From b7aa866bb9364bbae952976e9e3d3f452edab3f3 Mon Sep 17 00:00:00 2001 From: Martyn Date: Sun, 5 Oct 2025 15:36:18 +0200 Subject: [PATCH] Move mastodon chart to kustomize+helm Probably should have done this earlier, but the chart is not customizable enough for my needs. --- .../mastodon/deployment-nosidekiqyet.yaml | 3 + .../mastodon/ingress-wildcardtls.yaml | 2 + apps-kustomized/mastodon/kustomization.yaml | 28 +++++++++ .../mastodon/secret-remove-helm-ones.yaml | 9 +++ apps-kustomized/mastodon/values.yaml | 46 ++++++++++++++ everything-app/masto.yaml | 62 ------------------- everything-app/mastodon.yaml | 14 +++++ 7 files changed, 102 insertions(+), 62 deletions(-) create mode 100644 apps-kustomized/mastodon/deployment-nosidekiqyet.yaml create mode 100644 apps-kustomized/mastodon/ingress-wildcardtls.yaml create mode 100644 apps-kustomized/mastodon/kustomization.yaml create mode 100644 apps-kustomized/mastodon/secret-remove-helm-ones.yaml create mode 100644 apps-kustomized/mastodon/values.yaml delete mode 100644 everything-app/masto.yaml create mode 100644 everything-app/mastodon.yaml diff --git a/apps-kustomized/mastodon/deployment-nosidekiqyet.yaml b/apps-kustomized/mastodon/deployment-nosidekiqyet.yaml new file mode 100644 index 0000000..9b1b26d --- /dev/null +++ b/apps-kustomized/mastodon/deployment-nosidekiqyet.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/replicas + value: 0 diff --git a/apps-kustomized/mastodon/ingress-wildcardtls.yaml b/apps-kustomized/mastodon/ingress-wildcardtls.yaml new file mode 100644 index 0000000..e2ae42c --- /dev/null +++ b/apps-kustomized/mastodon/ingress-wildcardtls.yaml @@ -0,0 +1,2 @@ +- op: remove + path: /spec/tls/0/secretName diff --git a/apps-kustomized/mastodon/kustomization.yaml b/apps-kustomized/mastodon/kustomization.yaml new file mode 100644 index 0000000..fa39b98 --- /dev/null +++ b/apps-kustomized/mastodon/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmChartInflationGenerator: +- chartname: mastodon + chartRepoUrl: https://helm.dustinrue.com + chartVersion: 0.4.4 + releaseName: masto + releaseNamespace: mastodon + values: values.yaml + +patches: +- path: secret-remove-helm-ones.yaml + target: + kind: Secret + name: masto-mastodon +- path: ingress-wildcardtls.yaml + target: + version: v1 + group: networking.k8s.io + kind: Ingress + name: masto-mastodon +- path: deployment-nosidekiqyet.yaml + target: + version: v1 + group: apps + kind: Deployment + name: masto-mastodon-sidekiq-combined diff --git a/apps-kustomized/mastodon/secret-remove-helm-ones.yaml b/apps-kustomized/mastodon/secret-remove-helm-ones.yaml new file mode 100644 index 0000000..550d655 --- /dev/null +++ b/apps-kustomized/mastodon/secret-remove-helm-ones.yaml @@ -0,0 +1,9 @@ +- op: remove + path: /data/ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY +- op: remove + path: /data/ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT +- op: remove + path: /data/ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY +- op: replace + path: /data/REDIS_PASS + value: "" diff --git a/apps-kustomized/mastodon/values.yaml b/apps-kustomized/mastodon/values.yaml new file mode 100644 index 0000000..226f108 --- /dev/null +++ b/apps-kustomized/mastodon/values.yaml @@ -0,0 +1,46 @@ +ingress: + enabled: true + className: nginx + hosts: + - host: toot.martyn.berlin + paths: + - path: / + tls: + - hosts: + - toot.martyn.berlin +mastodon: + local_domain: toot.martyn.berlin + initialUser: + enabled: false + removeMedia: + enabled: true + schedule: 0 0 * * 0 + databaseBackup: + enabled: false + sidekiq: + replicas: 0 + secrets: + existingSecret: masto-secrets + active_record_encryption_deterministic_key: externalSecret + active_record_encryption_key_derivation_salt: externalSecret + active_record_encryption_primary_key: externalSecret + storage: + type: emptyDir + postgresql: + host: masto-postgres + existingSecret: masto-db-secret + auth: + username: masto + password: externalSecret + redis: + host: redis4masto + database: '0' + auth: + username: nousername + password: replacewithkustomize + smtp: + server: mailhog4masto + port: 25 + enable_starttls: 'false' +postgresql: + existingSecret: masto-db-secret diff --git a/everything-app/masto.yaml b/everything-app/masto.yaml deleted file mode 100644 index 52d6358..0000000 --- a/everything-app/masto.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: mastodon - namespace: argocd -spec: - destination: - namespace: mastodon - server: https://kubernetes.default.svc - project: apps - source: - chart: mastodon - repoURL: https://helm.dustinrue.com - targetRevision: 0.4.4 - helm: - valuesObject: - ingress: - enabled: true - className: "nginx" - hosts: - - host: toot.martyn.berlin - paths: - - path: / - tls: - - hosts: - - toot.martyn.berlin - mastodon: - local_domain: toot.martyn.berlin - initialUser: - enabled: false - removeMedia: - enabled: true - schedule: "0 0 * * 0" - databaseBackup: - enabled: false - sidekiq: - replicas: 0 - secrets: - existingSecret: "masto-secrets" - active_record_encryption_deterministic_key: "externalSecret" - active_record_encryption_key_derivation_salt: "externalSecret" - active_record_encryption_primary_key: "externalSecret" - storage: - type: emptyDir - postgresql: - host: masto-postgres - existingSecret: "masto-db-secret" - auth: - username: "externalSecret" - password: "externalSecret" - redis: - host: redis4masto - database: "0" - auth: - username: nousername - password: nopassword - smtp: - host: mailhog4masto - port: 25 - enable_starttls: "false" - postgresql: - existingSecret: "masto-db-secret" diff --git a/everything-app/mastodon.yaml b/everything-app/mastodon.yaml new file mode 100644 index 0000000..212dc9d --- /dev/null +++ b/everything-app/mastodon.yaml @@ -0,0 +1,14 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mastodon + namespace: mastodon +spec: + destination: + namespace: mastodon + server: https://kubernetes.default.svc + project: infra + source: + path: apps-kustomized/mastodon + repoURL: http://forgejo.git.svc.cluster.local/martyn/infra4talos + targetRevision: HEAD