commit 8ebfc1d338604ff44791478231aab568d7d09b6c
author Piotr Dobrowolski <informatic@hackerspace.pl> Tue Mar 03 21:01:18 2020 +0100
committer Piotr Dobrowolski <informatic@hackerspace.pl> Tue Mar 03 21:01:18 2020 +0100
tree 68203397457ca35fc3566f589d6b02a3082369e0
parent 5b1aa134fe40064d9edfed015536cc3f15188d6f

app/matrix: synapse upgrade

Change-Id: Ice5f70be190126da5eecfc1d5ec5c1f746679ec9

app/matrix/prod.jsonnet

diff --git a/app/matrix/prod.jsonnet b/app/matrix/prod.jsonnet
index 736cf87..973148a 100644
--- a/app/matrix/prod.jsonnet
+++ b/app/matrix/prod.jsonnet
@@ -16,7 +16,7 @@
         serverName: "hackerspace.pl",
         storageClassName: "waw-hdd-paranoid-2",
 
-        synapseImage: "informatic/synapse:v1.2.1-env-conf-rev2", // https://github.com/Informatic/synapse/tree/env_config (to be upstreamed...)
+        synapseImage: "matrixdotorg/synapse:v1.11.1",
         riotImage: "bubuntux/riot-web:v1.3.2",
         casProxyImage: "registry.k0.hswaw.net/q3k/oauth2-cas-proxy:0.1.4"
     },
@@ -102,7 +102,7 @@
                 spec+: {
                     volumes_: {
                         data: kube.PersistentVolumeClaimVolume(app.dataVolume),
-                        config: kube.ConfigMapVolume(app.synapseConfig),
+                        config_template: kube.ConfigMapVolume(app.synapseConfig),
                     } + {
                         [k]: { secret: { secretName: "appservice-%s-registration" % [k] } }
                         for k in std.objectFields(app.appservices)
@@ -110,20 +110,28 @@
                     containers_: {
                         web: kube.Container("synapse") {
                             image: cfg.synapseImage,
+                            command: ["/bin/sh", "-c", "/start.py migrate_config && exec /start.py"],
                             ports_: {
                                 http: { containerPort: 8008 },
                             },
                             env_: {
+                                SYNAPSE_CONFIG_DIR: "/config",
                                 SYNAPSE_CONFIG_PATH: "/config/homeserver.yaml",
 
-                                SYNAPSE_macaroon_secret_key: { secretKeyRef: { name: "synapse", key: "macaroon_secret_key" } },
-                                SYNAPSE_registration_shared_secret: { secretKeyRef: { name: "synapse", key: "registration_shared_secret" } },
-                                SYNAPSE_database__args__password: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
+                                # These values are not used in a template, but
+                                # are required by /start.py migrate_config
+                                SYNAPSE_SERVER_NAME: "hackerspace.pl",
+                                SYNAPSE_REPORT_STATS: "no",
+
+                                SYNAPSE_MACAROON_SECRET_KEY: { secretKeyRef: { name: "synapse", key: "macaroon_secret_key" } },
+                                SYNAPSE_REGISTRATION_SHARED_SECRET: { secretKeyRef: { name: "synapse", key: "registration_shared_secret" } },
+                                POSTGRES_PASSWORD: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
                             },
                             volumeMounts_: {
                                 data: { mountPath: "/data" },
-                                config: {
-                                    mountPath: "/config",
+                                config_template: {
+                                    mountPath: "/conf/homeserver.yaml",
+                                    subPath: "homeserver.yaml",
                                 },
                             } + {
                                 [k]: { mountPath: "/appservices/%s" % [k] }