helm: add support for S3 storage (#15748)

This commit is contained in:
Alex Dunn 2021-02-19 00:52:32 -08:00 committed by GitHub
parent e31ed27485
commit fca4fd1daa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 55 additions and 4 deletions

View file

@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.0.0 version: 1.1.0
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to

View file

@ -24,7 +24,6 @@ The variables that _must_ be configured are:
Currently this chart does _not_ support: Currently this chart does _not_ support:
- Hidden services - Hidden services
- S3/Minio/GCS
- Single Sign-On - Single Sign-On
- Swift - Swift
- configurations using `WEB_DOMAIN` - configurations using `WEB_DOMAIN`

View file

@ -27,6 +27,16 @@ data:
RAILS_ENV: "production" RAILS_ENV: "production"
REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master
REDIS_PORT: "6379" REDIS_PORT: "6379"
{{- if .Values.mastodon.s3.enabled }}
S3_BUCKET: {{ .Values.mastodon.s3.bucket }}
S3_ENABLED: "true"
S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
S3_PROTOCOL: "https"
{{- if .Values.mastodon.s3.region }}
S3_REGION: {{ .Values.mastodon.s3.region }}
{{- end }}
{{- end }}
{{- if .Values.mastodon.smtp.auth_method }} {{- if .Values.mastodon.smtp.auth_method }}
SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }} SMTP_AUTH_METHOD: {{ .Values.mastodon.smtp.auth_method }}
{{- end }} {{- end }}

View file

@ -14,6 +14,7 @@ spec:
name: {{ include "mastodon.fullname" . }}-media-remove name: {{ include "mastodon.fullname" . }}-media-remove
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only # ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce # required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@ -35,6 +36,7 @@ spec:
- name: system - name: system
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers: containers:
- name: {{ include "mastodon.fullname" . }}-media-remove - name: {{ include "mastodon.fullname" . }}-media-remove
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@ -65,9 +67,11 @@ spec:
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets
mountPath: /opt/mastodon/public/assets mountPath: /opt/mastodon/public/assets
- name: system - name: system
mountPath: /opt/mastodon/public/system mountPath: /opt/mastodon/public/system
{{- end }}
{{- end }} {{- end }}

View file

@ -31,6 +31,7 @@ spec:
serviceAccountName: {{ include "mastodon.serviceAccountName" . }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only # ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce # required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@ -52,6 +53,7 @@ spec:
- name: system - name: system
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
securityContext: securityContext:
@ -84,11 +86,13 @@ spec:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ .Release.Name }}-redis
key: redis-password key: redis-password
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets
mountPath: /opt/mastodon/public/assets mountPath: /opt/mastodon/public/assets
- name: system - name: system
mountPath: /opt/mastodon/public/system mountPath: /opt/mastodon/public/system
{{- end }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}

View file

@ -31,6 +31,7 @@ spec:
serviceAccountName: {{ include "mastodon.serviceAccountName" . }} serviceAccountName: {{ include "mastodon.serviceAccountName" . }}
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumes: volumes:
- name: assets - name: assets
persistentVolumeClaim: persistentVolumeClaim:
@ -38,6 +39,7 @@ spec:
- name: system - name: system
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
securityContext: securityContext:
@ -72,11 +74,13 @@ spec:
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets
mountPath: /opt/mastodon/public/assets mountPath: /opt/mastodon/public/assets
- name: system - name: system
mountPath: /opt/mastodon/public/system mountPath: /opt/mastodon/public/system
{{- end }}
ports: ports:
- name: http - name: http
containerPort: {{ .Values.mastodon.web.port }} containerPort: {{ .Values.mastodon.web.port }}

View file

@ -14,6 +14,7 @@ spec:
name: {{ include "mastodon.fullname" . }}-assets-precompile name: {{ include "mastodon.fullname" . }}-assets-precompile
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only # ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce # required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@ -35,6 +36,7 @@ spec:
- name: system - name: system
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers: containers:
- name: {{ include "mastodon.fullname" . }}-assets-precompile - name: {{ include "mastodon.fullname" . }}-assets-precompile
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@ -66,8 +68,10 @@ spec:
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets
mountPath: /opt/mastodon/public/assets mountPath: /opt/mastodon/public/assets
- name: system - name: system
mountPath: /opt/mastodon/public/system mountPath: /opt/mastodon/public/system
{{- end }}

View file

@ -15,6 +15,7 @@ spec:
name: {{ include "mastodon.fullname" . }}-chewy-upgrade name: {{ include "mastodon.fullname" . }}-chewy-upgrade
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only # ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce # required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@ -36,6 +37,7 @@ spec:
- name: system - name: system
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers: containers:
- name: {{ include "mastodon.fullname" . }}-chewy-setup - name: {{ include "mastodon.fullname" . }}-chewy-setup
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@ -67,9 +69,11 @@ spec:
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets
mountPath: /opt/mastodon/public/assets mountPath: /opt/mastodon/public/assets
- name: system - name: system
mountPath: /opt/mastodon/public/system mountPath: /opt/mastodon/public/system
{{- end }}
{{- end }} {{- end }}

View file

@ -15,6 +15,7 @@ spec:
name: {{ include "mastodon.fullname" . }}-create-admin name: {{ include "mastodon.fullname" . }}-create-admin
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only # ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce # required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@ -36,6 +37,7 @@ spec:
- name: system - name: system
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers: containers:
- name: {{ include "mastodon.fullname" . }}-create-admin - name: {{ include "mastodon.fullname" . }}-create-admin
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@ -72,9 +74,11 @@ spec:
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets
mountPath: /opt/mastodon/public/assets mountPath: /opt/mastodon/public/assets
- name: system - name: system
mountPath: /opt/mastodon/public/system mountPath: /opt/mastodon/public/system
{{- end }}
{{- end }} {{- end }}

View file

@ -14,6 +14,7 @@ spec:
name: {{ include "mastodon.fullname" . }}-db-migrate name: {{ include "mastodon.fullname" . }}-db-migrate
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }}
# ensure we run on the same node as the other rails components; only # ensure we run on the same node as the other rails components; only
# required when using PVCs that are ReadWriteOnce # required when using PVCs that are ReadWriteOnce
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }} {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
@ -35,6 +36,7 @@ spec:
- name: system - name: system
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "mastodon.fullname" . }}-system claimName: {{ template "mastodon.fullname" . }}-system
{{- end }}
containers: containers:
- name: {{ include "mastodon.fullname" . }}-db-migrate - name: {{ include "mastodon.fullname" . }}-db-migrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@ -66,8 +68,10 @@ spec:
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets
mountPath: /opt/mastodon/public/assets mountPath: /opt/mastodon/public/assets
- name: system - name: system
mountPath: /opt/mastodon/public/system mountPath: /opt/mastodon/public/system
{{- end }}

View file

@ -1,4 +1,4 @@
--- {{- if (not .Values.mastodon.s3.enabled) }}
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
@ -11,3 +11,4 @@ spec:
resources: resources:
{{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}} {{- toYaml .Values.mastodon.persistence.assets.resources | nindent 4}}
storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }} storageClassName: {{ .Values.mastodon.persistence.assets.storageClassName }}
{{- end }}

View file

@ -1,4 +1,4 @@
--- {{- if (not .Values.mastodon.s3.enabled) }}
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
@ -11,3 +11,4 @@ spec:
resources: resources:
{{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}} {{- toYaml .Values.mastodon.persistence.system.resources | nindent 4}}
storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }} storageClassName: {{ .Values.mastodon.persistence.system.storageClassName }}
{{- end }}

View file

@ -6,6 +6,10 @@ metadata:
{{- include "mastodon.labels" . | nindent 4 }} {{- include "mastodon.labels" . | nindent 4 }}
type: Opaque type: Opaque
data: data:
{{- if .Values.mastodon.s3.enabled }}
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
{{- end }}
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }} {{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
{{- else }} {{- else }}

View file

@ -41,6 +41,14 @@ mastodon:
resources: resources:
requests: requests:
storage: 100Gi storage: 100Gi
s3:
enabled: false
access_key: ""
access_secret: ""
bucket: ""
endpoint: https://us-east-1.linodeobjects.com
hostname: us-east-1.linodeobjects.com
region: ""
# these must be set manually; autogenerated keys are rotated on each upgrade # these must be set manually; autogenerated keys are rotated on each upgrade
secrets: secrets:
secret_key_base: "" secret_key_base: ""