matrix: use resource renderer
diff --git a/charts/matrix/templates/_helpers.tpl b/charts/matrix/templates/_helpers.tpl
deleted file mode 100644
index 063b2b4..0000000
--- a/charts/matrix/templates/_helpers.tpl
+++ /dev/null
@@ -1,7 +0,0 @@
-{{- define "clientSecret" -}}
-{{- if .Values.oauth2.clientSecret -}}
-{{- .Values.oauth2.clientSecret -}}
-{{- else -}}
-{{- randAlphaNum 32 -}}
-{{- end -}}
-{{- end -}}
diff --git a/charts/matrix/templates/config-to-merge.yaml b/charts/matrix/templates/config-to-merge.yaml
index f74f0c0..72f9af2 100644
--- a/charts/matrix/templates/config-to-merge.yaml
+++ b/charts/matrix/templates/config-to-merge.yaml
@@ -1,51 +1,44 @@
-{{- $secret := include "clientSecret" . -}}
----
-apiVersion: v1
-kind: Secret
-type: Opaque
+apiVersion: dodo.cloud.dodo.cloud/v1
+kind: ResourceRenderer
metadata:
- name: {{ .Values.oauth2.secretName }}
+ name: config-renderer
namespace: {{ .Release.Namespace }}
annotations:
helm.sh/hook: pre-install
helm.sh/hook-weight: "-10"
-data:
- client_id: {{ .Values.oauth2.clientId | b64enc }}
- client_secret: {{ $secret | b64enc }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ .Values.configMerge.configName }}
- namespace: {{ .Release.Namespace }}
- annotations:
- helm.sh/hook: pre-install
- helm.sh/hook-weight: "-10"
-data:
- {{ .Values.configMerge.fileName }}: |
- public_baseurl: https://matrix.{{ .Values.domain }}/
- enable_registration: false
- database:
- name: psycopg2
- txn_limit: 10000
- args:
- host: {{ .Values.postgresql.host }}
- port: {{ .Values.postgresql.port }}
- database: {{ .Values.postgresql.database }}
- user: {{ .Values.postgresql.user }}
- password: {{ .Values.postgresql.password }}
- cp_min: 5
- cp_max: 10
- oidc_providers:
- - idp_id: pcloud
- idp_name: "PCloud"
- skip_verification: true
- issuer: {{ .Values.oauth2.hydraPublic }}
- client_id: {{ .Values.oauth2.clientId }}
- client_secret: {{ $secret }}
- scopes: ["openid", "profile"]
- allow_existing_users: true
- user_mapping_provider:
- config:
- localpart_template: {{`"{{ user.username }}"`}}
- display_name_template: "{{`{{ user.username }}"`}}
+spec:
+ secretName: {{ .Values.oauth2.secretName }}
+ resourceTemplate: |
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: {{ .Values.configMerge.configName }}
+ namespace: {{ .Release.Namespace }}
+ data:
+ {{ .Values.configMerge.fileName }}: |
+ public_baseurl: https://{{ .Values.subdomain }}.{{ .Values.domain }}/
+ enable_registration: false
+ database:
+ name: psycopg2
+ txn_limit: 10000
+ args:
+ host: {{ .Values.postgresql.host }}
+ port: {{ .Values.postgresql.port }}
+ database: {{ .Values.postgresql.database }}
+ user: {{ .Values.postgresql.user }}
+ password: {{ .Values.postgresql.password }}
+ cp_min: 5
+ cp_max: 10
+ oidc_providers:
+ - idp_id: pcloud
+ idp_name: "PCloud"
+ skip_verification: true
+ issuer: {{ .Values.oauth2.hydraPublic }}
+ client_id: "{{`{{ .client_id }}`}}"
+ client_secret: "{{`{{ .client_secret }}`}}"
+ scopes: ["openid", "profile"]
+ allow_existing_users: true
+ user_mapping_provider:
+ config:
+ localpart_template: {{ cat "{{`" `{{ "{{" }} user.username {{ "}}" }}` "`}}" | squote }}
+ display_name_template: {{ cat "{{`" `{{ "{{" }} user.username {{ "}}" }}` "`}}" | squote }}
diff --git a/charts/matrix/templates/matrix.yaml b/charts/matrix/templates/matrix.yaml
index e400d33..e46667e 100644
--- a/charts/matrix/templates/matrix.yaml
+++ b/charts/matrix/templates/matrix.yaml
@@ -12,7 +12,6 @@
resources:
- configmaps
verbs:
- - get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -47,34 +46,24 @@
targetPort: http
protocol: TCP
---
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: matrix.{{ .Values.domain }}
- namespace: {{ .Release.Namespace }}
- annotations:
- helm.sh/resource-policy: keep
-spec:
- dnsNames:
- - 'matrix.{{ .Values.domain }}'
- issuerRef:
- name: {{ .Values.certificateIssuer }}
- kind: ClusterIssuer
- secretName: cert-matrix.{{ .Values.domain }}
----
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
namespace: {{ .Release.Namespace }}
+ {{- if .Values.certificateIssuer }}
+ annotations:
+ acme.cert-manager.io/http01-edit-in-place: "true"
+ cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }}
+ {{- end }}
spec:
ingressClassName: {{ .Values.ingressClassName }}
tls:
- hosts:
- - matrix.{{ .Values.domain }}
- secretName: cert-matrix.{{ .Values.domain }}
+ - {{ .Values.subdomain }}.{{ .Values.domain }}
+ secretName: cert-{{ .Values.subdomain }}.{{ .Values.domain }}
rules:
- - host: matrix.{{ .Values.domain }}
+ - host: {{ .Values.subdomain }}.{{ .Values.domain }}
http:
paths:
- path: /
@@ -104,6 +93,9 @@
- name: data
persistentVolumeClaim:
claimName: data
+ - name: config
+ configMap:
+ name: {{ .Values.configMerge.configName }}
initContainers:
- name: matrix
image: matrixdotorg/synapse:v1.43.0
@@ -134,15 +126,16 @@
image: giolekva/capture-config:latest
imagePullPolicy: Always
command:
- - capture-config
- - --config=/data/homeserver.yaml
+ - /capture-config
+ - --base=/data/homeserver.yaml
+ - --merge-with=/config-to-merge/{{ .Values.configMerge.fileName }}
- --namespace={{ .Release.Namespace }}
- --config-map-name=config
- - --config-to-merge={{ .Values.configMerge.configName }}
- - --to-merge-filename={{ .Values.configMerge.fileName }}
volumeMounts:
- name: data
mountPath: /data
+ - name: config
+ mountPath: /config-to-merge
---
apiVersion: apps/v1
kind: Deployment
diff --git a/charts/matrix/templates/oauth2-client.yaml b/charts/matrix/templates/oauth2-client.yaml
index 2a23c4f..ffe6936 100644
--- a/charts/matrix/templates/oauth2-client.yaml
+++ b/charts/matrix/templates/oauth2-client.yaml
@@ -3,6 +3,9 @@
metadata:
name: matrix
namespace: {{ .Release.Namespace }}
+ annotations:
+ helm.sh/hook: pre-install
+ helm.sh/hook-weight: "-10"
spec:
grantTypes:
- authorization_code
@@ -11,9 +14,9 @@
scope: "openid profile"
secretName: {{ .Values.oauth2.secretName }}
redirectUris:
- - https://matrix.{{ .Values.domain }}/_synapse/client/oidc/callback
+ - https://{{ .Values.subdomain }}.{{ .Values.domain }}/_synapse/client/oidc/callback
hydraAdmin:
url: {{ .Values.oauth2.hydraAdmin }}
port: 80
- endpoint: /clients
+ endpoint: /admin/clients
forwardedProto: https
diff --git a/charts/matrix/templates/well-known.yaml b/charts/matrix/templates/well-known.yaml
index cd235cd..ee2d41b 100644
--- a/charts/matrix/templates/well-known.yaml
+++ b/charts/matrix/templates/well-known.yaml
@@ -19,6 +19,11 @@
metadata:
name: well-known
namespace: {{ .Release.Namespace }}
+ {{- if .Values.certificateIssuer }}
+ annotations:
+ acme.cert-manager.io/http01-edit-in-place: "true"
+ cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }}
+ {{- end }}
spec:
ingressClassName: {{ .Values.ingressClassName }}
tls:
@@ -69,12 +74,12 @@
server {
listen 8080;
location /.well-known/matrix/client {
- return 200 '{"m.homeserver": {"base_url": "https://matrix.{{ .Values.domain }}:443"}}';
+ return 200 '{"m.homeserver": {"base_url": "https://{{ .Values.subdomain }}.{{ .Values.domain }}:443"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
location /.well-known/matrix/server {
- return 200 '{"m.server": "matrix.{{ .Values.domain }}:443"}';
+ return 200 '{"m.server": {{ .Values.subdomain }}.{{ .Values.domain }}:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
diff --git a/charts/matrix/values.yaml b/charts/matrix/values.yaml
index 7add503..ba7bd9e 100644
--- a/charts/matrix/values.yaml
+++ b/charts/matrix/values.yaml
@@ -1,9 +1,8 @@
domain: example.com
+subdomain: matrix
oauth2:
hydraAdmin: http://hydra-admin
hydraPublic: https://hydra.example.com
- clientId: matrix
- clientSecret: ""
secretName: oauth2-client
postgresql:
host: postgresql