Skip to content
Snippets Groups Projects
Verified Commit 8d83e333 authored by Janne Mareike Koschinski's avatar Janne Mareike Koschinski
Browse files

feat: add mastodon chart

parent 12a312c7
Branches
No related tags found
No related merge requests found
Pipeline #2935 passed
......@@ -13,6 +13,7 @@ include:
- /jellyfin/pipeline.yml
- /languagetool/pipeline.yml
- /mailu/pipeline.yml
- /mastodon/pipeline.yml
- /oauth2-proxy/pipeline.yml
- /quassel/pipeline.yml
- /restic/pipeline.yml
......
apiVersion: v2
name: mastodon
description: Helm Chart for mastodon
type: application
version: 0.3.0
appVersion: "v4.0"
lint-mastodon:
stage: lint
rules:
- changes:
- mastodon/**/*
script:
- helm lint mastodon
release-mastodon:
stage: release
needs:
- lint-mastodon
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes:
- mastodon/**/*
script:
- apk add --no-cache git
- helm plugin install https://github.com/chartmuseum/helm-push.git
- helm repo add --username gitlab-ci-token --password $CI_JOB_TOKEN repo ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
- helm cm-push mastodon repo
{{/*
Expand the name of the chart.
*/}}
{{- define "mastodon-helm.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "mastodon-helm.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "mastodon-helm.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "mastodon-helm.labels" -}}
helm.sh/chart: {{ include "mastodon-helm.chart" . }}
{{ include "mastodon-helm.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "mastodon-helm.selectorLabels" -}}
app.kubernetes.io/name: {{ include "mastodon-helm.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- define "mastodon-helm.sslPath" -}}
/certs
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mastodon-helm.fullname" . }}-sidekiq
labels:
component: sidekiq
{{- include "mastodon-helm.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
component: sidekiq
{{- include "mastodon-helm.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
component: sidekiq
{{- include "mastodon-helm.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- name: data
{{- .Values.volumes.data | nindent 10 }}
- name: tmp
emptyDir:
medium: Memory
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.sidekiq.repository }}:{{ .Values.sidekiq.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.sidekiq.pullPolicy }}
command:
- "bundle"
- "exec"
- "sidekiq"
envFrom:
- secretRef:
name: {{ include "mastodon-helm.fullname" . }}
startupProbe:
exec:
command:
- "/bin/sh"
- "-c"
- "ps aux | grep '[s]idekiq\ 6' || false"
livenessProbe:
exec:
command:
- "/bin/sh"
- "-c"
- "ps aux | grep '[s]idekiq\ 6' || false"
readinessProbe:
exec:
command:
- "/bin/sh"
- "-c"
- "ps aux | grep '[s]idekiq\ 6' || false"
resources:
{{- toYaml .Values.sidekiq.resources | nindent 12 }}
volumeMounts:
- mountPath: "/mastodon/public/system"
name: data
- mountPath: "/opt/mastodon/tmp"
name: tmp
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mastodon-helm.fullname" . }}-streaming
labels:
component: streaming
{{- include "mastodon-helm.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
component: streaming
{{- include "mastodon-helm.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
component: streaming
{{- include "mastodon-helm.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- name: tmp
emptyDir:
medium: Memory
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.streaming.repository }}:{{ .Values.streaming.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.streaming.pullPolicy }}
command:
- "node"
- "./streaming"
envFrom:
- secretRef:
name: {{ include "mastodon-helm.fullname" . }}
ports:
- containerPort: 4000
name: websocket
protocol: TCP
startupProbe:
httpGet:
port: websocket
path: /api/v1/streaming/health
livenessProbe:
httpGet:
port: websocket
path: /api/v1/streaming/health
readinessProbe:
httpGet:
port: websocket
path: /api/v1/streaming/health
resources:
{{- toYaml .Values.streaming.resources | nindent 12 }}
volumeMounts:
- mountPath: "/opt/mastodon/tmp"
name: tmp
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mastodon-helm.fullname" . }}-web
labels:
component: web
{{- include "mastodon-helm.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
component: web
{{- include "mastodon-helm.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
component: web
{{- include "mastodon-helm.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- name: data
{{- .Values.volumes.data | nindent 10 }}
- name: tmp
emptyDir:
medium: Memory
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.web.repository }}:{{ .Values.web.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.web.pullPolicy }}
command:
- "bundle"
- "exec"
- "rails"
- "s"
- "-p"
- "3000"
envFrom:
- secretRef:
name: {{ include "mastodon-helm.fullname" . }}
ports:
- containerPort: 3000
name: http
protocol: TCP
startupProbe:
httpGet:
port: http
path: /health
livenessProbe:
httpGet:
port: http
path: /health
readinessProbe:
httpGet:
port: http
path: /health
resources:
{{- toYaml .Values.web.resources | nindent 12 }}
volumeMounts:
- mountPath: "/mastodon/public/system"
name: data
- mountPath: "/opt/mastodon/tmp"
name: tmp
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "mastodon-helm.fullname" . }}
labels:
{{- include "mastodon-helm.labels" . | nindent 4 }}
annotations:
{{- .Values.ingress.annotations | toYaml | nindent 4 }}
spec:
rules:
- host: "{{ .Values.config.domainWeb }}"
http:
paths:
- path: "{{ .Values.ingress.webPath }}"
backend:
service:
name: {{ include "mastodon-helm.fullname" . }}-web
port:
name: http
pathType: Prefix
- path: "{{ .Values.ingress.streamingPath }}"
backend:
service:
name: {{ include "mastodon-helm.fullname" . }}-streaming
port:
name: websocket
pathType: Prefix
- host: "{{ .Values.config.domainHandle }}"
http:
paths:
- path: "/.well-known/webfinger"
backend:
service:
name: {{ include "mastodon-helm.fullname" . }}-web
port:
name: http
pathType: Prefix
apiVersion: v1
kind: Pod
metadata:
name: {{ include "mastodon-helm.fullname" . }}-tootctl
labels:
component: tootctl
{{- include "mastodon-helm.labels" . | nindent 4 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 4 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 4 }}
volumes:
- name: data
{{- .Values.volumes.data | nindent 6 }}
- name: tmp
emptyDir:
medium: Memory
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
image: "{{ .Values.web.repository }}:{{ .Values.web.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.web.pullPolicy }}
command:
- "/bin/sh"
- "-c"
- "while true; do sleep 60; done"
envFrom:
- secretRef:
name: {{ include "mastodon-helm.fullname" . }}
volumeMounts:
- mountPath: "/mastodon/public/system"
name: data
- mountPath: "/opt/mastodon/tmp"
name: tmp
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 4 }}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "mastodon-helm.fullname" . }}
labels:
{{- include "mastodon-helm.labels" . | nindent 4 }}
stringData:
# This is a sample configuration file. You can generate your configuration
# with the `rake mastodon:setup` interactive setup wizard, but to customize
# your setup even further, you'll need to edit it manually. This sample does
# not demonstrate all available configuration options. Please look at
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
# Note that this file accepts slightly different syntax depending on whether
# you are using `docker-compose` or not. In particular, if you use
# `docker-compose`, the value of each declared variable will be taken verbatim,
# including surrounding quotes.
# See: https://github.com/mastodon/mastodon/issues/16895
# Mode
RAILS_ENV: production
NODE_ENV: production
# Federation and access
# ----------
# This identifies your server and cannot be changed safely later
# ----------
LOCAL_DOMAIN: "{{ .Values.config.domainHandle }}"
WEB_DOMAIN: "{{ .Values.config.domainWeb }}"
TRUSTED_PROXY_IP: "{{ .Values.config.trustedSubnet }}"
# Redis
# -----
REDIS_URL: "redis://:{{ .Values.redis.password }}@{{ .Values.redis.hostname }}:{{ .Values.redis.port }}/{{ .Values.redis.database }}"
# PostgreSQL
# ----------
DB_HOST: "{{ .Values.postgres.hostname }}"
DB_PORT: "{{ .Values.postgres.port}}"
DB_USER: "{{ .Values.postgres.username }}"
DB_NAME: "{{ .Values.postgres.database }}"
DB_PASS: "{{ .Values.postgres.password }}"
# Elasticsearch (optional)
# ------------------------
ES_ENABLED: "{{ .Values.elasticsearch.enabled }}"
ES_HOST: "{{ .Values.elasticsearch.hostname }}"
ES_PORT: "{{ .Values.elasticsearch.port }}"
ES_PREFIX: "{{ .Values.elasticsearch.database }}"
# Authentication for ES (optional)
ES_USER: "{{ .Values.elasticsearch.username }}"
ES_PASS: "{{ .Values.elasticsearch.password }}"
# Secrets
# -------
# Make sure to use `rake secret` to generate secrets
# -------
SECRET_KEY_BASE: "{{ .Values.keys.secretKeyBase }}"
OTP_SECRET: "{{ .Values.keys.otpSecret }}"
# Web Push
# --------
# Generate with `rake mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY: "{{ .Values.keys.vapidPrivate }}"
VAPID_PUBLIC_KEY: "{{ .Values.keys.vapidPublic }}"
# Sending mail
# ------------
SMTP_SERVER: "{{ .Values.smtp.hostname }}"
SMTP_PORT: "{{ .Values.smtp.port }}"
SMTP_TLS: "{{ .Values.smtp.tls }}"
SMTP_ENABLE_STARTTLS: "{{ .Values.smtp.startTls }}"
SMTP_LOGIN: "{{ .Values.smtp.username }}"
SMTP_PASSWORD: "{{ .Values.smtp.password }}"
SMTP_FROM_ADDRESS: "{{ .Values.smtp.from }}"
# File storage (optional)
# -----------------------
S3_ENABLED: "{{ .Values.s3.enabled }}"
S3_PROTOCOL: "https"
S3_REGION: "us-east-1"
S3_HOSTNAME: "{{ .Values.s3.hostname }}"
S3_ENDPOINT: "https://{{ .Values.s3.hostname }}"
S3_BUCKET: "{{ .Values.s3.bucket }}"
AWS_ACCESS_KEY_ID: "{{ .Values.s3.accessKey }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.s3.secretKey }}"
#S3_ALIAS_HOST: "{{ .Values.s3.aliasHost }}"
# IP and session retention
# -----------------------
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
# -----------------------
IP_RETENTION_PERIOD: "31556952"
SESSION_RETENTION_PERIOD: "31556952"
apiVersion: v1
kind: Service
metadata:
name: {{ include "mastodon-helm.fullname" . }}-streaming
labels:
component: streaming
{{- include "mastodon-helm.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: 4000
targetPort: websocket
protocol: TCP
name: websocket
selector:
component: streaming
{{- include "mastodon-helm.selectorLabels" . | nindent 4 }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "mastodon-helm.fullname" . }}-web
labels:
component: web
{{- include "mastodon-helm.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
component: web
{{- include "mastodon-helm.selectorLabels" . | nindent 4 }}
replicaCount: 1
imagePullSecrets: [ ]
nameOverride: ""
fullnameOverride: ""
web:
repository: tootsuite/mastodon
pullPolicy: IfNotPresent
tag: ""
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 10m
memory: 64Mi
streaming:
repository: tootsuite/mastodon
pullPolicy: IfNotPresent
tag: ""
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 10m
memory: 64Mi
sidekiq:
repository: tootsuite/mastodon
pullPolicy: IfNotPresent
tag: ""
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 10m
memory: 64Mi
config:
domainHandle: "example.com"
domainWeb: "mastodon.example.com"
trustedSubnet: "127.0.0.1"
keys:
# Make sure to use `rake secret` to generate secrets
secretKeyBase: ""
otpSecret: ""
# Generate with `rake mastodon:webpush:generate_vapid_key`
vapidPrivate: ""
vapidPublic: ""
redis:
hostname: "example.com"
port: 6379
database: 0
password: "hunter2"
postgres:
hostname: "example.com"
port: 5432
database: "mastodon"
username: "mastodon"
password: "hunter2"
elasticsearch:
enabled: false
hostname: "example.com"
port: 80
database: "mastodon"
username: "mastodon"
password: "hunter2"
smtp:
hostname: "example.com"
port: 465
username: "notifications"
password: "hunter2"
tls: false
startTls: "auto" # auto, always, never
from: "notifications@example.com"
s3:
enabled: false
hostname: "s3.example.com"
bucket: "mastodon"
accessKey: "mastodon"
secretKey: "hunter2"
aliasHost: "mastodon.s3.example.com"
volumes:
data: |-
emptyDir: {}
service:
type: ClusterIP
ingress:
webPath: "/"
streamingPath: "/streaming"
annotations: { }
podAnnotations: { }
podSecurityContext:
fsGroup: 2000
securityContext:
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
nodeSelector: { }
tolerations: [ ]
affinity: { }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment