infra/mastodon-chart
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor chart sidekiq queues (#1)

Browse Source 
Co-authored-by: Effy Elden <effy@effy.space>
Co-authored-by: Sheogorath <sheogorath@shivering-isles.com>
Co-authored-by: Chris Funderburg <chris@funderburg.me>
This commit is contained in:
Alex Nordlund 2022-12-03 05:44:39 +01:00 committed by GitHub
parent 543fdf7446
commit ae892d539e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 405 additions and 310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/test-chart.yml vendored
View File

@ -5,15 +5,9 @@ name: Test chart
on:
pull_request:
paths:
- "chart/**"
- "!**.md"
- ".github/workflows/test-chart.yml"
paths-ignore:
- "README.md"
push:
paths:
- "chart/**"
- "!**.md"
- ".github/workflows/test-chart.yml"
branches-ignore:
- "dependabot/**"
workflow_dispatch:
@ -21,10 +15,6 @@ on:
permissions:
contents: read
defaults:
run:
working-directory: chart
jobs:
lint-templates:
runs-on: ubuntu-22.04

4
Chart.yaml
View File

@ -15,12 +15,12 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 2.3.0
version: 4.0.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: v3.5.3
appVersion: v4.0.2
dependencies:
- name: elasticsearch

17
README.md
View File

@ -19,6 +19,23 @@ The variables that _must_ be configured are:
- SMTP settings for your mailer in the `mastodon.smtp` group.
If your PersistentVolumeClaim is `ReadWriteOnce` and you're unable to use a S3-compatible service or
run a self-hosted compatible service like [Minio](https://min.io/docs/minio/kubernetes/upstream/index.html)
then you need to set the pod affinity so the web and sidekiq pods are scheduled to the same node.
Example configuration:
```yaml
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
```
# Administration
You can run [admin CLI](https://docs.joinmastodon.org/admin/tootctl/) commands in the web deployment.

12
templates/_helpers.tpl
View File

@ -136,3 +136,15 @@ Return true if a mastodon secret object should be created
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Find highest number of needed database connections to set DB_POOL variable
*/}}
{{- define "mastodon.maxDbPool" -}}
{{/* Default MAX_THREADS for Puma is 5 */}}
{{- $poolSize := 5 }}
{{- range .Values.mastodon.sidekiq.workers }}
{{- $poolSize = max $poolSize .concurrency }}
{{- end }}
{{- $poolSize | quote }}
{{- end }}

325
templates/configmap-env.yaml
View File

@ -13,7 +13,7 @@ data:
DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
{{- end }}
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }}
DB_POOL: {{ include "mastodon.maxDbPool" . }}
DB_USER: {{ .Values.postgresql.auth.username }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }}
@ -22,12 +22,15 @@ data:
ES_PORT: "9200"
{{- end }}
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
{{- if .Values.mastodon.web_domain }}
WEB_DOMAIN: {{ .Values.mastodon.web_domain }}
{{- with .Values.mastodon.web_domain }}
WEB_DOMAIN: {{ . }}
{{- end }}
{{- if .Values.mastodon.singleUserMode }}
{{- with .Values.mastodon.singleUserMode }}
SINGLE_USER_MODE: "true"
{{- end }}
{{- with .Values.mastodon.authorizedFetch }}
AUTHORIZED_FETCH: {{ . | quote }}
{{- end }}
# https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
MALLOC_ARENA_MAX: "2"
NODE_ENV: "production"
@ -44,58 +47,58 @@ data:
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
S3_PROTOCOL: "https"
{{- if .Values.mastodon.s3.region }}
S3_REGION: {{ .Values.mastodon.s3.region }}
{{- with .Values.mastodon.s3.region }}
S3_REGION: {{ . }}
{{- end }}
{{- if .Values.mastodon.s3.alias_host }}
{{- with .Values.mastodon.s3.alias_host }}
S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
{{- end }}
{{- end }}
{{- if .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
{{- with .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.ca_file }}
SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }}
{{- with .Values.mastodon.smtp.ca_file }}
SMTP_CA_FILE: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.delivery_method }}
SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }}
{{- with .Values.mastodon.smtp.delivery_method }}
SMTP_DELIVERY_METHOD: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.domain }}
SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }}
{{- with .Values.mastodon.smtp.domain }}
SMTP_DOMAIN: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.enable_starttls }}
SMTP_ENABLE_STARTTLS: {{ .Values.mastodon.smtp.enable_starttls | quote }}
{{- with .Values.mastodon.smtp.enable_starttls }}
SMTP_ENABLE_STARTTLS: {{ . | quote }}
{{- end }}
{{- if .Values.mastodon.smtp.enable_starttls_auto }}
SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }}
{{- with .Values.mastodon.smtp.enable_starttls_auto }}
SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
{{- end }}
{{- if .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }}
{{- with .Values.mastodon.smtp.from_address }}
SMTP_FROM_ADDRESS: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.login }}
SMTP_LOGIN: {{ .Values.mastodon.smtp.login }}
{{- with .Values.mastodon.smtp.login }}
SMTP_LOGIN: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }}
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.password }}
SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }}
{{- with .Values.mastodon.smtp.password }}
SMTP_PASSWORD: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.port }}
SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }}
{{- with .Values.mastodon.smtp.port }}
SMTP_PORT: {{ . | quote }}
{{- end }}
{{- if .Values.mastodon.smtp.reply_to }}
SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }}
{{- with .Values.mastodon.smtp.reply_to }}
SMTP_REPLY_TO: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.server }}
SMTP_SERVER: {{ .Values.mastodon.smtp.server }}
{{- with .Values.mastodon.smtp.server }}
SMTP_SERVER: {{ . }}
{{- end }}
{{- if .Values.mastodon.smtp.tls }}
SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }}
{{- with .Values.mastodon.smtp.tls }}
SMTP_TLS: {{ . | quote }}
{{- end }}
STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
{{- if .Values.mastodon.streaming.base_url }}
STREAMING_API_BASE_URL: {{ .Values.mastodon.streaming.base_url | quote }}
{{- with .Values.mastodon.streaming.base_url }}
STREAMING_API_BASE_URL: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.oidc.enabled }}
OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
@ -108,53 +111,53 @@ data:
OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
{{- if .Values.externalAuth.oidc.client_auth_method }}
OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }}
{{- with .Values.externalAuth.oidc.client_auth_method }}
OIDC_CLIENT_AUTH_METHOD: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.response_type }}
OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }}
{{- with .Values.externalAuth.oidc.response_type }}
OIDC_RESPONSE_TYPE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.response_mode }}
OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }}
{{- with .Values.externalAuth.oidc.response_mode }}
OIDC_RESPONSE_MODE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.display }}
OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }}
{{- with .Values.externalAuth.oidc.display }}
OIDC_DISPLAY: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.prompt }}
OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }}
{{- with .Values.externalAuth.oidc.prompt }}
OIDC_PROMPT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.send_nonce }}
OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }}
{{- with .Values.externalAuth.oidc.send_nonce }}
OIDC_SEND_NONCE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }}
{{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }}
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }}
{{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }}
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.http_scheme }}
OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }}
{{- with .Values.externalAuth.oidc.http_scheme }}
OIDC_HTTP_SCHEME: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.host }}
OIDC_HOST: {{ .Values.externalAuth.oidc.host }}
{{- with .Values.externalAuth.oidc.host }}
OIDC_HOST: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.port }}
OIDC_PORT: {{ .Values.externalAuth.oidc.port }}
{{- with .Values.externalAuth.oidc.port }}
OIDC_PORT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.jwks_uri }}
OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }}
{{- with .Values.externalAuth.oidc.jwks_uri }}
OIDC_JWKS_URI: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.auth_endpoint }}
OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }}
{{- with .Values.externalAuth.oidc.auth_endpoint }}
OIDC_AUTH_ENDPOINT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.token_endpoint }}
OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }}
{{- with .Values.externalAuth.oidc.token_endpoint }}
OIDC_TOKEN_ENDPOINT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.user_info_endpoint }}
OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }}
{{- with .Values.externalAuth.oidc.user_info_endpoint }}
OIDC_USER_INFO_ENDPOINT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.oidc.end_session_endpoint }}
OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }}
{{- with .Values.externalAuth.oidc.end_session_endpoint }}
OIDC_END_SESSION_ENDPOINT: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.externalAuth.saml.enabled }}
@ -163,54 +166,54 @@ data:
SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
{{- if .Values.externalAuth.saml.idp_cert_fingerprint }}
SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }}
{{- with .Values.externalAuth.saml.idp_cert_fingerprint }}
SAML_IDP_CERT_FINGERPRINT: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.name_identifier_format }}
SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }}
{{- with .Values.externalAuth.saml.name_identifier_format }}
SAML_NAME_IDENTIFIER_FORMAT: {{ . }}
{{- end }}
{{- if .Values.externalAuth.saml.cert }}
SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }}
{{- with .Values.externalAuth.saml.cert }}
SAML_CERT: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.private_key }}
SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }}
{{- with .Values.externalAuth.saml.private_key }}
SAML_PRIVATE_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.want_assertion_signed }}
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }}
{{- with .Values.externalAuth.saml.want_assertion_signed }}
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.want_assertion_encrypted }}
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }}
{{- with .Values.externalAuth.saml.want_assertion_encrypted }}
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.assume_email_is_verified }}
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }}
{{- with .Values.externalAuth.saml.assume_email_is_verified }}
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.uid_attribute }}
SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }}
{{- with .Values.externalAuth.saml.uid_attribute }}
SAML_UID_ATTRIBUTE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.uid }}
SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.uid }}
SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.email }}
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.email }}
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.full_name }}
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.full_name }}
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.first_name }}
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.first_name }}
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.last_name }}
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.last_name }}
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.verified }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.verified }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.saml.attributes_statements.verified_email }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }}
{{- with .Values.externalAuth.saml.attributes_statements.verified_email }}
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }}
{{- end }}
{{- end }}
{{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }}
OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }}
{{- with .Values.externalAuth.oauth_global.omniauth_only }}
OMNIAUTH_ONLY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.enabled }}
CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
@ -218,68 +221,68 @@ data:
CAS_HOST: {{ .Values.externalAuth.cas.host }}
CAS_PORT: {{ .Values.externalAuth.cas.port }}
CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
{{- if .Values.externalAuth.cas.validate_url }}
CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }}
{{- with .Values.externalAuth.cas.validate_url }}
CAS_VALIDATE_URL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.callback_url }}
CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }}
{{- with .Values.externalAuth.cas.callback_url }}
CAS_CALLBACK_URL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.logout_url }}
CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }}
{{- with .Values.externalAuth.cas.logout_url }}
CAS_LOGOUT_URL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.login_url }}
CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }}
{{- with .Values.externalAuth.cas.login_url }}
CAS_LOGIN_URL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.uid_field }}
CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }}
{{- with .Values.externalAuth.cas.uid_field }}
CAS_UID_FIELD: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.ca_path }}
CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }}
{{- with .Values.externalAuth.cas.ca_path }}
CAS_CA_PATH: {{ . }}
{{- end }}
{{- if .Values.externalAuth.cas.disable_ssl_verification }}
CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }}
{{- with .Values.externalAuth.cas.disable_ssl_verification }}
CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.assume_email_is_verified }}
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }}
{{- with .Values.externalAuth.cas.assume_email_is_verified }}
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.uid }}
CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }}
{{- with .Values.externalAuth.cas.keys.uid }}
CAS_UID_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.name }}
CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }}
{{- with .Values.externalAuth.cas.keys.name }}
CAS_NAME_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.email }}
CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }}
{{- with .Values.externalAuth.cas.keys.email }}
CAS_EMAIL_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.nickname }}
CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }}
{{- with .Values.externalAuth.cas.keys.nickname }}
CAS_NICKNAME_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.first_name }}
CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }}
{{- with .Values.externalAuth.cas.keys.first_name }}
CAS_FIRST_NAME_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.last_name }}
CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }}
{{- with .Values.externalAuth.cas.keys.last_name }}
CAS_LAST_NAME_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.location }}
CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }}
{{- with .Values.externalAuth.cas.keys.location }}
CAS_LOCATION_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.image }}
CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }}
{{- with .Values.externalAuth.cas.keys.image }}
CAS_IMAGE_KEY: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.cas.keys.phone }}
CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }}
{{- with .Values.externalAuth.cas.keys.phone }}
CAS_PHONE_KEY: {{ . | quote }}
{{- end }}
{{- end }}
{{- if .Values.externalAuth.pam.enabled }}
PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }}
{{- if .Values.externalAuth.pam.email_domain }}
PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }}
{{- with .Values.externalAuth.pam.enabled }}
PAM_ENABLED: {{ . | quote }}
{{- with .Values.externalAuth.pam.email_domain }}
PAM_EMAIL_DOMAIN: {{ . }}
{{- end }}
{{- if .Values.externalAuth.pam.default_service }}
PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }}
{{- with .Values.externalAuth.pam.default_service }}
PAM_DEFAULT_SERVICE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.pam.controlled_service }}
PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }}
{{- with .Values.externalAuth.pam.controlled_service }}
PAM_CONTROLLED_SERVICE: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.externalAuth.ldap.enabled }}
@ -287,32 +290,32 @@ data:
LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
{{- if .Values.externalAuth.ldap.base }}
LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
{{- with .Values.externalAuth.ldap.base }}
LDAP_BASE: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.bind_on }}
LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }}
{{- with .Values.externalAuth.ldap.bind_on }}
LDAP_BIND_ON: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.password }}
LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }}
{{- with .Values.externalAuth.ldap.password }}
LDAP_PASSWORD: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.uid }}
LDAP_UID: {{ .Values.externalAuth.ldap.uid }}
{{- with .Values.externalAuth.ldap.uid }}
LDAP_UID: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.mail }}
LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }}
{{- with .Values.externalAuth.ldap.mail }}
LDAP_MAIL: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.search_filter }}
LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }}
{{- with .Values.externalAuth.ldap.search_filter }}
LDAP_SEARCH_FILTER: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.enabled }}
LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }}
{{- with .Values.externalAuth.ldap.uid_conversion.enabled }}
LDAP_UID_CONVERSION_ENABLED: {{ . | quote }}
{{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.search }}
LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }}
{{- with .Values.externalAuth.ldap.uid_conversion.search }}
LDAP_UID_CONVERSION_SEARCH: {{ . }}
{{- end }}
{{- if .Values.externalAuth.ldap.uid_conversion.replace }}
LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }}
{{- with .Values.externalAuth.ldap.uid_conversion.replace }}
LDAP_UID_CONVERSION_REPLACE: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.mastodon.metrics.statsd.address }}

12
templates/cronjob-media-remove.yaml
View File

@ -67,6 +67,18 @@ spec:
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_SECRET_ACCESS_KEY
- name: "AWS_ACCESS_KEY_ID"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets

99
templates/deployment-sidekiq.yaml
View File

@ -1,117 +1,121 @@
{{- $context := . }}
{{- range .Values.mastodon.sidekiq.workers }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mastodon.fullname" . }}-sidekiq
name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
{{- include "mastodon.labels" $context | nindent 4 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- if (has "scheduler" .queues) }}
{{- if (gt (int .replicas) 1) }}
{{ fail "The scheduler queue should never have more than 1 replicas" }}
{{- end }}
strategy:
type: Recreate
{{- end }}
replicas: {{ .replicas }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: sidekiq
{{- include "mastodon.selectorLabels" $context | nindent 6 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- with $context.Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
labels:
{{- include "mastodon.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: sidekiq
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
app.kubernetes.io/component: sidekiq-{{ .name }}
app.kubernetes.io/part-of: rails
spec:
{{- with .Values.imagePullSecrets }}
{{- with $context.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
serviceAccountName: {{ include "mastodon.serviceAccountName" $context }}
{{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
{{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostname
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
volumes:
- name: assets
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-assets
claimName: {{ template "mastodon.fullname" $context }}-assets
- name: system
persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system
claimName: {{ template "mastodon.fullname" $context }}-system
{{- end }}
containers:
- name: {{ .Chart.Name }}
- name: {{ $context.Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
imagePullPolicy: {{ $context.Values.image.pullPolicy }}
command:
- bundle
- exec
- sidekiq
- -c
- {{ .Values.mastodon.sidekiq.concurrency | quote }}
- {{ .concurrency | quote }}
{{- range .queues }}
- -q
- {{ . | quote }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
name: {{ include "mastodon.fullname" $context }}-env
- secretRef:
name: {{ template "mastodon.secretName" . }}
name: {{ template "mastodon.secretName" $context }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ template "mastodon.postgresql.secretName" $context }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
name: {{ template "mastodon.redis.secretName" $context }}
key: redis-password
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
- name: "AWS_SECRET_ACCESS_KEY"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_SECRET_ACCESS_KEY
- name: "AWS_ACCESS_KEY_ID"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.s3.existingSecret }}
name: {{ $context.Values.mastodon.s3.existingSecret }}
key: AWS_ACCESS_KEY_ID
{{- end }}
{{- if .Values.mastodon.smtp.existingSecret }}
{{- if $context.Values.mastodon.smtp.existingSecret }}
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.smtp.existingSecret }}
name: {{ $context.Values.mastodon.smtp.existingSecret }}
key: login
optional: true
- name: "SMTP_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.smtp.existingSecret }}
name: {{ $context.Values.mastodon.smtp.existingSecret }}
key: password
{{- end }}
{{- if (not .Values.mastodon.s3.enabled) }}
{{- if (not $context.Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets
mountPath: /opt/mastodon/public/assets
@ -119,12 +123,13 @@ spec:
mountPath: /opt/mastodon/public/system
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
{{- with $context.Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with $context.Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

16
templates/deployment-streaming.yaml
View File

@ -5,9 +5,7 @@ metadata:
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
replicas: {{ .Values.mastodon.streaming.replicas }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -15,7 +13,7 @@ spec:
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
@ -29,13 +27,13 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
{{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
- name: {{ .Chart.Name }}-streaming
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
@ -72,7 +70,7 @@ spec:
httpGet:
path: /api/v1/streaming/health
port: streaming
{{- with .Values.resources }}
{{- with (default .Values.resources .Values.mastodon.streaming.resources) }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
@ -80,7 +78,7 @@ spec:
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}

16
templates/deployment-web.yaml
View File

@ -5,9 +5,7 @@ metadata:
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
replicas: {{ .Values.mastodon.web.replicas }}
selector:
matchLabels:
{{- include "mastodon.selectorLabels" . | nindent 6 }}
@ -16,7 +14,7 @@ spec:
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }}
{{- toYaml . | nindent 8 }}
{{- end }}
# roll the pods to pick up any db migrations or other changes
@ -31,7 +29,7 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
{{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
@ -45,8 +43,8 @@ spec:
claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
- name: {{ .Chart.Name }}-web
{{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
@ -112,7 +110,7 @@ spec:
port: http
failureThreshold: 30
periodSeconds: 5
{{- with .Values.resources }}
{{- with (default .Values.resources .Values.mastodon.web.resources) }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
@ -120,7 +118,7 @@ spec:
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}

28
templates/hpa.yaml
View File

@ -1,28 +0,0 @@
{{- if .Values.autoscaling.enabled -}}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "mastodon.fullname" . }}
labels:
{{- include "mastodon.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "mastodon.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

2
templates/job-create-admin.yaml
View File

@ -55,7 +55,7 @@ spec:
- {{ .Values.mastodon.createAdmin.email }}
- --confirmed
- --role
- admin
- Owner
envFrom:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env

2
templates/tests/test-connection.yaml
View File

@ -11,5 +11,5 @@ spec:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "mastodon.fullname" . }}:{{ .Values.service.port }}']
args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}']
restartPolicy: Never

168
values.yaml
View File

@ -1,5 +1,3 @@
replicaCount: 1
image:
repository: tootsuite/mastodon
# https://hub.docker.com/r/tootsuite/mastodon/tags
@ -13,28 +11,36 @@ image:
pullPolicy: IfNotPresent
mastodon:
# create an initial administrator user; the password is autogenerated and will
# -- create an initial administrator user; the password is autogenerated and will
# have to be reset
createAdmin:
# @ignored
enabled: false
# @ignored
username: not_gargron
# @ignored
email: not@example.com
cron:
# run `tootctl media remove` every week
# -- run `tootctl media remove` every week
removeMedia:
# @ignored
enabled: true
# @ignored
schedule: "0 0 * * 0"
# available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
# -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
locale: en
local_domain: mastodon.local
# Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
# -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
# web_domain: mastodon.example.com
# If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
# Example: mastodon.example.com
web_domain: null
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch: false
persistence:
assets:
# ReadWriteOnce is more widely supported than ReadWriteMany, but limits
# -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits
# scalability, since it requires the Rails and Sidekiq pods to run on the
# same node.
accessMode: ReadWriteOnce
@ -50,14 +56,14 @@ mastodon:
enabled: false
access_key: ""
access_secret: ""
# you can also specify the name of an existing Secret
# -- you can also specify the name of an existing Secret
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
existingSecret: ""
bucket: ""
endpoint: https://us-east-1.linodeobjects.com
hostname: us-east-1.linodeobjects.com
endpoint: ""
hostname: ""
region: ""
# If you have a caching proxy, enter its base URL here.
# -- If you have a caching proxy, enter its base URL here.
alias_host: ""
# these must be set manually; autogenerated keys are rotated on each upgrade
secrets:
@ -66,12 +72,61 @@ mastodon:
vapid:
private_key: ""
public_key: ""
# you can also specify the name of an existing Secret
# -- you can also specify the name of an existing Secret
# with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
existingSecret: ""
sidekiq:
concurrency: 25
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext
securityContext: {}
# -- Resources for all Sidekiq Deployments unless overwritten
resources: {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity: {}
# limits:
# cpu: "1"
# memory: 768Mi
# requests:
# cpu: 250m
# memory: 512Mi
workers:
- name: all-queues
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
concurrency: 25
# -- Number of Pod replicas deployed by the Deployment
replicas: 1
# -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources
resources: {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity: {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues:
- default,8
- push,6
- ingress,4
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
#- name: push-pull
# concurrency: 50
# resources: {}
# replicas: 2
# queues:
# - push
# - pull
#- name: mailers
# concurrency: 25
# replicas: 2
# queues:
# - mailers
#- name: default
# concurrency: 25
# replicas: 2
# queues:
# - default
smtp:
auth_method: plain
ca_file: /etc/ssl/certs/ca-certificates.crt
@ -86,24 +141,56 @@ mastodon:
tls: false
login:
password:
# you can also specify the name of an existing Secret
# -- you can also specify the name of an existing Secret
# with the keys login and password
existingSecret:
streaming:
port: 4000
# this should be set manually since os.cpus() returns the number of CPUs on
# -- this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to
# the pod by k8s
workers: 1
# The base url for streaming can be set if the streaming API is deployed to
# -- The base url for streaming can be set if the streaming API is deployed to
# a different domain/subdomain.
# base_url: wws://streaming.example.com
base_url: null
# -- Number of Streaming Pods running
replicas: 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity: {}
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
securityContext: {}
# -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources
resources: {}
# limits:
# cpu: "500m"
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 128Mi
web:
port: 3000
# -- Number of Web Pods running
replicas: 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity: {}
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext
securityContext: {}
# -- (Web Container) Resources for Web Pods, overwrites .Values.resources
resources: {}
# limits:
# cpu: "1"
# memory: 1280Mi
# requests:
# cpu: 250m
# memory: 768Mi
metrics:
statsd:
# Enable statsd publishing via STATSD_ADDR environment variable
# -- Enable statsd publishing via STATSD_ADDR environment variable
address: ""
ingress:
@ -121,7 +208,7 @@ ingress:
# nginx.ingress.kubernetes.io/proxy-body-size: 40m
# for the NGINX ingress controller:
# nginx.org/client-max-body-size: 40m
# you can specify the ingressClassName if it differs from the default
# -- you can specify the ingressClassName if it differs from the default
ingressClassName:
hosts:
- host: mastodon.local
@ -132,20 +219,22 @@ ingress:
hosts:
- mastodon.local
# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
elasticsearch:
# `false` will disable full-text search
#
# if you enable ES after the initial install, you will need to manually run
# RAILS_ENV=production bundle exec rake chewy:sync
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
# @ignored
enabled: true
# @ignored
image:
tag: 7
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql:
# disable if you want to use an existing db; in which case the values below
# -- disable if you want to use an existing db; in which case the values below
# must match those of that external postgres instance
enabled: true
# postgresqlHostname: preexisting-postgresql
@ -172,7 +261,7 @@ redis:
enabled: true
hostname: ""
port: 6379
# you must set a password; the password generated by the redis chart will be
# -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# you can also specify the name of an existing Secret
@ -180,13 +269,14 @@ redis:
# auth:
# existingSecret: ""
# @ignored
service:
type: ClusterIP
port: 80
externalAuth:
oidc:
# OpenID Connect support is proposed in PR #16221 and awaiting merge.
# -- OpenID Connect support is proposed in PR #16221 and awaiting merge.
enabled: false
# display_name: "example-label"
# issuer: https://login.example.space/auth/realms/example-space
@ -236,8 +326,8 @@ externalAuth:
# verified:
# verified_email:
oauth_global:
# Force redirect local login to CAS. Does not function with SAML or LDAP.
oauth_redirect_at_sign_in: false
# -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In
omniauth_only: false
cas:
enabled: false
# url: https://sso.myserver.com
@ -283,7 +373,7 @@ externalAuth:
# search: "., -"
# replace: _
# https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75
# -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75
#
# if you manually change the UID/GID environment variables, ensure these values
# match:
@ -292,25 +382,27 @@ podSecurityContext:
runAsGroup: 991
fsGroup: 991
# @ignored
securityContext: {}
serviceAccount:
# Specifies whether a service account should be created
# -- Specifies whether a service account should be created
create: true
# Annotations to add to the service account
# -- Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Kubernetes manages pods for jobs and pods for deployments differently, so you might
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods.
podAnnotations: {}
# The annotations set with jobAnnotations will be added to all job pods.
# -- The annotations set with jobAnnotations will be added to all job pods.
jobAnnotations: {}
# -- Default resources for all Deployments and jobs unless overwritten
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
@ -323,15 +415,11 @@ resources: {}
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# @ignored
nodeSelector: {}
# @ignored
tolerations: []
# -- Affinity for all pods unless overwritten
affinity: {}