-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
removing service prefix from
mail.secretKeys and `postgres.secretKe…
…ys`; updating docs; update ci to run install on kind (#3) * removing service prefix from mail.secretKeys/postgres.secretKeys, updating docs * update _helpers.tpl to use new postgres default secret name * add testing on kind in ci * fixing the trailing space helm lint issue * clean up readme of old maintainer gpg notes, and clean up github maintainers to use github usernames, to please helm chart tester
- Loading branch information
Showing
9 changed files
with
117 additions
and
100 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,9 +2,10 @@ name: Lint | |
|
|
||
| on: | ||
| pull_request: | ||
| paths: | ||
| - '/**' | ||
| - '.github/workflows/ci-helm-workflow.yml' | ||
| paths-ignore: | ||
| - 'README.md' | ||
| - '**/README.md' | ||
| - '.github/**' | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
@@ -15,16 +16,38 @@ jobs: | |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: "0" | ||
|
|
||
| - name: Validate schema | ||
| id: kubeval | ||
| - name: Install Helm | ||
| uses: azure/[email protected] | ||
|
|
||
| - name: Add dependency chart repos | ||
| run: | | ||
| curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | ||
| helm repo add bitnami https://charts.bitnami.com/bitnami | ||
| helm plugin install https://github.com/instrumenta/helm-kubeval | ||
| helm dependency build | ||
| helm lint | ||
| helm kubeval .`` | ||
| - name: Set up chart-testing | ||
| uses: helm/[email protected] | ||
|
|
||
| - name: Run chart-testing (list-changed) | ||
| id: list-changed | ||
| run: | | ||
| changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | ||
| if [[ -n "$changed" ]]; then | ||
| echo "changed=true" >> "$GITHUB_OUTPUT" | ||
| fi | ||
| - name: Run chart-testing (lint) | ||
| id: lint | ||
| if: steps.list-changed.outputs.changed == 'true' | ||
| run: ct lint --target-branch ${{ github.event.repository.default_branch }} | ||
|
|
||
| - name: Create kind cluster | ||
| uses: helm/[email protected] | ||
| if: steps.list-changed.outputs.changed == 'true' | ||
|
|
||
| - name: Run chart-testing (install) | ||
| id: install | ||
| if: steps.list-changed.outputs.changed == 'true' | ||
| run: ct install --target-branch ${{ github.event.repository.default_branch }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,22 +5,22 @@ A Helm chart for deploying a Matrix homeserver stack in Kubernetes. This is a fo | |
| ## Features | ||
|
|
||
| - Latest version of [Synapse](https://github.com/matrix-org/synapse) | ||
| - (Optional) Latest version of [Element](https://element.io/) | ||
| - (Optional) Choice of lightweight Exim relay or external mail server for email notifications | ||
| - (Optional) [Coturn TURN server](https://hub.docker.com/r/coturn/coturn) for VoIP calls | ||
| - (Optional) PostgreSQL cluster via [Bitnami](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) | ||
| - (Optional) [matrix-org/matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) IRC bridge | ||
| - (Optional) [tulir/mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) WhatsApp bridge | ||
| - (Optional) [Half-Shot/matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) Discord bridge | ||
| - Ingress definition for federated Synapse and Element | ||
|
|
||
| ## Installation | ||
| ### Opptional Features | ||
| - Latest version of [Element](https://element.io/) | ||
| - Choice of lightweight Exim relay or external mail server for email notifications | ||
| - [Coturn TURN server](https://hub.docker.com/r/coturn/coturn) for VoIP calls | ||
| - [Bitnami PostgreSQL sub-chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) to deploy a cluster - needs some work to standardize though, so we also support external postgresql servers | ||
| - [matrix-org/matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) IRC bridge | ||
| - [tulir/mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) WhatsApp bridge | ||
| - [Half-Shot/matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) Discord bridge | ||
|
|
||
| Some documentation is available in [values.yaml](./charts/matrix/values.yaml) (see [README](./charts/matrix/README.md) for more docs. | ||
| ## Installation | ||
|
|
||
| Choose one of the two options below to install the chart. | ||
| Some documentation is available in [`values.yaml`](./charts/matrix/values.yaml). See [charts/matrix/README.md](./charts/matrix/README.md) for docs auto-generated from the `values.yaml`. | ||
|
|
||
| ### Standard helm | ||
| ### | ||
|
|
||
| This is released normally, so you should be able to do: | ||
|
|
||
|
|
@@ -29,23 +29,3 @@ helm repo add matrix https://jessebot.github.io/matrix-chart | |
| helm repo update | ||
| helm install my-release-name matrix | ||
| ``` | ||
|
|
||
| ### Git | ||
|
|
||
| You can also clone this repo directly and override the values.yaml provided. To do so, run the following commands: | ||
|
|
||
| ```bash | ||
| git clone https://github.com/dacruz21/matrix-chart.git | ||
| cd matrix-chart/charts/matrix | ||
| helm dependency update | ||
| helm install matrix . | ||
| ``` | ||
|
|
||
| ## Security | ||
| Helm currently [does not officially support chart signatures created by GPG keys stored on smartcards](https://github.com/helm/helm/issues/2843#issuecomment-379532906). This may change in the future, in which case I will start packaging this chart with the standard `.prov` signatures, but until then signatures must be verified manually. | ||
|
|
||
| GPG signatures are available within the chart repo and can be found by appending `.gpg` to the end of the package URL. For example, the signature for v2.8.0 is available at https://dacruz21.github.io/helm-charts/matrix-2.8.0.tgz.gpg. | ||
|
|
||
| These GPG signatures are signed with the same PGP key that is used to sign commits in this Git repository. The key is available by searching for [email protected] on a public keyserver, or by downloading it from my website at https://typokign.com/key.gpg. | ||
|
|
||
| If you find any security vulnerabilities in this Helm chart, please contact me by sending a PGP-encrypted email (encrypted to `F13C346C0DE56944`) to [email protected]. Vulnerabilities in upstream services should be reported to that service's developers. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,17 +8,18 @@ sources: | |
|
|
||
| type: application | ||
|
|
||
| version: 3.0.1 | ||
| version: 3.1.0 | ||
| appVersion: 1.88.0 | ||
|
|
||
| maintainers: | ||
| - name: "David Cruz" | ||
| # this person hasn't updated their upstream repo in years | ||
| - name: "dacruz21" | ||
| email: "[email protected]" | ||
| url: "https://github.com/dacruz21/" | ||
| - name: "Rhea Danzey" | ||
| - name: "Arkaniad" | ||
| email: "[email protected]" | ||
| url: "https://github.com/Arkaniad/" | ||
| - name: "Jesse Hitch" | ||
| - name: "jessebot" | ||
| email: "[email protected]" | ||
| url: "https://github.com/jessebot/" | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| # matrix | ||
|
|
||
|    | ||
|    | ||
|
|
||
| A Helm chart to deploy a Matrix homeserver stack into Kubernetes | ||
|
|
||
|
|
@@ -10,9 +10,9 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes | |
|
|
||
| | Name | Email | Url | | ||
| | ---- | ------ | --- | | ||
| | David Cruz | <[email protected]> | <https://github.com/dacruz21/> | | ||
| | Rhea Danzey | <[email protected]> | <https://github.com/Arkaniad/> | | ||
| | Jesse Hitch | <[email protected]> | <https://github.com/jessebot/> | | ||
| | dacruz21 | <[email protected]> | <https://github.com/dacruz21/> | | ||
| | Arkaniad | <[email protected]> | <https://github.com/Arkaniad/> | | ||
| | jessebot | <[email protected]> | <https://github.com/jessebot/> | | ||
|
|
||
| ## Source Code | ||
|
|
||
|
|
@@ -28,7 +28,7 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes | |
|
|
||
| | Key | Type | Default | Description | | ||
| |-----|------|---------|-------------| | ||
| | bridges.affinity | bool | `false` | | | ||
| | bridges.affinity | bool | `false` | Recommended to leave this disabled to allow bridges to be scheduled on separate nodes. Set this to true to reduce latency between the homeserver and bridges, or if your cloud provider does not allow the ReadWriteMany access mode (see below) | | ||
| | bridges.discord.auth.botToken | string | `""` | Discord bot token for authentication | | ||
| | bridges.discord.auth.clientId | string | `""` | Discord bot clientID for authentication | | ||
| | bridges.discord.channelName | string | `"[Discord] :guild :name"` | | | ||
|
|
@@ -212,7 +212,7 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes | |
| | matrix.urlPreviews.rules.maxSize | string | `"10M"` | Maximum size of a crawlable page. Keep this low to prevent a DOS vector | | ||
| | matrix.urlPreviews.rules.url | object | `{}` | Whitelist and blacklist based on URL pattern matching | | ||
| | nameOverride | string | `""` | | | ||
| | networkPolicies.enabled | bool | `true` | | | ||
| | networkPolicies.enabled | bool | `true` | whether to enable kubernetes network policies or not | | ||
| | postgresql.database | string | `"matrix"` | name of database to use for matrix | | ||
| | postgresql.enabled | bool | `true` | Whether to deploy the stable/postgresql chart with this chart. If disabled, make sure PostgreSQL is available at the hostname below and credentials are configured below | | ||
| | postgresql.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials | | ||
|
|
@@ -223,10 +223,10 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes | |
| | postgresql.persistence.size | string | `"8Gi"` | size of postgresql volume claim | | ||
| | postgresql.port | int | `5432` | which port to use to connect to your database server | | ||
| | postgresql.secretKeys.database | string | `"database"` | key in existingSecret with name of the database | | ||
| | postgresql.secretKeys.databaseHostname | string | `"databaseHostname"` | key in existingSecret with hostname of the database | | ||
| | postgresql.secretKeys.databasePassword | string | `"databasePassword"` | key in existingSecret with password for matrix to connect to database | | ||
| | postgresql.secretKeys.databasePort | string | `"databasePort"` | key in existingSecret with port of the database | | ||
| | postgresql.secretKeys.databaseUsername | string | `"databaseUsername"` | key in existingSecret with username for matrix to connect to database | | ||
| | postgresql.secretKeys.databaseHostname | string | `"hostname"` | key in existingSecret with hostname of the database | | ||
| | postgresql.secretKeys.databasePassword | string | `"password"` | key in existingSecret with password for matrix to connect to database | | ||
| | postgresql.secretKeys.databasePort | string | `"port"` | key in existingSecret with port of the database | | ||
| | postgresql.secretKeys.databaseUsername | string | `"username"` | key in existingSecret with username for matrix to connect to database | | ||
| | postgresql.securityContext.enabled | bool | `true` | | | ||
| | postgresql.securityContext.fsGroup | int | `1000` | | | ||
| | postgresql.securityContext.runAsUser | int | `1000` | | | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| {{/* | ||
| if postgresql.existingSecret is not passed in, then we create this secret to | ||
| store the credentials without it being in a configmap in plaintext. | ||
| */}} | ||
| {{- if not .Values.postgresql.existingSecret }} | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: {{ template "matrix.fullname" . }}-db-secret | ||
| labels: | ||
| app.kubernetes.io/name: {{ include "matrix.name" . }} | ||
| helm.sh/chart: {{ include "matrix.chart" . }} | ||
| app.kubernetes.io/instance: {{ .Release.Name }} | ||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
| type: Opaque | ||
| data: | ||
| {{- if .Values.matrix.adminEmail }} | ||
| adminEmail: {{ .Values.matrix.adminEmail | b64enc | quote }} | ||
| {{- end }} | ||
| {{- if not .Values.postgresql.existingSecret }} | ||
| hostname: {{ (include "postgresql.name" .) | b64enc | quote }} | ||
| database: {{ .Values.postgresql.database | b64enc | quote }} | ||
| username: {{ .Values.postgresql.username | b64enc | quote }} | ||
| password: {{ .Values.postgresql.password | b64enc | quote }} | ||
| port: {{ .Values.postgresql.password | b64enc | quote }} | ||
| {{- end }} | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| {{/* | ||
| if mail.external.existingSecret is not passed in, then we create this secret to | ||
| store the credentials without it being in a configmap in plaintext. | ||
| */}} | ||
| {{- if and .Values.mail.enabled (not .Values.mail.external.existingSecret) }} | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: {{ template "matrix.fullname" . }}-mail-secret | ||
| labels: | ||
| app.kubernetes.io/name: {{ include "matrix.name" . }} | ||
| helm.sh/chart: {{ include "matrix.chart" . }} | ||
| app.kubernetes.io/instance: {{ .Release.Name }} | ||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
| type: Opaque | ||
| data: | ||
| hostname: {{ .Values.mail.external.hostname | b64enc | quote }} | ||
| username: {{ .Values.mail.external.username | b64enc | quote }} | ||
| password: {{ .Values.mail.external.password | b64enc | quote }} | ||
| port: {{ .Values.mail.external.port | b64enc | quote }} | ||
| {{- end }} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters