feat(Misskey): Add Misskey (#4315)
* Importing original chart files for misskey * update chart.yaml * Adding truecharts common library * debugging setup * Edits to password management * updated TrueNAS questions for misskey * Update to Chart.yaml * Fix chart version Signed-off-by: Sam Smucny <smucny.sam@gmail.com> * Add target port UI question * Cleanup and comment values.yaml * Addressing review comments * Apply suggestions from code review Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Addressing PR Reviews: - remove targetPort (only using port) - update image src to tccr.io - remove vestigial nextcloud values - remove auto file permissions * Update charts/incubator/misskey/values.yaml The hash value from truecharts is different than docker.io Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Sam Smucny <smucny.sam@gmail.com> * Add back targetPort in questions.yaml * Move configmap to tpl format and include in common * Move secrets into configfile templates: - remove initcontainer - update host/pass values in default.yml - remove misskeyconfig-src pvc - remove secret env vars * trim " from passwords * Add other misskey configuration options * typo * Fix indentation * adds couple more options * whoops Signed-off-by: Sam Smucny <smucny.sam@gmail.com> Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros kois <s.kois@outlook.com>
This commit is contained in:
parent
8c166ff05d
commit
bcd3cb6c09
|
@ -0,0 +1,30 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# OWNERS file for Kubernetes
|
||||
OWNERS
|
||||
# helm-docs templates
|
||||
*.gotmpl
|
||||
# docs folder
|
||||
/docs
|
||||
# icon
|
||||
icon.png
|
|
@ -0,0 +1,41 @@
|
|||
apiVersion: v2
|
||||
appVersion: "12.119.0"
|
||||
home: https://misskey-hub.net
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 10.7.13
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://charts.truecharts.org/
|
||||
version: 8.0.114
|
||||
- condition: redis.enabled
|
||||
name: redis
|
||||
repository: https://charts.truecharts.org
|
||||
version: 3.0.111
|
||||
deprecated: false
|
||||
description: "Misskey is an open source, decentralized social media platform that's free forever!"
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/misskey.png
|
||||
keywords:
|
||||
- Misskey
|
||||
- Social
|
||||
- Friend
|
||||
- Social Media
|
||||
- Fediverse
|
||||
- ActivityPub
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: misskey
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/incubator/misskey
|
||||
- https://github.com/misskey-dev/misskey/
|
||||
- https://hub.docker.com/r/misskey/misskey/
|
||||
annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
- Social
|
||||
type: application
|
||||
version: 0.0.1
|
Binary file not shown.
After Width: | Height: | Size: 9.1 KiB |
|
@ -0,0 +1,241 @@
|
|||
# Include{groups}
|
||||
portals:
|
||||
open:
|
||||
# Include{portalLink}
|
||||
questions:
|
||||
# Include{global}
|
||||
# Include{controller}
|
||||
# Include{controllerDeployment}
|
||||
# Include{replicas}
|
||||
# Include{replica1}
|
||||
# Include{strategy}
|
||||
# Include{recreate}
|
||||
# Include{controllerExpert}
|
||||
# Include{controllerExpertExtraArgs}
|
||||
- variable: misskey
|
||||
group: Container Configuration
|
||||
label: Misskey Configuration
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: url
|
||||
label: Final Accessible URL (Initial Install Only)
|
||||
description: Final accessible URL seen by a user. ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE URL SETTINGS AFTER THAT!
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: id
|
||||
label: ID Generation Method (Initial Install Only)
|
||||
description: Select the ID generation method. DO NOT CHANGE AFTER INSTANCE IS STARTED!
|
||||
schema:
|
||||
type: string
|
||||
enum:
|
||||
- value: aid
|
||||
description: Short, Millisecond accuracy
|
||||
- value: meid
|
||||
description: Similar to ObjectID, Millisecond accuracy
|
||||
- value: ulid
|
||||
description: Millisecond accuracy
|
||||
- value: objectid
|
||||
description: This is left for backward compatibility
|
||||
default: aid
|
||||
required: true
|
||||
- variable: other
|
||||
label: Other Configuration
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: disableHSTS
|
||||
label: Disable HSTS
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: signToActivityPubGet
|
||||
label: Sign to ActivityPub GET Request
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: maxFileSize
|
||||
label: Max file upload/download size (bytes)
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 262144000
|
||||
- variable: clusterLimit
|
||||
label: Cluster Limit
|
||||
description: Number of worker processes for server
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 1
|
||||
- variable: deliverJobConcurrency
|
||||
label: Deliver Job Concurrency
|
||||
description: Job concurrency per worker
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 128
|
||||
- variable: inboxJobConcurrency
|
||||
label: Inbox Job Concurrency
|
||||
description: Inbox job concurrency per worker
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 16
|
||||
- variable: deliverJobPerSec
|
||||
label: Deliver Jobs Per Second
|
||||
description: Job rate limiter
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 128
|
||||
- variable: inboxJobPerSec
|
||||
label: Inbox Jobs Per Second
|
||||
description: Inbox job rate limiter
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 16
|
||||
- variable: deliverJobMaxAttempts
|
||||
label: Max Deliver Job Attempts
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 12
|
||||
- variable: inboxJobMaxAttempts
|
||||
label: Max Inbox Job Attempts
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 8
|
||||
- variable: allowedPrivateNetworks
|
||||
label: Allowed Private Networks
|
||||
description: Automatically 127.0.0.1/32 is added
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: privateNet
|
||||
label: Private Network Entry
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: Main Service
|
||||
description: The Primary service on which the healthcheck runs, often the webUI
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorLoadBalancer}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: main
|
||||
label: Main Service Port Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: Port
|
||||
description: This port exposes the container port on the service
|
||||
schema:
|
||||
type: int
|
||||
default: 3003
|
||||
required: true
|
||||
# Include{advancedPortHTTP}
|
||||
- variable: targetPort
|
||||
label: Target Port
|
||||
description: The internal(!) port on the container the Application runs on
|
||||
schema:
|
||||
type: int
|
||||
default: 3003
|
||||
# Include{serviceExpertRoot}
|
||||
default: false
|
||||
# Include{serviceExpert}
|
||||
# Include{serviceList}
|
||||
# Include{persistenceRoot}
|
||||
- variable: misskeyconfig
|
||||
label: App configuration storage
|
||||
description: Stores the Application configuration files.
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
# Include{persistenceAdvanced}
|
||||
- variable: files
|
||||
label: Misskey file Storage
|
||||
description: Stores the Application file data.
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
# Include{persistenceAdvanced}
|
||||
# Include{persistenceList}
|
||||
# Include{ingressRoot}
|
||||
- variable: main
|
||||
label: Main Ingress
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{ingressDefault}
|
||||
# Include{ingressTLS}
|
||||
# Include{ingressTraefik}
|
||||
# Include{ingressExpert}
|
||||
# Include{ingressList}
|
||||
# Include{security}
|
||||
# Include{securityContextAdvancedRoot}
|
||||
- variable: privileged
|
||||
label: Privileged mode
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnlyRootFilesystem
|
||||
label: ReadOnly Root Filesystem
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: Allow Privilege Escalation
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: runAsNonRoot
|
||||
label: runAsNonRoot
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{podSecurityContextRoot}
|
||||
- variable: runAsUser
|
||||
label: runAsUser
|
||||
description: The UserID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: runAsGroup
|
||||
description: The groupID this App of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: fsGroup
|
||||
label: fsGroup
|
||||
description: The group that should own ALL storage.
|
||||
schema:
|
||||
type: int
|
||||
default: 33
|
||||
# Include{podSecurityContextAdvanced}
|
||||
# Include{resources}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
||||
# Include{codeserver}
|
||||
# Include{promtail}
|
||||
# Include{netshoot}
|
||||
# Include{vpn}
|
||||
# Include{documentation}
|
|
@ -0,0 +1,181 @@
|
|||
{{/* Define the configmap */}}
|
||||
{{- define "misskey.configmap" -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: misskeyconfig
|
||||
data:
|
||||
default.yml: |-
|
||||
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
||||
# Misskey configuration
|
||||
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
||||
|
||||
# ┌─────┐
|
||||
#───┘ URL └─────────────────────────────────────────────────────
|
||||
|
||||
# Final accessible URL seen by a user.
|
||||
url: {{ .Values.misskey.url }}
|
||||
|
||||
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
||||
# URL SETTINGS AFTER THAT!
|
||||
|
||||
# ┌───────────────────────┐
|
||||
#───┘ Port and TLS settings └───────────────────────────────────
|
||||
|
||||
#
|
||||
# Misskey supports two deployment options for public.
|
||||
#
|
||||
|
||||
# Option 1: With Reverse Proxy
|
||||
#
|
||||
# +----- https://example.tld/ ------------+
|
||||
# +------+ |+-------------+ +----------------+|
|
||||
# | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
|
||||
# +------+ |+-------------+ +----------------+|
|
||||
# +---------------------------------------+
|
||||
#
|
||||
# You need to setup reverse proxy. (eg. nginx)
|
||||
# You do not define 'https' section.
|
||||
|
||||
# Option 2: Standalone
|
||||
#
|
||||
# +- https://example.tld/ -+
|
||||
# +------+ | +---------------+ |
|
||||
# | User | ---> | | Misskey (443) | |
|
||||
# +------+ | +---------------+ |
|
||||
# +------------------------+
|
||||
#
|
||||
# You need to run Misskey as root.
|
||||
# You need to set Certificate in 'https' section.
|
||||
|
||||
# To use option 1, uncomment below line.
|
||||
port: {{ .Values.service.main.ports.main.port }} # A port that your Misskey server should listen.
|
||||
|
||||
# To use option 2, uncomment below lines.
|
||||
#port: 443
|
||||
|
||||
#https:
|
||||
# # path for certification
|
||||
# key: /etc/letsencrypt/live/example.tld/privkey.pem
|
||||
# cert: /etc/letsencrypt/live/example.tld/fullchain.pem
|
||||
|
||||
# ┌──────────────────────────┐
|
||||
#───┘ PostgreSQL configuration └────────────────────────────────
|
||||
|
||||
db:
|
||||
host: {{ printf "%v-%v" .Release.Name "postgresql" }}
|
||||
port: 5432
|
||||
|
||||
# Database name
|
||||
db: {{ .Values.postgresql.postgresqlDatabase }}
|
||||
|
||||
# Auth
|
||||
user: {{ .Values.postgresql.postgresqlUsername }}
|
||||
pass: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
|
||||
|
||||
# Whether disable Caching queries
|
||||
#disableCache: true
|
||||
|
||||
# Extra Connection options
|
||||
#extra:
|
||||
# ssl: true
|
||||
|
||||
# ┌─────────────────────┐
|
||||
#───┘ Redis configuration └─────────────────────────────────────
|
||||
|
||||
redis:
|
||||
host: {{ printf "%v-%v" .Release.Name "redis" }}
|
||||
port: 6379
|
||||
pass: {{ .Values.redis.redisPassword | trimAll "\"" }}
|
||||
#prefix: example-prefix
|
||||
#db: 1
|
||||
|
||||
# ┌─────────────────────────────┐
|
||||
#───┘ Elasticsearch configuration └─────────────────────────────
|
||||
|
||||
#elasticsearch:
|
||||
# host: localhost
|
||||
# port: 9200
|
||||
# ssl: false
|
||||
# user:
|
||||
# pass:
|
||||
|
||||
# ┌───────────────┐
|
||||
#───┘ ID generation └───────────────────────────────────────────
|
||||
|
||||
# You can select the ID generation method.
|
||||
# You don't usually need to change this setting, but you can
|
||||
# change it according to your preferences.
|
||||
|
||||
# Available methods:
|
||||
# aid ... Short, Millisecond accuracy
|
||||
# meid ... Similar to ObjectID, Millisecond accuracy
|
||||
# ulid ... Millisecond accuracy
|
||||
# objectid ... This is left for backward compatibility
|
||||
|
||||
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
||||
# ID SETTINGS AFTER THAT!
|
||||
|
||||
id: {{ .Values.misskey.id }}
|
||||
# ┌─────────────────────┐
|
||||
#───┘ Other configuration └─────────────────────────────────────
|
||||
|
||||
# Whether disable HSTS
|
||||
disableHsts: {{ .Values.misskey.other.disableHSTS }}
|
||||
|
||||
# Number of worker processes
|
||||
clusterLimit: {{ .Values.misskey.other.clusterLimit }}
|
||||
|
||||
# Job concurrency per worker
|
||||
deliverJobConcurrency: {{ .Values.misskey.other.deliverJobConcurrency }}
|
||||
inboxJobConcurrency: {{ .Values.misskey.other.inboxJobConcurrency }}
|
||||
|
||||
# Job rate limiter
|
||||
deliverJobPerSec: {{ .Values.misskey.other.deliverJobPerSec }}
|
||||
inboxJobPerSec: {{ .Values.misskey.other.inboxJobPerSec }}
|
||||
|
||||
# Job attempts
|
||||
deliverJobMaxAttempts: {{ .Values.misskey.other.deliverJobMaxAttempts }}
|
||||
inboxJobMaxAttempts: {{ .Values.misskey.other.inboxJobMaxAttempts }}
|
||||
|
||||
# IP address family used for outgoing request (ipv4, ipv6 or dual)
|
||||
#outgoingAddressFamily: ipv4
|
||||
|
||||
# Syslog option
|
||||
#syslog:
|
||||
# host: localhost
|
||||
# port: 514
|
||||
|
||||
# Proxy for HTTP/HTTPS
|
||||
#proxy: http://127.0.0.1:3128
|
||||
|
||||
#proxyBypassHosts: [
|
||||
# 'example.com',
|
||||
# '192.0.2.8'
|
||||
#]
|
||||
|
||||
# Proxy for SMTP/SMTPS
|
||||
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
|
||||
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
|
||||
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
|
||||
|
||||
# Media Proxy
|
||||
#mediaProxy: https://example.com/proxy
|
||||
|
||||
# Sign to ActivityPub GET request (default: false)
|
||||
signToActivityPubGet: {{ .Values.misskey.other.signToActivityPubGet }}
|
||||
|
||||
allowedPrivateNetworks: [
|
||||
'127.0.0.1/32',
|
||||
{{- range .Values.misskey.other.allowedPrivateNetworks }}
|
||||
{{ . | squote }},
|
||||
{{- end }}
|
||||
]
|
||||
|
||||
# Upload or download file size limits (bytes)
|
||||
maxFileSize: {{ .Values.misskey.other.maxFileSize }}
|
||||
|
||||
|
||||
{{- end -}}
|
|
@ -0,0 +1,8 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
|
||||
{{/* Render configmap for misskey */}}
|
||||
{{- include "misskey.configmap" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
|
@ -0,0 +1,65 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/misskey
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 12.119.0@sha256:e16467a28e7cee4442e29216a292dd725f28c3789fb1da050359c7842c2c0eec
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 33
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 3003
|
||||
|
||||
misskey:
|
||||
# Final accessible URL seen by a user. ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE URL SETTINGS AFTER THAT!
|
||||
url: "https://example.tld/"
|
||||
# ID generation method. 'aid' recommended.
|
||||
id: "aid"
|
||||
other:
|
||||
disableHSTS: false
|
||||
signToActivityPubGet: false
|
||||
maxFileSize: 262144000
|
||||
clusterLimit: 1
|
||||
deliverJobConcurrency: 128
|
||||
inboxJobConcurrency: 16
|
||||
deliverJobPerSec: 128
|
||||
inboxJobPerSec: 16
|
||||
deliverJobMaxAttempts: 12
|
||||
inboxJobMaxAttempts: 8
|
||||
allowedPrivateNetworks:
|
||||
- 127.0.0.1/32
|
||||
|
||||
env:
|
||||
# NODE_ENV = production | development
|
||||
NODE_ENV: production
|
||||
|
||||
persistence:
|
||||
misskeyconfig:
|
||||
enabled: true
|
||||
type: configMap
|
||||
objectName: misskeyconfig
|
||||
mountPath: "/misskey/.config"
|
||||
files:
|
||||
enabled: true
|
||||
mountPath: "/misskey/files"
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
existingSecret: "dbcreds"
|
||||
postgresqlUsername: misskey
|
||||
postgresqlDatabase: misskey
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
existingSecret: "rediscreds"
|
||||
|
||||
portal:
|
||||
enabled: true
|
|
@ -153,6 +153,7 @@ words:
|
|||
- mimetypes
|
||||
- minecraft
|
||||
- minio
|
||||
- Misskey
|
||||
- modelstore
|
||||
- modports
|
||||
- mongosh
|
||||
|
|
Loading…
Reference in New Issue