README.md



mastodon
  
Mastodon is a free, open-source social network server based on ActivityPub.
Homepage: https://joinmastodon.org

Source Code

https://github.com/mastodon/mastodon
https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/mastodon


Requirements


Repository
Name
Version


https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
elasticsearch
19.11.1


https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
postgresql
11.9.13


https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
redis
18.0.2


Values


Key
Type
Default
Description


affinity
object
{}
Affinity for all pods unless overwritten


elasticsearch
object
{}
https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters


externalAuth.cas.enabled
bool
false


externalAuth.ldap.enabled
bool
false


externalAuth.oauth_global.omniauth_only
bool
false
Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In


externalAuth.oidc.enabled
bool
false
OpenID Connect support is proposed in PR #16221 and awaiting merge.


externalAuth.pam.enabled
bool
false


externalAuth.saml.enabled
bool
false


image.pullPolicy
string
"IfNotPresent"


image.repository
string
"ghcr.io/mastodon/mastodon"


image.tag
string
""


ingress.annotations
string
nil


ingress.enabled
bool
true


ingress.hosts[0].host
string
"mastodon.local"


ingress.hosts[0].paths[0].path
string
"/"


ingress.ingressClassName
string
nil
you can specify the ingressClassName if it differs from the default


ingress.tls[0].hosts[0]
string
"mastodon.local"


ingress.tls[0].secretName
string
"mastodon-tls"


jobAnnotations
object
{}
The annotations set with jobAnnotations will be added to all job pods.


mastodon.authorizedFetch
bool
false
Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch


mastodon.createAdmin
object
{}
create an initial administrator user; the password is autogenerated and will have to be reset


mastodon.cron.removeMedia
object
{}
run tootctl media remove every week


mastodon.disallowUnauthenticatedAPIAccess
bool
false
Restores previous behaviour of "Secure Mode"


mastodon.local_domain
string
"mastodon.local"


mastodon.locale
string
"en"
available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71


mastodon.metrics.statsd.address
string
""
Enable statsd publishing via STATSD_ADDR environment variable


mastodon.persistence.assets.accessMode
string
"ReadWriteOnce"
ReadWriteOnce is more widely supported than ReadWriteMany, but limits scalability, since it requires the Rails and Sidekiq pods to run on the same node.


mastodon.persistence.assets.resources.requests.storage
string
"10Gi"


mastodon.persistence.system.accessMode
string
"ReadWriteOnce"


mastodon.persistence.system.resources.requests.storage
string
"100Gi"


mastodon.preparedStatements
bool
true
Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements


mastodon.s3.access_key
string
""


mastodon.s3.access_secret
string
""


mastodon.s3.alias_host
string
""
If you have a caching proxy, enter its base URL here.


mastodon.s3.bucket
string
""


mastodon.s3.enabled
bool
false


mastodon.s3.endpoint
string
""


mastodon.s3.existingSecret
string
""
you can also specify the name of an existing Secret with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY


mastodon.s3.hostname
string
""


mastodon.s3.region
string
""


mastodon.secrets.existingSecret
string
""
you can also specify the name of an existing Secret with keys SECRET_KEY_BASE and OTP_SECRET and VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY


mastodon.secrets.otp_secret
string
""


mastodon.secrets.secret_key_base
string
""


mastodon.secrets.vapid.private_key
string
""


mastodon.secrets.vapid.public_key
string
""


mastodon.sidekiq.affinity
object
{}
Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity


mastodon.sidekiq.podSecurityContext
object
{}
Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext


mastodon.sidekiq.resources
object
{}
Resources for all Sidekiq Deployments unless overwritten


mastodon.sidekiq.securityContext
Sidekiq Container
{}
Security Context for all Pods, overwrites .Values.securityContext


mastodon.sidekiq.workers[0].affinity
object
{}
Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity


mastodon.sidekiq.workers[0].concurrency
int
25
Number of threads / parallel sidekiq jobs that are executed per Pod


mastodon.sidekiq.workers[0].name
string
"all-queues"


mastodon.sidekiq.workers[0].queues
list
["default,8","push,6","ingress,4","mailers,2","pull","scheduler"]
Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument


mastodon.sidekiq.workers[0].replicas
int
1
Number of Pod replicas deployed by the Deployment


mastodon.sidekiq.workers[0].resources
object
{}
Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources


mastodon.singleUserMode
bool
false
If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.


mastodon.smtp.auth_method
string
"plain"


mastodon.smtp.ca_file
string
"/etc/ssl/certs/ca-certificates.crt"


mastodon.smtp.delivery_method
string
"smtp"


mastodon.smtp.domain
string
nil


mastodon.smtp.enable_starttls
string
"auto"


mastodon.smtp.existingSecret
string
nil
you can also specify the name of an existing Secret with the keys login and password


mastodon.smtp.from_address
string
"notifications@example.com"


mastodon.smtp.login
string
nil


mastodon.smtp.openssl_verify_mode
string
"peer"


mastodon.smtp.password
string
nil


mastodon.smtp.port
int
587


mastodon.smtp.reply_to
string
nil


mastodon.smtp.server
string
"smtp.mailgun.org"


mastodon.smtp.tls
bool
false


mastodon.streaming.affinity
object
{}
Affinity for Streaming Pods, overwrites .Values.affinity


mastodon.streaming.base_url
string
nil
The base url for streaming can be set if the streaming API is deployed to a different domain/subdomain.


mastodon.streaming.podSecurityContext
object
{}
Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext


mastodon.streaming.port
int
4000


mastodon.streaming.replicas
int
1
Number of Streaming Pods running


mastodon.streaming.resources
Streaming Container
{}
Resources for Streaming Pods, overwrites .Values.resources


mastodon.streaming.securityContext
Streaming Container
nil
Security Context for Streaming Pods, overwrites .Values.securityContext


mastodon.streaming.workers
int
1
this should be set manually since os.cpus() returns the number of CPUs on the node running the pod, which is unrelated to the resources allocated to the pod by k8s


mastodon.web.affinity
object
{}
Affinity for Web Pods, overwrites .Values.affinity


mastodon.web.podSecurityContext
object
{}
Pod Security Context for Web Pods, overwrites .Values.podSecurityContext


mastodon.web.port
int
3000


mastodon.web.replicas
int
1
Number of Web Pods running


mastodon.web.resources
Web Container
{}
Resources for Web Pods, overwrites .Values.resources


mastodon.web.securityContext
Web Container
{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true}
Security Context for Web Pods, overwrites .Values.securityContext


mastodon.web_domain
string
nil
Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described Example: mastodon.example.com


podAnnotations
object
{}
Kubernetes manages pods for jobs and pods for deployments differently, so you might need to apply different annotations to the two different sets of pods. The annotations set with podAnnotations will be added to all deployment-managed pods.


podSecurityContext
object
{"allowPrivilegeEscalation":false,"fsGroup":991,"runAsGroup":991,"runAsNonRoot":true,"runAsUser":991,"seccompProfile":{"type":"RuntimeDefault"}}

https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75  if you manually change the UID/GID environment variables, ensure these values match:


postgresql.auth.database
string
"mastodon_production"


postgresql.auth.existingSecret
string
""


postgresql.auth.password
string
""


postgresql.auth.username
string
"mastodon"


postgresql.enabled
bool
true
disable if you want to use an existing db; in which case the values below must match those of that external postgres instance


redis.auth.existingSecret
string
nil


redis.auth.existingSecretPasswordKey
string
nil


redis.auth.password
string
""
you must set a password; the password generated by the redis chart will be rotated on each upgrade:


redis.enabled
bool
true
disable if you want to use an existing redis; in which case the values below must match those of that external redis instance


redis.host
string
nil
hostname, usually service, that provides redis


redis.port
string
"6379"
port at which redis is available


redis.redisUrl
string
nil
redisUrl overwrites redis.host and redis.port. It allows to use sentinal redis installations


resources
object
{}
Default resources for all Deployments and jobs unless overwritten


serviceAccount.annotations
object
{}
Annotations to add to the service account


serviceAccount.create
bool
true
Specifies whether a service account should be created


serviceAccount.name
string
""
The name of the service account to use. If not set and create is true, a name is generated using the fullname template


Autogenerated from chart metadata using helm-docs v1.11.0