helm: add support for S3 storage (#15748)
parent
e31ed27485
commit
fca4fd1daa
|
@ -15,7 +15,7 @@ type: application
|
||||||
# This is the chart version. This version number should be incremented each time you make changes
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
# to the chart and its templates, including the app version.
|
# to the chart and its templates, including the app version.
|
||||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
version: 1.0.0
|
version: 1.1.0
|
||||||
|
|
||||||
# This is the version number of the application being deployed. This version number should be
|
# This is the version number of the application being deployed. This version number should be
|
||||||
# incremented each time you make changes to the application. Versions are not expected to
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
|
|
|
@ -24,7 +24,6 @@ The variables that _must_ be configured are:
|
||||||
Currently this chart does _not_ support:
|
Currently this chart does _not_ support:
|
||||||
|
|
||||||
- Hidden services
|
- Hidden services
|
||||||
- S3/Minio/GCS
|
|
||||||
- Single Sign-On
|
- Single Sign-On
|
||||||
- Swift
|
- Swift
|
||||||
- configurations using `WEB_DOMAIN`
|
- configurations using `WEB_DOMAIN`
|
||||||
|
|
|
@ -27,6 +27,16 @@ data:
|
||||||
RAILS_ENV: "production"
|
RAILS_ENV: "production"
|
||||||
REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master
|
REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master
|
||||||
REDIS_PORT: "6379"
|
REDIS_PORT: "6379"
|
||||||
|
{{- if .Values.mastodon.s3.enabled }}
|
||||||
|
S3_BUCKET: {{ .Values.mastodon.s3.bucket }}
|
||||||
|
S3_ENABLED: "true"
|
||||||
|
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
|
||||||
|
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
|
||||||
|
S3_PROTOCOL: "https"
|
||||||
|
{{- if .Values.mastodon.s3.region }}
|
||||||
|
S3_REGION: {{ .Values.mastodon.s3.region }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.mastodon.smtp.auth_method }}
|
{{- if .Values.mastodon.smtp.auth_method }}
|
||||||
SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
|
SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ spec:
|
||||||
name: {{ include "mastodon.fullname" . }}-media-remove
|
name: {{ include "mastodon.fullname" . }}-media-remove
|
||||||
spec:
|
spec:
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
# ensure we run on the same node as the other rails components; only
|
# ensure we run on the same node as the other rails components; only
|
||||||
# required when using PVCs that are ReadWriteOnce
|
# required when using PVCs that are ReadWriteOnce
|
||||||
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
||||||
|
@ -35,6 +36,7 @@ spec:
|
||||||
- name: system
|
- name: system
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" . }}-system
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ include "mastodon.fullname" . }}-media-remove
|
- name: {{ include "mastodon.fullname" . }}-media-remove
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
|
@ -65,9 +67,11 @@ spec:
|
||||||
key: redis-password
|
key: redis-password
|
||||||
- name: "PORT"
|
- name: "PORT"
|
||||||
value: {{ .Values.mastodon.web.port | quote }}
|
value: {{ .Values.mastodon.web.port | quote }}
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
mountPath: /opt/mastodon/public/assets
|
mountPath: /opt/mastodon/public/assets
|
||||||
- name: system
|
- name: system
|
||||||
mountPath: /opt/mastodon/public/system
|
mountPath: /opt/mastodon/public/system
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -31,6 +31,7 @@ spec:
|
||||||
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
# ensure we run on the same node as the other rails components; only
|
# ensure we run on the same node as the other rails components; only
|
||||||
# required when using PVCs that are ReadWriteOnce
|
# required when using PVCs that are ReadWriteOnce
|
||||||
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
||||||
|
@ -52,6 +53,7 @@ spec:
|
||||||
- name: system
|
- name: system
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" . }}-system
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}
|
- name: {{ .Chart.Name }}
|
||||||
securityContext:
|
securityContext:
|
||||||
|
@ -84,11 +86,13 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ .Release.Name }}-redis
|
name: {{ .Release.Name }}-redis
|
||||||
key: redis-password
|
key: redis-password
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
mountPath: /opt/mastodon/public/assets
|
mountPath: /opt/mastodon/public/assets
|
||||||
- name: system
|
- name: system
|
||||||
mountPath: /opt/mastodon/public/system
|
mountPath: /opt/mastodon/public/system
|
||||||
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.resources | nindent 12 }}
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
|
|
|
@ -31,6 +31,7 @@ spec:
|
||||||
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: assets
|
- name: assets
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
|
@ -38,6 +39,7 @@ spec:
|
||||||
- name: system
|
- name: system
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" . }}-system
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}
|
- name: {{ .Chart.Name }}
|
||||||
securityContext:
|
securityContext:
|
||||||
|
@ -72,11 +74,13 @@ spec:
|
||||||
key: redis-password
|
key: redis-password
|
||||||
- name: "PORT"
|
- name: "PORT"
|
||||||
value: {{ .Values.mastodon.web.port | quote }}
|
value: {{ .Values.mastodon.web.port | quote }}
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
mountPath: /opt/mastodon/public/assets
|
mountPath: /opt/mastodon/public/assets
|
||||||
- name: system
|
- name: system
|
||||||
mountPath: /opt/mastodon/public/system
|
mountPath: /opt/mastodon/public/system
|
||||||
|
{{- end }}
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
containerPort: {{ .Values.mastodon.web.port }}
|
containerPort: {{ .Values.mastodon.web.port }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ spec:
|
||||||
name: {{ include "mastodon.fullname" . }}-assets-precompile
|
name: {{ include "mastodon.fullname" . }}-assets-precompile
|
||||||
spec:
|
spec:
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
# ensure we run on the same node as the other rails components; only
|
# ensure we run on the same node as the other rails components; only
|
||||||
# required when using PVCs that are ReadWriteOnce
|
# required when using PVCs that are ReadWriteOnce
|
||||||
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
||||||
|
@ -35,6 +36,7 @@ spec:
|
||||||
- name: system
|
- name: system
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" . }}-system
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ include "mastodon.fullname" . }}-assets-precompile
|
- name: {{ include "mastodon.fullname" . }}-assets-precompile
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
|
@ -66,8 +68,10 @@ spec:
|
||||||
key: redis-password
|
key: redis-password
|
||||||
- name: "PORT"
|
- name: "PORT"
|
||||||
value: {{ .Values.mastodon.web.port | quote }}
|
value: {{ .Values.mastodon.web.port | quote }}
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
mountPath: /opt/mastodon/public/assets
|
mountPath: /opt/mastodon/public/assets
|
||||||
- name: system
|
- name: system
|
||||||
mountPath: /opt/mastodon/public/system
|
mountPath: /opt/mastodon/public/system
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -15,6 +15,7 @@ spec:
|
||||||
name: {{ include "mastodon.fullname" . }}-chewy-upgrade
|
name: {{ include "mastodon.fullname" . }}-chewy-upgrade
|
||||||
spec:
|
spec:
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
# ensure we run on the same node as the other rails components; only
|
# ensure we run on the same node as the other rails components; only
|
||||||
# required when using PVCs that are ReadWriteOnce
|
# required when using PVCs that are ReadWriteOnce
|
||||||
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
||||||
|
@ -36,6 +37,7 @@ spec:
|
||||||
- name: system
|
- name: system
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" . }}-system
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ include "mastodon.fullname" . }}-chewy-setup
|
- name: {{ include "mastodon.fullname" . }}-chewy-setup
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
|
@ -67,9 +69,11 @@ spec:
|
||||||
key: redis-password
|
key: redis-password
|
||||||
- name: "PORT"
|
- name: "PORT"
|
||||||
value: {{ .Values.mastodon.web.port | quote }}
|
value: {{ .Values.mastodon.web.port | quote }}
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
mountPath: /opt/mastodon/public/assets
|
mountPath: /opt/mastodon/public/assets
|
||||||
- name: system
|
- name: system
|
||||||
mountPath: /opt/mastodon/public/system
|
mountPath: /opt/mastodon/public/system
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -15,6 +15,7 @@ spec:
|
||||||
name: {{ include "mastodon.fullname" . }}-create-admin
|
name: {{ include "mastodon.fullname" . }}-create-admin
|
||||||
spec:
|
spec:
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
# ensure we run on the same node as the other rails components; only
|
# ensure we run on the same node as the other rails components; only
|
||||||
# required when using PVCs that are ReadWriteOnce
|
# required when using PVCs that are ReadWriteOnce
|
||||||
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
||||||
|
@ -36,6 +37,7 @@ spec:
|
||||||
- name: system
|
- name: system
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" . }}-system
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ include "mastodon.fullname" . }}-create-admin
|
- name: {{ include "mastodon.fullname" . }}-create-admin
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
|
@ -72,9 +74,11 @@ spec:
|
||||||
key: redis-password
|
key: redis-password
|
||||||
- name: "PORT"
|
- name: "PORT"
|
||||||
value: {{ .Values.mastodon.web.port | quote }}
|
value: {{ .Values.mastodon.web.port | quote }}
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
mountPath: /opt/mastodon/public/assets
|
mountPath: /opt/mastodon/public/assets
|
||||||
- name: system
|
- name: system
|
||||||
mountPath: /opt/mastodon/public/system
|
mountPath: /opt/mastodon/public/system
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -14,6 +14,7 @@ spec:
|
||||||
name: {{ include "mastodon.fullname" . }}-db-migrate
|
name: {{ include "mastodon.fullname" . }}-db-migrate
|
||||||
spec:
|
spec:
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
# ensure we run on the same node as the other rails components; only
|
# ensure we run on the same node as the other rails components; only
|
||||||
# required when using PVCs that are ReadWriteOnce
|
# required when using PVCs that are ReadWriteOnce
|
||||||
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
||||||
|
@ -35,6 +36,7 @@ spec:
|
||||||
- name: system
|
- name: system
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ template "mastodon.fullname" . }}-system
|
claimName: {{ template "mastodon.fullname" . }}-system
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: {{ include "mastodon.fullname" . }}-db-migrate
|
- name: {{ include "mastodon.fullname" . }}-db-migrate
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
|
@ -66,8 +68,10 @@ spec:
|
||||||
key: redis-password
|
key: redis-password
|
||||||
- name: "PORT"
|
- name: "PORT"
|
||||||
value: {{ .Values.mastodon.web.port | quote }}
|
value: {{ .Values.mastodon.web.port | quote }}
|
||||||
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: assets
|
- name: assets
|
||||||
mountPath: /opt/mastodon/public/assets
|
mountPath: /opt/mastodon/public/assets
|
||||||
- name: system
|
- name: system
|
||||||
mountPath: /opt/mastodon/public/system
|
mountPath: /opt/mastodon/public/system
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -11,3 +11,4 @@ spec:
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}}
|
{{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}}
|
||||||
storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }}
|
storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -11,3 +11,4 @@ spec:
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}}
|
{{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}}
|
||||||
storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }}
|
storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -6,6 +6,10 @@ metadata:
|
||||||
{{- include "mastodon.labels" . | nindent 4 }}
|
{{- include "mastodon.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
|
{{- if .Values.mastodon.s3.enabled }}
|
||||||
|
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
|
||||||
|
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
|
||||||
|
{{- end }}
|
||||||
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
|
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
|
||||||
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
|
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
|
||||||
{{- else }}
|
{{- else }}
|
||||||
|
|
|
@ -41,6 +41,14 @@ mastodon:
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 100Gi
|
storage: 100Gi
|
||||||
|
s3:
|
||||||
|
enabled: false
|
||||||
|
access_key: ""
|
||||||
|
access_secret: ""
|
||||||
|
bucket: ""
|
||||||
|
endpoint: https://us-east-1.linodeobjects.com
|
||||||
|
hostname: us-east-1.linodeobjects.com
|
||||||
|
region: ""
|
||||||
# these must be set manually; autogenerated keys are rotated on each upgrade
|
# these must be set manually; autogenerated keys are rotated on each upgrade
|
||||||
secrets:
|
secrets:
|
||||||
secret_key_base: ""
|
secret_key_base: ""
|
||||||
|
|
Reference in New Issue