mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-20 20:43:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

PR review changes

Browse source
This commit is contained in:
Till Faelligen 2023-01-06 08:18:23 +01:00
parent c6994efe70
commit 396dafd41d
No known key found for this signature in database
GPG key ID: ACCDC9606D472758
8 changed files with 55 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
helm/dendrite/Chart.yaml
View file

@ -14,6 +14,7 @@ sources:
- https://github.com/matrix-org/dendrite - https://github.com/matrix-org/dendrite
dependencies: dependencies:
- name: postgresql - name: postgresql
version: 11.6.21 version: 12.1.7
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled condition: postgresql.enabled

4
helm/dendrite/README.md
View file

@ -36,7 +36,7 @@ Create a folder `appservices` and place your configurations in there. The confi
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://charts.bitnami.com/bitnami | postgresql | 11.6.21 | | https://charts.bitnami.com/bitnami | postgresql | 12.1.7 |
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
@ -65,7 +65,7 @@ Create a folder `appservices` and place your configurations in there. The confi
| global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. | | global.cache.max_size_estimated | string | `"1gb"` | The estimated maximum size for the global cache in bytes, or in terabytes, gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or 'kb' suffix is specified. Note that this is not a hard limit, nor is it a memory limit for the entire process. A cache that is too small may ultimately provide little or no benefit. |
| global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime | | global.database.conn_max_lifetime | int | `-1` | Default database maximum lifetime |
| global.database.host | string | `""` | Default database host | | global.database.host | string | `""` | Default database host |
| global.database.max_idle_conns | int | `2` | Default database maximum idle connections | | global.database.max_idle_conns | int | `5` | Default database maximum idle connections |
| global.database.max_open_conns | int | `90` | Default database maximum open connections | | global.database.max_open_conns | int | `90` | Default database maximum open connections |
| global.database.password | string | `""` | Default database password | | global.database.password | string | `""` | Default database password |
| global.database.user | string | `""` | Default database user | | global.database.user | string | `""` | Default database user |

45
helm/dendrite/templates/deployment.yaml
View file

@ -6,7 +6,7 @@ metadata:
namespace: {{ $.Release.Namespace }} namespace: {{ $.Release.Namespace }}
name: {{ include "dendrite.fullname" . }} name: {{ include "dendrite.fullname" . }}
labels: labels:
app: {{ $.Chart.Name }} {{- include "dendrite.labels" . | nindent 4 }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -16,28 +16,34 @@ spec:
metadata: metadata:
labels: labels:
{{- include "dendrite.selectorLabels" . | nindent 8 }} {{- include "dendrite.selectorLabels" . | nindent 8 }}
annotations:
confighash-global: secret-{{ .Values.global | toYaml | sha256sum | trunc 32 }}
confighash-clientapi: clientapi-{{ .Values.clientapi | toYaml | sha256sum | trunc 32 }}
confighash-federationapi: federationapi-{{ .Values.federationapi | toYaml | sha256sum | trunc 32 }}
confighash-mediaapi: mediaapi-{{ .Values.mediaapi | toYaml | sha256sum | trunc 32 }}
confighash-syncapi: syncapi-{{ .Values.syncapi | toYaml | sha256sum | trunc 32 }}
spec: spec:
volumes: volumes:
- name: {{ .Release.Name }}-conf-vol - name: {{ include "dendrite.fullname" . }}-conf-vol
secret: secret:
secretName: {{ .Release.Name }}-conf secretName: {{ include "dendrite.fullname" . }}-conf
- name: {{ .Release.Name }}-signing-key - name: {{ include "dendrite.fullname" . }}-signing-key
secret: secret:
secretName: {{ default (print .Release.Name "-signing-key") $.Values.signing_key.existingSecret | quote }} secretName: {{ default (print ( include "dendrite.fullname" . ) "-signing-key") $.Values.signing_key.existingSecret | quote }}
{{- if (gt (len ($.Files.Glob "appservices/*")) 0) }} {{- if (gt (len ($.Files.Glob "appservices/*")) 0) }}
- name:{{ .Release.Name }}-appservices - name: {{ include "dendrite.fullname" . }}-appservices
secret: secret:
secretName: {{ .Release.Name }}-appservices-conf secretName: {{ include "dendrite.fullname" . }}-appservices-conf
{{- end }} {{- end }}
- name: {{ .Release.Name }}-jetstream - name: {{ include "dendrite.fullname" . }}-jetstream
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ default (print .Release.Name "-jetstream-pvc") $.Values.persistence.jetstream.existingClaim | quote }} claimName: {{ default (print ( include "dendrite.fullname" . ) "-jetstream-pvc") $.Values.persistence.jetstream.existingClaim | quote }}
- name: {{ .Release.Name }}-media - name: {{ include "dendrite.fullname" . }}-media
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ default (print .Release.Name "-media-pvc") $.Values.persistence.media.existingClaim | quote }} claimName: {{ default (print ( include "dendrite.fullname" . ) "-media-pvc") $.Values.persistence.media.existingClaim | quote }}
- name: {{ .Release.Name }}-search - name: {{ include "dendrite.fullname" . }}-search
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ default (print .Release.Name "-search-pvc") $.Values.persistence.search.existingClaim | quote }} claimName: {{ default (print ( include "dendrite.fullname" . ) "-search-pvc") $.Values.persistence.search.existingClaim | quote }}
containers: containers:
- name: {{ $.Chart.Name }} - name: {{ $.Chart.Name }}
{{- include "image.name" $.Values.image | nindent 8 }} {{- include "image.name" $.Values.image | nindent 8 }}
@ -52,25 +58,26 @@ spec:
env: env:
- name: PPROFLISTEN - name: PPROFLISTEN
value: "localhost:{{- $.Values.global.profiling.port -}}" value: "localhost:{{- $.Values.global.profiling.port -}}"
# TODO: Document this
{{- end }} {{- end }}
resources: resources:
{{- toYaml $.Values.resources | nindent 10 }} {{- toYaml $.Values.resources | nindent 10 }}
volumeMounts: volumeMounts:
- mountPath: /etc/dendrite/ - mountPath: /etc/dendrite/
name: {{ .Release.Name }}-conf-vol name: {{ include "dendrite.fullname" . }}-conf-vol
- mountPath: /etc/dendrite/secrets/ - mountPath: /etc/dendrite/secrets/
name: {{ .Release.Name }}-signing-key name: {{ include "dendrite.fullname" . }}-signing-key
{{- if (gt (len ($.Files.Glob "appservices/*")) 0) }} {{- if (gt (len ($.Files.Glob "appservices/*")) 0) }}
- mountPath: /etc/dendrite/appservices - mountPath: /etc/dendrite/appservices
name: {{ .Release.Name }}-appservices name: {{ include "dendrite.fullname" . }}-appservices
readOnly: true readOnly: true
{{ end }} {{ end }}
- mountPath: /data/media_store - mountPath: /data/media_store
name: {{ .Release.Name }}-media name: {{ include "dendrite.fullname" . }}-media
- mountPath: /data/jetstream - mountPath: /data/jetstream
name: {{ .Release.Name }}-jetstream name: {{ include "dendrite.fullname" . }}-jetstream
- mountPath: /data/search - mountPath: /data/search
name: {{ .Release.Name }}-search name: {{ include "dendrite.fullname" . }}-search
livenessProbe: livenessProbe:
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 10 periodSeconds: 10

8
helm/dendrite/templates/jobs.yaml
View file

@ -1,6 +1,6 @@
{{ if and .Values.signing_key.create (not .Values.signing_key.existingSecret ) }} {{ if and .Values.signing_key.create (not .Values.signing_key.existingSecret ) }}
{{ $name := (print .Release.Name "-signing-key") }} {{ $name := (print ( include "dendrite.fullname" . ) "-signing-key") }}
{{ $secretName := (print .Release.Name "-signing-key") }} {{ $secretName := (print ( include "dendrite.fullname" . ) "-signing-key") }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@ -15,6 +15,7 @@ metadata:
name: {{ $name }} name: {{ $name }}
labels: labels:
app.kubernetes.io/component: signingkey-job app.kubernetes.io/component: signingkey-job
{{- include "dendrite.labels" . | nindent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
@ -33,6 +34,7 @@ metadata:
name: {{ $name }} name: {{ $name }}
labels: labels:
app.kubernetes.io/component: signingkey-job app.kubernetes.io/component: signingkey-job
{{- include "dendrite.labels" . | nindent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@ -46,6 +48,8 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: generate-signing-key name: generate-signing-key
labels:
{{- include "dendrite.labels" . | nindent 4 }}
spec: spec:
template: template:
spec: spec:

6
helm/dendrite/templates/pvc.yaml
View file

@ -5,7 +5,7 @@ kind: PersistentVolumeClaim
metadata: metadata:
annotations: annotations:
helm.sh/resource-policy: keep helm.sh/resource-policy: keep
name: {{ .Release.Name }}-media-pvc name: {{ include "dendrite.fullname" . }}-media-pvc
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
@ -21,7 +21,7 @@ kind: PersistentVolumeClaim
metadata: metadata:
annotations: annotations:
helm.sh/resource-policy: keep helm.sh/resource-policy: keep
name: {{ .Release.Name }}-jetstream-pvc name: {{ include "dendrite.fullname" . }}-jetstream-pvc
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
@ -37,7 +37,7 @@ kind: PersistentVolumeClaim
metadata: metadata:
annotations: annotations:
helm.sh/resource-policy: keep helm.sh/resource-policy: keep
name: {{ .Release.Name }}-search-pvc name: {{ include "dendrite.fullname" . }}-search-pvc
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce

30
helm/dendrite/templates/secrets.yaml
View file

@ -3,7 +3,7 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ .Release.Name }}-appservices-conf name: {{ include "dendrite.fullname" . }}-appservices-conf
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
type: Opaque type: Opaque
data: data:
@ -16,7 +16,7 @@ kind: Secret
metadata: metadata:
annotations: annotations:
helm.sh/resource-policy: keep helm.sh/resource-policy: keep
name: {{ .Release.Name }}-signing-key name: {{ include "dendrite.fullname" . }}-signing-key
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
type: Opaque type: Opaque
{{ end }} {{ end }}
@ -30,7 +30,7 @@ apiVersion: v1
kind: Secret kind: Secret
type: Opaque type: Opaque
metadata: metadata:
name: {{ .Release.Name }}-conf name: {{ include "dendrite.fullname" . }}-conf
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
stringData: stringData:
dendrite.yaml: | dendrite.yaml: |
@ -42,14 +42,14 @@ stringData:
key_validity_period: {{ .Values.global.key_validity_period | quote }} key_validity_period: {{ .Values.global.key_validity_period | quote }}
database: database:
connection_string: {{ $connectionString }}?sslmode=disable connection_string: {{ $connectionString }}?sslmode=disable
max_open_conns: {{ default 90 .Values.global.database.max_open_conns }} max_open_conns: {{ .Values.global.database.max_open_conns }}
max_idle_conns: {{ default 5 .Values.global.database.max_idle_conns }} max_idle_conns: {{ .Values.global.database.max_idle_conns }}
conn_max_lifetime: {{ default -1 .Values.global.database.conn_max_lifetime }} conn_max_lifetime: {{ .Values.global.database.conn_max_lifetime }}
cache: cache:
max_size_estimated: {{ default "1gb" .Values.global.cache.max_size_estimated | quote }} max_size_estimated: {{ .Values.global.cache.max_size_estimated | quote }}
max_age: {{ default "1h" .Values.global.cache.max_age }} max_age: {{ .Values.global.cache.max_age }}
well_known_server_name: {{ default "" .Values.global.well_known_server_name | quote }} well_known_server_name: {{ .Values.global.well_known_server_name | quote }}
well_known_client_name: {{ default "" .Values.global.well_known_client_name | quote }} well_known_client_name: {{ .Values.global.well_known_client_name | quote }}
trusted_third_party_id_servers: trusted_third_party_id_servers:
{{- toYaml .Values.global.trusted_third_party_id_servers | nindent 8 }} {{- toYaml .Values.global.trusted_third_party_id_servers | nindent 8 }}
disable_federation: {{ .Values.global.disable_federation }} disable_federation: {{ .Values.global.disable_federation }}
@ -91,8 +91,8 @@ stringData:
{{ end }} {{ end }}
federation_api: federation_api:
#federation_certificates: [] #federation_certificates: []
send_max_retries: {{ default 16 .Values.federationapi.send_max_retries }} send_max_retries: {{ .Values.federationapi.send_max_retries }}
disable_tls_validation: {{ default false .Values.federationapi.disable_tls_validation }} disable_tls_validation: {{ .Values.federationapi.disable_tls_validation }}
key_perspectives: key_perspectives:
- server_name: matrix.org - server_name: matrix.org
keys: keys:
@ -103,7 +103,7 @@ stringData:
prefer_direct_fetch: {{ .Values.federationapi.prefer_direct_fetch }} prefer_direct_fetch: {{ .Values.federationapi.prefer_direct_fetch }}
media_api: media_api:
base_path: /data/media_store base_path: /data/media_store
max_file_size_bytes: {{ int (default "10485760" .Values.mediaapi.max_file_size_bytes) }} max_file_size_bytes: {{ int .Values.mediaapi.max_file_size_bytes }}
dynamic_thumbnails: {{ .Values.mediaapi.dynamic_thumbnails }} dynamic_thumbnails: {{ .Values.mediaapi.dynamic_thumbnails }}
max_thumbnail_generators: {{ .Values.mediaapi.max_thumbnail_generators }} max_thumbnail_generators: {{ .Values.mediaapi.max_thumbnail_generators }}
thumbnail_sizes: thumbnail_sizes:
@ -112,9 +112,9 @@ stringData:
sync_api: sync_api:
real_ip_header: {{ .Values.syncapi.real_ip_header }} real_ip_header: {{ .Values.syncapi.real_ip_header }}
search: search:
enabled: {{ default false .Values.syncapi.search.enabled }} enabled: {{ .Values.syncapi.search.enabled }}
index_path: /data/search index_path: /data/search
language: {{ default "en" .Values.syncapi.search.language }} language: {{ .Values.syncapi.search.language }}
tracing: tracing:
{{- toYaml .Values.global.tracing | nindent 6 }} {{- toYaml .Values.global.tracing | nindent 6 }}
logging: logging:

1
helm/dendrite/templates/service.yaml
View file

@ -1,5 +1,4 @@
{{ template "validate.config" . }} {{ template "validate.config" . }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

2
helm/dendrite/values.yaml
View file

@ -72,7 +72,7 @@ global:
# -- Default database maximum open connections # -- Default database maximum open connections
max_open_conns: 90 max_open_conns: 90
# -- Default database maximum idle connections # -- Default database maximum idle connections
max_idle_conns: 2 max_idle_conns: 5
# -- Default database maximum lifetime # -- Default database maximum lifetime
conn_max_lifetime: -1 conn_max_lifetime: -1