Load external postgresql and redis passwords from existing secrets
This commit is contained in:
parent
0a43690170
commit
6a969afbcb
5 changed files with 41 additions and 8 deletions
|
@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg
|
|||
appVersion: 1.44.0
|
||||
|
||||
type: application
|
||||
version: 2.1.12
|
||||
version: 2.1.13-rc-1
|
||||
maintainers:
|
||||
- name: Alexander Olofsson
|
||||
email: ace@haxalot.com
|
||||
|
|
|
@ -170,7 +170,7 @@ Set postgresql password
|
|||
{{- define "matrix-synapse.postgresql.password" -}}
|
||||
{{- if .Values.postgresql.enabled -}}
|
||||
{{- default "" .Values.postgresql.postgresqlPassword }}
|
||||
{{- else -}}
|
||||
{{- else if not (and .Values.externalPostgresql.existingSecret .Values.externalPostgresql.existingSecretPasswordKey) -}}
|
||||
{{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
@ -255,7 +255,7 @@ Set redis password
|
|||
{{- define "matrix-synapse.redis.password" -}}
|
||||
{{- if .Values.redis.enabled -}}
|
||||
{{ .Values.redis.password }}
|
||||
{{- else -}}
|
||||
{{- else if .Values.externalRedis.password -}}
|
||||
{{ .Values.externalRedis.password }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -81,19 +81,29 @@ spec:
|
|||
-c /synapse/config/homeserver.yaml \
|
||||
-c /synapse/config/conf.d/
|
||||
env:
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
{{- if or .Values.postgresql.enabled .Values.externalPostgresql.existingSecret }}
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.postgresql.enabled }}
|
||||
name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" .) }}
|
||||
key: postgresql-password
|
||||
{{- else }}
|
||||
name: {{ .Values.externalPostgresql.existingSecret }}
|
||||
key: {{ .Values.externalPostgresql.existingSecretPasswordKey }}
|
||||
{{- end }}
|
||||
{{- if and .Values.redis.enabled (default .Values.redis.usePassword true) }}
|
||||
{{- end }}
|
||||
{{- if or (and .Values.redis.enabled (default .Values.redis.usePassword true)) .Values.externalRedis.existingSecret }}
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if .Values.redis.enabled }}
|
||||
name: {{ .Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" .) }}
|
||||
key: redis-password
|
||||
{{- else }}
|
||||
name: {{ .Values.externalRedis.existingSecret }}
|
||||
key: {{ .Values.externalRedis.existingSecretPasswordKey }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- with .Values.synapse.extraEnv }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
|
|
|
@ -73,7 +73,7 @@ spec:
|
|||
|
||||
{{- with $config.extraCommands | default $default.extraCommands }}
|
||||
{{ range . }}
|
||||
{{ . }}
|
||||
{{ . | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -83,19 +83,29 @@ spec:
|
|||
-c /synapse/config/conf.d/ \
|
||||
-c /synapse/config/{{ $name }}.worker
|
||||
env:
|
||||
{{- if $.Values.postgresql.enabled }}
|
||||
{{- if or $.Values.postgresql.enabled $.Values.externalPostgresql.existingSecret }}
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if $.Values.postgresql.enabled }}
|
||||
name: {{ $.Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }}
|
||||
key: postgresql-password
|
||||
{{- else }}
|
||||
name: {{ $.Values.externalPostgresql.existingSecret }}
|
||||
key: {{ $.Values.externalPostgresql.existingSecretPasswordKey }}
|
||||
{{- end }}
|
||||
{{- if and $.Values.redis.enabled (default $.Values.redis.usePassword true) }}
|
||||
{{- end }}
|
||||
{{- if or (and $.Values.redis.enabled (default $.Values.redis.usePassword true)) $.Values.externalRedis.existingSecret }}
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- if $.Values.redis.enabled }}
|
||||
name: {{ $.Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" $) }}
|
||||
key: redis-password
|
||||
{{- else }}
|
||||
name: {{ $.Values.externalRedis.existingSecret }}
|
||||
key: {{ $.Values.externalRedis.existingSecretPasswordKey }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- with $config.extraEnv | default $default.extraEnv }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
|
|
|
@ -619,6 +619,13 @@ externalPostgresql:
|
|||
port: 5432
|
||||
username: synapse
|
||||
# password: synapse
|
||||
|
||||
## The name of an existing secret with postgresql credentials
|
||||
#existingSecret: postgres-secrets
|
||||
|
||||
## Password key to be retrieved from existing secret
|
||||
#existingSecretPasswordKey: postgres-password
|
||||
|
||||
database: synapse
|
||||
# sslmode: prefer
|
||||
|
||||
|
@ -661,6 +668,12 @@ externalRedis:
|
|||
port: 6379
|
||||
# password: synapse
|
||||
|
||||
## The name of an existing secret with redis credentials
|
||||
#existingSecret: redis-secrets
|
||||
|
||||
## Password key to be retrieved from existing secret
|
||||
#existingSecretPasswordKey: redis-password
|
||||
|
||||
## Persistence configuration for the media repository function.
|
||||
## This PVC will be mounted in either Synapse or a media_repo worker.
|
||||
##
|
||||
|
|
Loading…
Reference in a new issue