From 6a969afbcbc21f1e47bef5c79b18f3ae7e124653 Mon Sep 17 00:00:00 2001 From: Nicolas Bonneval Date: Mon, 11 Oct 2021 22:43:35 +0200 Subject: [PATCH] Load external postgresql and redis passwords from existing secrets --- charts/matrix-synapse/Chart.yaml | 2 +- charts/matrix-synapse/templates/_helpers.tpl | 4 ++-- charts/matrix-synapse/templates/deployment.yaml | 14 ++++++++++++-- .../templates/worker-deployment.yaml | 16 +++++++++++++--- charts/matrix-synapse/values.yaml | 13 +++++++++++++ 5 files changed, 41 insertions(+), 8 deletions(-) diff --git a/charts/matrix-synapse/Chart.yaml b/charts/matrix-synapse/Chart.yaml index 6704ddf..a340234 100644 --- a/charts/matrix-synapse/Chart.yaml +++ b/charts/matrix-synapse/Chart.yaml @@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg appVersion: 1.44.0 type: application -version: 2.1.12 +version: 2.1.13-rc-1 maintainers: - name: Alexander Olofsson email: ace@haxalot.com diff --git a/charts/matrix-synapse/templates/_helpers.tpl b/charts/matrix-synapse/templates/_helpers.tpl index de6e027..c7b07d0 100644 --- a/charts/matrix-synapse/templates/_helpers.tpl +++ b/charts/matrix-synapse/templates/_helpers.tpl @@ -170,7 +170,7 @@ Set postgresql password {{- define "matrix-synapse.postgresql.password" -}} {{- if .Values.postgresql.enabled -}} {{- default "" .Values.postgresql.postgresqlPassword }} -{{- else -}} +{{- else if not (and .Values.externalPostgresql.existingSecret .Values.externalPostgresql.existingSecretPasswordKey) -}} {{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }} {{- end -}} {{- end -}} @@ -255,7 +255,7 @@ Set redis password {{- define "matrix-synapse.redis.password" -}} {{- if .Values.redis.enabled -}} {{ .Values.redis.password }} -{{- else -}} +{{- else if .Values.externalRedis.password -}} {{ .Values.externalRedis.password }} {{- end -}} {{- end -}} diff --git a/charts/matrix-synapse/templates/deployment.yaml b/charts/matrix-synapse/templates/deployment.yaml index ffbce2e..9027ebf 100644 --- a/charts/matrix-synapse/templates/deployment.yaml +++ b/charts/matrix-synapse/templates/deployment.yaml @@ -81,19 +81,29 @@ spec: -c /synapse/config/homeserver.yaml \ -c /synapse/config/conf.d/ env: - {{- if .Values.postgresql.enabled }} + {{- if or .Values.postgresql.enabled .Values.externalPostgresql.existingSecret }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.postgresql.enabled }} name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" .) }} key: postgresql-password + {{- else }} + name: {{ .Values.externalPostgresql.existingSecret }} + key: {{ .Values.externalPostgresql.existingSecretPasswordKey }} + {{- end }} {{- end }} - {{- if and .Values.redis.enabled (default .Values.redis.usePassword true) }} + {{- if or (and .Values.redis.enabled (default .Values.redis.usePassword true)) .Values.externalRedis.existingSecret }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.redis.enabled }} name: {{ .Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" .) }} key: redis-password + {{- else }} + name: {{ .Values.externalRedis.existingSecret }} + key: {{ .Values.externalRedis.existingSecretPasswordKey }} + {{- end -}} {{- end }} {{- with .Values.synapse.extraEnv }} {{- . | toYaml | nindent 12 }} diff --git a/charts/matrix-synapse/templates/worker-deployment.yaml b/charts/matrix-synapse/templates/worker-deployment.yaml index fcbb2ba..e18f3e3 100644 --- a/charts/matrix-synapse/templates/worker-deployment.yaml +++ b/charts/matrix-synapse/templates/worker-deployment.yaml @@ -73,7 +73,7 @@ spec: {{- with $config.extraCommands | default $default.extraCommands }} {{ range . }} - {{ . }} + {{ . | nindent 14 }} {{- end }} {{- end }} {{- end }} @@ -83,19 +83,29 @@ spec: -c /synapse/config/conf.d/ \ -c /synapse/config/{{ $name }}.worker env: - {{- if $.Values.postgresql.enabled }} + {{- if or $.Values.postgresql.enabled $.Values.externalPostgresql.existingSecret }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: + {{- if $.Values.postgresql.enabled }} name: {{ $.Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }} key: postgresql-password + {{- else }} + name: {{ $.Values.externalPostgresql.existingSecret }} + key: {{ $.Values.externalPostgresql.existingSecretPasswordKey }} + {{- end }} {{- end }} - {{- if and $.Values.redis.enabled (default $.Values.redis.usePassword true) }} + {{- if or (and $.Values.redis.enabled (default $.Values.redis.usePassword true)) $.Values.externalRedis.existingSecret }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: + {{- if $.Values.redis.enabled }} name: {{ $.Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" $) }} key: redis-password + {{- else }} + name: {{ $.Values.externalRedis.existingSecret }} + key: {{ $.Values.externalRedis.existingSecretPasswordKey }} + {{- end -}} {{- end }} {{- with $config.extraEnv | default $default.extraEnv }} {{- . | toYaml | nindent 12 }} diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml index 8328703..8c90d6e 100644 --- a/charts/matrix-synapse/values.yaml +++ b/charts/matrix-synapse/values.yaml @@ -619,6 +619,13 @@ externalPostgresql: port: 5432 username: synapse # password: synapse + + ## The name of an existing secret with postgresql credentials + #existingSecret: postgres-secrets + + ## Password key to be retrieved from existing secret + #existingSecretPasswordKey: postgres-password + database: synapse # sslmode: prefer @@ -661,6 +668,12 @@ externalRedis: port: 6379 # password: synapse + ## The name of an existing secret with redis credentials + #existingSecret: redis-secrets + + ## Password key to be retrieved from existing secret + #existingSecretPasswordKey: redis-password + ## Persistence configuration for the media repository function. ## This PVC will be mounted in either Synapse or a media_repo worker. ##