Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

feat(Misskey): Add Misskey (#4315) 

* Importing original chart files for misskey

* update chart.yaml

* Adding truecharts common library

* debugging setup

* Edits to password management

* updated TrueNAS questions for misskey

* Update to Chart.yaml

* Fix chart version

Signed-off-by: Sam Smucny <smucny.sam@gmail.com>

* Add target port UI question

* Cleanup and comment values.yaml

* Addressing review comments

* Apply suggestions from code review

Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>

* Addressing PR Reviews:
- remove targetPort (only using port)
- update image src to tccr.io
- remove vestigial nextcloud values
- remove auto file permissions

* Update charts/incubator/misskey/values.yaml

The hash value from truecharts is different than docker.io

Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Signed-off-by: Sam Smucny <smucny.sam@gmail.com>

* Add back targetPort in questions.yaml

* Move configmap to tpl format and include in common

* Move secrets into configfile templates:
- remove initcontainer
- update host/pass values in default.yml
- remove misskeyconfig-src pvc
- remove secret env vars

* trim " from passwords

* Add other misskey configuration options

* typo

* Fix indentation

* adds couple more options

* whoops

Signed-off-by: Sam Smucny <smucny.sam@gmail.com>
Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Stavros kois <s.kois@outlook.com>
This commit is contained in:
Sam Smucny 2022-11-09 03:28:51 -05:00 committed by GitHub
parent 8c166ff05d
commit bcd3cb6c09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 567 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
charts/incubator/misskey/.helmignore Normal file
View File

@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS
# helm-docs templates
*.gotmpl
# docs folder
/docs
# icon
icon.png

0
charts/incubator/misskey/CHANGELOG.md Normal file
View File

41
charts/incubator/misskey/Chart.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: v2
appVersion: "12.119.0"
home: https://misskey-hub.net
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.7.13
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 8.0.114
- condition: redis.enabled
name: redis
repository: https://charts.truecharts.org
version: 3.0.111
deprecated: false
description: "Misskey is an open source, decentralized social media platform that's free forever!"
icon: https://truecharts.org/img/hotlink-ok/chart-icons/misskey.png
keywords:
- Misskey
- Social
- Friend
- Social Media
- Fediverse
- ActivityPub
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: misskey
sources:
- https://github.com/truecharts/charts/tree/master/charts/incubator/misskey
- https://github.com/misskey-dev/misskey/
- https://hub.docker.com/r/misskey/misskey/
annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
- Social
type: application
version: 0.0.1

0
charts/incubator/misskey/README.md Normal file
View File

BIN
charts/incubator/misskey/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.1 KiB

241
charts/incubator/misskey/questions.yaml Normal file
View File

@ -0,0 +1,241 @@
# Include{groups}
portals:
open:
# Include{portalLink}
questions:
# Include{global}
# Include{controller}
# Include{controllerDeployment}
# Include{replicas}
# Include{replica1}
# Include{strategy}
# Include{recreate}
# Include{controllerExpert}
# Include{controllerExpertExtraArgs}
- variable: misskey
group: Container Configuration
label: Misskey Configuration
schema:
type: dict
attrs:
- variable: url
label: Final Accessible URL (Initial Install Only)
description: Final accessible URL seen by a user. ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE URL SETTINGS AFTER THAT!
schema:
type: string
required: true
- variable: id
label: ID Generation Method (Initial Install Only)
description: Select the ID generation method. DO NOT CHANGE AFTER INSTANCE IS STARTED!
schema:
type: string
enum:
- value: aid
description: Short, Millisecond accuracy
- value: meid
description: Similar to ObjectID, Millisecond accuracy
- value: ulid
description: Millisecond accuracy
- value: objectid
description: This is left for backward compatibility
default: aid
required: true
- variable: other
label: Other Configuration
schema:
type: dict
attrs:
- variable: disableHSTS
label: Disable HSTS
schema:
type: boolean
default: false
- variable: signToActivityPubGet
label: Sign to ActivityPub GET Request
schema:
type: boolean
default: false
- variable: maxFileSize
label: Max file upload/download size (bytes)
schema:
type: int
required: true
default: 262144000
- variable: clusterLimit
label: Cluster Limit
description: Number of worker processes for server
schema:
type: int
required: true
default: 1
- variable: deliverJobConcurrency
label: Deliver Job Concurrency
description: Job concurrency per worker
schema:
type: int
required: true
default: 128
- variable: inboxJobConcurrency
label: Inbox Job Concurrency
description: Inbox job concurrency per worker
schema:
type: int
required: true
default: 16
- variable: deliverJobPerSec
label: Deliver Jobs Per Second
description: Job rate limiter
schema:
type: int
required: true
default: 128
- variable: inboxJobPerSec
label: Inbox Jobs Per Second
description: Inbox job rate limiter
schema:
type: int
required: true
default: 16
- variable: deliverJobMaxAttempts
label: Max Deliver Job Attempts
schema:
type: int
required: true
default: 12
- variable: inboxJobMaxAttempts
label: Max Inbox Job Attempts
schema:
type: int
required: true
default: 8
- variable: allowedPrivateNetworks
label: Allowed Private Networks
description: Automatically 127.0.0.1/32 is added
schema:
type: list
default: []
items:
- variable: privateNet
label: Private Network Entry
schema:
type: string
required: true
default: ""
# Include{containerConfig}
# Include{serviceRoot}
- variable: main
label: Main Service
description: The Primary service on which the healthcheck runs, often the webUI
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: Main Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 3003
required: true
# Include{advancedPortHTTP}
- variable: targetPort
label: Target Port
description: The internal(!) port on the container the Application runs on
schema:
type: int
default: 3003
# Include{serviceExpertRoot}
default: false
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: misskeyconfig
label: App configuration storage
description: Stores the Application configuration files.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
- variable: files
label: Misskey file Storage
description: Stores the Application file data.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: Main Ingress
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
# Include{security}
# Include{securityContextAdvancedRoot}
- variable: privileged
label: Privileged mode
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: ReadOnly Root Filesystem
schema:
type: boolean
default: false
- variable: allowPrivilegeEscalation
label: Allow Privilege Escalation
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: runAsNonRoot
schema:
type: boolean
default: false
# Include{securityContextAdvanced}
# Include{podSecurityContextRoot}
- variable: runAsUser
label: runAsUser
description: The UserID of the user running the application
schema:
type: int
default: 0
- variable: runAsGroup
label: runAsGroup
description: The groupID this App of the user running the application
schema:
type: int
default: 0
- variable: fsGroup
label: fsGroup
description: The group that should own ALL storage.
schema:
type: int
default: 33
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{promtail}
# Include{netshoot}
# Include{vpn}
# Include{documentation}

181
charts/incubator/misskey/templates/_configmap.tpl Normal file
View File

@ -0,0 +1,181 @@
{{/* Define the configmap */}}
{{- define "misskey.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: misskeyconfig
data:
default.yml: |-
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# Misskey configuration
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# ┌─────┐
#───┘ URL └─────────────────────────────────────────────────────
# Final accessible URL seen by a user.
url: {{ .Values.misskey.url }}
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
# URL SETTINGS AFTER THAT!
# ┌───────────────────────┐
#───┘ Port and TLS settings └───────────────────────────────────
#
# Misskey supports two deployment options for public.
#
# Option 1: With Reverse Proxy
#
# +----- https://example.tld/ ------------+
# +------+ |+-------------+ +----------------+|
# | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
# +------+ |+-------------+ +----------------+|
# +---------------------------------------+
#
# You need to setup reverse proxy. (eg. nginx)
# You do not define 'https' section.
# Option 2: Standalone
#
# +- https://example.tld/ -+
# +------+ | +---------------+ |
# | User | ---> | | Misskey (443) | |
# +------+ | +---------------+ |
# +------------------------+
#
# You need to run Misskey as root.
# You need to set Certificate in 'https' section.
# To use option 1, uncomment below line.
port: {{ .Values.service.main.ports.main.port }} # A port that your Misskey server should listen.
# To use option 2, uncomment below lines.
#port: 443
#https:
# # path for certification
# key: /etc/letsencrypt/live/example.tld/privkey.pem
# cert: /etc/letsencrypt/live/example.tld/fullchain.pem
# ┌──────────────────────────┐
#───┘ PostgreSQL configuration └────────────────────────────────
db:
host: {{ printf "%v-%v" .Release.Name "postgresql" }}
port: 5432
# Database name
db: {{ .Values.postgresql.postgresqlDatabase }}
# Auth
user: {{ .Values.postgresql.postgresqlUsername }}
pass: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
# Whether disable Caching queries
#disableCache: true
# Extra Connection options
#extra:
# ssl: true
# ┌─────────────────────┐
#───┘ Redis configuration └─────────────────────────────────────
redis:
host: {{ printf "%v-%v" .Release.Name "redis" }}
port: 6379
pass: {{ .Values.redis.redisPassword | trimAll "\"" }}
#prefix: example-prefix
#db: 1
# ┌─────────────────────────────┐
#───┘ Elasticsearch configuration └─────────────────────────────
#elasticsearch:
# host: localhost
# port: 9200
# ssl: false
# user:
# pass:
# ┌───────────────┐
#───┘ ID generation └───────────────────────────────────────────
# You can select the ID generation method.
# You don't usually need to change this setting, but you can
# change it according to your preferences.
# Available methods:
# aid ... Short, Millisecond accuracy
# meid ... Similar to ObjectID, Millisecond accuracy
# ulid ... Millisecond accuracy
# objectid ... This is left for backward compatibility
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
# ID SETTINGS AFTER THAT!
id: {{ .Values.misskey.id }}
# ┌─────────────────────┐
#───┘ Other configuration └─────────────────────────────────────
# Whether disable HSTS
disableHsts: {{ .Values.misskey.other.disableHSTS }}
# Number of worker processes
clusterLimit: {{ .Values.misskey.other.clusterLimit }}
# Job concurrency per worker
deliverJobConcurrency: {{ .Values.misskey.other.deliverJobConcurrency }}
inboxJobConcurrency: {{ .Values.misskey.other.inboxJobConcurrency }}
# Job rate limiter
deliverJobPerSec: {{ .Values.misskey.other.deliverJobPerSec }}
inboxJobPerSec: {{ .Values.misskey.other.inboxJobPerSec }}
# Job attempts
deliverJobMaxAttempts: {{ .Values.misskey.other.deliverJobMaxAttempts }}
inboxJobMaxAttempts: {{ .Values.misskey.other.inboxJobMaxAttempts }}
# IP address family used for outgoing request (ipv4, ipv6 or dual)
#outgoingAddressFamily: ipv4
# Syslog option
#syslog:
# host: localhost
# port: 514
# Proxy for HTTP/HTTPS
#proxy: http://127.0.0.1:3128
#proxyBypassHosts: [
# 'example.com',
# '192.0.2.8'
#]
# Proxy for SMTP/SMTPS
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
# Media Proxy
#mediaProxy: https://example.com/proxy
# Sign to ActivityPub GET request (default: false)
signToActivityPubGet: {{ .Values.misskey.other.signToActivityPubGet }}
allowedPrivateNetworks: [
'127.0.0.1/32',
{{- range .Values.misskey.other.allowedPrivateNetworks }}
{{ . | squote }},
{{- end }}
]
# Upload or download file size limits (bytes)
maxFileSize: {{ .Values.misskey.other.maxFileSize }}
{{- end -}}

8
charts/incubator/misskey/templates/common.yaml Normal file
View File

@ -0,0 +1,8 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{/* Render configmap for misskey */}}
{{- include "misskey.configmap" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

65
charts/incubator/misskey/values.yaml Normal file
View File

@ -0,0 +1,65 @@
image:
repository: tccr.io/truecharts/misskey
pullPolicy: IfNotPresent
tag: 12.119.0@sha256:e16467a28e7cee4442e29216a292dd725f28c3789fb1da050359c7842c2c0eec
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 33
service:
main:
ports:
main:
port: 3003
misskey:
# Final accessible URL seen by a user. ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE URL SETTINGS AFTER THAT!
url: "https://example.tld/"
# ID generation method. 'aid' recommended.
id: "aid"
other:
disableHSTS: false
signToActivityPubGet: false
maxFileSize: 262144000
clusterLimit: 1
deliverJobConcurrency: 128
inboxJobConcurrency: 16
deliverJobPerSec: 128
inboxJobPerSec: 16
deliverJobMaxAttempts: 12
inboxJobMaxAttempts: 8
allowedPrivateNetworks:
- 127.0.0.1/32
env:
# NODE_ENV = production | development
NODE_ENV: production
persistence:
misskeyconfig:
enabled: true
type: configMap
objectName: misskeyconfig
mountPath: "/misskey/.config"
files:
enabled: true
mountPath: "/misskey/files"
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: misskey
postgresqlDatabase: misskey
redis:
enabled: true
existingSecret: "rediscreds"
portal:
enabled: true

1
cspell.config.yaml
View File

@ -153,6 +153,7 @@ words:
- mimetypes
- minecraft
- minio
- Misskey
- modelstore
- modports
- mongosh