small-hack
diff --git a/‎charts/mastodon/Chart.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/mastodon/Chart.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/mastodon/README.md‎
Lines changed: 92 additions & 10 deletions b/‎charts/mastodon/README.md‎
Lines changed: 92 additions & 10 deletions
diff --git a/‎charts/mastodon/templates/_db-migrate.tpl‎
Lines changed: 115 additions & 0 deletions b/‎charts/mastodon/templates/_db-migrate.tpl‎
Lines changed: 115 additions & 0 deletions
diff --git a/‎charts/mastodon/templates/_helpers.tpl‎
Lines changed: 86 additions & 0 deletions b/‎charts/mastodon/templates/_helpers.tpl‎
Lines changed: 86 additions & 0 deletions
diff --git a/‎charts/mastodon/templates/_secrets.tpl‎
Lines changed: 72 additions & 0 deletions b/‎charts/mastodon/templates/_secrets.tpl‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎charts/mastodon/templates/_statsd.yaml‎
Lines changed: 54 additions & 0 deletions b/‎charts/mastodon/templates/_statsd.yaml‎
Lines changed: 54 additions & 0 deletions
@@ -9,7 +9,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 10.1.3
+version: 11.0.0
 
 # renovate: image=ghcr.io/mastodon/mastodon
 appVersion: v4.4.4
 
@@ -0,0 +1,115 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Spec template for DB migration pre- and post-install/upgrade jobs.
+*/}}
+{{- define "mastodon.dbMigrateJob" -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  {{- if .prepare }}
+  name: {{ include "mastodon.fullname" . }}-db-prepare
+  {{- else if .preDeploy }}
+  name: {{ include "mastodon.fullname" . }}-db-pre-migrate
+  {{- else }}
+  name: {{ include "mastodon.fullname" . }}-db-post-migrate
+  {{- end }}
+  labels:
+    {{- include "mastodon.labels" . | nindent 4 }}
+  annotations:
+    {{- if .prepare }}
+    "helm.sh/hook": pre-install
+    {{- else if .preDeploy }}
+    "helm.sh/hook": pre-upgrade
+    {{- else }}
+    "helm.sh/hook": post-install,post-upgrade
+    {{- end }}
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    {{- if .prepare }}
+    "helm.sh/hook-weight": "-3"
+    {{- else }}
+    "helm.sh/hook-weight": "-2"
+    {{- end }}
+spec:
+  template:
+    metadata:
+      name: {{ include "mastodon.fullname" . }}-db-migrate
+      {{- with .Values.jobAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: {{ include "mastodon.fullname" . }}-db-migrate
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - bundle
+            - exec
+            - rake
+            {{- if .prepare }}
+            - db:prepare
+            {{- else }}
+            - db:migrate
+            {{- end }}
+          envFrom:
+            - secretRef:
+                {{- if and .prepare (not .Values.mastodon.secrets.existingSecret) }}
+                name: {{ template "mastodon.secretName" . }}-prepare
+                {{- else }}
+                name: {{ template "mastodon.secretName" . }}
+                {{- end }}
+          env:
+            - name: "DB_HOST"
+              value: {{ template "mastodon.postgres.direct.host" . }}
+            - name: "DB_PORT"
+              value: {{ template "mastodon.postgres.direct.port" . }}
+            - name: "DB_NAME"
+              value: {{ template "mastodon.postgres.direct.database" . }}
+            - name: "DB_USER"
+              value: {{ .Values.postgresql.auth.username }}
+            - name: "DB_PASS"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "mastodon.postgresql.secretName" . }}
+                  key: password
+            - name: "REDIS_HOST"
+              value: {{ template "mastodon.redis.host" . }}
+            - name: "REDIS_PORT"
+              value: {{ .Values.redis.port | default "6379" | quote }}
+            {{- if .Values.redis.sidekiq.enabled }}
+            {{- if .Values.redis.sidekiq.hostname }}
+            - name: SIDEKIQ_REDIS_HOST
+              value: {{ .Values.redis.sidekiq.hostname }}
+            {{- end }}
+            {{- if .Values.redis.sidekiq.port }}
+            - name: SIDEKIQ_REDIS_PORT
+              value: {{ .Values.redis.sidekiq.port | quote }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.redis.cache.enabled }}
+            {{- if .Values.redis.cache.hostname }}
+            - name: CACHE_REDIS_HOST
+              value: {{ .Values.redis.cache.hostname }}
+            {{- end }}
+            {{- if .Values.redis.cache.port }}
+            - name: CACHE_REDIS_PORT
+              value: {{ .Values.redis.cache.port | quote }}
+            {{- end }}
+            {{- end }}
+            - name: "REDIS_DRIVER"
+              value: "ruby"
+            - name: "REDIS_PASSWORD"
+              valueFrom:
+                secretKeyRef:
+                  {{- if and (.prepare) (not .Values.redis.enabled) (not .Values.redis.auth.existingSecret) (not .Values.redis.existingSecret) (.Values.redis.auth.password) }}
+                  name: {{ template "mastodon.redis.secretName" . }}-pre-install
+                  {{- else }}
+                  name: {{ template "mastodon.redis.secretName" . }}
+                  {{- end }}
+                  key: redis-password
+          {{- if .preDeploy }}
+            - name: "SKIP_POST_DEPLOYMENT_MIGRATIONS"
+              value: "true"
+          {{- end }}
+{{- end }}
@@ -30,6 +30,16 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+
+{{/*
+Labels added on every Mastodon resource
+*/}}
+{{- define "mastodon.globalLabels" -}}
+{{- range $k, $v := .Values.mastodon.labels }}
+{{ $k }}: {{ quote $v }}
+{{- end -}}
+{{- end }}
+
 {{/*
 Common labels
 */}}
@@ -110,6 +120,60 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Establish which values we will use for remote connections
+*/}}
+{{- define "mastodon.postgres.host" -}}
+{{- if .Values.postgresql.enabled }}
+{{- printf "%s" (include "mastodon.postgresql.fullname" .) -}}
+{{- else }}
+{{- printf "%s" (required "When the postgresql chart is disabled .Values.postgresql.postgresqlHostname is required" .Values.postgresql.postgresqlHostname) -}}
+{{- end }}
+{{- end }}
+
+{{- define "mastodon.postgres.port" -}}
+{{- if .Values.postgresql.enabled }}
+{{- printf "%d" 5432 | int | quote -}}
+{{- else }}
+{{- printf "%d" | default 5432 .Values.postgresql.postgresqlPort | int | quote -}}
+{{- end }}
+{{- end }}
+
+{{/*
+Establish which values we will use for direct remote DB connections
+*/}}
+{{- define "mastodon.postgres.direct.host" -}}
+{{- if .Values.postgresql.direct.hostname }}
+{{- printf "%s" .Values.postgresql.direct.hostname -}}
+{{- else }}
+{{- printf "%s" (include "mastodon.postgres.host" .) -}}
+{{- end }}
+{{- end }}
+
+{{- define "mastodon.postgres.direct.port" -}}
+{{- if .Values.postgresql.direct.port }}
+{{- printf "%d" (int .Values.postgresql.direct.port) | quote -}}
+{{- else }}
+{{- printf "%s" (include "mastodon.postgres.port" .) -}}
+{{- end }}
+{{- end }}
+
+{{- define "mastodon.postgres.direct.database" -}}
+{{- if .Values.postgresql.direct.database }}
+{{- printf "%s" .Values.postgresql.direct.database -}}
+{{- else }}
+{{- printf "%s" .Values.postgresql.auth.database -}}
+{{- end }}
+{{- end }}
+
+{{- define "mastodon.redis.host" -}}
+{{- if .Values.redis.enabled }}
+{{- printf "%s-%s" (include "mastodon.redis.fullname" .) "master" -}}
+{{- else }}
+{{- printf "%s" (required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname) -}}
+{{- end }}
+{{- end }}
+
 {{/*
 Get the mastodon secret.
 */}}
@@ -132,6 +196,15 @@ Get the smtp secret.
 {{- end -}}
 {{- end -}}
 
+
+{{- define "mastodon.smtp.bulk.secretName" -}}
+{{- if .Values.mastodon.smtp.bulk.existingSecret }}
+    {{- printf "%s" (tpl .Values.mastodon.smtp.bulk.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s-smtp-bulk" (include "mastodon.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Get the postgresql secret.
 */}}
@@ -214,3 +287,16 @@ Find highest number of needed database connections to set DB_POOL variable
 {{- end }}
 {{- $poolSize | quote }}
 {{- end }}
+
+{{/*
+Full hostname for a custom Elasticsearch cluster
+*/}}
+{{- define "mastodon.elasticsearch.fullHostname" -}}
+{{- if not .Values.elasticsearch.enabled }}
+    {{- if .Values.elasticsearch.tls }}
+        {{- printf "https://%s" (tpl .Values.elasticsearch.hostname $) -}}
+    {{- else -}}
+        {{- printf "%s" (tpl .Values.elasticsearch.hostname $) -}}
+    {{- end }}
+{{- end -}}
+{{- end -}}
@@ -0,0 +1,72 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Spec template for mastodon secrets object.
+*/}}
+{{- define "mastodon.secrets.object" -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  {{- if .prepare }}
+  name: {{ template "mastodon.fullname" . }}-prepare
+  {{- else }}
+  name: {{ template "mastodon.fullname" . }}
+  {{- end }}
+  labels:
+    {{- include "mastodon.labels" . | nindent 4 }}
+  annotations:
+    {{- if .prepare }}
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    "helm.sh/hook-weight": "-3"
+    {{- end }}
+type: Opaque
+data:
+  {{- if .Values.mastodon.s3.enabled }}
+  {{- if not .Values.mastodon.s3.existingSecret }}
+  AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
+  AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
+  {{- end }}
+  {{- end }}
+  {{- if not .Values.mastodon.secrets.existingSecret }}
+  {{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
+  SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
+  {{- else }}
+  SECRET_KEY_BASE: {{ required "secret_key_base is required" .Values.mastodon.secrets.secret_key_base }}
+  {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.otp_secret) }}
+  OTP_SECRET: "{{ .Values.mastodon.secrets.otp_secret | b64enc }}"
+  {{- else }}
+  OTP_SECRET: {{ required "otp_secret is required" .Values.mastodon.secrets.otp_secret }}
+  {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.vapid.private_key) }}
+  VAPID_PRIVATE_KEY: "{{ .Values.mastodon.secrets.vapid.private_key | b64enc }}"
+  {{- else }}
+  VAPID_PRIVATE_KEY: {{ required "vapid.private_key is required" .Values.mastodon.secrets.vapid.private_key }}
+  {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.vapid.public_key) }}
+  VAPID_PUBLIC_KEY: "{{ .Values.mastodon.secrets.vapid.public_key | b64enc }}"
+  {{- else }}
+  VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
+  {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
+  ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
+  {{- else }}
+  ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
+  {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
+  ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
+  {{- else }}
+  ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
+  {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
+  ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
+  {{- else }}
+  ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
+  {{- end }}
+  {{- end }}
+  {{- if not .Values.postgresql.enabled }}
+  {{- if not .Values.postgresql.auth.existingSecret }}
+  password: "{{ .Values.postgresql.auth.password | b64enc }}"
+  {{- end }}
+  {{- end }}
+{{- end }}
@@ -0,0 +1,54 @@
+{{/*
+  The exporter container attached to every Mastodon pod
+*/}}
+
+{{- define "mastodon.statsdExporterContainer" }}
+{{- with .Values.mastodon.metrics.statsd }}
+{{- if and .exporter.enabled (not .address) }}
+- name: statsd-exporter
+  image: prom/statsd-exporter
+  args:
+    - "--statsd.mapping-config=/statsd-mappings/mastodon.yml"
+  resources:
+    requests:
+      cpu: "0.1"
+      memory: "180M"
+    limits:
+      cpu: "0.5"
+      memory: "250M"
+  ports:
+    - name: statsd
+      containerPort: {{ .exporter.port }}
+  volumeMounts:
+    - name: statsd-mappings
+      mountPath: /statsd-mappings
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+  The volume needed for the container above
+*/}}
+{{- define "mastodon.statsdExporterVolume" }}
+{{- with .Values.mastodon.metrics.statsd }}
+{{- if and .exporter.enabled (not .address) }}
+- name: statsd-mappings
+  configMap:
+    name: {{ include "mastodon.fullname" $ }}-statsd-mappings
+    items:
+      - key: mastodon-statsd-mappings.yml
+        path: mastodon.yml
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+  Labels added to every statsd_exporter-enabled pod
+*/}}
+{{- define "mastodon.statsdExporterLabels" }}
+{{- with .Values.mastodon.metrics.statsd }}
+{{- if and .exporter.enabled (not .address) }}
+mastodon/statsd-exporter: "true"
+{{- end }}
+{{- end }}
+{{- end }}