bea/infra-prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update rocket-chat

Browse Source
This commit is contained in:
Beatrice Dellacà
2025-04-03 15:16:10 +02:00
parent 31f6b361ac
commit 571c3a4dbb
180 changed files with 1 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

230
deploy/rocket-chat/templates/synapse.yaml Normal file
View File

@@ -0,0 +1,230 @@
{{- if .Values.federation.enabled }}
{{- if not .Values.federation.ignoreRocketChatVersion }} {{/* this can be removed at any point, used just for testing */}}
{{- if (eq (semver "6.6.4" | (semver .Chart.AppVersion).Compare) -1) }}
{{- fail "federation must be used with rocket.chat version >= 6.6.4" }}
{{- end }}
{{- end }}
{{- $secret := include "rocketchat.fullname" . | printf "%s-synapse" | lookup "v1" "Secret" .Release.Namespace }}
{{- $hs_token := "" }}
{{- $as_token := "" }}
{{- $bridge_url := printf "http://%s-bridge:3300" (include "rocketchat.fullname" .) -}}
{{- $id := "" }}
{{- if $secret }}
{{- $hs_token = $secret.data.hs_token | b64dec -}}
{{- $as_token = $secret.data.as_token | b64dec -}}
{{- $id = $secret.data.appservice_id | b64dec -}}
{{- else }}
{{- $hs_token = randAlphaNum 26 | b64enc | quote -}}
{{- $as_token = randAlphaNum 24 | b64enc | quote -}}
{{- $id = randAlphaNum 14 | b64enc | printf "rocketchat_%s" -}}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "rocketchat.fullname" . }}-synapse
labels:
app.kubernetes.io/name: {{ include "rocketchat.name" . }}-synapse
helm.sh/chart: {{ include "rocketchat.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
stringData:
as_token: {{ $as_token }}
hs_token: {{ $hs_token }}
bridge_url: {{ $bridge_url }}
appservice_id: {{ $id }}
homeserver.append.yaml: |
app_service_config_files:
- /registration.yaml
retention:
enabled: true
enable_registration: true
enable_registration_without_verification: true
suppress_key_server_warning: true
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
use_appservice_legacy_authorization: true
{{- if .Values.postgresql.enabled }}
{{- if (not (or (include "postgresql.v1.createSecret" .Subcharts.postgresql) .Values.federation.extraConfigSecret)) }}
{{- fail "postgres password must be in values.yaml or passed through federation.extraConfigSecretName" }}
{{- end }}
database:
name: psycopg2
args:
user: {{ include "postgresql.v1.username" .Subcharts.postgresql }}
password: {{ .Values.postgresql.auth.password }} {{/* FIXME(debdut): this needs to be better, https://github.com/bitnami/charts/blob/8edf559ce9db3515aad61f5c8cb261b1c19bc93a/bitnami/postgresql/templates/secrets.yaml#L23 */}}
database: {{ include "postgresql.v1.database" .Subcharts.postgresql }}
host: {{ include "postgresql.v1.primary.svc.headless" .Subcharts.postgresql }}
cp_min: 5
cp_max: 10
allow_unsafe_locale: true
{{- end }}
registration.yaml: |
id: {{ $id }}
hs_token: {{ $hs_token }}
as_token: {{ $as_token }}
url: {{ $bridge_url }}
sender_localpart: rocket.cat
namespaces:
users:
- exclusive: false
regex: .*
rooms:
- exclusive: false
regex: .*
aliases:
- exclusive: false
regex: .*
de.sorunome.msc2409.push_ephemeral: false
---
apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "rocketchat.fullname" . }}-synapse
labels:
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
helm.sh/chart: {{ include "rocketchat.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
app.kubernetes.io/instance: {{ .Release.Name }}
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
initContainers:
- name: generate
image: {{ .Values.federation.image.registry }}/{{ .Values.federation.image.repository }}:{{ .Values.federation.image.tag }}
volumeMounts:
- name: data
mountPath: /data
command: ["/start.py", 'generate']
env:
- name: SYNAPSE_SERVER_NAME
value: {{ .Values.host }}
- name: SYNAPSE_REPORT_STATS
value: 'no'
- name: append
image: {{ .Values.federation.image.registry }}/{{ .Values.federation.image.repository }}:{{ .Values.federation.image.tag }}
env:
- name: HOMESERVER_EXTRA_CONFIG
value: /__homeserver.append.yaml
volumeMounts:
- name: scripts
mountPath: /scripts
- name: data
mountPath: /data
- name: config
mountPath: /__homeserver.append.yaml
subPath: homeserver.append.yaml
command:
- bash
- /scripts/updateSynapseHomeserverConfig.sh
containers:
- image: {{ .Values.federation.image.registry }}/{{ .Values.federation.image.repository }}:{{ .Values.federation.image.tag }}
name: synapse
env:
{{- if .Values.federation.extraConfigSecret }}
- name: HOMESERVER_EXTRA_CONFIG
value: /homeserver.extra.yaml
command:
- bash
- /scripts/updateSynapseHomeserverConfig.sh
- --start
{{- end }}
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /registration.yaml
subPath: registration.yaml
- name: scripts
mountPath: /scripts
{{- with .Values.federation.extraConfigSecret }}
- name: extraConfig
mountPath: /homeserver.extra.yaml
subPath: {{ .key | quote }}
{{- end }}
ports:
- containerPort: 8008
volumes:
- name: scripts
configMap:
name: {{ template "rocketchat.fullname" . }}-scripts
- name: config
secret:
secretName: {{ template "rocketchat.fullname" . }}-synapse
{{- with .Values.federation.extraConfigSecret }}
- name: extraConfig
secret:
secretName: {{ .name | quote }}
{{- end }}
- name: data
{{- if .Values.federation.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.federation.persistence.existingClaim }}{{ .Values.federation.persistence.existingClaim }}{{- else }}{{ template "rocketchat.fullname" . }}-synapse {{- end }}
{{- else }}
emptyDir: {}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "rocketchat.fullname" . }}-synapse
labels:
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
helm.sh/chart: {{ include "rocketchat.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
type: ClusterIP
ports:
- name: http
port: 8008
targetPort: 8008
protocol: TCP
selector:
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
app.kubernetes.io/instance: {{ .Release.Name }}
---
{{- if (and .Values.federation.persistence.enabled (not .Values.federation.persistence.existingClaim)) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "rocketchat.fullname" . }}-synapse
labels:
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
helm.sh/chart: {{ include "rocketchat.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
{{- if .Values.federation.persistence.storageClassName }}
storageClassName: {{ .Values.federation.persistence.storageClassName }}
{{ end }}
accessModes:
{{- range .Values.federation.persistence.accessModes }}
- {{ . }}
{{- end }}
resources:
requests:
storage: {{ .Values.federation.persistence.resources.requests.storage | default "10Gi" }}
{{- end -}}
{{ end }}