diff --git a/bitnami/mastodon/Chart.yaml b/bitnami/mastodon/Chart.yaml index 0941626cd1..d43a085c7c 100644 --- a/bitnami/mastodon/Chart.yaml +++ b/bitnami/mastodon/Chart.yaml @@ -49,4 +49,4 @@ maintainers: name: mastodon sources: - https://github.com/bitnami/charts/tree/main/bitnami/mastodon -version: 3.1.0 +version: 3.2.0 diff --git a/bitnami/mastodon/README.md b/bitnami/mastodon/README.md index d8032fbdb3..ab9dfc3cc9 100644 --- a/bitnami/mastodon/README.md +++ b/bitnami/mastodon/README.md @@ -92,45 +92,48 @@ The command removes all the Kubernetes components associated with the chart and ### Mastodon common parameters -| Name | Description | Value | -| -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | -| `environment` | Mastodon Rails and Node environment. Should be one of 'production', | `production` | -| `adminUser` | Mastodon admin username | `user` | -| `adminEmail` | Mastodon admin email | `user@changeme.com` | -| `adminPassword` | Mastodon admin password | `""` | -| `defaultConfig` | Default configuration for Mastodon in the form of environment variables | `""` | -| `defaultSecretConfig` | Default secret configuration for Mastodon in the form of environment variables | `""` | -| `extraConfig` | Extra configuration for Mastodon in the form of environment variables | `{}` | -| `extraSecretConfig` | Extra secret configuration for Mastodon in the form of environment variables | `{}` | -| `existingConfigmap` | The name of an existing ConfigMap with your default configuration for Mastodon | `""` | -| `existingSecret` | The name of an existing Secret with your default configuration for Mastodon | `""` | -| `extraConfigExistingConfigmap` | The name of an existing ConfigMap with your extra configuration for Mastodon | `""` | -| `extraConfigExistingSecret` | The name of an existing Secret with your extra configuration for Mastodon | `""` | -| `enableSearches` | Enable the search engine (uses Elasticsearch under the hood) | `true` | -| `enableS3` | Enable the S3 storage engine | `true` | -| `forceHttpsS3Protocol` | Force Mastodon's S3_PROTOCOL to be https (Useful when TLS is terminated using cert-manager/Ingress) | `false` | -| `useSecureWebSocket` | Set Mastodon's STREAMING_API_BASE_URL to use secure websocket (wss:// instead of ws://) | `false` | -| `local_https` | Set this instance to advertise itself to the fediverse using HTTPS rather than HTTP URLs. This should almost always be true. | `true` | -| `localDomain` | The domain name used by accounts on this instance. Unless you're using | `""` | -| `webDomain` | Optional alternate domain used when you want to host Mastodon at a | `""` | -| `defaultLocale` | Set the default locale for this instance | `en` | -| `s3AliasHost` | S3 alias host for Mastodon (will use 'http://webDomain/bucket' if not set) | `""` | -| `smtp.server` | SMTP server | `""` | -| `smtp.port` | SMTP port | `587` | -| `smtp.from_address` | From address for sent emails | `""` | -| `smtp.domain` | SMTP domain | `""` | -| `smtp.reply_to` | Reply-To value for sent emails | `""` | -| `smtp.delivery_method` | SMTP delivery method | `smtp` | -| `smtp.ca_file` | SMTP CA file location | `/etc/ssl/certs/ca-certificates.crt` | -| `smtp.openssl_verify_mode` | OpenSSL verify mode | `none` | -| `smtp.enable_starttls_auto` | Automatically enable StartTLS | `true` | -| `smtp.tls` | SMTP TLS | `false` | -| `smtp.auth_method` | SMTP auth method (set to "none" to disable SMTP auth) | `plain` | -| `smtp.login` | SMTP auth username | `""` | -| `smtp.password` | SMTP auth password | `""` | -| `smtp.existingSecret` | Name of an existing secret resource containing the SMTP | `""` | -| `smtp.existingSecretLoginKey` | Name of the key for the SMTP login credential | `""` | -| `smtp.existingSecretPasswordKey` | Name of the key for the SMTP password credential | `""` | +| Name | Description | Value | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------ | +| `environment` | Mastodon Rails and Node environment. Should be one of 'production', | `production` | +| `adminUser` | Mastodon admin username | `""` | +| `adminEmail` | Mastodon admin email | `""` | +| `adminPassword` | Mastodon admin password | `""` | +| `otpSecret` | Mastodon one time password secret. Generate with rake secret. Changing it will break two-factor authentication. | `""` | +| `secretKeyBase` | Mastodon secret key base. Generate with rake secret. Changing it will break all active browser sessions. | `""` | +| `vapidPrivateKey` | Mastodon vapid private key. Generate with rake mastodon:webpush:generate_vapid_key. Changing it will break push notifications. | `""` | +| `vapidPublicKey` | Mastodon vapid public key. Generate with rake mastodon:webpush:generate_vapid_key. Changing it will break push notifications. | `""` | +| `extraConfig` | Extra configuration for Mastodon in the form of environment variables | `{}` | +| `extraSecretConfig` | Extra secret configuration for Mastodon in the form of environment variables | `{}` | +| `existingConfigmap` | The name of an existing ConfigMap with your default configuration for Mastodon | `""` | +| `existingSecret` | The name of an existing Secret with your default configuration for Mastodon | `""` | +| `extraConfigExistingConfigmap` | The name of an existing ConfigMap with your extra configuration for Mastodon | `""` | +| `extraConfigExistingSecret` | The name of an existing Secret with your extra configuration for Mastodon | `""` | +| `enableSearches` | Enable the search engine (uses Elasticsearch under the hood) | `true` | +| `enableS3` | Enable the S3 storage engine | `true` | +| `forceHttpsS3Protocol` | Force Mastodon's S3_PROTOCOL to be https (Useful when TLS is terminated using cert-manager/Ingress) | `false` | +| `useSecureWebSocket` | Set Mastodon's STREAMING_API_BASE_URL to use secure websocket (wss:// instead of ws://) | `false` | +| `local_https` | Set this instance to advertise itself to the fediverse using HTTPS rather than HTTP URLs. This should almost always be true. | `true` | +| `localDomain` | The domain name used by accounts on this instance. Unless you're using | `""` | +| `webDomain` | Optional alternate domain used when you want to host Mastodon at a | `""` | +| `defaultLocale` | Set the default locale for this instance | `en` | +| `s3AliasHost` | S3 alias host for Mastodon (will use 'http://webDomain/bucket' if not set) | `""` | +| `smtp.server` | SMTP server | `""` | +| `smtp.port` | SMTP port | `587` | +| `smtp.from_address` | From address for sent emails | `""` | +| `smtp.domain` | SMTP domain | `""` | +| `smtp.reply_to` | Reply-To value for sent emails | `""` | +| `smtp.delivery_method` | SMTP delivery method | `smtp` | +| `smtp.ca_file` | SMTP CA file location | `/etc/ssl/certs/ca-certificates.crt` | +| `smtp.openssl_verify_mode` | OpenSSL verify mode | `none` | +| `smtp.enable_starttls_auto` | Automatically enable StartTLS | `true` | +| `smtp.tls` | SMTP TLS | `false` | +| `smtp.auth_method` | SMTP auth method (set to "none" to disable SMTP auth) | `plain` | +| `smtp.login` | SMTP auth username | `""` | +| `smtp.password` | SMTP auth password | `""` | +| `smtp.existingSecret` | Name of an existing secret resource containing the SMTP | `""` | +| `smtp.existingSecretLoginKey` | Name of the key for the SMTP login credential | `""` | +| `smtp.existingSecretPasswordKey` | Name of the key for the SMTP password credential | `""` | +| `smtp.existingSecretServerKey` | Name of the key for the SMTP hostname | `""` | ### Mastodon Web Parameters diff --git a/bitnami/mastodon/templates/_helpers.tpl b/bitnami/mastodon/templates/_helpers.tpl index 1b9e6d02df..70700115c4 100644 --- a/bitnami/mastodon/templates/_helpers.tpl +++ b/bitnami/mastodon/templates/_helpers.tpl @@ -523,6 +523,17 @@ Return the SMTP Secret Name {{- end -}} {{- end -}} +{{/* +Retrieve SMTP server key +*/}} +{{- define "mastodon.smtp.serverKey" -}} +{{- if .Values.smtp.existingSecretServerKey -}} + {{- print .Values.smtp.existingSecretServerKey -}} +{{- else -}} + {{- print "server" -}} +{{- end -}} +{{- end -}} + {{/* Retrieve SMTP login key */}} diff --git a/bitnami/mastodon/templates/default-configmap.yaml b/bitnami/mastodon/templates/default-configmap.yaml index f25843882b..46152c11bf 100644 --- a/bitnami/mastodon/templates/default-configmap.yaml +++ b/bitnami/mastodon/templates/default-configmap.yaml @@ -14,5 +14,46 @@ metadata: {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} -data: {{- include "common.tplvalues.render" (dict "value" .Values.defaultConfig "context" $) | nindent 2 }} +data: + {{- if .Values.adminUser }} + MASTODON_ADMIN_USERNAME: {{ .Values.adminUser | quote }} + {{- end }} + {{- if .Values.adminEmail }} + MASTODON_ADMIN_EMAIL: {{ .Values.adminEmail | quote }} + {{- end }} + DB_HOST: {{ include "mastodon.database.host" . | quote }} + DB_PORT: {{ include "mastodon.database.port" . | quote }} + DB_NAME: {{ include "mastodon.database.name" . | quote }} + DB_USER: {{ include "mastodon.database.user" . | quote }} + ES_ENABLED: {{ .Values.enableSearches | quote }} + ES_HOST: {{ include "mastodon.elasticsearch.host" . | quote }} + ES_PORT: {{ include "mastodon.elasticsearch.port" . | quote }} + WEB_DOMAIN: {{ include "mastodon.web.domain" . | quote }} + LOCAL_DOMAIN: {{ .Values.localDomain | quote }} + LOCAL_HTTPS: {{ .Values.local_https | quote }} + DEFAULT_LOCALE: {{ .Values.defaultLocale | quote }} + STREAMING_API_BASE_URL: {{ include "mastodon.streaming.url" . | quote }} + REDIS_HOST: {{ include "mastodon.redis.host" . | quote }} + REDIS_PORT: {{ include "mastodon.redis.port" . | quote }} + SMTP_PORT: {{ .Values.smtp.port | quote }} + SMTP_FROM_ADDRESS: {{ .Values.smtp.from_address | quote }} + SMTP_DOMAIN: {{ .Values.smtp.domain | quote }} + SMTP_REPLY_TO: {{ .Values.smtp.reply_to | quote }} + SMTP_DELIVERY_METHOD: {{ .Values.smtp.delivery_method | quote }} + SMTP_CA_FILE: {{ .Values.smtp.ca_file | quote }} + SMTP_OPENSSL_VERIFY_MODE: {{ .Values.smtp.openssl_verify_mode | quote }} + SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.smtp.enable_starttls_auto | quote }} + SMTP_TLS: {{ .Values.smtp.tls | quote }} + SMTP_AUTH_METHOD: {{ .Values.smtp.auth_method | quote }} + RAILS_ENV: {{ .Values.environment | quote }} + NODE_ENV: {{ .Values.environment | quote }} + {{- if .Values.enableS3 }} + S3_ENABLED: "true" + S3_BUCKET: {{ include "mastodon.s3.bucket" . | quote }} + S3_ENDPOINT: {{ include "mastodon.s3.endpoint" . | quote }} + S3_HOSTNAME: {{ include "mastodon.s3.host" . | quote }} + S3_REGION: {{ include "mastodon.s3.region" . | quote }} + S3_ALIAS_HOST: {{ include "mastodon.s3.aliasHost" . | quote }} + S3_PROTOCOL: {{ include "mastodon.s3.protocol.setting" . | quote }} + {{- end }} {{- end }} diff --git a/bitnami/mastodon/templates/default-secret.yaml b/bitnami/mastodon/templates/default-secret.yaml index 8c7de49179..a5caa4b3bd 100644 --- a/bitnami/mastodon/templates/default-secret.yaml +++ b/bitnami/mastodon/templates/default-secret.yaml @@ -14,5 +14,23 @@ metadata: {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} -data: {{- include "common.tplvalues.render" (dict "value" .Values.defaultSecretConfig "context" $) | nindent 2 }} +data: + {{- if .Values.adminPassword }} + MASTODON_ADMIN_PASSWORD: {{ .Values.adminPassword | b64enc | quote }} + {{- end }} + {{- if .Values.secretKeyBase }} + SECRET_KEY_BASE: {{ .Values.secretKeyBase | b64enc | quote}} + {{- end }} + {{- if .Values.otpSecret}} + OTP_SECRET: {{ .Values.otpSecret | b64enc | quote}} + {{- end }} + {{- if .Values.vapidPrivateKey}} + VAPID_PRIVATE_KEY: {{ .Values.vapidPrivateKey | b64enc | quote }} + {{- end }} + {{- if .Values.vapidPublicKey}} + VAPID_PUBLIC_KEY: {{ .Values.vapidPublicKey | b64enc | quote }} + {{- end }} + {{- if .Values.smtp.server }} + SMTP_SERVER: {{ .Values.smtp.server | b64enc | quote }} + {{- end }} {{- end }} diff --git a/bitnami/mastodon/templates/smtp-secret.yaml b/bitnami/mastodon/templates/smtp-secret.yaml index e7e6467456..c6c9756f86 100644 --- a/bitnami/mastodon/templates/smtp-secret.yaml +++ b/bitnami/mastodon/templates/smtp-secret.yaml @@ -17,4 +17,5 @@ metadata: data: login: {{ .Values.smtp.login | b64enc | quote }} password: {{ .Values.smtp.password | b64enc | quote }} + server: {{ .Values.smtp.server | b64enc | quote }} {{- end }} diff --git a/bitnami/mastodon/templates/web/deployment.yaml b/bitnami/mastodon/templates/web/deployment.yaml index 29cc44e598..c4276f7688 100644 --- a/bitnami/mastodon/templates/web/deployment.yaml +++ b/bitnami/mastodon/templates/web/deployment.yaml @@ -157,6 +157,11 @@ spec: key: {{ include "mastodon.elasticsearch.passwordKey" . | quote }} {{- end }} {{- if ne .Values.smtp.auth_method "none" }} + - name: SMTP_SERVER + valueFrom: + secretKeyRef: + name: {{ include "mastodon.smtp.secretName" . }} + key: {{ include "mastodon.smtp.serverKey" . | quote }} - name: SMTP_LOGIN valueFrom: secretKeyRef: diff --git a/bitnami/mastodon/values.yaml b/bitnami/mastodon/values.yaml index 8060f3b672..820fcccd07 100644 --- a/bitnami/mastodon/values.yaml +++ b/bitnami/mastodon/values.yaml @@ -104,62 +104,25 @@ image: environment: production ## @param adminUser Mastodon admin username ## -adminUser: user +adminUser: "" ## @param adminEmail Mastodon admin email ## -adminEmail: user@changeme.com +adminEmail: "" ## @param adminPassword Mastodon admin password ## adminPassword: "" - -## @param defaultConfig [string] Default configuration for Mastodon in the form of environment variables +## @param otpSecret Mastodon one time password secret. Generate with rake secret. Changing it will break two-factor authentication. ## -defaultConfig: | - MASTODON_ADMIN_USERNAME: {{ .Values.adminUser | quote }} - MASTODON_ADMIN_EMAIL: {{ .Values.adminEmail | quote }} - DB_HOST: {{ include "mastodon.database.host" . | quote }} - DB_PORT: {{ include "mastodon.database.port" . | quote }} - DB_NAME: {{ include "mastodon.database.name" . | quote }} - DB_USER: {{ include "mastodon.database.user" . | quote }} - ES_ENABLED: {{ .Values.enableSearches | quote }} - ES_HOST: {{ include "mastodon.elasticsearch.host" . | quote }} - ES_PORT: {{ include "mastodon.elasticsearch.port" . | quote }} - WEB_DOMAIN: {{ include "mastodon.web.domain" . | quote }} - LOCAL_DOMAIN: {{ .Values.localDomain | quote }} - LOCAL_HTTPS: {{ .Values.local_https | quote }} - DEFAULT_LOCALE: {{ .Values.defaultLocale | quote }} - STREAMING_API_BASE_URL: {{ include "mastodon.streaming.url" . | quote }} - REDIS_HOST: {{ include "mastodon.redis.host" . | quote }} - REDIS_PORT: {{ include "mastodon.redis.port" . | quote }} - SMTP_SERVER: {{ .Values.smtp.server | quote }} - SMTP_PORT: {{ .Values.smtp.port | quote }} - SMTP_FROM_ADDRESS: {{ .Values.smtp.from_address | quote }} - SMTP_DOMAIN: {{ .Values.smtp.domain | quote }} - SMTP_REPLY_TO: {{ .Values.smtp.reply_to | quote }} - SMTP_DELIVERY_METHOD: {{ .Values.smtp.delivery_method | quote }} - SMTP_CA_FILE: {{ .Values.smtp.ca_file | quote }} - SMTP_OPENSSL_VERIFY_MODE: {{ .Values.smtp.openssl_verify_mode | quote }} - SMTP_ENABLE_STARTTLS_AUTO: {{ .Values.smtp.enable_starttls_auto | quote }} - SMTP_TLS: {{ .Values.smtp.tls | quote }} - SMTP_AUTH_METHOD: {{ .Values.smtp.auth_method | quote }} - RAILS_ENV: {{ .Values.environment | quote }} - NODE_ENV: {{ .Values.environment | quote }} - {{- if .Values.enableS3 }} - S3_ENABLED: "true" - S3_BUCKET: {{ include "mastodon.s3.bucket" . | quote }} - S3_ENDPOINT: {{ include "mastodon.s3.endpoint" . | quote }} - S3_HOSTNAME: {{ include "mastodon.s3.host" . | quote }} - S3_REGION: {{ include "mastodon.s3.region" . | quote }} - S3_ALIAS_HOST: {{ include "mastodon.s3.aliasHost" . | quote }} - S3_PROTOCOL: {{ include "mastodon.s3.protocol.setting" . | quote }} - {{- end }} - -## @param defaultSecretConfig [string] Default secret configuration for Mastodon in the form of environment variables +otpSecret: "" +## @param secretKeyBase Mastodon secret key base. Generate with rake secret. Changing it will break all active browser sessions. ## -defaultSecretConfig: | - MASTODON_ADMIN_PASSWORD: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-default" (include "common.names.fullname" .)) "key" "MASTODON_ADMIN_PASSWORD" "providedValues" (list "adminPassword") "context" $) }} - SECRET_KEY_BASE: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-default" (include "common.names.fullname" .)) "key" "SECRET_KEY_BASE" "providedValues" (list "secretKeyBase") "context" $) }} - OTP_SECRET: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-default" (include "common.names.fullname" .)) "key" "OTP_SECRET" "providedValues" (list "otpSecret") "context" $) }} +secretKeyBase: "" +## @param vapidPrivateKey Mastodon vapid private key. Generate with rake mastodon:webpush:generate_vapid_key. Changing it will break push notifications. +## +vapidPrivateKey: "" +## @param vapidPublicKey Mastodon vapid public key. Generate with rake mastodon:webpush:generate_vapid_key. Changing it will break push notifications. +## +vapidPublicKey: "" ## @param extraConfig Extra configuration for Mastodon in the form of environment variables ## @@ -273,6 +236,9 @@ smtp: ## @param smtp.existingSecretPasswordKey Name of the key for the SMTP password credential ## stored in the existingSecret resource existingSecretPasswordKey: "" + ## @param smtp.existingSecretServerKey Name of the key for the SMTP hostname + ## stored in the existingSecret resource + existingSecretServerKey: "" ## @section Mastodon Web Parameters ##