apiVersion: apps/v1 kind: Deployment metadata: name: mastodon namespace: mastodon spec: replicas: 1 selector: matchLabels: app: mastodon template: metadata: labels: app: mastodon spec: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: cnpg.io/cluster operator: In values: - mastodon-db - key: cnpg.io/instanceRole operator: In values: - primary topologyKey: "kubernetes.io/hostname" securityContext: runAsUser: 991 runAsGroup: 991 fsGroup: 991 containers: - name: mastodon-web image: ghcr.io/mastodon/mastodon:v4.3.7 command: ["bundle", "exec", "puma", "-C", "config/puma.rb"] ports: - containerPort: 3000 - containerPort: 9394 name: web-metrics env: - name: LOCAL_DOMAIN value: "halis.io" - name: WEB_DOMAIN value: "mastodon.halis.io" - name: REDIS_HOST value: "redis-svc.mastodon.svc.cluster.local" - name: REDIS_PORT value: "6379" - name: DB_HOST value: "mastodon-db-local.mastodon.svc.cluster.local" - name: DB_USER valueFrom: secretKeyRef: name: mastodon-db key: username - name: DB_PASS valueFrom: secretKeyRef: name: mastodon-db key: password - name: DB_NAME value: "mastodon" - name: DB_PORT value: "5432" - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: mastodon-secrets key: SECRET_KEY_BASE - name: OTP_SECRET valueFrom: secretKeyRef: name: mastodon-secrets key: OTP_SECRET - name: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY - name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT - name: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY - name: IP_RETENTION_PERIOD value: "31556952" - name: SESSION_RETENTION_PERIOD value: "31556952" - name: FETCH_REPLIES_ENABLED value: "false" - name: FETCH_REPLIES_COOLDOWN_MINUTES value: "15" - name: FETCH_REPLIES_INITIAL_WAIT_MINUTES value: "5" - name: FETCH_REPLIES_MAX_GLOBAL value: "1000" - name: FETCH_REPLIEX_MAX_SINGLE value: "500" - name: FETCH_REPLIES_MAX_PAGES value: "500" - name: STREAMING_API_BASE_URL value: "http://mastodon-svc.mastodon.svc.cluster.local:4000" - name: MASTODON_PROMETHEUS_EXPORTER_ENABLED value: "true" - name: MASTODON_PROMETHEUS_EXPORTER_LOCAL value: "true" - name: MASTODON_PROMETHEUS_EXPORTER_HOST value: "127.0.0.1" - name: MASTODON_PROMETHEUS_EXPORTER_PORT value: "9394" volumeMounts: - mountPath: "/mastodon/public/system" name: mastodon-data - name: mastodon-streaming image: ghcr.io/mastodon/mastodon-streaming:v4.3.7 command: ["node", "./streaming/index.js"] ports: - containerPort: 4000 name: streaming env: - name: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY - name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT - name: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY - name: REDIS_HOST value: "redis-svc.mastodon.svc.cluster.local" - name: REDIS_PORT value: "6379" - name: mastodon-sidekiq image: ghcr.io/mastodon/mastodon:v4.3.7 command: ["bundle", "exec", "sidekiq"] ports: - containerPort: 9395 name: sidekiq-metrics env: - name: LOCAL_DOMAIN value: "halis.io" - name: WEB_DOMAIN value: "mastodon.halis.io" - name: REDIS_HOST value: "redis-svc.mastodon.svc.cluster.local" - name: REDIS_PORT value: "6379" - name: DB_HOST value: "mastodon-db-rw.mastodon.svc.cluster.local" - name: DB_USER valueFrom: secretKeyRef: name: mastodon-db key: username - name: DB_PASS valueFrom: secretKeyRef: name: mastodon-db key: password - name: DB_NAME value: "mastodon" - name: DB_PORT value: "5432" - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: mastodon-secrets key: SECRET_KEY_BASE - name: OTP_SECRET valueFrom: secretKeyRef: name: mastodon-secrets key: OTP_SECRET - name: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY - name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT - name: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY - name: STREAMING_API_BASE_URL value: "http://mastodon-svc.mastodon.svc.cluster.local:4000" - name: MASTODON_PROMETHEUS_EXPORTER_ENABLED value: "true" - name: MASTODON_PROMETHEUS_EXPORTER_LOCAL value: "true" - name: MASTODON_PROMETHEUS_EXPORTER_HOST value: "0.0.0.0" - name: MASTODON_PROMETHEUS_EXPORTER_PORT value: "9395" volumeMounts: - mountPath: "/mastodon/public/system" name: mastodon-data - name: redis image: redis:7.4.2 ports: - containerPort: 6379 volumeMounts: - mountPath: "/data" name: redis-data volumes: - name: mastodon-data persistentVolumeClaim: claimName: mastodon-pvc - name: redis-data persistentVolumeClaim: claimName: redis-pvc