|
|
@@ -55,7 +55,7 @@ metadata:
|
|
|
type: Opaque
|
|
|
data:
|
|
|
root-user: "YWRtaW4="
|
|
|
- root-password: "eEdlaHhqOHV5Zw=="
|
|
|
+ root-password: "U1lNNDBMeXRjVg=="
|
|
|
key.json: ""
|
|
|
---
|
|
|
# Source: mastodon/charts/postgresql/templates/secrets.yaml
|
|
|
@@ -71,8 +71,8 @@ metadata:
|
|
|
app.kubernetes.io/managed-by: Helm
|
|
|
type: Opaque
|
|
|
data:
|
|
|
- postgres-password: "NU04SUJUTVliRA=="
|
|
|
- password: "aFdZaWNOUHlvTA=="
|
|
|
+ postgres-password: "cHVaRkp2c1VCOQ=="
|
|
|
+ password: "aGtJUGFJZGg1Vg=="
|
|
|
# We don't auto-generate LDAP password when it's not provided as we do for other passwords
|
|
|
---
|
|
|
# Source: mastodon/charts/redis/templates/secret.yaml
|
|
|
@@ -88,7 +88,7 @@ metadata:
|
|
|
app.kubernetes.io/managed-by: Helm
|
|
|
type: Opaque
|
|
|
data:
|
|
|
- redis-password: "RlVCU09tRVJqVg=="
|
|
|
+ redis-password: "RVdvWWdYNzI1Sg=="
|
|
|
---
|
|
|
# Source: mastodon/templates/default-secret.yaml
|
|
|
apiVersion: v1
|
|
|
@@ -103,9 +103,9 @@ metadata:
|
|
|
app.kubernetes.io/managed-by: Helm
|
|
|
app.kubernetes.io/part-of: mastodon
|
|
|
data:
|
|
|
- MASTODON_ADMIN_PASSWORD: "Mk9yRFZWUEx0dw=="
|
|
|
- SECRET_KEY_BASE: "RElKYjJETFlWYg=="
|
|
|
- OTP_SECRET: "eUZoU1pTclAyRg=="
|
|
|
+ MASTODON_ADMIN_PASSWORD: "ZEJ2OGp3aVkxUA=="
|
|
|
+ SECRET_KEY_BASE: "TFZtQXZkMW9Caw=="
|
|
|
+ OTP_SECRET: "dWlmdzhSSUpDbQ=="
|
|
|
---
|
|
|
# Source: mastodon/charts/minio/templates/provisioning-configmap.yaml
|
|
|
apiVersion: v1
|
|
|
@@ -304,11 +304,11 @@ metadata:
|
|
|
data:
|
|
|
mastodon-vhost.conf: |-
|
|
|
<VirtualHost VirtualHost 127.0.0.1:8080 _default_:8080>
|
|
|
- ServerName
|
|
|
+ ServerName mastodon.dezendorf.net
|
|
|
ServerAlias *
|
|
|
<Location "/">
|
|
|
ProxyPass http://mastodon-web:80/
|
|
|
- ProxyPassReverse
|
|
|
+ ProxyPassReverse mastodon.dezendorf.net
|
|
|
Order allow,deny
|
|
|
Allow from all
|
|
|
</Location>
|
|
|
@@ -320,13 +320,13 @@ data:
|
|
|
RewriteRule /api/(.*) ws://mastodon-streaming:80/api/$1 [P,L]
|
|
|
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
|
|
|
RewriteRule /api/(.*) http://mastodon-streaming:80/api/$1 [P,L]
|
|
|
- ProxyPassReverse
|
|
|
+ ProxyPassReverse mastodon.dezendorf.net
|
|
|
Order allow,deny
|
|
|
Allow from all
|
|
|
</Location>
|
|
|
<Location "/s3storage">
|
|
|
ProxyPass http://mastodon-minio:80/s3storage/
|
|
|
- ProxyPassReverse
|
|
|
+ ProxyPassReverse mastodon.dezendorf.net
|
|
|
Order allow,deny
|
|
|
Allow from all
|
|
|
</Location>
|
|
|
@@ -345,8 +345,8 @@ metadata:
|
|
|
app.kubernetes.io/managed-by: Helm
|
|
|
app.kubernetes.io/part-of: mastodon
|
|
|
data:
|
|
|
- MASTODON_ADMIN_USERNAME: "user"
|
|
|
- MASTODON_ADMIN_EMAIL: "user@changeme.com"
|
|
|
+ MASTODON_ADMIN_USERNAME: "breandan"
|
|
|
+ MASTODON_ADMIN_EMAIL: "breandan@dezendorf.com"
|
|
|
DB_HOST: "mastodon-postgresql"
|
|
|
DB_PORT: "5432"
|
|
|
DB_NAME: "bitnami_mastodon"
|
|
|
@@ -354,8 +354,8 @@ data:
|
|
|
ES_ENABLED: "true"
|
|
|
ES_HOST: "mastodon-elasticsearch"
|
|
|
ES_PORT: "9200"
|
|
|
- WEB_DOMAIN: ""
|
|
|
- STREAMING_API_BASE_URL: "ws://"
|
|
|
+ WEB_DOMAIN: "mastodon.dezendorf.net"
|
|
|
+ STREAMING_API_BASE_URL: "ws://mastodon.dezendorf.net"
|
|
|
REDIS_HOST: "mastodon-redis-master"
|
|
|
REDIS_PORT: "6379"
|
|
|
S3_ENABLED: "true"
|
|
|
@@ -363,7 +363,7 @@ data:
|
|
|
S3_ENDPOINT: "http://mastodon-minio"
|
|
|
S3_HOSTNAME: "mastodon-minio"
|
|
|
S3_REGION: "us-east-1"
|
|
|
- S3_ALIAS_HOST: "/s3storage"
|
|
|
+ S3_ALIAS_HOST: "mastodon.dezendorf.net/s3storage"
|
|
|
S3_PROTOCOL: "http"
|
|
|
---
|
|
|
# Source: mastodon/templates/init-job/init-job-configmap.yaml
|
|
|
@@ -441,6 +441,7 @@ spec:
|
|
|
resources:
|
|
|
requests:
|
|
|
storage: "8Gi"
|
|
|
+ storageClassName: longhorn
|
|
|
---
|
|
|
# Source: mastodon/charts/apache/templates/svc.yaml
|
|
|
apiVersion: v1
|
|
|
@@ -922,7 +923,7 @@ spec:
|
|
|
app.kubernetes.io/instance: mastodon
|
|
|
app.kubernetes.io/managed-by: Helm
|
|
|
annotations:
|
|
|
- checksum/credentials-secret: fda36e188bbd8e646a63850dfb0280dec380936aa1d6b927b773a2e70fed8c2e
|
|
|
+ checksum/credentials-secret: 2db43b4c4682cc08fe1b802debca807f538d84655d6d362d0cbd488873cf2364
|
|
|
spec:
|
|
|
|
|
|
serviceAccountName: mastodon-minio
|
|
|
@@ -1011,6 +1012,696 @@ spec:
|
|
|
persistentVolumeClaim:
|
|
|
claimName: mastodon-minio
|
|
|
---
|
|
|
+# Source: mastodon/templates/sidekiq/deployment.yaml
|
|
|
+apiVersion: apps/v1
|
|
|
+kind: Deployment
|
|
|
+metadata:
|
|
|
+ name: mastodon-sidekiq
|
|
|
+ namespace: "mastodon"
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ helm.sh/chart: mastodon-1.0.1
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/managed-by: Helm
|
|
|
+ app.kubernetes.io/part-of: mastodon
|
|
|
+ app.kubernetes.io/component: sidekiq
|
|
|
+spec:
|
|
|
+ replicas: 1
|
|
|
+ strategy:
|
|
|
+ type: RollingUpdate
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/component: sidekiq
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ helm.sh/chart: mastodon-1.0.1
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/managed-by: Helm
|
|
|
+ app.kubernetes.io/component: sidekiq
|
|
|
+ spec:
|
|
|
+ serviceAccountName: mastodon
|
|
|
+
|
|
|
+ affinity:
|
|
|
+ podAffinity:
|
|
|
+
|
|
|
+ podAntiAffinity:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ - podAffinityTerm:
|
|
|
+ labelSelector:
|
|
|
+ matchLabels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/component: sidekiq
|
|
|
+ topologyKey: kubernetes.io/hostname
|
|
|
+ weight: 1
|
|
|
+ nodeAffinity:
|
|
|
+
|
|
|
+ securityContext:
|
|
|
+ fsGroup: 1001
|
|
|
+ seccompProfile:
|
|
|
+ type: RuntimeDefault
|
|
|
+ initContainers:
|
|
|
+ - name: wait-for-web
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - bash
|
|
|
+ - -ec
|
|
|
+ - |
|
|
|
+ #!/bin/bash
|
|
|
+
|
|
|
+ set -o errexit
|
|
|
+ set -o nounset
|
|
|
+ set -o pipefail
|
|
|
+
|
|
|
+ . /opt/bitnami/scripts/liblog.sh
|
|
|
+ . /opt/bitnami/scripts/libvalidations.sh
|
|
|
+ . /opt/bitnami/scripts/libmastodon.sh
|
|
|
+ . /opt/bitnami/scripts/mastodon-env.sh
|
|
|
+
|
|
|
+ mastodon_wait_for_web_connection "http://${MASTODON_WEB_HOST}:${MASTODON_WEB_PORT}"
|
|
|
+ info "Mastodon web is ready"
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_WEB_HOST
|
|
|
+ value: "mastodon-web"
|
|
|
+ - name: MASTODON_WEB_PORT
|
|
|
+ value: "80"
|
|
|
+ - name: wait-for-s3
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - bash
|
|
|
+ - -ec
|
|
|
+ - |
|
|
|
+ #!/bin/bash
|
|
|
+
|
|
|
+ set -o errexit
|
|
|
+ set -o nounset
|
|
|
+ set -o pipefail
|
|
|
+
|
|
|
+ . /opt/bitnami/scripts/liblog.sh
|
|
|
+ . /opt/bitnami/scripts/libvalidations.sh
|
|
|
+ . /opt/bitnami/scripts/libmastodon.sh
|
|
|
+ . /opt/bitnami/scripts/mastodon-env.sh
|
|
|
+
|
|
|
+ mastodon_wait_for_s3_connection "$MASTODON_S3_HOSTNAME" "$MASTODON_S3_PORT_NUMBER"
|
|
|
+ info "S3 is ready"
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_S3_HOSTNAME
|
|
|
+ value: "mastodon-minio"
|
|
|
+ - name: MASTODON_S3_PORT_NUMBER
|
|
|
+ value: "80"
|
|
|
+ containers:
|
|
|
+ - name: mastodon
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - /opt/bitnami/scripts/mastodon/run.sh
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_MODE
|
|
|
+ value: "sidekiq"
|
|
|
+ - name: MASTODON_DATABASE_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-postgresql
|
|
|
+ key: "password"
|
|
|
+ - name: MASTODON_REDIS_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-redis
|
|
|
+ key: "redis-password"
|
|
|
+ - name: MASTODON_AWS_ACCESS_KEY_ID
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-minio
|
|
|
+ key: "root-user"
|
|
|
+ - name: MASTODON_AWS_SECRET_ACCESS_KEY
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-minio
|
|
|
+ key: "root-password"
|
|
|
+ envFrom:
|
|
|
+ - configMapRef:
|
|
|
+ name: mastodon-default
|
|
|
+ - secretRef:
|
|
|
+ name: mastodon-default
|
|
|
+ resources:
|
|
|
+ limits: {}
|
|
|
+ requests: {}
|
|
|
+ livenessProbe:
|
|
|
+ failureThreshold: 6
|
|
|
+ initialDelaySeconds: 10
|
|
|
+ periodSeconds: 10
|
|
|
+ successThreshold: 1
|
|
|
+ timeoutSeconds: 5
|
|
|
+ exec:
|
|
|
+ command:
|
|
|
+ - /bin/sh
|
|
|
+ - -c
|
|
|
+ - pgrep -f ^sidekiq
|
|
|
+ readinessProbe:
|
|
|
+ failureThreshold: 6
|
|
|
+ initialDelaySeconds: 10
|
|
|
+ periodSeconds: 10
|
|
|
+ successThreshold: 1
|
|
|
+ timeoutSeconds: 5
|
|
|
+ exec:
|
|
|
+ command:
|
|
|
+ - /bin/sh
|
|
|
+ - -c
|
|
|
+ - pgrep -f ^sidekiq
|
|
|
+ volumeMounts:
|
|
|
+ volumes:
|
|
|
+---
|
|
|
+# Source: mastodon/templates/streaming/deployment.yaml
|
|
|
+apiVersion: apps/v1
|
|
|
+kind: Deployment
|
|
|
+metadata:
|
|
|
+ name: mastodon-streaming
|
|
|
+ namespace: "mastodon"
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ helm.sh/chart: mastodon-1.0.1
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/managed-by: Helm
|
|
|
+ app.kubernetes.io/part-of: mastodon
|
|
|
+ app.kubernetes.io/component: streaming
|
|
|
+spec:
|
|
|
+ replicas: 1
|
|
|
+ strategy:
|
|
|
+ type: RollingUpdate
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/component: streaming
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ helm.sh/chart: mastodon-1.0.1
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/managed-by: Helm
|
|
|
+ app.kubernetes.io/component: streaming
|
|
|
+ spec:
|
|
|
+ serviceAccountName: mastodon
|
|
|
+
|
|
|
+ affinity:
|
|
|
+ podAffinity:
|
|
|
+
|
|
|
+ podAntiAffinity:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ - podAffinityTerm:
|
|
|
+ labelSelector:
|
|
|
+ matchLabels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/component: streaming
|
|
|
+ topologyKey: kubernetes.io/hostname
|
|
|
+ weight: 1
|
|
|
+ nodeAffinity:
|
|
|
+
|
|
|
+ securityContext:
|
|
|
+ fsGroup: 1001
|
|
|
+ seccompProfile:
|
|
|
+ type: RuntimeDefault
|
|
|
+ initContainers:
|
|
|
+ # We need to wait for the PostgreSQL database to be ready in order to start with Mastodon.
|
|
|
+ # As it is a ReplicaSet, we need that all nodes are configured in order to start with
|
|
|
+ # the application or race conditions can occur
|
|
|
+ - name: wait-for-db
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - bash
|
|
|
+ - -ec
|
|
|
+ - |
|
|
|
+ #!/bin/bash
|
|
|
+
|
|
|
+ set -o errexit
|
|
|
+ set -o nounset
|
|
|
+ set -o pipefail
|
|
|
+
|
|
|
+ . /opt/bitnami/scripts/liblog.sh
|
|
|
+ . /opt/bitnami/scripts/libvalidations.sh
|
|
|
+ . /opt/bitnami/scripts/libmastodon.sh
|
|
|
+ . /opt/bitnami/scripts/mastodon-env.sh
|
|
|
+
|
|
|
+ mastodon_wait_for_postgresql_connection "postgresql://${MASTODON_DATABASE_USER}:${MASTODON_DATABASE_PASSWORD:-}@${MASTODON_DATABASE_HOST}:${MASTODON_DATABASE_PORT_NUMBER}/${MASTODON_DATABASE_NAME}"
|
|
|
+ info "Database is ready"
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_DATABASE_HOST
|
|
|
+ value: "mastodon-postgresql"
|
|
|
+ - name: MASTODON_DATABASE_PORT_NUMBER
|
|
|
+ value: "5432"
|
|
|
+ - name: MASTODON_DATABASE_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-postgresql
|
|
|
+ key: password
|
|
|
+ - name: MASTODON_DATABASE_USER
|
|
|
+ value: bn_mastodon
|
|
|
+ - name: MASTODON_DATABASE_NAME
|
|
|
+ value: bitnami_mastodon
|
|
|
+ - name: wait-for-web
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - bash
|
|
|
+ - -ec
|
|
|
+ - |
|
|
|
+ #!/bin/bash
|
|
|
+
|
|
|
+ set -o errexit
|
|
|
+ set -o nounset
|
|
|
+ set -o pipefail
|
|
|
+
|
|
|
+ . /opt/bitnami/scripts/liblog.sh
|
|
|
+ . /opt/bitnami/scripts/libvalidations.sh
|
|
|
+ . /opt/bitnami/scripts/libmastodon.sh
|
|
|
+ . /opt/bitnami/scripts/mastodon-env.sh
|
|
|
+
|
|
|
+ mastodon_wait_for_web_connection "http://${MASTODON_WEB_HOST}:${MASTODON_WEB_PORT}"
|
|
|
+ info "Mastodon web is ready"
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_WEB_HOST
|
|
|
+ value: "mastodon-web"
|
|
|
+ - name: MASTODON_WEB_PORT
|
|
|
+ value: "80"
|
|
|
+ containers:
|
|
|
+ - name: mastodon
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - /opt/bitnami/scripts/mastodon/run.sh
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_MODE
|
|
|
+ value: "streaming"
|
|
|
+ - name: MASTODON_STREAMING_PORT_NUMBER
|
|
|
+ value: "8080"
|
|
|
+ - name: MASTODON_DATABASE_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-postgresql
|
|
|
+ key: "password"
|
|
|
+ - name: MASTODON_REDIS_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-redis
|
|
|
+ key: "redis-password"
|
|
|
+ - name: MASTODON_AWS_ACCESS_KEY_ID
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-minio
|
|
|
+ key: "root-user"
|
|
|
+ - name: MASTODON_AWS_SECRET_ACCESS_KEY
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-minio
|
|
|
+ key: "root-password"
|
|
|
+ envFrom:
|
|
|
+ - configMapRef:
|
|
|
+ name: mastodon-default
|
|
|
+ - secretRef:
|
|
|
+ name: mastodon-default
|
|
|
+ resources:
|
|
|
+ limits: {}
|
|
|
+ requests: {}
|
|
|
+ ports:
|
|
|
+ - name: http
|
|
|
+ containerPort: 8080
|
|
|
+ livenessProbe:
|
|
|
+ failureThreshold: 6
|
|
|
+ initialDelaySeconds: 10
|
|
|
+ periodSeconds: 10
|
|
|
+ successThreshold: 1
|
|
|
+ timeoutSeconds: 5
|
|
|
+ httpGet:
|
|
|
+ path: /api/v1/streaming/health
|
|
|
+ port: http
|
|
|
+ readinessProbe:
|
|
|
+ failureThreshold: 6
|
|
|
+ initialDelaySeconds: 10
|
|
|
+ periodSeconds: 10
|
|
|
+ successThreshold: 1
|
|
|
+ timeoutSeconds: 5
|
|
|
+ httpGet:
|
|
|
+ path: /api/v1/streaming/health
|
|
|
+ port: http
|
|
|
+ volumeMounts:
|
|
|
+ volumes:
|
|
|
+---
|
|
|
+# Source: mastodon/templates/web/deployment.yaml
|
|
|
+apiVersion: apps/v1
|
|
|
+kind: Deployment
|
|
|
+metadata:
|
|
|
+ name: mastodon-web
|
|
|
+ namespace: "mastodon"
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ helm.sh/chart: mastodon-1.0.1
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/managed-by: Helm
|
|
|
+ app.kubernetes.io/part-of: mastodon
|
|
|
+ app.kubernetes.io/component: web
|
|
|
+spec:
|
|
|
+ replicas: 1
|
|
|
+ strategy:
|
|
|
+ type: RollingUpdate
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/component: web
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ helm.sh/chart: mastodon-1.0.1
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/managed-by: Helm
|
|
|
+ app.kubernetes.io/component: web
|
|
|
+ spec:
|
|
|
+ serviceAccountName: mastodon
|
|
|
+
|
|
|
+ affinity:
|
|
|
+ podAffinity:
|
|
|
+
|
|
|
+ podAntiAffinity:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ - podAffinityTerm:
|
|
|
+ labelSelector:
|
|
|
+ matchLabels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/component: web
|
|
|
+ topologyKey: kubernetes.io/hostname
|
|
|
+ weight: 1
|
|
|
+ nodeAffinity:
|
|
|
+
|
|
|
+ securityContext:
|
|
|
+ fsGroup: 1001
|
|
|
+ seccompProfile:
|
|
|
+ type: RuntimeDefault
|
|
|
+ initContainers:
|
|
|
+ # We need to wait for the PostgreSQL database to be ready in order to start with Mastodon.
|
|
|
+ # As it is a ReplicaSet, we need that all nodes are configured in order to start with
|
|
|
+ # the application or race conditions can occur
|
|
|
+ - name: wait-for-db
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - bash
|
|
|
+ - -ec
|
|
|
+ - |
|
|
|
+ #!/bin/bash
|
|
|
+
|
|
|
+ set -o errexit
|
|
|
+ set -o nounset
|
|
|
+ set -o pipefail
|
|
|
+
|
|
|
+ . /opt/bitnami/scripts/liblog.sh
|
|
|
+ . /opt/bitnami/scripts/libvalidations.sh
|
|
|
+ . /opt/bitnami/scripts/libmastodon.sh
|
|
|
+ . /opt/bitnami/scripts/mastodon-env.sh
|
|
|
+
|
|
|
+ mastodon_wait_for_postgresql_connection "postgresql://${MASTODON_DATABASE_USER}:${MASTODON_DATABASE_PASSWORD:-}@${MASTODON_DATABASE_HOST}:${MASTODON_DATABASE_PORT_NUMBER}/${MASTODON_DATABASE_NAME}"
|
|
|
+ info "Database is ready"
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_DATABASE_HOST
|
|
|
+ value: "mastodon-postgresql"
|
|
|
+ - name: MASTODON_DATABASE_PORT_NUMBER
|
|
|
+ value: "5432"
|
|
|
+ - name: MASTODON_DATABASE_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-postgresql
|
|
|
+ key: password
|
|
|
+ - name: MASTODON_DATABASE_USER
|
|
|
+ value: bn_mastodon
|
|
|
+ - name: MASTODON_DATABASE_NAME
|
|
|
+ value: bitnami_mastodon
|
|
|
+
|
|
|
+ # We need to wait for the PostgreSQL database to be ready in order to start with Mastodon.
|
|
|
+ # As it is a ReplicaSet, we need that all nodes are configured in order to start with
|
|
|
+ # the application or race conditions can occur
|
|
|
+ - name: wait-for-redis
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - bash
|
|
|
+ - -ec
|
|
|
+ - |
|
|
|
+ #!/bin/bash
|
|
|
+
|
|
|
+ set -o errexit
|
|
|
+ set -o nounset
|
|
|
+ set -o pipefail
|
|
|
+
|
|
|
+ . /opt/bitnami/scripts/liblog.sh
|
|
|
+ . /opt/bitnami/scripts/libvalidations.sh
|
|
|
+ . /opt/bitnami/scripts/libmastodon.sh
|
|
|
+ . /opt/bitnami/scripts/mastodon-env.sh
|
|
|
+
|
|
|
+ mastodon_wait_for_redis_connection "redis://${MASTODON_REDIS_PASSWORD:-}@${MASTODON_REDIS_HOST}:${MASTODON_REDIS_PORT_NUMBER}"
|
|
|
+ info "Redis(TM) is ready"
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_REDIS_HOST
|
|
|
+ value: "mastodon-redis-master"
|
|
|
+ - name: MASTODON_REDIS_PORT_NUMBER
|
|
|
+ value: "6379"
|
|
|
+ - name: MASTODON_REDIS_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-redis
|
|
|
+ key: redis-password
|
|
|
+ - name: wait-for-elasticsearch
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - bash
|
|
|
+ - -ec
|
|
|
+ - |
|
|
|
+ #!/bin/bash
|
|
|
+
|
|
|
+ set -o errexit
|
|
|
+ set -o nounset
|
|
|
+ set -o pipefail
|
|
|
+
|
|
|
+ . /opt/bitnami/scripts/liblog.sh
|
|
|
+ . /opt/bitnami/scripts/libvalidations.sh
|
|
|
+ . /opt/bitnami/scripts/libmastodon.sh
|
|
|
+ . /opt/bitnami/scripts/mastodon-env.sh
|
|
|
+
|
|
|
+ mastodon_wait_for_elasticsearch_connection "http://${MASTODON_ELASTICSEARCH_HOST}:${MASTODON_ELASTICSEARCH_PORT_NUMBER}"
|
|
|
+ info "Mastodon web is ready"
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_ELASTICSEARCH_HOST
|
|
|
+ value: "mastodon-elasticsearch"
|
|
|
+ - name: MASTODON_ELASTICSEARCH_PORT_NUMBER
|
|
|
+ value: "9200"
|
|
|
+ - name: wait-for-s3
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - bash
|
|
|
+ - -ec
|
|
|
+ - |
|
|
|
+ #!/bin/bash
|
|
|
+
|
|
|
+ set -o errexit
|
|
|
+ set -o nounset
|
|
|
+ set -o pipefail
|
|
|
+
|
|
|
+ . /opt/bitnami/scripts/liblog.sh
|
|
|
+ . /opt/bitnami/scripts/libvalidations.sh
|
|
|
+ . /opt/bitnami/scripts/libmastodon.sh
|
|
|
+ . /opt/bitnami/scripts/mastodon-env.sh
|
|
|
+
|
|
|
+ mastodon_wait_for_s3_connection "$MASTODON_S3_HOSTNAME" "$MASTODON_S3_PORT_NUMBER"
|
|
|
+ info "S3 is ready"
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_S3_HOSTNAME
|
|
|
+ value: "mastodon-minio"
|
|
|
+ - name: MASTODON_S3_PORT_NUMBER
|
|
|
+ value: "80"
|
|
|
+ containers:
|
|
|
+ - name: mastodon
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ command:
|
|
|
+ - /opt/bitnami/scripts/mastodon/run.sh
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_MODE
|
|
|
+ value: "web"
|
|
|
+ - name: MASTODON_WEB_PORT_NUMBER
|
|
|
+ value: "3000"
|
|
|
+ - name: MASTODON_DATABASE_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-postgresql
|
|
|
+ key: "password"
|
|
|
+ - name: MASTODON_REDIS_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-redis
|
|
|
+ key: "redis-password"
|
|
|
+ - name: MASTODON_AWS_ACCESS_KEY_ID
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-minio
|
|
|
+ key: "root-user"
|
|
|
+ - name: MASTODON_AWS_SECRET_ACCESS_KEY
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-minio
|
|
|
+ key: "root-password"
|
|
|
+ envFrom:
|
|
|
+ - configMapRef:
|
|
|
+ name: mastodon-default
|
|
|
+ - secretRef:
|
|
|
+ name: mastodon-default
|
|
|
+ resources:
|
|
|
+ limits: {}
|
|
|
+ requests: {}
|
|
|
+ ports:
|
|
|
+ - name: http
|
|
|
+ containerPort: 3000
|
|
|
+ livenessProbe:
|
|
|
+ failureThreshold: 6
|
|
|
+ initialDelaySeconds: 10
|
|
|
+ periodSeconds: 10
|
|
|
+ successThreshold: 1
|
|
|
+ timeoutSeconds: 5
|
|
|
+ httpGet:
|
|
|
+ path: /health
|
|
|
+ port: http
|
|
|
+ readinessProbe:
|
|
|
+ failureThreshold: 6
|
|
|
+ initialDelaySeconds: 10
|
|
|
+ periodSeconds: 10
|
|
|
+ successThreshold: 1
|
|
|
+ timeoutSeconds: 5
|
|
|
+ httpGet:
|
|
|
+ path: /health
|
|
|
+ port: http
|
|
|
+ volumeMounts:
|
|
|
+ volumes:
|
|
|
+---
|
|
|
# Source: mastodon/charts/elasticsearch/templates/coordinating/statefulset.yaml
|
|
|
apiVersion: apps/v1
|
|
|
kind: StatefulSet
|
|
|
@@ -1306,6 +1997,7 @@ spec:
|
|
|
resources:
|
|
|
requests:
|
|
|
storage: "8Gi"
|
|
|
+ storageClassName: longhorn
|
|
|
---
|
|
|
# Source: mastodon/charts/elasticsearch/templates/ingest/statefulset.yaml
|
|
|
apiVersion: apps/v1
|
|
|
@@ -1602,6 +2294,7 @@ spec:
|
|
|
resources:
|
|
|
requests:
|
|
|
storage: "8Gi"
|
|
|
+ storageClassName: longhorn
|
|
|
---
|
|
|
# Source: mastodon/charts/postgresql/templates/primary/statefulset.yaml
|
|
|
apiVersion: apps/v1
|
|
|
@@ -1765,6 +2458,7 @@ spec:
|
|
|
resources:
|
|
|
requests:
|
|
|
storage: "8Gi"
|
|
|
+ storageClassName: longhorn
|
|
|
---
|
|
|
# Source: mastodon/charts/redis/templates/master/application.yaml
|
|
|
apiVersion: apps/v1
|
|
|
@@ -1800,7 +2494,7 @@ spec:
|
|
|
checksum/configmap: 2f15040384162155f37c5089d1a10352963784fb168a605b339e88c8642e7001
|
|
|
checksum/health: 0b8c4cf2e9643861c68f5ce94dc34b6497ef911db5da1c59f51d5f172a4b98dd
|
|
|
checksum/scripts: aaa87d91cbed3dc312c3e5b1dab72400a783834667c43a4d19bba0b89be86c63
|
|
|
- checksum/secret: a6419e12b36d05bc7c2ce11860928be0c5a2a41ea37358fe1979106d70ea686f
|
|
|
+ checksum/secret: 7ad58554d69c8ec88bb5547ce91a036e9612e1db4e16b5faad3181c162e3f776
|
|
|
spec:
|
|
|
|
|
|
securityContext:
|
|
|
@@ -1920,6 +2614,7 @@ spec:
|
|
|
resources:
|
|
|
requests:
|
|
|
storage: "8Gi"
|
|
|
+ storageClassName: longhorn
|
|
|
---
|
|
|
# Source: mastodon/charts/minio/templates/provisioning-job.yaml
|
|
|
apiVersion: batch/v1
|
|
|
@@ -2051,3 +2746,131 @@ spec:
|
|
|
- name: minio-provisioning
|
|
|
configMap:
|
|
|
name: mastodon-minio-provisioning
|
|
|
+---
|
|
|
+# Source: mastodon/templates/init-job/init-job.yaml
|
|
|
+apiVersion: batch/v1
|
|
|
+kind: Job
|
|
|
+metadata:
|
|
|
+ name: mastodon-init
|
|
|
+ namespace: mastodon
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ helm.sh/chart: mastodon-1.0.1
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/managed-by: Helm
|
|
|
+ app.kubernetes.io/part-of: mastodon
|
|
|
+ annotations:
|
|
|
+ helm.sh/hook: post-install, pre-upgrade
|
|
|
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
|
|
+ helm.sh/hook-weight: "10"
|
|
|
+spec:
|
|
|
+ backoffLimit: 10
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app.kubernetes.io/name: mastodon
|
|
|
+ helm.sh/chart: mastodon-1.0.1
|
|
|
+ app.kubernetes.io/instance: mastodon
|
|
|
+ app.kubernetes.io/managed-by: Helm
|
|
|
+ app.kubernetes.io/component: init
|
|
|
+ spec:
|
|
|
+
|
|
|
+ restartPolicy: OnFailure
|
|
|
+ securityContext:
|
|
|
+ fsGroup: 1001
|
|
|
+ seccompProfile:
|
|
|
+ type: RuntimeDefault
|
|
|
+ containers:
|
|
|
+ # We separate the job in multiple containers to be able to run them in parallel. We put everything on the same job
|
|
|
+ # as it follows the Job Pattern best practices
|
|
|
+ # https://kubernetes.io/docs/concepts/workloads/controllers/job/#job-patterns
|
|
|
+ - name: migrate-and-create-admin
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ command:
|
|
|
+ - /bin/bash
|
|
|
+ - -ec
|
|
|
+ args:
|
|
|
+ - /scripts/migrate-and-create-admin.sh
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_DATABASE_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-postgresql
|
|
|
+ key: "password"
|
|
|
+ # The rake db:migrate job requires access to Redis
|
|
|
+ - name: MASTODON_REDIS_PASSWORD
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-redis
|
|
|
+ key: "redis-password"
|
|
|
+ envFrom:
|
|
|
+ - configMapRef:
|
|
|
+ name: mastodon-default
|
|
|
+ - secretRef:
|
|
|
+ name: mastodon-default
|
|
|
+ volumeMounts:
|
|
|
+ - name: scripts
|
|
|
+ mountPath: /scripts
|
|
|
+ resources:
|
|
|
+ limits: {}
|
|
|
+ requests: {}
|
|
|
+ - name: mastodon-assets-precompile
|
|
|
+ image: docker.io/bitnami/mastodon:4.0.2-debian-11-r18
|
|
|
+ imagePullPolicy: IfNotPresent
|
|
|
+ command:
|
|
|
+ - /bin/bash
|
|
|
+ - -ec
|
|
|
+ args:
|
|
|
+ - /scripts/precompile-assets.sh
|
|
|
+ securityContext:
|
|
|
+ allowPrivilegeEscalation: false
|
|
|
+ capabilities:
|
|
|
+ drop:
|
|
|
+ - ALL
|
|
|
+ readOnlyRootFilesystem: false
|
|
|
+ runAsNonRoot: true
|
|
|
+ runAsUser: 1001
|
|
|
+ env:
|
|
|
+ - name: BITNAMI_DEBUG
|
|
|
+ value: "false"
|
|
|
+ - name: MASTODON_S3_HOSTNAME
|
|
|
+ value: "mastodon-minio"
|
|
|
+ - name: MASTODON_S3_PORT_NUMBER
|
|
|
+ value: "80"
|
|
|
+ - name: MASTODON_AWS_ACCESS_KEY_ID
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-minio
|
|
|
+ key: "root-user"
|
|
|
+ - name: MASTODON_AWS_SECRET_ACCESS_KEY
|
|
|
+ valueFrom:
|
|
|
+ secretKeyRef:
|
|
|
+ name: mastodon-minio
|
|
|
+ key: "root-password"
|
|
|
+ envFrom:
|
|
|
+ - configMapRef:
|
|
|
+ name: mastodon-default
|
|
|
+ - secretRef:
|
|
|
+ name: mastodon-default
|
|
|
+ volumeMounts:
|
|
|
+ - name: scripts
|
|
|
+ mountPath: /scripts
|
|
|
+ resources:
|
|
|
+ limits: {}
|
|
|
+ requests: {}
|
|
|
+ volumes:
|
|
|
+ - name: scripts
|
|
|
+ configMap:
|
|
|
+ name: mastodon-init-scripts
|
|
|
+ defaultMode: 0755
|
