diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index dc32e2482..429431241 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -14,6 +14,7 @@ sources: - https://github.com/matrix-org/dendrite dependencies: - name: postgresql - version: 11.6.21 + version: 12.1.7 repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled + diff --git a/helm/dendrite/README.md b/helm/dendrite/README.md index f16dec769..c94e6997c 100644 --- a/helm/dendrite/README.md +++ b/helm/dendrite/README.md @@ -36,7 +36,7 @@ Create a folder `appservices` and place your configurations in there. The confi | Repository | Name | Version | |------------|------|---------| -| https://charts.bitnami.com/bitnami | postgresql | 11.6.21 | +| https://charts.bitnami.com/bitnami | postgresql | 12.1.7 | ## Values | Key | Type | Default | Description | @@ -65,7 +65,7 @@ Create a folder `appservices` and place your configurations in there. The confi | global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. | | global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime | | global.database.host | string | `""` | Default database host | -| global.database.max_idle_conns | int | `2` | Default database maximum idle connections | +| global.database.max_idle_conns | int | `5` | Default database maximum idle connections | | global.database.max_open_conns | int | `90` | Default database maximum open connections | | global.database.password | string | `""` | Default database password | | global.database.user | string | `""` | Default database user | diff --git a/helm/dendrite/templates/deployment.yaml b/helm/dendrite/templates/deployment.yaml index 4c7e15d10..95b977ab9 100644 --- a/helm/dendrite/templates/deployment.yaml +++ b/helm/dendrite/templates/deployment.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ $.Release.Namespace }} name: {{ include "dendrite.fullname" . }} labels: - app: {{ $.Chart.Name }} + {{- include "dendrite.labels" . | nindent 4 }} spec: selector: matchLabels: @@ -16,28 +16,34 @@ spec: metadata: labels: {{- include "dendrite.selectorLabels" . | nindent 8 }} + annotations: + confighash-global: secret-{{ .Values.global | toYaml | sha256sum | trunc 32 }} + confighash-clientapi: clientapi-{{ .Values.clientapi | toYaml | sha256sum | trunc 32 }} + confighash-federationapi: federationapi-{{ .Values.federationapi | toYaml | sha256sum | trunc 32 }} + confighash-mediaapi: mediaapi-{{ .Values.mediaapi | toYaml | sha256sum | trunc 32 }} + confighash-syncapi: syncapi-{{ .Values.syncapi | toYaml | sha256sum | trunc 32 }} spec: volumes: - - name: {{ .Release.Name }}-conf-vol + - name: {{ include "dendrite.fullname" . }}-conf-vol secret: - secretName: {{ .Release.Name }}-conf - - name: {{ .Release.Name }}-signing-key + secretName: {{ include "dendrite.fullname" . }}-conf + - name: {{ include "dendrite.fullname" . }}-signing-key secret: - secretName: {{ default (print .Release.Name "-signing-key") $.Values.signing_key.existingSecret | quote }} + secretName: {{ default (print ( include "dendrite.fullname" . ) "-signing-key") $.Values.signing_key.existingSecret | quote }} {{- if (gt (len ($.Files.Glob "appservices/*")) 0) }} - - name:{{ .Release.Name }}-appservices + - name: {{ include "dendrite.fullname" . }}-appservices secret: - secretName: {{ .Release.Name }}-appservices-conf + secretName: {{ include "dendrite.fullname" . }}-appservices-conf {{- end }} - - name: {{ .Release.Name }}-jetstream + - name: {{ include "dendrite.fullname" . }}-jetstream persistentVolumeClaim: - claimName: {{ default (print .Release.Name "-jetstream-pvc") $.Values.persistence.jetstream.existingClaim | quote }} - - name: {{ .Release.Name }}-media + claimName: {{ default (print ( include "dendrite.fullname" . ) "-jetstream-pvc") $.Values.persistence.jetstream.existingClaim | quote }} + - name: {{ include "dendrite.fullname" . }}-media persistentVolumeClaim: - claimName: {{ default (print .Release.Name "-media-pvc") $.Values.persistence.media.existingClaim | quote }} - - name: {{ .Release.Name }}-search + claimName: {{ default (print ( include "dendrite.fullname" . ) "-media-pvc") $.Values.persistence.media.existingClaim | quote }} + - name: {{ include "dendrite.fullname" . }}-search persistentVolumeClaim: - claimName: {{ default (print .Release.Name "-search-pvc") $.Values.persistence.search.existingClaim | quote }} + claimName: {{ default (print ( include "dendrite.fullname" . ) "-search-pvc") $.Values.persistence.search.existingClaim | quote }} containers: - name: {{ $.Chart.Name }} {{- include "image.name" $.Values.image | nindent 8 }} @@ -52,25 +58,26 @@ spec: env: - name: PPROFLISTEN value: "localhost:{{- $.Values.global.profiling.port -}}" + # TODO: Document this {{- end }} resources: {{- toYaml $.Values.resources | nindent 10 }} volumeMounts: - mountPath: /etc/dendrite/ - name: {{ .Release.Name }}-conf-vol + name: {{ include "dendrite.fullname" . }}-conf-vol - mountPath: /etc/dendrite/secrets/ - name: {{ .Release.Name }}-signing-key + name: {{ include "dendrite.fullname" . }}-signing-key {{- if (gt (len ($.Files.Glob "appservices/*")) 0) }} - mountPath: /etc/dendrite/appservices - name: {{ .Release.Name }}-appservices + name: {{ include "dendrite.fullname" . }}-appservices readOnly: true {{ end }} - mountPath: /data/media_store - name: {{ .Release.Name }}-media + name: {{ include "dendrite.fullname" . }}-media - mountPath: /data/jetstream - name: {{ .Release.Name }}-jetstream + name: {{ include "dendrite.fullname" . }}-jetstream - mountPath: /data/search - name: {{ .Release.Name }}-search + name: {{ include "dendrite.fullname" . }}-search livenessProbe: initialDelaySeconds: 10 periodSeconds: 10 diff --git a/helm/dendrite/templates/jobs.yaml b/helm/dendrite/templates/jobs.yaml index 20202dd31..12df643a2 100644 --- a/helm/dendrite/templates/jobs.yaml +++ b/helm/dendrite/templates/jobs.yaml @@ -1,6 +1,6 @@ {{ if and .Values.signing_key.create (not .Values.signing_key.existingSecret ) }} -{{ $name := (print .Release.Name "-signing-key") }} -{{ $secretName := (print .Release.Name "-signing-key") }} +{{ $name := (print ( include "dendrite.fullname" . ) "-signing-key") }} +{{ $secretName := (print ( include "dendrite.fullname" . ) "-signing-key") }} --- apiVersion: v1 kind: ServiceAccount @@ -15,6 +15,7 @@ metadata: name: {{ $name }} labels: app.kubernetes.io/component: signingkey-job + {{- include "dendrite.labels" . | nindent 4 }} rules: - apiGroups: - "" @@ -33,6 +34,7 @@ metadata: name: {{ $name }} labels: app.kubernetes.io/component: signingkey-job + {{- include "dendrite.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -46,6 +48,8 @@ apiVersion: batch/v1 kind: Job metadata: name: generate-signing-key + labels: + {{- include "dendrite.labels" . | nindent 4 }} spec: template: spec: diff --git a/helm/dendrite/templates/pvc.yaml b/helm/dendrite/templates/pvc.yaml index 1ec11f31b..897957e60 100644 --- a/helm/dendrite/templates/pvc.yaml +++ b/helm/dendrite/templates/pvc.yaml @@ -5,7 +5,7 @@ kind: PersistentVolumeClaim metadata: annotations: helm.sh/resource-policy: keep - name: {{ .Release.Name }}-media-pvc + name: {{ include "dendrite.fullname" . }}-media-pvc spec: accessModes: - ReadWriteOnce @@ -21,7 +21,7 @@ kind: PersistentVolumeClaim metadata: annotations: helm.sh/resource-policy: keep - name: {{ .Release.Name }}-jetstream-pvc + name: {{ include "dendrite.fullname" . }}-jetstream-pvc spec: accessModes: - ReadWriteOnce @@ -37,7 +37,7 @@ kind: PersistentVolumeClaim metadata: annotations: helm.sh/resource-policy: keep - name: {{ .Release.Name }}-search-pvc + name: {{ include "dendrite.fullname" . }}-search-pvc spec: accessModes: - ReadWriteOnce diff --git a/helm/dendrite/templates/secrets.yaml b/helm/dendrite/templates/secrets.yaml index 63026256b..ad6db4cad 100644 --- a/helm/dendrite/templates/secrets.yaml +++ b/helm/dendrite/templates/secrets.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Release.Name }}-appservices-conf + name: {{ include "dendrite.fullname" . }}-appservices-conf namespace: {{ .Release.Namespace }} type: Opaque data: @@ -16,7 +16,7 @@ kind: Secret metadata: annotations: helm.sh/resource-policy: keep - name: {{ .Release.Name }}-signing-key + name: {{ include "dendrite.fullname" . }}-signing-key namespace: {{ .Release.Namespace }} type: Opaque {{ end }} @@ -30,7 +30,7 @@ apiVersion: v1 kind: Secret type: Opaque metadata: - name: {{ .Release.Name }}-conf + name: {{ include "dendrite.fullname" . }}-conf namespace: {{ .Release.Namespace }} stringData: dendrite.yaml: | @@ -42,14 +42,14 @@ stringData: key_validity_period: {{ .Values.global.key_validity_period | quote }} database: connection_string: {{ $connectionString }}?sslmode=disable - max_open_conns: {{ default 90 .Values.global.database.max_open_conns }} - max_idle_conns: {{ default 5 .Values.global.database.max_idle_conns }} - conn_max_lifetime: {{ default -1 .Values.global.database.conn_max_lifetime }} + max_open_conns: {{ .Values.global.database.max_open_conns }} + max_idle_conns: {{ .Values.global.database.max_idle_conns }} + conn_max_lifetime: {{ .Values.global.database.conn_max_lifetime }} cache: - max_size_estimated: {{ default "1gb" .Values.global.cache.max_size_estimated | quote }} - max_age: {{ default "1h" .Values.global.cache.max_age }} - well_known_server_name: {{ default "" .Values.global.well_known_server_name | quote }} - well_known_client_name: {{ default "" .Values.global.well_known_client_name | quote }} + max_size_estimated: {{ .Values.global.cache.max_size_estimated | quote }} + max_age: {{ .Values.global.cache.max_age }} + well_known_server_name: {{ .Values.global.well_known_server_name | quote }} + well_known_client_name: {{ .Values.global.well_known_client_name | quote }} trusted_third_party_id_servers: {{- toYaml .Values.global.trusted_third_party_id_servers | nindent 8 }} disable_federation: {{ .Values.global.disable_federation }} @@ -91,8 +91,8 @@ stringData: {{ end }} federation_api: #federation_certificates: [] - send_max_retries: {{ default 16 .Values.federationapi.send_max_retries }} - disable_tls_validation: {{ default false .Values.federationapi.disable_tls_validation }} + send_max_retries: {{ .Values.federationapi.send_max_retries }} + disable_tls_validation: {{ .Values.federationapi.disable_tls_validation }} key_perspectives: - server_name: matrix.org keys: @@ -103,7 +103,7 @@ stringData: prefer_direct_fetch: {{ .Values.federationapi.prefer_direct_fetch }} media_api: base_path: /data/media_store - max_file_size_bytes: {{ int (default "10485760" .Values.mediaapi.max_file_size_bytes) }} + max_file_size_bytes: {{ int .Values.mediaapi.max_file_size_bytes }} dynamic_thumbnails: {{ .Values.mediaapi.dynamic_thumbnails }} max_thumbnail_generators: {{ .Values.mediaapi.max_thumbnail_generators }} thumbnail_sizes: @@ -112,9 +112,9 @@ stringData: sync_api: real_ip_header: {{ .Values.syncapi.real_ip_header }} search: - enabled: {{ default false .Values.syncapi.search.enabled }} + enabled: {{ .Values.syncapi.search.enabled }} index_path: /data/search - language: {{ default "en" .Values.syncapi.search.language }} + language: {{ .Values.syncapi.search.language }} tracing: {{- toYaml .Values.global.tracing | nindent 6 }} logging: diff --git a/helm/dendrite/templates/service.yaml b/helm/dendrite/templates/service.yaml index 32116017c..365a43f04 100644 --- a/helm/dendrite/templates/service.yaml +++ b/helm/dendrite/templates/service.yaml @@ -1,5 +1,4 @@ {{ template "validate.config" . }} - --- apiVersion: v1 kind: Service diff --git a/helm/dendrite/values.yaml b/helm/dendrite/values.yaml index d2e44473d..61b49d4bf 100644 --- a/helm/dendrite/values.yaml +++ b/helm/dendrite/values.yaml @@ -72,7 +72,7 @@ global: # -- Default database maximum open connections max_open_conns: 90 # -- Default database maximum idle connections - max_idle_conns: 2 + max_idle_conns: 5 # -- Default database maximum lifetime conn_max_lifetime: -1