From e04825a689a9d6bb8ae9b2957b6cdd0a1d374757 Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <ace@haxalot.com>
Date: Tue, 6 Sep 2022 18:27:07 +0200
Subject: [PATCH] synatainer: Switch to passfiles throughout

---
 charts/synatainer/Chart.yaml                |  2 +-
 charts/synatainer/templates/_helpers.tpl    |  8 ++++++--
 charts/synatainer/templates/config.yaml     |  5 +++++
 charts/synatainer/templates/deployment.yaml | 15 +++++++++++----
 charts/synatainer/templates/secret.yaml     | 15 ++++++++-------
 5 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/charts/synatainer/Chart.yaml b/charts/synatainer/Chart.yaml
index 8c1c26a..d7a7d61 100644
--- a/charts/synatainer/Chart.yaml
+++ b/charts/synatainer/Chart.yaml
@@ -5,7 +5,7 @@ description: Synapse Maintenance Container
 home: https://gitlab.com/mb-saces/synatainer
 type: application
 
-version: 1.1.1
+version: 1.1.2
 appVersion: 0.4.2
 
 maintainers:
diff --git a/charts/synatainer/templates/_helpers.tpl b/charts/synatainer/templates/_helpers.tpl
index e4bc088..bd4585c 100644
--- a/charts/synatainer/templates/_helpers.tpl
+++ b/charts/synatainer/templates/_helpers.tpl
@@ -50,6 +50,10 @@ app.kubernetes.io/name: {{ include "synatainer.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
-{{- define "synatainer.pgpassword" -}}
-{{- printf "%s:%s:%s:%s" (required "You need to specify a postgres host" .Values.postgresql.host) (.Values.postgresql.port | default 5432 | toString) (.Values.postgresql.database | default "synapse") (.Values.postgresql.username | default "synapse") (required "You need to specify a postgres password" .Values.postgresql.password) }}
+{{- define "synatainer.mxtoken" -}}
+{{- printf "*|*|*|%s" (required "You need to specify a synapse token" .Values.synapse.token) }}
+{{- end }}
+
+{{- define "synatainer.pgpassword" -}}
+{{- printf "%s:%s:%s:%s:%s" (required "You need to specify a postgres host" .Values.postgresql.host) (.Values.postgresql.port | default 5432 | toString) (.Values.postgresql.database | default "synapse") (.Values.postgresql.username | default "synapse") (required "You need to specify a postgres password" .Values.postgresql.password) }}
 {{- end }}
diff --git a/charts/synatainer/templates/config.yaml b/charts/synatainer/templates/config.yaml
index 4a78b18..2402484 100644
--- a/charts/synatainer/templates/config.yaml
+++ b/charts/synatainer/templates/config.yaml
@@ -8,6 +8,11 @@ metadata:
 data:
   SYNAPSE_HOST: {{ .Values.synapse.url | default "http://matrix-synapse:8008" | quote }}
 
+  DB_HOST: {{ .Values.postgresql.host | quote }}
+  DB_PORT: {{ .Values.postgresql.port | default 5432 | quote }}
+  DB_NAME: {{ .Values.postgresql.database | default "synapse" | quote }}
+  DB_USER: {{ .Values.postgresql.username | default "synapse" | quote }}
+
 {{- range $key, $val := .Values.extraEnv }}
   {{ $key }}: {{ $val | toString | quote }}
 {{- end -}}
diff --git a/charts/synatainer/templates/deployment.yaml b/charts/synatainer/templates/deployment.yaml
index 8f42972..59274f2 100644
--- a/charts/synatainer/templates/deployment.yaml
+++ b/charts/synatainer/templates/deployment.yaml
@@ -6,6 +6,7 @@ metadata:
   labels:
     {{- include "synatainer.labels" . | nindent 4 }}
 spec:
+  replicas: 1
   selector:
     matchLabels:
       {{- include "synatainer.selectorLabels" . | nindent 6 }}
@@ -13,10 +14,10 @@ spec:
     type: Recreate
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
         checksum/secrets: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
@@ -33,14 +34,17 @@ spec:
             - sh
             - -c
             - |
+              cp /tmp/mxtoken /conf/
               cp /tmp/pgpassword /conf/
               exec /entrypoint.sh
           name: {{ .Chart.Name }}
           envFrom:
             - configMapRef:
                 name: {{ include "synatainer.fullname" . }}
+          {{- if .Values.extraSecrets }}
             - secretRef:
                 name: {{ include "synatainer.fullname" . }}
+          {{- end }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -50,9 +54,12 @@ spec:
           volumeMounts:
             - name: emptydir
               mountPath: /conf
-            - name: pgpassword
+            - name: tokens
               mountPath: /tmp/pgpassword
               subPath: pgpassword
+            - name: tokens
+              mountPath: /tmp/mxtoken
+              subPath: mxtoken
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -66,9 +73,9 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
-        - name: pgpassword
+        - name: tokens
           secret:
-            secretName: {{ include "synatainer.fullname" . }}-pgpass
+            secretName: {{ include "synatainer.fullname" . }}-tokens
             defaultMode: 0600
         - name: emptydir
           emptyDir: {}
diff --git a/charts/synatainer/templates/secret.yaml b/charts/synatainer/templates/secret.yaml
index 989969d..2421e5a 100644
--- a/charts/synatainer/templates/secret.yaml
+++ b/charts/synatainer/templates/secret.yaml
@@ -2,21 +2,22 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "synatainer.fullname" . }}-pgpass
+  name: {{ include "synatainer.fullname" . }}-tokens
   labels:
     {{- include "synatainer.labels" . | nindent 4 }}
 data:
   pgpassword: {{ include "synatainer.pgpassword" . | b64enc }}
+  mxtoken: {{ include "synatainer.mxtoken" . | b64enc }}
+{{- with .Values.extraSecrets }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "synatainer.fullname" . }}
+  name: {{ include "synatainer.fullname" $ }}
   labels:
-    {{- include "synatainer.labels" . | nindent 4 }}
+    {{- include "synatainer.labels" $ | nindent 4 }}
 data:
-  BEARER_TOKEN: {{ required "You need to specify a synapse token" .Values.synapse.token | toString | b64enc }}
-
-{{- range $key, $val := .Values.extraSecrets }}
+{{-   range $key, $val := . }}
   {{ $key }}: {{ $val | toString | b64enc }}
-{{- end -}}
+{{-   end -}}
+{{- end }}