From 414338d47a5a10480cf4c6e157899a37cde23fe0 Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <ace@haxalot.com>
Date: Sat, 8 Aug 2020 20:38:36 +0200
Subject: [PATCH] matrix-synapse: Add persistence

---
 .../matrix-synapse/templates/deployment.yaml  | 22 ++++++++++++++++++-
 .../matrix-synapse/templates/ingress.yaml     |  5 ++---
 charts-wip/matrix-synapse/templates/pvc.yaml  | 22 +++++++++++++++++++
 .../templates/signing-key-job.yaml            | 15 ++++++++-----
 charts-wip/matrix-synapse/values.yaml         | 13 +++++++++++
 5 files changed, 67 insertions(+), 10 deletions(-)
 create mode 100644 charts-wip/matrix-synapse/templates/pvc.yaml

diff --git a/charts-wip/matrix-synapse/templates/deployment.yaml b/charts-wip/matrix-synapse/templates/deployment.yaml
index a6429fe..72f7f7b 100644
--- a/charts-wip/matrix-synapse/templates/deployment.yaml
+++ b/charts-wip/matrix-synapse/templates/deployment.yaml
@@ -90,6 +90,8 @@ spec:
               mountPath: /synapse/secrets
             - name: signingkey
               mountPath: /synapse/keys
+            - name: media
+              mountPath: /synapse/data
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       volumes:
@@ -107,6 +109,20 @@ spec:
                 path: signing.key
         - name: tmpconf
           emptyDir: {}
+        - name: media
+
+        {{- $mediaworker := false }}
+        {{- range $worker, $config := .Values.workers }}
+          {{- if eq $worker "media-repository" }}
+            {{- $mediaworker = true }}
+          {{- end }}
+        {{- end }}
+        {{- if and .Values.persistence.enabled (not $mediaworker) }}
+          persistentVolumeClaim:
+            claimName: {{ default .Values.persistence.existingClaim (include "matrix-synapse.fullname" .) }}
+        {{- else }}
+          emptyDir: {}
+        {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -236,8 +252,12 @@ spec:
           emptyDir: {}
       {{- if eq $name "media-repository" }}
         - name: media
+        {{- if $.Values.persistence.enabled }}
           persistentVolumeClaim:
-            claimName: 
+            claimName: {{ default $.Values.persistence.existingClaim (include "matrix-synapse.fullname" $) }}
+        {{- else }}
+          emptyDir: {}
+        {{- end }}
       {{- end }}
       {{- with $config.volumes }}
         {{ . | toYaml | nindent 8 }}
diff --git a/charts-wip/matrix-synapse/templates/ingress.yaml b/charts-wip/matrix-synapse/templates/ingress.yaml
index 5f418d7..5d0f471 100644
--- a/charts-wip/matrix-synapse/templates/ingress.yaml
+++ b/charts-wip/matrix-synapse/templates/ingress.yaml
@@ -27,10 +27,9 @@ spec:
   {{- end }}
 {{- end }}
   rules:
+  {{- $hosts := .Values.ingress.hosts }}
   {{- if default .Values.ingress.includeServerName true }}
-    {{- $hosts := concat (list .Values.config.serverName) .Values.ingress.hosts }}
-  {{- else }}
-    {{- $hosts := .Values.ingress.hosts }}
+    {{- $hosts = concat (list .Values.config.serverName) $hosts }}
   {{- end }}
   {{- range $hosts }}
     - host: {{ . | quote }}
diff --git a/charts-wip/matrix-synapse/templates/pvc.yaml b/charts-wip/matrix-synapse/templates/pvc.yaml
new file mode 100644
index 0000000..f038c43
--- /dev/null
+++ b/charts-wip/matrix-synapse/templates/pvc.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "matrix-synapse.fullname" . }}
+  labels:
+    {{- include "matrix-synapse.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+
diff --git a/charts-wip/matrix-synapse/templates/signing-key-job.yaml b/charts-wip/matrix-synapse/templates/signing-key-job.yaml
index 15ee0a2..8ef02ec 100644
--- a/charts-wip/matrix-synapse/templates/signing-key-job.yaml
+++ b/charts-wip/matrix-synapse/templates/signing-key-job.yaml
@@ -1,4 +1,7 @@
-{{- if and .Values.signingkey.job.enabled (not .Values.signingkey.existingSecret) }}
+{{- if .Values.signingkey.job.enabled }}
+{{- if .Values.signingkey.existingSecret }}
+{{- fail "Can't specify both signingkey.job.enabled and signingkey.existingSecret" }}
+{{- end }}
 {{- $name := include "matrix-synapse.workername" (dict "global" . "worker" "signingkey-job") }}
 ---
 apiVersion: v1
@@ -46,6 +49,7 @@ metadata:
     component: job
     job: signing-key-generation
 spec:
+  ttlSecondsAfterFinished: 0
   template:
     metadata:
       labels:
@@ -67,8 +71,8 @@ spec:
           name: signing-key-generate
           resources:
             requests:
-              memory: 10Mi
-              cpu: 10m
+              memory: 25Mi
+              cpu: 100m
             limits:
               memory: 25Mi
               cpu: 100m
@@ -93,8 +97,8 @@ spec:
           name: signing-key-upload
           resources:
             requests:
-              memory: 10Mi
-              cpu: 10m
+              memory: 50Mi
+              cpu: 100m
             limits:
               memory: 50Mi
               cpu: 100m
@@ -105,7 +109,6 @@ spec:
             - mountPath: /synapse/keys
               name: matrix-synapse-keys
               readOnly: true
-      restartPolicy: Never
       serviceAccount: {{ $name }}
       volumes:
         - name: scripts
diff --git a/charts-wip/matrix-synapse/values.yaml b/charts-wip/matrix-synapse/values.yaml
index c38d9f0..28baf05 100644
--- a/charts-wip/matrix-synapse/values.yaml
+++ b/charts-wip/matrix-synapse/values.yaml
@@ -110,6 +110,19 @@ externalRedis:
   port: 6379
   # password: synapse
 
+# Persistence configuration for the media repository.
+# This PVC will be mounted in either Synapse or a media_repo worker.
+#
+# NB; If you want to be able to scale this, you will have to set the
+# accessMode to RWX/ReadWriteMany.
+persistence:
+  enabled: true
+  # existingClaim: synapse-data
+
+  # storageClass: "-"
+  accessMode: ReadWriteOnce
+  size: 10Gi
+
 # Configuration for handling Synapse workers, which are useful for handling
 # high-load deployments.
 # More information is available at;