* fix(chart): Remove non-functional Horizontal Pod Autoscaler
The Horizontal Pod Autoscaler (HPA) refers to a Deployment that
doesn't exist and therefore can not work. As a result it's
pointless to carry it around in this chart and give the wrong
impression it could work. This patch removes it from the helm
chart and drops all references to it.
* refactor(chart): Refactor sidekiq deployments to scale
This patch reworks how the sidekiq deployment is set up, by
splitting it into many sidekiq deployments, but at least one,
which should allow to scale the number of sidekiq jobs as
expected while being friendly to single user instances as well
as larger ones.
Further it introduces per deployment overwrites for the most
relevant pod fields like resources, affinities and processed
queues, number of jobs and the sidekiq security contexts.
The exact implementation was inspired by an upstream issue:
https://github.com/mastodon/mastodon/issues/20453
* fix(chart): Remove linode default values from values
This patch drops the linode defaults from the values.yaml since
these are not obvious and can cause unexpected connections as
well as leaking secrets to linode, when other s3 storage
backends are used and don't explicitly configure these options
by accident.
Mastodon will then try to authenticate to the linode backends
and therefore disclose the authentication secrets.
* refactor(chart): Rework reduce value reference duplication
Since most of the values are simply setup like this:
```
{{- if .Values.someVariable }}
SOME_VARIABLE: {{ .Values.someVariable }}
{{- end }}
```
There is a lot of duplication in the references in order to
full in the variables. There is an equivalent notation, which
reduces the usage of the variable name to just once:
```
{{- with .Values.someVariable }}
SOME_VARIABLE: {{ . }}
{{- end }}
```
What seems like a pointless replacement, will reduce potential
mistakes down the line by possibly only adjusting one of the
two references.
* fix(chart): Switch to new OMNIAUTH_ONLY variable
This patch adjusts the helm chart to use the new `OMNIAUTH_ONLY`
variable, which replaced the former
`OAUTH_REDIRECT_AT_SIGN_IN` variable in the following commit:
https://github.com/mastodon/mastodon/pull/17288
3c8857917e
* fix(chart): Repair connection test to existing service
Currently the connect test can't work, since it's connecting to
a non-existing service this patch fixes the service name to
make the job connect to the mastodon web service to verify the
connection.
* docs(chart): Adjust values.yaml to support helm-docs
This patch updates most values to prepare an introduction of
helm-docs. This should help to make the chart more user
friendly by explaining the variables and provide a standardised
README file, like many other helm charts do.
References:
https://github.com/norwoodj/helm-docs
* refactor(chart): Allow individual overwrites for streaming and web deployment
This patch works how the streaming and web deployments work by
adding various fields to overwrite values such as affinities,
resources, replica count, and security contexts.
BREAKING CHANGE: This commit removes `.Values.replicaCount` in
favour of `.Values.mastodon.web.replicas` and
`.Values.mastodon.streaming.values`.
* feat(chart): Add option for authorized fetch
Currently the helm chart doesn't support authorized fetch aka.
"Secure Mode" this patch fixes that by adding the needed config
option to the values file and the configmap.
* docs(chart): Improve helm-docs compatiblity
This patch adjust a few more comments in the values.yaml to be
picked up by helm-docs. This way, future adoption is properly
prepared.
* fix(chart): Add automatic detection of scheduler sidekiq queue
This patch adds an automatic switch to the `Recreate` strategy
for the sidekiq Pod in order to prevent accidental concurrency
for the scheduler queue.
* fix(chart): Repair broken DB_POOL variable
Introduction
This is a Helm chart for installing Mastodon into a Kubernetes cluster. The basic usage is:
- edit
values.yaml
or create a separate yaml file for custom values helm dep update
helm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml
This chart is tested with k8s 1.21+ and helm 3.6.0+.
Configuration
The variables that must be configured are:
-
password and keys in the
mastodon.secrets
,postgresql
, andredis
groups; if left blank, some of those values will be autogenerated, but will not persist across upgrades. -
SMTP settings for your mailer in the
mastodon.smtp
group.
Administration
You can run admin CLI commands in the web deployment.
kubectl -n mastodon exec -it deployment/mastodon-web -- bash
tootctl accounts modify admin --reset-password
or
kubectl -n mastodon exec -it deployment/mastodon-web -- tootctl accounts modify admin --reset-password
Missing features
Currently this chart does not support:
- Hidden services
- Swift
Upgrading
Because database migrations are managed as a Job separate from the Rails and Sidekiq deployments, it’s possible they will occur in the wrong order. After upgrading Mastodon versions, it may sometimes be necessary to manually delete the Rails and Sidekiq pods so that they are recreated against the latest migration.
Upgrades in 2.1.0
ingressClassName and tls-acme changes
The annotations previously defaulting to nginx have been removed and support for ingressClassName has been added.
ingress:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
To restore the old functionality simply add the above snippet to your values.yaml
,
but the recommendation is to replace these with ingress.ingressClassName
and use
cert-manager's issuer/cluster-issuer instead of tls-acme.
If you're uncertain about your current setup leave ingressClassName
empty and add
kubernetes.io/tls-acme
to ingress.annotations
in your values.yaml
.
Upgrades in 2.0.0
Fixed labels
Because of the changes in #19706 the upgrade may fail with the following error:
Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"
If you want an easy upgrade and you're comfortable with some downtime then simply delete the -sidekiq, -web, and -streaming Deployments manually.
If you require a no-downtime upgrade then:
- run
helm template
instead ofhelm upgrade
- Copy the new -web and -streaming services into
services.yml
- Copy the new -web and -streaming deployments into
deployments.yml
- Append -temp to the name of each deployment in
deployments.yml
kubectl apply -f deployments.yml
then wait until all pods are readykubectl apply -f services.yml
- Delete the old -sidekiq, -web, and -streaming deployments manually
helm upgrade
like normalkubectl delete -f deployments.yml
to clear out the temporary deployments
PostgreSQL passwords
If you've previously installed the chart and you're having problems with
postgres not accepting your password then make sure to set username
to
postgres
and password
and postgresPassword
to the same passwords.
postgresql:
auth:
username: postgres
password: <same password>
postgresPassword: <same password>
And make sure to set password
to the same value as postgres-password
in your mastodon-postgresql
secret:
kubectl edit secret mastodon-postgresql