diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml index 61d2092..095795f 100644 --- a/charts/matrix-synapse/templates/deployment.yaml +++ b/charts/matrix-synapse/templates/deployment.yaml @@ -47,6 +47,7 @@ spec: - | chown {{ .Values.volumePermissions.uid }}:{{ .Values.volumePermissions.gid }} -R /synapse/data image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}" + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} securityContext: diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml index dfbf0b9..958a74b 100644 --- a/charts/matrix-synapse/templates/worker-deployment.yaml +++ b/charts/matrix-synapse/templates/worker-deployment.yaml @@ -39,10 +39,15 @@ spec: {{- if and $needsVolumePermissions (eq $name "media-repository") }} initContainers: - name: volume-permissions - command: ["chown", "-R", "666:666", "/synapse/data"] - image: "{{ $.Values.volumePermissions.repository }}:{{ $.Values.volumePermissions.tag }}" - imagePullPolicy: {{ $.Values.volumePermissions.pullPolicy }} + command: + - sh + - -c + - | + chown {{ $.Values.volumePermissions.uid }}:{{ $.Values.volumePermissions.gid }} -R /synapse/data + image: "{{ $.Values.volumePermissions.image.repository }}:{{ $.Values.volumePermissions.image.tag }}" + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy }} securityContext: + runAsNonRoot: false runAsUser: 0 resources: {{ $.Values.volumePermissions.resources | toYaml | nindent 12 }} volumeMounts: @@ -60,6 +65,15 @@ spec: -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ > /synapse/config/conf.d/secrets.yaml + {{- if (or $config.extraCommands $default.extraCommands) }} + + {{- with $config.extraCommands | default $default.extraCommands }} + {{ range . }} + {{ . }} + {{- end }} + {{- end }} + {{- end }} + exec python -B -m synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $worker }} \ -c /synapse/config/homeserver.yaml \ -c /synapse/config/conf.d/ \ diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index b30142b..d809921 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -220,14 +220,14 @@ synapse: ## Liveness probe configuration to use ## - livenessProbe: + livenessProbe: httpGet: path: /health port: http ## Readiness probe configuration to use ## - readinessProbe: + readinessProbe: httpGet: path: /health port: http @@ -262,8 +262,8 @@ workers: ## A specific name for this worker, can't be set globally. ## Note that this can only be set when replicaCount is 1 - #name: - + #name: + ## Additional configuration to set for the worker, can't be set globally. #extraConfig: {} @@ -288,6 +288,12 @@ workers: volumes: [] volumeMounts: [] + ## Extra commands to run when starting Synapse + ## + extraCommands: [] + # - 'apt-get update -yqq && apt-get install patch -yqq' + # - 'patch -d/usr/local/lib/python3.7/site-packages/synapse -p2 < /synapse/patches/something.patch' + ## Security context information to set to the worker. ## podSecurityContext: {} @@ -314,17 +320,17 @@ workers: # requests: # cpu: 100m # memory: 128Mi - + ## Liveness probe configuration to use ## - livenessProbe: + livenessProbe: httpGet: path: /health port: listener ## Readiness probe configuration to use ## - readinessProbe: + readinessProbe: httpGet: path: /health port: listener