From 33a84425eb3dc61dd62aca980afa0d41091d2d18 Mon Sep 17 00:00:00 2001 From: fkf9 Date: Fri, 3 Sep 2021 14:54:23 +0200 Subject: [PATCH 1/3] add support for existingSecret with Postgres and Redis --- charts/matrix-synapse/templates/deployment.yaml | 4 ++-- charts/matrix-synapse/templates/worker-deployment.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml index f89cddc..1491796 100644 --- a/charts/matrix-synapse/templates/deployment.yaml +++ b/charts/matrix-synapse/templates/deployment.yaml @@ -86,7 +86,7 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "matrix-synapse.postgresql.fullname" . }} + name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" .) }} key: postgresql-password {{- end }} {{- $redisPass := include "matrix-synapse.redis.password" . }} @@ -94,7 +94,7 @@ spec: - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ include "matrix-synapse.redis.fullname" . }} + name: {{ .Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" .) }} key: redis-password {{- end }} {{- with .Values.synapse.extraEnv }} diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml index 7ea7cd9..ce30619 100644 --- a/charts/matrix-synapse/templates/worker-deployment.yaml +++ b/charts/matrix-synapse/templates/worker-deployment.yaml @@ -87,14 +87,14 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "matrix-synapse.postgresql.fullname" $ }} + name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }} key: postgresql-password {{- end }} {{- if and $.Values.redis.enabled (default $.Values.redis.usePassword true) }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ include "matrix-synapse.redis.fullname" $ }} + name: {{ .Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" $) }} key: redis-password {{- end }} {{- with $config.extraEnv | default $default.extraEnv }} From d642502019b14e7766c746b17a714cb05990aac1 Mon Sep 17 00:00:00 2001 From: fkf9 Date: Fri, 3 Sep 2021 17:10:33 +0200 Subject: [PATCH 2/3] correctly reference Values --- charts/matrix-synapse/templates/worker-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml index ce30619..fcbb2ba 100644 --- a/charts/matrix-synapse/templates/worker-deployment.yaml +++ b/charts/matrix-synapse/templates/worker-deployment.yaml @@ -87,14 +87,14 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }} + name: {{ $.Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }} key: postgresql-password {{- end }} {{- if and $.Values.redis.enabled (default $.Values.redis.usePassword true) }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" $) }} + name: {{ $.Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" $) }} key: redis-password {{- end }} {{- with $config.extraEnv | default $default.extraEnv }} From d41227068980811a2994471a0b439557d10f0072 Mon Sep 17 00:00:00 2001 From: fkf9 Date: Tue, 7 Sep 2021 13:12:43 +0200 Subject: [PATCH 3/3] Add existingSecret example to values.yaml and add existing secret to fail condition --- charts/matrix-synapse/templates/deployment.yaml | 8 ++++---- charts/matrix-synapse/values.yaml | 12 +++++++++++- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml index 1491796..cb0e7b4 100644 --- a/charts/matrix-synapse/templates/deployment.yaml +++ b/charts/matrix-synapse/templates/deployment.yaml @@ -1,9 +1,9 @@ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled (or .Values.persistence.enabled .Values.persistence.existingClaim) }} -{{- if (and .Values.postgresql.enabled (not .Values.postgresql.postgresqlPassword)) -}} -{{- fail "You must specify a static postgres password if using the included postgres chart" -}} +{{- if (and .Values.postgresql.enabled (and (not .Values.postgresql.postgresqlPassword) (not .Values.postgresql.existingSecret))) -}} +{{- fail "You must specify a static postgres password or existing secret if using the included postgres chart" -}} {{- end -}} -{{- if (and .Values.redis.enabled (and .Values.redis.usePassword (not .Values.redis.password))) -}} -{{- fail "You must specify a static redis password if using the included redis chart" -}} +{{- if (and .Values.redis.enabled (and .Values.redis.usePassword (and (not .Values.redis.password) (not .Values.redis.existingSecret)))) -}} +{{- fail "You must specify a static redis password or existing secret if using the included redis chart" -}} {{- end -}} --- # Server: {{ required "A valid serverName is required" .Values.serverName }} diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index fdaeaf7..a8e8559 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -592,6 +592,11 @@ postgresql: # XXX Change me! postgresqlPassword: synapse + ## Or use existing secret with "postgresql-password" key + ## instead of static password + ## + # existingSecret: postgresql-secret + postgresqlUsername: synapse postgresqlDatabase: synapse @@ -629,10 +634,15 @@ externalPostgresql: redis: enabled: true - # XXX Change me! usePassword: true + # XXX Change me! password: synapse + ## Or use existing secret with "redis-password" key + ## instead of static password + ## + # existingSecret: redis-secret + cluster: enabled: false master: