PR review changes

helm/dendrite/Chart.yaml

@@ -14,6 +14,7 @@ sources:
   - https://github.com/matrix-org/dendrite
 dependencies:
 - name: postgresql
-  version: 11.6.21
+  version: 12.1.7
   repository: https://charts.bitnami.com/bitnami
   condition: postgresql.enabled
+

helm/dendrite/README.md

@@ -36,7 +36,7 @@ Create a folder `appservices` and place your configurations in there.  The confi
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.bitnami.com/bitnami | postgresql | 11.6.21 |
+| https://charts.bitnami.com/bitnami | postgresql | 12.1.7 |
 ## Values
 
 | Key | Type | Default | Description |
@@ -65,7 +65,7 @@ Create a folder `appservices` and place your configurations in there.  The confi
 | global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. |
 | global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime |
 | global.database.host | string | `""` | Default database host |
-| global.database.max_idle_conns | int | `2` | Default database maximum idle connections |
+| global.database.max_idle_conns | int | `5` | Default database maximum idle connections |
 | global.database.max_open_conns | int | `90` | Default database maximum open connections |
 | global.database.password | string | `""` | Default database password |
 | global.database.user | string | `""` | Default database user |

helm/dendrite/templates/deployment.yaml

@@ -6,7 +6,7 @@ metadata:
   namespace: {{ $.Release.Namespace }}
   name: {{ include "dendrite.fullname" . }}
   labels:
-    app: {{ $.Chart.Name }}
+    {{- include "dendrite.labels" . | nindent 4 }}
 spec:
   selector:
     matchLabels:
@@ -16,28 +16,34 @@ spec:
     metadata:
       labels:
         {{- include "dendrite.selectorLabels" . | nindent 8 }}
+      annotations:
+        confighash-global: secret-{{ .Values.global | toYaml | sha256sum | trunc 32 }}
+        confighash-clientapi: clientapi-{{ .Values.clientapi | toYaml | sha256sum | trunc 32 }}
+        confighash-federationapi: federationapi-{{ .Values.federationapi | toYaml | sha256sum | trunc 32 }}
+        confighash-mediaapi: mediaapi-{{ .Values.mediaapi | toYaml | sha256sum | trunc 32 }}
+        confighash-syncapi: syncapi-{{ .Values.syncapi | toYaml | sha256sum | trunc 32 }}
     spec:
       volumes:
-      - name: {{ .Release.Name }}-conf-vol
+      - name: {{ include "dendrite.fullname" . }}-conf-vol
         secret:
-          secretName: {{ .Release.Name }}-conf
-      - name: {{ .Release.Name }}-signing-key
+          secretName: {{ include "dendrite.fullname" . }}-conf
+      - name: {{ include "dendrite.fullname" . }}-signing-key
         secret:
-          secretName: {{ default (print .Release.Name "-signing-key") $.Values.signing_key.existingSecret | quote }}
+          secretName: {{ default (print ( include "dendrite.fullname" . ) "-signing-key") $.Values.signing_key.existingSecret | quote }}
       {{- if (gt (len ($.Files.Glob "appservices/*")) 0) }}
-      - name:{{ .Release.Name }}-appservices
+      - name: {{ include "dendrite.fullname" . }}-appservices
         secret:
-          secretName: {{ .Release.Name }}-appservices-conf
+          secretName: {{ include "dendrite.fullname" . }}-appservices-conf
       {{- end }}
-      - name: {{ .Release.Name }}-jetstream
+      - name: {{ include "dendrite.fullname" . }}-jetstream
         persistentVolumeClaim:
-          claimName: {{ default (print .Release.Name "-jetstream-pvc") $.Values.persistence.jetstream.existingClaim | quote }}
-      - name: {{ .Release.Name }}-media
+          claimName: {{ default (print ( include "dendrite.fullname" . ) "-jetstream-pvc") $.Values.persistence.jetstream.existingClaim | quote }}
+      - name: {{ include "dendrite.fullname" . }}-media
         persistentVolumeClaim:
-          claimName: {{ default (print .Release.Name "-media-pvc") $.Values.persistence.media.existingClaim | quote }}
-      - name: {{ .Release.Name }}-search
+          claimName: {{ default (print ( include "dendrite.fullname" . ) "-media-pvc") $.Values.persistence.media.existingClaim | quote }}
+      - name: {{ include "dendrite.fullname" . }}-search
         persistentVolumeClaim:
-          claimName: {{ default (print .Release.Name "-search-pvc") $.Values.persistence.search.existingClaim | quote }}
+          claimName: {{ default (print ( include "dendrite.fullname" . ) "-search-pvc") $.Values.persistence.search.existingClaim | quote }}
       containers:
       - name: {{ $.Chart.Name }}
         {{- include "image.name" $.Values.image | nindent 8 }}
@@ -52,25 +58,26 @@ spec:
         env:
           - name: PPROFLISTEN
             value: "localhost:{{- $.Values.global.profiling.port -}}"
+            # TODO: Document this
         {{- end }}
         resources:
         {{- toYaml $.Values.resources | nindent 10 }}
         volumeMounts:
         - mountPath: /etc/dendrite/
-          name: {{ .Release.Name }}-conf-vol
+          name: {{ include "dendrite.fullname" . }}-conf-vol
         - mountPath: /etc/dendrite/secrets/
-          name: {{ .Release.Name }}-signing-key
+          name: {{ include "dendrite.fullname" . }}-signing-key
         {{- if (gt (len ($.Files.Glob "appservices/*")) 0) }}
         - mountPath: /etc/dendrite/appservices
-          name: {{ .Release.Name }}-appservices
+          name: {{ include "dendrite.fullname" . }}-appservices
           readOnly: true
         {{ end }}
         - mountPath: /data/media_store
-          name: {{ .Release.Name }}-media
+          name: {{ include "dendrite.fullname" . }}-media
         - mountPath: /data/jetstream
-          name: {{ .Release.Name }}-jetstream
+          name: {{ include "dendrite.fullname" . }}-jetstream
         - mountPath: /data/search
-          name: {{ .Release.Name }}-search
+          name: {{ include "dendrite.fullname" . }}-search
         livenessProbe:
           initialDelaySeconds: 10
           periodSeconds: 10

helm/dendrite/templates/jobs.yaml

@@ -1,6 +1,6 @@
 {{ if and .Values.signing_key.create (not .Values.signing_key.existingSecret ) }}
-{{ $name := (print .Release.Name "-signing-key") }}
-{{ $secretName := (print .Release.Name "-signing-key") }}
+{{ $name := (print ( include "dendrite.fullname" . ) "-signing-key") }}
+{{ $secretName := (print ( include "dendrite.fullname" . ) "-signing-key") }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -15,6 +15,7 @@ metadata:
   name: {{ $name }}
   labels:
     app.kubernetes.io/component: signingkey-job
+    {{- include "dendrite.labels" . | nindent 4 }}
 rules:
   - apiGroups:
       - ""
@@ -33,6 +34,7 @@ metadata:
   name: {{ $name }}
   labels:
     app.kubernetes.io/component: signingkey-job
+    {{- include "dendrite.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -46,6 +48,8 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: generate-signing-key
+  labels:
+    {{- include "dendrite.labels" . | nindent 4 }}
 spec:
   template:
     spec:

helm/dendrite/templates/pvc.yaml

@@ -5,7 +5,7 @@ kind: PersistentVolumeClaim
 metadata:
   annotations:
     helm.sh/resource-policy: keep
-  name: {{ .Release.Name }}-media-pvc
+  name: {{ include "dendrite.fullname" . }}-media-pvc
 spec:
   accessModes:
     - ReadWriteOnce
@@ -21,7 +21,7 @@ kind: PersistentVolumeClaim
 metadata:
   annotations:
     helm.sh/resource-policy: keep
-  name: {{ .Release.Name }}-jetstream-pvc
+  name: {{ include "dendrite.fullname" . }}-jetstream-pvc
 spec:
   accessModes:
     - ReadWriteOnce
@@ -37,7 +37,7 @@ kind: PersistentVolumeClaim
 metadata:
   annotations:
     helm.sh/resource-policy: keep
-  name: {{ .Release.Name }}-search-pvc
+  name: {{ include "dendrite.fullname" . }}-search-pvc
 spec:
   accessModes:
     - ReadWriteOnce

helm/dendrite/templates/secrets.yaml

@@ -3,7 +3,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Release.Name }}-appservices-conf
+  name: {{ include "dendrite.fullname" . }}-appservices-conf
   namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
@@ -16,7 +16,7 @@ kind: Secret
 metadata:
   annotations:
     helm.sh/resource-policy: keep
-  name: {{ .Release.Name }}-signing-key
+  name: {{ include "dendrite.fullname" . }}-signing-key
   namespace: {{ .Release.Namespace }}
 type: Opaque
 {{ end }}
@@ -30,7 +30,7 @@ apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: {{ .Release.Name }}-conf
+  name: {{ include "dendrite.fullname" . }}-conf
   namespace: {{ .Release.Namespace }}
 stringData:
   dendrite.yaml: |
@@ -42,14 +42,14 @@ stringData:
       key_validity_period: {{ .Values.global.key_validity_period | quote }}
       database:
         connection_string: {{ $connectionString }}?sslmode=disable
-        max_open_conns: {{ default 90 .Values.global.database.max_open_conns }}
-        max_idle_conns: {{ default 5 .Values.global.database.max_idle_conns }}
-        conn_max_lifetime: {{ default -1 .Values.global.database.conn_max_lifetime }}
+        max_open_conns: {{ .Values.global.database.max_open_conns }}
+        max_idle_conns: {{ .Values.global.database.max_idle_conns }}
+        conn_max_lifetime: {{ .Values.global.database.conn_max_lifetime }}
       cache:
-        max_size_estimated: {{ default "1gb" .Values.global.cache.max_size_estimated | quote }}
-        max_age: {{ default "1h" .Values.global.cache.max_age }}
-      well_known_server_name: {{ default "" .Values.global.well_known_server_name | quote }}
-      well_known_client_name: {{ default "" .Values.global.well_known_client_name | quote }}
+        max_size_estimated: {{ .Values.global.cache.max_size_estimated | quote }}
+        max_age: {{ .Values.global.cache.max_age }}
+      well_known_server_name: {{ .Values.global.well_known_server_name | quote }}
+      well_known_client_name: {{ .Values.global.well_known_client_name | quote }}
       trusted_third_party_id_servers:
       {{- toYaml .Values.global.trusted_third_party_id_servers | nindent 8 }}
       disable_federation: {{ .Values.global.disable_federation }}
@@ -91,8 +91,8 @@ stringData:
     {{ end }}
     federation_api:
       #federation_certificates: []
-      send_max_retries: {{ default 16 .Values.federationapi.send_max_retries }}
-      disable_tls_validation: {{ default false .Values.federationapi.disable_tls_validation }}
+      send_max_retries: {{ .Values.federationapi.send_max_retries }}
+      disable_tls_validation: {{ .Values.federationapi.disable_tls_validation }}
       key_perspectives:
       - server_name: matrix.org
         keys:
@@ -103,7 +103,7 @@ stringData:
       prefer_direct_fetch: {{ .Values.federationapi.prefer_direct_fetch }}
     media_api:
       base_path: /data/media_store
-      max_file_size_bytes: {{ int (default "10485760" .Values.mediaapi.max_file_size_bytes) }}
+      max_file_size_bytes: {{ int .Values.mediaapi.max_file_size_bytes }}
       dynamic_thumbnails: {{ .Values.mediaapi.dynamic_thumbnails }}
       max_thumbnail_generators: {{ .Values.mediaapi.max_thumbnail_generators }}
       thumbnail_sizes:
@@ -112,9 +112,9 @@ stringData:
     sync_api:
       real_ip_header: {{ .Values.syncapi.real_ip_header }}
       search:
-        enabled: {{ default false .Values.syncapi.search.enabled }}
+        enabled: {{ .Values.syncapi.search.enabled }}
         index_path: /data/search
-        language: {{ default "en" .Values.syncapi.search.language }}
+        language: {{ .Values.syncapi.search.language }}
     tracing:
       {{- toYaml .Values.global.tracing | nindent 6 }}
     logging:

helm/dendrite/templates/service.yaml

@@ -1,5 +1,4 @@
 {{ template "validate.config" . }}
-
 ---
 apiVersion: v1
 kind: Service

helm/dendrite/values.yaml

@@ -72,7 +72,7 @@ global:
     # -- Default database maximum open connections
     max_open_conns: 90
     # -- Default database maximum idle connections
-    max_idle_conns: 2
+    max_idle_conns: 5
     # -- Default database maximum lifetime
     conn_max_lifetime: -1