values.yaml 8.13 KiB
replicaCount: 1
image:
  repository: tootsuite/mastodon
  # https://hub.docker.com/r/tootsuite/mastodon/tags
  # alternatively, use `latest` for the latest release or `edge` for the image
  # built from the most recent commit
  # tag: latest
  tag: v3.5.2
  # use `Always` when using `latest` tag
  pullPolicy: IfNotPresent
mastodon:
  # create an initial administrator user; the password is autogenerated and will
  # have to be reset
  createAdmin:
    enabled: false
    username: not_gargron
    email: not@example.com
  cron:
    # run `tootctl media remove` every week
    removeMedia:
      enabled: true
      schedule: "0 0 * * 0"
  # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43
  locale: en
  local_domain: mastodon.local
  # Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
  # You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
  # web_domain: mastodon.example.com
  persistence:
    assets:
      # ReadWriteOnce is more widely supported than ReadWriteMany, but limits
      # scalability, since it requires the Rails and Sidekiq pods to run on the
      # same node.
      accessMode: ReadWriteOnce
      resources:
        requests:
          storage: 10Gi
    system:
      accessMode: ReadWriteOnce
      resources:
        requests:
          storage: 100Gi
  s3:
    enabled: false
    access_key: ""
    access_secret: ""
    bucket: ""
    endpoint: https://us-east-1.linodeobjects.com
    hostname: us-east-1.linodeobjects.com
    region: ""
    # If you have a caching proxy, enter its base URL here.
    alias_host: ""
  # these must be set manually; autogenerated keys are rotated on each upgrade
  secrets:
    secret_key_base: ""
    otp_secret: ""
    vapid:
      private_key: ""
      public_key: ""
  sidekiq:
    concurrency: 25
  smtp:
    auth_method: plain
    ca_file: /etc/ssl/certs/ca-certificates.crt
    delivery_method: smtp
    domain:
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
enable_starttls_auto: true from_address: notifications@example.com login: openssl_verify_mode: peer password: port: 587 reply_to: server: smtp.mailgun.org tls: false streaming: port: 4000 # this should be set manually since os.cpus() returns the number of CPUs on # the node running the pod, which is unrelated to the resources allocated to # the pod by k8s workers: 1 web: port: 3000 ingress: enabled: true annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: "letsencrypt" # # ensure that NGINX's upload size matches Mastodon's # for the K8s ingress controller: # nginx.ingress.kubernetes.io/proxy-body-size: 40m # for the NGINX ingress controller: # nginx.org/client-max-body-size: 40m hosts: - host: mastodon.local paths: - path: '/' tls: - secretName: mastodon-tls hosts: - mastodon.local # https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: # `false` will disable full-text search # # if you enable ES after the initial install, you will need to manually run # RAILS_ENV=production bundle exec rake chewy:sync # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) enabled: true image: tag: 7 # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: # disable if you want to use an existing db; in which case the values below # must match those of that external postgres instance enabled: true # postgresqlHostname: preexisting-postgresql postgresqlDatabase: mastodon_production # you must set a password; the password generated by the postgresql chart will # be rotated on each upgrade: # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade postgresqlPassword: "" postgresqlUsername: postgres # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: # you must set a password; the password generated by the redis chart will be # rotated on each upgrade: password: "" service:
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
type: ClusterIP port: 80 externalAuth: oidc: # OpenID Connect support is proposed in PR #16221 and awaiting merge. enabled: false # display_name: "example-label" # issuer: https://login.example.space/auth/realms/example-space # discovery: true # scope: "openid,profile" # uid_field: uid # client_id: mastodon # client_secret: SECRETKEY # redirect_uri: https://example.com/auth/auth/openid_connect/callback # assume_email_is_verified: true # client_auth_method: # response_type: # response_mode: # display: # prompt: # send_nonce: # send_scope_to_token_endpoint: # idp_logout_redirect_uri: # http_scheme: # host: # port: # jwks_uri: # auth_endpoint: # token_endpoint: # user_info_endpoint: # end_session_endpoint: saml: enabled: false # acs_url: http://mastodon.example.com/auth/auth/saml/callback # issuer: mastodon # idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml # idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----' # idp_cert_fingerprint: # name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified # cert: # private_key: # want_assertion_signed: true # want_assertion_encrypted: true # assume_email_is_verified: true # uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1" # attributes_statements: # uid: "urn:oid:0.9.2342.19200300.100.1.1" # email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" # full_name: "urn:oid:2.16.840.1.113730.3.1.241" # first_name: "urn:oid:2.5.4.42" # last_name: "urn:oid:2.5.4.4" # verified: # verified_email: oauth_global: # Force redirect local login to CAS. Does not function with SAML or LDAP. oauth_redirect_at_sign_in: false cas: enabled: false # url: https://sso.myserver.com # host: sso.myserver.com # port: 443 # ssl: true # validate_url: # callback_url: # logout_url: # login_url: # uid_field: 'user' # ca_path: # disable_ssl_verification: false
211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
# assume_email_is_verified: true # keys: # uid: 'user' # name: 'name' # email: 'email' # nickname: 'nickname' # first_name: 'firstname' # last_name: 'lastname' # location: 'location' # image: 'image' # phone: 'phone' pam: enabled: false # email_domain: example.com # default_service: rpam # controlled_service: rpam ldap: enabled: false # host: myservice.namespace.svc # port: 389 # method: simple_tls # base: # bind_on: # password: # uid: cn # mail: mail # search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))" # uid_conversion: # enabled: true # search: "., -" # replace: _ # https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88 # # if you manually change the UID/GID environment variables, ensure these values # match: podSecurityContext: runAsUser: 991 runAsGroup: 991 fsGroup: 991 securityContext: {} serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: 100
281282283284285286287288289
targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {}