matrix-synapse: Improve first install experience

Now runs the signing key generation job as a pre-install hook, to avoid
creating an initial matrix-synapse pod that can't run due to missing the
signing key.

charts/matrix-synapse/templates/NOTES.txt

@@ -1,4 +1,7 @@
 ** Note, this chart may take a while to finish setup, please be patient **
+{{- if .Values.signingkey.job.enabled }}
+** Also, remember to disable the signingkey job (signingkey.job.enabled=false) **
+{{- end }}
 {{- if not .Values.ingress.enabled }}
 
 Synapse has been installed without an ingress, you will need to manage

charts/matrix-synapse/templates/configuration-scripts.yaml

@@ -5,5 +5,7 @@ metadata:
   name: {{ include "matrix-synapse.fullname" . }}-scripts
   labels:
     {{- include "matrix-synapse.labels" . | nindent 4 }}
+  annotations:
+    helm.sh/hook: pre-install
 data:
 {{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }}

charts/matrix-synapse/templates/secrets.yaml

@@ -95,6 +95,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   annotations:
+    helm.sh/hook: pre-install
     helm.sh/resource-policy: keep
   name: {{ $name }}
   labels:

charts/matrix-synapse/templates/signing-key-job.yaml

@@ -12,6 +12,9 @@ metadata:
   labels:
     {{- include "matrix-synapse.labels" . | nindent 4 }}
     app.kubernetes.io/component: signingkey-job
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/hook-delete-policy: hook-succeeded
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -20,6 +23,9 @@ metadata:
   labels:
     {{- include "matrix-synapse.labels" . | nindent 4 }}
     app.kubernetes.io/component: signingkey-job
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/hook-delete-policy: hook-succeeded
 rules:
   - apiGroups:
       - ""
@@ -39,6 +45,9 @@ metadata:
   labels:
     {{- include "matrix-synapse.labels" . | nindent 4 }}
     app.kubernetes.io/component: signingkey-job
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/hook-delete-policy: hook-succeeded
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -55,8 +64,10 @@ metadata:
   labels:
     {{- include "matrix-synapse.labels" . | nindent 4 }}
     app.kubernetes.io/component: signingkey-job
-  {{- with .Values.signingkey.job.annotations }}
   annotations:
+    helm.sh/hook: pre-install
+    helm.sh/hook-delete-policy: hook-succeeded
+  {{- with .Values.signingkey.job.annotations }}
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec: