synatainer: Switch to passfiles throughout

2022-09-06 18:27:07 +02:00 · 2022-09-06 18:27:07 +02:00 · e04825a689
commit e04825a689
parent fe6651297e
5 changed files with 31 additions and 14 deletions
--- a/charts/synatainer/Chart.yaml
+++ b/charts/synatainer/Chart.yaml
@ -5,7 +5,7 @@ description: Synapse Maintenance Container
 home: https://gitlab.com/mb-saces/synatainer
 type: application

-version: 1.1.1
+version: 1.1.2
 appVersion: 0.4.2

 maintainers:
--- a/charts/synatainer/templates/_helpers.tpl
+++ b/charts/synatainer/templates/_helpers.tpl
@ -50,6 +50,10 @@ app.kubernetes.io/name: {{ include "synatainer.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}

-{{- define "synatainer.pgpassword" -}}
-{{- printf "%s:%s:%s:%s" (required "You need to specify a postgres host" .Values.postgresql.host) (.Values.postgresql.port | default 5432 | toString) (.Values.postgresql.database | default "synapse") (.Values.postgresql.username | default "synapse") (required "You need to specify a postgres password" .Values.postgresql.password) }}
+{{- define "synatainer.mxtoken" -}}
+{{- printf "*|*|*|%s" (required "You need to specify a synapse token" .Values.synapse.token) }}
+{{- end }}
+
+{{- define "synatainer.pgpassword" -}}
+{{- printf "%s:%s:%s:%s:%s" (required "You need to specify a postgres host" .Values.postgresql.host) (.Values.postgresql.port | default 5432 | toString) (.Values.postgresql.database | default "synapse") (.Values.postgresql.username | default "synapse") (required "You need to specify a postgres password" .Values.postgresql.password) }}
 {{- end }}
--- a/charts/synatainer/templates/config.yaml
+++ b/charts/synatainer/templates/config.yaml
@ -8,6 +8,11 @@ metadata:
 data:
  SYNAPSE_HOST: {{ .Values.synapse.url | default "http://matrix-synapse:8008" | quote }}

+  DB_HOST: {{ .Values.postgresql.host | quote }}
+  DB_PORT: {{ .Values.postgresql.port | default 5432 | quote }}
+  DB_NAME: {{ .Values.postgresql.database | default "synapse" | quote }}
+  DB_USER: {{ .Values.postgresql.username | default "synapse" | quote }}
+
 {{- range $key, $val := .Values.extraEnv }}
  {{ $key }}: {{ $val | toString | quote }}
 {{- end -}}
--- a/charts/synatainer/templates/deployment.yaml
+++ b/charts/synatainer/templates/deployment.yaml
@ -6,6 +6,7 @@ metadata:
  labels:
    {{- include "synatainer.labels" . | nindent 4 }}
 spec:
+  replicas: 1
  selector:
    matchLabels:
      {{- include "synatainer.selectorLabels" . | nindent 6 }}
@ -13,10 +14,10 @@ spec:
    type: Recreate
  template:
    metadata:
-      {{- with .Values.podAnnotations }}
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
        checksum/secrets: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
@ -33,14 +34,17 @@ spec:
            - sh
            - -c
            - |
+              cp /tmp/mxtoken /conf/
              cp /tmp/pgpassword /conf/
              exec /entrypoint.sh
          name: {{ .Chart.Name }}
          envFrom:
            - configMapRef:
                name: {{ include "synatainer.fullname" . }}
+          {{- if .Values.extraSecrets }}
            - secretRef:
                name: {{ include "synatainer.fullname" . }}
+          {{- end }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@ -50,9 +54,12 @@ spec:
          volumeMounts:
            - name: emptydir
              mountPath: /conf
-            - name: pgpassword
+            - name: tokens
              mountPath: /tmp/pgpassword
              subPath: pgpassword
+            - name: tokens
+              mountPath: /tmp/mxtoken
+              subPath: mxtoken
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@ -66,9 +73,9 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
-        - name: pgpassword
+        - name: tokens
          secret:
-            secretName: {{ include "synatainer.fullname" . }}-pgpass
+            secretName: {{ include "synatainer.fullname" . }}-tokens
            defaultMode: 0600
        - name: emptydir
          emptyDir: {}
--- a/charts/synatainer/templates/secret.yaml
+++ b/charts/synatainer/templates/secret.yaml
@ -2,21 +2,22 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "synatainer.fullname" . }}-pgpass
+  name: {{ include "synatainer.fullname" . }}-tokens
  labels:
    {{- include "synatainer.labels" . | nindent 4 }}
 data:
  pgpassword: {{ include "synatainer.pgpassword" . | b64enc }}
+  mxtoken: {{ include "synatainer.mxtoken" . | b64enc }}
+{{- with .Values.extraSecrets }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "synatainer.fullname" . }}
+  name: {{ include "synatainer.fullname" $ }}
  labels:
-    {{- include "synatainer.labels" . | nindent 4 }}
+    {{- include "synatainer.labels" $ | nindent 4 }}
 data:
-  BEARER_TOKEN: {{ required "You need to specify a synapse token" .Values.synapse.token | toString | b64enc }}
-
-{{- range $key, $val := .Values.extraSecrets }}
+{{-   range $key, $val := . }}
  {{ $key }}: {{ $val | toString | b64enc }}
 {{-   end -}}
+{{- end }}