helm: standardize yaml configuration (#15728)

- move application variables under `mastodon` namespace
- restore standard yaml structure for ingress configuration
- move values.yaml.template to values.yaml

1 files changed, 178 insertions, 0 deletions

diff --git a/chart/values.yaml b/chart/values.yaml
new file mode 100644
index 00000000000..d752e46ec12
--- /dev/null
+++ b/chart/values.yaml
@@ -0,0 +1,178 @@
+replicaCount: 1
+
+image:
+  repository: tootsuite/mastodon
+  # https://hub.docker.com/r/tootsuite/mastodon/tags
+  #
+  # alternatively, use `latest` for the latest release or `edge` for the image
+  # built from the most recent commit
+  #
+  # tag: latest
+  tag: v3.3.0
+  # use `Always` when using `latest` tag
+  pullPolicy: IfNotPresent
+
+mastodon:
+  # create an initial administrator user; the password is autogenerated and will
+  # have to be reset
+  createAdmin:
+    enabled: false
+    username: not_gargron
+    email: not@example.com
+  cron:
+    # run `tootctl media remove` every week
+    removeMedia:
+      enabled: true
+      schedule: "0 0 * * 0"
+  # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43
+  locale: en
+  local_domain: mastodon.local
+  persistence:
+    assets:
+      # ReadWriteOnce is more widely supported than ReadWriteMany, but limits
+      # scalability, since it requires the Rails and Sidekiq pods to run on the
+      # same node.
+      accessMode: ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+    system:
+      accessMode: ReadWriteOnce
+      resources:
+        requests:
+          storage: 100Gi
+  # these must be set manually; autogenerated keys are rotated on each upgrade
+  secrets:
+    secret_key_base: ""
+    otp_secret: ""
+    vapid:
+      private_key: ""
+      public_key: ""
+  sidekiq:
+    concurrency: 25
+  smtp:
+    auth_method: plain
+    ca_file:
+    delivery_method: smtp
+    domain:
+    enable_starttls_auto: true
+    from_address: notifications@example.com
+    login:
+    openssl_verify_mode: peer
+    password:
+    port: 587
+    reply_to:
+    server: smtp.mailgun.org
+    tls: false
+  streaming:
+    port: 4000
+    # this should be set manually since os.cpus() returns the number of CPUs on
+    # the node running the pod, which is unrelated to the resources allocated to
+    # the pod by k8s
+    workers: 1
+  web:
+    port: 3000
+
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+    # cert-manager.io/cluster-issuer: "letsencrypt"
+    #
+    # ensure that NGINX's upload size matches Mastodon's
+    #   for the K8s ingress controller:
+    # nginx.ingress.kubernetes.io/proxy-body-size: 40m
+    #   for the NGINX ingress controller:
+    # nginx.org/client-max-body-size: 40m
+  hosts:
+    - host: mastodon.local
+      paths:
+        - path: '/'
+  tls:
+    - secretName: mastodon-tls
+      hosts:
+        - mastodon.local
+
+# https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters
+elasticsearch:
+  # `false` will disable full-text search
+  #
+  # if you enable ES after the initial install, you will need to manually run
+  # RAILS_ENV=production bundle exec rake chewy:sync
+  # (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
+  enabled: true
+  # may be removed once https://github.com/tootsuite/mastodon/pull/13828 is part
+  # of a tagged release
+  image:
+    tag: 6
+
+# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
+postgresql:
+  # disable if you want to use an existing db; in which case the values below
+  # must match those of that external postgres instance
+  enabled: true
+  # postgresqlHostname: preexisting-postgresql
+  postgresqlDatabase: mastodon_production
+  # you must set a password; the password generated by the postgresql chart will
+  # be rotated on each upgrade:
+  # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
+  postgresqlPassword: ""
+  postgresqlUsername: postgres
+
+# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
+redis:
+  # you must set a password; the password generated by the redis chart will be
+  # rotated on each upgrade:
+  password: ""
+
+service:
+  type: ClusterIP
+  port: 80
+
+# https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88
+#
+# if you manually change the UID/GID environment variables, ensure these values
+# match:
+podSecurityContext:
+  runAsUser: 991
+  runAsGroup: 991
+  fsGroup: 991
+
+securityContext: {}
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}