DevOps/helm-pixelfed
2
0
Fork 0
Code Issues Pull Requests Actions 30 Packages Projects Releases 1 Wiki Activity

Merge pull request #1 from small-hack/add-env-vars

Browse Source 
add all initial env vars for configuring pixelfed
This commit is contained in:
Jesse Hitch
2024-12-29 23:59:35 +01:00
committed by GitHub
parent e17115da77 6cbd9a3f09
commit 6a36978f0c
12 changed files with 922 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/ci-helm-lint-test.yml
+8 -34
View File
@@ -21,6 +21,10 @@ jobs:
- name: Install Helm
uses: azure/setup-helm@v4
- name: Add dependency chart repos
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.1
@@ -50,6 +54,10 @@ jobs:
- name: Install Helm
uses: azure/setup-helm@v4
- name: Add dependency chart repos
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.1
@@ -70,37 +78,3 @@ jobs:
if: steps.list-changed.outputs.changed == 'true'
run: |
ct install --target-branch ${{ github.event.repository.default_branch }}
test_user_creation:
name: Test chart with user creation
runs-on: ubuntu-latest
needs: lint
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: "0"
- name: Install Helm
uses: azure/setup-helm@v4
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.1
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Create kind cluster
uses: helm/kind-action@v1.10.0
if: steps.list-changed.outputs.changed == 'true'
- name: Run chart-testing (install with user creation)
id: install
if: steps.list-changed.outputs.changed == 'true'
run: |
ct install --target-branch ${{ github.event.repository.default_branch }}
charts/pixelfed/Chart.lock
+9
View File
@@ -0,0 +1,9 @@
dependencies:
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 16.3.4
- name: valkey
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.2.1
digest: sha256:6ddd2457b1d98b322978cb171e46195627cd3c46fb141e9f0a21b97ad54c4148
generated: "2024-12-29T22:53:47.065327+01:00"
charts/pixelfed/Chart.yaml
+18 -2
View File
@@ -15,8 +15,24 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
version: 0.2.0
# This is the version number of the application being deployed.
# image=ghcr.io/mattlqx/docker-pixelfed
# renovate:image=ghcr.io/mattlqx/docker-pixelfed
appVersion: "v0.12.3-nginx"
maintainers:
- name: "jessebot"
email: "jessebot@linux.com"
url: "https://github.com/jessebot"
dependencies:
- name: postgresql
version: 16.3.4
repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled
- name: valkey
version: 2.2.1
repository: oci://registry-1.docker.io/bitnamicharts
condition: valkey.enabled
charts/pixelfed/README.md
+143 -2
View File
@@ -1,9 +1,22 @@
# pixelfed
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.12.3-nginx](https://img.shields.io/badge/AppVersion-v0.12.3--nginx-informational?style=flat-square)
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.12.3-nginx](https://img.shields.io/badge/AppVersion-v0.12.3--nginx-informational?style=flat-square)
A Helm chart for deploying Pixelfed on Kubernetes
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| jessebot | <jessebot@linux.com> | <https://github.com/jessebot> |
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| oci://registry-1.docker.io/bitnamicharts | postgresql | 16.3.4 |
| oci://registry-1.docker.io/bitnamicharts | valkey | 2.2.1 |
## Values
| Key | Type | Default | Description |
@@ -13,6 +26,28 @@ A Helm chart for deploying Pixelfed on Kubernetes
| autoscaling.maxReplicas | int | `100` | |
| autoscaling.minReplicas | int | `1` | |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| externalDatabase.connection | string | `"psql"` | options: sqlite mysql pgsql sqlsrv |
| externalDatabase.database | string | `"pixelfed"` | |
| externalDatabase.enabled | bool | `false` | enable using an external mysql or postgresql cluster |
| externalDatabase.existingSecret | string | `""` | get database credentials from an existing Kubernetes Secret |
| externalDatabase.existingSecretKeys.database | string | `"pixelfed"` | key in existing Kubernetes Secret for database. If set, ignores externalDatabase.database |
| externalDatabase.existingSecretKeys.host | string | `""` | key in existing Kubernetes Secret for host. If set, ignores externalDatabase.host |
| externalDatabase.existingSecretKeys.password | string | `""` | key in existing Kubernetes Secret for password. If set, ignores externalDatabase.password |
| externalDatabase.existingSecretKeys.port | string | `""` | key in existing Kubernetes Secret for port. If set, ignores externalDatabase.port |
| externalDatabase.existingSecretKeys.username | string | `""` | key in existing Kubernetes Secret for username. If set, ignores externalDatabase.username |
| externalDatabase.host | string | `""` | |
| externalDatabase.password | string | `""` | |
| externalDatabase.port | int | `3306` | |
| externalDatabase.username | string | `""` | |
| externalValkey.client | string | `"phpredis"` | |
| externalValkey.enabled | bool | `false` | enable using an external valkey or redis cluster |
| externalValkey.existingSecret | string | `""` | get valkey credentials from an existing Kubernetes Secret |
| externalValkey.existingSecretKeys.host | string | `""` | key in existing Kubernetes Secret for host. If set, ignores externalValkey.host |
| externalValkey.existingSecretKeys.password | string | `""` | key in existing Kubernetes Secret for password. If set, ignores externalValkey.password |
| externalValkey.host | string | `"valkey"` | |
| externalValkey.password | string | `"null"` | |
| externalValkey.port | string | `"6379"` | |
| externalValkey.scheme | string | `"tcp"` | |
| fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. |
| image.registry | string | `"ghcr.io"` | |
@@ -30,9 +65,97 @@ A Helm chart for deploying Pixelfed on Kubernetes
| livenessProbe.httpGet.port | string | `"http"` | |
| nameOverride | string | `""` | This is to override the chart name. |
| nodeSelector | object | `{}` | |
| pixelfed.account_deletion | bool | `true` | Enable account deletion (may be a requirement in some jurisdictions) |
| pixelfed.activity_pub.enabled | bool | `false` | |
| pixelfed.activity_pub.inbox | bool | `false` | |
| pixelfed.activity_pub.outbox | bool | `false` | |
| pixelfed.activity_pub.remote_follow | bool | `false` | |
| pixelfed.activity_pub.sharedinbox | bool | `false` | |
| pixelfed.admin_domain | string | `""` | domain of admin interface |
| pixelfed.app.domain | string | `""` | The domain of your server, without https:// |
| pixelfed.app.env | string | `"production"` | The app environment, keep it set to "production" |
| pixelfed.app.locale | string | `"en"` | change this to the language code of your pixelfed instance |
| pixelfed.app.name | string | `"Pixelfed"` | The name of your server/instance |
| pixelfed.app.url | string | `"https://localhost"` | change this to the domain of your pixelfed instance |
| pixelfed.atom_feeds | string | `"true"` | https://docs.pixelfed.org/technical-documentation/config/#atom_feeds |
| pixelfed.db_apply_new_migrations_automatically | bool | `false` | |
| pixelfed.enable_config_cache | bool | `true` | Enable the config cache to allow you to manage settings via the admin dashboard |
| pixelfed.enforce_email_verification | bool | `true` | Enforce email verification |
| pixelfed.exp_emc | bool | `true` | Experimental Configuration |
| pixelfed.force_https_urls | bool | `true` | Force https url generation |
| pixelfed.image_quality | int | `80` | Set the image optimization quality, between 1-100. Lower uses less space, higher more quality |
| pixelfed.instance.contact_email | string | `""` | The public contact email for your server |
| pixelfed.instance.contact_form | bool | `false` | enable the instance contact form |
| pixelfed.instance.cur_reg | bool | `false` | Enable Curated Registration |
| pixelfed.instance.description | string | `"Pixelfed - Photo sharing for everyone"` | your server description |
| pixelfed.instance.discover_public | bool | `false` | Enable public access to the Discover feature |
| pixelfed.instance.landing.show_directory | bool | `true` | Enable the profile directory on the landing page |
| pixelfed.instance.landing.show_explore | bool | `true` | Enable the popular post explore on the landing page |
| pixelfed.instance.post_embeds | bool | `true` | Enable the post embed feature |
| pixelfed.instance.profile_embeds | bool | `true` | Enable the profile embed feature |
| pixelfed.instance.public_hashtags | bool | `false` | Allow anonymous access to hashtag feeds |
| pixelfed.instance.reports.email_addresses | list | `[]` | A list of email addresses to deliver admin reports to |
| pixelfed.instance.reports.email_autospam | bool | `false` | Enable autospam reports (require INSTANCE_REPORTS_EMAIL_ENABLED) |
| pixelfed.instance.reports.email_enabled | bool | `false` | Send a report email to the admin account for new autospam/reports |
| pixelfed.instance.show_peers | bool | `false` | Enable the api/v1/peers API endpoint |
| pixelfed.mail.driver | string | `"smtp"` | options: "smtp" (default), "sendmail", "mailgun", "mandrill", "ses" "sparkpost", "log", "array" |
| pixelfed.mail.encryption | string | `"tls"` | |
| pixelfed.mail.existingSecret | string | `""` | name of an existing Kubernetes Secret for mail credentials |
| pixelfed.mail.existingSecretKeys.host | string | `""` | key in existing Kubernetes Secret for host. If set, ignores mail.host |
| pixelfed.mail.existingSecretKeys.password | string | `""` | key in existing Kubernetes Secret for password. If set, ignores mail.password |
| pixelfed.mail.existingSecretKeys.port | string | `""` | key in existing Kubernetes Secret for port. If set, ignores mail.port |
| pixelfed.mail.existingSecretKeys.username | string | `""` | key in existing Kubernetes Secret for username. If set, ignores mail.username |
| pixelfed.mail.from_address | string | `"pixelfed@example.com"` | |
| pixelfed.mail.from_name | string | `"Pixelfed"` | |
| pixelfed.mail.host | string | `"smtp.mailtrap.io"` | |
| pixelfed.mail.password | string | `""` | |
| pixelfed.mail.port | int | `2525` | |
| pixelfed.mail.username | string | `""` | |
| pixelfed.max_account_size | int | `1000000` | The max allowed account size in KB |
| pixelfed.max_album_length | int | `6` | The max number of media per post album |
| pixelfed.max_avatar_size | int | `2000` | The max user avatar size in KB |
| pixelfed.max_bio_length | int | `256` | The max user bio length |
| pixelfed.max_caption_length | int | `1000` | The max post caption length |
| pixelfed.max_name_length | int | `32` | The max user display name length |
| pixelfed.max_photo_size | int | `15000` | The max photo/video size in KB |
| pixelfed.min_password_length | int | `16` | The min password length |
| pixelfed.nodeinfo | string | `"true"` | https://docs.pixelfed.org/technical-documentation/config/#nodeinfo |
| pixelfed.oauth_enabled | bool | `true` | Enable oAuth support, required for mobile/3rd party apps |
| pixelfed.open_registration | bool | `true` | Enable open registration for new accounts |
| pixelfed.pf.admin_invites_enabled | bool | `true` | Enable the Admin Invites feature |
| pixelfed.pf.enable_cloud | bool | `false` | Enable S3/Object Storage |
| pixelfed.pf.enforce_max_users | int | `2000` | in KB |
| pixelfed.pf.hide_nsfw_on_public_feeds | bool | `false` | Hide sensitive posts from public/network feeds |
| pixelfed.pf.local_avatar_to_cloud | bool | `false` | Store local avatars on S3 (Requires S3) |
| pixelfed.pf.max_collection_length | int | `100` | Max collection post limit |
| pixelfed.pf.max_domain_blocks | int | `50` | The max number of domain blocks per account |
| pixelfed.pf.max_user_blocks | int | `50` | The max number of user blocks per account |
| pixelfed.pf.max_user_mutes | int | `50` | The max number of user mutes per account |
| pixelfed.pf.max_users | int | `1000` | Limit max user registrations |
| pixelfed.pf.optimize_images | bool | `true` | Enable image optimization |
| pixelfed.pf.optimize_videos | bool | `true` | Enable video optimization |
| pixelfed.s3.access_key_id | string | `""` | s3 access_key_id. ignored if s3.existingSecretKeys.access_key_id is set |
| pixelfed.s3.bucket | string | `""` | s3 bucket |
| pixelfed.s3.endpoint | string | `""` | s3 endpoint excluding protocol such as s3.domain.com |
| pixelfed.s3.existingSecret | string | `""` | name of an existing Kubernetes Secret for s3 credentials |
| pixelfed.s3.existingSecretKeys.access_key_id | string | `""` | key in existing Kubernetes Secret for access_key_id. If set, ignores s3.access_key_id |
| pixelfed.s3.existingSecretKeys.endpoint | string | `""` | key in existing Kubernetes Secret for endpoint. If set, ignores s3.endpoint |
| pixelfed.s3.existingSecretKeys.secret_access_key | string | `""` | key in existing Kubernetes Secret for secret_access_key. If set, ignores s3.secret_access_key |
| pixelfed.s3.existingSecretKeys.url | string | `""` | key in existing Kubernetes Secret for url. If set, ignores s3.url |
| pixelfed.s3.region | string | `""` | s3 region |
| pixelfed.s3.secret_access_key | string | `""` | s3 secret_access_key. ignored if s3.existingSecretKeys.secret_access_key is set |
| pixelfed.s3.url | string | `""` | s3 url including protocol such as https://s3.domain.com |
| pixelfed.s3.use_path_style_endpoint | bool | `false` | use S3 path type instead of using a DNS subdomain |
| pixelfed.session_domain | string | `""` | domain of session? |
| pixelfed.stories_enabled | bool | `false` | Enable the Stories feature |
| pixelfed.timezone | string | `"europe/amsterdam"` | timezone for docker container |
| pixelfed.trusted_proxies | string | `"*"` | trusted proxies |
| pixelfed.webfinger | string | `"true"` | https://docs.pixelfed.org/technical-documentation/config/#webfinger |
| podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
| podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
| podSecurityContext | object | `{}` | |
| postgresql.enabled | bool | `true` | enable the bundled postgresql sub chart from Bitnami. Must set to true if externalDatabase.enabled=false |
| postgresql.fullnameOverride | string | `"postgresql"` | |
| readinessProbe.httpGet.path | string | `"/"` | |
| readinessProbe.httpGet.port | string | `"http"` | |
| replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
@@ -45,8 +168,26 @@ A Helm chart for deploying Pixelfed on Kubernetes
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | |
| valkey.auth.enabled | bool | `true` | |
| valkey.auth.existingSecret | string | `""` | |
| valkey.auth.existingSecretPasswordKey | string | `"password"` | |
| valkey.auth.metrics.enabled | bool | `false` | |
| valkey.auth.persistentVolumeClaimRetentionPolicy.enabled | bool | `true` | |
| valkey.auth.persistentVolumeClaimRetentionPolicy.whenDeleted | string | `"Retain"` | |
| valkey.auth.persistentVolumeClaimRetentionPolicy.whenScaled | string | `"Retain"` | |
| valkey.auth.primary.persistence.enabled | bool | `true` | |
| valkey.auth.primary.persistence.existingClaim | string | `""` | |
| valkey.auth.replica.persistence.enabled | bool | `true` | |
| valkey.auth.replica.persistence.existingClaim | string | `""` | |
| valkey.auth.resourcesPreset | string | `"small"` | |
| valkey.auth.tls.authClients | bool | `true` | |
| valkey.auth.tls.autoGenerated | bool | `false` | |
| valkey.auth.tls.enabled | bool | `false` | |
| valkey.enabled | bool | `true` | enable the bundled valkey sub chart from Bitnami. Must set to true if externalValkey.enabled=false |
| valkey.fullnameOverride | string | `"valkey"` | |
| valkey.global.storageClass | string | `""` | |
| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. |
| volumes | list | `[]` | Additional volumes on the output Deployment definition. |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
charts/pixelfed/charts/postgresql-16.3.4.tgz
BIN
View File
Binary file not shown.
charts/pixelfed/charts/valkey-2.2.1.tgz
BIN
View File
Binary file not shown.
charts/pixelfed/templates/configmap.yaml
+115
View File
@@ -0,0 +1,115 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: pixelfed-env
data:
env: |-
# app config vars
APP_NAME={{ .Values.pixelfed.app.name }}
APP_ENV={{ .Values.pixelfed.app.env }}
APP_URL={{ .Values.pixelfed.app.url }}
APP_LOCALE={{ .Values.pixelfed.app.locale }}
{{- with .Values.pixelfed.app.domain }}
APP_DOMAIN={{ . }}
{{- end }}
# registration related env vars
OPEN_REGISTRATION={{ .Values.pixelfed.open_registration | quote }}
ENFORCE_EMAIL_VERIFICATION={{ .Values.pixelfed.enforce_email_verification | quote }}
ACCOUNT_DELETION={{ .Values.pixelfed.account_deletion | quote }}
OAUTH_ENABLED={{ .Values.pixelfed.oauth_enabled | quote }}
MIN_PASSWORD_LENGTH={{ .Values.pixelfed.min_password_length | quote }}
MAX_ACCOUNT_SIZE={{ .Values.pixelfed.max_account_size | quote }}
MAX_PHOTO_SIZE={{ .Values.pixelfed.max_photo_size | quote }}
MAX_AVATAR_SIZE={{ .Values.pixelfed.max_avatar_size | quote }}
MAX_CAPTION_LENGTH={{ .Values.pixelfed.max_caption_length | quote }}
MAX_BIO_LENGTH={{ .Values.pixelfed.max_bio_length | quote }}
MAX_NAME_LENGTH={{ .Values.pixelfed.max_name_length | quote }}
MAX_ALBUM_LENGTH={{ .Values.pixelfed.max_album_length | quote }}
FORCE_HTTPS_URLS={{ .Values.pixelfed.force_https_urls | quote }}
# misc
STORIES_ENABLED={{ .Values.pixelfed.stories_enabled | quote }}
ENABLE_CONFIG_CACHE={{ .Values.pixelfed.enable_config_cache | quote }}
IMAGE_QUALITY={{ .Values.pixelfed.image_quality | quote }}
# instance wide configuration
INSTANCE_DESCRIPTION={{ .Values.pixelfed.instance.description }}
INSTANCE_CONTACT_FORM={{ .Values.pixelfed.instance.contact_form | quote }}
INSTANCE_DISCOVER_PUBLIC={{ .Values.pixelfed.instance.discover_public | quote }}
INSTANCE_PUBLIC_HASHTAGS={{ .Values.pixelfed.instance.public_hashtags | quote }}
{{- with .Values.pixelfed.instance.contact_email }}
INSTANCE_CONTACT_EMAIL={{ .Values.pixelfed.instance.contact_email }}
{{- end }}
INSTANCE_PROFILE_EMBEDS={{ .Values.pixelfed.instance.profile_embeds | quote }}
INSTANCE_POST_EMBEDS={{ .Values.pixelfed.instance.post_embeds | quote }}
INSTANCE_REPORTS_EMAIL_ENABLED={{ .Values.pixelfed.instance.reports.email_enabled | quote }}
{{- with .Values.pixelfed.instance.reports.email_addresses }}
INSTANCE_REPORTS_EMAIL_ADDRESSES={{ join "," . }}
{{- end }}
INSTANCE_REPORTS_EMAIL_AUTOSPAM={{ .Values.pixelfed.instance.reports.email_autospam | quote }}
INSTANCE_LANDING_SHOW_DIRECTORY={{ .Values.pixelfed.instance.landing.show_directory | quote }}
INSTANCE_LANDING_SHOW_EXPLORE={{ .Values.pixelfed.instance.landing.show_explore | quote }}
INSTANCE_CUR_REG={{ .Values.pixelfed.instance.cur_reg | quote }}
INSTANCE_SHOW_PEERS={{ .Values.pixelfed.instance.show_peers | quote }}
# pixelfed config
PF_HIDE_NSFW_ON_PUBLIC_FEEDS={{ .Values.pixelfed.pf.hide_nsfw_on_public_feeds | quote }}
PF_LOCAL_AVATAR_TO_CLOUD={{ .Values.pixelfed.pf.local_avatar_to_cloud | quote }}
PF_ADMIN_INVITES_ENABLED={{ .Values.pixelfed.pf.admin_invites_enabled | quote }}
PF_MAX_USER_BLOCKS={{ .Values.pixelfed.pf.max_user_blocks | quote }}
PF_MAX_USER_MUTES={{ .Values.pixelfed.pf.max_user_mutes | quote }}
PF_MAX_DOMAIN_BLOCKS={{ .Values.pixelfed.pf.max_domain_blocks | quote }}
PF_ENABLE_CLOUD={{ .Values.pixelfed.pf.enable_cloud | quote }}
PF_MAX_USERS={{ .Values.pixelfed.pf.max_users | quote }}
PF_ENFORCE_MAX_USERS={{ .Values.pixelfed.pf.enforce_max_users | quote }}
PF_OPTIMIZE_IMAGES={{ .Values.pixelfed.pf.optimize_images | quote }}
PF_OPTIMIZE_VIDEOS={{ .Values.pixelfed.pf.optimize_videos | quote }}
PF_MAX_COLLECTION_LENGTH={{ .Values.pixelfed.pf.max_collection_length | quote }}
# Laravel Configuration
SESSION_DRIVER="redis"
CACHE_DRIVER="redis"
QUEUE_DRIVER="redis"
BROADCAST_DRIVER="log"
LOG_CHANNEL="stack"
HORIZON_PREFIX="horizon-"
# activity pub
ACTIVITY_PUB={{ .Values.pixelfed.activity_pub.enabled | quote }}
AP_REMOTE_FOLLOW={{ .Values.pixelfed.activity_pub.remote_follow | quote }}
AP_SHAREDINBOX={{ .Values.pixelfed.activity_pub.sharedinbox | quote }}
AP_INBOX={{ .Values.pixelfed.activity_pub.inbox | quote }}
AP_OUTBOX={{ .Values.pixelfed.activity_pub.outbox | quote }}
# redis
{{- with .Values.externalValkey.host }}
REDIS_HOST={{ . }}
{{- end }}
{{- with .Values.externalValkey.port }}
REDIS_PORT={{ . }}
{{- end }}
{{- with .Values.externalValkey.password }}
REDIS_PASSWORD={{ . }}
{{- end }}
# mail
MAIL_DRIVER="smtp"
MAIL_HOST="smtp.mailgun.org"
MAIL_PORT="587"
MAIL_FROM_ADDRESS="__CHANGE_ME__"
MAIL_FROM_NAME="${APP_NAME}"
MAIL_USERNAME=""
MAIL_PASSWORD=""
MAIL_ENCRYPTION="tls"
# db
DB_CONNECTION="pgsql"
DB_HOST="db"
DB_USERNAME="pixelfed"
DB_PASSWORD=
DB_DATABASE="pixelfed_prod"
DB_PORT="3306"
DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="false"
charts/pixelfed/templates/deployment.yaml
+276 -1
View File
@@ -34,12 +34,287 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
env:
# app data
- name: APP_NAME
value: {{ .Values.pixelfed.app.name }}
- name: APP_ENV
value: {{ .Values.pixelfed.app.env }}
- name: APP_URL
value: {{ .Values.pixelfed.app.url }}
- name: APP_LOCALE
value: {{ .Values.pixelfed.app.locale }}
{{- with .Values.pixelfed.app.domain }}
- name: APP_DOMAIN
value: {{ . }}
{{- end }}
# registration related
- name: OPEN_REGISTRATION
value: {{ .Values.pixelfed.open_registration | quote }}
- name: ENFORCE_EMAIL_VERIFICATION
value: {{ .Values.pixelfed.enforce_email_verification | quote }}
- name: IMAGE_QUALITY
value: {{ .Values.pixelfed.image_quality | quote }}
- name: ACCOUNT_DELETION
value: {{ .Values.pixelfed.account_deletion | quote }}
- name: OAUTH_ENABLED
value: {{ .Values.pixelfed.oauth_enabled | quote }}
# limits
- name: MIN_PASSWORD_LENGTH
value: {{ .Values.pixelfed.min_password_length | quote }}
- name: MAX_ACCOUNT_SIZE
value: {{ .Values.pixelfed.max_account_size | quote }}
- name: MAX_PHOTO_SIZE
value: {{ .Values.pixelfed.max_photo_size | quote }}
- name: MAX_AVATAR_SIZE
value: {{ .Values.pixelfed.max_avatar_size | quote }}
- name: MAX_CAPTION_LENGTH
value: {{ .Values.pixelfed.max_caption_length | quote }}
- name: MAX_BIO_LENGTH
value: {{ .Values.pixelfed.max_bio_length | quote }}
- name: MAX_NAME_LENGTH
value: {{ .Values.pixelfed.max_name_length | quote }}
- name: MAX_ALBUM_LENGTH
value: {{ .Values.pixelfed.max_album_length | quote }}
- name: FORCE_HTTPS_URLS
value: {{ .Values.pixelfed.force_https_urls | quote }}
- name: STORIES_ENABLED
value: {{ .Values.pixelfed.stories_enabled | quote }}
- name: ENABLE_CONFIG_CACHE
value: {{ .Values.pixelfed.enable_config_cache | quote }}
# instance config
- name: INSTANCE_DESCRIPTION
value: {{ .Values.pixelfed.instance.description }}
- name: INSTANCE_CONTACT_FORM
value: {{ .Values.pixelfed.instance.contact_form | quote }}
- name: INSTANCE_DISCOVER_PUBLIC
value: {{ .Values.pixelfed.instance.discover_public | quote }}
- name: INSTANCE_PUBLIC_HASHTAGS
value: {{ .Values.pixelfed.instance.public_hashtags | quote }}
{{- with .Values.pixelfed.instance.contact_email }}
- name: INSTANCE_CONTACT_EMAIL
value: {{ .Values.pixelfed.instance.contact_email }}
{{- end }}
- name: INSTANCE_PROFILE_EMBEDS
value: {{ .Values.pixelfed.instance.profile_embeds | quote }}
- name: INSTANCE_POST_EMBEDS
value: {{ .Values.pixelfed.instance.post_embeds | quote }}
- name: INSTANCE_REPORTS_EMAIL_ENABLED
value: {{ .Values.pixelfed.instance.reports.email_enabled | quote }}
{{- with .Values.pixelfed.instance.reports.email_addresses }}
- name: INSTANCE_REPORTS_EMAIL_ADDRESSES
value: {{ join "," . }}
{{- end }}
- name: INSTANCE_REPORTS_EMAIL_AUTOSPAM
value: {{ .Values.pixelfed.instance.reports.email_autospam | quote }}
- name: INSTANCE_LANDING_SHOW_DIRECTORY
value: {{ .Values.pixelfed.instance.landing.show_directory | quote }}
- name: INSTANCE_LANDING_SHOW_EXPLORE
value: {{ .Values.pixelfed.instance.landing.show_explore | quote }}
- name: INSTANCE_CUR_REG
value: {{ .Values.pixelfed.instance.cur_reg | quote }}
- name: INSTANCE_SHOW_PEERS
value: {{ .Values.pixelfed.instance.show_peers | quote }}
# public feed
- name: PF_HIDE_NSFW_ON_PUBLIC_FEEDS
value: {{ .Values.pixelfed.pf.hide_nsfw_on_public_feeds | quote }}
- name: PF_LOCAL_AVATAR_TO_CLOUD
value: {{ .Values.pixelfed.pf.local_avatar_to_cloud | quote }}
- name: PF_ADMIN_INVITES_ENABLED
value: {{ .Values.pixelfed.pf.admin_invites_enabled | quote }}
- name: PF_MAX_USER_BLOCKS
value: {{ .Values.pixelfed.pf.max_user_blocks | quote }}
- name: PF_MAX_USER_MUTES
value: {{ .Values.pixelfed.pf.max_user_mutes | quote }}
- name: PF_MAX_DOMAIN_BLOCKS
value: {{ .Values.pixelfed.pf.max_domain_blocks | quote }}
- name: PF_ENABLE_CLOUD
value: {{ .Values.pixelfed.pf.enable_cloud | quote }}
- name: PF_MAX_USERS
value: {{ .Values.pixelfed.pf.max_users | quote }}
- name: PF_ENFORCE_MAX_USERS
value: {{ .Values.pixelfed.pf.enforce_max_users | quote }}
- name: PF_OPTIMIZE_IMAGES
value: {{ .Values.pixelfed.pf.optimize_images | quote }}
- name: PF_OPTIMIZE_VIDEOS
value: {{ .Values.pixelfed.pf.optimize_videos | quote }}
- name: PF_MAX_COLLECTION_LENGTH
value: {{ .Values.pixelfed.pf.max_collection_length | quote }}
# Laravel Configuration
- name: SESSION_DRIVER
value: "database"
- name: CACHE_DRIVER
value: "redis"
- name: QUEUE_DRIVER
value: "redis"
- name: BROADCAST_DRIVER
value: "log"
- name: LOG_CHANNEL
value: "stack"
- name: HORIZON_PREFIX
value: "horizon-"
# activity pub
- name: ACTIVITY_PUB
value: {{ .Values.pixelfed.activity_pub.enabled | quote }}
- name: AP_REMOTE_FOLLOW
value: {{ .Values.pixelfed.activity_pub.remote_follow | quote }}
- name: AP_SHAREDINBOX
value: {{ .Values.pixelfed.activity_pub.sharedinbox | quote }}
- name: AP_INBOX
value: {{ .Values.pixelfed.activity_pub.inbox | quote }}
- name: AP_OUTBOX
value: {{ .Values.pixelfed.activity_pub.outbox | quote }}
# redis
- name: REDIS_HOST
valueFrom:
secretKeyRef:
{{- if .Values.externalValkey.existingSecret }}
name: {{ .Values.externalValkey.existingSecret }}
key: {{ .Values.externalValkey.existingSecretKeys.host }}
{{- else }}
name: pixelfed-valkey
key: host
{{- end }}
- name: REDIS_PORT
valueFrom:
secretKeyRef:
{{- if .Values.externalValkey.existingSecret }}
name: {{ .Values.externalValkey.existingSecret }}
key: {{ .Values.externalValkey.existingSecretKeys.port }}
{{- else }}
name: pixelfed-valkey
key: port
{{- end }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.externalValkey.existingSecret }}
name: {{ .Values.externalValkey.existingSecret }}
key: {{ .Values.externalValkey.existingSecretKeys.password }}
{{- else }}
name: pixelfed-valkey
key: password
{{- end }}
# mail
- name: MAIL_DRIVER
value: "{{ .Values.pixelfed.mail.driver }}"
- name: MAIL_HOST
valueFrom:
secretKeyRef:
{{- if .Values.pixelfed.mail.existingSecret }}
name: {{ .Values.pixelfed.mail.existingSecret }}
key: {{ .Values.pixelfed.mail.existingSecretKeys.host }}
{{- else }}
name: pixelfed-mail
key: host
{{- end }}
- name: MAIL_PORT
valueFrom:
secretKeyRef:
{{- if .Values.pixelfed.mail.existingSecret }}
name: {{ .Values.pixelfed.mail.existingSecret }}
key: {{ .Values.pixelfed.mail.existingSecretKeys.port }}
{{- else }}
name: pixelfed-mail
key: port
{{- end }}
- name: MAIL_FROM_ADDRESS
value: "{{ .Values.pixelfed.mail.from_address }}"
- name: MAIL_FROM_NAME
value: "{{ .Values.pixelfed.mail.from_name }}"
- name: MAIL_USERNAME
valueFrom:
secretKeyRef:
{{- if .Values.pixelfed.mail.existingSecret }}
name: {{ .Values.pixelfed.mail.existingSecret }}
key: {{ .Values.pixelfed.mail.existingSecretKeys.username }}
{{- else }}
name: pixelfed-mail
key: username
{{- end }}
- name: MAIL_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.pixelfed.mail.existingSecret }}
name: {{ .Values.pixelfed.mail.existingSecret }}
key: {{ .Values.pixelfed.mail.existingSecretKeys.password }}
{{- else }}
name: pixelfed-mail
key: password
{{- end }}
- name: MAIL_ENCRYPTION
value: "{{ .Values.pixelfed.mail.encryption }}"
# database configuration
- name: DB_CONNECTION
value: {{ .Values.externalDatabase.connection }}
- name: DB_HOST
valueFrom:
secretKeyRef:
{{- if .Values.externalDatabase.existingSecret }}
name: {{ .Values.externalDatabase.existingSecret }}
key: {{ .Values.externalDatabase.existingSecretKeys.username }}
{{- else }}
name: pixelfed-database
key: host
{{- end }}
- name: DB_USERNAME
valueFrom:
secretKeyRef:
{{- if .Values.externalDatabase.existingSecret }}
name: {{ .Values.externalDatabase.existingSecret }}
key: {{ .Values.externalDatabase.existingSecretKeys.username }}
{{- else }}
name: pixelfed-database
key: username
{{- end }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.externalDatabase.existingSecret }}
name: {{ .Values.externalDatabase.existingSecret }}
key: {{ .Values.externalDatabase.existingSecretKeys.username }}
{{- else }}
name: pixelfed-database
key: password
{{- end }}
- name: DB_DATABASE
valueFrom:
secretKeyRef:
{{- if .Values.externalDatabase.existingSecret }}
name: {{ .Values.externalDatabase.existingSecret }}
key: {{ .Values.externalDatabase.existingSecretKeys.username }}
{{- else }}
name: pixelfed-database
key: database
{{- end }}
- name: DB_PORT
valueFrom:
secretKeyRef:
{{- if .Values.externalDatabase.existingSecret }}
name: {{ .Values.externalDatabase.existingSecret }}
key: {{ .Values.externalDatabase.existingSecretKeys.username }}
{{- else }}
name: pixelfed-database
key: port
{{- end }}
- name: DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY
value: "{{ .Values.pixelfed.db_apply_new_migrations_automatically }}"
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
charts/pixelfed/templates/secret_database.yaml
+13
View File
@@ -0,0 +1,13 @@
{{- if and .Values.externalDatabase.enabled ( not .Values.externalDatabase.existingSecret ) }}
---
apiVersion: v1
kind: Secret
metadata:
name: pixelfed-database
data:
host: {{ .Values.externalDatabase.host }}
port: {{ .Values.externalDatabase.port }}
database: {{ .Values.externalDatabase.database }}
username: {{ .Values.externalDatabase.username }}
password: {{ .Values.externalDatabase.password }}
{{- end }}
charts/pixelfed/templates/secret_mail.yaml
+12
View File
@@ -0,0 +1,12 @@
{{- if not .Values.externalDatabase.existingSecret }}
---
apiVersion: v1
kind: Secret
metadata:
name: pixelfed-mail
data:
host: {{ .Values.pixelfed.mail.host }}
port: {{ .Values.pixelfed.mail.port }}
username: {{ .Values.pixelfed.mail.username }}
password: {{ .Values.pixelfed.mail.password }}
{{- end }}
charts/pixelfed/templates/secret_valkey.yaml
+11
View File
@@ -0,0 +1,11 @@
{{- if and .Values.externalValkey.enabled ( not .Values.externalValkey.existingSecret ) }}
---
apiVersion: v1
kind: Secret
metadata:
name: pixelfed-valkey
data:
host: {{ .Values.externalValkey.host }}
port: {{ .Values.externalValkey.port }}
password: {{ .Values.externalValkey.password }}
{{- end }}
charts/pixelfed/values.yaml
+317 -2
View File
@@ -62,8 +62,6 @@ ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
@@ -123,3 +121,320 @@ nodeSelector: {}
tolerations: []
affinity: {}
externalDatabase:
# -- enable using an external mysql or postgresql cluster
enabled: false
# -- options: sqlite mysql pgsql sqlsrv
connection: psql
host: ""
port: 3306
database: pixelfed
username: ""
password: ""
# options: disable, require, allow, prefer, verify-full
# ssl_mode: ""
# path to ssl root cert
# ssl_root_cert:
# path to ssl cert
# ssl_cert: ""
# path to ssl key
# ssl_key: ""
# -- get database credentials from an existing Kubernetes Secret
existingSecret: ""
existingSecretKeys:
# -- key in existing Kubernetes Secret for host. If set, ignores externalDatabase.host
host: ""
# -- key in existing Kubernetes Secret for port. If set, ignores externalDatabase.port
port: ""
# -- key in existing Kubernetes Secret for database. If set, ignores externalDatabase.database
database: pixelfed
# -- key in existing Kubernetes Secret for username. If set, ignores externalDatabase.username
username: ""
# -- key in existing Kubernetes Secret for password. If set, ignores externalDatabase.password
password: ""
# External Redis Configuration. Use this if you set valkey.enabled: false
externalValkey:
# -- enable using an external valkey or redis cluster
enabled: false
client: "phpredis"
scheme: "tcp"
host: "valkey"
password: "null"
port: "6379"
# -- get valkey credentials from an existing Kubernetes Secret
existingSecret: ""
existingSecretKeys:
# -- key in existing Kubernetes Secret for host. If set, ignores externalValkey.host
host: ""
# -- key in existing Kubernetes Secret for password. If set, ignores externalValkey.password
password: ""
# valkey is a fork of redis with a better license
valkey:
# -- enable the bundled valkey sub chart from Bitnami.
# Must set to true if externalValkey.enabled=false
enabled: true
fullnameOverride: "valkey"
global:
storageClass: ""
# for auth, we get the valkey credentials from an ExternalSecret
auth:
enabled: true
existingSecret: ""
existingSecretPasswordKey: "password"
# TLS settings
tls:
enabled: false
authClients: true
autoGenerated: false
# primary (control plane) configuration
primary:
persistence:
enabled: true
existingClaim: ""
# valkey replica configuration
replica:
persistence:
enabled: true
existingClaim: ""
# persistnent volume retention policy for the StatefulSet
persistentVolumeClaimRetentionPolicy:
enabled: true
whenScaled: Retain
whenDeleted: Retain
metrics:
# we use a grafana exporter that logs into valkey directly
enabled: false
# definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
# Options: nano, micro, small, medium, large, xlarge, 2xlarge
# default: nano
resourcesPreset: "small"
postgresql:
# -- enable the bundled postgresql sub chart from Bitnami.
# Must set to true if externalDatabase.enabled=false
enabled: true
fullnameOverride: "postgresql"
pixelfed:
# -- Automatically run [artisan migrate --force] if new migrations are detected.
db_apply_new_migrations_automatically: false
# -- timezone for docker container
timezone: "europe/amsterdam"
# -- Experimental Configuration
exp_emc: true
# -- domain of admin interface
admin_domain: ""
# -- domain of session?
session_domain: ""
# -- trusted proxies
trusted_proxies: "*"
# app specific settings
app:
# -- The name of your server/instance
name: "Pixelfed"
# -- The app environment, keep it set to "production"
env: "production"
# -- change this to the domain of your pixelfed instance
url: "https://localhost"
# -- change this to the language code of your pixelfed instance
locale: "en"
# -- The domain of your server, without https://
domain: ""
# -- Enable open registration for new accounts
open_registration: true
# -- Enforce email verification
enforce_email_verification: true
# -- The min password length
min_password_length: 16
# -- Enable account deletion (may be a requirement in some jurisdictions)
account_deletion: true
# -- Enable oAuth support, required for mobile/3rd party apps
oauth_enabled: true
# -- Enable the Stories feature
stories_enabled: false
# -- Enable the config cache to allow you to manage settings via the admin dashboard
enable_config_cache: true
# -- Set the image optimization quality, between 1-100. Lower uses less space, higher more quality
image_quality: 80
# -- The max allowed account size in KB
max_account_size: 1000000
# -- The max photo/video size in KB
max_photo_size: 15000
# -- The max user avatar size in KB
max_avatar_size: 2000
# -- The max post caption length
max_caption_length: 1000
# -- The max user bio length
max_bio_length: 256
# -- The max user display name length
max_name_length: 32
# -- The max number of media per post album
max_album_length: 6
# -- Force https url generation
force_https_urls: true
# your whole instance, or server, settings
instance:
# -- your server description
description: "Pixelfed - Photo sharing for everyone"
# -- enable the instance contact form
contact_form: false
# -- Enable public access to the Discover feature
discover_public: false
# -- Allow anonymous access to hashtag feeds
public_hashtags: false
# -- The public contact email for your server
contact_email: ""
# -- Enable the profile embed feature
profile_embeds: true
# -- Enable the post embed feature
post_embeds: true
# -- Enable Curated Registration
cur_reg: false
# -- Enable the api/v1/peers API endpoint
show_peers: false
reports:
# -- Send a report email to the admin account for new autospam/reports
email_enabled: false
# -- A list of email addresses to deliver admin reports to
email_addresses: []
# -- Enable autospam reports (require INSTANCE_REPORTS_EMAIL_ENABLED)
email_autospam: false
landing:
# -- Enable the profile directory on the landing page
show_directory: true
# -- Enable the popular post explore on the landing page
show_explore: true
# public feed settings
pf:
# -- Hide sensitive posts from public/network feeds
hide_nsfw_on_public_feeds: false
# -- Store local avatars on S3 (Requires S3)
local_avatar_to_cloud: false
# -- Enable the Admin Invites feature
admin_invites_enabled: true
# -- The max number of user blocks per account
max_user_blocks: 50
# -- The max number of user mutes per account
max_user_mutes: 50
# -- The max number of domain blocks per account
max_domain_blocks: 50
# -- Enable S3/Object Storage
enable_cloud: false
# -- Limit max user registrations
max_users: 1000
# -- in KB
enforce_max_users: 2000
# -- Enable image optimization
optimize_images: true
# -- Enable video optimization
optimize_videos: true
# -- Max collection post limit
max_collection_length: 100
# ActivityPub Configuration
activity_pub:
enabled: false
remote_follow: false
inbox: false
outbox: false
sharedinbox: false
###########################################################
# Federation
###########################################################
# -- https://docs.pixelfed.org/technical-documentation/config/#atom_feeds
atom_feeds: "true"
# -- https://docs.pixelfed.org/technical-documentation/config/#nodeinfo
nodeinfo: "true"
# -- https://docs.pixelfed.org/technical-documentation/config/#webfinger
webfinger: "true"
# Mail Configuration (Post-Installer)
mail:
# -- options: "smtp" (default), "sendmail", "mailgun", "mandrill", "ses"
# "sparkpost", "log", "array"
driver: smtp
host: smtp.mailtrap.io
port: 2525
username: ""
password: ""
encryption: "tls"
from_address: "pixelfed@example.com"
from_name: "Pixelfed"
# -- name of an existing Kubernetes Secret for mail credentials
existingSecret: ""
existingSecretKeys:
# -- key in existing Kubernetes Secret for host. If set, ignores mail.host
host: ""
# -- key in existing Kubernetes Secret for port. If set, ignores mail.port
port: ""
# -- key in existing Kubernetes Secret for username. If set, ignores mail.username
username: ""
# -- key in existing Kubernetes Secret for password. If set, ignores mail.password
password: ""
# Mail Configuration (Post-Installer)
s3:
# -- s3 url including protocol such as https://s3.domain.com
url: ""
# -- s3 endpoint excluding protocol such as s3.domain.com
endpoint: ""
# -- s3 bucket
bucket: ""
# -- s3 region
region: ""
# -- s3 access_key_id. ignored if s3.existingSecretKeys.access_key_id is set
access_key_id: ""
# -- s3 secret_access_key. ignored if s3.existingSecretKeys.secret_access_key is set
secret_access_key: ""
# -- use S3 path type instead of using a DNS subdomain
use_path_style_endpoint: false
# -- name of an existing Kubernetes Secret for s3 credentials
existingSecret: ""
existingSecretKeys:
# -- key in existing Kubernetes Secret for url. If set, ignores s3.url
url: ""
# -- key in existing Kubernetes Secret for endpoint. If set, ignores s3.endpoint
endpoint: ""
# -- key in existing Kubernetes Secret for access_key_id. If set, ignores s3.access_key_id
access_key_id: ""
# -- key in existing Kubernetes Secret for secret_access_key. If set, ignores s3.secret_access_key
secret_access_key: ""