README.md

Mastodon Installation

This section will walk you through installing Mastodon on Kubernetes using Bitnami Mastodon Helm chart.

Requirements

• DigitalOcean Infrastructure
• doctl CLI
• helm
• kubectl

Installation

1. Retrieve DigitalOcean Managed Postgress Database Credentials

   Mastodon installation requires us to provide database credentials. Since we have provisioned the Managed Postgres Database on DigitalOcean infrastructure, we can retrieve them via doctl or the cloud control panel.

   # List the managed databases on DigitalOcean
   # Copy the <database-id> from the console output
   doctl databases list
   
   # Retrieve the postgres-password for user-name: doadmin
   doctl databases user get <database-id> <user-name>
   
   # Copy the postgres-password from the console output
   # You will need it to create the `mastodon-cred` k8s secret

2. DigitalOcean Spaces (Static Object Storage) Access

   • We need to create Spaces access keys and the secret to accessing the Spaces API.
   • Follow the Creating an Access Key section to generate the access key and secret.

3. Create the Kubernetes Secrets

   These secrets are referenced in the mastodon-bitnami-chart-values.yaml file.

   # mastodon-creds secret
   # @param postgres-password: DO Managed Postgres Database password 
   # @param AWS_ACCESS_KEY_ID: DO Spaces Access Key
   # @param AWS_SECRET_ACCESS_KEY: DO Spaces Access Secret
   kubectl create ns mastodon && 
   kubectl create -n mastodon secret generic mastodon-creds \
   --from-literal=postgres-password=<insert>  \
   --from-literal=AWS_ACCESS_KEY_ID=<insert>  \
   --from-literal=AWS_SECRET_ACCESS_KEY=<insert>
   
   # mastodon-redis secret
   # @param redis-password: provide any password
   kubectl create -n mastodon secret generic mastodon-redis \
   --from-literal=redis-password=<give any password>
   
   # lets-encrypt-do-dns secret required for dns01 challenge
   # @param access-token: DO access token 
   kubectl create ns cert-manager && 
   kubectl create -n cert-manager secret generic lets-encrypt-do-dns \
   --from-literal=access-token=<insert DO access token>

   Note: It is a good practice to use a secret store such as Hashicorp Vault. Here is a tutorial to access Vault secrets using k8s-external-secrets-operator.

4. Bootstrap the Kubernetes Cluster

   We have leveraged the hivenetes/k8s-bootstrapper project, which under the hood uses Argo CD: App of Apps pattern to install and manage essential applications such as,

   • Traefik: HTTP Reverse Proxy and LoadBalancer
   • Cert-Manager
   • Metrics-Server

   Check out this doc for more details on the bootstrap process.

   Clone/fork this repository and make the required changes inside the bootstrap directory:

   • The email address for the LetsEncrypt cluster issuer
   • The repository URLs for the bootstrap and boostrap-resources
   • The Site URL in values.yaml

   Then, run the following command, substituting your repository URL:

   # Let the bootstrap begin!
   kubectl apply -f https://raw.githubusercontent.com/[YOUR_GH_USERNAME]/mastodon-on-kubernetes/main/bootstrap/bootstrap.yaml

   Note: When an Ingress Controller(Traefik) is installed, it creates a service and exposes it as a Load Balancer. When you configure a service as a Load Balancer, DigitalOcean Kubernetes will automatically provision a LoadBalancer in your cloud account.

5. Configure DNS

   Once the installation is complete, copy the EXTERNAL-IP of the LoadBalancer, as we need this to configure our DNS records.

   # Copy the EXTERNAL_IP of the LoadBalancer
   kubectl get services --namespace traefik traefik --output jsonpath='{.status.loadBalancer.ingress[0].ip}'; echo

   Head to your domain registrar to configure the DNS as follows:

   • Add an A record for the that points to the IP address of the Loadbalancer
   • If you are managing the DNS records via DigitalOcean DNS, then you can execute the following command:

   # Add the LoadBalancer IP to the domain using doctl
   doctl compute domain records create <domain> --record-name mastodon --record-type A --record-data <EXTERNAL-IP>
   # This means that the mastodon instance will be accessed via mastodon.domain

6. Install Mastodon via Bitnami Helm chart

   The mastodon-bitnami-chart-values.yaml file has the chart overrides. Fill in the sections as per your configuration, especially the [REQUIRED] fields.

   Note: Refer to values.yaml for configuration specifics.

   MASTODON_HELM_CHART_VERSION="0.1.2"
   
   helm install mastodon bitnami/mastodon \
     --version "$MASTODON_HELM_CHART_VERSION" \
     --namespace mastodon \
     --timeout 10m0s \
     -f "mastodon-bitnami-chart-values.yaml"

   Once the chart has been successfully installed, you can log in to your mastodon server via the domain used during the installation.

Next steps »