pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

synatainer: Switch to passfiles throughout

Browse source
This commit is contained in:
Alexander Olofsson 2022-09-06 18:27:07 +02:00
parent fe6651297e
commit e04825a689
No known key found for this signature in database
GPG key ID: D439C9470CB04C73
5 changed files with 31 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/synatainer/Chart.yaml
View file

@ -5,7 +5,7 @@ description: Synapse Maintenance Container
home: https://gitlab.com/mb-saces/synatainer home: https://gitlab.com/mb-saces/synatainer
type: application type: application
version: 1.1.1 version: 1.1.2
appVersion: 0.4.2 appVersion: 0.4.2
maintainers: maintainers:

8
charts/synatainer/templates/_helpers.tpl
View file

@ -50,6 +50,10 @@ app.kubernetes.io/name: {{ include "synatainer.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }} {{- end }}
{{- define "synatainer.pgpassword" -}} {{- define "synatainer.mxtoken" -}}
{{- printf "%s:%s:%s:%s" (required "You need to specify a postgres host" .Values.postgresql.host) (.Values.postgresql.port | default 5432 | toString) (.Values.postgresql.database | default "synapse") (.Values.postgresql.username | default "synapse") (required "You need to specify a postgres password" .Values.postgresql.password) }} {{- printf "*|*|*|%s" (required "You need to specify a synapse token" .Values.synapse.token) }}
{{- end }}
{{- define "synatainer.pgpassword" -}}
{{- printf "%s:%s:%s:%s:%s" (required "You need to specify a postgres host" .Values.postgresql.host) (.Values.postgresql.port | default 5432 | toString) (.Values.postgresql.database | default "synapse") (.Values.postgresql.username | default "synapse") (required "You need to specify a postgres password" .Values.postgresql.password) }}
{{- end }} {{- end }}

5
charts/synatainer/templates/config.yaml
View file

@ -8,6 +8,11 @@ metadata:
data: data:
SYNAPSE_HOST: {{ .Values.synapse.url | default "http://matrix-synapse:8008" | quote }} SYNAPSE_HOST: {{ .Values.synapse.url | default "http://matrix-synapse:8008" | quote }}
DB_HOST: {{ .Values.postgresql.host | quote }}
DB_PORT: {{ .Values.postgresql.port | default 5432 | quote }}
DB_NAME: {{ .Values.postgresql.database | default "synapse" | quote }}
DB_USER: {{ .Values.postgresql.username | default "synapse" | quote }}
{{- range $key, $val := .Values.extraEnv }} {{- range $key, $val := .Values.extraEnv }}
{{ $key }}: {{ $val | toString | quote }} {{ $key }}: {{ $val | toString | quote }}
{{- end -}} {{- end -}}

15
charts/synatainer/templates/deployment.yaml
View file

@ -6,6 +6,7 @@ metadata:
labels: labels:
{{- include "synatainer.labels" . | nindent 4 }} {{- include "synatainer.labels" . | nindent 4 }}
spec: spec:
replicas: 1
selector: selector:
matchLabels: matchLabels:
{{- include "synatainer.selectorLabels" . | nindent 6 }} {{- include "synatainer.selectorLabels" . | nindent 6 }}
@ -13,10 +14,10 @@ spec:
type: Recreate type: Recreate
template: template:
metadata: metadata:
{{- with .Values.podAnnotations }}
annotations: annotations:
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
checksum/secrets: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/secrets: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
labels: labels:
@ -33,14 +34,17 @@ spec:
- sh - sh
- -c - -c
- | - |
cp /tmp/mxtoken /conf/
cp /tmp/pgpassword /conf/ cp /tmp/pgpassword /conf/
exec /entrypoint.sh exec /entrypoint.sh
name: {{ .Chart.Name }} name: {{ .Chart.Name }}
envFrom: envFrom:
- configMapRef: - configMapRef:
name: {{ include "synatainer.fullname" . }} name: {{ include "synatainer.fullname" . }}
{{- if .Values.extraSecrets }}
- secretRef: - secretRef:
name: {{ include "synatainer.fullname" . }} name: {{ include "synatainer.fullname" . }}
{{- end }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@ -50,9 +54,12 @@ spec:
volumeMounts: volumeMounts:
- name: emptydir - name: emptydir
mountPath: /conf mountPath: /conf
- name: pgpassword - name: tokens
mountPath: /tmp/pgpassword mountPath: /tmp/pgpassword
subPath: pgpassword subPath: pgpassword
- name: tokens
mountPath: /tmp/mxtoken
subPath: mxtoken
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@ -66,9 +73,9 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
volumes: volumes:
- name: pgpassword - name: tokens
secret: secret:
secretName: {{ include "synatainer.fullname" . }}-pgpass secretName: {{ include "synatainer.fullname" . }}-tokens
defaultMode: 0600 defaultMode: 0600
- name: emptydir - name: emptydir
emptyDir: {} emptyDir: {}

13
charts/synatainer/templates/secret.yaml
View file

@ -2,21 +2,22 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "synatainer.fullname" . }}-pgpass name: {{ include "synatainer.fullname" . }}-tokens
labels: labels:
{{- include "synatainer.labels" . | nindent 4 }} {{- include "synatainer.labels" . | nindent 4 }}
data: data:
pgpassword: {{ include "synatainer.pgpassword" . | b64enc }} pgpassword: {{ include "synatainer.pgpassword" . | b64enc }}
mxtoken: {{ include "synatainer.mxtoken" . | b64enc }}
{{- with .Values.extraSecrets }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "synatainer.fullname" . }} name: {{ include "synatainer.fullname" $ }}
labels: labels:
{{- include "synatainer.labels" . | nindent 4 }} {{- include "synatainer.labels" $ | nindent 4 }}
data: data:
BEARER_TOKEN: {{ required "You need to specify a synapse token" .Values.synapse.token | toString | b64enc }} {{- range $key, $val := . }}
{{- range $key, $val := .Values.extraSecrets }}
{{ $key }}: {{ $val | toString | b64enc }} {{ $key }}: {{ $val | toString | b64enc }}
{{- end -}} {{- end -}}
{{- end }}