From 1f6b1a7c322bdf24d4db9a600023bc69a6329244 Mon Sep 17 00:00:00 2001 From: Lily Cohen Date: Wed, 10 May 2023 16:07:45 -0700 Subject: [PATCH 1/2] adding calckey helm chart --- .gitignore | 1 + chart/.helmignore | 23 ++ chart/Chart.yaml | 39 ++- chart/README.md | 83 +++++++ chart/files/default.yml | 162 ------------ chart/templates/ConfigMap.yml | 8 - chart/templates/Deployment.yml | 47 ---- chart/templates/NOTES.txt | 22 ++ chart/templates/Service.yml | 14 -- chart/templates/_helpers.tpl | 276 ++++++++++++++++++++- chart/templates/deployment.yaml | 78 ++++++ chart/templates/hpa.yaml | 28 +++ chart/templates/ingress.yaml | 61 +++++ chart/templates/secret-config.yaml | 9 + chart/templates/service.yaml | 15 ++ chart/templates/serviceaccount.yaml | 12 + chart/templates/tests/test-connection.yaml | 15 ++ chart/values.yaml | 158 ++++++++++++ chart/values.yml | 3 - kubernetes-README.md | 45 ++++ 20 files changed, 853 insertions(+), 246 deletions(-) create mode 100644 chart/.helmignore create mode 100644 chart/README.md delete mode 100644 chart/files/default.yml delete mode 100644 chart/templates/ConfigMap.yml delete mode 100644 chart/templates/Deployment.yml create mode 100644 chart/templates/NOTES.txt delete mode 100644 chart/templates/Service.yml create mode 100644 chart/templates/deployment.yaml create mode 100644 chart/templates/hpa.yaml create mode 100644 chart/templates/ingress.yaml create mode 100644 chart/templates/secret-config.yaml create mode 100644 chart/templates/service.yaml create mode 100644 chart/templates/serviceaccount.yaml create mode 100644 chart/templates/tests/test-connection.yaml create mode 100644 chart/values.yaml delete mode 100644 chart/values.yml create mode 100644 kubernetes-README.md diff --git a/.gitignore b/.gitignore index 135bf9660a..2613bba00a 100644 --- a/.gitignore +++ b/.gitignore @@ -23,6 +23,7 @@ coverage /.config/* !/.config/example.yml !/.config/docker_example.env +!/.config/helm_values_example.yml #docker dev config /dev/docker-compose.yml diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 8f31cf7fb4..dfd476dadc 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,3 +1,38 @@ apiVersion: v2 -name: misskey -version: 0.0.0 +name: calckey +description: A fun, new, open way to experience social media https://calckey.org + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "rc" + +dependencies: + - name: elasticsearch + version: 19.0.1 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + condition: elasticsearch.enabled + - name: postgresql + version: 11.1.3 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + condition: postgresql.enabled + - name: redis + version: 16.13.2 + repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + condition: redis.enabled diff --git a/chart/README.md b/chart/README.md new file mode 100644 index 0000000000..a04b3d29a8 --- /dev/null +++ b/chart/README.md @@ -0,0 +1,83 @@ +# calckey + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: rc](https://img.shields.io/badge/AppVersion-rc-informational?style=flat-square) + +A fun, new, open way to experience social media https://calckey.org + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | elasticsearch | 19.0.1 | +| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | postgresql | 11.1.3 | +| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | redis | 16.13.2 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| calckey.allowedPrivateNetworks | list | `[]` | If you want to allow calckey to connect to private ips, enter the cidrs here. | +| calckey.domain | string | `"calckey.local"` | | +| calckey.isManagedHosting | bool | `true` | | +| calckey.objectStorage.access_key | string | `""` | | +| calckey.objectStorage.access_secret | string | `""` | | +| calckey.objectStorage.baseUrl | string | `""` | | +| calckey.objectStorage.bucket | string | `""` | | +| calckey.objectStorage.endpoint | string | `""` | | +| calckey.objectStorage.managed | bool | `true` | | +| calckey.objectStorage.prefix | string | `"files"` | | +| calckey.objectStorage.region | string | `""` | | +| calckey.reservedUsernames[0] | string | `"root"` | | +| calckey.reservedUsernames[1] | string | `"admin"` | | +| calckey.reservedUsernames[2] | string | `"administrator"` | | +| calckey.reservedUsernames[3] | string | `"me"` | | +| calckey.reservedUsernames[4] | string | `"system"` | | +| calckey.smtp.from_address | string | `"notifications@example.com"` | | +| calckey.smtp.login | string | `""` | | +| calckey.smtp.managed | bool | `true` | | +| calckey.smtp.password | string | `""` | | +| calckey.smtp.port | int | `587` | | +| calckey.smtp.server | string | `"smtp.mailgun.org"` | | +| calckey.smtp.useImplicitSslTls | bool | `false` | | +| elasticsearch | object | `{"auth":null,"enabled":false,"hostname":"","port":9200,"ssl":false}` | https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"docker.io/thatonecalculator/calckey"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| postgresql.auth.database | string | `"calckey_production"` | | +| postgresql.auth.password | string | `""` | | +| postgresql.auth.username | string | `"calckey"` | | +| postgresql.enabled | bool | `true` | disable if you want to use an existing db; in which case the values below must match those of that external postgres instance | +| redis.auth.password | string | `""` | you must set a password; the password generated by the redis chart will be rotated on each upgrade: | +| redis.enabled | bool | `true` | | +| redis.hostname | string | `""` | | +| redis.port | int | `6379` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/chart/files/default.yml b/chart/files/default.yml deleted file mode 100644 index 91a947f268..0000000000 --- a/chart/files/default.yml +++ /dev/null @@ -1,162 +0,0 @@ -#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -# Misskey configuration -#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ - -# ┌─────┐ -#───┘ URL └───────────────────────────────────────────────────── - -# Final accessible URL seen by a user. -# url: https://example.tld/ - -# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE -# URL SETTINGS AFTER THAT! - -# ┌───────────────────────┐ -#───┘ Port and TLS settings └─────────────────────────────────── - -# -# Misskey supports two deployment options for public. -# - -# Option 1: With Reverse Proxy -# -# +----- https://example.tld/ ------------+ -# +------+ |+-------------+ +----------------+| -# | User | ---> || Proxy (443) | ---> | Misskey (3000) || -# +------+ |+-------------+ +----------------+| -# +---------------------------------------+ -# -# You need to setup reverse proxy. (eg. nginx) -# You do not define 'https' section. - -# Option 2: Standalone -# -# +- https://example.tld/ -+ -# +------+ | +---------------+ | -# | User | ---> | | Misskey (443) | | -# +------+ | +---------------+ | -# +------------------------+ -# -# You need to run Misskey as root. -# You need to set Certificate in 'https' section. - -# To use option 1, uncomment below line. -port: 3000 # A port that your Misskey server should listen. - -# To use option 2, uncomment below lines. -#port: 443 - -#https: -# # path for certification -# key: /etc/letsencrypt/live/example.tld/privkey.pem -# cert: /etc/letsencrypt/live/example.tld/fullchain.pem - -# ┌──────────────────────────┐ -#───┘ PostgreSQL configuration └──────────────────────────────── - -db: - host: localhost - port: 5432 - - # Database name - db: misskey - - # Auth - user: example-misskey-user - pass: example-misskey-pass - - # Whether disable Caching queries - #disableCache: true - - # Extra Connection options - #extra: - # ssl: true - -# ┌─────────────────────┐ -#───┘ Redis configuration └───────────────────────────────────── - -redis: - host: localhost - port: 6379 - #pass: example-pass - #prefix: example-prefix - #db: 1 - -# ┌─────────────────────────────┐ -#───┘ Elasticsearch configuration └───────────────────────────── - -#elasticsearch: -# host: localhost -# port: 9200 -# ssl: false -# user: -# pass: - -# ┌───────────────┐ -#───┘ ID generation └─────────────────────────────────────────── - -# You can select the ID generation method. -# You don't usually need to change this setting, but you can -# change it according to your preferences. - -# Available methods: -# aid ... Short, Millisecond accuracy -# meid ... Similar to ObjectID, Millisecond accuracy -# ulid ... Millisecond accuracy -# objectid ... This is left for backward compatibility - -# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE -# ID SETTINGS AFTER THAT! - -id: "aid" -# ┌─────────────────────┐ -#───┘ Other configuration └───────────────────────────────────── - -# Whether disable HSTS -#disableHsts: true - -# Number of worker processes -#clusterLimit: 1 - -# Job concurrency per worker -# deliverJobConcurrency: 128 -# inboxJobConcurrency: 16 - -# Job rate limiter -# deliverJobPerSec: 128 -# inboxJobPerSec: 16 - -# Job attempts -# deliverJobMaxAttempts: 12 -# inboxJobMaxAttempts: 8 - -# IP address family used for outgoing request (ipv4, ipv6 or dual) -#outgoingAddressFamily: ipv4 - -# Syslog option -#syslog: -# host: localhost -# port: 514 - -# Proxy for HTTP/HTTPS -#proxy: http://127.0.0.1:3128 - -#proxyBypassHosts: [ -# 'example.com', -# '192.0.2.8' -#] - -# Proxy for SMTP/SMTPS -#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT -#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 -#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 - -# Media Proxy -#mediaProxy: https://example.com/proxy - -#allowedPrivateNetworks: [ -# '127.0.0.1/32' -#] - -# Upload or download file size limits (bytes) -#maxFileSize: 262144000 diff --git a/chart/templates/ConfigMap.yml b/chart/templates/ConfigMap.yml deleted file mode 100644 index 37c25e0864..0000000000 --- a/chart/templates/ConfigMap.yml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "misskey.fullname" . }}-configuration -data: - default.yml: |- - {{ .Files.Get "files/default.yml"|nindent 4 }} - url: {{ .Values.url }} diff --git a/chart/templates/Deployment.yml b/chart/templates/Deployment.yml deleted file mode 100644 index d16aece915..0000000000 --- a/chart/templates/Deployment.yml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "misskey.fullname" . }} - labels: - {{- include "misskey.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "misskey.selectorLabels" . | nindent 6 }} - replicas: 1 - template: - metadata: - labels: - {{- include "misskey.selectorLabels" . | nindent 8 }} - spec: - containers: - - name: misskey - image: {{ .Values.image }} - env: - - name: NODE_ENV - value: {{ .Values.environment }} - volumeMounts: - - name: {{ include "misskey.fullname" . }}-configuration - mountPath: /misskey/.config - readOnly: true - ports: - - containerPort: 3000 - - name: postgres - image: postgres:14-alpine - env: - - name: POSTGRES_USER - value: "example-misskey-user" - - name: POSTGRES_PASSWORD - value: "example-misskey-pass" - - name: POSTGRES_DB - value: "misskey" - ports: - - containerPort: 5432 - - name: redis - image: redis:alpine - ports: - - containerPort: 6379 - volumes: - - name: {{ include "misskey.fullname" . }}-configuration - configMap: - name: {{ include "misskey.fullname" . }}-configuration diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt new file mode 100644 index 0000000000..d3e4f2f208 --- /dev/null +++ b/chart/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "calckey.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "calckey.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "calckey.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "calckey.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/chart/templates/Service.yml b/chart/templates/Service.yml deleted file mode 100644 index 3209581298..0000000000 --- a/chart/templates/Service.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "misskey.fullname" . }} - annotations: - dev.okteto.com/auto-ingress: "true" -spec: - type: ClusterIP - ports: - - port: 3000 - protocol: TCP - name: http - selector: - {{- include "misskey.selectorLabels" . | nindent 4 }} diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index a5a2499f3f..00702ec34d 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "misskey.name" -}} +{{- define "calckey.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "misskey.fullname" -}} +{{- define "calckey.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "misskey.chart" -}} +{{- define "calckey.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "misskey.labels" -}} -helm.sh/chart: {{ include "misskey.chart" . }} -{{ include "misskey.selectorLabels" . }} +{{- define "calckey.labels" -}} +helm.sh/chart: {{ include "calckey.chart" . }} +{{ include "calckey.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,18 +45,274 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "misskey.selectorLabels" -}} -app.kubernetes.io/name: {{ include "misskey.name" . }} +{{- define "calckey.selectorLabels" -}} +app.kubernetes.io/name: {{ include "calckey.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "misskey.serviceAccountName" -}} +{{- define "calckey.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "misskey.fullname" .) .Values.serviceAccount.name }} +{{- default (include "calckey.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Create a default fully qualified name for dependent services. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "calckey.elasticsearch.fullname" -}} +{{- printf "%s-%s" .Release.Name "elasticsearch" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "calckey.redis.fullname" -}} +{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "calckey.postgresql.fullname" -}} +{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +config/default.yml content +*/}} +{{- define "calckey.configDir.default.yml" -}} +#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +# Calckey configuration +#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +# ┌─────┐ +#───┘ URL └───────────────────────────────────────────────────── + +# Final accessible URL seen by a user. +url: "https://{{ .Values.calckey.domain }}/" + +# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE +# URL SETTINGS AFTER THAT! + +# ┌───────────────────────┐ +#───┘ Port and TLS settings └─────────────────────────────────── + +# +# Misskey requires a reverse proxy to support HTTPS connections. +# +# +----- https://example.tld/ ------------+ +# +------+ |+-------------+ +----------------+| +# | User | ---> || Proxy (443) | ---> | Misskey (3000) || +# +------+ |+-------------+ +----------------+| +# +---------------------------------------+ +# +# You need to set up a reverse proxy. (e.g. nginx) +# An encrypted connection with HTTPS is highly recommended +# because tokens may be transferred in GET requests. + +# The port that your Misskey server should listen on. +port: 3000 + +# ┌──────────────────────────┐ +#───┘ PostgreSQL configuration └──────────────────────────────── + +db: + {{- if .Values.postgresql.enabled }} + host: {{ template "calckey.postgresql.fullname" . }} + port: '5432' + {{- else }} + host: {{ .Values.postgresql.postgresqlHostname }} + port: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }} + {{- end }} + + # Database name + db: {{ .Values.postgresql.auth.database }} + + # Auth + user: {{ .Values.postgresql.auth.username }} + pass: "{{ .Values.postgresql.auth.password }}" + + # Whether disable Caching queries + #disableCache: true + + # Extra Connection options + #extra: + # ssl: true + +# ┌─────────────────────┐ +#───┘ Redis configuration └───────────────────────────────────── + +redis: + {{- if .Values.redis.enabled }} + host: {{ template "calckey.redis.fullname" . }}-master + {{- else }} + host: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }} + {{- end }} + port: {{ .Values.redis.port | default "6379" | quote }} + #family: 0 # 0=Both, 4=IPv4, 6=IPv6 + pass: {{ .Values.redis.auth.password | quote }} + #prefix: example-prefix + #db: 1 + +# ┌─────────────────────┐ +#───┘ Sonic configuration └───────────────────────────────────── + +#sonic: +# host: localhost +# port: 1491 +# auth: SecretPassword +# collection: notes +# bucket: default + +# ┌─────────────────────────────┐ +#───┘ Elasticsearch configuration └───────────────────────────── + +{{- if .Values.elasticsearch.enabled }} +elasticsearch: + host: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl + port: 9200 + ssl: false +{{- else if .Values.elasticsearch.hostname }} +elasticsearch: + host: {{ .Values.elasticsearch.hostname | quote }} + port: {{ .Values.elasticsearch.port }} + ssl: {{ .Values.elasticsearch.ssl }} + {{- if .Values.elasticsearch.auth }} + user: {{ .Values.elasticsearch.auth.username | quote }} + pass: {{ .Values.elasticsearch.auth.password | quote }} + {{- end }} +{{- end }} + +# ┌───────────────┐ +#───┘ ID generation └─────────────────────────────────────────── + +# You can select the ID generation method. +# You don't usually need to change this setting, but you can +# change it according to your preferences. + +# Available methods: +# aid ... Short, Millisecond accuracy +# meid ... Similar to ObjectID, Millisecond accuracy +# ulid ... Millisecond accuracy +# objectid ... This is left for backward compatibility + +# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE +# ID SETTINGS AFTER THAT! + +id: 'aid' + +# ┌─────────────────────┐ +#───┘ Other configuration └───────────────────────────────────── + +# Max note length, should be < 8000. +#maxNoteLength: 3000 + +# Maximum lenght of an image caption or file comment (default 1500, max 8192) +#maxCaptionLength: 1500 + +# Reserved usernames that only the administrator can register with +reservedUsernames: +{{ .Values.calckey.reservedUsernames | toYaml }} + +# Whether disable HSTS +#disableHsts: true + +# Number of worker processes +#clusterLimit: 1 + +# Job concurrency per worker +# deliverJobConcurrency: 128 +# inboxJobConcurrency: 16 + +# Job rate limiter +# deliverJobPerSec: 128 +# inboxJobPerSec: 16 + +# Job attempts +# deliverJobMaxAttempts: 12 +# inboxJobMaxAttempts: 8 + +# IP address family used for outgoing request (ipv4, ipv6 or dual) +#outgoingAddressFamily: ipv4 + +# Syslog option +#syslog: +# host: localhost +# port: 514 + +# Proxy for HTTP/HTTPS +#proxy: http://127.0.0.1:3128 + +#proxyBypassHosts: [ +# 'example.com', +# '192.0.2.8' +#] + +# Proxy for SMTP/SMTPS +#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT +#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 +#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 + +# Media Proxy +#mediaProxy: https://example.com/proxy + +# Proxy remote files (default: false) +#proxyRemoteFiles: true + +allowedPrivateNetworks: +{{ .Values.calckey.allowedPrivateNetworks | toYaml }} + +# TWA +#twa: +# nameSpace: android_app +# packageName: tld.domain.twa +# sha256CertFingerprints: ['AB:CD:EF'] + +# Upload or download file size limits (bytes) +#maxFileSize: 262144000 + +# Managed hosting settings +# !!!!!!!!!! +# >>>>>> NORMAL SELF-HOSTERS, STAY AWAY! <<<<<< +# >>>>>> YOU DON'T NEED THIS! <<<<<< +# !!!!!!!!!! +# Each category is optional, but if each item in each category is mandatory! +# If you mess this up, that's on you, you've been warned... + +#maxUserSignups: 100 +isManagedHosting: {{ .Values.calckey.isManagedHosting }} +deepl: + managed: false +# authKey: '' +# isPro: false +# +email: + managed: {{ .Values.calckey.smtp.managed }} + address: {{ .Values.calckey.smtp.from_address | quote }} + host: {{ .Values.calckey.smtp.server | quote }} + port: {{ .Values.calckey.smtp.port }} + user: {{ .Values.calckey.smtp.login | quote }} + pass: {{ .Values.calckey.smtp.password | quote }} + useImplicitSslTls: {{ .Values.calckey.smtp.useImplicitSslTls }} +objectStorage: + managed: {{ .Values.calckey.objectStorage.managed }} + baseUrl: {{ .Values.calckey.objectStorage.baseUrl | quote }} + bucket: {{ .Values.calckey.objectStorage.bucket | quote }} + prefix: {{ .Values.calckey.objectStorage.prefix | quote }} + endpoint: {{ .Values.calckey.objectStorage.endpoint | quote }} + region: {{ .Values.calckey.objectStorage.region | quote }} + accessKey: {{ .Values.calckey.objectStorage.access_key | quote }} + secretKey: {{ .Values.calckey.objectStorage.access_secret | quote }} + useSsl: true + connnectOverProxy: false + setPublicReadOnUpload: true + s3ForcePathStyle: true + +# !!!!!!!!!! +# >>>>>> AGAIN, NORMAL SELF-HOSTERS, STAY AWAY! <<<<<< +# >>>>>> YOU DON'T NEED THIS, ABOVE SETTINGS ARE FOR MANAGED HOSTING ONLY! <<<<<< +# !!!!!!!!!! + +# Seriously. Do NOT fill out the above settings if you're self-hosting. +# They're much better off being set from the control panel. +{{- end }} diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml new file mode 100644 index 0000000000..5bcf8851a4 --- /dev/null +++ b/chart/templates/deployment.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "calckey.fullname" . }} + labels: + {{- include "calckey.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "calckey.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/secret-config: {{ include ( print $.Template.BasePath "/secret-config.yaml" ) . | sha256sum | quote }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "calckey.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "calckey.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + volumes: + - name: config-volume + secret: + secretName: {{ template "calckey.fullname" . }}-config + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: "NODE_ENV" + value: "production" + volumeMounts: + - name: config-volume + mountPath: /calckey/.config + ports: + - name: http + containerPort: 3000 + protocol: TCP + startupProbe: + httpGet: + path: / + port: http + failureThreshold: 30 + periodSeconds: 10 + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/chart/templates/hpa.yaml b/chart/templates/hpa.yaml new file mode 100644 index 0000000000..4cdd2b6255 --- /dev/null +++ b/chart/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "calckey.fullname" . }} + labels: + {{- include "calckey.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "calckey.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml new file mode 100644 index 0000000000..212c40e4b2 --- /dev/null +++ b/chart/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "calckey.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "calckey.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/chart/templates/secret-config.yaml b/chart/templates/secret-config.yaml new file mode 100644 index 0000000000..2dad134c56 --- /dev/null +++ b/chart/templates/secret-config.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "calckey.fullname" . }}-config + labels: + {{- include "calckey.labels" . | nindent 4 }} +type: Opaque +data: + default.yml: {{ include "calckey.configDir.default.yml" . | b64enc }} diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml new file mode 100644 index 0000000000..d46067a406 --- /dev/null +++ b/chart/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "calckey.fullname" . }} + labels: + {{- include "calckey.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "calckey.selectorLabels" . | nindent 4 }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml new file mode 100644 index 0000000000..f269ad028b --- /dev/null +++ b/chart/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "calckey.serviceAccountName" . }} + labels: + {{- include "calckey.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/tests/test-connection.yaml b/chart/templates/tests/test-connection.yaml new file mode 100644 index 0000000000..b8db3d9a17 --- /dev/null +++ b/chart/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "calckey.fullname" . }}-test-connection" + labels: + {{- include "calckey.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "calckey.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 0000000000..1f8f8c8f77 --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,158 @@ +# Default values for calckey. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: docker.io/thatonecalculator/calckey + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +calckey: + isManagedHosting: true + domain: calckey.local + + smtp: + managed: true + from_address: notifications@example.com + port: 587 + server: smtp.mailgun.org + useImplicitSslTls: false + login: "" + password: "" + + objectStorage: + managed: true + access_key: "" + access_secret: "" + baseUrl: "" # e.g. "https://my-bucket.nyc3.cdn.digitaloceanspaces.com" + bucket: "" # e.g. "my-bucket" + prefix: files + endpoint: "" # e.g. "nyc3.digitaloceanspaces.com:443" + region: "" # e.g. "nyc3" + + # -- If you want to allow calckey to connect to private ips, enter the cidrs here. + allowedPrivateNetworks: [] + # - "10.0.0.0/8" + + reservedUsernames: + - root + - admin + - administrator + - me + - system + +# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters +postgresql: + # -- disable if you want to use an existing db; in which case the values below + # must match those of that external postgres instance + enabled: true + # postgresqlHostname: preexisting-postgresql + # postgresqlPort: 5432 + auth: + database: calckey_production + username: calckey + # you must set a password; the password generated by the postgresql chart will + # be rotated on each upgrade: + # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade + password: "" + +# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters +redis: + # disable if you want to use an existing redis instance; in which case the + # values below must match those of that external redis instance + enabled: true + hostname: "" + port: 6379 + auth: + # -- you must set a password; the password generated by the redis chart will be + # rotated on each upgrade: + password: "" + +# -- https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters +elasticsearch: + # disable if you want to use an existing redis instance; in which case the + # values below must match those of that external elasticsearch instance + enabled: false + hostname: "" + port: 9200 + ssl: false + auth: {} + # username: "" + # password: "" + # @ignored + image: + tag: 7 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/chart/values.yml b/chart/values.yml deleted file mode 100644 index a7031538a9..0000000000 --- a/chart/values.yml +++ /dev/null @@ -1,3 +0,0 @@ -url: https://example.tld/ -image: okteto.dev/misskey -environment: production diff --git a/kubernetes-README.md b/kubernetes-README.md new file mode 100644 index 0000000000..710d0dee06 --- /dev/null +++ b/kubernetes-README.md @@ -0,0 +1,45 @@ +# Running a Calckey instance with Kubernetes and Helm + +This is a [Helm](https://helm.sh/) chart directory in the root of the project +that you can use to deploy calckey to a Kubernetes cluster + +## Deployment + +1. Copy the example helm values and make your changes: +```shell +cp .config/helm_values_example.yml .config/helm_values.yml +``` + +2. Update helm dependencies: +```shell +cd chart +helm dependency list $dir 2> /dev/null | tail +2 | head -n -1 | awk '{ print "helm repo add " $1 " " $3 }' | while read cmd; do $cmd; done; +cd ../ +``` + +3. Create the calckey helm release (also used to update existing deployment): +```shell +helm upgrade \ + --install \ + --namespace calckey \ + --create-namespace \ + calckey chart/ \ + -f .config/helm_values.yml +``` + +4. Watch your calckey instance spin up: +```shell +kubectl -n calckey get po -w +``` + +5. Initial the admin user and managed config: +```shell +export CALCKEY_USERNAME="my_desired_admin_handle" && \ +export CALCKEY_PASSWORD="myDesiredInitialPassword" && \ +export CALCKEY_HOST="calckey.example.com" && \ +export CALCKEY_TOKEN=$(curl -X POST https://$CALCKEY_HOST/api/admin/accounts/create -H "Content-Type: application/json" -d "{ \"username\":\"$CALCKEY_USERNAME\", \"password\":\"$CALCKEY_PASSWORD\" }" | jq -r '.token') && \ +echo "Save this token: ${CALCKEY_TOKEN}" && \ +curl -X POST -H "Authorization: Bearer $CALCKEY_TOKEN" https://$CALCKEY_HOST/api/admin/accounts/hosted +``` + +6. Enjoy! From a7e361da6c5c47aa7c90c621a6d2e99c0b89fd02 Mon Sep 17 00:00:00 2001 From: Lily Cohen Date: Wed, 10 May 2023 16:17:05 -0700 Subject: [PATCH 2/2] adding example config --- .config/helm_values_example.yml | 82 +++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 .config/helm_values_example.yml diff --git a/.config/helm_values_example.yml b/.config/helm_values_example.yml new file mode 100644 index 0000000000..b600eb8aa9 --- /dev/null +++ b/.config/helm_values_example.yml @@ -0,0 +1,82 @@ +replicaCount: 1 + +resources: + requests: + cpu: 0.5 + memory: 512Mi + limits: + cpu: 1 + memory: 1Gi + +calckey: + domain: example.tld + smtp: + from_address: noreply@example.tld + port: 587 + server: smtp.gmail.com + useImplicitSslTls: false + login: me@example.tld + password: CHANGEME + objectStorage: + baseUrl: https://example-bucket.nyc3.cdn.digitaloceanspaces.com + access_key: CHANGEME + access_secret: CHANGEME + bucket: example-bucket + endpoint: nyc3.digitaloceanspaces.com:443 + region: nyc3 + allowedPrivateNetworks: [] + +ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt + hosts: + - host: example.tld + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: example-tld-certificate + hosts: + - example.tld + +elasticsearch: + enabled: false + +postgresql: + auth: + password: CHANGEME + postgresPassword: CHANGEME + primary: + persistence: + enabled: true + storageClass: vultr-block-storage + size: 25Gi + resources: + requests: + cpu: 0.25 + memory: 256Mi + limits: + cpu: 0.5 + memory: 512Mi + metrics: + enabled: true + +redis: + auth: + password: CHANGEME + master: + resources: + requests: + cpu: 0.25 + memory: 256Mi + limits: + cpu: 0.5 + memory: 256Mi + persistence: + storageclass: vultr-block-storage + size: 10Gi + replica: + replicaCount: 0 + metrics: + enabled: true