mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-21 20:15:10 +01:00
cddcafec31
* fix(chart): Remove non-functional Horizontal Pod Autoscaler
The Horizontal Pod Autoscaler (HPA) refers to a Deployment that
doesn't exist and therefore can not work. As a result it's
pointless to carry it around in this chart and give the wrong
impression it could work. This patch removes it from the helm
chart and drops all references to it.
* refactor(chart): Refactor sidekiq deployments to scale
This patch reworks how the sidekiq deployment is set up, by
splitting it into many sidekiq deployments, but at least one,
which should allow to scale the number of sidekiq jobs as
expected while being friendly to single user instances as well
as larger ones.
Further it introduces per deployment overwrites for the most
relevant pod fields like resources, affinities and processed
queues, number of jobs and the sidekiq security contexts.
The exact implementation was inspired by an upstream issue:
https://github.com/mastodon/mastodon/issues/20453
* fix(chart): Remove linode default values from values
This patch drops the linode defaults from the values.yaml since
these are not obvious and can cause unexpected connections as
well as leaking secrets to linode, when other s3 storage
backends are used and don't explicitly configure these options
by accident.
Mastodon will then try to authenticate to the linode backends
and therefore disclose the authentication secrets.
* refactor(chart): Rework reduce value reference duplication
Since most of the values are simply setup like this:
```
{{- if .Values.someVariable }}
SOME_VARIABLE: {{ .Values.someVariable }}
{{- end }}
```
There is a lot of duplication in the references in order to
full in the variables. There is an equivalent notation, which
reduces the usage of the variable name to just once:
```
{{- with .Values.someVariable }}
SOME_VARIABLE: {{ . }}
{{- end }}
```
What seems like a pointless replacement, will reduce potential
mistakes down the line by possibly only adjusting one of the
two references.
* fix(chart): Switch to new OMNIAUTH_ONLY variable
This patch adjusts the helm chart to use the new `OMNIAUTH_ONLY`
variable, which replaced the former
`OAUTH_REDIRECT_AT_SIGN_IN` variable in the following commit:
https://github.com/mastodon/mastodon/pull/17288
3c8857917e
* fix(chart): Repair connection test to existing service
Currently the connect test can't work, since it's connecting to
a non-existing service this patch fixes the service name to
make the job connect to the mastodon web service to verify the
connection.
* docs(chart): Adjust values.yaml to support helm-docs
This patch updates most values to prepare an introduction of
helm-docs. This should help to make the chart more user
friendly by explaining the variables and provide a standardised
README file, like many other helm charts do.
References:
https://github.com/norwoodj/helm-docs
* refactor(chart): Allow individual overwrites for streaming and web deployment
This patch works how the streaming and web deployments work by
adding various fields to overwrite values such as affinities,
resources, replica count, and security contexts.
BREAKING CHANGE: This commit removes `.Values.replicaCount` in
favour of `.Values.mastodon.web.replicas` and
`.Values.mastodon.streaming.values`.
* feat(chart): Add option for authorized fetch
Currently the helm chart doesn't support authorized fetch aka.
"Secure Mode" this patch fixes that by adding the needed config
option to the values file and the configmap.
* docs(chart): Improve helm-docs compatiblity
This patch adjust a few more comments in the values.yaml to be
picked up by helm-docs. This way, future adoption is properly
prepared.
* fix(chart): Add automatic detection of scheduler sidekiq queue
This patch adds an automatic switch to the `Recreate` strategy
for the sidekiq Pod in order to prevent accidental concurrency
for the scheduler queue.
* fix(chart): Repair broken DB_POOL variable
133 lines
4.9 KiB
YAML
133 lines
4.9 KiB
YAML
{{- $context := . }}
|
|
{{- range .Values.mastodon.sidekiq.workers }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "mastodon.fullname" $context }}-sidekiq-{{ .name }}
|
|
labels:
|
|
{{- include "mastodon.labels" $context | nindent 4 }}
|
|
app.kubernetes.io/component: sidekiq-{{ .name }}
|
|
app.kubernetes.io/part-of: rails
|
|
spec:
|
|
replicas: {{ .replicas }}
|
|
{{- if (has "scheduler" .queues) }}
|
|
strategy:
|
|
type: Recreate
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "mastodon.selectorLabels" $context | nindent 6 }}
|
|
app.kubernetes.io/component: sidekiq-{{ .name }}
|
|
app.kubernetes.io/part-of: rails
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
{{- with $context.Values.podAnnotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
# roll the pods to pick up any db migrations or other changes
|
|
{{- include "mastodon.rollingPodAnnotations" $context | nindent 8 }}
|
|
labels:
|
|
{{- include "mastodon.selectorLabels" $context | nindent 8 }}
|
|
app.kubernetes.io/component: sidekiq-{{ .name }}
|
|
app.kubernetes.io/part-of: rails
|
|
spec:
|
|
{{- with $context.Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "mastodon.serviceAccountName" $context }}
|
|
{{- with (default $context.Values.podSecurityContext $context.Values.mastodon.sidekiq.podSecurityContext) }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with (default (default $context.Values.affinity $context.Values.mastodon.sidekiq.affinity) .affinity) }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if (not $context.Values.mastodon.s3.enabled) }}
|
|
volumes:
|
|
- name: assets
|
|
persistentVolumeClaim:
|
|
claimName: {{ template "mastodon.fullname" $context }}-assets
|
|
- name: system
|
|
persistentVolumeClaim:
|
|
claimName: {{ template "mastodon.fullname" $context }}-system
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ $context.Chart.Name }}
|
|
securityContext:
|
|
{{- toYaml $context.Values.mastodon.sidekiq.securityContext | nindent 12 }}
|
|
image: "{{ $context.Values.image.repository }}:{{ $context.Values.image.tag | default $context.Chart.AppVersion }}"
|
|
imagePullPolicy: {{ $context.Values.image.pullPolicy }}
|
|
command:
|
|
- bundle
|
|
- exec
|
|
- sidekiq
|
|
- -c
|
|
- {{ .concurrency | quote }}
|
|
{{- range .queues }}
|
|
- -q
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
envFrom:
|
|
- configMapRef:
|
|
name: {{ include "mastodon.fullname" $context }}-env
|
|
- secretRef:
|
|
name: {{ template "mastodon.secretName" $context }}
|
|
env:
|
|
- name: "DB_PASS"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "mastodon.postgresql.secretName" $context }}
|
|
key: password
|
|
- name: "REDIS_PASSWORD"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "mastodon.redis.secretName" $context }}
|
|
key: redis-password
|
|
{{- if (and $context.Values.mastodon.s3.enabled $context.Values.mastodon.s3.existingSecret) }}
|
|
- name: "AWS_SECRET_ACCESS_KEY"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ $context.Values.mastodon.s3.existingSecret }}
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
- name: "AWS_ACCESS_KEY_ID"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.mastodon.s3.existingSecret }}
|
|
key: AWS_ACCESS_KEY_ID
|
|
{{- end }}
|
|
{{- if $context.Values.mastodon.smtp.existingSecret }}
|
|
- name: "SMTP_LOGIN"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ $context.Values.mastodon.smtp.existingSecret }}
|
|
key: login
|
|
optional: true
|
|
- name: "SMTP_PASSWORD"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ $context.Values.mastodon.smtp.existingSecret }}
|
|
key: password
|
|
{{- end }}
|
|
{{- if (not $context.Values.mastodon.s3.enabled) }}
|
|
volumeMounts:
|
|
- name: assets
|
|
mountPath: /opt/mastodon/public/assets
|
|
- name: system
|
|
mountPath: /opt/mastodon/public/system
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml (default (default $context.Values.resources $context.Values.mastodon.sidekiq.resources) .resources) | nindent 12 }}
|
|
{{- with $context.Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with $context.Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- end }}
|