app/matrix: update software components, refactor config handling
Dynamic config generation based on environment variables in Synapse is
no longer supported. To pass secrets to container we use a patch that
implements configuration overrides via environment variables directly.
(to be upstreamed...)
Due to Synapse update, appservice configuration ConfigMaps don't need to
be copied into Synapse /data volume anymore.
Change-Id: I70e6480983bfb997362739c6ce0ec3c313320836
diff --git a/app/matrix/prod.jsonnet b/app/matrix/prod.jsonnet
index ac3e71f..447fb99 100644
--- a/app/matrix/prod.jsonnet
+++ b/app/matrix/prod.jsonnet
@@ -1,11 +1,8 @@
# matrix.hackerspace.pl, a matrix/synapse instance
# This needs a secret provisioned, create with:
-# kubectl -n matrix create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1)
+# kubectl -n matrix create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1) --from-literal=macaroon_secret_key=$(pwgen 32 1) --from-literal=registration_shared_secret=$(pwgen 32 1)
# kubectl -n matrix create secret generic oauth2-cas-proxy --from-literal=oauth2_secret=...
# kubectl -n matrix create secret generic appservice-irc-freenode-registration --from-file=registration.yaml=<(kubectl logs -n matrix $(kubectl get pods -n matrix --selector=job-name=appservice-irc-freenode-bootstrap --output=jsonpath='{.items[*].metadata.name}') | tail -n +4 | sed -r 's/(.*aliases:.*)/ group_id: "+freenode:hackerspace.pl"\n\1/')
-#
-# TODO: /appservices/*/registration.yaml needs to be copied into /data/appservices/*.yaml manually
-# kubectl exec -n matrix synapse-7b69cd5b6c-6686j -- sh -c 'mkdir /data/appservices ; cp /appservices/irc-freenode/registration.yaml /data/appservices/freenode-irc.yaml'
local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
@@ -19,8 +16,8 @@
serverName: "hackerspace.pl",
storageClassName: "waw-hdd-paranoid-2",
- synapseImage: "matrixdotorg/synapse:v0.99.4",
- riotImage: "bubuntux/riot-web:v1.1.2",
+ synapseImage: "informatic/synapse:v1.2.1-env-conf-rev2", // https://github.com/Informatic/synapse/tree/env_config (to be upstreamed...)
+ riotImage: "bubuntux/riot-web:v1.3.2",
casProxyImage: "registry.k0.hswaw.net/informatic/oauth2-cas-proxy:0.1.4"
},
@@ -62,7 +59,8 @@
synapseConfig: kube.ConfigMap("synapse") {
metadata+: app.metadata("synapse"),
data: {
- "homeserver.yaml": importstr "homeserver.yaml.j2",
+ "homeserver.yaml": importstr "homeserver.yaml",
+ "log.config": importstr "log.config",
},
},
@@ -116,22 +114,16 @@
http: { containerPort: 8008 },
},
env_: {
- SYNAPSE_SERVER_NAME: cfg.serverName,
- SYNAPSE_REPORT_STATS: "no",
- SYNAPSE_NO_TLS: "1",
- SYNAPSE_ALLOW_GUEST: "yes",
+ SYNAPSE_CONFIG_PATH: "/config/homeserver.yaml",
- POSTGRES_HOST: "postgres",
- POSTGRES_USER: app.postgres.cfg.username,
- POSTGRES_PORT: "5432",
- POSTGRES_DB: app.postgres.cfg.database,
- POSTGRES_PASSWORD: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
+ SYNAPSE_macaroon_secret_key: { secretKeyRef: { name: "synapse", key: "macaroon_secret_key" } },
+ SYNAPSE_registration_shared_secret: { secretKeyRef: { name: "synapse", key: "registration_shared_secret" } },
+ SYNAPSE_database__args__password: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
},
volumeMounts_: {
data: { mountPath: "/data" },
config: {
- mountPath: "/conf/homeserver.yaml",
- subPath: "homeserver.yaml",
+ mountPath: "/config",
},
} + {
[k]: { mountPath: "/appservices/%s" % [k] }
@@ -226,6 +218,15 @@
url: "https://%s" % [cfg.domain],
domain: "%s" % [cfg.serverName],
},
+ ircService+: {
+ servers+: {
+ "irc.freenode.net"+: {
+ ircClients+: {
+ maxClients: 150,
+ },
+ },
+ },
+ },
},
},
},
@@ -265,7 +266,7 @@
local bridge = self,
local cfg = bridge.cfg,
cfg:: {
- image: "registry.k0.hswaw.net/informatic/matrix-appservice-irc:0.11.2",
+ image: "registry.k0.hswaw.net/informatic/matrix-appservice-irc:0.12.0",
metadata: {},
config: std.native("parseYaml")(importstr "appservice-irc.yaml")[0],
storageClassName: app.cfg.storageClassName,