingSecret }}
key: login key: login
optional: true optional: true
- name: "SMTP_PASSWORD" - name: "SMTP_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.mastodon.smtp.existingSecret }} name: {{ $context.Values.mastodon.smtp.existingSecret }}
key: password key: password
{{- end }} {{- end }}
{{- if (not .Values.mastodon.s3.enabled) }} {{- if (not $context.Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets
mountPath: /opt/mastodon/public/assets mountPath: /opt/mastodon/public/assets
@ -119,12 +123,13 @@ spec:
mountPath: /opt/mastodon/public/system mountPath: /opt/mastodon/public/system
{{- end }} {{- end }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with $context.Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.tolerations }} {{- with $context.Values.tolerations }}
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- end }}

View File

@ -5,9 +5,7 @@ metadata:
labels: labels:
{{- include "mastodon.labels" . | nindent 4 }} {{- include "mastodon.labels" . | nindent 4 }}
spec: spec:
{{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.mastodon.streaming.replicas }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector: selector:
matchLabels: matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }} {{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -15,7 +13,7 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
{{- with .Values.podAnnotations }} {{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
# roll the pods to pick up any db migrations or other changes # roll the pods to pick up any db migrations or other changes
@ -29,13 +27,13 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
{{- with .Values.podSecurityContext }} {{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }}
securityContext: securityContext:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}-streaming
{{- with .Values.securityContext }} {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
securityContext: securityContext:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
@ -72,7 +70,7 @@ spec:
httpGet: httpGet:
path: /api/v1/streaming/health path: /api/v1/streaming/health
port: streaming port: streaming
{{- with .Values.resources }} {{- with (default .Values.resources .Values.mastodon.streaming.resources) }}
resources: resources:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
@ -80,7 +78,7 @@ spec:
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.affinity }} {{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }}
affinity: affinity:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

View File

@ -5,9 +5,7 @@ metadata:
labels: labels:
{{- include "mastodon.labels" . | nindent 4 }} {{- include "mastodon.labels" . | nindent 4 }}
spec: spec:
{{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.mastodon.web.replicas }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector: selector:
matchLabels: matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }} {{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -16,7 +14,7 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
{{- with .Values.podAnnotations }} {{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
# roll the pods to pick up any db migrations or other changes # roll the pods to pick up any db migrations or other changes
@ -31,7 +29,7 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
{{- with .Values.podSecurityContext }} {{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }}
securityContext: securityContext:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
@ -45,8 +43,8 @@ spec:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" . }}-system
{{- end }} {{- end }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}-web
{{- with .Values.securityContext }} {{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }}
securityContext: securityContext:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
@ -112,7 +110,7 @@ spec:
port: http port: http
failureThreshold: 30 failureThreshold: 30
periodSeconds: 5 periodSeconds: 5
{{- with .Values.resources }} {{- with (default .Values.resources .Values.mastodon.web.resources) }}
resources: resources:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}
{{- end }} {{- end }}
@ -120,7 +118,7 @@ spec:
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.affinity }} {{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
affinity: affinity:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

View File

@ -1,28 +0,0 @@
{{- if .Values.autoscaling.enabled -}}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "mastodon.fullname" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "mastodon.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

View File

@ -55,7 +55,7 @@ spec:
- {{ .Values.mastodon.createAdmin.email }} - {{ .Values.mastodon.createAdmin.email }}
- --confirmed - --confirmed
- --role - --role
- admin - Owner
envFrom: envFrom:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env

View File

@ -11,5 +11,5 @@ spec:
- name: wget - name: wget
image: busybox image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "mastodon.fullname" . }}:{{ .Values.service.port }}'] args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}']
restartPolicy: Never restartPolicy: Never

View File

@ -1,5 +1,3 @@
replicaCount: 1
image: image:
repository: tootsuite/mastodon repository: tootsuite/mastodon
# https://hub.docker.com/r/tootsuite/mastodon/tags # https://hub.docker.com/r/tootsuite/mastodon/tags
@ -13,28 +11,36 @@ image:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
mastodon: mastodon:
# create an initial administrator user; the password is autogenerated and will # -- create an initial administrator user; the password is autogenerated and will
# have to be reset # have to be reset
createAdmin: createAdmin:
# @ignored
enabled: false enabled: false
# @ignored
username: not_gargron username: not_gargron
# @ignored
email: not@example.com email: not@example.com
cron: cron:
# run `tootctl media remove` every week # -- run `tootctl media remove` every week
removeMedia: removeMedia:
# @ignored
enabled: true enabled: true
# @ignored
schedule: "0 0 * * 0" schedule: "0 0 * * 0"
# available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71 # -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
locale: en locale: en
local_domain: mastodon.local local_domain: mastodon.local
# Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation # -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described # You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
# web_domain: mastodon.example.com # Example: mastodon.example.com
# If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled. web_domain: null
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
singleUserMode: false singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch: false
persistence: persistence:
assets: assets:
# ReadWriteOnce is more widely supported than ReadWriteMany, but limits # -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits
# scalability, since it requires the Rails and Sidekiq pods to run on the # scalability, since it requires the Rails and Sidekiq pods to run on the
# same node. # same node.
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
@ -50,14 +56,14 @@ mastodon:
enabled: false enabled: false
access_key: "" access_key: ""
access_secret: "" access_secret: ""
# you can also specify the name of an existing Secret # -- you can also specify the name of an existing Secret
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY # with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
existingSecret: "" existingSecret: ""
bucket: "" bucket: ""
endpoint: https://us-east-1.linodeobjects.com endpoint: ""
hostname: us-east-1.linodeobjects.com hostname: ""
region: "" region: ""
# If you have a caching proxy, enter its base URL here. # -- If you have a caching proxy, enter its base URL here.
alias_host: "" alias_host: ""
# these must be set manually; autogenerated keys are rotated on each upgrade # these must be set manually; autogenerated keys are rotated on each upgrade
secrets: secrets:
@ -66,12 +72,61 @@ mastodon:
vapid: vapid:
private_key: "" private_key: ""
public_key: "" public_key: ""
# you can also specify the name of an existing Secret # -- you can also specify the name of an existing Secret
# with keys SECRET_KEY_BASE and OTP_SECRET and # with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
existingSecret: "" existingSecret: ""
sidekiq: sidekiq:
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext
securityContext: {}
# -- Resources for all Sidekiq Deployments unless overwritten
resources: {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity: {}
# limits:
# cpu: "1"
# memory: 768Mi
# requests:
# cpu: 250m
# memory: 512Mi
workers:
- name: all-queues
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
concurrency: 25 concurrency: 25
# -- Number of Pod replicas deployed by the Deployment
replicas: 1
# -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources
resources: {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity: {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues:
- default,8
- push,6
- ingress,4
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
#- name: push-pull
# concurrency: 50
# resources: {}
# replicas: 2
# queues:
# - push
# - pull
#- name: mailers
# concurrency: 25
# replicas: 2
# queues:
# - mailers
#- name: default
# concurrency: 25
# replicas: 2
# queues:
# - default
smtp: smtp:
auth_method: plain auth_method: plain
ca_file: /etc/ssl/certs/ca-certificates.crt ca_file: /etc/ssl/certs/ca-certificates.crt
@ -86,24 +141,56 @@ mastodon:
tls: false tls: false
login: login:
password: password:
# you can also specify the name of an existing Secret # -- you can also specify the name of an existing Secret
# with the keys login and password # with the keys login and password
existingSecret: existingSecret:
streaming: streaming:
port: 4000 port: 4000
# this should be set manually since os.cpus() returns the number of CPUs on # -- this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to # the node running the pod, which is unrelated to the resources allocated to
# the pod by k8s # the pod by k8s
workers: 1 workers: 1
# The base url for streaming can be set if the streaming API is deployed to # -- The base url for streaming can be set if the streaming API is deployed to
# a different domain/subdomain. # a different domain/subdomain.
# base_url: wws://streaming.example.com base_url: null
# -- Number of Streaming Pods running
replicas: 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity: {}
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
securityContext: {}
# -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources
resources: {}
# limits:
# cpu: "500m"
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 128Mi
web: web:
port: 3000 port: 3000
# -- Number of Web Pods running
replicas: 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity: {}
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext
securityContext: {}
# -- (Web Container) Resources for Web Pods, overwrites .Values.resources
resources: {}
# limits:
# cpu: "1"
# memory: 1280Mi
# requests:
# cpu: 250m
# memory: 768Mi
metrics: metrics:
statsd: statsd:
# Enable statsd publishing via STATSD_ADDR environment variable # -- Enable statsd publishing via STATSD_ADDR environment variable
address: "" address: ""
ingress: ingress:
@ -121,7 +208,7 @@ ingress:
# nginx.ingress.kubernetes.io/proxy-body-size: 40m # nginx.ingress.kubernetes.io/proxy-body-size: 40m
# for the NGINX ingress controller: # for the NGINX ingress controller:
# nginx.org/client-max-body-size: 40m # nginx.org/client-max-body-size: 40m
# you can specify the ingressClassName if it differs from the default # -- you can specify the ingressClassName if it differs from the default
ingressClassName: ingressClassName:
hosts: hosts:
- host: mastodon.local - host: mastodon.local
@ -132,20 +219,22 @@ ingress:
hosts: hosts:
- mastodon.local - mastodon.local
# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters # -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
elasticsearch: elasticsearch:
# `false` will disable full-text search # `false` will disable full-text search
# #
# if you enable ES after the initial install, you will need to manually run # if you enable ES after the initial install, you will need to manually run
# RAILS_ENV=production bundle exec rake chewy:sync # RAILS_ENV=production bundle exec rake chewy:sync
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/) # (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
# @ignored
enabled: true enabled: true
# @ignored
image: image:
tag: 7 tag: 7
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql: postgresql:
# disable if you want to use an existing db; in which case the values below # -- disable if you want to use an existing db; in which case the values below
# must match those of that external postgres instance # must match those of that external postgres instance
enabled: true enabled: true
# postgresqlHostname: preexisting-postgresql # postgresqlHostname: preexisting-postgresql
@ -172,7 +261,7 @@ redis:
enabled: true enabled: true
hostname: "" hostname: ""
port: 6379 port: 6379
# you must set a password; the password generated by the redis chart will be # -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade: # rotated on each upgrade:
password: "" password: ""
# you can also specify the name of an existing Secret # you can also specify the name of an existing Secret
@ -180,13 +269,14 @@ redis:
# auth: # auth:
# existingSecret: "" # existingSecret: ""
# @ignored
service: service:
type: ClusterIP type: ClusterIP
port: 80 port: 80
externalAuth: externalAuth:
oidc: oidc:
# OpenID Connect support is proposed in PR #16221 and awaiting merge. # -- OpenID Connect support is proposed in PR #16221 and awaiting merge.
enabled: false enabled: false
# display_name: "example-label" # display_name: "example-label"
# issuer: https://login.example.space/auth/realms/example-space # issuer: https://login.example.space/auth/realms/example-space
@ -236,8 +326,8 @@ externalAuth:
# verified: # verified:
# verified_email: # verified_email:
oauth_global: oauth_global:
# Force redirect local login to CAS. Does not function with SAML or LDAP. # -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In
oauth_redirect_at_sign_in: false omniauth_only: false
cas: cas:
enabled: false enabled: false
# url: https://sso.myserver.com # url: https://sso.myserver.com
@ -283,7 +373,7 @@ externalAuth:
# search: "., -" # search: "., -"
# replace: _ # replace: _
# https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75 # -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75
# #
# if you manually change the UID/GID environment variables, ensure these values # if you manually change the UID/GID environment variables, ensure these values
# match: # match:
@ -292,25 +382,27 @@ podSecurityContext:
runAsGroup: 991 runAsGroup: 991
fsGroup: 991 fsGroup: 991
# @ignored
securityContext: {} securityContext: {}
serviceAccount: serviceAccount:
# Specifies whether a service account should be created # -- Specifies whether a service account should be created
create: true create: true
# Annotations to add to the service account # -- Annotations to add to the service account
annotations: {} annotations: {}
# The name of the service account to use. # -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template # If not set and create is true, a name is generated using the fullname template
name: "" name: ""
# Kubernetes manages pods for jobs and pods for deployments differently, so you might # -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations # need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods. # set with podAnnotations will be added to all deployment-managed pods.
podAnnotations: {} podAnnotations: {}
# The annotations set with jobAnnotations will be added to all job pods. # -- The annotations set with jobAnnotations will be added to all job pods.
jobAnnotations: {} jobAnnotations: {}
# -- Default resources for all Deployments and jobs unless overwritten
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little
@ -323,15 +415,11 @@ resources: {}
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
autoscaling: # @ignored
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {} nodeSelector: {}
# @ignored
tolerations: [] tolerations: []
# -- Affinity for all pods unless overwritten
affinity: {} affinity: {}