Commit graph

58 commits

Author SHA1 Message Date
Erik Sundell
58d4f53888 helm: cleanup helm chart, now in mastodon/chart (#21801) 2022-12-09 06:36:29 +01:00
Chris Funderburg
b8a15348ea Fix the command to create the admin user (#19827)
* fix the command to create the admin user

* change Admin to Owner
2022-11-24 21:32:03 +01:00
Sheogorath
256f04d104 Helm: Major refactoring regarding Deployments, Environment variables and more (#20733)
* fix(chart): Remove non-functional Horizontal Pod Autoscaler

The Horizontal Pod Autoscaler (HPA) refers to a Deployment that
doesn't exist and therefore can not work. As a result it's
pointless to carry it around in this chart and give the wrong
impression it could work. This patch removes it from the helm
chart and drops all references to it.

* refactor(chart): Refactor sidekiq deployments to scale

This patch reworks how the sidekiq deployment is set up, by
splitting it into many sidekiq deployments, but at least one,
which should allow to scale the number of sidekiq jobs as
expected while being friendly to single user instances as well
as larger ones.

Further it introduces per deployment overwrites for the most
relevant pod fields like resources, affinities and processed
queues, number of jobs and the sidekiq security contexts.

The exact implementation was inspired by an upstream issue:

https://github.com/mastodon/mastodon/issues/20453

* fix(chart): Remove linode default values from values

This patch drops the linode defaults from the values.yaml since
these are not obvious and can cause unexpected connections as
well as leaking secrets to linode, when other s3 storage
backends are used and don't explicitly configure these options
by accident.

Mastodon will then try to authenticate to the linode backends
and therefore disclose the authentication secrets.

* refactor(chart): Rework reduce value reference duplication

Since most of the values are simply setup like this:

```
{{- if .Values.someVariable }}
SOME_VARIABLE: {{ .Values.someVariable }}
{{- end }}
```

There is a lot of duplication in the references in order to
full in the variables. There is an equivalent notation, which
reduces the usage of the variable name to just once:

```
{{- with .Values.someVariable }}
SOME_VARIABLE: {{ . }}
{{- end }}
```

What seems like a pointless replacement, will reduce potential
mistakes down the line by possibly only adjusting one of the
two references.

* fix(chart): Switch to new OMNIAUTH_ONLY variable

This patch adjusts the helm chart to use the new `OMNIAUTH_ONLY`
variable, which replaced the former
`OAUTH_REDIRECT_AT_SIGN_IN` variable in the following commit:

https://github.com/mastodon/mastodon/pull/17288
3c8857917e

* fix(chart): Repair connection test to existing service

Currently the connect test can't work, since it's connecting to
a non-existing service this patch fixes the service name to
make the job connect to the mastodon web service to verify the
connection.

* docs(chart): Adjust values.yaml to support helm-docs

This patch updates most values to prepare an introduction of
helm-docs. This should help to make the chart more user
friendly by explaining the variables and provide a standardised
README file, like many other helm charts do.

References:
https://github.com/norwoodj/helm-docs

* refactor(chart): Allow individual overwrites for streaming and web deployment

This patch works how the streaming and web deployments work by
adding various fields to overwrite values such as affinities,
resources, replica count, and security contexts.

BREAKING CHANGE: This commit removes `.Values.replicaCount` in
favour of `.Values.mastodon.web.replicas` and
`.Values.mastodon.streaming.values`.

* feat(chart): Add option for authorized fetch

Currently the helm chart doesn't support authorized fetch aka.
"Secure Mode" this patch fixes that by adding the needed config
option to the values file and the configmap.

* docs(chart): Improve helm-docs compatiblity

This patch adjust a few more comments in the values.yaml to be
picked up by helm-docs. This way, future adoption is properly
prepared.

* fix(chart): Add automatic detection of scheduler sidekiq queue

This patch adds an automatic switch to the `Recreate` strategy
for the sidekiq Pod in order to prevent accidental concurrency
for the scheduler queue.

* fix(chart): Repair broken DB_POOL variable
2022-11-24 21:30:29 +01:00
Alex Nordlund
7619476cf1 Bump Helm chart version to account for mastodon 4 (#20886) 2022-11-17 10:53:04 +01:00
Effy Elden
df66c290c0 Bump Helm app version to 4.0.2 (#20697)
* Bump Helm app version to 4.0.1

* Bump Helm app version to 4.0.1
2022-11-16 11:59:28 +01:00
Erik Sundell
6a2a65dfc2 helm: Add helm chart tests (#20394)
* helm: Fix consistent list indentation

* helm: Add helm lint and helm template tests

* helm: Add helm template --validate test

* helm: Add helm install test
2022-11-13 22:22:07 +01:00
Cees-Jan Kiewiet
6ca08a018f Add the option to configure external postgresql port (#20370)
While the normal assumption of port `5432` for a postgresql server is pretty reliable I found that DigitalOcean puts them on a somewhat random port. This adds the ability to specify the port in the helm chart.
2022-11-13 21:06:03 +01:00
Alex Nordlund
96d24d55b8 Helm: support statsd publishing (#20455)
* Allow statsd publishing from Helm

* Apply suggestions from code review

Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>

Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>
2022-11-13 21:05:30 +01:00
Alex Nordlund
beb7935324 Uppercase chart readme.md to help tools discover it (#20438) 2022-11-12 05:11:07 +01:00
Erik Sundell
8aef91d405 helm: fix consistent indentation, chomping, and use of with (#19918) 2022-11-10 23:24:39 +01:00
F
24af2c05bc Make enable_starttls configurable by envvars (#20321)
ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting
three values: 'auto' (the default), 'always', and 'never'. If
ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In
this way, this change should be fully backwards compatible.

Resolves #20311
2022-11-10 21:06:21 +01:00
Alex Nordlund
88976fb615 Update Helm README and bump version (#20346)
* Update Helm chart README and comments in values.yaml

* Bump next Helm chart to 2.2.0
2022-11-10 20:25:23 +01:00
Joe Friedl
f0fa19d118 Give web container time to start (#19828) 2022-11-10 19:16:49 +01:00
mickkael
3e1ad1516a Helm chart improved for ingress (#19826)
* ingressClassName

* ingress values must be optional
2022-11-10 19:11:25 +01:00
Alex Nordlund
32aa705cdf Bump next Helm chart to 2.1.0 (#20155) 2022-11-10 19:10:49 +01:00
Sheogorath
c7effae6d4 fix(chart): Fix gitops-incompatible random rolling (#20184)
This patch reworks the Pod rolling mechanism, which is supposed to update Pods
with each migration run, but since the it generates a new random value on each
helm execution, this will constantly roll all pods in a GitOps driven deployment,
which reconciles the helm release.

This is resolved by fixing the upgrade to the `.Release.Revision`, which should
stay identical, unless config or helm release version have been changed. Further
it introduces automatic rolls based on adjustments to the environment variables
and secrets.

The implementation uses a helper template, following the 1-2-N rule, and omitting
code duplication.

References:
https://helm.sh/docs/chart_template_guide/builtin_objects/
https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
2022-11-10 19:10:38 +01:00
Alex Nordlund
5667b8ea81 Helm update readme.md (#20154)
* gitignore packaged helm charts

* Add upgrade instructions to helm chart/readme.md

* Note Helm secret changes that are necessary on failed upgrades
2022-11-10 19:09:54 +01:00
Alex Nordlund
a6bd6f5b6a Assign unique set of labels to k8s deployments #19703 (#19706) 2022-11-08 17:21:06 +01:00
Sheogorath
bb6f2e952d chore(chart): Update appVersion in helm chart (#19653)
This patch updates the helm chart appVersion to the current release and
removes the additional definition in the image tag field, to reduce
duplication.

Since the image will automatically default to the Charts' app version
anyway and this is the more common place to specifiy application
versions for helm charts, this patch switches the prefering this field.

The reason why to use the tag field for the chart itself, seems to be
gone. Since renovatebot is no longer used.
2022-11-08 17:20:34 +01:00
Moritz Hedtke
43284c37ef helm: Fix ingress pathType (#19729) 2022-11-08 17:20:09 +01:00
Alex Nordlund
b02f54b301 Roll pods to pick up db migrations even if podAnnotations is empty (#19702) 2022-11-08 17:19:14 +01:00
Alex Nordlund
4e9d05bee8 Fix helm postgresql secret (#19678)
* Revert "Fix helm chart use of Postgres Password (#19537)"

This reverts commit 6682f12a9e.

* Revert "Fix PostgreSQL password reference for jobs (#19504)"

This reverts commit d6618048b7.

* Revert "Fix PostgreSQL password reference (#19502)"

This reverts commit e330a3b107.

* Correct default username in postgresql auth
2022-11-08 17:18:57 +01:00
k.bigwheel (kazufumi nishida)
9b550e1734 Add postgresql password settings hint (#19112) 2022-11-08 17:18:22 +01:00
Moritz Hedtke
661c42fc52 helm: Add documentation to run tootctl commands (#19791) 2022-11-05 21:19:25 +01:00
Alex Nordlund
b91c8ec3dc Add S3 existing secret to sidekiq (#19778) 2022-11-05 17:29:20 +01:00
Ben Hardill
6682f12a9e Fix helm chart use of Postgres Password (#19537)
Fixes #19536
2022-10-30 01:30:16 +02:00
Kangwook Lee (이강욱)
d6618048b7 Fix PostgreSQL password reference for jobs (#19504) 2022-10-28 16:40:47 +02:00
Kangwook Lee (이강욱)
8b1389d147 Add option to enable single user mode (#19503) 2022-10-28 16:29:00 +02:00
Kangwook Lee (이강욱)
e330a3b107 Fix PostgreSQL password reference (#19502) 2022-10-28 16:21:58 +02:00
Jeremy Kescher
6c9b83cb08 Remove/update old "tootsuite" references, except those needed for Docker (#19327) 2022-10-10 00:33:38 +02:00
James Smith
66794c052e Mark job pods not to use Istio's envoy sidecar (#18415)
* Mark job pods not to use Istio's envoy sidecar

Istio injects sidecars into pods to implement mTLS between pods. Jobs
usually don't know about this, so they don't signal the Envoy process
to stop when the job finishes. Since at least one process is running
in the pod, Kubernetes doesn't consider the job to be completed, so it
lingers.

By adding the `sidecar.istio.io/inject` annotation set to `"false"`,
we let Istio know that it should not inject the sidecar. If Istio is
not installed, then this has no impact.

* Support arbitrary job annotations in the Helm chart

Rather than focus on Istio, this allows arbitrary annotations for job pods.

* Add in-line documentation for pod/job annotations
2022-08-25 04:40:38 +02:00
Alex Nordlund
42ef7b3705 Allow S3 to use an existing secret (#18997) 2022-08-25 04:39:11 +02:00
Alex Nordlund
307854fa78 Fix broken dependencies in helm chart and allow using existing secrets in the chart (#18941)
* Add ability to specify an existing Secret (#18139)

Closes #18139

* Allow using secrets with external postgres

* Upgrade CronJob to batch/v1

* Allow using redis.auth.existingSecret

* Helmignore mastodon-*.tgz for easy local development

* Upgrade helm dependencies

* Upgrade postgresql to 11

* Allow putting SMTP password into a secret

* Add optional login to SMTP secret

This to allow setting LOGIN either in values.yaml or
in the secret.

* Switch to bitnami charts full archive

This prevents older versions from disappearing, see
https://github.com/bitnami/charts/issues/10539 for
full context.

Co-authored-by: Ted Tramonte <ted.tramonte@gmail.com>
2022-08-10 17:12:58 +02:00
James Smith
d0be8f6c99 Support STREAMING_API_BASE_URL in Helm Chart (#18408)
This adds a mastodon.streaming.base_url setting in the Helm chart values
file to allow setting the STREAMING_API_BASE_URL in the Mastodon environnment
config map.
2022-05-14 10:03:44 +02:00
Claire
ea99b93364 Bump version to 3.5.2 (#18295)
* Bump version to 3.5.2

* Change some entries to be more clear

* Add some extra notes

* Fix line wrap

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-05-04 00:57:42 +02:00
Alexandra Catalina
028f759564 chore(deps): update tootsuite/mastodon docker tag to v3.5.1 (#18023)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-12 03:26:50 +02:00
bobbyd0g
05f68f4d29 Helm chart SSO support (#17205)
* Add SAML support

* move extAuth below essential components

* Add CAS, PAM, LDAP support

* Add WEB_DOMAIN and S3_ALIAS_HOST support

* SAML defaults aligned

* Bump chart version

* SSO & WEB_DOMAIN support added

* Add OIDC support

* Correct typo

* Notice for OIDC support

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-02-11 15:01:40 +01:00
Takuya Yoshida
f136ee3f43 Add support >= 1.22 (#17490) 2022-02-09 12:30:00 +01:00
Alexandra Catalina
58db467b01 Update tootsuite/mastodon Docker tag to v3.4.6 (#17436)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-03 21:29:20 +01:00
Alexandra Catalina
a8aba8a526 Update tootsuite/mastodon Docker tag to v3.4.5 (#17417)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-01 20:57:50 +01:00
Alexandra Catalina
8692e02da5 helm: upgrade elasticsearch to 7.x (#17262) 2022-01-09 03:21:19 +01:00
Alexandra Catalina
777075f322 Update tootsuite/mastodon Docker tag to v3.4.4 (#17065)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-27 03:06:39 +01:00
Alexandra Catalina
3d84197e34 Update Helm release elasticsearch to v15.10.3 (#16651)
this is a backwards-compatible upgrade: https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#to-1500

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-10-14 21:01:27 +02:00
Alexandra Catalina
b98417806e helm: set default SMTP_CA_FILE (#16750)
https://github.com/mastodon/mastodon/pull/10857
2021-09-20 02:23:44 +02:00
Alexandra Catalina
0eb7728a63 helm: upgrade elasticsearch chart to 14 (#15767) 2021-03-12 05:39:09 +01:00
Alex Dunn
10112b556d helm: pin versions, commit lockfile (#15749) 2021-02-19 09:56:40 +01:00
Alex Dunn
a2a40ed236 helm: add support for S3 storage (#15748) 2021-02-19 09:52:32 +01:00
Alex Dunn
4c665f929e helm: standardize yaml configuration (#15728)
- move application variables under `mastodon` namespace
- restore standard yaml structure for ingress configuration
- move values.yaml.template to values.yaml
2021-02-15 08:00:54 +01:00
Alex Dunn
bad5cb7a06 helm: add option for external db (#15722) 2021-02-14 20:16:32 +01:00
Eugen Rochko
4e399d480e Forward-port v3.2.2 changelog (#15370) 2020-12-19 03:13:50 +01:00