forked from mastodon/chart
-
Notifications
You must be signed in to change notification settings - Fork 1
/
values.yaml
783 lines (738 loc) · 26.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
image:
repository: ghcr.io/mastodon/mastodon
# https://github.com/mastodon/mastodon/pkgs/container/mastodon
#
# alternatively, use `latest` for the latest release or `edge` for the image
# built from the most recent commit
#
# tag: latest
tag: null
# use `Always` when using `latest` tag
pullPolicy: IfNotPresent
mastodon:
# Labels added to every Mastodon-related object
labels: {}
# -- create an initial administrator user; the password is autogenerated and will
# have to be reset
createAdmin:
# @ignored
enabled: false
# @ignored
username: not_gargron
# @ignored
email: [email protected]
hooks:
dbMigrate:
enabled: true
assetsPrecompile:
enabled: true
# Upload website assets to S3 before deploying using rclone.
# Whenever there is an update to Mastodon, sometimes there are assets files
# that are renamed. As the pods are getting redeployed, and old/new pods are
# present simultaneously, there is a chance that old asset files are
# requested from pods that don't have them anymore, or new asset files are
# requested from old pods. Uploading asset files to S3 in this manner solves
# this potential conflict.
# Note that you will need to CDN/proxy to send all requests to /assets and
# /packs to this bucket.
s3Upload:
enabled: false
endpoint:
bucket:
acl: public-read
secretRef:
name:
keys:
accesKeyId: acces-key-id
secretAccessKey: secret-access-key
rclone:
# Any additional environment variables to pass to rclone.
env: {}
# Custom labels to add to kubernetes resources
#labels:
cron:
# -- run `tootctl media remove` every week
removeMedia:
# @ignored
enabled: true
# @ignored
schedule: "0 0 * * 0"
# -- available locales: https://github.com/mastodon/mastodon/blob/main/config/application.rb#L71
locale: en
local_domain: mastodon.local
# -- Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation
# You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described
# Example: mastodon.example.com
web_domain: null
# -- If you have multiple domains pointed at your Mastodon server, this setting will allow Mastodon to recognize
# itself when users are addressed using those other domains.
alternate_domains: []
# -- Comma-separated list of public IP addresses of trusted reverse proxy servers reaching Mastodon web and streaming servers
# Specifying overrides default list. More info: https://docs.joinmastodon.org/admin/config/#trusted_proxy_ip
# trusted_proxy_ip:
# -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
singleUserMode: false
# -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch
authorizedFetch: false
# -- Enables "Limited Federation Mode" for more details see: https://docs.joinmastodon.org/admin/config/#limited_federation_mode
limitedFederationMode: false
persistence:
assets:
# -- ReadWriteOnce is more widely supported than ReadWriteMany, but limits
# scalability, since it requires the Rails and Sidekiq pods to run on the
# same node.
accessMode: ReadWriteOnce
resources:
requests:
storage: 10Gi
# -- name of existing persistent volume claim to use for assets
existingClaim:
system:
accessMode: ReadWriteOnce
resources:
requests:
storage: 100Gi
# -- name of existing persistent volume claim to use for system
existingClaim:
s3:
enabled: false
access_key: ""
access_secret: ""
# -- you can also specify the name of an existing Secret
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
existingSecret: ""
bucket: ""
endpoint: ""
hostname: ""
region: ""
permission: ""
# -- If you have a caching proxy, enter its base URL here.
alias_host: ""
# When uploading data to S3, if the number of bytes to send exceedes
# multipart_threshold then a multi part session is automatically started
# and the data is sent up in chunks. Defaults to 16777216 (16MB).
multipart_threshold: ""
# -- Set this to true if the storage provider uses domain style 'bucket.endpoint' naming
# override_path_style: "true"
deepl:
enabled: false
plan:
apiKeySecretRef:
name:
key:
hcaptcha:
enabled: false
siteId:
secretKeySecretRef:
name:
key:
# these must be set manually; autogenerated keys are rotated on each upgrade
secrets:
secret_key_base: ""
otp_secret: ""
vapid:
private_key: ""
public_key: ""
activeRecordEncryption:
primaryKey: ""
deterministicKey: ""
keyDerivationSalt: ""
# -- you can also specify the name of an existing Secret
# with keys:
# - SECRET_KEY_BASE
# - OTP_SECRET
# - VAPID_PRIVATE_KEY
# - VAPID_PUBLIC_KEY
# - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
# - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
# - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
existingSecret: ""
# -- The number of old revisions to keep for each Deployment in Kubernetes.
# See https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
revisionHistoryLimit: 2
sidekiq:
# -- Pod security context for all Sidekiq Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Sidekiq Container) Security Context for all Pods, overwrites .Values.securityContext
securityContext: {}
# -- Resources for all Sidekiq Deployments unless overwritten
resources: {}
# -- Affinity for all Sidekiq Deployments unless overwritten, overwrites .Values.affinity
affinity: {}
# -- Annotations to apply to the deployment object(s) for sidekiq.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object(s) for sidekiq.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the sidekiq pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the sidekiq pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods.
# Recreate will help reduce the number of retried jobs when updating when
# the code introduces a new job as the pods are all replaced immediately.
# RollingUpdate can help with larger clusters if job retries aren't an
# issue, as it will reduce strain by replacing pods more slowly. It is
# strongly recommended to enable the readinessProbe when using RollingUpdate.
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
updateStrategy:
type: Recreate
# Readiness probe configuration
# NOTE: Readiness probe will only work on versions of Mastodon built after 2024-07-10.
readinessProbe:
enabled: false
path: /opt/mastodon/tmp/sidekiq_process_has_started_and_will_begin_processing_jobs
initialDelaySeconds: 10
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
# -- Topology spread constraints for Sidekiq Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# limits:
# cpu: "1"
# memory: 768Mi
# requests:
# cpu: 250m
# memory: 512Mi
# Open Telemetry configuration for sidekiq pods. Overrides global settings.
otel:
enabled:
exporterUri:
namePrefix:
nameSeparator:
workers:
- name: all-queues
# -- Number of threads / parallel sidekiq jobs that are executed per Pod
concurrency: 25
# -- Number of Pod replicas deployed by the Deployment
replicas: 1
# -- Resources for this specific deployment to allow optimised scaling, overwrites .Values.mastodon.sidekiq.resources
resources: {}
# -- Affinity for this specific deployment, overwrites .Values.affinity and .Values.mastodon.sidekiq.affinity
affinity: {}
# -- Topology spread constraints for this specific deployment, overwrites .Values.topologySpreadConstraints and .Values.mastodon.sidekiq.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Sidekiq queues for Mastodon that are handled by this worker. See https://docs.joinmastodon.org/admin/scaling/#concurrency
# See https://github.com/mperham/sidekiq/wiki/Advanced-Options#queues for how to weight queues as argument
queues:
- default,8
- push,6
- ingress,4
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
image:
repository:
tag:
# allows you to mount a custom database.yml from a configmap
# please note that we do not advise using a read-only replica for sidekiq workers
customDatabaseConfigYml:
configMapRef:
name:
key:
#- name: push-pull
# concurrency: 50
# resources: {}
# replicas: 2
# queues:
# - push
# - pull
#- name: mailers
# concurrency: 25
# replicas: 2
# queues:
# - mailers
#- name: default
# concurrency: 25
# replicas: 2
# queues:
# - default
smtp:
auth_method: plain
ca_file: /etc/ssl/certs/ca-certificates.crt
delivery_method: smtp
domain:
enable_starttls: "auto"
from_address: [email protected]
return_path:
openssl_verify_mode: peer
port: 587
reply_to:
server: smtp.mailgun.org
tls: false
login:
password:
# -- Instead of defining login/password above, you can specify the name of an existing secret here. Login and
# password must be located in keys named `login` and `password` respectively.
existingSecret:
streaming:
image:
repository:
tag:
port: 4000
# -- this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to
# the pod by k8s
workers: 1
# -- The base url for streaming can be set if the streaming API is deployed to
# a different domain/subdomain.
base_url: null
# -- Number of Streaming Pods running
replicas: 1
# -- Affinity for Streaming Pods, overwrites .Values.affinity
affinity: {}
# -- Annotations to apply to the deployment object for streaming.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object for streaming.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the streaming pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the streaming pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 10%
maxUnavailable: 25%
# -- Topology spread constraints for Streaming Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
securityContext: {}
# -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources
resources: {}
# limits:
# cpu: "500m"
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 128Mi
# -- PodDisruptionBudget configuration - See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
enable: false
# minAvailable: 1
# maxUnavailable: 1
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
# -- Self-signed certificate(s) the (Node.js) needs to trust to connect to e.g. the database
extraCerts: {}
# -- Secret containing a key "ca.crt" holding one or more root certificates in PEM format
# existingSecret:
# -- Optional volume name for mounting the .crt file, defaults to "extra-certs"
# name:
# -- Optional sslMode setting. See nodejs's SSL_MODE. Consider "no-verify"
# sslMode:
# Specify extra environment variables to be added to streaming pods.
extraEnvVars: {}
web:
port: 3000
# -- Number of Web Pods running
replicas: 1
# -- Affinity for Web Pods, overwrites .Values.affinity
affinity: {}
# -- Annotations to apply to the deployment object for web.
# -- These are applied in addition to deploymentAnnotations.
annotations: {}
# -- Labels to apply to the deployment object for web.
# -- These are applied in addition to mastodon.labels.
labels: {}
# -- Annotations to apply to the web pods.
# -- These are applied in addition to the global podAnnotations.
podAnnotations: {}
# -- Labels to apply to the web pods.
# -- These are applied in addition to mastodon.labels.
podLabels: {}
# Rollout strategy to use when updating pods
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 10%
maxUnavailable: 25%
# -- Topology spread constraints for Web Pods, overwrites .Values.topologySpreadConstraints
topologySpreadConstraints: {}
# -- Pod Security Context for Web Pods, overwrites .Values.podSecurityContext
podSecurityContext: {}
# -- (Web Container) Security Context for Web Pods, overwrites .Values.securityContext
securityContext: {}
# -- (Web Container) Resources for Web Pods, overwrites .Values.resources
resources: {}
# limits:
# cpu: "1"
# memory: 1280Mi
# requests:
# cpu: 250m
# memory: 768Mi
# -- PodDisruptionBudget configuration - See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
enable: false
# minAvailable: 1
# maxUnavailable: 1
# -- Puma-specific options. Below values are based on default behavior in
# config/puma.rb when no custom values are provided.
minThreads: "5"
maxThreads: "5"
workers: "2"
persistentTimeout: "20"
image:
repository:
tag:
# allows you to mount a custom database.yml from a configmap
# for example if you want to use a read-only replica
customDatabaseConfigYml:
configMapRef:
name:
key:
# Open Telemetry configuration for web pods. Overrides global settings.
otel:
enabled:
exporterUri:
namePrefix:
nameSeparator:
# HTTP cache buster configuration.
# See the documentation for more information about this feature:
# https://docs.joinmastodon.org/admin/config/#http-cache-buster
cacheBuster:
enabled: false
httpMethod: "GET"
# If the cache service requires authentication, specify the header name and
# secret/token here.
authHeader:
authToken:
existingSecret:
metrics:
statsd:
# -- Enable statsd publishing via STATSD_ADDR environment variable
address: ""
# -- Alternatively, you can use this to have a statsd_exporter sidecar container running along all Mastodon containers and exposing metrics in OpenMetric/Prometheus format on each pod
# Please note the exporter will not be enabled if metrics.statsd.address is not empty
exporter:
enabled: false
port: 9102
# Open Telemetry configuration for all deployments. Component-specific
# configuration will override these values.
otel:
enabled: false
exporterUri:
namePrefix: mastodon
nameSeparator: "-"
# Sets the PREPARED_STATEMENTS environment variable: https://docs.joinmastodon.org/admin/config/#prepared_statements
preparedStatements: true
# Specify extra environment variables to be added to all Mastodon pods.
# These can be used for configuration not included in this chart (including configuration for Mastodon varietals.)
extraEnvVars: {}
# Alternatively specify extra environment variables stored in a ConfigMap.
# The specified ConfigMap should contain the additional environment variables in key-value format.
# extraEnvFrom: <config-map-name>
ingress:
enabled: true
annotations:
# For choosing an ingress ingressClassName is preferred over annotations
# kubernetes.io/ingress.class: nginx
#
# To automatically request TLS certificates use one of the following
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt"
#
# ensure that NGINX's upload size matches Mastodon's
# for the K8s ingress controller:
# nginx.ingress.kubernetes.io/proxy-body-size: 40m
# for the NGINX ingress controller:
# nginx.org/client-max-body-size: 40m
# -- you can specify the ingressClassName if it differs from the default
ingressClassName:
hosts:
- host: mastodon.local
paths:
- path: "/"
tls:
- secretName: mastodon-tls
hosts:
- mastodon.local
# This allows you to have a separate ingress for streaming
# When enabled, the main ingress will no longer handle streaming requests.
# You will also need to configure mastodon.streaming.base_url accordingly
streaming:
enabled: false
annotations:
ingressClassName:
hosts:
- host: streaming.mastodon.local
paths:
- path: "/"
tls:
- secretName: mastodon-tls
hosts:
- streaming.mastodon.local
# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
elasticsearch:
# Elasticsearch is powering full-text search. It is optional.
# `false` will not install Elasticsearch as part of this chart
#
# if you enable ES after the initial install, you will need to manually run
# RAILS_ENV=production bundle exec rake chewy:sync
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
enabled: true
# @ignored
image:
tag: 7
# If you are using an external ES cluster, use `enabled: false` and set the hostname, port,
# and whether the cluster uses TLS.
# hostname:
# port: 9200
# tls: true
# preset: single_node_cluster
# This is optional, use it if you ES cluster requires authentication
# user:
# Name of an existing secret with a password key
# existingSecret:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql:
# -- disable if you want to use an existing db; in which case the values below
# must match those of that external postgres instance
enabled: true
# postgresqlHostname: preexisting-postgresql
# postgresqlPort: 5432
auth:
database: mastodon_production
username: mastodon
# you must set a password; the password generated by the postgresql chart will
# be rotated on each upgrade:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
password: ""
# Set the password for the "postgres" admin user
# set this to the same value as above if you've previously installed
# this chart and you're having problems getting mastodon to connect to the DB
# postgresPassword: ""
# you can also specify the name of an existing Secret
# with a key of password set to the password you want
existingSecret: ""
# Options for a read-only replica.
# If enabled, mastodon uses existing defaults for postgres for these values as well.
# NOTE: This feature is only available on Mastodon v4.2+
# Documentation for more information on this feature:
# https://docs.joinmastodon.org/admin/scaling/#read-replicas
readReplica:
hostname:
port:
auth:
database:
username:
password:
existingSecret:
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis:
# disable if you want to use an existing redis instance; in which case the
# values below must match those of that external redis instance
enabled: true
hostname: ""
port: 6379
auth:
# -- you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
password: ""
# setting password for an existing redis instance will store it in a new Secret
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# existingSecret: ""
replica:
replicaCount: 0
# Configuration for a separate redis instance only for sidekiq processing.
# If enabled, any values not specified will be copied from the base config.
# If set to false, the main redis instance will be used, and all values will
# be ignored.
sidekiq:
enabled: false
hostname: ""
port: 6379
auth:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
existingSecret: ""
# Configuration for a separate redis instance only for cache.
# If enabled, any values not specified will be copied from the base config.
# If set to false, the main redis instance will be used, and all values will
# be ignored.
cache:
enabled: false
hostname: ""
port: 6379
auth:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
existingSecret: ""
# @ignored
service:
type: ClusterIP
port: 80
externalAuth:
oidc:
# -- OpenID Connect support is proposed in PR #16221 and awaiting merge.
enabled: false
# display_name: "example-label"
# issuer: https://login.example.space/auth/realms/example-space
# discovery: true
# scope: "openid,profile"
# uid_field: uid
# client_id: mastodon
# client_secret: SECRETKEY
# redirect_uri: https://example.com/auth/auth/openid_connect/callback
# assume_email_is_verified: true
# client_auth_method:
# response_type:
# response_mode:
# display:
# prompt:
# send_nonce:
# send_scope_to_token_endpoint:
# idp_logout_redirect_uri:
# http_scheme:
# host:
# port:
# jwks_uri:
# auth_endpoint:
# token_endpoint:
# user_info_endpoint:
# end_session_endpoint:
saml:
enabled: false
# acs_url: http://mastodon.example.com/auth/auth/saml/callback
# issuer: mastodon
# idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
# idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
# idp_cert_fingerprint:
# name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
# cert:
# private_key:
# want_assertion_signed: true
# want_assertion_encrypted: true
# assume_email_is_verified: true
# uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
# attributes_statements:
# uid: "urn:oid:0.9.2342.19200300.100.1.1"
# email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
# full_name: "urn:oid:2.16.840.1.113730.3.1.241"
# first_name: "urn:oid:2.5.4.42"
# last_name: "urn:oid:2.5.4.4"
# verified:
# verified_email:
oauth_global:
# -- Automatically redirect to OIDC, CAS or SAML, and don't use local account authentication when clicking on Sign-In
omniauth_only: false
cas:
enabled: false
# url: https://sso.myserver.com
# host: sso.myserver.com
# port: 443
# ssl: true
# validate_url:
# callback_url:
# logout_url:
# login_url:
# uid_field: 'user'
# ca_path:
# disable_ssl_verification: false
# assume_email_is_verified: true
# keys:
# uid: 'user'
# name: 'name'
# email: 'email'
# nickname: 'nickname'
# first_name: 'firstname'
# last_name: 'lastname'
# location: 'location'
# image: 'image'
# phone: 'phone'
pam:
enabled: false
# email_domain: example.com
# default_service: rpam
# controlled_service: rpam
ldap:
enabled: false
# host: myservice.namespace.svc
# port: 636
# method: simple_tls
# tls_no_verify: true
# base:
# bind_dn:
# password:
# uid: cn
# mail: mail
# search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"
# uid_conversion:
# enabled: true
# search: "., -"
# replace: _
# -- https://github.com/mastodon/mastodon/blob/main/Dockerfile#L75
#
# if you manually change the UID/GID environment variables, ensure these values
# match:
podSecurityContext:
runAsUser: 991
runAsGroup: 991
fsGroup: 991
# @ignored
securityContext: {}
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Custom annotations to apply to all created deployment objects. These can be
# used to help mastodon interact with other services in the cluster.
deploymentAnnotations: {}
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods.
podAnnotations: {}
# If set to true, an annotation with the current chart release number will be added to all mastodon pods. This will
# cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes.
revisionPodAnnotation: true
# The annotations set with jobAnnotations will be added to all job pods.
jobAnnotations: {}
# -- Default resources for all Deployments and jobs unless overwritten
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# @ignored
nodeSelector: {}
# @ignored
tolerations: []
# -- Affinity for all pods unless overwritten
affinity: {}
# -- Timezone for all pods unless overwritten
timezone: UTC
# -- Topology Spread Constraints for all pods unless overwritten
# Please note that you need to use `matchLabelKeys` (Kubernetes 1.25+) if you
# want to spread each deployment independently, or override topologySpreadConstraints
# for each deployment
topologySpreadConstraints: {}
# Default volume mounts for all pods
volumeMounts: []
# Default volumes for all pods
volumes: []