diff --git a/charts/pixelfed/Chart.yaml b/charts/pixelfed/Chart.yaml index 7cccd03..e19c3bc 100644 --- a/charts/pixelfed/Chart.yaml +++ b/charts/pixelfed/Chart.yaml @@ -15,11 +15,11 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.7.0 +version: 0.8.0 # This is the version number of the application being deployed. # renovate:image=ghcr.io/mattlqx/docker-pixelfed -appVersion: "v0.12.3-nginx" +appVersion: "v0.12.4-nginx" maintainers: - name: "jessebot" diff --git a/charts/pixelfed/README.md b/charts/pixelfed/README.md index b7d04b9..5f575a7 100644 --- a/charts/pixelfed/README.md +++ b/charts/pixelfed/README.md @@ -1,6 +1,6 @@ # pixelfed -![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.12.3-nginx](https://img.shields.io/badge/AppVersion-v0.12.3--nginx-informational?style=flat-square) +![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.12.4-nginx](https://img.shields.io/badge/AppVersion-v0.12.4--nginx-informational?style=flat-square) A Helm chart for deploying Pixelfed on Kubernetes @@ -43,6 +43,7 @@ A Helm chart for deploying Pixelfed on Kubernetes | externalValkey.existingSecret | string | `""` | get valkey credentials from an existing Kubernetes Secret | | externalValkey.existingSecretKeys.host | string | `""` | key in existing Kubernetes Secret for host. If set, ignores externalValkey.host | | externalValkey.existingSecretKeys.password | string | `""` | key in existing Kubernetes Secret for password. If set, ignores externalValkey.password | +| externalValkey.existingSecretKeys.port | string | `""` | key in existing Kubernetes Secret for port. If set, ignores externalValkey.port | | externalValkey.host | string | `"valkey"` | | | externalValkey.password | string | `"null"` | | | externalValkey.port | string | `"6379"` | | diff --git a/charts/pixelfed/templates/configmap-env.yaml b/charts/pixelfed/templates/configmap-env.yaml index 91dca77..8b8e047 100644 --- a/charts/pixelfed/templates/configmap-env.yaml +++ b/charts/pixelfed/templates/configmap-env.yaml @@ -86,7 +86,28 @@ data: # mail MAIL_DRIVER: "{{ .Values.pixelfed.mail.driver }}" MAIL_ENCRYPTION: "{{ .Values.pixelfed.mail.encryption }}" + MAIL_FROM_ADDRESS: "{{ .Values.pixelfed.mail.from_address }}" + MAIL_FROM_NAME: "{{ .Values.pixelfed.mail.from_name }}" # database configuration DB_CONNECTION: {{ .Values.pixelfed.db.connection }} DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY: "{{ .Values.pixelfed.db.apply_new_migrations_automatically }}" + {{- if .Values.postgresql.enabled }} + DB_PORT: {{ .Values.postgresql.primary.service.ports.postgresql | quote }} + DB_HOST: {{ .Values.postgresql.fullnameOverride }} + DB_USERNAME: postgres + DB_DATABASE: postgres + {{- end }} + + # redis + {{- if .Values.valkey.enabled }} + REDIS_HOST: {{ printf "%s-primary" (.Values.valkey.fullnameOverride) }} + {{- else if and .Values.externalValkey.enabled (not .Values.externalValkey.existingSecret) (not .Values.externalValkey.existingSecretKeys.host) }} + REDIS_HOST: {{ .Values.externalValkey.port | quote }} + {{- end }} + + {{- if .Values.valkey.enabled }} + REDIS_PORT: {{ .Values.valkey.primary.service.ports.valkey | quote }} + {{- else if .Values.externalValkey.enabled (not .Values.externalValkey.existingSecret) (not .Values.externalValkey.existingSecretKeys.port) }} + REDIS_PORT: {{ .Values.externalValkey.port | quote }} + {{- end }} diff --git a/charts/pixelfed/templates/configmap.yaml b/charts/pixelfed/templates/configmap.yaml deleted file mode 100644 index 4a9da0a..0000000 --- a/charts/pixelfed/templates/configmap.yaml +++ /dev/null @@ -1,116 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: pixelfed-env -data: - env: |- - # app config vars - APP_NAME={{ .Values.pixelfed.app.name }} - APP_ENV={{ .Values.pixelfed.app.env }} - APP_PORT={{ .Values.service.targetPort }} - APP_URL={{ .Values.pixelfed.app.url }} - APP_LOCALE={{ .Values.pixelfed.app.locale }} - {{- with .Values.pixelfed.app.domain }} - APP_DOMAIN={{ . }} - {{- end }} - - # registration related env vars - OPEN_REGISTRATION={{ .Values.pixelfed.open_registration | quote }} - ENFORCE_EMAIL_VERIFICATION={{ .Values.pixelfed.enforce_email_verification | quote }} - ACCOUNT_DELETION={{ .Values.pixelfed.account_deletion | quote }} - OAUTH_ENABLED={{ .Values.pixelfed.oauth_enabled | quote }} - - MIN_PASSWORD_LENGTH={{ .Values.pixelfed.min_password_length | quote }} - MAX_ACCOUNT_SIZE={{ .Values.pixelfed.max_account_size | quote }} - MAX_PHOTO_SIZE={{ .Values.pixelfed.max_photo_size | quote }} - MAX_AVATAR_SIZE={{ .Values.pixelfed.max_avatar_size | quote }} - MAX_CAPTION_LENGTH={{ .Values.pixelfed.max_caption_length | quote }} - MAX_BIO_LENGTH={{ .Values.pixelfed.max_bio_length | quote }} - MAX_NAME_LENGTH={{ .Values.pixelfed.max_name_length | quote }} - MAX_ALBUM_LENGTH={{ .Values.pixelfed.max_album_length | quote }} - FORCE_HTTPS_URLS={{ .Values.pixelfed.force_https_urls | quote }} - - # misc - STORIES_ENABLED={{ .Values.pixelfed.stories_enabled | quote }} - ENABLE_CONFIG_CACHE={{ .Values.pixelfed.enable_config_cache | quote }} - IMAGE_QUALITY={{ .Values.pixelfed.image_quality | quote }} - - # instance wide configuration - INSTANCE_DESCRIPTION={{ .Values.pixelfed.instance.description }} - INSTANCE_CONTACT_FORM={{ .Values.pixelfed.instance.contact_form | quote }} - INSTANCE_DISCOVER_PUBLIC={{ .Values.pixelfed.instance.discover_public | quote }} - INSTANCE_PUBLIC_HASHTAGS={{ .Values.pixelfed.instance.public_hashtags | quote }} - {{- with .Values.pixelfed.instance.contact_email }} - INSTANCE_CONTACT_EMAIL={{ .Values.pixelfed.instance.contact_email }} - {{- end }} - INSTANCE_PROFILE_EMBEDS={{ .Values.pixelfed.instance.profile_embeds | quote }} - INSTANCE_POST_EMBEDS={{ .Values.pixelfed.instance.post_embeds | quote }} - INSTANCE_REPORTS_EMAIL_ENABLED={{ .Values.pixelfed.instance.reports.email_enabled | quote }} - {{- with .Values.pixelfed.instance.reports.email_addresses }} - INSTANCE_REPORTS_EMAIL_ADDRESSES={{ join "," . }} - {{- end }} - INSTANCE_REPORTS_EMAIL_AUTOSPAM={{ .Values.pixelfed.instance.reports.email_autospam | quote }} - INSTANCE_LANDING_SHOW_DIRECTORY={{ .Values.pixelfed.instance.landing.show_directory | quote }} - INSTANCE_LANDING_SHOW_EXPLORE={{ .Values.pixelfed.instance.landing.show_explore | quote }} - INSTANCE_CUR_REG={{ .Values.pixelfed.instance.cur_reg | quote }} - INSTANCE_SHOW_PEERS={{ .Values.pixelfed.instance.show_peers | quote }} - - # pixelfed config - PF_HIDE_NSFW_ON_PUBLIC_FEEDS={{ .Values.pixelfed.pf.hide_nsfw_on_public_feeds | quote }} - PF_LOCAL_AVATAR_TO_CLOUD={{ .Values.pixelfed.pf.local_avatar_to_cloud | quote }} - PF_ADMIN_INVITES_ENABLED={{ .Values.pixelfed.pf.admin_invites_enabled | quote }} - PF_MAX_USER_BLOCKS={{ .Values.pixelfed.pf.max_user_blocks | quote }} - PF_MAX_USER_MUTES={{ .Values.pixelfed.pf.max_user_mutes | quote }} - PF_MAX_DOMAIN_BLOCKS={{ .Values.pixelfed.pf.max_domain_blocks | quote }} - PF_ENABLE_CLOUD={{ .Values.pixelfed.pf.enable_cloud | quote }} - PF_MAX_USERS={{ .Values.pixelfed.pf.max_users | quote }} - PF_ENFORCE_MAX_USERS={{ .Values.pixelfed.pf.enforce_max_users | quote }} - PF_OPTIMIZE_IMAGES={{ .Values.pixelfed.pf.optimize_images | quote }} - PF_OPTIMIZE_VIDEOS={{ .Values.pixelfed.pf.optimize_videos | quote }} - PF_MAX_COLLECTION_LENGTH={{ .Values.pixelfed.pf.max_collection_length | quote }} - - # Laravel Configuration - SESSION_DRIVER="redis" - CACHE_DRIVER="redis" - QUEUE_DRIVER="redis" - BROADCAST_DRIVER="log" - LOG_CHANNEL="stack" - HORIZON_PREFIX="horizon-" - - # activity pub - ACTIVITY_PUB={{ .Values.pixelfed.activity_pub.enabled | quote }} - AP_REMOTE_FOLLOW={{ .Values.pixelfed.activity_pub.remote_follow | quote }} - AP_SHAREDINBOX={{ .Values.pixelfed.activity_pub.sharedinbox | quote }} - AP_INBOX={{ .Values.pixelfed.activity_pub.inbox | quote }} - AP_OUTBOX={{ .Values.pixelfed.activity_pub.outbox | quote }} - - # redis - {{- with .Values.externalValkey.host }} - REDIS_HOST={{ . }} - {{- end }} - {{- with .Values.externalValkey.port }} - REDIS_PORT={{ . }} - {{- end }} - {{- with .Values.externalValkey.password }} - REDIS_PASSWORD={{ . }} - {{- end }} - - # mail - MAIL_DRIVER="smtp" - MAIL_HOST="smtp.mailgun.org" - MAIL_PORT="587" - MAIL_FROM_ADDRESS="__CHANGE_ME__" - MAIL_FROM_NAME="${APP_NAME}" - MAIL_USERNAME="" - MAIL_PASSWORD="" - MAIL_ENCRYPTION="tls" - - # db - DB_CONNECTION="pgsql" - DB_HOST="db" - DB_USERNAME="pixelfed" - DB_PASSWORD= - DB_DATABASE="pixelfed_prod" - DB_PORT="3306" - DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="false" diff --git a/charts/pixelfed/templates/deployment.yaml b/charts/pixelfed/templates/deployment.yaml index edd8ffa..1c99ad4 100644 --- a/charts/pixelfed/templates/deployment.yaml +++ b/charts/pixelfed/templates/deployment.yaml @@ -28,12 +28,16 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "pixelfed.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} + {{- with .Values.securityContext }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: @@ -44,35 +48,42 @@ spec: - configMapRef: name: {{ include "pixelfed.fullname" . }}-env env: - # redis + # valkey AKA redis + {{- if and .Values.externalValkey.enabled .Values.externalValkey.existingSecretKeys.host }} - name: REDIS_HOST - {{- if .Values.externalValkey.existingSecret }} valueFrom: secretKeyRef: + {{- if and .Values.externalValkey.existingSecret .Values.externalValkey.existingSecretKeys.host }} name: {{ .Values.externalValkey.existingSecret }} key: {{ .Values.externalValkey.existingSecretKeys.host }} - {{- else }} - value: {{ printf "%s-primary" (.Values.valkey.fullnameOverride) }} - {{- end }} + {{- else }} + name: {{ include "pixelfed.fullname" . }}-valkey + key: host + {{- end }} + {{- end }} + + {{- if and .Values.externalValkey.enabled .Values.externalValkey.existingSecret .Values.externalValkey.existingSecretKeys.port }} - name: REDIS_PORT - {{- if .Values.externalValkey }} - {{- if .Values.externalValkey.existingSecret }} valueFrom: secretKeyRef: + {{- if and .Values.externalValkey.existingSecret .Values.externalValkey.existingSecretKeys.port }} name: {{ .Values.externalValkey.existingSecret }} key: {{ .Values.externalValkey.existingSecretKeys.port }} - {{- else }} - value: {{ .Values.externalValkey.port | quote }} - {{- end }} - {{- else }} - value: {{ .Values.valkey.primary.service.ports.valkey | quote }} - {{- end }} + {{- else }} + name: {{ include "pixelfed.fullname" . }}-valkey + key: port + {{- end }} + {{- end }} + - name: REDIS_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.externalValkey.existingSecret }} + {{- if and .Values.externalValkey.enabled .Values.externalValkey.existingSecret }} name: {{ .Values.externalValkey.existingSecret }} key: {{ .Values.externalValkey.existingSecretKeys.password }} + {{- else if and .Values.externalValkey.enabled (not .Values.externalValkey.existingSecret) }} + name: {{ include "pixelfed.fullname" . }}-valkey + key: password {{- else if .Values.valkey.auth.existingSecret }} name: {{ .Values.valkey.auth.existingSecret }} key: password @@ -89,7 +100,7 @@ spec: name: {{ .Values.pixelfed.mail.existingSecret }} key: {{ .Values.pixelfed.mail.existingSecretKeys.host }} {{- else }} - name: pixelfed-mail + name: {{ include "pixelfed.fullname" . }}-mail key: host {{- end }} - name: MAIL_PORT @@ -99,13 +110,9 @@ spec: name: {{ .Values.pixelfed.mail.existingSecret }} key: {{ .Values.pixelfed.mail.existingSecretKeys.port }} {{- else }} - name: pixelfed-mail + name: {{ include "pixelfed.fullname" . }}-mail key: port {{- end }} - - name: MAIL_FROM_ADDRESS - value: "{{ .Values.pixelfed.mail.from_address }}" - - name: MAIL_FROM_NAME - value: "{{ .Values.pixelfed.mail.from_name }}" - name: MAIL_USERNAME valueFrom: secretKeyRef: @@ -113,7 +120,7 @@ spec: name: {{ .Values.pixelfed.mail.existingSecret }} key: {{ .Values.pixelfed.mail.existingSecretKeys.username }} {{- else }} - name: pixelfed-mail + name: {{ include "pixelfed.fullname" . }}-mail key: username {{- end }} - name: MAIL_PASSWORD @@ -123,35 +130,63 @@ spec: name: {{ .Values.pixelfed.mail.existingSecret }} key: {{ .Values.pixelfed.mail.existingSecretKeys.password }} {{- else }} - name: pixelfed-mail + name: {{ include "pixelfed.fullname" . }}-mail key: password {{- end }} # database configuration + {{- if .Values.externalDatabase.enabled }} - name: DB_HOST - {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.existingSecret }} valueFrom: secretKeyRef: + {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecretKeys.host }} name: {{ .Values.externalDatabase.existingSecret }} key: {{ .Values.externalDatabase.existingSecretKeys.host }} - {{- else if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecret) }} - value: {{ .Values.externalDatabase.host }} - {{- else }} - value: {{ .Values.postgresql.fullnameOverride }} - {{- end }} + {{- else if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecretKeys.host) }} + name: {{ include "pixelfed.fullname" . }}-database + key: host + {{- end }} + {{- end }} + + {{- if .Values.externalDatabase.enabled }} - name: DB_USERNAME - {{- if .Values.externalDatabase.enabled }} - {{- if .Values.externalDatabase.existingSecret }} valueFrom: secretKeyRef: + {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecretKeys.username }} name: {{ .Values.externalDatabase.existingSecret }} key: {{ .Values.externalDatabase.existingSecretKeys.username }} - {{- else }} - value: {{ .Values.externalDatabase.username }} + {{- else if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecretKeys.username) }} + name: {{ include "pixelfed.fullname" . }}-database + key: username + {{- end }} {{- end }} - {{- else }} - value: postgres + + {{- if .Values.externalDatabase.enabled }} + - name: DB_DATABASE + valueFrom: + secretKeyRef: + {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecretKeys.database }} + name: {{ .Values.externalDatabase.existingSecret }} + key: {{ .Values.externalDatabase.existingSecretKeys.database }} + {{- else if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecretKeys.database) }} + name: {{ include "pixelfed.fullname" . }}-database + key: database + {{- end }} {{- end }} + + {{- if .Values.externalDatabase.enabled }} + - name: DB_PORT + valueFrom: + secretKeyRef: + {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecretKeys.port }} + name: {{ .Values.externalDatabase.existingSecret }} + key: {{ .Values.externalDatabase.existingSecretKeys.port }} + {{- else if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecretKeys.port) }} + name: {{ include "pixelfed.fullname" . }}-database + key: port + {{- end }} + {{- end }} + - name: DB_PASSWORD {{- if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecret) }} value: {{ .Values.externalDatabase.password }} @@ -169,28 +204,6 @@ spec: key: postgres-password {{- end }} {{- end }} - - name: DB_DATABASE - {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.existingSecret }} - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret }} - key: {{ .Values.externalDatabase.existingSecretKeys.database }} - {{- else if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecret) }} - value: {{ .Values.externalDatabase.database }} - {{- else }} - value: postgres - {{- end }} - - name: DB_PORT - {{- if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecret) }} - value: {{ .Values.externalDatabase.port }} - {{- else if and .Values.externalDatabase.enabled .Values.externalDatabase.existingSecret }} - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret }} - key: {{ .Values.externalDatabase.existingSecretKeys.port }} - {{- else }} - value: {{ .Values.postgresql.primary.service.ports.postgresql | quote }} - {{- end }} {{- with .Values.livenessProbe }} livenessProbe: diff --git a/charts/pixelfed/templates/secret_database.yaml b/charts/pixelfed/templates/secret_database.yaml index 16ee3de..776fc11 100644 --- a/charts/pixelfed/templates/secret_database.yaml +++ b/charts/pixelfed/templates/secret_database.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.externalDatabase.enabled ( not .Values.externalDatabase.existingSecret ) }} +{{- if and .Values.externalDatabase.enabled (not .Values.externalDatabase.existingSecret) }} --- apiVersion: v1 kind: Secret metadata: - name: pixelfed-database + name: {{ include "pixelfed.fullname" . }}-database data: host: {{ .Values.externalDatabase.host | b64enc }} port: {{ .Values.externalDatabase.port | quote | b64enc }} diff --git a/charts/pixelfed/templates/secret_mail.yaml b/charts/pixelfed/templates/secret_mail.yaml index bf8c481..d91618e 100644 --- a/charts/pixelfed/templates/secret_mail.yaml +++ b/charts/pixelfed/templates/secret_mail.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: - name: pixelfed-mail + name: {{ include "pixelfed.fullname" . }}-mail data: host: {{ .Values.pixelfed.mail.host | b64enc }} port: {{ .Values.pixelfed.mail.port | quote | b64enc}} diff --git a/charts/pixelfed/templates/secret_valkey.yaml b/charts/pixelfed/templates/secret_valkey.yaml index cd55d57..9c96ab7 100644 --- a/charts/pixelfed/templates/secret_valkey.yaml +++ b/charts/pixelfed/templates/secret_valkey.yaml @@ -1,11 +1,17 @@ -{{- if and .Values.externalValkey.enabled ( not .Values.externalValkey.existingSecret ) }} +{{- if and .Values.externalValkey.enabled (not .Values.externalValkey.existingSecret) (or .Values.externalValkey.existingSecretKeys.password .Values.externalValkey.existingSecretKeys.port .Values.externalValkey.existingSecretKeys.host ) }} --- apiVersion: v1 kind: Secret metadata: - name: pixelfed-valkey + name: {{ include "pixelfed.fullname" . }}-valkey data: + {{- if not .Values.externalValkey.existingSecretKeys.host }} host: {{ .Values.externalValkey.host | b64enc }} + {{- end }} + {{- if not .Values.externalValkey.existingSecretKeys.port }} port: {{ .Values.externalValkey.port | quote | b64enc }} + {{- end }} + {{- if not .Values.externalValkey.existingSecretKeys.password }} password: {{ .Values.externalValkey.password | b64enc }} + {{- end }} {{- end }} diff --git a/charts/pixelfed/values.yaml b/charts/pixelfed/values.yaml index b7b06cf..bcf54c4 100644 --- a/charts/pixelfed/values.yaml +++ b/charts/pixelfed/values.yaml @@ -173,6 +173,8 @@ externalValkey: existingSecretKeys: # -- key in existing Kubernetes Secret for host. If set, ignores externalValkey.host host: "" + # -- key in existing Kubernetes Secret for port. If set, ignores externalValkey.port + port: "" # -- key in existing Kubernetes Secret for password. If set, ignores externalValkey.password password: ""