tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix broken dependencies in helm chart and allow using existing secrets in the chart (#18941)

Browse Source 
* Add ability to specify an existing Secret (#18139)

Closes #18139

* Allow using secrets with external postgres

* Upgrade CronJob to batch/v1

* Allow using redis.auth.existingSecret

* Helmignore mastodon-*.tgz for easy local development

* Upgrade helm dependencies

* Upgrade postgresql to 11

* Allow putting SMTP password into a secret

* Add optional login to SMTP secret

This to allow setting LOGIN either in values.yaml or
in the secret.

* Switch to bitnami charts full archive

This prevents older versions from disappearing, see
https://github.com/bitnami/charts/issues/10539 for
full context.

Co-authored-by: Ted Tramonte <ted.tramonte@gmail.com>
This commit is contained in:
Alex Nordlund
2022-08-10 17:12:58 +02:00
committed by GitHub
parent 041f87471f
commit 7ccf7a73f1
15 changed files with 183 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
chart/templates/_helpers.tpl
View File

@ -77,3 +77,53 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- define "mastodon.postgresql.fullname" -}}
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Get the mastodon secret.
*/}}
{{- define "mastodon.secretName" -}}
{{- if .Values.mastodon.secrets.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the postgresql secret.
*/}}
{{- define "mastodon.postgresql.secretName" -}}
{{- if (and (or .Values.postgresql.enabled .Values.postgresql.postgresqlHostname) .Values.postgresql.auth.existingSecret) }}
{{- printf "%s" (tpl .Values.postgresql.auth.existingSecret $) -}}
{{- else if .Values.postgresql.enabled -}}
{{- printf "%s-postgresql" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret.
*/}}
{{- define "mastodon.redis.secretName" -}}
{{- if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a mastodon secret object should be created
*/}}
{{- define "mastodon.createSecret" -}}
{{- if (or
(and .Values.mastodon.s3.enabled (not .Values.mastodon.s3.existingSecret))
(not .Values.mastodon.secrets.existingSecret )
(and (not .Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret))
) -}}
{{- true -}}
{{- end -}}
{{- end -}}

6
chart/templates/configmap-env.yaml
View File

@ -10,14 +10,14 @@ data:
{{- else }}
DB_HOST: {{ .Values.postgresql.postgresqlHostname }}
{{- end }}
DB_NAME: {{ .Values.postgresql.postgresqlDatabase }}
DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }}
DB_PORT: "5432"
DB_USER: {{ .Values.postgresql.postgresqlUsername }}
DB_USER: {{ .Values.postgresql.auth.username }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }}
ES_ENABLED: "true"
ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master
ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl
ES_PORT: "9200"
{{- end }}
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}

14
chart/templates/cronjob-media-remove.yaml
View File

@ -1,5 +1,5 @@
{{ if .Values.mastodon.cron.removeMedia.enabled }}
apiVersion: batch/v1beta1
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "mastodon.fullname" . }}-media-remove
@ -49,21 +49,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

25
chart/templates/deployment-sidekiq.yaml
View File

@ -70,22 +70,31 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
{{- if .Values.mastodon.smtp.existingSecret }}
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.smtp.existingSecret }}
key: login
optional: true
- name: "SMTP_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.smtp.existingSecret }}
key: password
{{- end -}}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts:
- name: assets

10
chart/templates/deployment-streaming.yaml
View File

@ -43,16 +43,12 @@ spec:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.streaming.port | quote }}

12
chart/templates/deployment-web.yaml
View File

@ -56,21 +56,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

12
chart/templates/job-assets-precompile.yaml
View File

@ -50,21 +50,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

12
chart/templates/job-chewy-upgrade.yaml
View File

@ -51,21 +51,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

12
chart/templates/job-create-admin.yaml
View File

@ -56,21 +56,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

12
chart/templates/job-db-migrate.yaml
View File

@ -50,21 +50,17 @@ spec:
- configMapRef:
name: {{ include "mastodon.fullname" . }}-env
- secretRef:
name: {{ template "mastodon.fullname" . }}
name: {{ template "mastodon.secretName" . }}
env:
- name: "DB_PASS"
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Release.Name }}-postgresql
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
name: {{ template "mastodon.postgresql.secretName" . }}
key: password
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-redis
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}

12
chart/templates/secrets.yaml
View File

@ -1,3 +1,4 @@
{{- if (include "mastodon.createSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
@ -7,9 +8,12 @@ metadata:
type: Opaque
data:
{{- if .Values.mastodon.s3.enabled }}
{{- if not .Values.mastodon.s3.existingSecret }}
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
{{- end }}
{{- end }}
{{- if not .Values.mastodon.secrets.existingSecret }}
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
{{- else }}
@ -30,6 +34,10 @@ data:
{{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}"
{{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}
postgresql-password: "{{ .Values.postgresql.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end -}}