wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity

feat(gotosocial): init

Browse source
This commit is contained in:
WrenIX 2024-01-28 11:07:59 +01:00
parent 4b39b5399b
commit 5d9c587f9c
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
22 changed files with 1332 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/modules/charts/nav.adoc
View file

@ -4,6 +4,7 @@
** xref:authentik-application.adoc[authentik-application] ** xref:authentik-application.adoc[authentik-application]
** xref:conduit.adoc[conduit] ** xref:conduit.adoc[conduit]
** xref:forgejo-runner.adoc[forgejo-runner] ** xref:forgejo-runner.adoc[forgejo-runner]
** xref:gotosocial.adoc[gotosocial]
** xref:grampsweb.adoc[grampsweb] ** xref:grampsweb.adoc[grampsweb]
** xref:headscale.adoc[headscale] ** xref:headscale.adoc[headscale]
** xref:headscale-ui.adoc[headscale-ui] ** xref:headscale-ui.adoc[headscale-ui]

1
docs/modules/charts/pages/gotosocial.adoc Symbolic link
View file

@ -0,0 +1 @@
../../../../gotosocial/README.adoc

1
gotosocial/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
values_test.yaml

23
gotosocial/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

10
gotosocial/Chart.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v2
name: gotosocial
description: With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to!
icon: https://docs.gotosocial.org/en/latest/assets/sloth.png
type: application
version: 0.1.0
appVersion: "0.13.1"
maintainers:
- name: WrenIX
url: https://wrenix.eu

502
gotosocial/README.adoc Normal file
View file

@ -0,0 +1,502 @@
= gotosocial
image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
image::https://img.shields.io/badge/AppVersion-0.13.1-informational?style=flat-square[AppVersion: 0.13.1]
== Maintainers
.Maintainers
|===
| Name | Email | Url
| WrenIX
|
| <https://wrenix.eu>
|===
== Usage
Helm must be installed and setup to your kubernetes cluster to use the charts.
Refer to Helm's https://helm.sh/docs[documentation] to get started.
Once Helm has been set up correctly, fetch the charts as follows:
[source,bash]
----
helm pull oci://codeberg.org/wrenix/helm-charts/gotosocial
----
You can install a chart release using the following command:
[source,bash]
----
helm install gotosocial-release oci://codeberg.org/wrenix/helm-charts/gotosocial --values values.yaml
----
To uninstall a chart release use `helm`'s delete command:
[source,bash]
----
helm uninstall gotosocial-release
----
== Values
.Values
|===
| Key | Type | Default | Description
| affinity
| object
| `{}`
|
| autoscaling.enabled
| bool
| `false`
|
| autoscaling.maxReplicas
| int
| `100`
|
| autoscaling.minReplicas
| int
| `1`
|
| autoscaling.targetCPUUtilizationPercentage
| int
| `80`
|
| fullnameOverride
| string
| `""`
|
| global.image.pullPolicy
| string
| `nil`
| if set it will overwrite all pullPolicy
| global.image.registry
| string
| `nil`
| if set it will overwrite all registry entries
| gotosocial.accountDomain
| string
| `""`
|
| gotosocial.accounts.allowCustomCSS
| bool
| `false`
| Allow accounts on this instance to set custom CSS for their profile pages and statuses. Enabling this setting will allow accounts to upload custom CSS via the /user settings page, which will then be rendered on the web view of the account's profile and statuses. For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false', since setting it to true allows malicious accounts to make their profile pages misleading, unusable or even dangerous to visitors. In other words, you should only enable this setting if you trust the users on your instance not to produce harmful CSS. Regardless of what this value is set to, any uploaded CSS will not be federated to other instances, it will only be shown on profiles and statuses on *this* instance.
| gotosocial.accounts.approvalRequired
| bool
| `true`
| Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?
| gotosocial.accounts.customCSSLength
| int
| `10000`
| If accounts-allow-custom-css is true, this is the permitted length in characters for CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false.
| gotosocial.accounts.reasonRequired
| bool
| `true`
| Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?
| gotosocial.accounts.registrationOpen
| bool
| `true`
| Do we want people to be able to just submit sign up requests, or do we want invite only?
| gotosocial.applicationName
| string
| `"gotosocial"`
|
| gotosocial.database.address
| string
| `""`
| Database address or parameters. For Postgres, this should be the address or socket at which the database can be reached.
| gotosocial.database.database
| string
| `"gotosocial"`
| Name of the database to use within the provided database type.
| gotosocial.database.password
| string
| `""`
| Password to use for the database connection
| gotosocial.database.port
| int
| `5432`
| Port for database connection.
| gotosocial.database.tlsCACert
| string
| `""`
| Path to a CA certificate on the host machine for db certificate validation. If this is left empty, just the host certificates will be used. If filled in, the certificate will be loaded and added to host certificates.
| gotosocial.database.tlsMode
| string
| `"disabled"`
| Disable, enable, or require SSL/TLS connection to the database. If "disable" then no TLS connection will be attempted. If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs). If "require" then TLS will be required to make a connection, and a valid certificate must be presented.
| gotosocial.database.type
| string
| `"sqlite"`
| Database type. Options: ["postgres","sqlite"]
| gotosocial.database.username
| string
| `""`
| Username for the database connection.
| gotosocial.host
| string
| `"localhost"`
|
| gotosocial.landingPageUser
| string
| `""`
|
| gotosocial.metrics.auth.enabled
| bool
| `false`
|
| gotosocial.metrics.auth.password
| string
| `""`
|
| gotosocial.metrics.auth.username
| string
| `""`
|
| gotosocial.metrics.enabled
| bool
| `true`
|
| gotosocial.oidc.adminGroups
| list
| `["admins"]`
| If the returned ID token contains a 'groups' claim that matches one of the groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance
| gotosocial.oidc.clientID
| string
| `""`
| The ID for this client as registered with the OIDC provider.
| gotosocial.oidc.clientSecret
| string
| `""`
| The secret for this client as registered with the OIDC provider.
| gotosocial.oidc.enabled
| bool
| `false`
| Enable authentication with external OIDC provider. If set to true, then the other OIDC options must be set as well. If this is set to false, then the standard internal oauth flow will be used, where users sign in to GtS with username/password.
| gotosocial.oidc.idpName
| string
| `""`
| Name of the oidc idp (identity provider). This will be shown to users when they log in.
| gotosocial.oidc.issuer
| string
| `""`
| The OIDC issuer URI. This is where GtS will redirect users to for login. Typically this will look like a standard web URL.
| gotosocial.oidc.linkExisting
| bool
| `false`
| Link OIDC authenticated users to existing ones based on their email address. This is mostly intended for migration purposes if you were running previous versions of GTS which only correlated users with their email address. Should be set to false for most usecases.
| gotosocial.oidc.scopes
| list
| `["openid","email","profile","groups"]`
| Scopes to request from the OIDC provider. The returned values will be used to populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. 'profile' is used to extract a username for the newly created user. 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups.
| gotosocial.oidc.skipVerification
| bool
| `false`
| Skip the normal verification flow of tokens returned from the OIDC provider, ie., don't check the expiry or signature. This should only be used in debugging or testing, never ever in a production environment as it's extremely unsafe!
| gotosocial.smtp.discloseRecipients
| bool
| `false`
| If true, when an email is sent that has multiple recipients, each recipient will be included in the To field, so that each recipient can see who else got the email, and they can 'reply all' to the other recipients if they want to. If false, email will be sent to Undisclosed Recipients, and each recipient will not be able to see who else received the email. It might be useful to change this setting to 'true' if you want to be able to discuss new moderation reports with other admins by 'replying-all' to the notification email.
| gotosocial.smtp.from
| string
| `""`
| 'From' address for sent emails.
| gotosocial.smtp.host
| string
| `""`
| The hostname of the smtp server you want to use. If this is not set, smtp will not be used to send emails, and you can ignore the other settings.
| gotosocial.smtp.password
| string
| `""`
| Password to use when authenticating with the smtp server. This should have been provided to you by your smtp host.
| gotosocial.smtp.port
| int
| `0`
| Port to use to connect to the smtp server.
| gotosocial.smtp.username
| string
| `""`
| Username to use when authenticating with the smtp server. This should have been provided to you by your smtp host. This is often, but not always, an email address.
| gotosocial.storage.backend
| string
| `"local"`
| Type of storage backend to use. Examples: ["local", "s3"] Default: "local" (storage on local disk)
| gotosocial.storage.s3.accessKey
| string
| `""`
| Access key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend.
| gotosocial.storage.s3.bucket
| string
| `""`
| Name of the storage bucket. If you have already encoded your bucket name in the storage-s3-endpoint, this value will be used as a directory containing your data. The bucket must exist prior to starting GoToSocial Only required when running with the s3 storage backend.
| gotosocial.storage.s3.endpoint
| string
| `""`
| API endpoint of the S3 compatible service. Only required when running with the s3 storage backend. GoToSocial uses "DNS-style" when accessing buckets. If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address
| gotosocial.storage.s3.proxy
| bool
| `false`
| If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL.
| gotosocial.storage.s3.secretKey
| string
| `""`
| Secret key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend.
| gotosocial.storage.s3.useSSL
| bool
| `true`
| Use SSL for S3 connections. Only set this to 'false' when testing locally.
| gotosocial.tz
| string
| `"UTC"`
|
| image.pullPolicy
| string
| `"IfNotPresent"`
|
| image.registry
| string
| `"docker.io"`
|
| image.repository
| string
| `"superseriousbusiness/gotosocial"`
|
| image.tag
| string
| `""`
| Overrides the image tag whose default is the chart appVersion.
| imagePullSecrets
| list
| `[]`
|
| ingress.annotations
| object
| `{}`
|
| ingress.className
| string
| `""`
|
| ingress.enabled
| bool
| `false`
|
| ingress.hosts[0].host
| string
| `"chart-example.local"`
|
| ingress.hosts[0].paths[0].path
| string
| `"/"`
|
| ingress.hosts[0].paths[0].pathType
| string
| `"ImplementationSpecific"`
|
| ingress.tls
| list
| `[]`
|
| nameOverride
| string
| `""`
|
| nodeSelector
| object
| `{}`
|
| persistence.accessMode
| string
| `"ReadWriteOnce"`
| accessMode
| persistence.annotations
| object
| `{}`
|
| persistence.enabled
| bool
| `true`
| Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
| persistence.existingClaim
| string
| `nil`
| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound
| persistence.hostPath
| string
| `nil`
| Do not create an PVC, direct use hostPath in Pod
| persistence.size
| string
| `"10Gi"`
| size
| persistence.storageClass
| string
| `nil`
| Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack)
| podAnnotations
| object
| `{}`
|
| podLabels
| object
| `{}`
|
| podSecurityContext
| object
| `{}`
|
| prometheus.servicemonitor.enabled
| bool
| `false`
|
| prometheus.servicemonitor.labels
| object
| `{}`
|
| replicaCount
| int
| `1`
|
| resources
| object
| `{}`
|
| securityContext
| object
| `{}`
|
| service.port
| int
| `8080`
|
| service.type
| string
| `"ClusterIP"`
|
| serviceAccount.annotations
| object
| `{}`
| Annotations to add to the service account
| serviceAccount.automount
| bool
| `true`
| Automatically mount a ServiceAccount's API credentials?
| serviceAccount.create
| bool
| `false`
| Specifies whether a service account should be created
| serviceAccount.name
| string
| `""`
| If not set and create is true, a name is generated using the fullname template
| tolerations
| list
| `[]`
|
| volumeMounts
| list
| `[]`
|
| volumes
| list
| `[]`
|
|===
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

1
gotosocial/_docs.gotmpl Normal file
View file

@ -0,0 +1 @@

13
gotosocial/ci/ct-values.yaml Normal file
View file

@ -0,0 +1,13 @@
gotosocial:
metrics:
enabled: true
auth:
enabled: true
username: "test"
password: "test1234"
prometheus:
servicemonitor:
enabled: true
labels:
prometheus: default

22
gotosocial/templates/NOTES.txt Normal file
View file

@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gotosocial.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gotosocial.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gotosocial.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gotosocial.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

62
gotosocial/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "gotosocial.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "gotosocial.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gotosocial.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "gotosocial.labels" -}}
helm.sh/chart: {{ include "gotosocial.chart" . }}
{{ include "gotosocial.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "gotosocial.selectorLabels" -}}
app.kubernetes.io/name: {{ include "gotosocial.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "gotosocial.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "gotosocial.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

98
gotosocial/templates/deployment.yaml Normal file
View file

@ -0,0 +1,98 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "gotosocial.fullname" . }}
labels:
{{- include "gotosocial.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "gotosocial.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
"confighash": {{ toYaml .Values.gotosocial | sha256sum | trunc 32 }}
"confighash.metrics-auth": {{ toYaml .Values.gotosocial.metrics.auth | sha256sum | trunc 32 }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gotosocial.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gotosocial.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- with .Values.image}}
image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "gotosocial.fullname" . }}
{{- if .Values.gotosocial.metrics.auth.enabled }}
- secretRef:
name: {{ include "gotosocial.fullname" . }}-metrics-auth
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: data
mountPath: /gotosocial/storage
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumes:
- name: data
{{- if .Values.persistence.enabled }}
{{- if .Values.persistence.hostPath }}
hostPath:
type: Directory
path: {{ .Values.persistence.hostPath | quote }}
{{- else }}{{/* else .persistence.hostPath */}}
persistentVolumeClaim:
claimName: {{ coalesce .Values.persistence.existingClaim (include "gotosocial.fullname" .) }}
{{- end }}{{/* end-else .persistence.hostPath */}}
{{- else }}{{/* else .persistence.enabled */}}
emptyDir: {}
{{- end }}{{/* end-else .persistence.enabled */}}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

32
gotosocial/templates/hpa.yaml Normal file
View file

@ -0,0 +1,32 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "gotosocial.fullname" . }}
labels:
{{- include "gotosocial.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "gotosocial.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

61
gotosocial/templates/ingress.yaml Normal file
View file

@ -0,0 +1,61 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "gotosocial.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "gotosocial.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

17
gotosocial/templates/metrics/secret.yaml Normal file
View file

@ -0,0 +1,17 @@
{{- with .Values.gotosocial.metrics.auth }}
{{- if and $.Values.gotosocial.metrics.enabled .enabled }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "gotosocial.fullname" $ }}-metrics-auth
labels:
{{- include "gotosocial.labels" $ | nindent 4 }}
annotations:
"confighash.metrics-auth": {{ toYaml . | sha256sum | trunc 32 }}
data:
GTS_METRICS_AUTH_ENABLED: {{ "true" | b64enc }}
GTS_METRICS_AUTH_USERNAME: {{ .username | b64enc }}
GTS_METRICS_AUTH_PASSWORD: {{ .password | b64enc }}
{{- end }}{{/* end-if .enabled */}}
{{- end }}{{/* end-with .gotosocial.metrics.auth */}}

24
gotosocial/templates/metrics/servicemonitor.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- if and .Values.gotosocial.metrics.enabled .Values.prometheus.servicemonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "gotosocial.fullname" . }}
labels:
{{- include "gotosocial.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "gotosocial.selectorLabels" . | nindent 6 }}
endpoints:
- port: http
path: "/metrics"
{{- if .Values.gotosocial.metrics.auth.enabled }}
basicAuth:
username:
name: {{ include "gotosocial.fullname" . }}-metrics-auth
key: GTS_METRICS_AUTH_USERNAME
password:
name: {{ include "gotosocial.fullname" . }}-metrics-auth
key: GTS_METRICS_AUTH_PASSWORD
{{- end }}
{{- end }}

28
gotosocial/templates/pvc.yaml Normal file
View file

@ -0,0 +1,28 @@
{{- with .Values.persistence }}
{{- if and .enabled (not .existingClaim) }}
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "gotosocial.fullname" $ }}
labels:
{{- include "gotosocial.labels" $ | nindent 4 }}
{{- with .annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .accessMode | quote }}
resources:
requests:
storage: {{ .size | quote }}
{{- with .storageClass }}
{{- if (eq "-" .) }}
storageClassName: ""
{{- else }}
storageClassName: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}{{/* end-if .enabled */}}
{{- end }}{{/* end-with .persistence */}}

102
gotosocial/templates/secret.yaml Normal file
View file

@ -0,0 +1,102 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "gotosocial.fullname" . }}
annotations:
"confighash": {{ toYaml .Values.gotosocial | sha256sum | trunc 32 }}
labels:
{{- include "gotosocial.labels" . | nindent 4 }}
data:
{{- with .Values.gotosocial }}
TZ: {{ .tz | b64enc }}
GTS_APPLICATION_NAME: {{ .applicationName | b64enc }}
GTS_LANDING_PAGE_USER: {{ .landingPageUser | b64enc }}
GTS_HOST: {{ .host | b64enc }}
GTS_ACCOUNT_DOMAIN: {{ .accountDomain | b64enc }}
GTS_DB_TYPE: {{ .database.type | b64enc }}
{{- if (eq .database.type "sqlite") }}
{{- if (eq .storage.backend "local") }}
GTS_DB_ADDRESS: {{ "/gotosocial/storage/sqlite.db" | b64enc }}
GTS_DB_SQLITE_JOURNAL_MODE: {{ "WAL" | b64enc }}
GTS_DB_SQLITE_SYNCHRONOUS: {{ "NORMAL" | b64enc }}
GTS_DB_SQLITE_CACHE_SIZE: {{ "8MiB" | b64enc }}
GTS_DB_SQLITE_BUSY_TIMEOUT: {{ "30m" | b64enc }}
{{- else }}
{{- fail "sqlite needs storage-backend is local" }}
{{- end }}{{/* end-else-if local */}}
{{- else }}{{/* else-if sqlite */}}
{{- with .database }}
GTS_DB_ADDRESS: {{ .address | b64enc }}
GTS_DB_PORT: {{ toYaml .port | b64enc }}
GTS_DB_USER: {{ .username | b64enc }}
GTS_DB_PASSWORD: {{ .password | b64enc }}
GTS_DB_DATABASE: {{ .database | b64enc }}
GTS_DB_TLS_MODE: {{ .tlsMode | b64enc }}
{{- with .tlsCACert }}
GTS_DB_TLS_CA_CERT: {{ . | b64enc }}
{{- end }}
GTS_DB_MAX_OPEN_CONNS_MULTIPLIER: {{ "8" | b64enc }}
{{- end }}{{/* end-with .database */}}
{{- end }}{{/* end-else-if sqlite */}}
{{- with .accounts }}
GTS_ACCOUNTS_REGISTRATION_OPEN: {{ toYaml .registrationOpen | b64enc }}
GTS_ACCOUNTS_APPROVAL_REQUIRED: {{ toYaml .approvalRequired | b64enc }}
GTS_ACCOUNTS_REASON_REQUIRED: {{ toYaml .reasonRequired | b64enc }}
GTS_ACCOUNTS_ALLOW_CUSTOM_CSS: {{ toYaml .allowCustomCSS | b64enc }}
GTS_ACCOUNTS_CUSTOM_CSS_LENGTH: {{ toYaml .customCSSLength | b64enc }}
{{- end }}{{/* end-with accounts */}}
GTS_STORAGE_BACKEND: {{ .storage.backend | b64enc }}
{{- if (eq .storage.backend "local") }}
GTS_STORAGE_LOCAL_BASE_PATH: {{ "/gotosocial/storage" | b64enc }}
{{- end }}
{{- if (eq .storage.backend "s3") }}
{{- with .storage.s3 }}
{{- with .endpoint }}
GTS_STORAGE_S3_ENDPOINT: {{ toYaml . | b64enc }}
{{- end }}
{{- with .proxy }}
GTS_STORAGE_S3_PROXY: {{ toYaml . | b64enc }}
{{- end }}
{{- with .useSSL }}
GTS_STORAGE_S3_USE_SSL: {{ toYaml . | b64enc }}
{{- end }}
{{- with .bucket }}
GTS_STORAGE_S3_BUCKET: {{ toYaml . | b64enc }}
{{- end }}
{{- with .accessKey }}
GTS_STORAGE_S3_ACCESS_KEY: {{ toYaml . | b64enc }}
{{- end }}
{{- with .secretKey }}
GTS_STORAGE_S3_SECRET_KEY: {{ toYaml . | b64enc }}
{{- end }}
{{- end }}{{/* end-with .storage.s3 */}}
{{- end }}{{/* end-if .storage.backed == s3 */}}
{{- with .oidc }}
GTS_OIDC_ENABLED: {{ toYaml .enabled | b64enc }}
GTS_OIDC_IDP_NAME: {{ .idpName | b64enc }}
GTS_OIDC_SKIP_VERIFICATION: {{ toYaml .skipVerification | b64enc }}
GTS_OIDC_ISSUER: {{ .issuer | b64enc }}
GTS_OIDC_CLIENT_ID: {{ .clientID | b64enc }}
GTS_OIDC_CLIENT_SECRET: {{ .clientSecret | b64enc }}
GTS_OIDC_SCOPES: {{ .scopes | join "," | b64enc }}
GTS_OIDC_LINK_EXISTING: {{ toYaml .linkExisting | b64enc }}
GTS_OIDC_ADMIN_GROUPS: {{ .adminGroups | join "," | b64enc }}
{{- end }}{{/* end-with oidc */}}
{{- with .smtp }}
GTS_SMTP_HOST: {{ .host | default "" | b64enc }}
GTS_SMTP_PORT: {{ toYaml .port | b64enc }}
GTS_SMTP_USERNAME: {{ .username | default "" | b64enc }}
GTS_SMTP_PASSWORD: {{ .password | default "" | b64enc }}
GTS_SMTP_FROM: {{ .from | default "" | b64enc }}
GTS_SMTP_DISCLOSE_RECIPIENTS: {{ toYaml .discloseRecipients | b64enc }}
{{- end }}{{/* end-with smtp */}}
GTS_METRICS_ENABLED: {{ toYaml .metrics.enabled | b64enc }}
{{- end }}{{/* end-with .gotosocial */}}

15
gotosocial/templates/service.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "gotosocial.fullname" . }}
labels:
{{- include "gotosocial.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "gotosocial.selectorLabels" . | nindent 4 }}

13
gotosocial/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gotosocial.serviceAccountName" . }}
labels:
{{- include "gotosocial.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

15
gotosocial/templates/tests/test-connection.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "gotosocial.fullname" . }}-test-connection"
labels:
{{- include "gotosocial.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "gotosocial.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

290
gotosocial/values.yaml Normal file
View file

@ -0,0 +1,290 @@
# Default values for gotosocial.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
image:
# -- if set it will overwrite all registry entries
registry:
# -- if set it will overwrite all pullPolicy
pullPolicy:
replicaCount: 1
image:
registry: docker.io
repository: superseriousbusiness/gotosocial
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
gotosocial:
tz: "UTC"
applicationName: "gotosocial"
landingPageUser: ""
host: "localhost"
accountDomain: ""
database:
# -- Database type.
# Options: ["postgres","sqlite"]
type: "sqlite"
# -- Database address or parameters.
# For Postgres, this should be the address or socket at which the database can be reached.
address: ""
# -- Port for database connection.
port: 5432
# -- Username for the database connection.
username: ""
# -- Password to use for the database connection
password: ""
# -- Name of the database to use within the provided database type.
database: "gotosocial"
# -- Disable, enable, or require SSL/TLS connection to the database.
# If "disable" then no TLS connection will be attempted.
# If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs).
# If "require" then TLS will be required to make a connection, and a valid certificate must be presented.
tlsMode: "disabled"
# -- Path to a CA certificate on the host machine for db certificate validation.
# If this is left empty, just the host certificates will be used.
# If filled in, the certificate will be loaded and added to host certificates.
tlsCACert: ""
accounts:
# -- Do we want people to be able to just submit sign up requests, or do we want invite only?
registrationOpen: true
# -- Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?
approvalRequired: true
# -- Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?
reasonRequired: true
# -- Allow accounts on this instance to set custom CSS for their profile pages and statuses.
# Enabling this setting will allow accounts to upload custom CSS via the /user settings page,
# which will then be rendered on the web view of the account's profile and statuses.
#
# For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false',
# since setting it to true allows malicious accounts to make their profile pages misleading, unusable
# or even dangerous to visitors. In other words, you should only enable this setting if you trust
# the users on your instance not to produce harmful CSS.
#
# Regardless of what this value is set to, any uploaded CSS will not be federated to other instances,
# it will only be shown on profiles and statuses on *this* instance.
allowCustomCSS: false
# -- If accounts-allow-custom-css is true, this is the permitted length in characters for
# CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false.
customCSSLength: 10000
storage:
# -- Type of storage backend to use.
# Examples: ["local", "s3"]
# Default: "local" (storage on local disk)
backend: "local"
s3:
# -- API endpoint of the S3 compatible service.
# Only required when running with the s3 storage backend.
# GoToSocial uses "DNS-style" when accessing buckets.
# If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address
endpoint: ""
# -- If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL.
proxy: false
# -- Use SSL for S3 connections.
#
# Only set this to 'false' when testing locally.
useSSL: true
# -- Name of the storage bucket.
#
# If you have already encoded your bucket name in the storage-s3-endpoint, this
# value will be used as a directory containing your data.
#
# The bucket must exist prior to starting GoToSocial
#
# Only required when running with the s3 storage backend.
bucket: ""
# -- Access key part of the S3 credentials.
# Consider setting this value using environment variables to avoid leaking it via the config file
# Only required when running with the s3 storage backend.
accessKey: ""
# -- Secret key part of the S3 credentials.
# Consider setting this value using environment variables to avoid leaking it via the config file
# Only required when running with the s3 storage backend.
secretKey: ""
oidc:
# -- Enable authentication with external OIDC provider. If set to true, then
# the other OIDC options must be set as well. If this is set to false, then the standard
# internal oauth flow will be used, where users sign in to GtS with username/password.
enabled: false
# -- Name of the oidc idp (identity provider). This will be shown to users when they log in.
idpName: ""
# -- Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
# don't check the expiry or signature. This should only be used in debugging or testing,
# never ever in a production environment as it's extremely unsafe!
skipVerification: false
# -- The OIDC issuer URI. This is where GtS will redirect users to for login.
# Typically this will look like a standard web URL.
issuer: ""
# -- The ID for this client as registered with the OIDC provider.
clientID: ""
# -- The secret for this client as registered with the OIDC provider.
clientSecret: ""
# -- Scopes to request from the OIDC provider. The returned values will be used to
# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
# 'profile' is used to extract a username for the newly created user.
# 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups.
scopes:
- "openid"
- "email"
- "profile"
- "groups"
# -- Link OIDC authenticated users to existing ones based on their email address.
# This is mostly intended for migration purposes if you were running previous versions of GTS
# which only correlated users with their email address. Should be set to false for most usecases.
linkExisting: false
# -- If the returned ID token contains a 'groups' claim that matches one of the
# groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance
adminGroups:
- "admins"
smtp:
# -- The hostname of the smtp server you want to use.
# If this is not set, smtp will not be used to send emails, and you can ignore the other settings.
host: ""
# -- Port to use to connect to the smtp server.
port: 0
# -- Username to use when authenticating with the smtp server.
# This should have been provided to you by your smtp host.
# This is often, but not always, an email address.
username: ""
# -- Password to use when authenticating with the smtp server.
# This should have been provided to you by your smtp host.
password: ""
# -- 'From' address for sent emails.
from: ""
# -- If true, when an email is sent that has multiple recipients, each recipient
# will be included in the To field, so that each recipient can see who else got the
# email, and they can 'reply all' to the other recipients if they want to.
#
# If false, email will be sent to Undisclosed Recipients, and each recipient will not
# be able to see who else received the email.
#
# It might be useful to change this setting to 'true' if you want to be able to discuss
# new moderation reports with other admins by 'replying-all' to the notification email.
discloseRecipients: false
metrics:
enabled: true
auth:
enabled: false
username: ""
password: ""
prometheus:
servicemonitor:
enabled: false
labels: {}
serviceAccount:
# -- Specifies whether a service account should be created
create: false
# -- Automatically mount a ServiceAccount's API credentials?
automount: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# -- If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
nodeSelector: {}
tolerations: []
affinity: {}
persistence:
# -- Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
enabled: true
annotations: {}
# -- Persistent Volume Storage Class
# If defined, storageClassName: <storageClass>
# If set to "-", storageClassName: "", which disables dynamic provisioning
# If undefined (the default) or set to null, no storageClassName spec is
# set, choosing the default provisioner. (gp2 on AWS, standard on
# GKE, AWS & OpenStack)
storageClass:
# -- A manually managed Persistent Volume and Claim
# Requires persistence.enabled: true
# If defined, PVC must be created manually before volume will be bound
existingClaim:
# -- Do not create an PVC, direct use hostPath in Pod
hostPath:
# -- accessMode
accessMode: ReadWriteOnce
# -- size
size: 10Gi

2
publish.sh
View file

@ -9,7 +9,7 @@ helm-docs -t ./README.adoc.gotmpl -t _docs.gotmpl -o README.adoc
./docs/modules/charts/generate.sh ./docs/modules/charts/generate.sh
ct lint || exit 1 ct lint # || exit 1
for p in * ; do for p in * ; do
if \ if \