Helm: Major refactoring regarding Deployments, Environment variables and more (#20733)
* fix(chart): Remove non-functional Horizontal Pod Autoscaler The Horizontal Pod Autoscaler (HPA) refers to a Deployment that doesn't exist and therefore can not work. As a result it's pointless to carry it around in this chart and give the wrong impression it could work. This patch removes it from the helm chart and drops all references to it. * refactor(chart): Refactor sidekiq deployments to scale This patch reworks how the sidekiq deployment is set up, by splitting it into many sidekiq deployments, but at least one, which should allow to scale the number of sidekiq jobs as expected while being friendly to single user instances as well as larger ones. Further it introduces per deployment overwrites for the most relevant pod fields like resources, affinities and processed queues, number of jobs and the sidekiq security contexts. The exact implementation was inspired by an upstream issue: https://github.com/mastodon/mastodon/issues/20453 * fix(chart): Remove linode default values from values This patch drops the linode defaults from the values.yaml since these are not obvious and can cause unexpected connections as well as leaking secrets to linode, when other s3 storage backends are used and don't explicitly configure these options by accident. Mastodon will then try to authenticate to the linode backends and therefore disclose the authentication secrets. * refactor(chart): Rework reduce value reference duplication Since most of the values are simply setup like this: ``` {{- if .Values.someVariable }} SOME_VARIABLE: {{ .Values.someVariable }} {{- end }} ``` There is a lot of duplication in the references in order to full in the variables. There is an equivalent notation, which reduces the usage of the variable name to just once: ``` {{- with .Values.someVariable }} SOME_VARIABLE: {{ . }} {{- end }} ``` What seems like a pointless replacement, will reduce potential mistakes down the line by possibly only adjusting one of the two references. * fix(chart): Switch to new OMNIAUTH_ONLY variable This patch adjusts the helm chart to use the new `OMNIAUTH_ONLY` variable, which replaced the former `OAUTH_REDIRECT_AT_SIGN_IN` variable in the following commit: https://github.com/mastodon/mastodon/pull/17288 https://github.com/mastodon/mastodon/pull/17288/commits/3c8857917ea9b9b3a76adb7afcea5842c8e1c0d1 * fix(chart): Repair connection test to existing service Currently the connect test can't work, since it's connecting to a non-existing service this patch fixes the service name to make the job connect to the mastodon web service to verify the connection. * docs(chart): Adjust values.yaml to support helm-docs This patch updates most values to prepare an introduction of helm-docs. This should help to make the chart more user friendly by explaining the variables and provide a standardised README file, like many other helm charts do. References: https://github.com/norwoodj/helm-docs * refactor(chart): Allow individual overwrites for streaming and web deployment This patch works how the streaming and web deployments work by adding various fields to overwrite values such as affinities, resources, replica count, and security contexts. BREAKING CHANGE: This commit removes `.Values.replicaCount` in favour of `.Values.mastodon.web.replicas` and `.Values.mastodon.streaming.values`. * feat(chart): Add option for authorized fetch Currently the helm chart doesn't support authorized fetch aka. "Secure Mode" this patch fixes that by adding the needed config option to the values file and the configmap. * docs(chart): Improve helm-docs compatiblity This patch adjust a few more comments in the values.yaml to be picked up by helm-docs. This way, future adoption is properly prepared. * fix(chart): Add automatic detection of scheduler sidekiq queue This patch adds an automatic switch to the `Recreate` strategy for the sidekiq Pod in order to prevent accidental concurrency for the scheduler queue. * fix(chart): Repair broken DB_POOL variable
This commit is contained in:
Sheogorath
GitHub
parent
75bbe3b1b8
commit
cddcafec31
8 changed files with 366 additions and 294 deletions
|
|
@ -136,3 +136,15 @@ Return true if a mastodon secret object should be created
|
|||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Find highest number of needed database connections to set DB_POOL variable
|
||||
*/}}
|
||||
{{- define "mastodon.maxDbPool" -}}
|
||||
{{/* Default MAX_THREADS for Puma is 5 */}}
|
||||
{{- $poolSize := 5 }}
|
||||
{{- range .Values.mastodon.sidekiq.workers }}
|
||||
{{- $poolSize = max $poolSize .concurrency }}
|
||||
{{- end }}
|
||||
{{- $poolSize | quote }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ data:
|
|||
DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
|
||||
{{- end }}
|
||||
DB_NAME: {{ .Values.postgresql.auth.database }}
|
||||
DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }}
|
||||
DB_POOL: {{ include "mastodon.maxDbPool" . }}
|
||||
DB_USER: {{ .Values.postgresql.auth.username }}
|
||||
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
|
||||
{{- if .Values.elasticsearch.enabled }}
|
||||
|
|
@ -22,12 +22,15 @@ data:
|
|||
ES_PORT: "9200"
|
||||
{{- end }}
|
||||
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
|
||||
{{- if .Values.mastodon.web_domain }}
|
||||
WEB_DOMAIN: {{ .Values.mastodon.web_domain }}
|
||||
{{- with .Values.mastodon.web_domain }}
|
||||
WEB_DOMAIN: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.singleUserMode }}
|
||||
{{- with .Values.mastodon.singleUserMode }}
|
||||
SINGLE_USER_MODE: "true"
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.authorizedFetch }}
|
||||
AUTHORIZED_FETCH: {{ . | quote }}
|
||||
{{- end }}
|
||||
# https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
|
||||
MALLOC_ARENA_MAX: "2"
|
||||
NODE_ENV: "production"
|
||||
|
|
@ -40,58 +43,58 @@ data:
|
|||
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
|
||||
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
|
||||
S3_PROTOCOL: "https"
|
||||
{{- if .Values.mastodon.s3.region }}
|
||||
S3_REGION: {{ .Values.mastodon.s3.region }}
|
||||
{{- with .Values.mastodon.s3.region }}
|
||||
S3_REGION: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.s3.alias_host }}
|
||||
{{- with .Values.mastodon.s3.alias_host }}
|
||||
S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.auth_method }}
|
||||
SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
|
||||
{{- with .Values.mastodon.smtp.auth_method }}
|
||||
SMTP_AUTH_METHOD: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.ca_file }}
|
||||
SMTP_CA_FILE: {{ .Values.mastodon.smtp.ca_file }}
|
||||
{{- with .Values.mastodon.smtp.ca_file }}
|
||||
SMTP_CA_FILE: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.delivery_method }}
|
||||
SMTP_DELIVERY_METHOD: {{ .Values.mastodon.smtp.delivery_method }}
|
||||
{{- with .Values.mastodon.smtp.delivery_method }}
|
||||
SMTP_DELIVERY_METHOD: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.domain }}
|
||||
SMTP_DOMAIN: {{ .Values.mastodon.smtp.domain }}
|
||||
{{- with .Values.mastodon.smtp.domain }}
|
||||
SMTP_DOMAIN: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.enable_starttls }}
|
||||
SMTP_ENABLE_STARTTLS: {{ .Values.mastodon.smtp.enable_starttls | quote }}
|
||||
{{- with .Values.mastodon.smtp.enable_starttls }}
|
||||
SMTP_ENABLE_STARTTLS: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.enable_starttls_auto }}
|
||||
SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.mastodon.smtp.enable_starttls_auto | quote }}
|
||||
{{- with .Values.mastodon.smtp.enable_starttls_auto }}
|
||||
SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.from_address }}
|
||||
SMTP_FROM_ADDRESS: {{ .Values.mastodon.smtp.from_address }}
|
||||
{{- with .Values.mastodon.smtp.from_address }}
|
||||
SMTP_FROM_ADDRESS: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.login }}
|
||||
SMTP_LOGIN: {{ .Values.mastodon.smtp.login }}
|
||||
{{- with .Values.mastodon.smtp.login }}
|
||||
SMTP_LOGIN: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.openssl_verify_mode }}
|
||||
SMTP_OPENSSL_VERIFY_MODE: {{ .Values.mastodon.smtp.openssl_verify_mode }}
|
||||
{{- with .Values.mastodon.smtp.openssl_verify_mode }}
|
||||
SMTP_OPENSSL_VERIFY_MODE: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.password }}
|
||||
SMTP_PASSWORD: {{ .Values.mastodon.smtp.password }}
|
||||
{{- with .Values.mastodon.smtp.password }}
|
||||
SMTP_PASSWORD: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.port }}
|
||||
SMTP_PORT: {{ .Values.mastodon.smtp.port | quote }}
|
||||
{{- with .Values.mastodon.smtp.port }}
|
||||
SMTP_PORT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.reply_to }}
|
||||
SMTP_REPLY_TO: {{ .Values.mastodon.smtp.reply_to }}
|
||||
{{- with .Values.mastodon.smtp.reply_to }}
|
||||
SMTP_REPLY_TO: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.server }}
|
||||
SMTP_SERVER: {{ .Values.mastodon.smtp.server }}
|
||||
{{- with .Values.mastodon.smtp.server }}
|
||||
SMTP_SERVER: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.tls }}
|
||||
SMTP_TLS: {{ .Values.mastodon.smtp.tls | quote }}
|
||||
{{- with .Values.mastodon.smtp.tls }}
|
||||
SMTP_TLS: {{ . | quote }}
|
||||
{{- end }}
|
||||
STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
|
||||
{{- if .Values.mastodon.streaming.base_url }}
|
||||
STREAMING_API_BASE_URL: {{ .Values.mastodon.streaming.base_url | quote }}
|
||||
{{- with .Values.mastodon.streaming.base_url }}
|
||||
STREAMING_API_BASE_URL: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.enabled }}
|
||||
OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
|
||||
|
|
@ -104,53 +107,53 @@ data:
|
|||
OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
|
||||
OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
|
||||
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
|
||||
{{- if .Values.externalAuth.oidc.client_auth_method }}
|
||||
OIDC_CLIENT_AUTH_METHOD: {{ .Values.externalAuth.oidc.client_auth_method }}
|
||||
{{- with .Values.externalAuth.oidc.client_auth_method }}
|
||||
OIDC_CLIENT_AUTH_METHOD: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.response_type }}
|
||||
OIDC_RESPONSE_TYPE: {{ .Values.externalAuth.oidc.response_type }}
|
||||
{{- with .Values.externalAuth.oidc.response_type }}
|
||||
OIDC_RESPONSE_TYPE: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.response_mode }}
|
||||
OIDC_RESPONSE_MODE: {{ .Values.externalAuth.oidc.response_mode }}
|
||||
{{- with .Values.externalAuth.oidc.response_mode }}
|
||||
OIDC_RESPONSE_MODE: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.display }}
|
||||
OIDC_DISPLAY: {{ .Values.externalAuth.oidc.display }}
|
||||
{{- with .Values.externalAuth.oidc.display }}
|
||||
OIDC_DISPLAY: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.prompt }}
|
||||
OIDC_PROMPT: {{ .Values.externalAuth.oidc.prompt }}
|
||||
{{- with .Values.externalAuth.oidc.prompt }}
|
||||
OIDC_PROMPT: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.send_nonce }}
|
||||
OIDC_SEND_NONCE: {{ .Values.externalAuth.oidc.send_nonce }}
|
||||
{{- with .Values.externalAuth.oidc.send_nonce }}
|
||||
OIDC_SEND_NONCE: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
|
||||
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.send_scope_to_token_endpoint | quote }}
|
||||
{{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
|
||||
OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.idp_logout_redirect_uri }}
|
||||
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ .Values.externalAuth.oidc.idp_logout_redirect_uri }}
|
||||
{{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }}
|
||||
OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.http_scheme }}
|
||||
OIDC_HTTP_SCHEME: {{ .Values.externalAuth.oidc.http_scheme }}
|
||||
{{- with .Values.externalAuth.oidc.http_scheme }}
|
||||
OIDC_HTTP_SCHEME: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.host }}
|
||||
OIDC_HOST: {{ .Values.externalAuth.oidc.host }}
|
||||
{{- with .Values.externalAuth.oidc.host }}
|
||||
OIDC_HOST: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.port }}
|
||||
OIDC_PORT: {{ .Values.externalAuth.oidc.port }}
|
||||
{{- with .Values.externalAuth.oidc.port }}
|
||||
OIDC_PORT: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.jwks_uri }}
|
||||
OIDC_JWKS_URI: {{ .Values.externalAuth.oidc.jwks_uri }}
|
||||
{{- with .Values.externalAuth.oidc.jwks_uri }}
|
||||
OIDC_JWKS_URI: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.auth_endpoint }}
|
||||
OIDC_AUTH_ENDPOINT: {{ .Values.externalAuth.oidc.auth_endpoint }}
|
||||
{{- with .Values.externalAuth.oidc.auth_endpoint }}
|
||||
OIDC_AUTH_ENDPOINT: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.token_endpoint }}
|
||||
OIDC_TOKEN_ENDPOINT: {{ .Values.externalAuth.oidc.token_endpoint }}
|
||||
{{- with .Values.externalAuth.oidc.token_endpoint }}
|
||||
OIDC_TOKEN_ENDPOINT: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.user_info_endpoint }}
|
||||
OIDC_USER_INFO_ENDPOINT: {{ .Values.externalAuth.oidc.user_info_endpoint }}
|
||||
{{- with .Values.externalAuth.oidc.user_info_endpoint }}
|
||||
OIDC_USER_INFO_ENDPOINT: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oidc.end_session_endpoint }}
|
||||
OIDC_END_SESSION_ENDPOINT: {{ .Values.externalAuth.oidc.end_session_endpoint }}
|
||||
{{- with .Values.externalAuth.oidc.end_session_endpoint }}
|
||||
OIDC_END_SESSION_ENDPOINT: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.enabled }}
|
||||
|
|
@ -159,54 +162,54 @@ data:
|
|||
SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
|
||||
SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
|
||||
SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
|
||||
{{- if .Values.externalAuth.saml.idp_cert_fingerprint }}
|
||||
SAML_IDP_CERT_FINGERPRINT: {{ .Values.externalAuth.saml.idp_cert_fingerprint | quote }}
|
||||
{{- with .Values.externalAuth.saml.idp_cert_fingerprint }}
|
||||
SAML_IDP_CERT_FINGERPRINT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.name_identifier_format }}
|
||||
SAML_NAME_IDENTIFIER_FORMAT: {{ .Values.externalAuth.saml.name_identifier_format }}
|
||||
{{- with .Values.externalAuth.saml.name_identifier_format }}
|
||||
SAML_NAME_IDENTIFIER_FORMAT: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.cert }}
|
||||
SAML_CERT: {{ .Values.externalAuth.saml.cert | quote }}
|
||||
{{- with .Values.externalAuth.saml.cert }}
|
||||
SAML_CERT: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.private_key }}
|
||||
SAML_PRIVATE_KEY: {{ .Values.externalAuth.saml.private_key | quote }}
|
||||
{{- with .Values.externalAuth.saml.private_key }}
|
||||
SAML_PRIVATE_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.want_assertion_signed }}
|
||||
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ .Values.externalAuth.saml.want_assertion_signed | quote }}
|
||||
{{- with .Values.externalAuth.saml.want_assertion_signed }}
|
||||
SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.want_assertion_encrypted }}
|
||||
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ .Values.externalAuth.saml.want_assertion_encrypted | quote }}
|
||||
{{- with .Values.externalAuth.saml.want_assertion_encrypted }}
|
||||
SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.assume_email_is_verified }}
|
||||
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.saml.assume_email_is_verified | quote }}
|
||||
{{- with .Values.externalAuth.saml.assume_email_is_verified }}
|
||||
SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.uid_attribute }}
|
||||
SAML_UID_ATTRIBUTE: {{ .Values.externalAuth.saml.uid_attribute }}
|
||||
{{- with .Values.externalAuth.saml.uid_attribute }}
|
||||
SAML_UID_ATTRIBUTE: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.attributes_statements.uid }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_UID: {{ .Values.externalAuth.saml.attributes_statements.uid | quote }}
|
||||
{{- with .Values.externalAuth.saml.attributes_statements.uid }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.attributes_statements.email }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.email | quote }}
|
||||
{{- with .Values.externalAuth.saml.attributes_statements.email }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.attributes_statements.full_name }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ .Values.externalAuth.saml.attributes_statements.full_name | quote }}
|
||||
{{- with .Values.externalAuth.saml.attributes_statements.full_name }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.attributes_statements.first_name }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ .Values.externalAuth.saml.attributes_statements.first_name | quote }}
|
||||
{{- with .Values.externalAuth.saml.attributes_statements.first_name }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.attributes_statements.last_name }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ .Values.externalAuth.saml.attributes_statements.last_name | quote }}
|
||||
{{- with .Values.externalAuth.saml.attributes_statements.last_name }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.attributes_statements.verified }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ .Values.externalAuth.saml.attributes_statements.verified | quote }}
|
||||
{{- with .Values.externalAuth.saml.attributes_statements.verified }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.saml.attributes_statements.verified_email }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ .Values.externalAuth.saml.attributes_statements.verified_email | quote }}
|
||||
{{- with .Values.externalAuth.saml.attributes_statements.verified_email }}
|
||||
SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in }}
|
||||
OAUTH_REDIRECT_AT_SIGN_IN: {{ .Values.externalAuth.oauth_global.oauth_redirect_at_sign_in | quote }}
|
||||
{{- with .Values.externalAuth.oauth_global.omniauth_only }}
|
||||
OMNIAUTH_ONLY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.enabled }}
|
||||
CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
|
||||
|
|
@ -214,68 +217,68 @@ data:
|
|||
CAS_HOST: {{ .Values.externalAuth.cas.host }}
|
||||
CAS_PORT: {{ .Values.externalAuth.cas.port }}
|
||||
CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
|
||||
{{- if .Values.externalAuth.cas.validate_url }}
|
||||
CAS_VALIDATE_URL: {{ .Values.externalAuth.cas.validate_url }}
|
||||
{{- with .Values.externalAuth.cas.validate_url }}
|
||||
CAS_VALIDATE_URL: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.callback_url }}
|
||||
CAS_CALLBACK_URL: {{ .Values.externalAuth.cas.callback_url }}
|
||||
{{- with .Values.externalAuth.cas.callback_url }}
|
||||
CAS_CALLBACK_URL: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.logout_url }}
|
||||
CAS_LOGOUT_URL: {{ .Values.externalAuth.cas.logout_url }}
|
||||
{{- with .Values.externalAuth.cas.logout_url }}
|
||||
CAS_LOGOUT_URL: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.login_url }}
|
||||
CAS_LOGIN_URL: {{ .Values.externalAuth.cas.login_url }}
|
||||
{{- with .Values.externalAuth.cas.login_url }}
|
||||
CAS_LOGIN_URL: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.uid_field }}
|
||||
CAS_UID_FIELD: {{ .Values.externalAuth.cas.uid_field | quote }}
|
||||
{{- with .Values.externalAuth.cas.uid_field }}
|
||||
CAS_UID_FIELD: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.ca_path }}
|
||||
CAS_CA_PATH: {{ .Values.externalAuth.cas.ca_path }}
|
||||
{{- with .Values.externalAuth.cas.ca_path }}
|
||||
CAS_CA_PATH: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.disable_ssl_verification }}
|
||||
CAS_DISABLE_SSL_VERIFICATION: {{ .Values.externalAuth.cas.disable_ssl_verification | quote }}
|
||||
{{- with .Values.externalAuth.cas.disable_ssl_verification }}
|
||||
CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.assume_email_is_verified }}
|
||||
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.cas.assume_email_is_verified | quote }}
|
||||
{{- with .Values.externalAuth.cas.assume_email_is_verified }}
|
||||
CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.uid }}
|
||||
CAS_UID_KEY: {{ .Values.externalAuth.cas.keys.uid | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.uid }}
|
||||
CAS_UID_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.name }}
|
||||
CAS_NAME_KEY: {{ .Values.externalAuth.cas.keys.name | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.name }}
|
||||
CAS_NAME_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.email }}
|
||||
CAS_EMAIL_KEY: {{ .Values.externalAuth.cas.keys.email | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.email }}
|
||||
CAS_EMAIL_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.nickname }}
|
||||
CAS_NICKNAME_KEY: {{ .Values.externalAuth.cas.keys.nickname | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.nickname }}
|
||||
CAS_NICKNAME_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.first_name }}
|
||||
CAS_FIRST_NAME_KEY: {{ .Values.externalAuth.cas.keys.first_name | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.first_name }}
|
||||
CAS_FIRST_NAME_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.last_name }}
|
||||
CAS_LAST_NAME_KEY: {{ .Values.externalAuth.cas.keys.last_name | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.last_name }}
|
||||
CAS_LAST_NAME_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.location }}
|
||||
CAS_LOCATION_KEY: {{ .Values.externalAuth.cas.keys.location | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.location }}
|
||||
CAS_LOCATION_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.image }}
|
||||
CAS_IMAGE_KEY: {{ .Values.externalAuth.cas.keys.image | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.image }}
|
||||
CAS_IMAGE_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.cas.keys.phone }}
|
||||
CAS_PHONE_KEY: {{ .Values.externalAuth.cas.keys.phone | quote }}
|
||||
{{- with .Values.externalAuth.cas.keys.phone }}
|
||||
CAS_PHONE_KEY: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.pam.enabled }}
|
||||
PAM_ENABLED: {{ .Values.externalAuth.pam.enabled | quote }}
|
||||
{{- if .Values.externalAuth.pam.email_domain }}
|
||||
PAM_EMAIL_DOMAIN: {{ .Values.externalAuth.pam.email_domain }}
|
||||
{{- with .Values.externalAuth.pam.enabled }}
|
||||
PAM_ENABLED: {{ . | quote }}
|
||||
{{- with .Values.externalAuth.pam.email_domain }}
|
||||
PAM_EMAIL_DOMAIN: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.pam.default_service }}
|
||||
PAM_DEFAULT_SERVICE: {{ .Values.externalAuth.pam.default_service }}
|
||||
{{- with .Values.externalAuth.pam.default_service }}
|
||||
PAM_DEFAULT_SERVICE: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.pam.controlled_service }}
|
||||
PAM_CONTROLLED_SERVICE: {{ .Values.externalAuth.pam.controlled_service }}
|
||||
{{- with .Values.externalAuth.pam.controlled_service }}
|
||||
PAM_CONTROLLED_SERVICE: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.enabled }}
|
||||
|
|
@ -283,32 +286,32 @@ data:
|
|||
LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
|
||||
LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
|
||||
LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
|
||||
{{- if .Values.externalAuth.ldap.base }}
|
||||
LDAP_BASE: {{ .Values.externalAuth.ldap.base }}
|
||||
{{- with .Values.externalAuth.ldap.base }}
|
||||
LDAP_BASE: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.bind_on }}
|
||||
LDAP_BIND_ON: {{ .Values.externalAuth.ldap.bind_on }}
|
||||
{{- with .Values.externalAuth.ldap.bind_on }}
|
||||
LDAP_BIND_ON: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.password }}
|
||||
LDAP_PASSWORD: {{ .Values.externalAuth.ldap.password }}
|
||||
{{- with .Values.externalAuth.ldap.password }}
|
||||
LDAP_PASSWORD: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.uid }}
|
||||
LDAP_UID: {{ .Values.externalAuth.ldap.uid }}
|
||||
{{- with .Values.externalAuth.ldap.uid }}
|
||||
LDAP_UID: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.mail }}
|
||||
LDAP_MAIL: {{ .Values.externalAuth.ldap.mail }}
|
||||
{{- with .Values.externalAuth.ldap.mail }}
|
||||
LDAP_MAIL: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.search_filter }}
|
||||
LDAP_SEARCH_FILTER: {{ .Values.externalAuth.ldap.search_filter }}
|
||||
{{- with .Values.externalAuth.ldap.search_filter }}
|
||||
LDAP_SEARCH_FILTER: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.uid_conversion.enabled }}
|
||||
LDAP_UID_CONVERSION_ENABLED: {{ .Values.externalAuth.ldap.uid_conversion.enabled | quote }}
|
||||
{{- with .Values.externalAuth.ldap.uid_conversion.enabled }}
|
||||
LDAP_UID_CONVERSION_ENABLED: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.uid_conversion.search }}
|
||||
LDAP_UID_CONVERSION_SEARCH: {{ .Values.externalAuth.ldap.uid_conversion.search }}
|
||||
{{- with .Values.externalAuth.ldap.uid_conversion.search }}
|
||||
LDAP_UID_CONVERSION_SEARCH: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.externalAuth.ldap.uid_conversion.replace }}
|
||||
LDAP_UID_CONVERSION_REPLACE: {{ .Values.externalAuth.ldap.uid_conversion.replace }}
|
||||
{{- with .Values.externalAuth.ldap.uid_conversion.replace }}
|
||||
LDAP_UID_CONVERSION_REPLACE: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.mastodon.metrics.statsd.address }}
|
||||
|
|
|
|||
|
|
@ -1,96 +1,97 @@
|
|||
{{- $context := . }}
|
||||
{{- range .Values.mastodon.sidekiq.workers }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "mastodon.fullname" . }}-sidekiq
|
||||
name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }}
|
||||
labels:
|
||||
{{- include "mastodon.labels" . | nindent 4 }}
|
||||
{{- include "mastodon.labels" $context | nindent 4 }}
|
||||
app.kubernetes.io/component: sidekiq-{{ .name }}
|
||||
app.kubernetes.io/part-of: rails
|
||||
spec:
|
||||
{{- if not .Values.autoscaling.enabled }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
replicas: {{ .replicas }}
|
||||
{{- if (has "scheduler" .queues) }}
|
||||
strategy:
|
||||
type: Recreate
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
||||
app.kubernetes.io/component: sidekiq
|
||||
{{- include "mastodon.selectorLabels" $context | nindent 6 }}
|
||||
app.kubernetes.io/component: sidekiq-{{ .name }}
|
||||
app.kubernetes.io/part-of: rails
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- with $context.Values.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
# roll the pods to pick up any db migrations or other changes
|
||||
{{- include "mastodon.rollingPodAnnotations" . | nindent 8 }}
|
||||
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
|
||||
labels:
|
||||
{{- include "mastodon.selectorLabels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: sidekiq
|
||||
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
|
||||
app.kubernetes.io/component: sidekiq-{{ .name }}
|
||||
app.kubernetes.io/part-of: rails
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
{{- with $context.Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
||||
{{- with .Values.podSecurityContext }}
|
||||
serviceAccountName: {{ include "mastodon.serviceAccountName" $context }}
|
||||
{{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||
# ensure we run on the same node as the other rails components; only
|
||||
# required when using PVCs that are ReadWriteOnce
|
||||
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
||||
{{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
|
||||
affinity:
|
||||
podAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/part-of
|
||||
operator: In
|
||||
values:
|
||||
- rails
|
||||
topologyKey: kubernetes.io/hostname
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if (not $context.Values.mastodon.s3.enabled) }}
|
||||
volumes:
|
||||
- name: assets
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "mastodon.fullname" . }}-assets
|
||||
claimName: {{ template "mastodon.fullname" $context }}-assets
|
||||
- name: system
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "mastodon.fullname" . }}-system
|
||||
claimName: {{ template "mastodon.fullname" $context }}-system
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
- name: {{ $context.Chart.Name }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
|
||||
image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ $context.Values.image.pullPolicy }}
|
||||
command:
|
||||
- bundle
|
||||
- exec
|
||||
- sidekiq
|
||||
- -c
|
||||
- {{ .Values.mastodon.sidekiq.concurrency | quote }}
|
||||
- {{ .concurrency | quote }}
|
||||
{{- range .queues }}
|
||||
- -q
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "mastodon.fullname" . }}-env
|
||||
name: {{ include "mastodon.fullname" $context }}-env
|
||||
- secretRef:
|
||||
name: {{ template "mastodon.secretName" . }}
|
||||
name: {{ template "mastodon.secretName" $context }}
|
||||
env:
|
||||
- name: "DB_PASS"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mastodon.postgresql.secretName" . }}
|
||||
name: {{ template "mastodon.postgresql.secretName" $context }}
|
||||
key: password
|
||||
- name: "REDIS_PASSWORD"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "mastodon.redis.secretName" . }}
|
||||
name: {{ template "mastodon.redis.secretName" $context }}
|
||||
key: redis-password
|
||||
{{- if (and .Values.mastodon.s3.enabled .Values.mastodon.s3.existingSecret) }}
|
||||
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
|
||||
- name: "AWS_SECRET_ACCESS_KEY"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.mastodon.s3.existingSecret }}
|
||||
name: {{ $context.Values.mastodon.s3.existingSecret }}
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
- name: "AWS_ACCESS_KEY_ID"
|
||||
valueFrom:
|
||||
|
|
@ -98,20 +99,20 @@ spec:
|
|||
name: {{ .Values.mastodon.s3.existingSecret }}
|
||||
key: AWS_ACCESS_KEY_ID
|
||||
{{- end }}
|
||||
{{- if .Values.mastodon.smtp.existingSecret }}
|
||||
{{- if $context.Values.mastodon.smtp.existingSecret }}
|
||||
- name: "SMTP_LOGIN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.mastodon.smtp.existingSecret }}
|
||||
name: {{ $context.Values.mastodon.smtp.existingSecret }}
|
||||
key: login
|
||||
optional: true
|
||||
- name: "SMTP_PASSWORD"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.mastodon.smtp.existingSecret }}
|
||||
name: {{ $context.Values.mastodon.smtp.existingSecret }}
|
||||
key: password
|
||||
{{- end }}
|
||||
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||
{{- if (not $context.Values.mastodon.s3.enabled) }}
|
||||
volumeMounts:
|
||||
- name: assets
|
||||
mountPath: /opt/mastodon/public/assets
|
||||
|
|
@ -119,12 +120,13 @@ spec:
|
|||
mountPath: /opt/mastodon/public/system
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
|
||||
{{- with $context.Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
{{- with $context.Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -5,9 +5,7 @@ metadata:
|
|||
labels:
|
||||
{{- include "mastodon.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if not .Values.autoscaling.enabled }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
{{- end }}
|
||||
replicas: {{ .Values.mastodon.streaming.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
||||
|
|
@ -15,7 +13,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- with (default .Values.podAnnotations .Values.mastodon.streaming.podAnnotations) }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
# roll the pods to pick up any db migrations or other changes
|
||||
|
|
@ -29,13 +27,13 @@ spec:
|
|||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
||||
{{- with .Values.podSecurityContext }}
|
||||
{{- with (default .Values.podSecurityContext .Values.mastodon.streaming.podSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- with .Values.securityContext }}
|
||||
- name: {{ .Chart.Name }}-streaming
|
||||
{{- with (default .Values.securityContext .Values.mastodon.streaming.securityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
|
|
@ -72,7 +70,7 @@ spec:
|
|||
httpGet:
|
||||
path: /api/v1/streaming/health
|
||||
port: streaming
|
||||
{{- with .Values.resources }}
|
||||
{{- with (default .Values.resources .Values.mastodon.streaming.resources) }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
|
|
@ -80,7 +78,7 @@ spec:
|
|||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
{{- with (default .Values.affinity .Values.mastodon.streaming.affinity) }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -5,9 +5,7 @@ metadata:
|
|||
labels:
|
||||
{{- include "mastodon.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if not .Values.autoscaling.enabled }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
{{- end }}
|
||||
replicas: {{ .Values.mastodon.web.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "mastodon.selectorLabels" . | nindent 6 }}
|
||||
|
|
@ -16,7 +14,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- with (default .Values.podAnnotations .Values.mastodon.web.podAnnotations) }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
# roll the pods to pick up any db migrations or other changes
|
||||
|
|
@ -31,7 +29,7 @@ spec:
|
|||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
||||
{{- with .Values.podSecurityContext }}
|
||||
{{- with (default .Values.podSecurityContext .Values.mastodon.web.podSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
@ -45,8 +43,8 @@ spec:
|
|||
claimName: {{ template "mastodon.fullname" . }}-system
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- with .Values.securityContext }}
|
||||
- name: {{ .Chart.Name }}-web
|
||||
{{- with (default .Values.securityContext .Values.mastodon.web.securityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
|
|
@ -112,7 +110,7 @@ spec:
|
|||
port: http
|
||||
failureThreshold: 30
|
||||
periodSeconds: 5
|
||||
{{- with .Values.resources }}
|
||||
{{- with (default .Values.resources .Values.mastodon.web.resources) }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
|
|
@ -120,7 +118,7 @@ spec:
|
|||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
{{- with (default .Values.affinity .Values.mastodon.web.affinity) }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
{{- if .Values.autoscaling.enabled -}}
|
||||
apiVersion: autoscaling/v2beta1
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "mastodon.fullname" . }}
|
||||
labels:
|
||||
{{- include "mastodon.labels" . | nindent 4 }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ include "mastodon.fullname" . }}
|
||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -11,5 +11,5 @@ spec:
|
|||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "mastodon.fullname" . }}:{{ .Values.service.port }}']
|
||||
args: ['{{ include "mastodon.fullname" . }}-web:{{ .Values.service.port }}']
|
||||
restartPolicy: Never
|
||||
|
|
|
|||
Reference in a new issue