Commit graph

19 commits

Author SHA1 Message Date
Alex Nordlund
fd3c482104
Roll pods to pick up db migrations even if podAnnotations is empty (#19702) 2022-11-08 17:19:14 +01:00
Alex Nordlund
d3afd7a2f1
Fix helm postgresql secret (#19678)
* Revert "Fix helm chart use of Postgres Password (#19537)"

This reverts commit 6094a916b1.

* Revert "Fix PostgreSQL password reference for jobs (#19504)"

This reverts commit dae954ef11.

* Revert "Fix PostgreSQL password reference (#19502)"

This reverts commit 9bf6a8af82.

* Correct default username in postgresql auth
2022-11-08 17:18:57 +01:00
Alex Nordlund
0498b106c9
Add S3 existing secret to sidekiq (#19778) 2022-11-05 17:29:20 +01:00
Ben Hardill
6094a916b1
Fix helm chart use of Postgres Password (#19537)
Fixes #19536
2022-10-30 01:30:16 +02:00
Kangwook Lee (이강욱)
dae954ef11
Fix PostgreSQL password reference for jobs (#19504) 2022-10-28 16:40:47 +02:00
Kangwook Lee (이강욱)
223e152312
Add option to enable single user mode (#19503) 2022-10-28 16:29:00 +02:00
Kangwook Lee (이강욱)
9bf6a8af82
Fix PostgreSQL password reference (#19502) 2022-10-28 16:21:58 +02:00
James Smith
1165943968
Mark job pods not to use Istio's envoy sidecar (#18415)
* Mark job pods not to use Istio's envoy sidecar

Istio injects sidecars into pods to implement mTLS between pods. Jobs
usually don't know about this, so they don't signal the Envoy process
to stop when the job finishes. Since at least one process is running
in the pod, Kubernetes doesn't consider the job to be completed, so it
lingers.

By adding the `sidecar.istio.io/inject` annotation set to `"false"`,
we let Istio know that it should not inject the sidecar. If Istio is
not installed, then this has no impact.

* Support arbitrary job annotations in the Helm chart

Rather than focus on Istio, this allows arbitrary annotations for job pods.

* Add in-line documentation for pod/job annotations
2022-08-25 04:40:38 +02:00
Alex Nordlund
63a5514b29
Allow S3 to use an existing secret (#18997) 2022-08-25 04:39:11 +02:00
Alex Nordlund
7ccf7a73f1
Fix broken dependencies in helm chart and allow using existing secrets in the chart (#18941)
* Add ability to specify an existing Secret (#18139)

Closes #18139

* Allow using secrets with external postgres

* Upgrade CronJob to batch/v1

* Allow using redis.auth.existingSecret

* Helmignore mastodon-*.tgz for easy local development

* Upgrade helm dependencies

* Upgrade postgresql to 11

* Allow putting SMTP password into a secret

* Add optional login to SMTP secret

This to allow setting LOGIN either in values.yaml or
in the secret.

* Switch to bitnami charts full archive

This prevents older versions from disappearing, see
https://github.com/bitnami/charts/issues/10539 for
full context.

Co-authored-by: Ted Tramonte <ted.tramonte@gmail.com>
2022-08-10 17:12:58 +02:00
James Smith
98400a6887
Support STREAMING_API_BASE_URL in Helm Chart (#18408)
This adds a mastodon.streaming.base_url setting in the Helm chart values
file to allow setting the STREAMING_API_BASE_URL in the Mastodon environnment
config map.
2022-05-14 10:03:44 +02:00
bobbyd0g
a131f06e12
Helm chart SSO support (#17205)
* Add SAML support

* move extAuth below essential components

* Add CAS, PAM, LDAP support

* Add WEB_DOMAIN and S3_ALIAS_HOST support

* SAML defaults aligned

* Bump chart version

* SSO & WEB_DOMAIN support added

* Add OIDC support

* Correct typo

* Notice for OIDC support

Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-02-11 15:01:40 +01:00
Takuya Yoshida
5533fa28b6
Add support >= 1.22 (#17490) 2022-02-09 12:30:00 +01:00
Alex Dunn
fca4fd1daa
helm: add support for S3 storage (#15748) 2021-02-19 09:52:32 +01:00
Alex Dunn
9c273c2a59
helm: standardize yaml configuration (#15728)
- move application variables under `mastodon` namespace
- restore standard yaml structure for ingress configuration
- move values.yaml.template to values.yaml
2021-02-15 08:00:54 +01:00
Alex Dunn
55a6b54f8e
helm: add option for external db (#15722) 2021-02-14 20:16:32 +01:00
Patrice Ferlet
4b2ec4a2dc
Fix postrgres secret name for cronjob (#15072)
The cronjob tries to get key from `mastodon` secret instead of
`mastodon-postgresql` - so the cronjob fails with this error:

Error: couldn't find key postgresql-password in Secret [NS]/mastodon

Another solution is to save the postgres password in mastodon secret,
but that means that the password is placed in two places.

Postgresql use <fullname>-postgresql name as secret name.
2020-11-02 06:16:51 +01:00
Alex Dunn
53b22d247f
helm: add optional cron job to run tootctl remove media (#14396) 2020-10-13 01:19:13 +02:00
Alex Dunn
6d3125f9c0
Add Helm chart (#14090)
* add Helm chart

known issues/future work:

- SSO is unsupported

- S3/Minio/GCS is unsupported

- Swift is unsupported

- WEB_DOMAIN is unsupported

- Tor is unsupported

* helm: clarify how LOCAL_DOMAIN is set

* helm: add chart description

* helm: make DB_POOL and Sidekiq concurrency configurable

* helm: only enforce pod affinity when using ReadWriteOnce

* helm: clarify compatibility

* helm: clean up application variables

* helm: add job to create initial admin
2020-06-29 13:58:48 +02:00