diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7cbf49d --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +# Helm resources +charts/*/charts/*.tgz +charts/*/Chart.lock diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f08503c..331228a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,6 +16,10 @@ pages: name: codenest/helm entrypoint: ["/bin/sh", "-c"] stage: deploy + before_script: + - grep 'repository:' charts/*/Chart.yaml charts/*/requirements.yaml | awk '{ print $3 }' | uniq | xargs -rn1 sh -c 'helm repo add $(basename $0) $0' + - helm repo update + - ls -d1 charts/* | xargs -rn1 helm dependency build --skip-refresh script: - mkdir -p public - "echo \"User-Agent: *\nDisallow: /\" > ./public/robots.txt" diff --git a/charts/element-web/Chart.yaml b/charts/element-web/Chart.yaml index fdffe8b..aaa75cb 100644 --- a/charts/element-web/Chart.yaml +++ b/charts/element-web/Chart.yaml @@ -7,10 +7,10 @@ description: | Talk to everyone through the open global Matrix network, protected by proper end-to-end encryption. icon: https://element.io/images/element-logo.svg -appVersion: 1.7.22 +appVersion: 1.7.23 type: application -version: 1.0.17 +version: 1.0.18 maintainers: - name: Alexander Olofsson diff --git a/charts/funkwhale/Chart.yaml b/charts/funkwhale/Chart.yaml index e10bcb7..209d84b 100644 --- a/charts/funkwhale/Chart.yaml +++ b/charts/funkwhale/Chart.yaml @@ -1,7 +1,13 @@ --- -apiVersion: v1 -appVersion: "1.0.1" +apiVersion: v2 +appVersion: "1.1" description: A social platform to enjoy and share music icon: https://funkwhale.audio/favicon.png name: funkwhale -version: 0.3.6 +version: 0.3.7 + +dependencies: +- name: redis + version: ~10.6.10 + repository: https://charts.bitnami.com/bitnami + condition: redis.enabled diff --git a/charts/funkwhale/charts/redis-10.6.10.tgz b/charts/funkwhale/charts/redis-10.6.10.tgz deleted file mode 100644 index d9a93c6..0000000 Binary files a/charts/funkwhale/charts/redis-10.6.10.tgz and /dev/null differ diff --git a/charts/funkwhale/requirements.lock b/charts/funkwhale/requirements.lock deleted file mode 100644 index 4f878f5..0000000 --- a/charts/funkwhale/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: redis - repository: https://charts.bitnami.com/bitnami - version: 10.6.10 -digest: sha256:5a929e0124864ab7fbe29c01fcbe1a23e4532dd0912abcb8bc185fff5f4e65f3 -generated: "2020-04-24T11:47:31.68381778+02:00" diff --git a/charts/funkwhale/requirements.yaml b/charts/funkwhale/requirements.yaml deleted file mode 100644 index 153994b..0000000 --- a/charts/funkwhale/requirements.yaml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - name: redis - version: ~10.6.10 - repository: https://charts.bitnami.com/bitnami diff --git a/charts/funkwhale/templates/_helpers.tpl b/charts/funkwhale/templates/_helpers.tpl index 46d57eb..5bf807d 100644 --- a/charts/funkwhale/templates/_helpers.tpl +++ b/charts/funkwhale/templates/_helpers.tpl @@ -7,11 +7,7 @@ Expand the name of the chart. {{- end -}} {{- define "funkwhale.dbUrl" -}} -postgres://{{ .Values.database.user}}:{{ .Values.database.password }}@{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.database }} -{{- end -}} - -{{- define "funkwhale.redisUrl" -}} -redis://:{{ .Values.redis.password }}@{{ .Values.redis.host }}:{{ .Values.redis.redisPort }}/0 +postgres://{{ .Values.database.user }}:{{ .Values.database.password }}@{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.database }} {{- end -}} {{/* @@ -45,3 +41,15 @@ Create the correct image tag name {{- define "funkwhale.imageTag" -}} {{- .Values.image.tag | default .Chart.AppVersion -}} {{- end -}} + +{{- define "funkwhale.redisUrl" -}} +{{- if and .Values.redis.enabled .Values.redis.host -}} +{{ fail "Setting both redis.enabled and redis.host will deploy an internal Redis service and attempt to use an external one - please set only one of the two!" }} +{{- else if .Values.redis.enabled -}} +redis://:{{ .Values.redis.password }}@{{ template "funkwhale.fullname" . }}-redis-master:{{ .Values.redis.redisPort }}/0 +{{- else if .Values.redis.host -}} +redis://:{{ .Values.redis.password }}@{{ .Values.redis.host }}:{{ .Values.redis.redisPort }}/0 +{{- else -}} +{{ fail "Either redis.enabled or redis.host are required!" }} +{{- end -}} +{{- end -}} diff --git a/charts/funkwhale/templates/secret.yaml b/charts/funkwhale/templates/secret.yaml index fbc05a1..77f68a6 100644 --- a/charts/funkwhale/templates/secret.yaml +++ b/charts/funkwhale/templates/secret.yaml @@ -1,3 +1,5 @@ +{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "funkwhale.fullname" .)) -}} + apiVersion: v1 kind: Secret metadata: @@ -10,7 +12,11 @@ metadata: data: CACHE_URL: {{ include "funkwhale.redisUrl" . | b64enc }} DATABASE_URL: {{ include "funkwhale.dbUrl" . | b64enc }} - DJANGO_SECRET_KEY: {{ .Values.djangoSecret | b64enc }} + {{ if $secret -}} + DJANGO_SECRET_KEY: {{ $secret.data.DJANGO_SECRET_KEY }} + {{ else -}} + DJANGO_SECRET_KEY: {{ (.Values.djangoSecret | default uuidv4) | b64enc }} + {{ end }} {{- range $key, $val := .Values.extraSecret }} {{ $key }}: {{ $val | b64enc }} diff --git a/charts/funkwhale/values.yaml b/charts/funkwhale/values.yaml index 0799963..0e21573 100644 --- a/charts/funkwhale/values.yaml +++ b/charts/funkwhale/values.yaml @@ -47,6 +47,14 @@ database: database: funkwhale redis: + # If you already have a Redis service you'd like to use, set + # this to false and adjust the host to use your existing service. + enabled: true + + host: '' + redisPort: 6379 + password: 'funkwhale' + cluster: enabled: false master: @@ -55,9 +63,6 @@ redis: slave: persistence: enabled: false - password: funkwhale - redisPort: 6379 - host: {{ template "funkwhale.fullname" . }}-redis-master djangoSecret: '' diff --git a/charts/matrix-media-repo/Chart.yaml b/charts/matrix-media-repo/Chart.yaml index cda399e..a81a020 100644 --- a/charts/matrix-media-repo/Chart.yaml +++ b/charts/matrix-media-repo/Chart.yaml @@ -2,10 +2,10 @@ apiVersion: v2 name: matrix-media-repo description: Matrix media repository with multi-domain in mind. -appVersion: 1.2.4 +appVersion: 1.2.5 type: application -version: 1.0.2 +version: 1.0.3 maintainers: - name: Alexander Olofsson email: ace@haxalot.com diff --git a/charts/matrix-media-repo/charts/postgresql-8.9.9.tgz b/charts/matrix-media-repo/charts/postgresql-8.9.9.tgz deleted file mode 100644 index 6cfc3bb..0000000 Binary files a/charts/matrix-media-repo/charts/postgresql-8.9.9.tgz and /dev/null differ diff --git a/charts/matrix-media-repo/values.yaml b/charts/matrix-media-repo/values.yaml index a6e4802..a51eec3 100644 --- a/charts/matrix-media-repo/values.yaml +++ b/charts/matrix-media-repo/values.yaml @@ -43,6 +43,9 @@ config: # featureSupport: # MSC2448: # enabled: true +# sentry: +# enabled: true +# dsn: "https://examplekey@ingest.sentry.io/0" ## For setting extra parameters on the repo block, separated to avoid breaking ## the defaults when merging multiple configurations. diff --git a/charts/matrix-synapse/Chart.yaml b/charts/matrix-synapse/Chart.yaml index 75fe966..645f810 100644 --- a/charts/matrix-synapse/Chart.yaml +++ b/charts/matrix-synapse/Chart.yaml @@ -3,10 +3,10 @@ apiVersion: v2 name: matrix-synapse description: Matrix reference homeserver icon: https://matrix.org/images/matrix-logo.svg -appVersion: 1.29.0 +appVersion: 1.30.0 type: application -version: 1.4.1 +version: 2.0.1 maintainers: - name: Alexander Olofsson email: ace@haxalot.com diff --git a/charts/matrix-synapse/charts/postgresql-8.9.9.tgz b/charts/matrix-synapse/charts/postgresql-8.9.9.tgz deleted file mode 100644 index 6cfc3bb..0000000 Binary files a/charts/matrix-synapse/charts/postgresql-8.9.9.tgz and /dev/null differ diff --git a/charts/matrix-synapse/charts/redis-10.6.19.tgz b/charts/matrix-synapse/charts/redis-10.6.19.tgz deleted file mode 100644 index c69d46f..0000000 Binary files a/charts/matrix-synapse/charts/redis-10.6.19.tgz and /dev/null differ diff --git a/charts/matrix-synapse/scripts/signing-key.sh b/charts/matrix-synapse/scripts/signing-key.sh new file mode 100644 index 0000000..5d1b941 --- /dev/null +++ b/charts/matrix-synapse/scripts/signing-key.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +set -eu + +check_key() { + set +e + + echo "Checking for existing signing key..." + key="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['signing\.key']}" 2> /dev/null)" + [ $? -ne 0 ] && return 1 + [ -z "$key" ] && return 2 + return 0 +} + +create_key() { + echo "Waiting for new signing key to be generated..." + begin=$(date +%s) + end=$((begin + 300)) # 5 minutes + while true; do + [ -f /synapse/keys/signing.key ] && return 0 + [ "$(date +%s)" -gt $end ] && return 1 + sleep 5 + done +} + +store_key() { + echo "Storing signing key in Kubernetes secret..." + kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"signing.key\":\"$(base64 /synapse/keys/signing.key | tr -d '\n')\"}}" +} + +if check_key; then + echo "Key already in place, exiting." + exit +fi + +if ! create_key; then + echo "Timed out waiting for a signing key to appear." + exit 1 +fi + +store_key diff --git a/charts/matrix-synapse/templates/_helpers.tpl b/charts/matrix-synapse/templates/_helpers.tpl index 27a0d02..06425a9 100644 --- a/charts/matrix-synapse/templates/_helpers.tpl +++ b/charts/matrix-synapse/templates/_helpers.tpl @@ -59,7 +59,7 @@ Create chart name and version as used by the chart label. Get the correct image tag name */}} {{- define "matrix-synapse.imageTag" -}} -{{- .Values.image.tag | default (printf "%s" .Chart.AppVersion) -}} +{{- .Values.image.tag | default (printf "v%s" .Chart.AppVersion) -}} {{- end -}} {{/* diff --git a/charts/matrix-synapse/templates/configuration-scripts.yaml b/charts/matrix-synapse/templates/configuration-scripts.yaml new file mode 100644 index 0000000..a4e79fa --- /dev/null +++ b/charts/matrix-synapse/templates/configuration-scripts.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "matrix-synapse.fullname" . }}-scripts + labels: + {{- include "matrix-synapse.labels" . | nindent 4 }} +data: +{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }} diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml index 4cab56c..c7c444c 100644 --- a/charts/matrix-synapse/templates/deployment.yaml +++ b/charts/matrix-synapse/templates/deployment.yaml @@ -1,4 +1,10 @@ {{- $needsVolumePermissions := and .Values.volumePermissions.enabled (or .Values.persistence.enabled .Values.persistence.existingClaim) }} +{{- if (and .Values.postgresql.enabled (not .Values.postgresql.postgresqlPassword)) -}} +{{- fail "You must specify a static postgres password if using the included postgres chart" -}} +{{- end -}} +{{- if (and .Values.redis.enabled (and .Values.redis.usePassword (not .Values.redis.password))) -}} +{{- fail "You must specify a static redis password if using the included redis chart" -}} +{{- end -}} --- # Server: {{ required "A valid serverName is required" .Values.serverName }} apiVersion: apps/v1 @@ -68,9 +74,9 @@ spec: {{- end }} {{- end }} - /matrix-synapse $@ - args: - - synapse.app.homeserver + exec python -B -m synapse.app.homeserver \ + -c /synapse/config/homeserver.yaml \ + -c /synapse/config/conf.d/ env: {{- $postgresPass := include "matrix-synapse.postgresql.password" . }} {{- if and .Values.postgresql.enabled (not $postgresPass) }} @@ -116,6 +122,8 @@ spec: volumeMounts: - name: config mountPath: /synapse/config + - name: scripts + mountPath: /opt/k8s-synapse - name: tmpconf mountPath: /synapse/config/conf.d - name: secrets @@ -133,6 +141,10 @@ spec: - name: config configMap: name: {{ include "matrix-synapse.fullname" . }} + - name: scripts + configMap: + name: {{ include "matrix-synapse.fullname" . }}-scripts + defaultMode: 0755 - name: secrets secret: secretName: {{ include "matrix-synapse.fullname" . }} diff --git a/charts/matrix-synapse/templates/ingress.yaml b/charts/matrix-synapse/templates/ingress.yaml index 4995931..82bc1ff 100644 --- a/charts/matrix-synapse/templates/ingress.yaml +++ b/charts/matrix-synapse/templates/ingress.yaml @@ -109,17 +109,21 @@ spec: {{- end }} {{- if has . $wkHosts }} + {{- if $.Values.wellknown.enabled }} - path: /.well-known/matrix/client backend: - serviceName: {{ $fullName }} - servicePort: 8008 - - {{- if $.Values.wellknown.enabled }} + serviceName: {{ $wkName }} + servicePort: 80 - path: /.well-known/matrix/server backend: serviceName: {{ $wkName }} servicePort: 80 - {{- end }} + {{- else }} + - path: /.well-known/matrix/client + backend: + serviceName: {{ $fullName }} + servicePort: 8008 + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/matrix-synapse/templates/signing-key-job.yaml b/charts/matrix-synapse/templates/signing-key-job.yaml index 9ca62b0..b5d421e 100644 --- a/charts/matrix-synapse/templates/signing-key-job.yaml +++ b/charts/matrix-synapse/templates/signing-key-job.yaml @@ -68,18 +68,14 @@ spec: - sh - -c - | - echo "Copying key upload script..." - cp /key-upload /scripts/ echo "Generating signing key..." - /usr/local/bin/generate_signing_key.py -o /synapse/keys/signing.key - image: "{{ .Values.image.repository }}:{{ include "matrix-synapse.imageTag" . }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + generate_signing_key.py -o /synapse/keys/signing.key + image: "{{ .Values.signingkey.job.generateImage.repository }}:{{ default .Values.signingkey.job.generateImage.tag "latest" }}" + imagePullPolicy: {{ .Values.signingkey.job.generateImage.pullPolicy }} name: signing-key-generate resources: {{- toYaml .Values.signingkey.resources | nindent 12 }} volumeMounts: - - mountPath: /scripts - name: scripts - mountPath: /synapse/keys name: matrix-synapse-keys - command: @@ -88,13 +84,12 @@ spec: - | printf "Checking rights to update secret... " kubectl auth can-i update secret/${SECRET_NAME} - echo "Waiting for key upload script" - while ! [ -f /scripts/key-upload ]; do sleep 1; done - /scripts/key-upload + /scripts/signing-key.sh env: - name: SECRET_NAME value: {{ $secretName }} - image: bitnami/kubectl + image: "{{ .Values.signingkey.job.publishImage.repository }}:{{ default .Values.signingkey.job.publishImage.tag "latest" }}" + imagePullPolicy: {{ .Values.signingkey.job.publishImage.pullPolicy }} name: signing-key-upload resources: {{- toYaml .Values.signingkey.resources | nindent 12 }} @@ -109,7 +104,12 @@ spec: serviceAccount: {{ $name }} volumes: - name: scripts - emptyDir: {} + configMap: + name: {{ include "matrix-synapse.fullname" . }}-scripts + defaultMode: 0755 - name: matrix-synapse-keys emptyDir: {} + parallelism: 1 + completions: 1 + backoffLimit: 1 {{- end }} diff --git a/charts/matrix-synapse/templates/well-known-config.yaml b/charts/matrix-synapse/templates/well-known-config.yaml index 0d4a98a..8b9cef1 100644 --- a/charts/matrix-synapse/templates/well-known-config.yaml +++ b/charts/matrix-synapse/templates/well-known-config.yaml @@ -23,12 +23,11 @@ data: server.groupname = "lighttpd" server.document-root = {{ .Values.wellknown.htdocsPath | quote }} server.pid-file = "/run/lighttpd.pid" - server.errorlog = "/dev/stderr" url.rewrite-once = ( + "^/\.well-known/matrix/client" => "/client.json", "^/\.well-known/matrix/server" => "/server.json" ) status.status-url = "/server-status" - accesslog.filename = "/dev/stderr" extforward.forwarder = ( "all" => "trust") setenv.add-response-header = ( "access-control-allow-headers" => "Origin, X-Requested-With, Content-Type, Accept, Authorization", @@ -39,5 +38,15 @@ data: "content-type" => "application/json" ) server.json: |- +{{- if .Values.wellknown.server }} +{{ toJson .Values.wellknown.server | nindent 4 }} +{{- else }} {{ dict "m.server" (printf "%s:%d" (.Values.wellknown.host | default (.Values.publicServerName | default .Values.serverName)) (.Values.wellknown.port | default 443)) | toJson | indent 4 }} -{{- end }} +{{- end }} + client.json: |- +{{- if .Values.wellknown.client }} +{{ toJson .Values.wellknown.client | nindent 4 }} +{{- else }} +{{ dict "m.homeserver" (dict "base_url" (printf "https://%s/" (.Values.publicServerName | default .Values.serverName))) | toJson | indent 4 }} +{{- end }} +{{- end -}} diff --git a/charts/matrix-synapse/templates/well-known.yaml b/charts/matrix-synapse/templates/well-known.yaml index 2d4e4b6..d00c0eb 100644 --- a/charts/matrix-synapse/templates/well-known.yaml +++ b/charts/matrix-synapse/templates/well-known.yaml @@ -64,6 +64,9 @@ spec: - mountPath: /etc/lighttpd/lighttpd.conf name: files subPath: lighttpd.conf + - mountPath: {{ .Values.wellknown.htdocsPath }}/client.json + name: files + subPath: client.json - mountPath: {{ .Values.wellknown.htdocsPath }}/server.json name: files subPath: server.json diff --git a/charts/matrix-synapse/templates/worker-configuration.yaml b/charts/matrix-synapse/templates/worker-configuration.yaml index 58aee86..7e6d5a4 100644 --- a/charts/matrix-synapse/templates/worker-configuration.yaml +++ b/charts/matrix-synapse/templates/worker-configuration.yaml @@ -21,7 +21,13 @@ data: {{- $name := $worker | replace "_" "-" }} {{ $name }}.worker: | - worker_app: "synapse.app.{{ $worker }}" + worker_app: "synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $worker }}" +{{- if $config.name -}} +{{- if (ne $config.replicaCount 1) -}} +{{- fail "Replica count must be 1 if a worker has a unique name." -}} +{{- end }} + worker_name: {{ $config.name }} +{{- end }} worker_main_http_uri: http://{{ include "matrix-synapse.fullname" $ }}:8008 worker_replication_host: {{ include "matrix-synapse.replicationname" $ | quote }} @@ -45,11 +51,17 @@ data: x_forwarded: true resources: - - names: {{- toYaml $config.listeners | nindent 14 }} + - names: + {{- toYaml $config.listeners | nindent 14 }} compress: false {{- end }} worker_log_config: /synapse/config/log.yaml + {{- if $config.extraConfig }} + + # Extra config + {{ toYaml $config.extraConfig | nindent 4 }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml index c05ec1a..74f7082 100644 --- a/charts/matrix-synapse/templates/worker-deployment.yaml +++ b/charts/matrix-synapse/templates/worker-deployment.yaml @@ -20,7 +20,8 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/worker-configuration.yaml") $ | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configuration.yaml") $ | sha256sum }} + checksum/worker-config: {{ include (print $.Template.BasePath "/worker-configuration.yaml") $ | sha256sum }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") $ | sha256sum }} {{- with ($config.annotations | default $default.annotations) }} {{ . | toYaml | nindent 8 }} @@ -62,7 +63,10 @@ spec: -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ > /synapse/config/conf.d/secrets.yaml - /matrix-synapse synapse.app.{{ $worker }} -c /synapse/config/{{ $name }}.worker + exec python -B -m synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $worker }} \ + -c /synapse/config/homeserver.yaml \ + -c /synapse/config/conf.d/ \ + -c /synapse/config/{{ $name }}.worker env: {{- if $.Values.postgresql.enabled }} - name: POSTGRES_PASSWORD @@ -83,7 +87,7 @@ spec: {{- end }} securityContext: {{- $config.securityContext | default $default.securityContext | toYaml | nindent 12 }} - image: "{{ $.Values.image.repository }}:{{ $.Chart.AppVersion }}" + image: "{{ $.Values.image.repository }}:{{ include "matrix-synapse.imageTag" $ }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} ports: - name: metrics diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index bdbf5b7..cb38ddb 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -2,7 +2,7 @@ ## Docker image configuration, used for Synapse and workers. ## image: - repository: ananace/matrix-synapse + repository: matrixdotorg/synapse ## Tag to override with, will default to the application version. ## # tag: '' @@ -31,6 +31,16 @@ signingkey: job: enabled: true + generateImage: + repository: matrixdotorg/synapse + #tag: latest + pullPolicy: IfNotPresent + + publishImage: + repository: bitnami/kubectl + # tag: latest + pullPolicy: IfNotPresent + ## Specify an existing signing key secret, will need to be created in advance. ## # existingSecret: @@ -149,14 +159,14 @@ synapse: ## Additional environment variables to apply to the main Synapse pod ## extraEnv: {} - # - name: USE_JEMALLOC - # value: "1" + # - name: LD_PRELOAD + # value: /usr/lib/x86_64-linux-gnu/libjemalloc.so.2 # - name: SYNAPSE_CACHE_FACTOR # value: "2" ## Additional volumes to mount into Synapse ## - extraVolumes: {} + extraVolumes: [] # - name: spamcheck # flexVolume: # driver: ananace/git-live @@ -164,7 +174,7 @@ synapse: # repo: https://github.com/company/synapse-module # interval: 1d # readOnly: true - extraVolumeMounts: {} + extraVolumeMounts: [] # - name: spamcheck # mountPath: /usr/local/lib/python3.7/site-packages/company @@ -236,6 +246,13 @@ workers: ## replicaCount: 1 + ## A specific name for this worker, can't be set globally. + ## Note that this can only be set when replicaCount is 1 + #name: + + ## Additional configuration to set for the worker, can't be set globally. + #extraConfig: {} + ## Annotations to apply to the worker. ## annotations: {} @@ -246,16 +263,16 @@ workers: ## Additional environment variables to add to the worker. ## extraEnv: {} - # - name: USE_JEMALLOC - # value: "1" + # - name: LD_PRELOAD + # value: /usr/lib/x86_64-linux-gnu/libjemalloc.so.2 # - name: SYNAPSE_CACHE_FACTOR # value: "1.0" ## Additional volumes to add to the worker. ## Useful for the media repo, or for adding Python modules. ## - volumes: {} - volumeMounts: {} + volumes: [] + volumeMounts: [] ## Security context information to set to the worker. ## @@ -303,6 +320,7 @@ workers: ## generic_worker: enabled: false + generic: true listeners: [client, federation] csPaths: # - "/_matrix/client/(v2_alpha|r0)/sync" @@ -350,9 +368,34 @@ workers: - "/_matrix/federation/v1/event_auth/" - "/_matrix/federation/v1/exchange_third_party_invite/" - "/_matrix/federation/v1/user/devices/" + - "/_matrix/federation/v1/send/" - "/_matrix/federation/v1/get_groups_publicised" - "/_matrix/key/v2/query" - - "/_matrix/federation/v1/send/" + + ## To separate the generic worker into specific concerns - for example federation transaction receiving; + ## NB; This worker should have incoming traffic routed based on source IP, which is + ## left as an exercise to the reader. + ## https://github.com/matrix-org/synapse/blob/develop/docs/workers.md#load-balancing + #federation_reader: + # enabled: true + # generic: true + # listeners: [federation] + # paths: + # - "/_matrix/federation/v1/send/" + + ## Or /sync handling. + ## NB; Care should be taken to route users to the same instance when scaling this worker, + ## this is left as an exercise to the reader. + ## https://github.com/matrix-org/synapse/blob/develop/docs/workers.md#load-balancing + #synchrotron: + # enabled: true + # generic: true + # listeners: [client] + # csPaths: + # - "/_matrix/client/(v2_alpha|r0)/sync" + # - "/_matrix/client/(api/v1|v2_alpha|r0)/events" + # - "/_matrix/client/(api/v1|r0)/initialSync" + # - "/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync" ## This worker deals with pushing notifications. ## NB; Only one instance of this worker can be run at a time, refer to the @@ -418,8 +461,14 @@ wellknown: ## The host and port combo to serve on .well-known/matrix/server. ## - # host: matrix.example.com - # port: 443 + server: {} + # m.server: matrix.example.com:443 + + ## Data to serve on .well-known/matrix/client. + ## + client: {} + # m.homeserver: + # base_url: https://matrix.example.com ## A custom htdocs path, useful when running another image. ## @@ -485,13 +534,17 @@ wellknown: postgresql: enabled: true + # XXX Change me! + postgresqlPassword: synapse + postgresqlUsername: synapse postgresqlDatabase: synapse postgresqlInitdbArgs: "--lc-collate=C --lc-ctype=C" persistence: - size: 16G + # storageClass: "-" + size: 16Gi ## An externally configured Postgres server to use for Synapse's database, note ## that the database needs to have both COLLATE and CTYPE set to "C". @@ -511,8 +564,10 @@ externalPostgresql: redis: enabled: true - # usePassword: false - # password: synapse + # XXX Change me! + usePassword: true + password: synapse + cluster: enabled: false master: diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml index 9186452..c2a88d1 100644 --- a/charts/netbox/Chart.yaml +++ b/charts/netbox/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v1 -appVersion: 2.10.5 +appVersion: 2.10.6 description: | An IP address management (IPAM) and data center infrastructure management (DCIM) tool. @@ -8,4 +8,4 @@ description: | https://github.com/netbox-community/netbox-docker/releases/tag/1.0.0 for more info. icon: https://raw.githubusercontent.com/digitalocean/netbox/develop/netbox/project-static/img/netbox.ico name: netbox -version: 3.0.2 +version: 3.0.3 diff --git a/charts/netbox/charts/postgresql-8.9.4.tgz b/charts/netbox/charts/postgresql-8.9.4.tgz deleted file mode 100644 index bdd8270..0000000 Binary files a/charts/netbox/charts/postgresql-8.9.4.tgz and /dev/null differ diff --git a/charts/netbox/charts/redis-10.6.12.tgz b/charts/netbox/charts/redis-10.6.12.tgz deleted file mode 100644 index 8cb043e..0000000 Binary files a/charts/netbox/charts/redis-10.6.12.tgz and /dev/null differ