Refactor chart sidekiq queues (#1)
Co-authored-by: Effy Elden <effy@effy.space> Co-authored-by: Sheogorath <sheogorath@shivering-isles.com> Co-authored-by: Chris Funderburg <chris@funderburg.me>
This commit is contained in:
parent
543fdf7446
commit
ae892d539e
14
.github/workflows/test-chart.yml
vendored
14
.github/workflows/test-chart.yml
vendored
|
@ -5,15 +5,9 @@ name: Test chart
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
paths:
|
paths-ignore:
|
||||||
- "chart/**"
|
- "README.md"
|
||||||
- "!**.md"
|
|
||||||
- ".github/workflows/test-chart.yml"
|
|
||||||
push:
|
push:
|
||||||
paths:
|
|
||||||
- "chart/**"
|
|
||||||
- "!**.md"
|
|
||||||
- ".github/workflows/test-chart.yml"
|
|
||||||
branches-ignore:
|
branches-ignore:
|
||||||
- "dependabot/**"
|
- "dependabot/**"
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
@ -21,10 +15,6 @@ on:
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
working-directory: chart
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lint-templates:
|
lint-templates:
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
|
@ -15,12 +15,12 @@ type: application
|
||||||
# This is the chart version. This version number should be incremented each time you make changes
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
# to the chart and its templates, including the app version.
|
# to the chart and its templates, including the app version.
|
||||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
version: 2.3.0
|
version: 4.0.0
|
||||||
|
|
||||||
# This is the version number of the application being deployed. This version number should be
|
# This is the version number of the application being deployed. This version number should be
|
||||||
# incremented each time you make changes to the application. Versions are not expected to
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||||
appVersion: v3.5.3
|
appVersion: v4.0.2
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: elasticsearch
|
- name: elasticsearch
|
||||||
|
|
17
README.md
17
README.md
|
@ -19,6 +19,23 @@ The variables that _must_ be configured are:
|
||||||
|
|
||||||
- SMTP settings for your mailer in the `mastodon.smtp` group.
|
- SMTP settings for your mailer in the `mastodon.smtp` group.
|
||||||
|
|
||||||
|
If your PersistentVolumeClaim is `ReadWriteOnce` and you're unable to use a S3-compatible service or
|
||||||
|
run a self-hosted compatible service like [Minio](https://min.io/docs/minio/kubernetes/upstream/index.html)
|
||||||
|
then you need to set the pod affinity so the web and sidekiq pods are scheduled to the same node.
|
||||||
|
|
||||||
|
Example configuration:
|
||||||
|
```yaml
|
||||||
|
podAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- labelSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: app.kubernetes.io/part-of
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- rails
|
||||||
|
topologyKey: kubernetes.io/hostname
|
||||||
|
```
|
||||||
|
|
||||||
# Administration
|
# Administration
|
||||||
|
|
||||||
You can run [admin CLI](https://docs.joinmastodon.org/admin/tootctl/) commands in the web deployment.
|
You can run [admin CLI](https://docs.joinmastodon.org/admin/tootctl/) commands in the web deployment.
|
||||||
|
|
|
@ -136,3 +136,15 @@ Return true if a mastodon secret object should be created
|
||||||
{{- true -}}
|
{{- true -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Find highest number of needed database connections to set DB_POOL variable
|
||||||
|
*/}}
|
||||||
|
{{- define "mastodon.maxDbPool" -}}
|
||||||
|
{{/* Default MAX_THREADS for Puma is 5 */}}
|
||||||
|
{{- $poolSize := 5 }}
|
||||||
|
{{- range .Values.mastodon.sidekiq.workers }}
|
||||||
|
{{- $poolSize = max $poolSize .concurrency }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $poolSize | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -13,7 +13,7 @@ data:
|
||||||
DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
|
DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
DB_NAME: {{ .Values.postgresql.auth.database }}
|
DB_NAME: {{ .Values.postgresql.auth.database }}
|
||||||
DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }}
|
DB_POOL: {{ include "mastodon.maxDbPool" . }}
|
||||||
DB_USER: {{ .Values.postgresql.auth.username }}
|
DB_USER: {{ .Values.postgresql.auth.username }}
|
||||||
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
|
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
|
||||||
{{- if .Values.elasticsearch.enabled }}
|
{{- if .Values.elasticsearch.enabled }}
|
||||||
|
@ -22,12 +22,15 @@ data:
|
||||||
ES_PORT: "9200"
|
ES_PORT: "9200"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
|
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
|
||||||
{{- if .Values.mastodon.web_domain }}
|
{{- with .Values.mastodon.web_domain }}
|
||||||
WEB_DOMAIN: {{ .Values.mastodon.web_domain }}
|
WEB_DOMAIN: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.singleUserMode }}
|
{{- with .Values.mastodon.singleUserMode }}
|
||||||
SINGLE_USER_MODE: "true"
|
SINGLE_USER_MODE: "true"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with .Values.mastodon.authorizedFetch }}
|
||||||
|
AUTHORIZED_FETCH: {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
# https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
|
# https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
|
||||||
MALLOC_ARENA_MAX: "2"
|
MALLOC_ARENA_MAX: "2"
|
||||||
NODE_ENV: "production"
|
NODE_ENV: "production"
|
||||||
|
@ -44,58 +47,58 @@ data:
|
||||||
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
|
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
|
||||||
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
|
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
|
||||||
S3_PROTOCOL: "https"
|
S3_PROTOCOL: "https"
|
||||||
{{- if .Values.mastodon.s3.region }}
|
{{- with .Values.mastodon.s3.region }}
|
||||||
S3_REGION: {{ .Values.mastodon.s3.region }}
|
S3_REGION: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.s3.alias_host }}
|
{{- with .Values.mastodon.s3.alias_host }}
|
||||||
S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
|
S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.auth_method }}
|
{{- with .Values.mastodon.smtp.auth_method }}
|
||||||
SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
|
SMTP_AUTH_METHOD: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.ca_file }}
|
{{- with .Values.mastodon.smtp.ca_file }}
|
||||||
SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }}
|
SMTP_CA_FILE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.delivery_method }}
|
{{- with .Values.mastodon.smtp.delivery_method }}
|
||||||
SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }}
|
SMTP_DELIVERY_METHOD: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.domain }}
|
{{- with .Values.mastodon.smtp.domain }}
|
||||||
SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }}
|
SMTP_DOMAIN: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.enable_starttls }}
|
{{- with .Values.mastodon.smtp.enable_starttls }}
|
||||||
SMTP_ENABLE_STARTTLS: {{ .Values.mastodon.smtp.enable_starttls | quote }}
|
SMTP_ENABLE_STARTTLS: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.enable_starttls_auto }}
|
{{- with .Values.mastodon.smtp.enable_starttls_auto }}
|
||||||
SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }}
|
SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.from_address }}
|
{{- with .Values.mastodon.smtp.from_address }}
|
||||||
SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }}
|
SMTP_FROM_ADDRESS: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.login }}
|
{{- with .Values.mastodon.smtp.login }}
|
||||||
SMTP_LOGIN: {{ .Values.mastodon.smtp.login }}
|
SMTP_LOGIN: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.openssl_verify_mode }}
|
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
|
||||||
SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }}
|
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.password }}
|
{{- with .Values.mastodon.smtp.password }}
|
||||||
SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }}
|
SMTP_PASSWORD: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.port }}
|
{{- with .Values.mastodon.smtp.port }}
|
||||||
SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }}
|
SMTP_PORT: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.reply_to }}
|
{{- with .Values.mastodon.smtp.reply_to }}
|
||||||
SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }}
|
SMTP_REPLY_TO: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.server }}
|
{{- with .Values.mastodon.smtp.server }}
|
||||||
SMTP_SERVER: {{ .Values.mastodon.smtp.server }}
|
SMTP_SERVER: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.tls }}
|
{{- with .Values.mastodon.smtp.tls }}
|
||||||
SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }}
|
SMTP_TLS: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
|
STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
|
||||||
{{- if .Values.mastodon.streaming.base_url }}
|
{{- with .Values.mastodon.streaming.base_url }}
|
||||||
STREAMING_API_BASE_URL: {{ .Values.mastodon.streaming.base_url | quote }}
|
STREAMING_API_BASE_URL: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.enabled }}
|
{{- if .Values.externalAuth.oidc.enabled }}
|
||||||
OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
|
OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
|
||||||
|
@ -108,53 +111,53 @@ data:
|
||||||
OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
|
OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
|
||||||
OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
|
OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
|
||||||
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
|
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
|
||||||
{{- if .Values.externalAuth.oidc.client_auth_method }}
|
{{- with .Values.externalAuth.oidc.client_auth_method }}
|
||||||
OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }}
|
OIDC_CLIENT_AUTH_METHOD: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.response_type }}
|
{{- with .Values.externalAuth.oidc.response_type }}
|
||||||
OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }}
|
OIDC_RESPONSE_TYPE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.response_mode }}
|
{{- with .Values.externalAuth.oidc.response_mode }}
|
||||||
OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }}
|
OIDC_RESPONSE_MODE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.display }}
|
{{- with .Values.externalAuth.oidc.display }}
|
||||||
OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }}
|
OIDC_DISPLAY: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.prompt }}
|
{{- with .Values.externalAuth.oidc.prompt }}
|
||||||
OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }}
|
OIDC_PROMPT: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.send_nonce }}
|
{{- with .Values.externalAuth.oidc.send_nonce }}
|
||||||
OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }}
|
OIDC_SEND_NONCE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
|
{{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
|
||||||
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }}
|
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }}
|
{{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }}
|
||||||
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }}
|
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.http_scheme }}
|
{{- with .Values.externalAuth.oidc.http_scheme }}
|
||||||
OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }}
|
OIDC_HTTP_SCHEME: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.host }}
|
{{- with .Values.externalAuth.oidc.host }}
|
||||||
OIDC_HOST: {{ .Values.externalAuth.oidc.host }}
|
OIDC_HOST: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.port }}
|
{{- with .Values.externalAuth.oidc.port }}
|
||||||
OIDC_PORT: {{ .Values.externalAuth.oidc.port }}
|
OIDC_PORT: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.jwks_uri }}
|
{{- with .Values.externalAuth.oidc.jwks_uri }}
|
||||||
OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }}
|
OIDC_JWKS_URI: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.auth_endpoint }}
|
{{- with .Values.externalAuth.oidc.auth_endpoint }}
|
||||||
OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }}
|
OIDC_AUTH_ENDPOINT: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.token_endpoint }}
|
{{- with .Values.externalAuth.oidc.token_endpoint }}
|
||||||
OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }}
|
OIDC_TOKEN_ENDPOINT: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.user_info_endpoint }}
|
{{- with .Values.externalAuth.oidc.user_info_endpoint }}
|
||||||
OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }}
|
OIDC_USER_INFO_ENDPOINT: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oidc.end_session_endpoint }}
|
{{- with .Values.externalAuth.oidc.end_session_endpoint }}
|
||||||
OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }}
|
OIDC_END_SESSION_ENDPOINT: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.enabled }}
|
{{- if .Values.externalAuth.saml.enabled }}
|
||||||
|
@ -163,54 +166,54 @@ data:
|
||||||
SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
|
SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
|
||||||
SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
|
SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
|
||||||
SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
|
SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
|
||||||
{{- if .Values.externalAuth.saml.idp_cert_fingerprint }}
|
{{- with .Values.externalAuth.saml.idp_cert_fingerprint }}
|
||||||
SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }}
|
SAML_IDP_CERT_FINGERPRINT: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.name_identifier_format }}
|
{{- with .Values.externalAuth.saml.name_identifier_format }}
|
||||||
SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }}
|
SAML_NAME_IDENTIFIER_FORMAT: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.cert }}
|
{{- with .Values.externalAuth.saml.cert }}
|
||||||
SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }}
|
SAML_CERT: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.private_key }}
|
{{- with .Values.externalAuth.saml.private_key }}
|
||||||
SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }}
|
SAML_PRIVATE_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.want_assertion_signed }}
|
{{- with .Values.externalAuth.saml.want_assertion_signed }}
|
||||||
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }}
|
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.want_assertion_encrypted }}
|
{{- with .Values.externalAuth.saml.want_assertion_encrypted }}
|
||||||
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }}
|
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.assume_email_is_verified }}
|
{{- with .Values.externalAuth.saml.assume_email_is_verified }}
|
||||||
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }}
|
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.uid_attribute }}
|
{{- with .Values.externalAuth.saml.uid_attribute }}
|
||||||
SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }}
|
SAML_UID_ATTRIBUTE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.attributes_statements.uid }}
|
{{- with .Values.externalAuth.saml.attributes_statements.uid }}
|
||||||
SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }}
|
SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.attributes_statements.email }}
|
{{- with .Values.externalAuth.saml.attributes_statements.email }}
|
||||||
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }}
|
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.attributes_statements.full_name }}
|
{{- with .Values.externalAuth.saml.attributes_statements.full_name }}
|
||||||
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }}
|
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.attributes_statements.first_name }}
|
{{- with .Values.externalAuth.saml.attributes_statements.first_name }}
|
||||||
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }}
|
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.attributes_statements.last_name }}
|
{{- with .Values.externalAuth.saml.attributes_statements.last_name }}
|
||||||
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }}
|
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.attributes_statements.verified }}
|
{{- with .Values.externalAuth.saml.attributes_statements.verified }}
|
||||||
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }}
|
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.saml.attributes_statements.verified_email }}
|
{{- with .Values.externalAuth.saml.attributes_statements.verified_email }}
|
||||||
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }}
|
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }}
|
{{- with .Values.externalAuth.oauth_global.omniauth_only }}
|
||||||
OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }}
|
OMNIAUTH_ONLY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.enabled }}
|
{{- if .Values.externalAuth.cas.enabled }}
|
||||||
CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
|
CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
|
||||||
|
@ -218,68 +221,68 @@ data:
|
||||||
CAS_HOST: {{ .Values.externalAuth.cas.host }}
|
CAS_HOST: {{ .Values.externalAuth.cas.host }}
|
||||||
CAS_PORT: {{ .Values.externalAuth.cas.port }}
|
CAS_PORT: {{ .Values.externalAuth.cas.port }}
|
||||||
CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
|
CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
|
||||||
{{- if .Values.externalAuth.cas.validate_url }}
|
{{- with .Values.externalAuth.cas.validate_url }}
|
||||||
CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }}
|
CAS_VALIDATE_URL: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.callback_url }}
|
{{- with .Values.externalAuth.cas.callback_url }}
|
||||||
CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }}
|
CAS_CALLBACK_URL: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.logout_url }}
|
{{- with .Values.externalAuth.cas.logout_url }}
|
||||||
CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }}
|
CAS_LOGOUT_URL: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.login_url }}
|
{{- with .Values.externalAuth.cas.login_url }}
|
||||||
CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }}
|
CAS_LOGIN_URL: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.uid_field }}
|
{{- with .Values.externalAuth.cas.uid_field }}
|
||||||
CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }}
|
CAS_UID_FIELD: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.ca_path }}
|
{{- with .Values.externalAuth.cas.ca_path }}
|
||||||
CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }}
|
CAS_CA_PATH: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.disable_ssl_verification }}
|
{{- with .Values.externalAuth.cas.disable_ssl_verification }}
|
||||||
CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }}
|
CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.assume_email_is_verified }}
|
{{- with .Values.externalAuth.cas.assume_email_is_verified }}
|
||||||
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }}
|
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.uid }}
|
{{- with .Values.externalAuth.cas.keys.uid }}
|
||||||
CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }}
|
CAS_UID_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.name }}
|
{{- with .Values.externalAuth.cas.keys.name }}
|
||||||
CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }}
|
CAS_NAME_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.email }}
|
{{- with .Values.externalAuth.cas.keys.email }}
|
||||||
CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }}
|
CAS_EMAIL_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.nickname }}
|
{{- with .Values.externalAuth.cas.keys.nickname }}
|
||||||
CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }}
|
CAS_NICKNAME_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.first_name }}
|
{{- with .Values.externalAuth.cas.keys.first_name }}
|
||||||
CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }}
|
CAS_FIRST_NAME_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.last_name }}
|
{{- with .Values.externalAuth.cas.keys.last_name }}
|
||||||
CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }}
|
CAS_LAST_NAME_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.location }}
|
{{- with .Values.externalAuth.cas.keys.location }}
|
||||||
CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }}
|
CAS_LOCATION_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.image }}
|
{{- with .Values.externalAuth.cas.keys.image }}
|
||||||
CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }}
|
CAS_IMAGE_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.cas.keys.phone }}
|
{{- with .Values.externalAuth.cas.keys.phone }}
|
||||||
CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }}
|
CAS_PHONE_KEY: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.pam.enabled }}
|
{{- with .Values.externalAuth.pam.enabled }}
|
||||||
PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }}
|
PAM_ENABLED: {{ . | quote }}
|
||||||
{{- if .Values.externalAuth.pam.email_domain }}
|
{{- with .Values.externalAuth.pam.email_domain }}
|
||||||
PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }}
|
PAM_EMAIL_DOMAIN: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.pam.default_service }}
|
{{- with .Values.externalAuth.pam.default_service }}
|
||||||
PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }}
|
PAM_DEFAULT_SERVICE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.pam.controlled_service }}
|
{{- with .Values.externalAuth.pam.controlled_service }}
|
||||||
PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }}
|
PAM_CONTROLLED_SERVICE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.enabled }}
|
{{- if .Values.externalAuth.ldap.enabled }}
|
||||||
|
@ -287,32 +290,32 @@ data:
|
||||||
LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
|
LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
|
||||||
LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
|
LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
|
||||||
LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
|
LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
|
||||||
{{- if .Values.externalAuth.ldap.base }}
|
{{- with .Values.externalAuth.ldap.base }}
|
||||||
LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
|
LDAP_BASE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.bind_on }}
|
{{- with .Values.externalAuth.ldap.bind_on }}
|
||||||
LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }}
|
LDAP_BIND_ON: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.password }}
|
{{- with .Values.externalAuth.ldap.password }}
|
||||||
LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }}
|
LDAP_PASSWORD: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.uid }}
|
{{- with .Values.externalAuth.ldap.uid }}
|
||||||
LDAP_UID: {{ .Values.externalAuth.ldap.uid }}
|
LDAP_UID: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.mail }}
|
{{- with .Values.externalAuth.ldap.mail }}
|
||||||
LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }}
|
LDAP_MAIL: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.search_filter }}
|
{{- with .Values.externalAuth.ldap.search_filter }}
|
||||||
LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }}
|
LDAP_SEARCH_FILTER: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.uid_conversion.enabled }}
|
{{- with .Values.externalAuth.ldap.uid_conversion.enabled }}
|
||||||
LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }}
|
LDAP_UID_CONVERSION_ENABLED: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.uid_conversion.search }}
|
{{- with .Values.externalAuth.ldap.uid_conversion.search }}
|
||||||
LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }}
|
LDAP_UID_CONVERSION_SEARCH: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.externalAuth.ldap.uid_conversion.replace }}
|
{{- with .Values.externalAuth.ldap.uid_conversion.replace }}
|
||||||
LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }}
|
LDAP_UID_CONVERSION_REPLACE: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.mastodon.metrics.statsd.address }}
|
{{- with .Values.mastodon.metrics.statsd.address }}
|
||||||
|
|
|
@ -67,6 +67,18 @@ spec:
|
||||||
key: redis-password
|
key: redis-password
|
||||||
- name: "PORT"
|
- name: "PORT"
|
||||||
value: {{ .Values.mastodon.web.port | quote }}
|
value: {{ .Values.mastodon.web.port | quote }}
|
||||||
|
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
|
||||||
|
- name: "AWS_SECRET_ACCESS_KEY"
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.mastodon.s3.existingSecret }}
|
||||||
|
key: AWS_SECRET_ACCESS_KEY
|
||||||
|
- name: "AWS_ACCESS_KEY_ID"
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.mastodon.s3.existingSecret }}
|
||||||
|
key: AWS_ACCESS_KEY_ID
|
||||||
|
{{- end }}
|
||||||
{{- if (not .Values.mastodon.s3.enabled) }}
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
|
|
|
@ -1,117 +1,121 @@
|
||||||
|
{{- $context := . }}
|
||||||
|
{{- range .Values.mastodon.sidekiq.workers }}
|
||||||
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "mastodon.fullname" . }}-sidekiq
|
name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "mastodon.labels" . | nindent 4 }}
|
{{- include "mastodon.labels" $context | nindent 4 }}
|
||||||
|
app.kubernetes.io/component: sidekiq-{{ .name }}
|
||||||
|
app.kubernetes.io/part-of: rails
|
||||||
spec:
|
spec:
|
||||||
{{- if not .Values.autoscaling.enabled }}
|
{{- if (has "scheduler" .queues) }}
|
||||||
replicas: {{ .Values.replicaCount }}
|
{{- if (gt (int .replicas) 1) }}
|
||||||
|
{{ fail "The scheduler queue should never have more than 1 replicas" }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
{{- end }}
|
||||||
|
replicas: {{ .replicas }}
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
{{- include "mastodon.selectorLabels" $context | nindent 6 }}
|
||||||
app.kubernetes.io/component: sidekiq
|
app.kubernetes.io/component: sidekiq-{{ .name }}
|
||||||
app.kubernetes.io/part-of: rails
|
app.kubernetes.io/part-of: rails
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
{{- with .Values.podAnnotations }}
|
{{- with $context.Values.podAnnotations }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# roll the pods to pick up any db migrations or other changes
|
# roll the pods to pick up any db migrations or other changes
|
||||||
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
|
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "mastodon.selectorLabels" . | nindent 8 }}
|
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
|
||||||
app.kubernetes.io/component: sidekiq
|
app.kubernetes.io/component: sidekiq-{{ .name }}
|
||||||
app.kubernetes.io/part-of: rails
|
app.kubernetes.io/part-of: rails
|
||||||
spec:
|
spec:
|
||||||
{{- with .Values.imagePullSecrets }}
|
{{- with $context.Values.imagePullSecrets }}
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
serviceAccountName: {{ include "mastodon.serviceAccountName" $context }}
|
||||||
{{- with .Values.podSecurityContext }}
|
{{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if (not .Values.mastodon.s3.enabled) }}
|
{{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
|
||||||
# ensure we run on the same node as the other rails components; only
|
|
||||||
# required when using PVCs that are ReadWriteOnce
|
|
||||||
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
|
||||||
affinity:
|
affinity:
|
||||||
podAffinity:
|
{{- toYaml . | nindent 8 }}
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/part-of
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- rails
|
|
||||||
topologyKey: kubernetes.io/hostname
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if (not $context.Values.mastodon.s3.enabled) }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: assets
|
- name: assets
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-assets
|
claimName: {{ template "mastodon.fullname" $context }}-assets
|
||||||
- name: system
|
- name: system
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" $context }}-system
|
||||||
{{- end }}
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}
|
- name: {{ $context.Chart.Name }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
{{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ $context.Values.image.pullPolicy }}
|
||||||
command:
|
command:
|
||||||
- bundle
|
- bundle
|
||||||
- exec
|
- exec
|
||||||
- sidekiq
|
- sidekiq
|
||||||
- -c
|
- -c
|
||||||
- {{ .Values.mastodon.sidekiq.concurrency | quote }}
|
- {{ .concurrency | quote }}
|
||||||
|
{{- range .queues }}
|
||||||
|
- -q
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
name: {{ include "mastodon.fullname" . }}-env
|
name: {{ include "mastodon.fullname" $context }}-env
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: {{ template "mastodon.secretName" . }}
|
name: {{ template "mastodon.secretName" $context }}
|
||||||
env:
|
env:
|
||||||
- name: "DB_PASS"
|
- name: "DB_PASS"
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ template "mastodon.postgresql.secretName" . }}
|
name: {{ template "mastodon.postgresql.secretName" $context }}
|
||||||
key: password
|
key: password
|
||||||
- name: "REDIS_PASSWORD"
|
- name: "REDIS_PASSWORD"
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ template "mastodon.redis.secretName" . }}
|
name: {{ template "mastodon.redis.secretName" $context }}
|
||||||
key: redis-password
|
key: redis-password
|
||||||
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
|
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
|
||||||
- name: "AWS_SECRET_ACCESS_KEY"
|
- name: "AWS_SECRET_ACCESS_KEY"
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .Values.mastodon.s3.existingSecret }}
|
name: {{ $context.Values.mastodon.s3.existingSecret }}
|
||||||
key: AWS_SECRET_ACCESS_KEY
|
key: AWS_SECRET_ACCESS_KEY
|
||||||
- name: "AWS_ACCESS_KEY_ID"
|
- name: "AWS_ACCESS_KEY_ID"
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .Values.mastodon.s3.existingSecret }}
|
name: {{ $context.Values.mastodon.s3.existingSecret }}
|
||||||
key: AWS_ACCESS_KEY_ID
|
key: AWS_ACCESS_KEY_ID
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.existingSecret }}
|
{{- if $context.Values.mastodon.smtp.existingSecret }}
|
||||||
- name: "SMTP_LOGIN"
|
- name: "SMTP_LOGIN"
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .Values.mastodon.smtp.existingSecret }}
|
name: {{ $context.Values.mastodon.smtp.existingSecret }}
|
||||||
key: login
|
key: login
|
||||||
optional: true
|
optional: true
|
||||||
- name: "SMTP_PASSWORD"
|
- name: "SMTP_PASSWORD"
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .Values.mastodon.smtp.existingSecret }}
|
name: {{ $context.Values.mastodon.smtp.existingSecret }}
|
||||||
key: password
|
key: password
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if (not .Values.mastodon.s3.enabled) }}
|
{{- if (not $context.Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
mountPath: /opt/mastodon/public/assets
|
mountPath: /opt/mastodon/public/assets
|
||||||
|
@ -119,12 +123,13 @@ spec:
|
||||||
mountPath: /opt/mastodon/public/system
|
mountPath: /opt/mastodon/public/system
|
||||||
{{- end }}
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.resources | nindent 12 }}
|
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with $context.Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.tolerations }}
|
{{- with $context.Values.tolerations }}
|
||||||
tolerations:
|
tolerations:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -5,9 +5,7 @@ metadata:
|
||||||
labels:
|
labels:
|
||||||
{{- include "mastodon.labels" . | nindent 4 }}
|
{{- include "mastodon.labels" . | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
{{- if not .Values.autoscaling.enabled }}
|
replicas: {{ .Values.mastodon.streaming.replicas }}
|
||||||
replicas: {{ .Values.replicaCount }}
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
||||||
|
@ -15,7 +13,7 @@ spec:
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
{{- with .Values.podAnnotations }}
|
{{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# roll the pods to pick up any db migrations or other changes
|
# roll the pods to pick up any db migrations or other changes
|
||||||
|
@ -29,13 +27,13 @@ spec:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
||||||
{{- with .Values.podSecurityContext }}
|
{{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}
|
- name: {{ .Chart.Name }}-streaming
|
||||||
{{- with .Values.securityContext }}
|
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml . | nindent 12 }}
|
{{- toYaml . | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -72,7 +70,7 @@ spec:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /api/v1/streaming/health
|
path: /api/v1/streaming/health
|
||||||
port: streaming
|
port: streaming
|
||||||
{{- with .Values.resources }}
|
{{- with (default .Values.resources .Values.mastodon.streaming.resources) }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml . | nindent 12 }}
|
{{- toYaml . | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -80,7 +78,7 @@ spec:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.affinity }}
|
{{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }}
|
||||||
affinity:
|
affinity:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -5,9 +5,7 @@ metadata:
|
||||||
labels:
|
labels:
|
||||||
{{- include "mastodon.labels" . | nindent 4 }}
|
{{- include "mastodon.labels" . | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
{{- if not .Values.autoscaling.enabled }}
|
replicas: {{ .Values.mastodon.web.replicas }}
|
||||||
replicas: {{ .Values.replicaCount }}
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
||||||
|
@ -16,7 +14,7 @@ spec:
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
{{- with .Values.podAnnotations }}
|
{{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# roll the pods to pick up any db migrations or other changes
|
# roll the pods to pick up any db migrations or other changes
|
||||||
|
@ -31,7 +29,7 @@ spec:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
||||||
{{- with .Values.podSecurityContext }}
|
{{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -45,8 +43,8 @@ spec:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" . }}-system
|
||||||
{{- end }}
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}
|
- name: {{ .Chart.Name }}-web
|
||||||
{{- with .Values.securityContext }}
|
{{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml . | nindent 12 }}
|
{{- toYaml . | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -112,7 +110,7 @@ spec:
|
||||||
port: http
|
port: http
|
||||||
failureThreshold: 30
|
failureThreshold: 30
|
||||||
periodSeconds: 5
|
periodSeconds: 5
|
||||||
{{- with .Values.resources }}
|
{{- with (default .Values.resources .Values.mastodon.web.resources) }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml . | nindent 12 }}
|
{{- toYaml . | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -120,7 +118,7 @@ spec:
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.affinity }}
|
{{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
|
||||||
affinity:
|
affinity:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
{{- if .Values.autoscaling.enabled -}}
|
|
||||||
apiVersion: autoscaling/v2beta1
|
|
||||||
kind: HorizontalPodAutoscaler
|
|
||||||
metadata:
|
|
||||||
name: {{ include "mastodon.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "mastodon.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
scaleTargetRef:
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
name: {{ include "mastodon.fullname" . }}
|
|
||||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
|
||||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
|
||||||
metrics:
|
|
||||||
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
|
|
||||||
- type: Resource
|
|
||||||
resource:
|
|
||||||
name: cpu
|
|
||||||
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
|
||||||
- type: Resource
|
|
||||||
resource:
|
|
||||||
name: memory
|
|
||||||
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
|
@ -55,7 +55,7 @@ spec:
|
||||||
- {{ .Values.mastodon.createAdmin.email }}
|
- {{ .Values.mastodon.createAdmin.email }}
|
||||||
- --confirmed
|
- --confirmed
|
||||||
- --role
|
- --role
|
||||||
- admin
|
- Owner
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
name: {{ include "mastodon.fullname" . }}-env
|
name: {{ include "mastodon.fullname" . }}-env
|
||||||
|
|
|
@ -11,5 +11,5 @@ spec:
|
||||||
- name: wget
|
- name: wget
|
||||||
image: busybox
|
image: busybox
|
||||||
command: ['wget']
|
command: ['wget']
|
||||||
args: ['{{ include "mastodon.fullname" . }}:{{ .Values.service.port }}']
|
args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}']
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
|
|
166
values.yaml
166
values.yaml
|
@ -1,5 +1,3 @@
|
||||||
replicaCount: 1
|
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: tootsuite/mastodon
|
repository: tootsuite/mastodon
|
||||||
# https://hub.docker.com/r/tootsuite/mastodon/tags
|
# https://hub.docker.com/r/tootsuite/mastodon/tags
|
||||||
|
@ -13,28 +11,36 @@ image:
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
mastodon:
|
mastodon:
|
||||||
# create an initial administrator user; the password is autogenerated and will
|
# -- create an initial administrator user; the password is autogenerated and will
|
||||||
# have to be reset
|
# have to be reset
|
||||||
createAdmin:
|
createAdmin:
|
||||||
|
# @ignored
|
||||||
enabled: false
|
enabled: false
|
||||||
|
# @ignored
|
||||||
username: not_gargron
|
username: not_gargron
|
||||||
|
# @ignored
|
||||||
email: not@example.com
|
email: not@example.com
|
||||||
cron:
|
cron:
|
||||||
# run `tootctl media remove` every week
|
# -- run `tootctl media remove` every week
|
||||||
removeMedia:
|
removeMedia:
|
||||||
|
# @ignored
|
||||||
enabled: true
|
enabled: true
|
||||||
|
# @ignored
|
||||||
schedule: "0 0 * * 0"
|
schedule: "0 0 * * 0"
|
||||||
# available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
|
# -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
|
||||||
locale: en
|
locale: en
|
||||||
local_domain: mastodon.local
|
local_domain: mastodon.local
|
||||||
# Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
|
# -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
|
||||||
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
|
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
|
||||||
# web_domain: mastodon.example.com
|
# Example: mastodon.example.com
|
||||||
# If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
|
web_domain: null
|
||||||
|
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
|
||||||
singleUserMode: false
|
singleUserMode: false
|
||||||
|
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
|
||||||
|
authorizedFetch: false
|
||||||
persistence:
|
persistence:
|
||||||
assets:
|
assets:
|
||||||
# ReadWriteOnce is more widely supported than ReadWriteMany, but limits
|
# -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits
|
||||||
# scalability, since it requires the Rails and Sidekiq pods to run on the
|
# scalability, since it requires the Rails and Sidekiq pods to run on the
|
||||||
# same node.
|
# same node.
|
||||||
accessMode: ReadWriteOnce
|
accessMode: ReadWriteOnce
|
||||||
|
@ -50,14 +56,14 @@ mastodon:
|
||||||
enabled: false
|
enabled: false
|
||||||
access_key: ""
|
access_key: ""
|
||||||
access_secret: ""
|
access_secret: ""
|
||||||
# you can also specify the name of an existing Secret
|
# -- you can also specify the name of an existing Secret
|
||||||
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
|
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
|
||||||
existingSecret: ""
|
existingSecret: ""
|
||||||
bucket: ""
|
bucket: ""
|
||||||
endpoint: https://us-east-1.linodeobjects.com
|
endpoint: ""
|
||||||
hostname: us-east-1.linodeobjects.com
|
hostname: ""
|
||||||
region: ""
|
region: ""
|
||||||
# If you have a caching proxy, enter its base URL here.
|
# -- If you have a caching proxy, enter its base URL here.
|
||||||
alias_host: ""
|
alias_host: ""
|
||||||
# these must be set manually; autogenerated keys are rotated on each upgrade
|
# these must be set manually; autogenerated keys are rotated on each upgrade
|
||||||
secrets:
|
secrets:
|
||||||
|
@ -66,12 +72,61 @@ mastodon:
|
||||||
vapid:
|
vapid:
|
||||||
private_key: ""
|
private_key: ""
|
||||||
public_key: ""
|
public_key: ""
|
||||||
# you can also specify the name of an existing Secret
|
# -- you can also specify the name of an existing Secret
|
||||||
# with keys SECRET_KEY_BASE and OTP_SECRET and
|
# with keys SECRET_KEY_BASE and OTP_SECRET and
|
||||||
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
|
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
|
||||||
existingSecret: ""
|
existingSecret: ""
|
||||||
sidekiq:
|
sidekiq:
|
||||||
|
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
|
||||||
|
podSecurityContext: {}
|
||||||
|
# -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext
|
||||||
|
securityContext: {}
|
||||||
|
# -- Resources for all Sidekiq Deployments unless overwritten
|
||||||
|
resources: {}
|
||||||
|
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
|
||||||
|
affinity: {}
|
||||||
|
# limits:
|
||||||
|
# cpu: "1"
|
||||||
|
# memory: 768Mi
|
||||||
|
# requests:
|
||||||
|
# cpu: 250m
|
||||||
|
# memory: 512Mi
|
||||||
|
workers:
|
||||||
|
- name: all-queues
|
||||||
|
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
|
||||||
concurrency: 25
|
concurrency: 25
|
||||||
|
# -- Number of Pod replicas deployed by the Deployment
|
||||||
|
replicas: 1
|
||||||
|
# -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources
|
||||||
|
resources: {}
|
||||||
|
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
|
||||||
|
affinity: {}
|
||||||
|
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
|
||||||
|
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
|
||||||
|
queues:
|
||||||
|
- default,8
|
||||||
|
- push,6
|
||||||
|
- ingress,4
|
||||||
|
- mailers,2
|
||||||
|
- pull
|
||||||
|
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
|
||||||
|
#- name: push-pull
|
||||||
|
# concurrency: 50
|
||||||
|
# resources: {}
|
||||||
|
# replicas: 2
|
||||||
|
# queues:
|
||||||
|
# - push
|
||||||
|
# - pull
|
||||||
|
#- name: mailers
|
||||||
|
# concurrency: 25
|
||||||
|
# replicas: 2
|
||||||
|
# queues:
|
||||||
|
# - mailers
|
||||||
|
#- name: default
|
||||||
|
# concurrency: 25
|
||||||
|
# replicas: 2
|
||||||
|
# queues:
|
||||||
|
# - default
|
||||||
smtp:
|
smtp:
|
||||||
auth_method: plain
|
auth_method: plain
|
||||||
ca_file: /etc/ssl/certs/ca-certificates.crt
|
ca_file: /etc/ssl/certs/ca-certificates.crt
|
||||||
|
@ -86,24 +141,56 @@ mastodon:
|
||||||
tls: false
|
tls: false
|
||||||
login:
|
login:
|
||||||
password:
|
password:
|
||||||
# you can also specify the name of an existing Secret
|
# -- you can also specify the name of an existing Secret
|
||||||
# with the keys login and password
|
# with the keys login and password
|
||||||
existingSecret:
|
existingSecret:
|
||||||
streaming:
|
streaming:
|
||||||
port: 4000
|
port: 4000
|
||||||
# this should be set manually since os.cpus() returns the number of CPUs on
|
# -- this should be set manually since os.cpus() returns the number of CPUs on
|
||||||
# the node running the pod, which is unrelated to the resources allocated to
|
# the node running the pod, which is unrelated to the resources allocated to
|
||||||
# the pod by k8s
|
# the pod by k8s
|
||||||
workers: 1
|
workers: 1
|
||||||
# The base url for streaming can be set if the streaming API is deployed to
|
# -- The base url for streaming can be set if the streaming API is deployed to
|
||||||
# a different domain/subdomain.
|
# a different domain/subdomain.
|
||||||
# base_url: wws://streaming.example.com
|
base_url: null
|
||||||
|
# -- Number of Streaming Pods running
|
||||||
|
replicas: 1
|
||||||
|
# -- Affinity for Streaming Pods, overwrites .Values.affinity
|
||||||
|
affinity: {}
|
||||||
|
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
|
||||||
|
podSecurityContext: {}
|
||||||
|
# -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
|
||||||
|
securityContext: {}
|
||||||
|
# -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources
|
||||||
|
resources: {}
|
||||||
|
# limits:
|
||||||
|
# cpu: "500m"
|
||||||
|
# memory: 512Mi
|
||||||
|
# requests:
|
||||||
|
# cpu: 250m
|
||||||
|
# memory: 128Mi
|
||||||
web:
|
web:
|
||||||
port: 3000
|
port: 3000
|
||||||
|
# -- Number of Web Pods running
|
||||||
|
replicas: 1
|
||||||
|
# -- Affinity for Web Pods, overwrites .Values.affinity
|
||||||
|
affinity: {}
|
||||||
|
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
|
||||||
|
podSecurityContext: {}
|
||||||
|
# -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext
|
||||||
|
securityContext: {}
|
||||||
|
# -- (Web Container) Resources for Web Pods, overwrites .Values.resources
|
||||||
|
resources: {}
|
||||||
|
# limits:
|
||||||
|
# cpu: "1"
|
||||||
|
# memory: 1280Mi
|
||||||
|
# requests:
|
||||||
|
# cpu: 250m
|
||||||
|
# memory: 768Mi
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
statsd:
|
statsd:
|
||||||
# Enable statsd publishing via STATSD_ADDR environment variable
|
# -- Enable statsd publishing via STATSD_ADDR environment variable
|
||||||
address: ""
|
address: ""
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
|
@ -121,7 +208,7 @@ ingress:
|
||||||
# nginx.ingress.kubernetes.io/proxy-body-size: 40m
|
# nginx.ingress.kubernetes.io/proxy-body-size: 40m
|
||||||
# for the NGINX ingress controller:
|
# for the NGINX ingress controller:
|
||||||
# nginx.org/client-max-body-size: 40m
|
# nginx.org/client-max-body-size: 40m
|
||||||
# you can specify the ingressClassName if it differs from the default
|
# -- you can specify the ingressClassName if it differs from the default
|
||||||
ingressClassName:
|
ingressClassName:
|
||||||
hosts:
|
hosts:
|
||||||
- host: mastodon.local
|
- host: mastodon.local
|
||||||
|
@ -132,20 +219,22 @@ ingress:
|
||||||
hosts:
|
hosts:
|
||||||
- mastodon.local
|
- mastodon.local
|
||||||
|
|
||||||
# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
|
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
|
||||||
elasticsearch:
|
elasticsearch:
|
||||||
# `false` will disable full-text search
|
# `false` will disable full-text search
|
||||||
#
|
#
|
||||||
# if you enable ES after the initial install, you will need to manually run
|
# if you enable ES after the initial install, you will need to manually run
|
||||||
# RAILS_ENV=production bundle exec rake chewy:sync
|
# RAILS_ENV=production bundle exec rake chewy:sync
|
||||||
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
|
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
|
||||||
|
# @ignored
|
||||||
enabled: true
|
enabled: true
|
||||||
|
# @ignored
|
||||||
image:
|
image:
|
||||||
tag: 7
|
tag: 7
|
||||||
|
|
||||||
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
|
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
|
||||||
postgresql:
|
postgresql:
|
||||||
# disable if you want to use an existing db; in which case the values below
|
# -- disable if you want to use an existing db; in which case the values below
|
||||||
# must match those of that external postgres instance
|
# must match those of that external postgres instance
|
||||||
enabled: true
|
enabled: true
|
||||||
# postgresqlHostname: preexisting-postgresql
|
# postgresqlHostname: preexisting-postgresql
|
||||||
|
@ -172,7 +261,7 @@ redis:
|
||||||
enabled: true
|
enabled: true
|
||||||
hostname: ""
|
hostname: ""
|
||||||
port: 6379
|
port: 6379
|
||||||
# you must set a password; the password generated by the redis chart will be
|
# -- you must set a password; the password generated by the redis chart will be
|
||||||
# rotated on each upgrade:
|
# rotated on each upgrade:
|
||||||
password: ""
|
password: ""
|
||||||
# you can also specify the name of an existing Secret
|
# you can also specify the name of an existing Secret
|
||||||
|
@ -180,13 +269,14 @@ redis:
|
||||||
# auth:
|
# auth:
|
||||||
# existingSecret: ""
|
# existingSecret: ""
|
||||||
|
|
||||||
|
# @ignored
|
||||||
service:
|
service:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
port: 80
|
port: 80
|
||||||
|
|
||||||
externalAuth:
|
externalAuth:
|
||||||
oidc:
|
oidc:
|
||||||
# OpenID Connect support is proposed in PR #16221 and awaiting merge.
|
# -- OpenID Connect support is proposed in PR #16221 and awaiting merge.
|
||||||
enabled: false
|
enabled: false
|
||||||
# display_name: "example-label"
|
# display_name: "example-label"
|
||||||
# issuer: https://login.example.space/auth/realms/example-space
|
# issuer: https://login.example.space/auth/realms/example-space
|
||||||
|
@ -236,8 +326,8 @@ externalAuth:
|
||||||
# verified:
|
# verified:
|
||||||
# verified_email:
|
# verified_email:
|
||||||
oauth_global:
|
oauth_global:
|
||||||
# Force redirect local login to CAS. Does not function with SAML or LDAP.
|
# -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In
|
||||||
oauth_redirect_at_sign_in: false
|
omniauth_only: false
|
||||||
cas:
|
cas:
|
||||||
enabled: false
|
enabled: false
|
||||||
# url: https://sso.myserver.com
|
# url: https://sso.myserver.com
|
||||||
|
@ -283,7 +373,7 @@ externalAuth:
|
||||||
# search: "., -"
|
# search: "., -"
|
||||||
# replace: _
|
# replace: _
|
||||||
|
|
||||||
# https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75
|
# -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75
|
||||||
#
|
#
|
||||||
# if you manually change the UID/GID environment variables, ensure these values
|
# if you manually change the UID/GID environment variables, ensure these values
|
||||||
# match:
|
# match:
|
||||||
|
@ -292,25 +382,27 @@ podSecurityContext:
|
||||||
runAsGroup: 991
|
runAsGroup: 991
|
||||||
fsGroup: 991
|
fsGroup: 991
|
||||||
|
|
||||||
|
# @ignored
|
||||||
securityContext: {}
|
securityContext: {}
|
||||||
|
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
# Specifies whether a service account should be created
|
# -- Specifies whether a service account should be created
|
||||||
create: true
|
create: true
|
||||||
# Annotations to add to the service account
|
# -- Annotations to add to the service account
|
||||||
annotations: {}
|
annotations: {}
|
||||||
# The name of the service account to use.
|
# -- The name of the service account to use.
|
||||||
# If not set and create is true, a name is generated using the fullname template
|
# If not set and create is true, a name is generated using the fullname template
|
||||||
name: ""
|
name: ""
|
||||||
|
|
||||||
# Kubernetes manages pods for jobs and pods for deployments differently, so you might
|
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
|
||||||
# need to apply different annotations to the two different sets of pods. The annotations
|
# need to apply different annotations to the two different sets of pods. The annotations
|
||||||
# set with podAnnotations will be added to all deployment-managed pods.
|
# set with podAnnotations will be added to all deployment-managed pods.
|
||||||
podAnnotations: {}
|
podAnnotations: {}
|
||||||
|
|
||||||
# The annotations set with jobAnnotations will be added to all job pods.
|
# -- The annotations set with jobAnnotations will be added to all job pods.
|
||||||
jobAnnotations: {}
|
jobAnnotations: {}
|
||||||
|
|
||||||
|
# -- Default resources for all Deployments and jobs unless overwritten
|
||||||
resources: {}
|
resources: {}
|
||||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||||
# choice for the user. This also increases chances charts run on environments with little
|
# choice for the user. This also increases chances charts run on environments with little
|
||||||
|
@ -323,15 +415,11 @@ resources: {}
|
||||||
# cpu: 100m
|
# cpu: 100m
|
||||||
# memory: 128Mi
|
# memory: 128Mi
|
||||||
|
|
||||||
autoscaling:
|
# @ignored
|
||||||
enabled: false
|
|
||||||
minReplicas: 1
|
|
||||||
maxReplicas: 100
|
|
||||||
targetCPUUtilizationPercentage: 80
|
|
||||||
# targetMemoryUtilizationPercentage: 80
|
|
||||||
|
|
||||||
nodeSelector: {}
|
nodeSelector: {}
|
||||||
|
|
||||||
|
# @ignored
|
||||||
tolerations: []
|
tolerations: []
|
||||||
|
|
||||||
|
# -- Affinity for all pods unless overwritten
|
||||||
affinity: {}
|
affinity: {}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user