Introduction
This is a Helm chart for installing Mastodon into a Kubernetes cluster. The basic usage is:
- edit
values.yamlor create a separate yaml file for custom values helm dep updatehelm install --namespace mastodon --create-namespace my-mastodon ./ -f path/to/additional/values.yaml
This chart is tested with k8s 1.21+ and helm 3.6.0+.
Configuration
The variables that must be configured are:
-
password and keys in the
mastodon.secrets,postgresql, andredisgroups; if left blank, some of those values will be autogenerated, but will not persist across upgrades. -
SMTP settings for your mailer in the
mastodon.smtpgroup.
If your PersistentVolumeClaim is ReadWriteOnce and you're unable to use a S3-compatible service or
run a self-hosted compatible service like Minio
then you need to set the pod affinity so the web and sidekiq pods are scheduled to the same node.
Example configuration:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/part-of
operator: In
values:
- rails
topologyKey: kubernetes.io/hostnameAdministration
You can run admin CLI commands in the web deployment.
kubectl -n mastodon exec -it deployment/mastodon-web -- bash
tootctl accounts modify admin --reset-passwordor
kubectl -n mastodon exec -it deployment/mastodon-web -- tootctl accounts modify admin --reset-passwordMissing features
Currently this chart does not support:
- Hidden services
- Swift
Upgrading
Because database migrations are managed as a Job separate from the Rails and Sidekiq deployments, itβs possible they will occur in the wrong order. After upgrading Mastodon versions, it may sometimes be necessary to manually delete the Rails and Sidekiq pods so that they are recreated against the latest migration.
Upgrades in 2.1.0
ingressClassName and tls-acme changes
The annotations previously defaulting to nginx have been removed and support for ingressClassName has been added.
ingress:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"To restore the old functionality simply add the above snippet to your values.yaml,
but the recommendation is to replace these with ingress.ingressClassName and use
cert-manager's issuer/cluster-issuer instead of tls-acme.
If you're uncertain about your current setup leave ingressClassName empty and add
kubernetes.io/tls-acme to ingress.annotations in your values.yaml.
Upgrades in 2.0.0
Fixed labels
Because of the changes in #19706 the upgrade may fail with the following error:
Error: UPGRADE FAILED: cannot patch "mastodon-sidekiq"
If you want an easy upgrade and you're comfortable with some downtime then simply delete the -sidekiq, -web, and -streaming Deployments manually.
If you require a no-downtime upgrade then:
- run
helm templateinstead ofhelm upgrade - Copy the new -web and -streaming services into
services.yml - Copy the new -web and -streaming deployments into
deployments.yml - Append -temp to the name of each deployment in
deployments.yml kubectl apply -f deployments.ymlthen wait until all pods are readykubectl apply -f services.yml- Delete the old -sidekiq, -web, and -streaming deployments manually
helm upgradelike normalkubectl delete -f deployments.ymlto clear out the temporary deployments
PostgreSQL passwords
If you've previously installed the chart and you're having problems with
postgres not accepting your password then make sure to set username to
postgres and password and postgresPassword to the same passwords.
postgresql:
auth:
username: postgres
password: <same password>
postgresPassword: <same password>And make sure to set password to the same value as postgres-password
in your mastodon-postgresql secret:
kubectl edit secret mastodon-postgresql