From 95a6930b67d77c6054e9e46f8fbadf33935ef3a4 Mon Sep 17 00:00:00 2001 From: Jonathan Bartlett <34320158+Jonnobrow@users.noreply.github.com> Date: Sun, 3 Jul 2022 13:56:03 +0100 Subject: [PATCH] [Dendrite] Polylith ingress and config fixes (#1679) --- charts/incubator/dendrite/Chart.yaml | 10 ++- .../dendrite/ci/polylith-full-values.yaml | 3 + .../dendrite/templates/dendrite-config.yaml | 73 +++++++++++++++---- .../incubator/dendrite/templates/ingress.yaml | 57 +++++++++++++++ charts/incubator/dendrite/values.yaml | 45 +++++++++++- 5 files changed, 167 insertions(+), 21 deletions(-) create mode 100644 charts/incubator/dendrite/templates/ingress.yaml diff --git a/charts/incubator/dendrite/Chart.yaml b/charts/incubator/dendrite/Chart.yaml index c0fb99a8..3057c715 100644 --- a/charts/incubator/dendrite/Chart.yaml +++ b/charts/incubator/dendrite/Chart.yaml @@ -1,9 +1,9 @@ --- apiVersion: v2 -appVersion: v0.8.7 +appVersion: v0.8.9 description: Dendrite Matrix Homeserver name: dendrite -version: 5.1.0 +version: 6.0.0 kubeVersion: ">=1.16.0-0" keywords: - dendrite @@ -82,6 +82,8 @@ dependencies: annotations: artifacthub.io/changes: |- - kind: changed - description: Upgraded `postgresql` chart dependency to version 11.6.12 + description: Upgraded `dendrite` dependency to version 0.8.9 + - kind: added + description: Added ingress for polylith mode - kind: changed - description: Upgraded `nats` chart dependency to version 0.17.1 + description: "**Breaking**: Updated default config as per separate monolith/polylith samples" diff --git a/charts/incubator/dendrite/ci/polylith-full-values.yaml b/charts/incubator/dendrite/ci/polylith-full-values.yaml index 57952806..19b80ba0 100644 --- a/charts/incubator/dendrite/ci/polylith-full-values.yaml +++ b/charts/incubator/dendrite/ci/polylith-full-values.yaml @@ -9,6 +9,9 @@ dendrite: qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU= -----END MATRIX PRIVATE KEY----- + polylith_ingress: + enabled: true + host: matrix.k8s-at-home.org nats: enabled: true persistence: diff --git a/charts/incubator/dendrite/templates/dendrite-config.yaml b/charts/incubator/dendrite/templates/dendrite-config.yaml index 12eb02bd..aa0650ef 100644 --- a/charts/incubator/dendrite/templates/dendrite-config.yaml +++ b/charts/incubator/dendrite/templates/dendrite-config.yaml @@ -1,7 +1,8 @@ {{- $connectionString := "file:" -}} {{- if .Values.postgresql.enabled}} -{{- $connectionString = print "postgresql://" .Values.postgresql.auth.username ":" .Values.postgresql.auth.password "@" (include "common.names.fullname" .) "-postgresql/" -}} +{{- $connectionString = print "postgresql://" .Values.postgresql.auth.username ":" .Values.postgresql.auth.password "@" (include "common.names.fullname" $.Subcharts.postgresql) "/" -}} {{- end}} +{{- $componentSpecificDatabaseConfig := or .Values.dendrite.polylithEnabled (not .Values.postgresql.enabled) -}} --- apiVersion: v1 kind: Secret @@ -34,7 +35,7 @@ stringData: jetstream: addresses: {{- if .Values.nats.enabled }} - - {{ template "common.names.fullname" . }}-nats:4222 + - {{ template "common.names.fullname" $.Subcharts.nats }}:4222 {{- else }} [] {{- end }} @@ -50,22 +51,35 @@ stringData: enabled: {{ default false .Values.dendrite.global.dns_cache.enabled }} cache_size: {{ default 256 .Values.dendrite.global.dns_cache.cache_size }} cache_lifetime: {{ default "5m" .Values.dendrite.global.dns_cache.cache_lifetime }} + {{- if not $componentSpecificDatabaseConfig }} + database: + connection_string: {{ default (print $connectionString "dendrite?sslmode=disable") .Values.database.connection_string }} + max_open_conns: {{ default 100 .Values.database.max_open_conns }} + max_idle_conns: {{ default 5 .Values.database.max_idle_conns }} + conn_max_lifetime: {{default -1 .Values.database.conn_max_lifetime }} + {{- end }} app_service_api: + {{- if .Values.dendrite.polylithEnabled }} internal_api: listen: http://0.0.0.0:{{ .Values.appserviceapi.service.main.ports.internal.port }} - connect: http://{{ include "common.names.fullname" . }}-appserviceapi:{{ .Values.appserviceapi.service.main.ports.internal.port }} + connect: http://{{ include "common.names.fullname" (index $.Subcharts "appserviceapi") }}:{{ .Values.appserviceapi.service.main.ports.internal.port }} + {{- end }} + {{- if $componentSpecificDatabaseConfig }} database: connection_string: {{ default (print $connectionString "dendrite_appservice?sslmode=disable") .Values.appserviceapi.database.connection_string }} max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.appserviceapi.database.max_open_conns }} max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.appserviceapi.database.max_idle_conns }} conn_max_lifetime: {{ default .Values.dendrite.database.conn_max_lifetime .Values.appserviceapi.database.conn_max_lifetime }} + {{- end }} config_files: {{- toYaml .Values.appserviceapi.config.config_files | nindent 8 }} client_api: + {{- if .Values.dendrite.polylithEnabled }} internal_api: listen: http://0.0.0.0:{{ .Values.clientapi.service.main.ports.internal.port }} - connect: http://{{ include "common.names.fullname" . }}-clientapi:{{ .Values.clientapi.service.main.ports.internal.port }} + connect: http://{{ include "common.names.fullname" (index $.Subcharts "clientapi") }}:{{ .Values.clientapi.service.main.ports.internal.port }} external_api: listen: http://0.0.0.0:{{ .Values.clientapi.service.main.ports.external.port }} + {{- end }} registration_disabled: {{ default true .Values.clientapi.config.registration_disabled }} registration_shared_secret: {{ default "" .Values.clientapi.config.registration_shared_secret | quote }} enable_registration_captcha: {{ default false .Values.clientapi.config.captcha.enabled }} @@ -78,47 +92,60 @@ stringData: enabled: {{ default true .Values.clientapi.config.rate_limiting.enabled }} threshold: {{ default 5 .Values.clientapi.config.rate_limiting.threshold }} cooloff_ms: {{ default 500 .Values.clientapi.config.rate_limiting.cooloff_ms }} + exempt_user_ids: {{ .Values.clientapi.config.exempt_user_ids }} federation_api: + {{- if .Values.dendrite.polylithEnabled }} internal_api: listen: http://0.0.0.0:7772 - connect: http://{{ include "common.names.fullname" . }}-federationapi:7772 + connect: http://{{ include "common.names.fullname" (index $.Subcharts "federationapi") }}:7772 external_api: listen: http://0.0.0.0:8072 - database: - connection_string: {{ default (print $connectionString "dendrite_federationapi?sslmode=disable") .Values.federationapi.database.connection_string }} - max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.federationapi.database.max_open_conns }} - max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.federationapi.database.max_idle_conns }} conn_max_lifetime: {{ default .Values.dendrite.database.conn_max_lifetime .Values.federationapi.database.conn_max_lifetime }} federation_certificates: {{- toYaml .Values.federationapi.config.federation_certificates | nindent 8 }} - send_max_retries: {{ default 16 .Values.federationapi.config.send_max_retries }} - disable_tls_validation: {{ default false .Values.federationapi.config.disable_tls_validation }} proxy_outbound: enabled: {{ default false .Values.federationapi.config.proxy_outbound.enabled }} protocol: {{ default "http" .Values.federationapi.config.proxy_outbound.protocol | quote }} host: {{ default "localhost" .Values.federationapi.config.proxy_outbound.host | quote }} port: {{ default 8080 .Values.federationapi.config.proxy_outbound.port }} + {{- end }} + {{- if $componentSpecificDatabaseConfig }} + database: + connection_string: {{ default (print $connectionString "dendrite_federationapi?sslmode=disable") .Values.federationapi.database.connection_string }} + max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.federationapi.database.max_open_conns }} + max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.federationapi.database.max_idle_conns }} + {{- end }} + send_max_retries: {{ default 16 .Values.federationapi.config.send_max_retries }} + disable_tls_validation: {{ default false .Values.federationapi.config.disable_tls_validation }} key_perspectives: {{- toYaml .Values.federationapi.config.key_perspectives | nindent 8 }} prefer_direct_fetch: {{ default false .Values.federationapi.config.prefer_direct_fetch }} key_server: + {{- if .Values.dendrite.polylithEnabled }} internal_api: listen: http://0.0.0.0:7779 - connect: http://{{ include "common.names.fullname" . }}-keyserver:7779 + connect: http://{{ include "common.names.fullname" (index $.Subcharts "keyserver") }}:7779 + {{- end }} + {{- if $componentSpecificDatabaseConfig }} database: connection_string: {{ default (print $connectionString "dendrite_keyserver?sslmode=disable") .Values.keyserver.database.connection_string }} max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.keyserver.database.max_open_conns }} max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.keyserver.database.max_idle_conns }} conn_max_lifetime: {{ default .Values.dendrite.database.conn_max_lifetime .Values.keyserver.database.conn_max_lifetime }} + {{- end }} media_api: + {{- if .Values.dendrite.polylithEnabled }} internal_api: listen: http://0.0.0.0:7774 - connect: http://{{ include "common.names.fullname" . }}-mediaapi:7774 + connect: http://{{ include "common.names.fullname" (index $.Subcharts "mediaapi") }}:7774 external_api: listen: http://0.0.0.0:8074 + {{- end }} + {{- if $componentSpecificDatabaseConfig }} database: connection_string: {{ default (print $connectionString "dendrite_mediaapi?sslmode=disable") .Values.mediaapi.database.connection_string }} max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.mediaapi.database.max_open_conns }} max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.mediaapi.database.max_idle_conns }} conn_max_lifetime: {{ default .Values.dendrite.database.conn_max_lifetime .Values.mediaapi.database.conn_max_lifetime }} + {{- end }} base_path: {{ default "/var/dendrite/media" .Values.mediaapi.config.base_path | quote }} max_file_size_bytes: {{ int ( default 10485760 .Values.mediaapi.config.max_file_size_bytes ) }} dynamic_thumbnails: {{ default false .Values.mediaapi.config.dynamic_thumbnails }} @@ -126,40 +153,54 @@ stringData: thumbnail_sizes: {{- toYaml .Values.mediaapi.config.thumbnail_sizes | nindent 8 }} mscs: mscs: {{ .Values.dendrite.global.mscs | toYaml | nindent 8 }} + {{- if $componentSpecificDatabaseConfig }} database: connection_string: {{ default (print $connectionString "dendrite_mscs?sslmode=disable") .Values.mscs.database.connection_string }} max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.mscs.database.max_open_conns }} max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.mscs.database.max_idle_conns }} conn_max_lifetime: {{ default .Values.dendrite.database.conn_max_lifetime .Values.mscs.database.conn_max_lifetime }} + {{- end }} room_server: + {{- if .Values.dendrite.polylithEnabled }} internal_api: listen: http://0.0.0.0:7770 - connect: http://{{ include "common.names.fullname" . }}-roomserver:7770 + connect: http://{{ include "common.names.fullname" (index $.Subcharts "roomserver") }}:7770 + {{- end }} + {{- if $componentSpecificDatabaseConfig }} database: connection_string: {{ default (print $connectionString "dendrite_roomserver?sslmode=disable") .Values.roomserver.database.connection_string }} max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.roomserver.database.max_open_conns }} max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.roomserver.database.max_idle_conns }} conn_max_lifetime: {{ default .Values.dendrite.database.conn_max_lifetime .Values.roomserver.database.conn_max_lifetime }} + {{- end }} sync_api: + {{- if .Values.dendrite.polylithEnabled }} internal_api: listen: http://0.0.0.0:7773 - connect: http://{{ include "common.names.fullname" . }}-syncapi:7773 + connect: http://{{ include "common.names.fullname" (index $.Subcharts "syncapi") }}:7773 external_api: listen: http://0.0.0.0:8073 + {{- end }} + {{- if $componentSpecificDatabaseConfig }} database: connection_string: {{ default (print $connectionString "dendrite_syncapi?sslmode=disable") .Values.syncapi.database.connection_string }} max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.syncapi.database.max_open_conns }} max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.syncapi.database.max_idle_conns }} conn_max_lifetime: {{ default .Values.dendrite.database.conn_max_lifetime .Values.syncapi.database.conn_max_lifetime }} + {{- end }} user_api: + {{- if .Values.dendrite.polylithEnabled }} internal_api: listen: http://0.0.0.0:7781 - connect: http://{{ include "common.names.fullname" . }}-userapi:7781 + connect: http://{{ include "common.names.fullname" (index $.Subcharts "userapi") }}:7781 + {{- end }} + {{- if $componentSpecificDatabaseConfig }} account_database: connection_string: {{ default (print $connectionString "dendrite_userapi_accounts?sslmode=disable") .Values.userapi.database.connection_string }} max_open_conns: {{ default .Values.dendrite.database.max_open_conns .Values.userapi.database.max_open_conns }} max_idle_conns: {{ default .Values.dendrite.database.max_idle_conns .Values.userapi.database.max_idle_conns }} conn_max_lifetime: {{ default .Values.dendrite.database.conn_max_lifetime .Values.userapi.database.conn_max_lifetime }} + {{- end }} bcrypt_cost: {{ default 10 .Values.userapi.config.bcrypt_cost }} tracing: enabled: {{ .Values.dendrite.tracing.enabled }} diff --git a/charts/incubator/dendrite/templates/ingress.yaml b/charts/incubator/dendrite/templates/ingress.yaml new file mode 100644 index 00000000..c0930df8 --- /dev/null +++ b/charts/incubator/dendrite/templates/ingress.yaml @@ -0,0 +1,57 @@ +{{- if .Values.dendrite.polylith_ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + {{- if .Values.dendrite.polylith_ingress.annotations }} + annotations: {{ toYaml .Values.dendrite.polylith_ingress.annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.dendrite.tls_secret.enabled }} + tls: + - hosts: + - {{ .Values.dendrite.polylith_ingress.host | quote }} + secretName: {{ .Values.dendrite.tls_secret.existingSecret }} + {{- end }} + rules: + - host: {{ .Values.dendrite.polylith_ingress.host | quote }} + http: + paths: + {{- range .Values.dendrite.polylith_ingress.syncapi_paths }} + - path: {{ . | quote }} + pathType: Exact + backend: + service: + name: {{ include "common.names.fullname" (index $.Subcharts "syncapi") }} + port: + number: {{ $.Values.syncapi.service.main.ports.external.port }} + {{- end }} + - path: /_matrix/client + pathType: Prefix + backend: + service: + name: {{ include "common.names.fullname" (index $.Subcharts "clientapi") }} + port: + number: {{ .Values.clientapi.service.main.ports.external.port }} + - path: /_matrix/federation + pathType: Prefix + backend: + service: + name: {{ include "common.names.fullname" (index $.Subcharts "federationapi") }} + port: + number: {{ .Values.federationapi.service.main.ports.external.port }} + - path: /_matrix/key + pathType: Prefix + backend: + service: + name: {{ include "common.names.fullname" (index $.Subcharts "federationapi") }} + port: + number: {{ .Values.federationapi.service.main.ports.external.port }} + - path: /_matrix/media + pathType: Prefix + backend: + service: + name: {{ include "common.names.fullname" (index $.Subcharts "mediaapi") }} + port: + number: {{ .Values.mediaapi.service.main.ports.external.port }} +{{- end -}} diff --git a/charts/incubator/dendrite/values.yaml b/charts/incubator/dendrite/values.yaml index b19ac786..8e45af79 100644 --- a/charts/incubator/dendrite/values.yaml +++ b/charts/incubator/dendrite/values.yaml @@ -37,7 +37,8 @@ service: protocol: HTTPS ingress: - # -- Enable and configure ingress settings for the chart under this key. + # -- (Monolith Only) Enable and configure ingress settings for the chart under + # this key. # @default -- See values.yaml main: enabled: false @@ -58,6 +59,22 @@ persistence: accessMode: ReadWriteOnce size: 1Gi +# -- Override general dendrite.database parameters. +# @default -- See values.yaml +database: + # -- Custom connection string + # @default -- file or derived from included postgresql deployment + connection_string: null + # -- Maximum open connections + # @default -- dendrite.database.max_open_conns + max_open_conns: null + # -- Maximum dile connections + # @default -- dendrite.database.max_idle_conns + max_idle_conns: null + # -- Maximum connection lifetime + # @default -- dendrite.database.conn_max_lifetime + conn_max_lifetime: null + # -- Configure the key server. # For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.polylith.yaml) # @default -- See values.yaml @@ -115,6 +132,8 @@ appserviceapi: internal: enabled: true port: 7777 + ingress: + args: "appservice" # -- Override general dendrite.database parameters. # @default -- See values.yaml @@ -185,6 +204,7 @@ clientapi: enabled: true threshold: 5 cooloff_ms: 500 + exempt_user_ids: [] # -- Configure the Federation API # For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.polylith.yaml) @@ -459,6 +479,7 @@ dendrite: existingSecret: "" crtPath: tls.crt keyPath: tls.key + matrix_key_secret: # -- Create matrix_key secret using the keyBody below. create: false @@ -469,6 +490,28 @@ dendrite: # -- Field in the secret to get the key from secretPath: matrix_key.pem + # -- Enable and configure polylith ingress as per + # https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf + # @default -- See values.yaml + polylith_ingress: + enabled: false + host: "" + annotations: {} + # -- Sync API Paths are a little tricky since they require regular expressions. Therefore + # the paths will depend on the ingress controller used. See values.yaml for nginx and traefik. + # @default -- See values.yaml + syncapi_paths: [] + # For Traefik uncomment these lines + # - /_matrix/client/{version:.*?}/rooms/{roomid:.*?}/messages + # - /_matrix/client/{version:.*?}/keys/changes + # - /_matrix/client/{version:.*?}/user/{userid:.*?}/filter/{filterid:.*?} + # - /_matrix/client/{version:.*?}/user/{userid:.*?}/filter + # - /_matrix/client/{version:.*?}/sync + # + # For nginx uncomment these lines and add the annotations here: + # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#use-regex + # - /_matrix/client/.*?/(sync|user/.*?/filter/?.*|keys/changes|rooms/.*?/messages)$ + # -- Configure database connection parameters. # @default -- See values.yaml database: