diff --git a/.github/workflows/cd-helm-release.yml b/.github/workflows/cd-helm-release.yml index e066419..6a2fadf 100644 --- a/.github/workflows/cd-helm-release.yml +++ b/.github/workflows/cd-helm-release.yml @@ -32,8 +32,7 @@ jobs: - name: Add dependency chart repos run: | - helm repo add coturn https://small-hack.github.io/coturn-chart/ - helm dep update charts/matrix + helm dep update charts/matrix-sliding-sync - name: Run chart-releaser id: helm-release diff --git a/.github/workflows/ci-helm-lint-test.yml b/.github/workflows/ci-helm-lint-test.yml index f4caeba..0489bb5 100644 --- a/.github/workflows/ci-helm-lint-test.yml +++ b/.github/workflows/ci-helm-lint-test.yml @@ -3,7 +3,7 @@ name: Lint and Test Chart on: pull_request: paths: - - 'charts/matrix/**' + - 'charts/matrix-sliding-sync/**' permissions: contents: read @@ -24,7 +24,6 @@ jobs: - name: Add dependency chart repos run: | helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add coturn https://small-hack.github.io/coturn-chart - name: Set up chart-testing uses: helm/chart-testing-action@v2.6.1 @@ -49,4 +48,4 @@ jobs: - name: Run chart-testing (install) id: install if: steps.list-changed.outputs.changed == 'true' - run: ct install --target-branch ${{ github.event.repository.default_branch }} + run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args '--set=postgresql.volumePermissions.enabled=false --set=postgresql.primary.networkPolicy.enabled=false' diff --git a/README.md b/README.md index 05d8736..8cffdc6 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,20 @@ -# matrix sliding-sync helm chart +# Matrix Sliding Sync helm chart -This is a helm chart implementing [matrix-org/sliding-sync](https://github.com/matrix-org/sliding-sync/tree/main). + + +This is a helm chart implementing [matrix-org/sliding-sync](https://github.com/matrix-org/sliding-sync/tree/main) for deployment on Kubernetes. It was originally designed for use as a subchart for [small-hack/matrix-chart](https://github.com/small-hack/matrix-chart), but it can be used stand alone as well. + +See the [`README.md`](https://github.com/small-hack/matrix-sliding-sync-chart/blob/main/charts/matrix/README.md) for docs auto-generated from the [`values.yaml`](https://github.com/small-hack/matrix-sliding-sync-chart/blob/main/charts/matrix/values.yaml). + +Read through the parameters and modify them locally before installing the chart: + +```bash +# add the helm repo locally +helm repo add matrix-sliding-sync https://small-hack.github.io/matrix-sliding-sync-chart + +# downloads the values.yaml locally +helm show values matrix-sliding-sync/matrix-sliding-sync > values.yaml + +# install the chart +helm install my-release-name matrix-sliding-sync/matrix-sliding-sync --values values.yaml +``` diff --git a/charts/matrix-sliding-sync/Chart.yaml b/charts/matrix-sliding-sync/Chart.yaml index 89c8f99..93f9531 100644 --- a/charts/matrix-sliding-sync/Chart.yaml +++ b/charts/matrix-sliding-sync/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -30,3 +30,7 @@ dependencies: version: 15.1.4 repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql.enabled + +maintainers: + - name: jessebot + url: https://github.com/jessebot diff --git a/charts/matrix-sliding-sync/README.md b/charts/matrix-sliding-sync/README.md index 139f7da..5bdc3b1 100644 --- a/charts/matrix-sliding-sync/README.md +++ b/charts/matrix-sliding-sync/README.md @@ -1,9 +1,15 @@ # matrix-sliding-sync -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.99.17](https://img.shields.io/badge/AppVersion-v0.99.17-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.99.17](https://img.shields.io/badge/AppVersion-v0.99.17-informational?style=flat-square) A Helm chart for Kubernetes +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| jessebot | | | + ## Requirements | Repository | Name | Version | @@ -19,11 +25,11 @@ A Helm chart for Kubernetes | autoscaling.maxReplicas | int | `100` | | | autoscaling.minReplicas | int | `1` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| externalDatabase.database | string | `"matrix"` | name of the database to try and connect to | +| externalDatabase.database | string | `"matrix-sliding-sync"` | name of the database to try and connect to | | externalDatabase.enabled | bool | `false` | enable using an external database *instead of* the Bitnami PostgreSQL sub-chart if externalDatabase.enabled is set to true, postgresql.enabled must be set to false | | externalDatabase.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials | | externalDatabase.hostname | string | `""` | hostname of db server. Can be left blank if using postgres subchart | -| externalDatabase.password | string | `"changeme"` | password of matrix postgres user - ignored using exsitingSecret | +| externalDatabase.password | string | `"changeme"` | password of matrix-sliding-sync postgres user - ignored using exsitingSecret | | externalDatabase.port | int | `5432` | which port to use to connect to your database server | | externalDatabase.secretKeys.adminPasswordKey | string | `"postgresPassword"` | key in existingSecret with the admin postgresql password | | externalDatabase.secretKeys.database | string | `"database"` | key in existingSecret with name of the database | @@ -34,7 +40,7 @@ A Helm chart for Kubernetes | externalDatabase.sslkey | string | `""` | optional: tls/ssl key for postgresql connections | | externalDatabase.sslmode | string | `""` | sslmode to use, example: verify-full | | externalDatabase.sslrootcert | string | `""` | optional: tls/ssl root cert for postgresql connections | -| externalDatabase.username | string | `"matrix"` | username of matrix postgres user | +| externalDatabase.username | string | `"matrix-sliding-sync"` | username of matrix-sliding-sync postgres user | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/matrix-org/sliding-sync"` | | @@ -56,14 +62,14 @@ A Helm chart for Kubernetes | podSecurityContext | object | `{}` | | | postgresql.enabled | bool | `true` | Whether to deploy the Bitnami Postgresql sub chart If postgresql.enabled is set to true, externalDatabase.enabled must be set to false else if externalDatabase.enabled is set to true, postgresql.enabled must be set to false | | postgresql.global.postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials | -| postgresql.global.postgresql.auth.password | string | `"changeme"` | password of matrix postgres user - ignored using exsitingSecret | +| postgresql.global.postgresql.auth.password | string | `"changeme"` | password of matrix-sliding-sync postgres user - ignored using exsitingSecret | | postgresql.global.postgresql.auth.port | int | `5432` | which port to use to connect to your database server | | postgresql.global.postgresql.auth.secretKeys.adminPasswordKey | string | `"postgresPassword"` | key in existingSecret with the admin postgresql password | | postgresql.global.postgresql.auth.secretKeys.database | string | `"database"` | key in existingSecret with name of the database | | postgresql.global.postgresql.auth.secretKeys.databaseHostname | string | `"hostname"` | key in existingSecret with hostname of the database | -| postgresql.global.postgresql.auth.secretKeys.databaseUsername | string | `"username"` | key in existingSecret with username for matrix to connect to db | -| postgresql.global.postgresql.auth.secretKeys.userPasswordKey | string | `"password"` | key in existingSecret with password for matrix to connect to db | -| postgresql.global.postgresql.auth.username | string | `"matrix-sliding-sync"` | username of matrix postgres user | +| postgresql.global.postgresql.auth.secretKeys.databaseUsername | string | `"username"` | key in existingSecret with username for matrix-sliding-sync to connect to db | +| postgresql.global.postgresql.auth.secretKeys.userPasswordKey | string | `"password"` | key in existingSecret with password for matrix-sliding-sync to connect to db | +| postgresql.global.postgresql.auth.username | string | `"matrix-sliding-sync"` | username of matrix-sliding-sync postgres user | | postgresql.primary.initdb | object | `{"scriptsConfigMap":"{{ .Release.Name }}-postgresql-initdb"}` | run the scripts in templates/postgresql/initdb-configmap.yaml If using an external Postgres server, make sure to configure the database ref: https://github.com/matrix-org/synapse/blob/master/docs/postgres.md | | postgresql.primary.persistence | object | `{"enabled":false,"size":"8Gi"}` | persistent volume claim configuration for postgresql to persist data | | postgresql.primary.persistence.enabled | bool | `false` | Enable PostgreSQL Primary data persistence using PVC | @@ -84,16 +90,18 @@ A Helm chart for Kubernetes | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | syncv3.bindaddr | string | `"0.0.0.0:8008"` | SYNCV3_BINDADDR - The interface and port to listen on. (Supports unix socket: /path/to/socket) | -| syncv3.db | string | `""` | SYNCV3_DB - Required. The postgres connection string: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING | -| syncv3.log_level | string | `"info"` | SYNCV3_LOG_LEVEL - The level of verbosity for messages logged. Available values are trace, debug, info, warn, error and fatal | -| syncv3.max_db_conn | string | `""` | SYNCV3_MAX_DB_CONN - Default: unset. Max database connections to use when communicating with postgres. Unset or 0 means no limit. | -| syncv3.otlp_password | string | `""` | SYNCV3_OTLP_PASSWORD - Default: unset. The OTLP password for Basic auth. If unset, does not send an Authorization header. | -| syncv3.otlp_url | string | `""` | SYNCV3_OTLP_URL - Default: unset. The OTLP HTTP URL to send spans to e.g https://localhost:4318 - if unset does not send OTLP traces. | -| syncv3.otlp_username | string | `""` | SYNCV3_OTLP_USERNAME - Default: unset. The OTLP username for Basic auth. If unset, does not send an Authorization header. | +| syncv3.db | object | `{"dbname":"matrix-sliding-sync","existingSecret":"","host":"","password":"","sslmode":"disable","user":"matrix-sliding-sync"}` | templates out SYNCV3_DB which is a postgres connection string: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING like this: user=$(whoami) dbname=syncv3 sslmode=disable host=host.docker.internal password='DATABASE_PASSWORD_HERE' | +| syncv3.existingSecret | string | `""` | existing kubernetes secret for ALL syncv3 env vars listed below. if set, ignores all values below, everything under syncv3 including syncv3.db and syncvc.otlp. | +| syncv3.logLevel | string | `"info"` | SYNCV3_LOG_LEVEL - The level of verbosity for messages logged. Available values are trace, debug, info, warn, error and fatal | +| syncv3.maxDbConn | string | `""` | SYNCV3_MAX_DB_CONN - Default: unset. Max database connections to use when communicating with postgres. Unset or 0 means no limit. | +| syncv3.otlp.existingSecret | string | `nil` | | +| syncv3.otlp.password | string | `""` | SYNCV3_OTLP_PASSWORD - Default: unset. The OTLP password for Basic auth. If unset, does not send an Authorization header. | +| syncv3.otlp.url | string | `""` | SYNCV3_OTLP_URL - Default: unset. The OTLP HTTP URL to send spans to e.g https://localhost:4318 - if unset does not send OTLP traces. | +| syncv3.otlp.username | string | `""` | SYNCV3_OTLP_USERNAME - Default: unset. The OTLP username for Basic auth. If unset, does not send an Authorization header. | | syncv3.pprof | string | `""` | SYNCV3_PPROF - Default: unset. The bind addr for pprof debugging e.g ':6060'. If not set, does not listen. | | syncv3.prom | string | `""` | SYNCV3_PROM - Default: unset. The bind addr for Prometheus metrics, which will be accessible at /metrics at this address. | | syncv3.secret | string | `""` | SYNCV3_SECRET - Required. A secret to use to encrypt access tokens. Must remain the same for the lifetime of the database. | -| syncv3.sentry_dsn | string | `""` | SYNCV3_SENTRY_DSN - Default: unset. The Sentry DSN to report events to e.g https://sliding-sync@sentry.example.com/123 - if unset does not send sentry events. | +| syncv3.sentryDsn | string | `""` | SYNCV3_SENTRY_DSN - Default: unset. The Sentry DSN to report events to e.g https://sliding-sync@sentry.example.com/123 - if unset does not send sentry events. | | syncv3.server | string | `""` | SYNCV3_SERVER - Required. The destination homeserver to talk to (CS API HTTPS URL) e.g 'https://matrix-client.matrix.org' (Supports unix socket: /path/to/socket) | | syncv3.tlsCert | string | `""` | SYNCV3_TLS_CERT - Default: unset. Path to a certificate file to serve to HTTPS clients. Specifying this enables TLS on the bound address. | | syncv3.tlsKey | string | `""` | SYNCV3_TLS_KEY - Default: unset. Path to a key file for the certificate. Must be provided along with the certificate file. | diff --git a/charts/matrix-sliding-sync/templates/_helpers.tpl b/charts/matrix-sliding-sync/templates/_helpers.tpl index 672a34c..0bf4baa 100644 --- a/charts/matrix-sliding-sync/templates/_helpers.tpl +++ b/charts/matrix-sliding-sync/templates/_helpers.tpl @@ -60,3 +60,38 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Helper function to get postgres instance name +*/}} +{{- define "postgresql.name" -}} +{{- if .Values.postgresql.enabled -}} +{{ include "matrix-sliding-sync.fullname" . }}-postgresql +{{- end }} +{{- end }} + +{{/* +Helper function to get the postgres secret containing the database credentials +*/}} +{{- define "matrix-sliding-sync.postgresql.secretName" -}} +{{- if and .Values.postgresql.enabled .Values.postgresql.global.postgresql.auth.existingSecret -}} +{{ .Values.postgresql.global.postgresql.auth.existingSecret }} +{{- else if and .Values.externalDatabase.enabled .Values.externalDatabase.existingSecret -}} +{{ .Values.externalDatabase.existingSecret }} +{{- else -}} +{{ template "matrix-sliding-sync.fullname" . }}-db-secret +{{- end }} +{{- end }} + +{{/* +templates out SYNCV3_DB which is a postgres connection string: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING like this: user=$(whoami) dbname=syncv3 sslmode=disable host=host.docker.internal password='DATABASE_PASSWORD_HERE' +*/}} +{{- define "matrix-sliding-sync.dbConnString" -}} +{{- if and .Values.postgresql.enabled (not .Values.syncv3.existingSecret) }} +{{- if .Values.syncv3.db.password }} +{{- printf "user=%s dbname=%s sslmode=%s host=%s password=%s" .Values.syncv3.db.user .Values.syncv3.db.dbname .Values.syncv3.db.sslmode .Values.syncv3.db.host .Values.syncv3.db.password }} +{{- else -}} +{{- printf "user=%s dbname=%s sslmode=%s host=%s" .Values.syncv3.db.user .Values.syncv3.db.dbname .Values.syncv3.db.sslmode .Values.syncv3.db.host }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/matrix-sliding-sync/templates/deployment.yaml b/charts/matrix-sliding-sync/templates/deployment.yaml index a28c04c..352419c 100644 --- a/charts/matrix-sliding-sync/templates/deployment.yaml +++ b/charts/matrix-sliding-sync/templates/deployment.yaml @@ -30,6 +30,40 @@ spec: serviceAccountName: {{ include "matrix-sliding-sync.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.postgresql.enabled }} + - name: postgresql-isready + image: {{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: {{ include "matrix-sliding-sync.postgresql.secretName" . }} + key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.databaseUsername }} + - name: DATABASE_HOSTNAME + {{- if not .Values.postgresql.global.postgresql.auth.existingSecret }} + value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} + {{ else }} + valueFrom: + secretKeyRef: + name: {{ include "matrix-sliding-sync.postgresql.secretName" . }} + key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.databaseHostname }} + {{- end }} + {{- if .Values.postgresql.sslmode }} + - name: PGSSLMODE + value: {{ .Values.postgresql.sslmode }} + - name: PGSSLCERT + value: {{ .Values.postgresql.sslcert }} + - name: PGSSLKEY + value: {{ .Values.postgresql.sslkey }} + - name: PGSSLROOTCERT + value: {{ .Values.postgresql.sslrootcert }} + {{- end }} + command: + - "sh" + - "-c" + - "until pg_isready -h $DATABASE_HOSTNAME -U $POSTGRES_USER; do sleep 2; done" + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -50,7 +84,13 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} - env: + envFrom: + - secretRef: + {{- if .Values.syncv3.existingSecret }} + name: {{ .Values.syncv3.existingSecret }} + {{- else }} + name: {{ include "matrix-sliding-sync.fullname" . }}-env + {{- end }} {{- with .Values.volumes }} volumes: diff --git a/charts/matrix-sliding-sync/templates/initdb-configmap.yaml b/charts/matrix-sliding-sync/templates/initdb-configmap.yaml new file mode 100644 index 0000000..4986fbd --- /dev/null +++ b/charts/matrix-sliding-sync/templates/initdb-configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.postgresql.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "matrix-sliding-sync.fullname" . }}-postgresql-initdb + labels: + {{ include "matrix-sliding-sync.labels" . | nindent 4}} +data: + matrix.sql: | + CREATE DATABASE matrix ENCODING 'UTF8' LOCALE 'C' TEMPLATE template0 OWNER {{ .Values.postgresql.global.postgresql.auth.username }}; + GRANT ALL PRIVILEGES ON DATABASE matrix-sliding-sync TO {{ .Values.postgresql.global.postgresql.auth.username }}; + GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO {{ .Values.postgresql.global.postgresql.auth.username }}; +{{- end }} diff --git a/charts/matrix-sliding-sync/templates/matrix-sliding-sync-env-secret.yaml b/charts/matrix-sliding-sync/templates/matrix-sliding-sync-env-secret.yaml index bf05bb0..7018b99 100644 --- a/charts/matrix-sliding-sync/templates/matrix-sliding-sync-env-secret.yaml +++ b/charts/matrix-sliding-sync/templates/matrix-sliding-sync-env-secret.yaml @@ -3,21 +3,46 @@ apiVersion: v1 kind: Secret metadata: - name: sliding-sync-env + name: {{ include "matrix-sliding-sync.fullname" . }}-env data: - SYNCV3_SERVER: {{ .Values.syncv3.server | b64enc | quote }} - SYNCV3_DB: {{ .Values.syncv3.db | b64enc | quote }} + {{- if .Values.syncv3.secret }} SYNCV3_SECRET: {{ .Values.syncv3.secret | b64enc | quote }} + {{- else }} + SYNCV3_SECRET: {{ randAlphaNum 32 | b64enc | quote }} + {{- end }} + SYNCV3_SERVER: {{ .Values.syncv3.server | b64enc | quote }} + {{- if not .Values.syncv3.db.existingSecret }} + SYNCV3_DB: {{ include "matrix-sliding-sync.dbConnString" . | b64enc | quote }} + {{- end }} SYNCV3_BINDADDR: {{ .Values.syncv3.bindaddr | b64enc | quote }} + {{ if .Values.syncv3.tlsCert }} SYNCV3_TLS_CERT: {{ .Values.syncv3.tlsCert | b64enc | quote }} + {{- end }} + {{ if .Values.syncv3.tlsKey }} SYNCV3_TLS_KEY: {{ .Values.syncv3.tlsKey | b64enc | quote }} + {{- end }} + {{ if not .Values.syncv3.pprof }} SYNCV3_PPROF: {{ .Values.syncv3.pprof | b64enc | quote }} + {{- end }} + {{ if not .Values.syncv3.prom }} SYNCV3_PROM: {{ .Values.syncv3.prom | b64enc | quote }} - SYNCV3_OTLP_URL: {{ .Values.syncv3.otlpUrl | b64enc | quote }} - SYNCV3_OTLP_USERNAME: {{ .Values.syncv3.otlpUsername | b64enc | quote }} - SYNCV3_OTLP_PASSWORD: {{ .Values.syncv3.otlpPassword | b64enc | quote }} + {{- end }} + {{ if not .Values.syncv3.otlp.existingSecret }} + {{ if .Values.syncv3.otlp.url }} + SYNCV3_OTLP_URL: {{ .Values.syncv3.otlp.url | b64enc | quote }} + {{- end }} + {{ if .Values.syncv3.otlp.username }} + SYNCV3_OTLP_USERNAME: {{ .Values.syncv3.otlp.username | b64enc | quote }} + {{- end }} + {{ if .Values.syncv3.otlp.password }} + SYNCV3_OTLP_PASSWORD: {{ .Values.syncv3.otlp.password | b64enc | quote }} + {{- end }} + {{- end }} + {{ if .Values.syncv3.sentryDsn }} SYNCV3_SENTRY_DSN: {{ .Values.syncv3.sentryDsn | b64enc | quote }} + {{- end }} SYNCV3_LOG_LEVEL: {{ .Values.syncv3.logLevel | b64enc | quote }} + {{ if .Values.syncv3.maxDbConn }} SYNCV3_MAX_DB_CONN: {{ .Values.syncv3.maxDbConn | b64enc | quote }} - + {{- end }} {{- end }} diff --git a/charts/matrix-sliding-sync/templates/network-policy.yaml b/charts/matrix-sliding-sync/templates/network-policy.yaml new file mode 100644 index 0000000..fb00b13 --- /dev/null +++ b/charts/matrix-sliding-sync/templates/network-policy.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.networkPolicies.enabled .Values.postgresql.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "matrix-sliding-sync.fullname" . }}-synapse-postgresql + labels: +{{ include "matrix-sliding-sync.labels" . | indent 4 }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "postgresql.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "matrix-sliding-sync.name" . }}-synapse + app.kubernetes.io/instance: {{ .Release.Name }} + ports: + - port: tcp-postgresql + protocol: TCP +{{- end }} diff --git a/charts/matrix-sliding-sync/values.yaml b/charts/matrix-sliding-sync/values.yaml index 6603fda..9589d0d 100644 --- a/charts/matrix-sliding-sync/values.yaml +++ b/charts/matrix-sliding-sync/values.yaml @@ -113,6 +113,8 @@ postgresql: # If postgresql.enabled is set to true, externalDatabase.enabled must be set to false # else if externalDatabase.enabled is set to true, postgresql.enabled must be set to false enabled: true + persistence: + enabled: false volumePermissions: # -- Enable init container that changes the owner and group of the PVC enabled: true @@ -146,13 +148,6 @@ postgresql: # primary database node config primary: - # -- persistent volume claim configuration for postgresql to persist data - persistence: - # -- Enable PostgreSQL Primary data persistence using PVC - enabled: false - # -- size of postgresql volume claim - size: 8Gi - # -- run the scripts in templates/postgresql/initdb-configmap.yaml # If using an external Postgres server, make sure to configure the database # ref: https://github.com/matrix-org/synapse/blob/master/docs/postgres.md @@ -210,10 +205,20 @@ externalDatabase: adminPasswordKey: postgresPassword syncv3: + # -- existing kubernetes secret for ALL syncv3 env vars listed below. if set, ignores all values below, everything under syncv3 including syncv3.db and syncvc.otlp. + existingSecret: "" # -- SYNCV3_SERVER - Required. The destination homeserver to talk to (CS API HTTPS URL) e.g 'https://matrix-client.matrix.org' (Supports unix socket: /path/to/socket) server: "" - # -- SYNCV3_DB - Required. The postgres connection string: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING - db: "" + + # -- templates out SYNCV3_DB which is a postgres connection string: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING like this: user=$(whoami) dbname=syncv3 sslmode=disable host=host.docker.internal password='DATABASE_PASSWORD_HERE' + db: + host: "" + dbname: matrix-sliding-sync + sslmode: disable + user: matrix-sliding-sync + password: "" + existingSecret: "" + # -- SYNCV3_SECRET - Required. A secret to use to encrypt access tokens. Must remain the same for the lifetime of the database. secret: "" # -- SYNCV3_BINDADDR - The interface and port to listen on. (Supports unix socket: /path/to/socket) @@ -226,17 +231,24 @@ syncv3: pprof: "" # -- SYNCV3_PROM - Default: unset. The bind addr for Prometheus metrics, which will be accessible at /metrics at this address. prom: "" - # -- SYNCV3_OTLP_URL - Default: unset. The OTLP HTTP URL to send spans to e.g https://localhost:4318 - if unset does not send OTLP traces. - otlpUrl: "" - # -- SYNCV3_OTLP_USERNAME - Default: unset. The OTLP username for Basic auth. If unset, does not send an Authorization header. - otlpUsername: "" - # -- SYNCV3_OTLP_PASSWORD - Default: unset. The OTLP password for Basic auth. If unset, does not send an Authorization header. - otlpPassword: "" + + otlp: + # -- SYNCV3_OTLP_URL - Default: unset. The OTLP HTTP URL to send spans to e.g https://localhost:4318 - if unset does not send OTLP traces. + url: "" + # -- SYNCV3_OTLP_USERNAME - Default: unset. The OTLP username for Basic auth. If unset, does not send an Authorization header. + username: "" + # -- SYNCV3_OTLP_PASSWORD - Default: unset. The OTLP password for Basic auth. If unset, does not send an Authorization header. + password: "" + existingSecret: + # -- SYNCV3_SENTRY_DSN - Default: unset. The Sentry DSN to report events to e.g https://sliding-sync@sentry.example.com/123 - if unset does not send sentry events. sentryDsn: "" # -- SYNCV3_LOG_LEVEL - The level of verbosity for messages logged. Available values are trace, debug, info, warn, error and fatal logLevel: "info" # -- SYNCV3_MAX_DB_CONN - Default: unset. Max database connections to use when communicating with postgres. Unset or 0 means no limit. maxDbConn: "" - # -- existing kubernetes secret for syncv3 env vars listed above, ignores all above if set. - existingSecret: "" + + +networkPolicies: + # -- whether to enable kubernetes network policies or not + enabled: true