pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

matrix-synapse: Better generated secret handling

Browse source 
Should hopefully make the chart even safer for use with tools like Argo
Fixes #38
This commit is contained in:
Alexander Olofsson 2023-03-18 09:48:55 +01:00
parent db32226fb5
commit d8abe3bcc1
No known key found for this signature in database
GPG key ID: D439C9470CB04C73
3 changed files with 18 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/matrix-synapse/Chart.yaml
View file

@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg
appVersion: 1.79.0 appVersion: 1.79.0
type: application type: application
version: 3.2.2 version: 3.2.3
maintainers: maintainers:
- name: Alexander Olofsson - name: Alexander Olofsson
email: ace@haxalot.com email: ace@haxalot.com

17
charts/matrix-synapse/templates/secrets.yaml
View file

@ -86,20 +86,3 @@ stringData:
## Extra secrets ## ## Extra secrets ##
{{ . | toYaml | nindent 4 }} {{ . | toYaml | nindent 4 }}
{{- end }} {{- end }}
{{- if and .Values.signingkey.job.enabled (not .Values.signingkey.existingSecret) }}
{{- $name := include "matrix-synapse.workername" (dict "global" . "worker" "signingkey") }}
{{- if not (lookup "v1" "Secret" .Release.Namespace $name) }}
---
apiVersion: v1
kind: Secret
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/resource-policy: keep
name: {{ $name }}
labels:
{{- include "matrix-synapse.labels" . | nindent 4 }}
app.kubernetes.io/component: signingkey-job
{{- end }}
{{- end }}

17
charts/matrix-synapse/templates/signing-key-job.yaml
View file

@ -131,4 +131,21 @@ spec:
parallelism: 1 parallelism: 1
completions: 1 completions: 1
backoffLimit: 1 backoffLimit: 1
---
apiVersion: v1
kind: Secret
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: never
helm.sh/resource-policy: keep
name: {{ $secretName }}
labels:
{{- include "matrix-synapse.labels" . | nindent 4 }}
app.kubernetes.io/component: signingkey-job
{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
{{ if $secret -}}
data:
signing.key: {{ (b64dec (index $secret.data "signing.key")) | b64enc }}
{{ end -}}
{{- end }} {{- end }}