Load external postgresql and redis passwords from existing secrets

This commit is contained in:
Nicolas Bonneval 2021-10-11 22:43:35 +02:00
parent 0a43690170
commit 6a969afbcb
5 changed files with 41 additions and 8 deletions

View file

@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg
appVersion: 1.44.0
type: application
version: 2.1.12
version: 2.1.13-rc-1
maintainers:
- name: Alexander Olofsson
email: ace@haxalot.com

View file

@ -170,7 +170,7 @@ Set postgresql password
{{- define "matrix-synapse.postgresql.password" -}}
{{- if .Values.postgresql.enabled -}}
{{- default "" .Values.postgresql.postgresqlPassword }}
{{- else -}}
{{- else if not (and .Values.externalPostgresql.existingSecret .Values.externalPostgresql.existingSecretPasswordKey) -}}
{{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }}
{{- end -}}
{{- end -}}
@ -255,7 +255,7 @@ Set redis password
{{- define "matrix-synapse.redis.password" -}}
{{- if .Values.redis.enabled -}}
{{ .Values.redis.password }}
{{- else -}}
{{- else if .Values.externalRedis.password -}}
{{ .Values.externalRedis.password }}
{{- end -}}
{{- end -}}

View file

@ -81,19 +81,29 @@ spec:
-c /synapse/config/homeserver.yaml \
-c /synapse/config/conf.d/
env:
{{- if .Values.postgresql.enabled }}
{{- if or .Values.postgresql.enabled .Values.externalPostgresql.existingSecret }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.enabled }}
name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" .) }}
key: postgresql-password
{{- else }}
name: {{ .Values.externalPostgresql.existingSecret }}
key: {{ .Values.externalPostgresql.existingSecretPasswordKey }}
{{- end }}
{{- end }}
{{- if and .Values.redis.enabled (default .Values.redis.usePassword true) }}
{{- if or (and .Values.redis.enabled (default .Values.redis.usePassword true)) .Values.externalRedis.existingSecret }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.redis.enabled }}
name: {{ .Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" .) }}
key: redis-password
{{- else }}
name: {{ .Values.externalRedis.existingSecret }}
key: {{ .Values.externalRedis.existingSecretPasswordKey }}
{{- end -}}
{{- end }}
{{- with .Values.synapse.extraEnv }}
{{- . | toYaml | nindent 12 }}

View file

@ -73,7 +73,7 @@ spec:
{{- with $config.extraCommands | default $default.extraCommands }}
{{ range . }}
{{ . }}
{{ . | nindent 14 }}
{{- end }}
{{- end }}
{{- end }}
@ -83,19 +83,29 @@ spec:
-c /synapse/config/conf.d/ \
-c /synapse/config/{{ $name }}.worker
env:
{{- if $.Values.postgresql.enabled }}
{{- if or $.Values.postgresql.enabled $.Values.externalPostgresql.existingSecret }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
{{- if $.Values.postgresql.enabled }}
name: {{ $.Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }}
key: postgresql-password
{{- else }}
name: {{ $.Values.externalPostgresql.existingSecret }}
key: {{ $.Values.externalPostgresql.existingSecretPasswordKey }}
{{- end }}
{{- end }}
{{- if and $.Values.redis.enabled (default $.Values.redis.usePassword true) }}
{{- if or (and $.Values.redis.enabled (default $.Values.redis.usePassword true)) $.Values.externalRedis.existingSecret }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
{{- if $.Values.redis.enabled }}
name: {{ $.Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" $) }}
key: redis-password
{{- else }}
name: {{ $.Values.externalRedis.existingSecret }}
key: {{ $.Values.externalRedis.existingSecretPasswordKey }}
{{- end -}}
{{- end }}
{{- with $config.extraEnv | default $default.extraEnv }}
{{- . | toYaml | nindent 12 }}

View file

@ -619,6 +619,13 @@ externalPostgresql:
port: 5432
username: synapse
# password: synapse
## The name of an existing secret with postgresql credentials
#existingSecret: postgres-secrets
## Password key to be retrieved from existing secret
#existingSecretPasswordKey: postgres-password
database: synapse
# sslmode: prefer
@ -661,6 +668,12 @@ externalRedis:
port: 6379
# password: synapse
## The name of an existing secret with redis credentials
#existingSecret: redis-secrets
## Password key to be retrieved from existing secret
#existingSecretPasswordKey: redis-password
## Persistence configuration for the media repository function.
## This PVC will be mounted in either Synapse or a media_repo worker.
##