diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 207780b34..0e1804f91 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -136,3 +136,15 @@ Return true if a mastodon secret object should be created {{- true -}} {{- end -}} {{- end -}} + +{{/* +Find highest number of needed database connections to set DB_POOL variable +*/}} +{{- define "mastodon.maxDbPool" -}} +{{/* Default MAX_THREADS for Puma is 5 */}} +{{- $poolSize := 5 }} +{{- range .Values.mastodon.sidekiq.workers }} +{{- $poolSize = max $poolSize .concurrency }} +{{- end }} +{{- $poolSize | quote }} +{{- end }} diff --git a/chart/templates/configmap-env.yaml b/chart/templates/configmap-env.yaml index 5d0b96db8..4d0195568 100644 --- a/chart/templates/configmap-env.yaml +++ b/chart/templates/configmap-env.yaml @@ -13,7 +13,7 @@ data: DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }} {{- end }} DB_NAME: {{ .Values.postgresql.auth.database }} - DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} + DB_POOL: {{ include "mastodon.maxDbPool" . }} DB_USER: {{ .Values.postgresql.auth.username }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }} {{- if .Values.elasticsearch.enabled }} @@ -22,12 +22,15 @@ data: ES_PORT: "9200" {{- end }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} - {{- if .Values.mastodon.web_domain }} - WEB_DOMAIN: {{ .Values.mastodon.web_domain }} + {{- with .Values.mastodon.web_domain }} + WEB_DOMAIN: {{ . }} {{- end }} - {{- if .Values.mastodon.singleUserMode }} + {{- with .Values.mastodon.singleUserMode }} SINGLE_USER_MODE: "true" {{- end }} + {{- with .Values.mastodon.authorizedFetch }} + AUTHORIZED_FETCH: {{ . | quote }} + {{- end }} # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior MALLOC_ARENA_MAX: "2" NODE_ENV: "production" @@ -40,58 +43,58 @@ data: S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} S3_PROTOCOL: "https" - {{- if .Values.mastodon.s3.region }} - S3_REGION: {{ .Values.mastodon.s3.region }} + {{- with .Values.mastodon.s3.region }} + S3_REGION: {{ . }} {{- end }} - {{- if .Values.mastodon.s3.alias_host }} + {{- with .Values.mastodon.s3.alias_host }} S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}} {{- end }} {{- end }} - {{- if .Values.mastodon.smtp.auth_method }} - SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} + {{- with .Values.mastodon.smtp.auth_method }} + SMTP_AUTH_METHOD: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.ca_file }} - SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }} + {{- with .Values.mastodon.smtp.ca_file }} + SMTP_CA_FILE: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.delivery_method }} - SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }} + {{- with .Values.mastodon.smtp.delivery_method }} + SMTP_DELIVERY_METHOD: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.domain }} - SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }} + {{- with .Values.mastodon.smtp.domain }} + SMTP_DOMAIN: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.enable_starttls }} - SMTP_ENABLE_STARTTLS: {{ .Values.mastodon.smtp.enable_starttls | quote }} + {{- with .Values.mastodon.smtp.enable_starttls }} + SMTP_ENABLE_STARTTLS: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.enable_starttls_auto }} - SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }} + {{- with .Values.mastodon.smtp.enable_starttls_auto }} + SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }} + {{- with .Values.mastodon.smtp.from_address }} + SMTP_FROM_ADDRESS: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.login }} - SMTP_LOGIN: {{ .Values.mastodon.smtp.login }} + {{- with .Values.mastodon.smtp.login }} + SMTP_LOGIN: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.openssl_verify_mode }} - SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }} + {{- with .Values.mastodon.smtp.openssl_verify_mode }} + SMTP_OPENSSL_VERIFY_MODE: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.password }} - SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }} + {{- with .Values.mastodon.smtp.password }} + SMTP_PASSWORD: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.port }} - SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }} + {{- with .Values.mastodon.smtp.port }} + SMTP_PORT: {{ . | quote }} {{- end }} - {{- if .Values.mastodon.smtp.reply_to }} - SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }} + {{- with .Values.mastodon.smtp.reply_to }} + SMTP_REPLY_TO: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.server }} - SMTP_SERVER: {{ .Values.mastodon.smtp.server }} + {{- with .Values.mastodon.smtp.server }} + SMTP_SERVER: {{ . }} {{- end }} - {{- if .Values.mastodon.smtp.tls }} - SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }} + {{- with .Values.mastodon.smtp.tls }} + SMTP_TLS: {{ . | quote }} {{- end }} STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} - {{- if .Values.mastodon.streaming.base_url }} - STREAMING_API_BASE_URL: {{ .Values.mastodon.streaming.base_url | quote }} + {{- with .Values.mastodon.streaming.base_url }} + STREAMING_API_BASE_URL: {{ . | quote }} {{- end }} {{- if .Values.externalAuth.oidc.enabled }} OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }} @@ -104,53 +107,53 @@ data: OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }} OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }} OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }} - {{- if .Values.externalAuth.oidc.client_auth_method }} - OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }} + {{- with .Values.externalAuth.oidc.client_auth_method }} + OIDC_CLIENT_AUTH_METHOD: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.response_type }} - OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }} + {{- with .Values.externalAuth.oidc.response_type }} + OIDC_RESPONSE_TYPE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.response_mode }} - OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }} + {{- with .Values.externalAuth.oidc.response_mode }} + OIDC_RESPONSE_MODE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.display }} - OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }} + {{- with .Values.externalAuth.oidc.display }} + OIDC_DISPLAY: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.prompt }} - OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }} + {{- with .Values.externalAuth.oidc.prompt }} + OIDC_PROMPT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.send_nonce }} - OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }} + {{- with .Values.externalAuth.oidc.send_nonce }} + OIDC_SEND_NONCE: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }} - OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }} + {{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }} + OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }} - OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }} + {{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }} + OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.http_scheme }} - OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }} + {{- with .Values.externalAuth.oidc.http_scheme }} + OIDC_HTTP_SCHEME: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.host }} - OIDC_HOST: {{ .Values.externalAuth.oidc.host }} + {{- with .Values.externalAuth.oidc.host }} + OIDC_HOST: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.port }} - OIDC_PORT: {{ .Values.externalAuth.oidc.port }} + {{- with .Values.externalAuth.oidc.port }} + OIDC_PORT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.jwks_uri }} - OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }} + {{- with .Values.externalAuth.oidc.jwks_uri }} + OIDC_JWKS_URI: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.auth_endpoint }} - OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }} + {{- with .Values.externalAuth.oidc.auth_endpoint }} + OIDC_AUTH_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.token_endpoint }} - OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }} + {{- with .Values.externalAuth.oidc.token_endpoint }} + OIDC_TOKEN_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.user_info_endpoint }} - OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }} + {{- with .Values.externalAuth.oidc.user_info_endpoint }} + OIDC_USER_INFO_ENDPOINT: {{ . }} {{- end }} - {{- if .Values.externalAuth.oidc.end_session_endpoint }} - OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }} + {{- with .Values.externalAuth.oidc.end_session_endpoint }} + OIDC_END_SESSION_ENDPOINT: {{ . }} {{- end }} {{- end }} {{- if .Values.externalAuth.saml.enabled }} @@ -159,54 +162,54 @@ data: SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }} SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }} SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }} - {{- if .Values.externalAuth.saml.idp_cert_fingerprint }} - SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }} + {{- with .Values.externalAuth.saml.idp_cert_fingerprint }} + SAML_IDP_CERT_FINGERPRINT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.name_identifier_format }} - SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }} + {{- with .Values.externalAuth.saml.name_identifier_format }} + SAML_NAME_IDENTIFIER_FORMAT: {{ . }} {{- end }} - {{- if .Values.externalAuth.saml.cert }} - SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }} + {{- with .Values.externalAuth.saml.cert }} + SAML_CERT: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.private_key }} - SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }} + {{- with .Values.externalAuth.saml.private_key }} + SAML_PRIVATE_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.want_assertion_signed }} - SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }} + {{- with .Values.externalAuth.saml.want_assertion_signed }} + SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.want_assertion_encrypted }} - SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }} + {{- with .Values.externalAuth.saml.want_assertion_encrypted }} + SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.assume_email_is_verified }} - SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }} + {{- with .Values.externalAuth.saml.assume_email_is_verified }} + SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.uid_attribute }} - SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }} + {{- with .Values.externalAuth.saml.uid_attribute }} + SAML_UID_ATTRIBUTE: {{ . }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.uid }} - SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.uid }} + SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.email }} - SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.email }} + SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.full_name }} - SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.full_name }} + SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.first_name }} - SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.first_name }} + SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.last_name }} - SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.last_name }} + SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.verified }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.verified }} + SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.saml.attributes_statements.verified_email }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }} + {{- with .Values.externalAuth.saml.attributes_statements.verified_email }} + SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }} {{- end }} {{- end }} - {{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }} - OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }} + {{- with .Values.externalAuth.oauth_global.omniauth_only }} + OMNIAUTH_ONLY: {{ . | quote }} {{- end }} {{- if .Values.externalAuth.cas.enabled }} CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }} @@ -214,68 +217,68 @@ data: CAS_HOST: {{ .Values.externalAuth.cas.host }} CAS_PORT: {{ .Values.externalAuth.cas.port }} CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }} - {{- if .Values.externalAuth.cas.validate_url }} - CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }} + {{- with .Values.externalAuth.cas.validate_url }} + CAS_VALIDATE_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.callback_url }} - CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }} + {{- with .Values.externalAuth.cas.callback_url }} + CAS_CALLBACK_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.logout_url }} - CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }} + {{- with .Values.externalAuth.cas.logout_url }} + CAS_LOGOUT_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.login_url }} - CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }} + {{- with .Values.externalAuth.cas.login_url }} + CAS_LOGIN_URL: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.uid_field }} - CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }} + {{- with .Values.externalAuth.cas.uid_field }} + CAS_UID_FIELD: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.ca_path }} - CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }} + {{- with .Values.externalAuth.cas.ca_path }} + CAS_CA_PATH: {{ . }} {{- end }} - {{- if .Values.externalAuth.cas.disable_ssl_verification }} - CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }} + {{- with .Values.externalAuth.cas.disable_ssl_verification }} + CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.assume_email_is_verified }} - CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }} + {{- with .Values.externalAuth.cas.assume_email_is_verified }} + CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.uid }} - CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }} + {{- with .Values.externalAuth.cas.keys.uid }} + CAS_UID_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.name }} - CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }} + {{- with .Values.externalAuth.cas.keys.name }} + CAS_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.email }} - CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }} + {{- with .Values.externalAuth.cas.keys.email }} + CAS_EMAIL_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.nickname }} - CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }} + {{- with .Values.externalAuth.cas.keys.nickname }} + CAS_NICKNAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.first_name }} - CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }} + {{- with .Values.externalAuth.cas.keys.first_name }} + CAS_FIRST_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.last_name }} - CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }} + {{- with .Values.externalAuth.cas.keys.last_name }} + CAS_LAST_NAME_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.location }} - CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }} + {{- with .Values.externalAuth.cas.keys.location }} + CAS_LOCATION_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.image }} - CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }} + {{- with .Values.externalAuth.cas.keys.image }} + CAS_IMAGE_KEY: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.cas.keys.phone }} - CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }} + {{- with .Values.externalAuth.cas.keys.phone }} + CAS_PHONE_KEY: {{ . | quote }} {{- end }} {{- end }} - {{- if .Values.externalAuth.pam.enabled }} - PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }} - {{- if .Values.externalAuth.pam.email_domain }} - PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }} + {{- with .Values.externalAuth.pam.enabled }} + PAM_ENABLED: {{ . | quote }} + {{- with .Values.externalAuth.pam.email_domain }} + PAM_EMAIL_DOMAIN: {{ . }} {{- end }} - {{- if .Values.externalAuth.pam.default_service }} - PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }} + {{- with .Values.externalAuth.pam.default_service }} + PAM_DEFAULT_SERVICE: {{ . }} {{- end }} - {{- if .Values.externalAuth.pam.controlled_service }} - PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }} + {{- with .Values.externalAuth.pam.controlled_service }} + PAM_CONTROLLED_SERVICE: {{ . }} {{- end }} {{- end }} {{- if .Values.externalAuth.ldap.enabled }} @@ -283,32 +286,32 @@ data: LDAP_HOST: {{ .Values.externalAuth.ldap.host }} LDAP_PORT: {{ .Values.externalAuth.ldap.port }} LDAP_METHOD: {{ .Values.externalAuth.ldap.method }} - {{- if .Values.externalAuth.ldap.base }} - LDAP_BASE: {{ .Values.externalAuth.ldap.base }} + {{- with .Values.externalAuth.ldap.base }} + LDAP_BASE: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.bind_on }} - LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }} + {{- with .Values.externalAuth.ldap.bind_on }} + LDAP_BIND_ON: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.password }} - LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }} + {{- with .Values.externalAuth.ldap.password }} + LDAP_PASSWORD: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid }} - LDAP_UID: {{ .Values.externalAuth.ldap.uid }} + {{- with .Values.externalAuth.ldap.uid }} + LDAP_UID: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.mail }} - LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }} + {{- with .Values.externalAuth.ldap.mail }} + LDAP_MAIL: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.search_filter }} - LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }} + {{- with .Values.externalAuth.ldap.search_filter }} + LDAP_SEARCH_FILTER: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.enabled }} - LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }} + {{- with .Values.externalAuth.ldap.uid_conversion.enabled }} + LDAP_UID_CONVERSION_ENABLED: {{ . | quote }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.search }} - LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }} + {{- with .Values.externalAuth.ldap.uid_conversion.search }} + LDAP_UID_CONVERSION_SEARCH: {{ . }} {{- end }} - {{- if .Values.externalAuth.ldap.uid_conversion.replace }} - LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }} + {{- with .Values.externalAuth.ldap.uid_conversion.replace }} + LDAP_UID_CONVERSION_REPLACE: {{ . }} {{- end }} {{- end }} {{- with .Values.mastodon.metrics.statsd.address }} diff --git a/chart/templates/deployment-sidekiq.yaml b/chart/templates/deployment-sidekiq.yaml index 94af99b11..c7e0c5470 100644 --- a/chart/templates/deployment-sidekiq.yaml +++ b/chart/templates/deployment-sidekiq.yaml @@ -1,96 +1,97 @@ +{{- $context := . }} +{{- range .Values.mastodon.sidekiq.workers }} +--- apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "mastodon.fullname" . }}-sidekiq + name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }} labels: - {{- include "mastodon.labels" . | nindent 4 }} + {{- include "mastodon.labels" $context | nindent 4 }} + app.kubernetes.io/component: sidekiq-{{ .name }} + app.kubernetes.io/part-of: rails spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} + replicas: {{ .replicas }} + {{- if (has "scheduler" .queues) }} + strategy: + type: Recreate {{- end }} selector: matchLabels: - {{- include "mastodon.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: sidekiq + {{- include "mastodon.selectorLabels" $context | nindent 6 }} + app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails template: metadata: annotations: - {{- with .Values.podAnnotations }} + {{- with $context.Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} # roll the pods to pick up any db migrations or other changes - {{- include "mastodon.rollingPodAnnotations" . | nindent 8 }} + {{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }} labels: - {{- include "mastodon.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: sidekiq + {{- include "mastodon.selectorLabels" $context | nindent 8 }} + app.kubernetes.io/component: sidekiq-{{ .name }} app.kubernetes.io/part-of: rails spec: - {{- with .Values.imagePullSecrets }} + {{- with $context.Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "mastodon.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} + serviceAccountName: {{ include "mastodon.serviceAccountName" $context }} + {{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} - # ensure we run on the same node as the other rails components; only - # required when using PVCs that are ReadWriteOnce - {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} + {{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }} affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/part-of - operator: In - values: - - rails - topologyKey: kubernetes.io/hostname + {{- toYaml . | nindent 8 }} {{- end }} + {{- if (not $context.Values.mastodon.s3.enabled) }} volumes: - name: assets persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-assets + claimName: {{ template "mastodon.fullname" $context }}-assets - name: system persistentVolumeClaim: - claimName: {{ template "mastodon.fullname" . }}-system + claimName: {{ template "mastodon.fullname" $context }}-system {{- end }} containers: - - name: {{ .Chart.Name }} + - name: {{ $context.Chart.Name }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }} + image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}" + imagePullPolicy: {{ $context.Values.image.pullPolicy }} command: - bundle - exec - sidekiq - -c - - {{ .Values.mastodon.sidekiq.concurrency | quote }} + - {{ .concurrency | quote }} + {{- range .queues }} + - -q + - {{ . | quote }} + {{- end }} envFrom: - configMapRef: - name: {{ include "mastodon.fullname" . }}-env + name: {{ include "mastodon.fullname" $context }}-env - secretRef: - name: {{ template "mastodon.secretName" . }} + name: {{ template "mastodon.secretName" $context }} env: - name: "DB_PASS" valueFrom: secretKeyRef: - name: {{ template "mastodon.postgresql.secretName" . }} + name: {{ template "mastodon.postgresql.secretName" $context }} key: password - name: "REDIS_PASSWORD" valueFrom: secretKeyRef: - name: {{ template "mastodon.redis.secretName" . }} + name: {{ template "mastodon.redis.secretName" $context }} key: redis-password - {{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }} + {{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }} - name: "AWS_SECRET_ACCESS_KEY" valueFrom: secretKeyRef: - name: {{ .Values.mastodon.s3.existingSecret }} + name: {{ $context.Values.mastodon.s3.existingSecret }} key: AWS_SECRET_ACCESS_KEY - name: "AWS_ACCESS_KEY_ID" valueFrom: @@ -98,20 +99,20 @@ spec: name: {{ .Values.mastodon.s3.existingSecret }} key: AWS_ACCESS_KEY_ID {{- end }} - {{- if .Values.mastodon.smtp.existingSecret }} + {{- if $context.Values.mastodon.smtp.existingSecret }} - name: "SMTP_LOGIN" valueFrom: secretKeyRef: - name: {{ .Values.mastodon.smtp.existingSecret }} + name: {{ $context.Values.mastodon.smtp.existingSecret }} key: login optional: true - name: "SMTP_PASSWORD" valueFrom: secretKeyRef: - name: {{ .Values.mastodon.smtp.existingSecret }} + name: {{ $context.Values.mastodon.smtp.existingSecret }} key: password {{- end }} - {{- if (not .Values.mastodon.s3.enabled) }} + {{- if (not $context.Values.mastodon.s3.enabled) }} volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets @@ -119,12 +120,13 @@ spec: mountPath: /opt/mastodon/public/system {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }} + {{- with $context.Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $context.Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/chart/templates/deployment-streaming.yaml b/chart/templates/deployment-streaming.yaml index 5d565765e..dd804044c 100644 --- a/chart/templates/deployment-streaming.yaml +++ b/chart/templates/deployment-streaming.yaml @@ -5,9 +5,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} + replicas: {{ .Values.mastodon.streaming.replicas }} selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} @@ -15,7 +13,7 @@ spec: template: metadata: annotations: - {{- with .Values.podAnnotations }} + {{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }} {{- toYaml . | nindent 8 }} {{- end }} # roll the pods to pick up any db migrations or other changes @@ -29,13 +27,13 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} + {{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} containers: - - name: {{ .Chart.Name }} - {{- with .Values.securityContext }} + - name: {{ .Chart.Name }}-streaming + {{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} @@ -72,7 +70,7 @@ spec: httpGet: path: /api/v1/streaming/health port: streaming - {{- with .Values.resources }} + {{- with (default .Values.resources .Values.mastodon.streaming.resources) }} resources: {{- toYaml . | nindent 12 }} {{- end }} @@ -80,7 +78,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/chart/templates/deployment-web.yaml b/chart/templates/deployment-web.yaml index ec67481bf..c1ec2327e 100644 --- a/chart/templates/deployment-web.yaml +++ b/chart/templates/deployment-web.yaml @@ -5,9 +5,7 @@ metadata: labels: {{- include "mastodon.labels" . | nindent 4 }} spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} + replicas: {{ .Values.mastodon.web.replicas }} selector: matchLabels: {{- include "mastodon.selectorLabels" . | nindent 6 }} @@ -16,7 +14,7 @@ spec: template: metadata: annotations: - {{- with .Values.podAnnotations }} + {{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }} {{- toYaml . | nindent 8 }} {{- end }} # roll the pods to pick up any db migrations or other changes @@ -31,7 +29,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} + {{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} @@ -45,8 +43,8 @@ spec: claimName: {{ template "mastodon.fullname" . }}-system {{- end }} containers: - - name: {{ .Chart.Name }} - {{- with .Values.securityContext }} + - name: {{ .Chart.Name }}-web + {{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} @@ -112,7 +110,7 @@ spec: port: http failureThreshold: 30 periodSeconds: 5 - {{- with .Values.resources }} + {{- with (default .Values.resources .Values.mastodon.web.resources) }} resources: {{- toYaml . | nindent 12 }} {{- end }} @@ -120,7 +118,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with (default .Values.affinity .Values.mastodon.web.affinity) }} affinity: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/chart/templates/hpa.yaml b/chart/templates/hpa.yaml deleted file mode 100644 index b23b2cb16..000000000 --- a/chart/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "mastodon.fullname" . }} - labels: - {{- include "mastodon.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "mastodon.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/chart/templates/tests/test-connection.yaml b/chart/templates/tests/test-connection.yaml index 09d981691..185c037ab 100644 --- a/chart/templates/tests/test-connection.yaml +++ b/chart/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "mastodon.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}'] restartPolicy: Never diff --git a/chart/values.yaml b/chart/values.yaml index 07171fc1a..fabfeee7a 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,5 +1,3 @@ -replicaCount: 1 - image: repository: tootsuite/mastodon # https://hub.docker.com/r/tootsuite/mastodon/tags @@ -13,28 +11,36 @@ image: pullPolicy: IfNotPresent mastodon: - # create an initial administrator user; the password is autogenerated and will + # -- create an initial administrator user; the password is autogenerated and will # have to be reset createAdmin: + # @ignored enabled: false + # @ignored username: not_gargron + # @ignored email: not@example.com cron: - # run `tootctl media remove` every week + # -- run `tootctl media remove` every week removeMedia: + # @ignored enabled: true + # @ignored schedule: "0 0 * * 0" - # available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71 + # -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71 locale: en local_domain: mastodon.local - # Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation + # -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation # You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described - # web_domain: mastodon.example.com - # If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled. + # Example: mastodon.example.com + web_domain: null + # -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled. singleUserMode: false + # -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch + authorizedFetch: false persistence: assets: - # ReadWriteOnce is more widely supported than ReadWriteMany, but limits + # -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits # scalability, since it requires the Rails and Sidekiq pods to run on the # same node. accessMode: ReadWriteOnce @@ -50,14 +56,14 @@ mastodon: enabled: false access_key: "" access_secret: "" - # you can also specify the name of an existing Secret + # -- you can also specify the name of an existing Secret # with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY existingSecret: "" bucket: "" - endpoint: https://us-east-1.linodeobjects.com - hostname: us-east-1.linodeobjects.com + endpoint: "" + hostname: "" region: "" - # If you have a caching proxy, enter its base URL here. + # -- If you have a caching proxy, enter its base URL here. alias_host: "" # these must be set manually; autogenerated keys are rotated on each upgrade secrets: @@ -66,12 +72,60 @@ mastodon: vapid: private_key: "" public_key: "" - # you can also specify the name of an existing Secret + # -- you can also specify the name of an existing Secret # with keys SECRET_KEY_BASE and OTP_SECRET and # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY existingSecret: "" sidekiq: - concurrency: 25 + # -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext + podSecurityContext: {} + # -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext + securityContext: {} + # -- Resources for all Sidekiq Deployments unless overwritten + resources: {} + # -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity + affinity: {} + # limits: + # cpu: "1" + # memory: 768Mi + # requests: + # cpu: 250m + # memory: 512Mi + workers: + - name: all-queues + # -- Number of threads / parallel sidekiq jobs that are executed per Pod + concurrency: 25 + # -- Number of Pod replicas deployed by the Deployment + replicas: 1 + # -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources + resources: {} + # -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity + affinity: {} + # -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency + # See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument + queues: + - default + - push + - mailers + - pull + - scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica. + #- name: push-pull + # concurrency: 50 + # resources: {} + # replicas: 2 + # queues: + # - push + # - pull + #- name: mailers + # concurrency: 25 + # replicas: 2 + # queues: + # - mailers + #- name: default + # concurrency: 25 + # replicas: 2 + # queues: + # - default smtp: auth_method: plain ca_file: /etc/ssl/certs/ca-certificates.crt @@ -86,24 +140,56 @@ mastodon: tls: false login: password: - # you can also specify the name of an existing Secret + # -- you can also specify the name of an existing Secret # with the keys login and password existingSecret: streaming: port: 4000 - # this should be set manually since os.cpus() returns the number of CPUs on + # -- this should be set manually since os.cpus() returns the number of CPUs on # the node running the pod, which is unrelated to the resources allocated to # the pod by k8s workers: 1 - # The base url for streaming can be set if the streaming API is deployed to + # -- The base url for streaming can be set if the streaming API is deployed to # a different domain/subdomain. - # base_url: wws://streaming.example.com + base_url: null + # -- Number of Streaming Pods running + replicas: 1 + # -- Affinity for Streaming Pods, overwrites .Values.affinity + affinity: {} + # -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext + podSecurityContext: {} + # -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext + securityContext: {} + # -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources + resources: {} + # limits: + # cpu: "500m" + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 128Mi web: port: 3000 + # -- Number of Web Pods running + replicas: 1 + # -- Affinity for Web Pods, overwrites .Values.affinity + affinity: {} + # -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext + podSecurityContext: {} + # -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext + securityContext: {} + # -- (Web Container) Resources for Web Pods, overwrites .Values.resources + resources: {} + # limits: + # cpu: "1" + # memory: 1280Mi + # requests: + # cpu: 250m + # memory: 768Mi metrics: statsd: - # Enable statsd publishing via STATSD_ADDR environment variable + # -- Enable statsd publishing via STATSD_ADDR environment variable address: "" ingress: @@ -121,7 +207,7 @@ ingress: # nginx.ingress.kubernetes.io/proxy-body-size: 40m # for the NGINX ingress controller: # nginx.org/client-max-body-size: 40m - # you can specify the ingressClassName if it differs from the default + # -- you can specify the ingressClassName if it differs from the default ingressClassName: hosts: - host: mastodon.local @@ -132,20 +218,22 @@ ingress: hosts: - mastodon.local -# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters +# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: # `false` will disable full-text search # # if you enable ES after the initial install, you will need to manually run # RAILS_ENV=production bundle exec rake chewy:sync # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) + # @ignored enabled: true + # @ignored image: tag: 7 # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: - # disable if you want to use an existing db; in which case the values below + # -- disable if you want to use an existing db; in which case the values below # must match those of that external postgres instance enabled: true # postgresqlHostname: preexisting-postgresql @@ -167,7 +255,7 @@ postgresql: # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: - # you must set a password; the password generated by the redis chart will be + # -- you must set a password; the password generated by the redis chart will be # rotated on each upgrade: password: "" # you can also specify the name of an existing Secret @@ -175,13 +263,14 @@ redis: # auth: # existingSecret: "" +# @ignored service: type: ClusterIP port: 80 externalAuth: oidc: - # OpenID Connect support is proposed in PR #16221 and awaiting merge. + # -- OpenID Connect support is proposed in PR #16221 and awaiting merge. enabled: false # display_name: "example-label" # issuer: https://login.example.space/auth/realms/example-space @@ -231,8 +320,8 @@ externalAuth: # verified: # verified_email: oauth_global: - # Force redirect local login to CAS. Does not function with SAML or LDAP. - oauth_redirect_at_sign_in: false + # -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In + omniauth_only: false cas: enabled: false # url: https://sso.myserver.com @@ -278,7 +367,7 @@ externalAuth: # search: "., -" # replace: _ -# https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75 +# -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75 # # if you manually change the UID/GID environment variables, ensure these values # match: @@ -287,25 +376,27 @@ podSecurityContext: runAsGroup: 991 fsGroup: 991 +# @ignored securityContext: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" -# Kubernetes manages pods for jobs and pods for deployments differently, so you might +# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might # need to apply different annotations to the two different sets of pods. The annotations # set with podAnnotations will be added to all deployment-managed pods. podAnnotations: {} -# The annotations set with jobAnnotations will be added to all job pods. +# -- The annotations set with jobAnnotations will be added to all job pods. jobAnnotations: {} +# -- Default resources for all Deployments and jobs unless overwritten resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -318,15 +409,11 @@ resources: {} # cpu: 100m # memory: 128Mi -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - +# @ignored nodeSelector: {} +# @ignored tolerations: [] +# -- Affinity for all pods unless overwritten affinity: {}