tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix broken dependencies in helm chart and allow using existing secrets in the chart (#18941)

Browse Source 
* Add ability to specify an existing Secret (#18139)

Closes #18139

* Allow using secrets with external postgres

* Upgrade CronJob to batch/v1

* Allow using redis.auth.existingSecret

* Helmignore mastodon-*.tgz for easy local development

* Upgrade helm dependencies

* Upgrade postgresql to 11

* Allow putting SMTP password into a secret

* Add optional login to SMTP secret

This to allow setting LOGIN either in values.yaml or
in the secret.

* Switch to bitnami charts full archive

This prevents older versions from disappearing, see
https://github.com/bitnami/charts/issues/10539 for
full context.

Co-authored-by: Ted Tramonte <ted.tramonte@gmail.com>
This commit is contained in:
Alex Nordlund
2022-08-10 17:12:58 +02:00
committed by GitHub
parent 041f87471f
commit 7ccf7a73f1
15 changed files with 183 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
chart/values.yaml
View File

@ -48,6 +48,9 @@ mastodon:
enabled: false
access_key: ""
access_secret: ""
# you can also specify the name of an existing Secret
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
existingSecret: ""
bucket: ""
endpoint: https://us-east-1.linodeobjects.com
hostname: us-east-1.linodeobjects.com
@ -61,6 +64,10 @@ mastodon:
vapid:
private_key: ""
public_key: ""
# you can also specify the name of an existing Secret
# with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
existingSecret: ""
sidekiq:
concurrency: 25
smtp:
@ -70,13 +77,16 @@ mastodon:
domain:
enable_starttls_auto: true
from_address: notifications@example.com
login:
openssl_verify_mode: peer
password:
port: 587
reply_to:
server: smtp.mailgun.org
tls: false
login:
password:
# you can also specify the name of an existing Secret
# with the keys login and password
existingSecret:
streaming:
port: 4000
# this should be set manually since os.cpus() returns the number of CPUs on
@ -127,18 +137,26 @@ postgresql:
# must match those of that external postgres instance
enabled: true
# postgresqlHostname: preexisting-postgresql
postgresqlDatabase: mastodon_production
# you must set a password; the password generated by the postgresql chart will
# be rotated on each upgrade:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
postgresqlPassword: ""
postgresqlUsername: postgres
auth:
database: mastodon_production
username: postgres
# you must set a password; the password generated by the postgresql chart will
# be rotated on each upgrade:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
password: ""
# you can also specify the name of an existing Secret
# with a key of postgres-password set to the password you want
existingSecret: ""
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis:
# you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# auth:
# existingSecret: ""
service:
type: ClusterIP
@ -157,45 +175,45 @@ externalAuth:
# client_secret: SECRETKEY
# redirect_uri: https://example.com/auth/auth/openid_connect/callback
# assume_email_is_verified: true
# client_auth_method:
# response_type:
# response_mode:
# display:
# prompt:
# send_nonce:
# send_scope_to_token_endpoint:
# idp_logout_redirect_uri:
# http_scheme:
# host:
# port:
# jwks_uri:
# auth_endpoint:
# token_endpoint:
# user_info_endpoint:
# end_session_endpoint:
# client_auth_method:
# response_type:
# response_mode:
# display:
# prompt:
# send_nonce:
# send_scope_to_token_endpoint:
# idp_logout_redirect_uri:
# http_scheme:
# host:
# port:
# jwks_uri:
# auth_endpoint:
# token_endpoint:
# user_info_endpoint:
# end_session_endpoint:
saml:
enabled: false
# acs_url: http://mastodon.example.com/auth/auth/saml/callback
# issuer: mastodon
# idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
# idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
# idp_cert_fingerprint:
# idp_cert_fingerprint:
# name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
# cert:
# private_key:
# cert:
# private_key:
# want_assertion_signed: true
# want_assertion_encrypted: true
# assume_email_is_verified: true
# uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
# attributes_statements:
# attributes_statements:
# uid: "urn:oid:0.9.2342.19200300.100.1.1"
# email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
# full_name: "urn:oid:2.16.840.1.113730.3.1.241"
# first_name: "urn:oid:2.5.4.42"
# last_name: "urn:oid:2.5.4.4"
# verified:
# verified_email:
oauth_global:
# verified:
# verified_email:
oauth_global:
# Force redirect local login to CAS. Does not function with SAML or LDAP.
oauth_redirect_at_sign_in: false
cas:
@ -204,15 +222,15 @@ externalAuth:
# host: sso.myserver.com
# port: 443
# ssl: true
# validate_url:
# callback_url:
# logout_url:
# login_url:
# validate_url:
# callback_url:
# logout_url:
# login_url:
# uid_field: 'user'
# ca_path:
# ca_path:
# disable_ssl_verification: false
# assume_email_is_verified: true
# keys:
# keys:
# uid: 'user'
# name: 'name'
# email: 'email'
@ -222,7 +240,7 @@ externalAuth:
# location: 'location'
# image: 'image'
# phone: 'phone'
pam:
pam:
enabled: false
# email_domain: example.com
# default_service: rpam
@ -232,9 +250,9 @@ externalAuth:
# host: myservice.namespace.svc
# port: 389
# method: simple_tls
# base:
# bind_on:
# password:
# base:
# bind_on:
# password:
# uid: cn
# mail: mail
# search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"