-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from jessebot/fix-deployment-to-grab-secret
Use env vars secret in deployment; update ci/cd; add readme
- Loading branch information
Showing
11 changed files
with
222 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,7 @@ name: Lint and Test Chart | |
on: | ||
pull_request: | ||
paths: | ||
- 'charts/matrix/**' | ||
- 'charts/matrix-sliding-sync/**' | ||
|
||
permissions: | ||
contents: read | ||
|
@@ -24,7 +24,6 @@ jobs: | |
- name: Add dependency chart repos | ||
run: | | ||
helm repo add bitnami https://charts.bitnami.com/bitnami | ||
helm repo add coturn https://small-hack.github.io/coturn-chart | ||
- name: Set up chart-testing | ||
uses: helm/[email protected] | ||
|
@@ -49,4 +48,4 @@ jobs: | |
- name: Run chart-testing (install) | ||
id: install | ||
if: steps.list-changed.outputs.changed == 'true' | ||
run: ct install --target-branch ${{ github.event.repository.default_branch }} | ||
run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args '--set=postgresql.volumePermissions.enabled=false --set=postgresql.primary.networkPolicy.enabled=false' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,20 @@ | ||
# matrix sliding-sync helm chart | ||
# Matrix Sliding Sync helm chart | ||
|
||
This is a helm chart implementing [matrix-org/sliding-sync](https://github.com/matrix-org/sliding-sync/tree/main). | ||
<a href="https://github.com/small-hack/matrix-sliding-sync-chart/releases"><img src="https://img.shields.io/github/v/release/small-hack/matrix-sliding-sync-chart?style=plastic&labelColor=blue&color=green&logo=GitHub&logoColor=white"></a> | ||
|
||
This is a helm chart implementing [matrix-org/sliding-sync](https://github.com/matrix-org/sliding-sync/tree/main) for deployment on Kubernetes. It was originally designed for use as a subchart for [small-hack/matrix-chart](https://github.com/small-hack/matrix-chart), but it can be used stand alone as well. | ||
|
||
See the [`README.md`](https://github.com/small-hack/matrix-sliding-sync-chart/blob/main/charts/matrix/README.md) for docs auto-generated from the [`values.yaml`](https://github.com/small-hack/matrix-sliding-sync-chart/blob/main/charts/matrix/values.yaml). | ||
|
||
Read through the parameters and modify them locally before installing the chart: | ||
|
||
```bash | ||
# add the helm repo locally | ||
helm repo add matrix-sliding-sync https://small-hack.github.io/matrix-sliding-sync-chart | ||
|
||
# downloads the values.yaml locally | ||
helm show values matrix-sliding-sync/matrix-sliding-sync > values.yaml | ||
|
||
# install the chart | ||
helm install my-release-name matrix-sliding-sync/matrix-sliding-sync --values values.yaml | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,15 @@ | ||
# matrix-sliding-sync | ||
|
||
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.99.17](https://img.shields.io/badge/AppVersion-v0.99.17-informational?style=flat-square) | ||
![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.99.17](https://img.shields.io/badge/AppVersion-v0.99.17-informational?style=flat-square) | ||
|
||
A Helm chart for Kubernetes | ||
|
||
## Maintainers | ||
|
||
| Name | Email | Url | | ||
| ---- | ------ | --- | | ||
| jessebot | | <https://github.com/jessebot> | | ||
|
||
## Requirements | ||
|
||
| Repository | Name | Version | | ||
|
@@ -19,11 +25,11 @@ A Helm chart for Kubernetes | |
| autoscaling.maxReplicas | int | `100` | | | ||
| autoscaling.minReplicas | int | `1` | | | ||
| autoscaling.targetCPUUtilizationPercentage | int | `80` | | | ||
| externalDatabase.database | string | `"matrix"` | name of the database to try and connect to | | ||
| externalDatabase.database | string | `"matrix-sliding-sync"` | name of the database to try and connect to | | ||
| externalDatabase.enabled | bool | `false` | enable using an external database *instead of* the Bitnami PostgreSQL sub-chart if externalDatabase.enabled is set to true, postgresql.enabled must be set to false | | ||
| externalDatabase.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials | | ||
| externalDatabase.hostname | string | `""` | hostname of db server. Can be left blank if using postgres subchart | | ||
| externalDatabase.password | string | `"changeme"` | password of matrix postgres user - ignored using exsitingSecret | | ||
| externalDatabase.password | string | `"changeme"` | password of matrix-sliding-sync postgres user - ignored using exsitingSecret | | ||
| externalDatabase.port | int | `5432` | which port to use to connect to your database server | | ||
| externalDatabase.secretKeys.adminPasswordKey | string | `"postgresPassword"` | key in existingSecret with the admin postgresql password | | ||
| externalDatabase.secretKeys.database | string | `"database"` | key in existingSecret with name of the database | | ||
|
@@ -34,7 +40,7 @@ A Helm chart for Kubernetes | |
| externalDatabase.sslkey | string | `""` | optional: tls/ssl key for postgresql connections | | ||
| externalDatabase.sslmode | string | `""` | sslmode to use, example: verify-full | | ||
| externalDatabase.sslrootcert | string | `""` | optional: tls/ssl root cert for postgresql connections | | ||
| externalDatabase.username | string | `"matrix"` | username of matrix postgres user | | ||
| externalDatabase.username | string | `"matrix-sliding-sync"` | username of matrix-sliding-sync postgres user | | ||
| fullnameOverride | string | `""` | | | ||
| image.pullPolicy | string | `"IfNotPresent"` | | | ||
| image.repository | string | `"ghcr.io/matrix-org/sliding-sync"` | | | ||
|
@@ -56,14 +62,14 @@ A Helm chart for Kubernetes | |
| podSecurityContext | object | `{}` | | | ||
| postgresql.enabled | bool | `true` | Whether to deploy the Bitnami Postgresql sub chart If postgresql.enabled is set to true, externalDatabase.enabled must be set to false else if externalDatabase.enabled is set to true, postgresql.enabled must be set to false | | ||
| postgresql.global.postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials | | ||
| postgresql.global.postgresql.auth.password | string | `"changeme"` | password of matrix postgres user - ignored using exsitingSecret | | ||
| postgresql.global.postgresql.auth.password | string | `"changeme"` | password of matrix-sliding-sync postgres user - ignored using exsitingSecret | | ||
| postgresql.global.postgresql.auth.port | int | `5432` | which port to use to connect to your database server | | ||
| postgresql.global.postgresql.auth.secretKeys.adminPasswordKey | string | `"postgresPassword"` | key in existingSecret with the admin postgresql password | | ||
| postgresql.global.postgresql.auth.secretKeys.database | string | `"database"` | key in existingSecret with name of the database | | ||
| postgresql.global.postgresql.auth.secretKeys.databaseHostname | string | `"hostname"` | key in existingSecret with hostname of the database | | ||
| postgresql.global.postgresql.auth.secretKeys.databaseUsername | string | `"username"` | key in existingSecret with username for matrix to connect to db | | ||
| postgresql.global.postgresql.auth.secretKeys.userPasswordKey | string | `"password"` | key in existingSecret with password for matrix to connect to db | | ||
| postgresql.global.postgresql.auth.username | string | `"matrix-sliding-sync"` | username of matrix postgres user | | ||
| postgresql.global.postgresql.auth.secretKeys.databaseUsername | string | `"username"` | key in existingSecret with username for matrix-sliding-sync to connect to db | | ||
| postgresql.global.postgresql.auth.secretKeys.userPasswordKey | string | `"password"` | key in existingSecret with password for matrix-sliding-sync to connect to db | | ||
| postgresql.global.postgresql.auth.username | string | `"matrix-sliding-sync"` | username of matrix-sliding-sync postgres user | | ||
| postgresql.primary.initdb | object | `{"scriptsConfigMap":"{{ .Release.Name }}-postgresql-initdb"}` | run the scripts in templates/postgresql/initdb-configmap.yaml If using an external Postgres server, make sure to configure the database ref: https://github.com/matrix-org/synapse/blob/master/docs/postgres.md | | ||
| postgresql.primary.persistence | object | `{"enabled":false,"size":"8Gi"}` | persistent volume claim configuration for postgresql to persist data | | ||
| postgresql.primary.persistence.enabled | bool | `false` | Enable PostgreSQL Primary data persistence using PVC | | ||
|
@@ -84,16 +90,18 @@ A Helm chart for Kubernetes | |
| serviceAccount.create | bool | `true` | | | ||
| serviceAccount.name | string | `""` | | | ||
| syncv3.bindaddr | string | `"0.0.0.0:8008"` | SYNCV3_BINDADDR - The interface and port to listen on. (Supports unix socket: /path/to/socket) | | ||
| syncv3.db | string | `""` | SYNCV3_DB - Required. The postgres connection string: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING | | ||
| syncv3.log_level | string | `"info"` | SYNCV3_LOG_LEVEL - The level of verbosity for messages logged. Available values are trace, debug, info, warn, error and fatal | | ||
| syncv3.max_db_conn | string | `""` | SYNCV3_MAX_DB_CONN - Default: unset. Max database connections to use when communicating with postgres. Unset or 0 means no limit. | | ||
| syncv3.otlp_password | string | `""` | SYNCV3_OTLP_PASSWORD - Default: unset. The OTLP password for Basic auth. If unset, does not send an Authorization header. | | ||
| syncv3.otlp_url | string | `""` | SYNCV3_OTLP_URL - Default: unset. The OTLP HTTP URL to send spans to e.g https://localhost:4318 - if unset does not send OTLP traces. | | ||
| syncv3.otlp_username | string | `""` | SYNCV3_OTLP_USERNAME - Default: unset. The OTLP username for Basic auth. If unset, does not send an Authorization header. | | ||
| syncv3.db | object | `{"dbname":"matrix-sliding-sync","existingSecret":"","host":"","password":"","sslmode":"disable","user":"matrix-sliding-sync"}` | templates out SYNCV3_DB which is a postgres connection string: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING like this: user=$(whoami) dbname=syncv3 sslmode=disable host=host.docker.internal password='DATABASE_PASSWORD_HERE' | | ||
| syncv3.existingSecret | string | `""` | existing kubernetes secret for ALL syncv3 env vars listed below. if set, ignores all values below, everything under syncv3 including syncv3.db and syncvc.otlp. | | ||
| syncv3.logLevel | string | `"info"` | SYNCV3_LOG_LEVEL - The level of verbosity for messages logged. Available values are trace, debug, info, warn, error and fatal | | ||
| syncv3.maxDbConn | string | `""` | SYNCV3_MAX_DB_CONN - Default: unset. Max database connections to use when communicating with postgres. Unset or 0 means no limit. | | ||
| syncv3.otlp.existingSecret | string | `nil` | | | ||
| syncv3.otlp.password | string | `""` | SYNCV3_OTLP_PASSWORD - Default: unset. The OTLP password for Basic auth. If unset, does not send an Authorization header. | | ||
| syncv3.otlp.url | string | `""` | SYNCV3_OTLP_URL - Default: unset. The OTLP HTTP URL to send spans to e.g https://localhost:4318 - if unset does not send OTLP traces. | | ||
| syncv3.otlp.username | string | `""` | SYNCV3_OTLP_USERNAME - Default: unset. The OTLP username for Basic auth. If unset, does not send an Authorization header. | | ||
| syncv3.pprof | string | `""` | SYNCV3_PPROF - Default: unset. The bind addr for pprof debugging e.g ':6060'. If not set, does not listen. | | ||
| syncv3.prom | string | `""` | SYNCV3_PROM - Default: unset. The bind addr for Prometheus metrics, which will be accessible at /metrics at this address. | | ||
| syncv3.secret | string | `""` | SYNCV3_SECRET - Required. A secret to use to encrypt access tokens. Must remain the same for the lifetime of the database. | | ||
| syncv3.sentry_dsn | string | `""` | SYNCV3_SENTRY_DSN - Default: unset. The Sentry DSN to report events to e.g https://[email protected]/123 - if unset does not send sentry events. | | ||
| syncv3.sentryDsn | string | `""` | SYNCV3_SENTRY_DSN - Default: unset. The Sentry DSN to report events to e.g https://[email protected]/123 - if unset does not send sentry events. | | ||
| syncv3.server | string | `""` | SYNCV3_SERVER - Required. The destination homeserver to talk to (CS API HTTPS URL) e.g 'https://matrix-client.matrix.org' (Supports unix socket: /path/to/socket) | | ||
| syncv3.tlsCert | string | `""` | SYNCV3_TLS_CERT - Default: unset. Path to a certificate file to serve to HTTPS clients. Specifying this enables TLS on the bound address. | | ||
| syncv3.tlsKey | string | `""` | SYNCV3_TLS_KEY - Default: unset. Path to a key file for the certificate. Must be provided along with the certificate file. | | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
charts/matrix-sliding-sync/templates/initdb-configmap.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{{- if .Values.postgresql.enabled }} | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ include "matrix-sliding-sync.fullname" . }}-postgresql-initdb | ||
labels: | ||
{{ include "matrix-sliding-sync.labels" . | nindent 4}} | ||
data: | ||
matrix.sql: | | ||
CREATE DATABASE matrix ENCODING 'UTF8' LOCALE 'C' TEMPLATE template0 OWNER {{ .Values.postgresql.global.postgresql.auth.username }}; | ||
GRANT ALL PRIVILEGES ON DATABASE matrix-sliding-sync TO {{ .Values.postgresql.global.postgresql.auth.username }}; | ||
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO {{ .Values.postgresql.global.postgresql.auth.username }}; | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.