From 4c3152c4383baec8e704d1aced16797edb2ad4f6 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Wed, 10 Mar 2021 18:26:07 +0100 Subject: [PATCH 01/13] funkwhale: Update to 1.1 --- charts/funkwhale/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/funkwhale/Chart.yaml b/charts/funkwhale/Chart.yaml index e10bcb7..e4255b9 100644 --- a/charts/funkwhale/Chart.yaml +++ b/charts/funkwhale/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 -appVersion: "1.0.1" +appVersion: "1.1" description: A social platform to enjoy and share music icon: https://funkwhale.audio/favicon.png name: funkwhale -version: 0.3.6 +version: 0.3.7 From 59b4f743d75df723ca7a1e0b1fc0d059f6a6a846 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 13 Mar 2021 13:50:45 +0100 Subject: [PATCH 02/13] netbox: Update to 2.10.6 --- charts/netbox/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml index 9186452..c2a88d1 100644 --- a/charts/netbox/Chart.yaml +++ b/charts/netbox/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v1 -appVersion: 2.10.5 +appVersion: 2.10.6 description: | An IP address management (IPAM) and data center infrastructure management (DCIM) tool. @@ -8,4 +8,4 @@ description: | https://github.com/netbox-community/netbox-docker/releases/tag/1.0.0 for more info. icon: https://raw.githubusercontent.com/digitalocean/netbox/develop/netbox/project-static/img/netbox.ico name: netbox -version: 3.0.2 +version: 3.0.3 From ee9612bc5a82393d6b4f11c29ccd4fb1c500d005 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Mon, 15 Mar 2021 08:16:42 +0100 Subject: [PATCH 03/13] redis: Avoid templates in values.yaml --- charts/funkwhale/templates/_helpers.tpl | 2 +- charts/funkwhale/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/funkwhale/templates/_helpers.tpl b/charts/funkwhale/templates/_helpers.tpl index 46d57eb..c3f3c9d 100644 --- a/charts/funkwhale/templates/_helpers.tpl +++ b/charts/funkwhale/templates/_helpers.tpl @@ -11,7 +11,7 @@ postgres://{{ .Values.database.user}}:{{ .Values.database.password }}@{{ .Values {{- end -}} {{- define "funkwhale.redisUrl" -}} -redis://:{{ .Values.redis.password }}@{{ .Values.redis.host }}:{{ .Values.redis.redisPort }}/0 +redis://:{{ .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0 {{- end -}} {{/* diff --git a/charts/funkwhale/values.yaml b/charts/funkwhale/values.yaml index 45e85c4..a0f9834 100644 --- a/charts/funkwhale/values.yaml +++ b/charts/funkwhale/values.yaml @@ -57,7 +57,7 @@ redis: enabled: false password: funkwhale redisPort: 6379 - host: {{ template "funkwhale.fullname" . }}-redis-master + # host: {{ template "funkwhale.fullname" . }}-redis-master djangoSecret: '' From a51fded5b9b6722e228038c7de40f715b7b232a4 Mon Sep 17 00:00:00 2001 From: "Alexander \"Ace\" Olofsson" Date: Mon, 15 Mar 2021 20:51:58 +0100 Subject: [PATCH 04/13] element-web: Update to 1.7.23 --- charts/element-web/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/element-web/Chart.yaml b/charts/element-web/Chart.yaml index fdffe8b..aaa75cb 100644 --- a/charts/element-web/Chart.yaml +++ b/charts/element-web/Chart.yaml @@ -7,10 +7,10 @@ description: | Talk to everyone through the open global Matrix network, protected by proper end-to-end encryption. icon: https://element.io/images/element-logo.svg -appVersion: 1.7.22 +appVersion: 1.7.23 type: application -version: 1.0.17 +version: 1.0.18 maintainers: - name: Alexander Olofsson From 2044d818fb75cba857bb1eb97f83cfc1b13d53b3 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Thu, 18 Mar 2021 09:22:08 +0100 Subject: [PATCH 05/13] matrix-media-repo: Update to 1.2.5 Adds an example for how to configure Sentry in the values.yaml --- charts/matrix-media-repo/Chart.yaml | 4 ++-- charts/matrix-media-repo/values.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/matrix-media-repo/Chart.yaml b/charts/matrix-media-repo/Chart.yaml index cda399e..a81a020 100644 --- a/charts/matrix-media-repo/Chart.yaml +++ b/charts/matrix-media-repo/Chart.yaml @@ -2,10 +2,10 @@ apiVersion: v2 name: matrix-media-repo description: Matrix media repository with multi-domain in mind. -appVersion: 1.2.4 +appVersion: 1.2.5 type: application -version: 1.0.2 +version: 1.0.3 maintainers: - name: Alexander Olofsson email: ace@haxalot.com diff --git a/charts/matrix-media-repo/values.yaml b/charts/matrix-media-repo/values.yaml index a6e4802..a51eec3 100644 --- a/charts/matrix-media-repo/values.yaml +++ b/charts/matrix-media-repo/values.yaml @@ -43,6 +43,9 @@ config: # featureSupport: # MSC2448: # enabled: true +# sentry: +# enabled: true +# dsn: "https://examplekey@ingest.sentry.io/0" ## For setting extra parameters on the repo block, separated to avoid breaking ## the defaults when merging multiple configurations. From ed1fe25d805efdfb5c76fa3fb406785b513f483e Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 20 Mar 2021 19:07:12 +0100 Subject: [PATCH 06/13] matrix-synapse: Check for redis/postgres password --- charts/matrix-synapse/templates/deployment.yaml | 6 ++++++ charts/matrix-synapse/values.yaml | 9 +++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml index 4cab56c..32d06f8 100644 --- a/charts/matrix-synapse/templates/deployment.yaml +++ b/charts/matrix-synapse/templates/deployment.yaml @@ -1,4 +1,10 @@ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled (or .Values.persistence.enabled .Values.persistence.existingClaim) }} +{{- if (and .Values.postgresql.enabled (not .Values.postgresql.postgresqlPassword)) -}} +{{- fail "You must specify a static postgres password if using the included postgres chart" -}} +{{- end -}} +{{- if (and .Values.redis.enabled (and .Values.redis.usePassword (not .Values.redis.password))) -}} +{{- fail "You must specify a static redis password if using the included redis chart" -}} +{{- end -}} --- # Server: {{ required "A valid serverName is required" .Values.serverName }} apiVersion: apps/v1 diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index bdbf5b7..99bd8a6 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -485,6 +485,9 @@ wellknown: postgresql: enabled: true + # XXX Change me! + postgresqlPassword: synapse + postgresqlUsername: synapse postgresqlDatabase: synapse @@ -511,8 +514,10 @@ externalPostgresql: redis: enabled: true - # usePassword: false - # password: synapse + # XXX Change me! + usePassword: true + password: synapse + cluster: enabled: false master: From 8ae10004722fbd1990cd7a81c388874a6ebd916c Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 20 Mar 2021 20:17:37 +0100 Subject: [PATCH 07/13] matrix-synapse: Slight chart restructuring Now supports generic images, workers are moved closer to the new generic_worker design, additional worker configuration can be specified --- charts/matrix-synapse/scripts/signing-key.sh | 41 ++++++++++++++++++ .../templates/configuration-scripts.yaml | 9 ++++ .../matrix-synapse/templates/deployment.yaml | 12 ++++-- .../templates/signing-key-job.yaml | 18 ++++---- .../templates/worker-configuration.yaml | 16 ++++++- .../templates/worker-deployment.yaml | 8 +++- charts/matrix-synapse/values.yaml | 43 ++++++++++++++++++- 7 files changed, 129 insertions(+), 18 deletions(-) create mode 100644 charts/matrix-synapse/scripts/signing-key.sh create mode 100644 charts/matrix-synapse/templates/configuration-scripts.yaml diff --git a/charts/matrix-synapse/scripts/signing-key.sh b/charts/matrix-synapse/scripts/signing-key.sh new file mode 100644 index 0000000..5d1b941 --- /dev/null +++ b/charts/matrix-synapse/scripts/signing-key.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +set -eu + +check_key() { + set +e + + echo "Checking for existing signing key..." + key="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['signing\.key']}" 2> /dev/null)" + [ $? -ne 0 ] && return 1 + [ -z "$key" ] && return 2 + return 0 +} + +create_key() { + echo "Waiting for new signing key to be generated..." + begin=$(date +%s) + end=$((begin + 300)) # 5 minutes + while true; do + [ -f /synapse/keys/signing.key ] && return 0 + [ "$(date +%s)" -gt $end ] && return 1 + sleep 5 + done +} + +store_key() { + echo "Storing signing key in Kubernetes secret..." + kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"signing.key\":\"$(base64 /synapse/keys/signing.key | tr -d '\n')\"}}" +} + +if check_key; then + echo "Key already in place, exiting." + exit +fi + +if ! create_key; then + echo "Timed out waiting for a signing key to appear." + exit 1 +fi + +store_key diff --git a/charts/matrix-synapse/templates/configuration-scripts.yaml b/charts/matrix-synapse/templates/configuration-scripts.yaml new file mode 100644 index 0000000..a4e79fa --- /dev/null +++ b/charts/matrix-synapse/templates/configuration-scripts.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "matrix-synapse.fullname" . }}-scripts + labels: + {{- include "matrix-synapse.labels" . | nindent 4 }} +data: +{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }} diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml index 32d06f8..c7c444c 100644 --- a/charts/matrix-synapse/templates/deployment.yaml +++ b/charts/matrix-synapse/templates/deployment.yaml @@ -74,9 +74,9 @@ spec: {{- end }} {{- end }} - /matrix-synapse $@ - args: - - synapse.app.homeserver + exec python -B -m synapse.app.homeserver \ + -c /synapse/config/homeserver.yaml \ + -c /synapse/config/conf.d/ env: {{- $postgresPass := include "matrix-synapse.postgresql.password" . }} {{- if and .Values.postgresql.enabled (not $postgresPass) }} @@ -122,6 +122,8 @@ spec: volumeMounts: - name: config mountPath: /synapse/config + - name: scripts + mountPath: /opt/k8s-synapse - name: tmpconf mountPath: /synapse/config/conf.d - name: secrets @@ -139,6 +141,10 @@ spec: - name: config configMap: name: {{ include "matrix-synapse.fullname" . }} + - name: scripts + configMap: + name: {{ include "matrix-synapse.fullname" . }}-scripts + defaultMode: 0755 - name: secrets secret: secretName: {{ include "matrix-synapse.fullname" . }} diff --git a/charts/matrix-synapse/templates/signing-key-job.yaml b/charts/matrix-synapse/templates/signing-key-job.yaml index 9ca62b0..c7b5ecd 100644 --- a/charts/matrix-synapse/templates/signing-key-job.yaml +++ b/charts/matrix-synapse/templates/signing-key-job.yaml @@ -68,8 +68,6 @@ spec: - sh - -c - | - echo "Copying key upload script..." - cp /key-upload /scripts/ echo "Generating signing key..." /usr/local/bin/generate_signing_key.py -o /synapse/keys/signing.key image: "{{ .Values.image.repository }}:{{ include "matrix-synapse.imageTag" . }}" @@ -78,8 +76,6 @@ spec: resources: {{- toYaml .Values.signingkey.resources | nindent 12 }} volumeMounts: - - mountPath: /scripts - name: scripts - mountPath: /synapse/keys name: matrix-synapse-keys - command: @@ -88,13 +84,12 @@ spec: - | printf "Checking rights to update secret... " kubectl auth can-i update secret/${SECRET_NAME} - echo "Waiting for key upload script" - while ! [ -f /scripts/key-upload ]; do sleep 1; done - /scripts/key-upload + /scripts/signing-key.sh env: - name: SECRET_NAME value: {{ $secretName }} - image: bitnami/kubectl + image: "{{ .Values.signingkey.job.image.repository }}:{{ default .Values.signingkey.job.image.tag "latest" }}" + imagePullPolicy: {{ .Values.signingkey.job.image.pullPolicy }} name: signing-key-upload resources: {{- toYaml .Values.signingkey.resources | nindent 12 }} @@ -109,7 +104,12 @@ spec: serviceAccount: {{ $name }} volumes: - name: scripts - emptyDir: {} + configMap: + name: {{ include "matrix-synapse.fullname" . }}-scripts + defaultMode: 0755 - name: matrix-synapse-keys emptyDir: {} + parallelism: 1 + completions: 1 + backoffLimit: 1 {{- end }} diff --git a/charts/matrix-synapse/templates/worker-configuration.yaml b/charts/matrix-synapse/templates/worker-configuration.yaml index 58aee86..6c37b4b 100644 --- a/charts/matrix-synapse/templates/worker-configuration.yaml +++ b/charts/matrix-synapse/templates/worker-configuration.yaml @@ -21,7 +21,13 @@ data: {{- $name := $worker | replace "_" "-" }} {{ $name }}.worker: | - worker_app: "synapse.app.{{ $worker }}" + worker_app: "synapse.app.{{ $config.generic | ternary "generic_worker" $worker }}" +{{- if $config.name -}} +{{- if (ne $config.replicaCount 1) -}} +{{- fail "Replica count must be 1 if a worker has a unique name." -}} +{{- end }} + worker_name: {{ $config.name }} +{{- end }} worker_main_http_uri: http://{{ include "matrix-synapse.fullname" $ }}:8008 worker_replication_host: {{ include "matrix-synapse.replicationname" $ | quote }} @@ -45,11 +51,17 @@ data: x_forwarded: true resources: - - names: {{- toYaml $config.listeners | nindent 14 }} + - names: + {{- toYaml $config.listeners | nindent 14 }} compress: false {{- end }} worker_log_config: /synapse/config/log.yaml + {{- if $config.extraConfig }} + + # Extra config + {{ toYaml $config.extraConfig | nindent 4 }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml index c05ec1a..74cdd37 100644 --- a/charts/matrix-synapse/templates/worker-deployment.yaml +++ b/charts/matrix-synapse/templates/worker-deployment.yaml @@ -20,7 +20,8 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/worker-configuration.yaml") $ | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configuration.yaml") $ | sha256sum }} + checksum/worker-config: {{ include (print $.Template.BasePath "/worker-configuration.yaml") $ | sha256sum }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") $ | sha256sum }} {{- with ($config.annotations | default $default.annotations) }} {{ . | toYaml | nindent 8 }} @@ -62,7 +63,10 @@ spec: -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ > /synapse/config/conf.d/secrets.yaml - /matrix-synapse synapse.app.{{ $worker }} -c /synapse/config/{{ $name }}.worker + exec python -B -m synapse.app.{{ $config.generic | ternary "generic_worker" $worker }} \ + -c /synapse/config/homeserver.yaml \ + -c /synapse/config/conf.d/ \ + -c /synapse/config/{{ $name }}.worker env: {{- if $.Values.postgresql.enabled }} - name: POSTGRES_PASSWORD diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index 99bd8a6..b7f455e 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -31,6 +31,11 @@ signingkey: job: enabled: true + image: + repository: bitnami/kubectl + # tag: '' + pullPolicy: IfNotPresent + ## Specify an existing signing key secret, will need to be created in advance. ## # existingSecret: @@ -236,6 +241,13 @@ workers: ## replicaCount: 1 + ## A specific name for this worker, can't be set globally. + ## Note that this can only be set when replicaCount is 1 + #name: + + ## Additional configuration to set for the worker, can't be set globally. + #extraConfig: {} + ## Annotations to apply to the worker. ## annotations: {} @@ -303,6 +315,7 @@ workers: ## generic_worker: enabled: false + generic: true listeners: [client, federation] csPaths: # - "/_matrix/client/(v2_alpha|r0)/sync" @@ -350,9 +363,34 @@ workers: - "/_matrix/federation/v1/event_auth/" - "/_matrix/federation/v1/exchange_third_party_invite/" - "/_matrix/federation/v1/user/devices/" + - "/_matrix/federation/v1/send/" - "/_matrix/federation/v1/get_groups_publicised" - "/_matrix/key/v2/query" - - "/_matrix/federation/v1/send/" + + ## To separate the generic worker into specific concerns - for example federation transaction receiving; + ## NB; This worker should have incoming traffic routed based on source IP, which is + ## left as an exercise to the reader. + ## https://github.com/matrix-org/synapse/blob/develop/docs/workers.md#load-balancing + #federation_reader: + # enabled: true + # generic: true + # listeners: [federation] + # paths: + # - "/_matrix/federation/v1/send/" + + ## Or /sync handling. + ## NB; Care should be taken to route users to the same instance when scaling this worker, + ## this is left as an exercise to the reader. + ## https://github.com/matrix-org/synapse/blob/develop/docs/workers.md#load-balancing + #synchrotron: + # enabled: true + # generic: true + # listeners: [client] + # csPaths: + # - "/_matrix/client/(v2_alpha|r0)/sync" + # - "/_matrix/client/(api/v1|v2_alpha|r0)/events" + # - "/_matrix/client/(api/v1|r0)/initialSync" + # - "/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync" ## This worker deals with pushing notifications. ## NB; Only one instance of this worker can be run at a time, refer to the @@ -494,7 +532,8 @@ postgresql: postgresqlInitdbArgs: "--lc-collate=C --lc-ctype=C" persistence: - size: 16G + # storageClass: "-" + size: 16Gi ## An externally configured Postgres server to use for Synapse's database, note ## that the database needs to have both COLLATE and CTYPE set to "C". From 6cbb8bf9fdf8386534c26ae960a85c1cf6e03441 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 20 Mar 2021 20:34:51 +0100 Subject: [PATCH 08/13] matrix-synapse: Redo well-known server Now allows custom .well-known/matrix/{server,client} data to be provided --- charts/matrix-synapse/templates/ingress.yaml | 14 +++++++++----- .../templates/well-known-config.yaml | 15 ++++++++++++--- charts/matrix-synapse/templates/well-known.yaml | 3 +++ charts/matrix-synapse/values.yaml | 10 ++++++++-- 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/charts/matrix-synapse/templates/ingress.yaml b/charts/matrix-synapse/templates/ingress.yaml index 4995931..82bc1ff 100644 --- a/charts/matrix-synapse/templates/ingress.yaml +++ b/charts/matrix-synapse/templates/ingress.yaml @@ -109,17 +109,21 @@ spec: {{- end }} {{- if has . $wkHosts }} + {{- if $.Values.wellknown.enabled }} - path: /.well-known/matrix/client backend: - serviceName: {{ $fullName }} - servicePort: 8008 - - {{- if $.Values.wellknown.enabled }} + serviceName: {{ $wkName }} + servicePort: 80 - path: /.well-known/matrix/server backend: serviceName: {{ $wkName }} servicePort: 80 - {{- end }} + {{- else }} + - path: /.well-known/matrix/client + backend: + serviceName: {{ $fullName }} + servicePort: 8008 + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/matrix-synapse/templates/well-known-config.yaml b/charts/matrix-synapse/templates/well-known-config.yaml index 0d4a98a..8b9cef1 100644 --- a/charts/matrix-synapse/templates/well-known-config.yaml +++ b/charts/matrix-synapse/templates/well-known-config.yaml @@ -23,12 +23,11 @@ data: server.groupname = "lighttpd" server.document-root = {{ .Values.wellknown.htdocsPath | quote }} server.pid-file = "/run/lighttpd.pid" - server.errorlog = "/dev/stderr" url.rewrite-once = ( + "^/\.well-known/matrix/client" => "/client.json", "^/\.well-known/matrix/server" => "/server.json" ) status.status-url = "/server-status" - accesslog.filename = "/dev/stderr" extforward.forwarder = ( "all" => "trust") setenv.add-response-header = ( "access-control-allow-headers" => "Origin, X-Requested-With, Content-Type, Accept, Authorization", @@ -39,5 +38,15 @@ data: "content-type" => "application/json" ) server.json: |- +{{- if .Values.wellknown.server }} +{{ toJson .Values.wellknown.server | nindent 4 }} +{{- else }} {{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default (.Values.publicServerName | default .Values.serverName)) (.Values.wellknown.port | default 443)) | toJson | indent 4 }} -{{- end }} +{{- end }} + client.json: |- +{{- if .Values.wellknown.client }} +{{ toJson .Values.wellknown.client | nindent 4 }} +{{- else }} +{{ dict "m.homeserver" (dict "base_url" (printf "https://%s/" (.Values.publicServerName | default .Values.serverName))) | toJson | indent 4 }} +{{- end }} +{{- end -}} diff --git a/charts/matrix-synapse/templates/well-known.yaml b/charts/matrix-synapse/templates/well-known.yaml index 2d4e4b6..d00c0eb 100644 --- a/charts/matrix-synapse/templates/well-known.yaml +++ b/charts/matrix-synapse/templates/well-known.yaml @@ -64,6 +64,9 @@ spec: - mountPath: /etc/lighttpd/lighttpd.conf name: files subPath: lighttpd.conf + - mountPath: {{ .Values.wellknown.htdocsPath }}/client.json + name: files + subPath: client.json - mountPath: {{ .Values.wellknown.htdocsPath }}/server.json name: files subPath: server.json diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index b7f455e..6fc386a 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -456,8 +456,14 @@ wellknown: ## The host and port combo to serve on .well-known/matrix/server. ## - # host: matrix.example.com - # port: 443 + server: {} + # m.server: matrix.example.com:443 + + ## Data to serve on .well-known/matrix/client. + ## + client: {} + # m.homeserver: + # base_url: https://matrix.example.com ## A custom htdocs path, useful when running another image. ## From c13ac3d9a4dd3503838b7638fda6e66e2d7f2842 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 20 Mar 2021 20:44:38 +0100 Subject: [PATCH 09/13] matrix-synapse: Fix ternary with --set --- charts/matrix-synapse/templates/worker-configuration.yaml | 2 +- charts/matrix-synapse/templates/worker-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/matrix-synapse/templates/worker-configuration.yaml b/charts/matrix-synapse/templates/worker-configuration.yaml index 6c37b4b..7e6d5a4 100644 --- a/charts/matrix-synapse/templates/worker-configuration.yaml +++ b/charts/matrix-synapse/templates/worker-configuration.yaml @@ -21,7 +21,7 @@ data: {{- $name := $worker | replace "_" "-" }} {{ $name }}.worker: | - worker_app: "synapse.app.{{ $config.generic | ternary "generic_worker" $worker }}" + worker_app: "synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $worker }}" {{- if $config.name -}} {{- if (ne $config.replicaCount 1) -}} {{- fail "Replica count must be 1 if a worker has a unique name." -}} diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml index 74cdd37..3ab6385 100644 --- a/charts/matrix-synapse/templates/worker-deployment.yaml +++ b/charts/matrix-synapse/templates/worker-deployment.yaml @@ -63,7 +63,7 @@ spec: -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ > /synapse/config/conf.d/secrets.yaml - exec python -B -m synapse.app.{{ $config.generic | ternary "generic_worker" $worker }} \ + exec python -B -m synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $worker }} \ -c /synapse/config/homeserver.yaml \ -c /synapse/config/conf.d/ \ -c /synapse/config/{{ $name }}.worker From c302e50a1bfc33ff6bf0a666bb07c530ad9119a0 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 20 Mar 2021 20:48:26 +0100 Subject: [PATCH 10/13] matrix-synapse: Switch to upstream image --- charts/matrix-synapse/templates/_helpers.tpl | 2 +- charts/matrix-synapse/templates/worker-deployment.yaml | 2 +- charts/matrix-synapse/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/matrix-synapse/templates/_helpers.tpl b/charts/matrix-synapse/templates/_helpers.tpl index 27a0d02..06425a9 100644 --- a/charts/matrix-synapse/templates/_helpers.tpl +++ b/charts/matrix-synapse/templates/_helpers.tpl @@ -59,7 +59,7 @@ Create chart name and version as used by the chart label. Get the correct image tag name */}} {{- define "matrix-synapse.imageTag" -}} -{{- .Values.image.tag | default (printf "%s" .Chart.AppVersion) -}} +{{- .Values.image.tag | default (printf "v%s" .Chart.AppVersion) -}} {{- end -}} {{/* diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml index 3ab6385..74f7082 100644 --- a/charts/matrix-synapse/templates/worker-deployment.yaml +++ b/charts/matrix-synapse/templates/worker-deployment.yaml @@ -87,7 +87,7 @@ spec: {{- end }} securityContext: {{- $config.securityContext | default $default.securityContext | toYaml | nindent 12 }} - image: "{{ $.Values.image.repository }}:{{ $.Chart.AppVersion }}" + image: "{{ $.Values.image.repository }}:{{ include "matrix-synapse.imageTag" $ }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} ports: - name: metrics diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index 6fc386a..c57eb0d 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -2,7 +2,7 @@ ## Docker image configuration, used for Synapse and workers. ## image: - repository: ananace/matrix-synapse + repository: matrixdotorg/synapse ## Tag to override with, will default to the application version. ## # tag: '' From d10f9a6e4495c4dbdad8679bb440228f8be2a073 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 20 Mar 2021 20:54:35 +0100 Subject: [PATCH 11/13] matrix-synapse: Fix signing-key job updates No longer attempts to modify the signing-key job after it's first created --- charts/matrix-synapse/templates/signing-key-job.yaml | 10 +++++----- charts/matrix-synapse/values.yaml | 9 +++++++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/charts/matrix-synapse/templates/signing-key-job.yaml b/charts/matrix-synapse/templates/signing-key-job.yaml index c7b5ecd..b5d421e 100644 --- a/charts/matrix-synapse/templates/signing-key-job.yaml +++ b/charts/matrix-synapse/templates/signing-key-job.yaml @@ -69,9 +69,9 @@ spec: - -c - | echo "Generating signing key..." - /usr/local/bin/generate_signing_key.py -o /synapse/keys/signing.key - image: "{{ .Values.image.repository }}:{{ include "matrix-synapse.imageTag" . }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + generate_signing_key.py -o /synapse/keys/signing.key + image: "{{ .Values.signingkey.job.generateImage.repository }}:{{ default .Values.signingkey.job.generateImage.tag "latest" }}" + imagePullPolicy: {{ .Values.signingkey.job.generateImage.pullPolicy }} name: signing-key-generate resources: {{- toYaml .Values.signingkey.resources | nindent 12 }} @@ -88,8 +88,8 @@ spec: env: - name: SECRET_NAME value: {{ $secretName }} - image: "{{ .Values.signingkey.job.image.repository }}:{{ default .Values.signingkey.job.image.tag "latest" }}" - imagePullPolicy: {{ .Values.signingkey.job.image.pullPolicy }} + image: "{{ .Values.signingkey.job.publishImage.repository }}:{{ default .Values.signingkey.job.publishImage.tag "latest" }}" + imagePullPolicy: {{ .Values.signingkey.job.publishImage.pullPolicy }} name: signing-key-upload resources: {{- toYaml .Values.signingkey.resources | nindent 12 }} diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index c57eb0d..1327a95 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -31,9 +31,14 @@ signingkey: job: enabled: true - image: + generateImage: + repository: matrixdotorg/synapse + #tag: latest + pullPolicy: IfNotPresent + + publishImage: repository: bitnami/kubectl - # tag: '' + # tag: latest pullPolicy: IfNotPresent ## Specify an existing signing key secret, will need to be created in advance. From bfe668dd6cd679728a1e944a24d5c508f9f331d4 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 20 Mar 2021 20:55:14 +0100 Subject: [PATCH 12/13] matrix-synapse: Bump to 2.0.0 due to changes NB; Look over values carefully when upgrading --- charts/matrix-synapse/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/matrix-synapse/Chart.yaml b/charts/matrix-synapse/Chart.yaml index 75fe966..630f11c 100644 --- a/charts/matrix-synapse/Chart.yaml +++ b/charts/matrix-synapse/Chart.yaml @@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg appVersion: 1.29.0 type: application -version: 1.4.1 +version: 2.0.0 maintainers: - name: Alexander Olofsson email: ace@haxalot.com From 215217bd8c65beaa7daff2dd3d86fee6227a4a22 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Sat, 20 Mar 2021 21:05:57 +0100 Subject: [PATCH 13/13] matrix-synapse: Fix volumes type in values --- charts/matrix-synapse/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index 1327a95..54483a3 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -166,7 +166,7 @@ synapse: ## Additional volumes to mount into Synapse ## - extraVolumes: {} + extraVolumes: [] # - name: spamcheck # flexVolume: # driver: ananace/git-live @@ -174,7 +174,7 @@ synapse: # repo: https://github.com/company/synapse-module # interval: 1d # readOnly: true - extraVolumeMounts: {} + extraVolumeMounts: [] # - name: spamcheck # mountPath: /usr/local/lib/python3.7/site-packages/company @@ -271,8 +271,8 @@ workers: ## Additional volumes to add to the worker. ## Useful for the media repo, or for adding Python modules. ## - volumes: {} - volumeMounts: {} + volumes: [] + volumeMounts: [] ## Security context information to set to the worker. ##