Skip to content
Snippets Groups Projects
Verified Commit ab86c482 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

fix(mastodon): Use correct values definition

parent b0db681c
No related branches found
No related tags found
No related merge requests found
Pipeline #18401 passed
Stage: lint
Stage: build
Hide whitespace changes
Inline Side-by-side
Showing
with 593 additions and 3 deletions
charts/mastodon/Chart.yaml
+ 1
1
View file @ ab86c482
......@@ -17,7 +17,7 @@ annotations:
- name: support
url: https://matrix.to/#/#mastodon-on-kubernetes:shivering-isles.com
type: application
version: 7.2.0
version: 7.2.1
kubeVersion: ">= 1.23"
# renovate: image=ghcr.io/mastodon/mastodon
appVersion: "v4.1.9"
......
charts/mastodon/README.md
+ 1
1
View file @ ab86c482
# mastodon
![Version: 7.2.0](https://img.shields.io/badge/Version-7.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.1.9](https://img.shields.io/badge/AppVersion-v4.1.9-informational?style=flat-square)
![Version: 7.2.1](https://img.shields.io/badge/Version-7.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.1.9](https://img.shields.io/badge/AppVersion-v4.1.9-informational?style=flat-square)
Mastodon is a free, open-source social network server based on ActivityPub.
......
charts/mastodon/templates/deployment-web.yaml
+ 1
1
View file @ ab86c482
......@@ -36,7 +36,7 @@ spec:
volumes:
{{- include "mastodon.nonS3MediaVolumes" . | nindent 8 }}
- name: tmp
{{- toYaml .Values.mastodon.sidekiq.temporaryVolumeTemplate | nindent 10 }}
{{- toYaml .Values.mastodon.web.temporaryVolumeTemplate | nindent 10 }}
containers:
- name: {{ .Chart.Name }}-web
{{- with (deepCopy .Values.securityContext | mergeOverwrite .Values.mastodon.web.securityContext) }}
......
charts/mastodon/tests/50_sidekiq_test.yaml
+ 22
0
View file @ ab86c482
......@@ -92,4 +92,26 @@ tests:
appVersion: 4.5.6
asserts:
- matchSnapshot: {}
- it: allows to modify the temporaryVolumeTemplate correctly
values:
- mocks/dev.yaml
- mocks/sidekiq.yaml
set:
mastodon:
sidekiq:
temporaryVolumeTemplate:
emptydir: null
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
chart:
version: 1.2.3
appVersion: 4.5.6
asserts:
- matchSnapshot: {}
charts/mastodon/tests/50_web_test.yaml
+ 29
0
View file @ ab86c482
......@@ -57,3 +57,32 @@ tests:
path: spec.rules[0].http.paths[0].backend.service.name
value: RELEASE-NAME-mastodon-web
template: ingress.yaml
- it: should allow manipulating the temporaryVolumeTemplate
values:
- mocks/dev.yaml
set:
mastodon:
# sidekiq:
# temporaryVolumeTemplate:
# emptydir: null
# some:
# nonsense: true
web:
temporaryVolumeTemplate:
emptydir: null
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
chart:
version: 1.2.3
appVersion: 4.5.6
capabilities:
apiVersions:
- networking.k8s.io/v1/Ingress
asserts:
- matchSnapshot: {}
charts/mastodon/tests/__snapshot__/50_sidekiq_test.yaml.snap
+ 295
0
View file @ ab86c482
allows to modify the temporaryVolumeTemplate correctly:
1: |
apiVersion: v1
data:
DB_HOST: RELEASE-NAME-postgresql
DB_NAME: mastodon_production
DB_POOL: "25"
DB_PORT: "5432"
DB_USER: mastodon
DEFAULT_LOCALE: en
ES_ENABLED: "true"
ES_HOST: RELEASE-NAME-elasticsearch-master-hl
ES_PORT: "9200"
LOCAL_DOMAIN: mastodon.local
MALLOC_ARENA_MAX: "2"
NODE_ENV: production
PREPARED_STATEMENTS: "true"
RAILS_ENV: production
REDIS_HOST: RELEASE-NAME-redis-master
REDIS_PORT: "6379"
SMTP_AUTH_METHOD: plain
SMTP_CA_FILE: /etc/ssl/certs/ca-certificates.crt
SMTP_DELIVERY_METHOD: smtp
SMTP_ENABLE_STARTTLS: auto
SMTP_FROM_ADDRESS: notifications@example.com
SMTP_OPENSSL_VERIFY_MODE: peer
SMTP_PORT: "587"
SMTP_SERVER: smtp.mailgun.org
STREAMING_CLUSTER_NUM: "1"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-env
2: |
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: sidekiq-scheduler
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-sidekiq-scheduler
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: sidekiq-scheduler
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
strategy:
type: Recreate
template:
metadata:
annotations:
checksum/config-configmap: 6171320454845e8c5c867b5db63251ff95089e25c0200ca8f72d6bb9f6535726
checksum/config-secrets: c0d40e352ffcd2127af550b605bb0464640cd2960d007d940960d3d69d3c6aa4
labels:
app.kubernetes.io/component: sidekiq-scheduler
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
spec:
containers:
- command:
- bundle
- exec
- sidekiq
- -c
- "25"
- -q
- scheduler
env:
- name: DB_PASS
valueFrom:
secretKeyRef:
key: password
name: RELEASE-NAME-postgresql
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: RELEASE-NAME-redis
envFrom:
- configMapRef:
name: RELEASE-NAME-mastodon-env
- secretRef:
name: RELEASE-NAME-mastodon
image: ghcr.io/mastodon/mastodon:4.5.6
imagePullPolicy: IfNotPresent
name: mastodon
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /opt/mastodon/public/assets
name: assets
- mountPath: /opt/mastodon/public/system
name: system
- mountPath: /tmp
name: tmp
securityContext:
fsGroup: 991
runAsGroup: 991
runAsNonRoot: true
runAsUser: 991
seccompProfile:
type: RuntimeDefault
serviceAccountName: RELEASE-NAME-mastodon
volumes:
- name: assets
persistentVolumeClaim:
claimName: RELEASE-NAME-mastodon-assets
- name: system
persistentVolumeClaim:
claimName: RELEASE-NAME-mastodon-system
- ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
name: tmp
3: |
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: sidekiq-default
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-sidekiq-default
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/component: sidekiq-default
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
template:
metadata:
annotations:
checksum/config-configmap: 6171320454845e8c5c867b5db63251ff95089e25c0200ca8f72d6bb9f6535726
checksum/config-secrets: c0d40e352ffcd2127af550b605bb0464640cd2960d007d940960d3d69d3c6aa4
labels:
app.kubernetes.io/component: sidekiq-default
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
spec:
containers:
- command:
- bundle
- exec
- sidekiq
- -c
- "25"
- -q
- default
env:
- name: DB_PASS
valueFrom:
secretKeyRef:
key: password
name: RELEASE-NAME-postgresql
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: RELEASE-NAME-redis
envFrom:
- configMapRef:
name: RELEASE-NAME-mastodon-env
- secretRef:
name: RELEASE-NAME-mastodon
image: ghcr.io/mastodon/mastodon:4.5.6
imagePullPolicy: IfNotPresent
name: mastodon
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /opt/mastodon/public/assets
name: assets
- mountPath: /opt/mastodon/public/system
name: system
- mountPath: /tmp
name: tmp
securityContext:
fsGroup: 991
runAsGroup: 991
runAsNonRoot: true
runAsUser: 991
seccompProfile:
type: RuntimeDefault
serviceAccountName: RELEASE-NAME-mastodon
volumes:
- name: assets
persistentVolumeClaim:
claimName: RELEASE-NAME-mastodon-assets
- name: system
persistentVolumeClaim:
claimName: RELEASE-NAME-mastodon-system
- ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
name: tmp
4: |
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: sidekiq-scheduler
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-sidekiq-scheduler
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/component: sidekiq-scheduler
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
5: |
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: sidekiq-default
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-sidekiq-default
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/component: sidekiq-default
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
6: |
apiVersion: v1
data:
OTP_SECRET: ZHVtbXktb3RwX3NlY3JldA==
SECRET_KEY_BASE: ZHVtbXktc2VjcmV0X2tleV9iYXNl
VAPID_PRIVATE_KEY: ZHVtbXktdmFwaWQtcHJpdmF0ZV9rZXk=
VAPID_PUBLIC_KEY: ZHVtbXktdmFwaWQtcHVibGljX2tleQ==
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon
type: Opaque
renders temporaryVolumeTemplate correctly:
1: |
apiVersion: v1
......
charts/mastodon/tests/__snapshot__/50_web_test.yaml.snap
+ 244
0
View file @ ab86c482
should allow manipulating the temporaryVolumeTemplate:
1: |
apiVersion: v1
data:
DB_HOST: RELEASE-NAME-postgresql
DB_NAME: mastodon_production
DB_POOL: "25"
DB_PORT: "5432"
DB_USER: mastodon
DEFAULT_LOCALE: en
ES_ENABLED: "true"
ES_HOST: RELEASE-NAME-elasticsearch-master-hl
ES_PORT: "9200"
LOCAL_DOMAIN: mastodon.local
MALLOC_ARENA_MAX: "2"
NODE_ENV: production
PREPARED_STATEMENTS: "true"
RAILS_ENV: production
REDIS_HOST: RELEASE-NAME-redis-master
REDIS_PORT: "6379"
SMTP_AUTH_METHOD: plain
SMTP_CA_FILE: /etc/ssl/certs/ca-certificates.crt
SMTP_DELIVERY_METHOD: smtp
SMTP_ENABLE_STARTTLS: auto
SMTP_FROM_ADDRESS: notifications@example.com
SMTP_OPENSSL_VERIFY_MODE: peer
SMTP_PORT: "587"
SMTP_SERVER: smtp.mailgun.org
STREAMING_CLUSTER_NUM: "1"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-env
2: |
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-web
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: web
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
template:
metadata:
annotations:
checksum/config-configmap: 6171320454845e8c5c867b5db63251ff95089e25c0200ca8f72d6bb9f6535726
checksum/config-secrets: c0d40e352ffcd2127af550b605bb0464640cd2960d007d940960d3d69d3c6aa4
labels:
app.kubernetes.io/component: web
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
spec:
containers:
- command:
- bundle
- exec
- puma
- -C
- config/puma.rb
env:
- name: DB_PASS
valueFrom:
secretKeyRef:
key: password
name: RELEASE-NAME-postgresql
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: RELEASE-NAME-redis
- name: PORT
value: "3000"
envFrom:
- configMapRef:
name: RELEASE-NAME-mastodon-env
- secretRef:
name: RELEASE-NAME-mastodon
image: ghcr.io/mastodon/mastodon:4.5.6
imagePullPolicy: IfNotPresent
livenessProbe:
tcpSocket:
port: http
name: mastodon-web
ports:
- containerPort: 3000
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: http
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
startupProbe:
failureThreshold: 30
httpGet:
path: /health
port: http
periodSeconds: 5
volumeMounts:
- mountPath: /opt/mastodon/public/assets
name: assets
- mountPath: /opt/mastodon/public/system
name: system
- mountPath: /tmp
name: tmp
securityContext:
fsGroup: 991
runAsGroup: 991
runAsNonRoot: true
runAsUser: 991
seccompProfile:
type: RuntimeDefault
serviceAccountName: RELEASE-NAME-mastodon
volumes:
- name: assets
persistentVolumeClaim:
claimName: RELEASE-NAME-mastodon-assets
- name: system
persistentVolumeClaim:
claimName: RELEASE-NAME-mastodon-system
- ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
name: tmp
3: |
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon
spec:
rules:
- host: mastodon.local
http:
paths:
- backend:
service:
name: RELEASE-NAME-mastodon-web
port:
number: 3000
path: /
pathType: Prefix
- backend:
service:
name: RELEASE-NAME-mastodon-streaming
port:
number: 4000
path: /api/v1/streaming
pathType: Prefix
tls:
- hosts:
- mastodon.local
secretName: mastodon-tls
4: |
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: web
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-web
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/component: web
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
app.kubernetes.io/part-of: rails
5: |
apiVersion: v1
data:
OTP_SECRET: ZHVtbXktb3RwX3NlY3JldA==
SECRET_KEY_BASE: ZHVtbXktc2VjcmV0X2tleV9iYXNl
VAPID_PRIVATE_KEY: ZHVtbXktdmFwaWQtcHJpdmF0ZV9rZXk=
VAPID_PUBLIC_KEY: ZHVtbXktdmFwaWQtcHVibGljX2tleQ==
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon
type: Opaque
6: |
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: mastodon
app.kubernetes.io/version: 4.5.6
helm.sh/chart: mastodon-1.2.3
name: RELEASE-NAME-mastodon-web
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/component: web
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: mastodon
type: ClusterIP
should match basic snapshot:
1: |
apiVersion: v1
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment