From 9c273c2a59755a46ff3933470b02df857537a4af Mon Sep 17 00:00:00 2001 From: Alex Dunn Date: Sun, 14 Feb 2021 23:00:54 -0800 Subject: [PATCH] helm: standardize yaml configuration (#15728) - move application variables under `mastodon` namespace - restore standard yaml structure for ingress configuration - move values.yaml.template to values.yaml --- .gitignore | 1 - chart/Chart.yaml | 2 +- chart/readme.md | 16 +-- chart/templates/NOTES.txt | 5 +- chart/templates/configmap-env.yaml | 60 ++++----- chart/templates/cronjob-media-remove.yaml | 8 +- chart/templates/deployment-sidekiq.yaml | 4 +- chart/templates/deployment-streaming.yaml | 4 +- chart/templates/deployment-web.yaml | 4 +- chart/templates/ingress.yaml | 17 ++- chart/templates/job-assets-precompile.yaml | 4 +- chart/templates/job-chewy-upgrade.yaml | 4 +- chart/templates/job-create-admin.yaml | 10 +- chart/templates/job-db-migrate.yaml | 4 +- chart/templates/pvc-assets.yaml | 6 +- chart/templates/pvc-system.yaml | 6 +- chart/templates/secrets.yaml | 24 ++-- chart/templates/service-streaming.yaml | 2 +- chart/templates/service-web.yaml | 2 +- chart/{values.yaml.template => values.yaml} | 141 ++++++++++---------- 20 files changed, 161 insertions(+), 163 deletions(-) rename chart/{values.yaml.template => values.yaml} (70%) diff --git a/.gitignore b/.gitignore index 4545270b3..8d921392b 100644 --- a/.gitignore +++ b/.gitignore @@ -46,7 +46,6 @@ # ignore Helm lockfile, dependency charts, and local values file /chart/Chart.lock /chart/charts/*.tgz -/chart/values.yaml # Ignore Apple files .DS_Store diff --git a/chart/Chart.yaml b/chart/Chart.yaml index a1db340e6..8f95a1f63 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 1.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/chart/readme.md b/chart/readme.md index 804e98094..e699542ff 100644 --- a/chart/readme.md +++ b/chart/readme.md @@ -3,12 +3,9 @@ This is a [Helm](https://helm.sh/) chart for installing Mastodon into a Kubernetes cluster. The basic usage is: -``` -cp values.yaml.template values.yaml -edit values.yaml # configure required settings -helm dep update -helm upgrade --install my-mastodon ./ -``` +1. edit `values.yaml` or create a separate yaml file for custom values +1. `helm dep update` +1. `helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml` This chart has been tested on Helm 3.0.1 and above. @@ -16,14 +13,11 @@ This chart has been tested on Helm 3.0.1 and above. The variables that _must_ be configured are: -- `ingress.hostname`; even if you aren’t using an Ingress, this value is used to - set `LOCAL_DOMAIN`. - -- password and keys in the `secrets`, `postgresql`, and `redis` groups; if +- password and keys in the `mastodon.secrets`, `postgresql`, and `redis` groups; if left blank, some of those values will be autogenerated, but will not persist across upgrades. -- SMTP settings for your mailer in the `smtp` group. +- SMTP settings for your mailer in the `mastodon.smtp` group. # Missing features diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt index 36cced67a..b09c40bec 100644 --- a/chart/templates/NOTES.txt +++ b/chart/templates/NOTES.txt @@ -2,7 +2,7 @@ {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} @@ -16,6 +16,7 @@ echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mastodon.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml index 2f93a4b3c..cc7231db4 100644 --- a/chart/templates/configmap-env.yaml +++ b/chart/templates/configmap-env.yaml @@ -11,59 +11,59 @@ data: DB_HOST: {{ .Values.postgresql.postgresqlHostname }} {{- end }} DB_NAME: {{ .Values.postgresql.postgresqlDatabase }} - DB_POOL: {{ .Values.application.sidekiq.concurrency | quote }} + DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} DB_PORT: "5432" DB_USER: {{ .Values.postgresql.postgresqlUsername }} - DEFAULT_LOCALE: {{ .Values.locale }} + DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} ES_ENABLED: "true" ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master ES_PORT: "9200" {{- end }} - LOCAL_DOMAIN: {{ .Values.ingress.hostname }} + LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior MALLOC_ARENA_MAX: "2" NODE_ENV: "production" RAILS_ENV: "production" REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master REDIS_PORT: "6379" - {{- if .Values.smtp.auth_method }} - SMTP_AUTH_METHOD: {{ .Values.smtp.auth_method }} + {{- if .Values.mastodon.smtp.auth_method }} + SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} {{- end }} - {{- if .Values.smtp.ca_file }} - SMTP_CA_FILE: {{ .Values.smtp.ca_file }} + {{- if .Values.mastodon.smtp.ca_file }} + SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }} {{- end }} - {{- if .Values.smtp.delivery_method }} - SMTP_DELIVERY_METHOD: {{ .Values.smtp.delivery_method }} + {{- if .Values.mastodon.smtp.delivery_method }} + SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }} {{- end }} - {{- if .Values.smtp.domain }} - SMTP_DOMAIN: {{ .Values.smtp.domain }} + {{- if .Values.mastodon.smtp.domain }} + SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }} {{- end }} - {{- if .Values.smtp.enable_starttls_auto }} - SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.smtp.enable_starttls_auto | quote }} + {{- if .Values.mastodon.smtp.enable_starttls_auto }} + SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }} {{- end }} - {{- if .Values.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ .Values.smtp.from_address }} + {{- if .Values.mastodon.smtp.from_address }} + SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }} {{- end }} - {{- if .Values.smtp.login }} - SMTP_LOGIN: {{ .Values.smtp.login }} + {{- if .Values.mastodon.smtp.login }} + SMTP_LOGIN: {{ .Values.mastodon.smtp.login }} {{- end }} - {{- if .Values.smtp.openssl_verify_mode }} - SMTP_OPENSSL_VERIFY_MODE: {{ .Values.smtp.openssl_verify_mode }} + {{- if .Values.mastodon.smtp.openssl_verify_mode }} + SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }} {{- end }} - {{- if .Values.smtp.password }} - SMTP_PASSWORD: {{ .Values.smtp.password }} + {{- if .Values.mastodon.smtp.password }} + SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }} {{- end }} - {{- if .Values.smtp.port }} - SMTP_PORT: {{ .Values.smtp.port | quote }} + {{- if .Values.mastodon.smtp.port }} + SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }} {{- end }} - {{- if .Values.smtp.reply_to }} - SMTP_REPLY_TO: {{ .Values.smtp.reply_to }} + {{- if .Values.mastodon.smtp.reply_to }} + SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }} {{- end }} - {{- if .Values.smtp.server }} - SMTP_SERVER: {{ .Values.smtp.server }} + {{- if .Values.mastodon.smtp.server }} + SMTP_SERVER: {{ .Values.mastodon.smtp.server }} {{- end }} - {{- if .Values.smtp.tls }} - SMTP_TLS: {{ .Values.smtp.tls | quote }} + {{- if .Values.mastodon.smtp.tls }} + SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }} {{- end }} - STREAMING_CLUSTER_NUM: {{ .Values.application.streaming.workers | quote }} + STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} diff --git a/chart/templates/cronjob-media-remove.yaml b/chart/templates/cronjob-media-remove.yaml index 5d78f3395..8515e4002 100644 --- a/chart/templates/cronjob-media-remove.yaml +++ b/chart/templates/cronjob-media-remove.yaml @@ -1,4 +1,4 @@ -{{ if .Values.cron.removeMedia.enabled }} +{{ if .Values.mastodon.cron.removeMedia.enabled }} apiVersion: batch/v1beta1 kind: CronJob metadata: @@ -6,7 +6,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: - schedule: {{ .Values.cron.removeMedia.schedule }} + schedule: {{ .Values.mastodon.cron.removeMedia.schedule }} jobTemplate: spec: template: @@ -16,7 +16,7 @@ spec: restartPolicy: OnFailure # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -64,7 +64,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/deployment-sidekiq.yaml b/chart/templates/deployment-sidekiq.yaml index f300a5e63..8ef157d31 100644 --- a/chart/templates/deployment-sidekiq.yaml +++ b/chart/templates/deployment-sidekiq.yaml @@ -33,7 +33,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -63,7 +63,7 @@ spec: - exec - sidekiq - -c - - {{ .Values.application.sidekiq.concurrency | quote }} + - {{ .Values.mastodon.sidekiq.concurrency | quote }} envFrom: - configMapRef: name: {{ include "mastodon.fullname" . }}-env diff --git a/chart/templates/deployment-streaming.yaml b/chart/templates/deployment-streaming.yaml index 02efcc3dc..b332b686a 100644 --- a/chart/templates/deployment-streaming.yaml +++ b/chart/templates/deployment-streaming.yaml @@ -55,10 +55,10 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.streaming.port | quote }} + value: {{ .Values.mastodon.streaming.port | quote }} ports: - name: streaming - containerPort: {{ .Values.application.streaming.port }} + containerPort: {{ .Values.mastodon.streaming.port }} protocol: TCP livenessProbe: httpGet: diff --git a/chart/templates/deployment-web.yaml b/chart/templates/deployment-web.yaml index a531aa487..02aa7c9a5 100644 --- a/chart/templates/deployment-web.yaml +++ b/chart/templates/deployment-web.yaml @@ -71,7 +71,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets @@ -79,7 +79,7 @@ spec: mountPath: /opt/mastodon/public/system ports: - name: http - containerPort: {{ .Values.application.web.port }} + containerPort: {{ .Values.mastodon.web.port }} protocol: TCP livenessProbe: httpGet: diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index 947bf5b70..8930d2c10 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -1,6 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "mastodon.fullname" . -}} -{{- $svcPort := .Values.service.port -}} +{{- $webPort := .Values.mastodon.web.port -}} +{{- $streamingPort := .Values.mastodon.streaming.port -}} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} @@ -27,15 +28,19 @@ spec: {{- end }} {{- end }} rules: - - host: {{ .Values.ingress.hostname | quote }} + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} http: paths: - - path: '/' + {{- range .paths }} + - path: {{ .path }} backend: serviceName: {{ $fullName }}-web - servicePort: {{ $svcPort }} - - path: '/api/v1/streaming' + servicePort: {{ $webPort }} + - path: {{ .path }}api/v1/streaming backend: serviceName: {{ $fullName }}-streaming - servicePort: {{ .Values.application.streaming.port }} + servicePort: {{ $streamingPort }} + {{- end }} + {{- end }} {{- end }} diff --git a/chart/templates/job-assets-precompile.yaml b/chart/templates/job-assets-precompile.yaml index 32e5c71d3..2aae20582 100644 --- a/chart/templates/job-assets-precompile.yaml +++ b/chart/templates/job-assets-precompile.yaml @@ -16,7 +16,7 @@ spec: restartPolicy: Never # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -65,7 +65,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/job-chewy-upgrade.yaml b/chart/templates/job-chewy-upgrade.yaml index 4d645168a..8647a9831 100644 --- a/chart/templates/job-chewy-upgrade.yaml +++ b/chart/templates/job-chewy-upgrade.yaml @@ -17,7 +17,7 @@ spec: restartPolicy: Never # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -66,7 +66,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/job-create-admin.yaml b/chart/templates/job-create-admin.yaml index aabb593ac..1a3d8222b 100644 --- a/chart/templates/job-create-admin.yaml +++ b/chart/templates/job-create-admin.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createAdmin.enabled }} +{{- if .Values.mastodon.createAdmin.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -17,7 +17,7 @@ spec: restartPolicy: Never # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -44,9 +44,9 @@ spec: - bin/tootctl - accounts - create - - {{ .Values.createAdmin.username }} + - {{ .Values.mastodon.createAdmin.username }} - --email - - {{ .Values.createAdmin.email }} + - {{ .Values.mastodon.createAdmin.email }} - --confirmed - --role - admin @@ -71,7 +71,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/job-db-migrate.yaml b/chart/templates/job-db-migrate.yaml index dd687a066..e107da4d0 100644 --- a/chart/templates/job-db-migrate.yaml +++ b/chart/templates/job-db-migrate.yaml @@ -16,7 +16,7 @@ spec: restartPolicy: Never # ensure we run on the same node as the other rails components; only # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.persistence.system.accessMode) }} + {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -65,7 +65,7 @@ spec: name: {{ .Release.Name }}-redis key: redis-password - name: "PORT" - value: {{ .Values.application.web.port | quote }} + value: {{ .Values.mastodon.web.port | quote }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets diff --git a/chart/templates/pvc-assets.yaml b/chart/templates/pvc-assets.yaml index 5c5315100..12ac72eb3 100644 --- a/chart/templates/pvc-assets.yaml +++ b/chart/templates/pvc-assets.yaml @@ -7,7 +7,7 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.persistence.system.accessMode }} + - {{ .Values.mastodon.persistence.system.accessMode }} resources: - {{- toYaml .Values.persistence.assets.resources | nindent 4}} - storageClassName: {{ .Values.persistence.assets.storageClassName }} + {{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}} + storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }} diff --git a/chart/templates/pvc-system.yaml b/chart/templates/pvc-system.yaml index 028551151..62dc1e708 100644 --- a/chart/templates/pvc-system.yaml +++ b/chart/templates/pvc-system.yaml @@ -7,7 +7,7 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} spec: accessModes: - - {{ .Values.persistence.system.accessMode }} + - {{ .Values.mastodon.persistence.system.accessMode }} resources: - {{- toYaml .Values.persistence.system.resources | nindent 4}} - storageClassName: {{ .Values.persistence.system.storageClassName }} + {{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}} + storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }} diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml index 80f24a121..63d01d3eb 100644 --- a/chart/templates/secrets.yaml +++ b/chart/templates/secrets.yaml @@ -6,25 +6,25 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} type: Opaque data: - {{- if not (empty .Values.secrets.secret_key_base) }} - SECRET_KEY_BASE: "{{ .Values.secrets.secret_key_base | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.secret_key_base) }} + SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" {{- else }} - SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.secrets.secret_key_base }} + SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }} {{- end }} - {{- if not (empty .Values.secrets.otp_secret) }} - OTP_SECRET: "{{ .Values.secrets.otp_secret | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.otp_secret) }} + OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}" {{- else }} - OTP_SECRET: {{ required "otp_secret is required" .Values.secrets.otp_secret }} + OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }} {{- end }} - {{- if not (empty .Values.secrets.vapid.private_key) }} - VAPID_PRIVATE_KEY: "{{ .Values.secrets.vapid.private_key | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.vapid.private_key) }} + VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}" {{- else }} - VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.secrets.vapid.private_key }} + VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }} {{- end }} - {{- if not (empty .Values.secrets.vapid.public_key) }} - VAPID_PUBLIC_KEY: "{{ .Values.secrets.vapid.public_key | b64enc }}" + {{- if not (empty .Values.mastodon.secrets.vapid.public_key) }} + VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}" {{- else }} - VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.secrets.vapid.public_key }} + VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} {{- end }} {{- if not .Values.postgresql.enabled }} postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}" diff --git a/chart/templates/service-streaming.yaml b/chart/templates/service-streaming.yaml index ff5dc13ea..a005e617c 100644 --- a/chart/templates/service-streaming.yaml +++ b/chart/templates/service-streaming.yaml @@ -7,7 +7,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.application.streaming.port }} + - port: {{ .Values.mastodon.streaming.port }} targetPort: streaming protocol: TCP name: streaming diff --git a/chart/templates/service-web.yaml b/chart/templates/service-web.yaml index e0df35b25..3563fde70 100644 --- a/chart/templates/service-web.yaml +++ b/chart/templates/service-web.yaml @@ -7,7 +7,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.mastodon.web.port }} targetPort: http protocol: TCP name: http diff --git a/chart/values.yaml.template b/chart/values.yaml similarity index 70% rename from chart/values.yaml.template rename to chart/values.yaml index a57621b9e..d752e46ec 100644 --- a/chart/values.yaml.template +++ b/chart/values.yaml @@ -2,16 +2,79 @@ replicaCount: 1 image: repository: tootsuite/mastodon - pullPolicy: Always # https://hub.docker.com/r/tootsuite/mastodon/tags - tag: v3.3.0 + # # alternatively, use `latest` for the latest release or `edge` for the image # built from the most recent commit # # tag: latest + tag: v3.3.0 + # use `Always` when using `latest` tag + pullPolicy: IfNotPresent + +mastodon: + # create an initial administrator user; the password is autogenerated and will + # have to be reset + createAdmin: + enabled: false + username: not_gargron + email: not@example.com + cron: + # run `tootctl media remove` every week + removeMedia: + enabled: true + schedule: "0 0 * * 0" + # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 + locale: en + local_domain: mastodon.local + persistence: + assets: + # ReadWriteOnce is more widely supported than ReadWriteMany, but limits + # scalability, since it requires the Rails and Sidekiq pods to run on the + # same node. + accessMode: ReadWriteOnce + resources: + requests: + storage: 10Gi + system: + accessMode: ReadWriteOnce + resources: + requests: + storage: 100Gi + # these must be set manually; autogenerated keys are rotated on each upgrade + secrets: + secret_key_base: "" + otp_secret: "" + vapid: + private_key: "" + public_key: "" + sidekiq: + concurrency: 25 + smtp: + auth_method: plain + ca_file: + delivery_method: smtp + domain: + enable_starttls_auto: true + from_address: notifications@example.com + login: + openssl_verify_mode: peer + password: + port: 587 + reply_to: + server: smtp.mailgun.org + tls: false + streaming: + port: 4000 + # this should be set manually since os.cpus() returns the number of CPUs on + # the node running the pod, which is unrelated to the resources allocated to + # the pod by k8s + workers: 1 + web: + port: 3000 ingress: - enabled: false + enabled: true annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" @@ -22,64 +85,15 @@ ingress: # nginx.ingress.kubernetes.io/proxy-body-size: 40m # for the NGINX ingress controller: # nginx.org/client-max-body-size: 40m - # this value is used for LOCAL_DOMAIN - hostname: mastodon.local + hosts: + - host: mastodon.local + paths: + - path: '/' tls: - secretName: mastodon-tls hosts: - mastodon.local -# create an initial administrator user; the password is autogenerated and will -# have to be reset -createAdmin: - enabled: false - username: not_gargron - email: not@example.com - -# available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 -locale: en - -cron: - # run `tootctl media remove` every week - removeMedia: - enabled: true - schedule: "0 0 * * 0" - -application: - web: - port: 3000 - streaming: - port: 4000 - # this should be set manually since os.cpus() returns the number of CPUs on - # the node running the pod, which is unrelated to the resources allocated to - # the pod by k8s - workers: 1 - sidekiq: - concurrency: 25 - -# these must be set manually; autogenerated keys are rotated on each upgrade -secrets: - secret_key_base: "" - otp_secret: "" - vapid: - private_key: "" - public_key: "" - -smtp: - auth_method: plain - ca_file: - delivery_method: smtp - domain: - enable_starttls_auto: true - from_address: notifications@example.com - login: - openssl_verify_mode: peer - password: - port: 587 - reply_to: - server: smtp.mailgun.org - tls: false - # https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: # `false` will disable full-text search @@ -112,21 +126,6 @@ redis: # rotated on each upgrade: password: "" -persistence: - assets: - # ReadWriteOnce is more widely supported than ReadWriteMany, but limits - # scalability, since it requires the Rails and Sidekiq pods to run on the - # same node. - accessMode: ReadWriteOnce - resources: - requests: - storage: 10Gi - system: - accessMode: ReadWriteOnce - resources: - requests: - storage: 100Gi - service: type: ClusterIP port: 80