Skip to content

Commit 410b9a2

Browse files
migruiz4Bitnami Containersfmulerobitnami-bot
authored
[bitnami/mastodon] Set usePasswordFiles=true by default (#32367)
* [bitnami/mastodon] Set `usePasswordFiles=true` by default Signed-off-by: Miguel Ruiz <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <[email protected]> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <[email protected]> * Fix lint Signed-off-by: Miguel Ruiz <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <[email protected]> * Several fixes Signed-off-by: Miguel Ruiz <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <[email protected]> * Fix init container volumemount conditions Signed-off-by: Miguel Ruiz <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <[email protected]> --------- Signed-off-by: Miguel Ruiz <[email protected]> Signed-off-by: Bitnami Containers <[email protected]> Signed-off-by: Fran Mulero <[email protected]> Signed-off-by: Bitnami Bot <[email protected]> Co-authored-by: Bitnami Containers <[email protected]> Co-authored-by: Fran Mulero <[email protected]> Co-authored-by: Bitnami Bot <[email protected]>
1 parent 3ab212e commit 410b9a2

File tree

10 files changed

+361
-10
lines changed

10 files changed

+361
-10
lines changed

bitnami/mastodon/CHANGELOG.md

+6-2
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
# Changelog
22

3-
## 10.0.1 (2025-04-03)
3+
## 10.1.0 (2025-04-04)
44

5-
* [bitnami/mastodon] Release 10.0.1 ([#32803](https://github.com/bitnami/charts/pull/32803))
5+
* [bitnami/mastodon] Set `usePasswordFiles=true` by default ([#32367](https://github.com/bitnami/charts/pull/32367))
6+
7+
## <small>10.0.1 (2025-04-03)</small>
8+
9+
* [bitnami/mastodon] Release 10.0.1 (#32803) ([41f62c8](https://github.com/bitnami/charts/commit/41f62c8333b88d11169ca08f7f1c8ce9b3a1ed73)), closes [#32803](https://github.com/bitnami/charts/issues/32803)
610

711
## 10.0.0 (2025-04-03)
812

bitnami/mastodon/Chart.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -50,4 +50,4 @@ maintainers:
5050
name: mastodon
5151
sources:
5252
- https://github.com/bitnami/charts/tree/main/bitnami/mastodon
53-
version: 10.0.1
53+
version: 10.1.0

bitnami/mastodon/README.md

+1
Original file line numberDiff line numberDiff line change
@@ -255,6 +255,7 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
255255
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
256256
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
257257
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
258+
| `usePasswordFiles` | Mount credentials as files instead of using environment variables | `true` |
258259
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
259260
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
260261
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |

bitnami/mastodon/templates/_helpers.tpl

+30-3
Original file line numberDiff line numberDiff line change
@@ -598,11 +598,16 @@ Init container definition for waiting for the database to be ready
598598
value: {{ include "mastodon.database.host" . | quote }}
599599
- name: MASTODON_DATABASE_PORT_NUMBER
600600
value: {{ include "mastodon.database.port" . | quote }}
601+
{{- if .Values.usePasswordFiles }}
602+
- name: MASTODON_DATABASE_PASSWORD_FILE
603+
value: "/opt/bitnami/mastodon/secrets/db-password"
604+
{{- else }}
601605
- name: MASTODON_DATABASE_PASSWORD
602606
valueFrom:
603607
secretKeyRef:
604608
name: {{ include "mastodon.database.secretName" . }}
605-
key: {{ include "mastodon.database.passwordKey" . }}
609+
key: {{ include "mastodon.database.passwordKey" . | quote }}
610+
{{- end }}
606611
- name: MASTODON_DATABASE_USER
607612
value: {{ include "mastodon.database.user" . }}
608613
- name: MASTODON_DATABASE_NAME
@@ -611,6 +616,10 @@ Init container definition for waiting for the database to be ready
611616
- name: empty-dir
612617
mountPath: /tmp
613618
subPath: tmp-dir
619+
{{- if .Values.usePasswordFiles }}
620+
- name: mastodon-secrets
621+
mountPath: /opt/bitnami/mastodon/secrets
622+
{{- end }}
614623
{{- end -}}
615624

616625
{{/*
@@ -656,16 +665,25 @@ Init container definition for waiting for Redis(TM) to be ready
656665
- name: MASTODON_REDIS_PORT_NUMBER
657666
value: {{ include "mastodon.redis.port" . | quote }}
658667
{{- if (include "mastodon.redis.auth.enabled" .) }}
668+
{{- if .Values.usePasswordFiles }}
669+
- name: MASTODON_REDIS_PASSWORD_FILE
670+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.redis.passwordKey" .) }}
671+
{{- else }}
659672
- name: MASTODON_REDIS_PASSWORD
660673
valueFrom:
661674
secretKeyRef:
662675
name: {{ include "mastodon.redis.secretName" . }}
663-
key: {{ include "mastodon.redis.passwordKey" . }}
676+
key: {{ include "mastodon.redis.passwordKey" . | quote }}
677+
{{- end }}
664678
{{- end }}
665679
volumeMounts:
666680
- name: empty-dir
667681
mountPath: /tmp
668682
subPath: tmp-dir
683+
{{- if and .Values.usePasswordFiles (include "mastodon.redis.auth.enabled" .) }}
684+
- name: mastodon-secrets
685+
mountPath: /opt/bitnami/mastodon/secrets
686+
{{- end }}
669687
{{- end -}}
670688

671689
{{/*
@@ -708,16 +726,25 @@ Init container definition for waiting for Elasticsearch to be ready
708726
- name: MASTODON_ELASTICSEARCH_PORT_NUMBER
709727
value: {{ include "mastodon.elasticsearch.port" . | quote }}
710728
{{- if (include "mastodon.elasticsearch.auth.enabled" .) }}
729+
{{- if .Values.usePasswordFiles }}
730+
- name: MASTODON_ELASTICSEARCH_PASSWORD_FILE
731+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.elasticsearch.passwordKey" .) }}
732+
{{- else }}
711733
- name: MASTODON_ELASTICSEARCH_PASSWORD
712734
valueFrom:
713735
secretKeyRef:
714736
name: {{ include "mastodon.elasticsearch.secretName" . }}
715-
key: {{ include "mastodon.elasticsearch.passwordKey" . }}
737+
key: {{ include "mastodon.elasticsearch.passwordKey" . | quote }}
738+
{{- end }}
716739
{{- end }}
717740
volumeMounts:
718741
- name: empty-dir
719742
mountPath: /tmp
720743
subPath: tmp-dir
744+
{{- if and .Values.usePasswordFiles (include "mastodon.elasticsearch.auth.enabled" .) }}
745+
- name: mastodon-secrets
746+
mountPath: /opt/bitnami/mastodon/secrets
747+
{{- end }}
721748
{{- end -}}
722749

723750
{{/*

bitnami/mastodon/templates/init-job/init-job.yaml

+78
Original file line numberDiff line numberDiff line change
@@ -83,31 +83,52 @@ spec:
8383
env:
8484
- name: BITNAMI_DEBUG
8585
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
86+
{{- if .Values.usePasswordFiles }}
87+
- name: MASTODON_DATABASE_PASSWORD_FILE
88+
value: "/opt/bitnami/mastodon/secrets/db-password"
89+
{{- else }}
8690
- name: MASTODON_DATABASE_PASSWORD
8791
valueFrom:
8892
secretKeyRef:
8993
name: {{ include "mastodon.database.secretName" . }}
9094
key: {{ include "mastodon.database.passwordKey" . | quote }}
95+
{{- end }}
9196
{{- if (include "mastodon.redis.auth.enabled" .) }}
9297
# The rake db:migrate job requires access to Redis
98+
{{- if .Values.usePasswordFiles }}
99+
- name: MASTODON_REDIS_PASSWORD_FILE
100+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.redis.passwordKey" .) }}
101+
{{- else }}
93102
- name: MASTODON_REDIS_PASSWORD
94103
valueFrom:
95104
secretKeyRef:
96105
name: {{ include "mastodon.redis.secretName" . }}
97106
key: {{ include "mastodon.redis.passwordKey" . | quote }}
98107
{{- end }}
108+
{{- end }}
99109
{{- if (include "mastodon.elasticsearch.auth.enabled" .) }}
110+
{{- if .Values.usePasswordFiles }}
111+
- name: MASTODON_ELASTICSEARCH_PASSWORD_FILE
112+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.elasticsearch.passwordKey" .) }}
113+
{{- else }}
100114
- name: MASTODON_ELASTICSEARCH_PASSWORD
101115
valueFrom:
102116
secretKeyRef:
103117
name: {{ include "mastodon.elasticsearch.secretName" . }}
104118
key: {{ include "mastodon.elasticsearch.passwordKey" . | quote }}
105119
{{- end }}
120+
{{- end }}
106121
{{- if and .Values.initJob.precompileAssets.enabled .Values.enableS3 }}
107122
- name: MASTODON_S3_HOSTNAME
108123
value: {{ include "mastodon.s3.host" . | quote }}
109124
- name: MASTODON_S3_PORT_NUMBER
110125
value: {{ include "mastodon.s3.port" . | quote }}
126+
{{- if .Values.usePasswordFiles }}
127+
- name: MASTODON_AWS_ACCESS_KEY_ID_FILE
128+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.s3.accessKeyIDKey" .) }}
129+
- name: MASTODON_AWS_SECRET_ACCESS_KEY_FILE
130+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.s3.secretAccessKeyKey" .) }}
131+
{{- else }}
111132
- name: MASTODON_AWS_ACCESS_KEY_ID
112133
valueFrom:
113134
secretKeyRef:
@@ -119,6 +140,7 @@ spec:
119140
name: {{ include "mastodon.s3.secretName" . }}
120141
key: {{ include "mastodon.s3.secretAccessKeyKey" . | quote }}
121142
{{- end }}
143+
{{- end }}
122144
envFrom:
123145
- configMapRef:
124146
name: {{ include "mastodon.defaultConfigmapName" . }}
@@ -130,6 +152,10 @@ spec:
130152
subPath: tmp-dir
131153
- name: scripts
132154
mountPath: /scripts
155+
{{- if .Values.usePasswordFiles }}
156+
- name: mastodon-secrets
157+
mountPath: /opt/bitnami/mastodon/secrets
158+
{{- end }}
133159
{{- end }}
134160
containers:
135161
# We separate the job in multiple containers to be able to run them in parallel. We put everything on the same job
@@ -150,26 +176,41 @@ spec:
150176
env:
151177
- name: BITNAMI_DEBUG
152178
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
179+
{{- if .Values.usePasswordFiles }}
180+
- name: MASTODON_DATABASE_PASSWORD_FILE
181+
value: "/opt/bitnami/mastodon/secrets/db-password"
182+
{{- else }}
153183
- name: MASTODON_DATABASE_PASSWORD
154184
valueFrom:
155185
secretKeyRef:
156186
name: {{ include "mastodon.database.secretName" . }}
157187
key: {{ include "mastodon.database.passwordKey" . | quote }}
188+
{{- end }}
158189
{{- if (include "mastodon.redis.auth.enabled" .) }}
159190
# The rake db:migrate job requires access to Redis
191+
{{- if .Values.usePasswordFiles }}
192+
- name: MASTODON_REDIS_PASSWORD_FILE
193+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.redis.passwordKey" .) }}
194+
{{- else }}
160195
- name: MASTODON_REDIS_PASSWORD
161196
valueFrom:
162197
secretKeyRef:
163198
name: {{ include "mastodon.redis.secretName" . }}
164199
key: {{ include "mastodon.redis.passwordKey" . | quote }}
165200
{{- end }}
201+
{{- end }}
166202
{{- if (include "mastodon.elasticsearch.auth.enabled" .) }}
203+
{{- if .Values.usePasswordFiles }}
204+
- name: MASTODON_ELASTICSEARCH_PASSWORD_FILE
205+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.elasticsearch.passwordKey" .) }}
206+
{{- else }}
167207
- name: MASTODON_ELASTICSEARCH_PASSWORD
168208
valueFrom:
169209
secretKeyRef:
170210
name: {{ include "mastodon.elasticsearch.secretName" . }}
171211
key: {{ include "mastodon.elasticsearch.passwordKey" . | quote }}
172212
{{- end }}
213+
{{- end }}
173214
{{- if .Values.initJob.migrateAndCreateAdmin.extraEnvVars }}
174215
{{- include "common.tplvalues.render" (dict "value" .Values.initJob.migrateAndCreateAdmin.extraEnvVars "context" $) | nindent 12 }}
175216
{{- end }}
@@ -202,6 +243,10 @@ spec:
202243
subPath: tmp-dir
203244
- name: scripts
204245
mountPath: /scripts
246+
{{- if .Values.usePasswordFiles }}
247+
- name: mastodon-secrets
248+
mountPath: /opt/bitnami/mastodon/secrets
249+
{{- end }}
205250
{{- if .Values.initJob.migrateAndCreateAdmin.extraVolumeMounts }}
206251
{{- include "common.tplvalues.render" (dict "value" .Values.initJob.migrateAndCreateAdmin.extraVolumeMounts "context" $) | nindent 12 }}
207252
{{- end }}
@@ -231,6 +276,12 @@ spec:
231276
value: {{ include "mastodon.s3.host" . | quote }}
232277
- name: MASTODON_S3_PORT_NUMBER
233278
value: {{ include "mastodon.s3.port" . | quote }}
279+
{{- if .Values.usePasswordFiles }}
280+
- name: MASTODON_AWS_ACCESS_KEY_ID_FILE
281+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.s3.accessKeyIDKey" .) }}
282+
- name: MASTODON_AWS_SECRET_ACCESS_KEY_FILE
283+
value: {{ printf "/opt/bitnami/mastodon/secrets/%s" (include "mastodon.s3.secretAccessKeyKey" .) }}
284+
{{- else }}
234285
- name: MASTODON_AWS_ACCESS_KEY_ID
235286
valueFrom:
236287
secretKeyRef:
@@ -242,6 +293,7 @@ spec:
242293
name: {{ include "mastodon.s3.secretName" . }}
243294
key: {{ include "mastodon.s3.secretAccessKeyKey" . | quote }}
244295
{{- end }}
296+
{{- end }}
245297
{{- if .Values.initJob.precompileAssets.extraEnvVars }}
246298
{{- include "common.tplvalues.render" (dict "value" .Values.initJob.precompileAssets.extraEnvVars "context" $) | nindent 12 }}
247299
{{- end }}
@@ -283,6 +335,10 @@ spec:
283335
subPath: cache-dir
284336
- name: scripts
285337
mountPath: /scripts
338+
{{- if .Values.usePasswordFiles }}
339+
- name: mastodon-secrets
340+
mountPath: /opt/bitnami/mastodon/secrets
341+
{{- end }}
286342
{{- if not .Values.enableS3 }}
287343
- name: data
288344
mountPath: {{ .Values.persistence.mountPath }}
@@ -299,6 +355,28 @@ spec:
299355
volumes:
300356
- name: empty-dir
301357
emptyDir: {}
358+
{{- if .Values.usePasswordFiles }}
359+
- name: mastodon-secrets
360+
projected:
361+
sources:
362+
- secret:
363+
name: {{ include "mastodon.database.secretName" . }}
364+
items:
365+
- key: {{ include "mastodon.database.passwordKey" . }}
366+
path: db-password
367+
{{- if (include "mastodon.redis.auth.enabled" .) }}
368+
- secret:
369+
name: {{ include "mastodon.redis.secretName" . }}
370+
{{- end }}
371+
{{- if (include "mastodon.elasticsearch.auth.enabled" .) }}
372+
- secret:
373+
name: {{ include "mastodon.elasticsearch.secretName" . }}
374+
{{- end }}
375+
{{- if .Values.enableS3 }}
376+
- secret:
377+
name: {{ include "mastodon.s3.secretName" . }}
378+
{{- end }}
379+
{{- end }}
302380
- name: scripts
303381
configMap:
304382
name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }}

0 commit comments

Comments
 (0)