231 lines
7.8 KiB
YAML
231 lines
7.8 KiB
YAML
{{- if .Values.federation.enabled }}
|
|
{{- if not .Values.federation.ignoreRocketChatVersion }} {{/* this can be removed at any point, used just for testing */}}
|
|
{{- if (eq (semver "6.6.4" | (semver .Chart.AppVersion).Compare) -1) }}
|
|
{{- fail "federation must be used with rocket.chat version >= 6.6.4" }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- $secret := include "rocketchat.fullname" . | printf "%s-synapse" | lookup "v1" "Secret" .Release.Namespace }}
|
|
{{- $hs_token := "" }}
|
|
{{- $as_token := "" }}
|
|
{{- $bridge_url := printf "http://%s-bridge:3300" (include "rocketchat.fullname" .) -}}
|
|
{{- $id := "" }}
|
|
{{- if $secret }}
|
|
{{- $hs_token = $secret.data.hs_token | b64dec -}}
|
|
{{- $as_token = $secret.data.as_token | b64dec -}}
|
|
{{- $id = $secret.data.appservice_id | b64dec -}}
|
|
{{- else }}
|
|
{{- $hs_token = randAlphaNum 26 | b64enc | quote -}}
|
|
{{- $as_token = randAlphaNum 24 | b64enc | quote -}}
|
|
{{- $id = randAlphaNum 14 | b64enc | printf "rocketchat_%s" -}}
|
|
{{- end }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "rocketchat.fullname" . }}-synapse
|
|
labels:
|
|
app.kubernetes.io/name: {{ include "rocketchat.name" . }}-synapse
|
|
helm.sh/chart: {{ include "rocketchat.chart" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
|
|
stringData:
|
|
as_token: {{ $as_token }}
|
|
hs_token: {{ $hs_token }}
|
|
bridge_url: {{ $bridge_url }}
|
|
appservice_id: {{ $id }}
|
|
homeserver.append.yaml: |
|
|
app_service_config_files:
|
|
- /registration.yaml
|
|
|
|
retention:
|
|
enabled: true
|
|
|
|
enable_registration: true
|
|
enable_registration_without_verification: true
|
|
suppress_key_server_warning: true
|
|
|
|
allow_public_rooms_without_auth: true
|
|
allow_public_rooms_over_federation: true
|
|
|
|
use_appservice_legacy_authorization: true
|
|
|
|
{{- if .Values.postgresql.enabled }}
|
|
|
|
{{- if (not (or (include "postgresql.v1.createSecret" .Subcharts.postgresql) .Values.federation.extraConfigSecret)) }}
|
|
{{- fail "postgres password must be in values.yaml or passed through federation.extraConfigSecretName" }}
|
|
{{- end }}
|
|
|
|
database:
|
|
name: psycopg2
|
|
args:
|
|
user: {{ include "postgresql.v1.username" .Subcharts.postgresql }}
|
|
password: {{ .Values.postgresql.auth.password }} {{/* FIXME(debdut): this needs to be better, https://github.com/bitnami/charts/blob/8edf559ce9db3515aad61f5c8cb261b1c19bc93a/bitnami/postgresql/templates/secrets.yaml#L23 */}}
|
|
database: {{ include "postgresql.v1.database" .Subcharts.postgresql }}
|
|
host: {{ include "postgresql.v1.primary.svc.headless" .Subcharts.postgresql }}
|
|
cp_min: 5
|
|
cp_max: 10
|
|
allow_unsafe_locale: true
|
|
|
|
{{- end }}
|
|
|
|
registration.yaml: |
|
|
id: {{ $id }}
|
|
hs_token: {{ $hs_token }}
|
|
as_token: {{ $as_token }}
|
|
url: {{ $bridge_url }}
|
|
sender_localpart: rocket.cat
|
|
namespaces:
|
|
users:
|
|
- exclusive: false
|
|
regex: .*
|
|
rooms:
|
|
- exclusive: false
|
|
regex: .*
|
|
aliases:
|
|
- exclusive: false
|
|
regex: .*
|
|
de.sorunome.msc2409.push_ephemeral: false
|
|
---
|
|
apiVersion: {{ template "deployment.apiVersion" . }}
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ template "rocketchat.fullname" . }}-synapse
|
|
labels:
|
|
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
|
|
helm.sh/chart: {{ include "rocketchat.chart" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
spec:
|
|
initContainers:
|
|
- name: generate
|
|
image: {{ .Values.federation.image.registry }}/{{ .Values.federation.image.repository }}:{{ .Values.federation.image.tag }}
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
command: ["/start.py", 'generate']
|
|
env:
|
|
- name: SYNAPSE_SERVER_NAME
|
|
value: {{ .Values.host }}
|
|
- name: SYNAPSE_REPORT_STATS
|
|
value: 'no'
|
|
- name: append
|
|
image: {{ .Values.federation.image.registry }}/{{ .Values.federation.image.repository }}:{{ .Values.federation.image.tag }}
|
|
env:
|
|
- name: HOMESERVER_EXTRA_CONFIG
|
|
value: /__homeserver.append.yaml
|
|
volumeMounts:
|
|
- name: scripts
|
|
mountPath: /scripts
|
|
- name: data
|
|
mountPath: /data
|
|
- name: config
|
|
mountPath: /__homeserver.append.yaml
|
|
subPath: homeserver.append.yaml
|
|
command:
|
|
- bash
|
|
- /scripts/updateSynapseHomeserverConfig.sh
|
|
containers:
|
|
- image: {{ .Values.federation.image.registry }}/{{ .Values.federation.image.repository }}:{{ .Values.federation.image.tag }}
|
|
name: synapse
|
|
env:
|
|
{{- if .Values.federation.extraConfigSecret }}
|
|
- name: HOMESERVER_EXTRA_CONFIG
|
|
value: /homeserver.extra.yaml
|
|
command:
|
|
- bash
|
|
- /scripts/updateSynapseHomeserverConfig.sh
|
|
- --start
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
- name: config
|
|
mountPath: /registration.yaml
|
|
subPath: registration.yaml
|
|
- name: scripts
|
|
mountPath: /scripts
|
|
{{- with .Values.federation.extraConfigSecret }}
|
|
- name: extraConfig
|
|
mountPath: /homeserver.extra.yaml
|
|
subPath: {{ .key | quote }}
|
|
{{- end }}
|
|
ports:
|
|
- containerPort: 8008
|
|
volumes:
|
|
- name: scripts
|
|
configMap:
|
|
name: {{ template "rocketchat.fullname" . }}-scripts
|
|
- name: config
|
|
secret:
|
|
secretName: {{ template "rocketchat.fullname" . }}-synapse
|
|
{{- with .Values.federation.extraConfigSecret }}
|
|
- name: extraConfig
|
|
secret:
|
|
secretName: {{ .name | quote }}
|
|
{{- end }}
|
|
- name: data
|
|
{{- if .Values.federation.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ if .Values.federation.persistence.existingClaim }}{{ .Values.federation.persistence.existingClaim }}{{- else }}{{ template "rocketchat.fullname" . }}-synapse {{- end }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: {{ template "rocketchat.fullname" . }}-synapse
|
|
labels:
|
|
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
|
|
helm.sh/chart: {{ include "rocketchat.chart" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- name: http
|
|
port: 8008
|
|
targetPort: 8008
|
|
protocol: TCP
|
|
selector:
|
|
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
---
|
|
{{- if (and .Values.federation.persistence.enabled (not .Values.federation.persistence.existingClaim)) }}
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
|
|
metadata:
|
|
name: {{ template "rocketchat.fullname" . }}-synapse
|
|
labels:
|
|
app.kubernetes.io/name: {{ include "rocketchat.fullname" . }}-synapse
|
|
helm.sh/chart: {{ include "rocketchat.chart" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
|
|
spec:
|
|
{{- if .Values.federation.persistence.storageClassName }}
|
|
storageClassName: {{ .Values.federation.persistence.storageClassName }}
|
|
{{ end }}
|
|
accessModes:
|
|
{{- range .Values.federation.persistence.accessModes }}
|
|
- {{ . }}
|
|
{{- end }}
|
|
resources:
|
|
requests:
|
|
storage: {{ .Values.federation.persistence.resources.requests.storage | default "10Gi" }}
|
|
{{- end -}}
|
|
{{ end }}
|