diff --git a/charts/incubator/dendrite/Chart.yaml b/charts/incubator/dendrite/Chart.yaml index 58041209..cd05bfe6 100644 --- a/charts/incubator/dendrite/Chart.yaml +++ b/charts/incubator/dendrite/Chart.yaml @@ -1,9 +1,9 @@ --- apiVersion: v2 -appVersion: 0.6.0 +appVersion: 0.6.2 description: Dendrite Matrix Homeserver name: dendrite -version: 2.0.0 +version: 3.0.0 kubeVersion: ">=1.16.0-0" keywords: - dendrite @@ -11,6 +11,7 @@ keywords: - homeserver - monolith - federation + - polylith home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/dendrite sources: - https://github.com/matrix-org/dendrite @@ -30,9 +31,73 @@ dependencies: version: 0.12.1 repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled + # Client API + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: clientapi + condition: dendrite.polylithEnabled + # Media API + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: mediaapi + condition: dendrite.polylithEnabled + # Sync API + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: syncapi + condition: dendrite.polylithEnabled + # Room Server + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: roomserver + condition: dendrite.polylithEnabled + # EDU Server + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: eduserver + condition: dendrite.polylithEnabled + # Federation API + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: federationapi + condition: dendrite.polylithEnabled + # Key Server + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: keyserver + condition: dendrite.polylithEnabled + # User API + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: userapi + condition: dendrite.polylithEnabled + # App Service API + - name: common + repository: https://library-charts.k8s-at-home.com + version: 4.3.0 + alias: appserviceapi + condition: dendrite.polylithEnabled annotations: artifacthub.io/changes: | - kind: changed - description: NATS is now used instead of Kafka + description: Refactored values for polylith mode - kind: changed - description: App version bumped to v0.6.0 + description: Split out volume template defintions into separate file + - kind: fix + description: NAT subchart indentation + - kind: fix + description: MSC's config and updated config version + - kind: changed + description: Bumped app version to v0.6.2 + - kind: added + description: Support for polylith deployment + - kind: changed + description: Rename secret fields for consistency diff --git a/charts/incubator/dendrite/README.md b/charts/incubator/dendrite/README.md index c74055a6..dced88c6 100644 --- a/charts/incubator/dendrite/README.md +++ b/charts/incubator/dendrite/README.md @@ -1,6 +1,6 @@ # dendrite -![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) +![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![AppVersion: 0.6.2](https://img.shields.io/badge/AppVersion-0.6.2-informational?style=flat-square) Dendrite Matrix Homeserver @@ -21,6 +21,15 @@ Kubernetes: `>=1.16.0-0` |------------|------|---------| | https://charts.bitnami.com/bitnami | postgresql | 10.14.4 | | https://library-charts.k8s-at-home.com | common | 4.3.0 | +| https://library-charts.k8s-at-home.com | federationapi(common) | 4.3.0 | +| https://library-charts.k8s-at-home.com | clientapi(common) | 4.3.0 | +| https://library-charts.k8s-at-home.com | mediaapi(common) | 4.3.0 | +| https://library-charts.k8s-at-home.com | syncapi(common) | 4.3.0 | +| https://library-charts.k8s-at-home.com | roomserver(common) | 4.3.0 | +| https://library-charts.k8s-at-home.com | eduserver(common) | 4.3.0 | +| https://library-charts.k8s-at-home.com | keyserver(common) | 4.3.0 | +| https://library-charts.k8s-at-home.com | userapi(common) | 4.3.0 | +| https://library-charts.k8s-at-home.com | appserviceapi(common) | 4.3.0 | | https://nats-io.github.io/k8s/helm/charts/ | nats | 0.12.1 | ## TL;DR @@ -70,7 +79,14 @@ helm install dendrite k8s-at-home/dendrite -f values.yaml ## Custom configuration -N/A +### Polylith Ingress + +Due to the complexity of setting up ingress for each individual component it +is left up to the individual to add the necessary ingress fields to polylith deployments. + +For more information see: +- https://github.com/matrix-org/dendrite/blob/master/docs/INSTALL.md#nginx-or-other-reverse-proxy +- and https://github.com/matrix-org/dendrite/blob/master/docs/nginx/polylith-sample.conf ## Values @@ -78,17 +94,20 @@ N/A | Key | Type | Default | Description | |-----|------|---------|-------------| +| appserviceapi | object | See values.yaml | Configure the app service api. For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| appserviceapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| appserviceapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| appserviceapi.image.tag | string | `"v0.6.2"` | image tag | +| clientapi | object | See values.yaml | Configuration for the client api component. For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| clientapi.config.captcha | object | See values.yaml | Configure captcha for registration | +| clientapi.config.rate_limiting | object | values.yaml | Configure rate limiting. | +| clientapi.config.registration_disabled | bool | `false` | Enable or disable registration for this homeserver. | +| clientapi.config.registration_shared_secret | string | `""` | Shared secret that allows registration, despite registration_disabled. | +| clientapi.config.turn | object | See values.yaml | Configure TURN | +| clientapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| clientapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| clientapi.image.tag | string | `"v0.6.2"` | image tag | | dendrite | object | See values.yaml | Configuration for Dendrite. For more information see [the sample denrite-config.yaml](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | -| dendrite.components | object | See values.yaml | Configure the dendrite components. | -| dendrite.components.app_service_api | object | See values.yaml | Configure the App Service API | -| dendrite.components.client_api | object | `{"captcha":{"enabled":false,"recaptcha_bypass_secret":"","recaptcha_private_key":"","recaptcha_public_key":"","recaptcha_siteverify_api":""},"rate_limiting":{"cooloff_ms":500,"enabled":true,"threshold":5},"registration_disabled":false,"registration_shared_secret":"","turn":{"turn_password":"","turn_shared_secret":"","turn_uris":[],"turn_user_lifetime":"","turn_username":""}}` | Configure the Client API | -| dendrite.components.client_api.captcha | object | See values.yaml | Configure captcha for registration | -| dendrite.components.client_api.rate_limiting | object | values.yaml | Configure rate limiting. | -| dendrite.components.client_api.registration_disabled | bool | `false` | Enable or disable registration for this homeserver. | -| dendrite.components.client_api.registration_shared_secret | string | `""` | Shared secret that allows registration, despite registration_disabled. | -| dendrite.components.client_api.turn | object | See values.yaml | Configure TURN | -| dendrite.components.federation_api | object | values.yaml | Configure the Federation API | -| dendrite.components.media_api | object | values.yaml | Configure the Media API | | dendrite.database | object | See values.yaml | Configure database connection parameters. | | dendrite.global | object | See values.yaml | Configure the global settings for dendrite. | | dendrite.global.dns_cache | object | See values.yaml | Configure DNS cache. | @@ -96,21 +115,42 @@ N/A | dendrite.global.key_validity_period | string | `"168h0m0s"` | Configure the key_validity period | | dendrite.global.metrics | object | See values.yaml | Configure prometheus metrics collection for dendrite. | | dendrite.global.metrics.enabled | bool | See values.yaml | If enabled, metrics collection will be enabled | +| dendrite.global.mscs | list | `[]` | Configure experimental MSC's | | dendrite.global.server_name | string | `"localhost"` | (required) Configure the server name for the dendrite instance. | | dendrite.global.trusted_third_party_id_servers | list | `["matrix.org","vector.im"]` | Configure the list of domains the server will trust as identity servers | | dendrite.global.well_known_server_name | string | `""` | Configure the well-known server name and optional port | | dendrite.logging | list | See values.yaml | Configure logging. | -| dendrite.matrix_key_secret | object | See values.yaml | If enabled, use an existing secret for matrix_key.pem. Otherwise a matrix_key.pem must be mounted to `/etc/dendrite`. | +| dendrite.matrix_key_secret.create | bool | `false` | Create matrix_key secret using the keyBody below. | +| dendrite.matrix_key_secret.existingSecret | string | `""` | Use an existing secret | +| dendrite.matrix_key_secret.keyBody | string | `""` | New Key Body | +| dendrite.matrix_key_secret.secretPath | string | `"matrix_key.pem"` | Field in the secret to get the key from | +| dendrite.polylithEnabled | bool | `false` | Enable polylith deployment | | dendrite.tls_secret | object | See values.yaml | If enabled, use an existing secrets for the TLS certificate and key. Otherwise, to enable TLS a `server.crt` and `server.key` must be mounted at `/etc/dendrite`. | | dendrite.tracing | object | See values.yaml | Configure opentracing. | -| image | object | `{"pullPolicy":"IfNotPresent","repository":"matrixdotorg/dendrite-monolith","tag":"v0.5.1"}` | IMPORTANT NOTE This chart inherits from our common library chart. You can check the default values/options here: https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml | +| eduserver | object | values.yaml | Configure the edu server For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| eduserver.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| eduserver.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| eduserver.image.tag | string | `"v0.6.2"` | image tag | +| federationapi | object | values.yaml | Configure the Federation API For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| federationapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| federationapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| federationapi.image.tag | string | `"v0.6.2"` | image tag | +| image | object | `{"pullPolicy":"IfNotPresent","repository":"matrixdotorg/dendrite-monolith","tag":"v0.6.2"}` | IMPORTANT NOTE This chart inherits from our common library chart. You can check the default values/options here: https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml | | image.pullPolicy | string | `"IfNotPresent"` | image pull policy | | image.repository | string | `"matrixdotorg/dendrite-monolith"` | image repository | -| image.tag | string | `"v0.5.1"` | image tag | +| image.tag | string | `"v0.6.2"` | image tag | | ingress.main | object | See values.yaml | Enable and configure ingress settings for the chart under this key. | +| keyserver | object | See values.yaml | Configure the key server. For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| keyserver.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| keyserver.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| keyserver.image.tag | string | `"v0.6.2"` | image tag | +| mediaapi | object | values.yaml | Configure the Media API For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| mediaapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| mediaapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| mediaapi.image.tag | string | `"v0.6.2"` | image tag | | nats.enabled | bool | See value.yaml | Enable and configure NATS for dendrite. Can be disabled for monolith deployments - an internal NATS server will be used in its place. | -| nats.image | string | `"nats:2.7.1-alpine"` | | -| nats.jetstream.enabled | bool | `true` | | +| nats.nats.image | string | `"nats:2.7.1-alpine"` | | +| nats.nats.jetstream.enabled | bool | `true` | | | persistence | object | See values.yaml | Configure persistence settings for the chart under this key. | | persistence.jetstream | object | See values.yaml | Configure Jetsream persistence. This is highly recommended in production. | | postgresql.enabled | bool | See value.yaml | Enable and configure postgres as the database for dendrite. | @@ -121,22 +161,36 @@ N/A | postgresql.postgresqlDatabase | string | `"dendrite"` | | | postgresql.postgresqlPassword | string | `"changeme"` | | | postgresql.postgresqlUsername | string | `"dendrite"` | | +| roomserver | object | values.yaml | Configure the Room Server For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| roomserver.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| roomserver.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| roomserver.image.tag | string | `"v0.6.2"` | image tag | | service | object | See values.yaml | If added dendrite will start a HTTP and HTTPS listener args: - "--tls-cert=server.crt" - "--tls-key=server.key" -- Configures service settings for the chart. | | service.main.ports.http | object | See values.yaml | Configures the default HTTP listener for dendrite | | service.main.ports.https | object | See values.yaml | Configures the HTTPS listener for dendrite | +| syncapi | object | values.yaml | Configure the Sync API For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| syncapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| syncapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| syncapi.image.tag | string | `"v0.6.2"` | image tag | +| userapi | object | values.yaml | Configure the User API For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) | +| userapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| userapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository | +| userapi.image.tag | string | `"v0.6.2"` | image tag | ## Changelog -### Version 2.0.0 +### Version 3.0.0 #### Added -N/A +* Support for polylith deployment #### Changed -* NATS is now used instead of Kafka -* App version bumped to v0.6.0 +* Refactored values for polylith mode +* Split out volume template defintions into separate file +* Bumped app version to v0.6.2 +* Rename secret fields for consistency #### Fixed diff --git a/charts/incubator/dendrite/README_CONFIG.md.gotmpl b/charts/incubator/dendrite/README_CONFIG.md.gotmpl index e93d80bf..0664a3eb 100644 --- a/charts/incubator/dendrite/README_CONFIG.md.gotmpl +++ b/charts/incubator/dendrite/README_CONFIG.md.gotmpl @@ -5,5 +5,13 @@ {{- define "custom.custom.configuration" -}} {{ template "custom.custom.configuration.header" . }} -N/A +### Polylith Ingress + +Due to the complexity of setting up ingress for each individual component it +is left up to the individual to add the necessary ingress fields to polylith deployments. + +For more information see: +- https://github.com/matrix-org/dendrite/blob/master/docs/INSTALL.md#nginx-or-other-reverse-proxy +- and https://github.com/matrix-org/dendrite/blob/master/docs/nginx/polylith-sample.conf + {{- end -}} diff --git a/charts/incubator/dendrite/ci/ct-values.yaml b/charts/incubator/dendrite/ci/ct-values.yaml index c92adc83..8b2f8a3b 100644 --- a/charts/incubator/dendrite/ci/ct-values.yaml +++ b/charts/incubator/dendrite/ci/ct-values.yaml @@ -1,11 +1,10 @@ --- dendrite: matrix_key_secret: - enabled: true -secret: - matrix_key.pem: | - -----BEGIN MATRIX PRIVATE KEY----- - Key-ID: ed25519:P8gZqV + create: true + keyBody: | + -----BEGIN MATRIX PRIVATE KEY----- + Key-ID: ed25519:P8gZqV - qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU= - -----END MATRIX PRIVATE KEY----- + qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU= + -----END MATRIX PRIVATE KEY----- diff --git a/charts/incubator/dendrite/ci/nats-values.yaml b/charts/incubator/dendrite/ci/nats-values.yaml new file mode 100644 index 00000000..ae1b22f8 --- /dev/null +++ b/charts/incubator/dendrite/ci/nats-values.yaml @@ -0,0 +1,12 @@ +--- +dendrite: + matrix_key_secret: + create: true + keyBody: | + -----BEGIN MATRIX PRIVATE KEY----- + Key-ID: ed25519:P8gZqV + + qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU= + -----END MATRIX PRIVATE KEY----- +nats: + enabled: true diff --git a/charts/incubator/dendrite/ci/polylith-basic-values.yaml b/charts/incubator/dendrite/ci/polylith-basic-values.yaml new file mode 100644 index 00000000..c140ba0d --- /dev/null +++ b/charts/incubator/dendrite/ci/polylith-basic-values.yaml @@ -0,0 +1,13 @@ +--- +dendrite: + polylithEnabled: true + matrix_key_secret: + create: true + keyBody: | + -----BEGIN MATRIX PRIVATE KEY----- + Key-ID: ed25519:P8gZqV + + qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU= + -----END MATRIX PRIVATE KEY----- +nats: + enabled: true diff --git a/charts/incubator/dendrite/ci/polylith-full-values.yaml b/charts/incubator/dendrite/ci/polylith-full-values.yaml new file mode 100644 index 00000000..57952806 --- /dev/null +++ b/charts/incubator/dendrite/ci/polylith-full-values.yaml @@ -0,0 +1,18 @@ +--- +dendrite: + polylithEnabled: true + matrix_key_secret: + create: true + keyBody: | + -----BEGIN MATRIX PRIVATE KEY----- + Key-ID: ed25519:P8gZqV + + qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU= + -----END MATRIX PRIVATE KEY----- +nats: + enabled: true +persistence: + jetstream: + enabled: true +postgresql: + enabled: true diff --git a/charts/incubator/dendrite/ci/postresql-values.yaml b/charts/incubator/dendrite/ci/postresql-values.yaml new file mode 100644 index 00000000..f7fb7e9a --- /dev/null +++ b/charts/incubator/dendrite/ci/postresql-values.yaml @@ -0,0 +1,12 @@ +--- +dendrite: + matrix_key_secret: + create: true + keyBody: | + -----BEGIN MATRIX PRIVATE KEY----- + Key-ID: ed25519:P8gZqV + + qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU= + -----END MATRIX PRIVATE KEY----- +postgresql: + enabled: true diff --git a/charts/incubator/dendrite/templates/_helper.tpl b/charts/incubator/dendrite/templates/_helper.tpl new file mode 100644 index 00000000..cf7c454f --- /dev/null +++ b/charts/incubator/dendrite/templates/_helper.tpl @@ -0,0 +1,3 @@ +{{- define "dendrite.names.key" -}} + {{- default (printf "%s-key" (include "common.names.fullname" .)) .Values.dendrite.matrix_key_secret.existingSecret -}} +{{- end -}} diff --git a/charts/incubator/dendrite/templates/common.yaml b/charts/incubator/dendrite/templates/common.yaml index e0d4637b..0935cfa8 100644 --- a/charts/incubator/dendrite/templates/common.yaml +++ b/charts/incubator/dendrite/templates/common.yaml @@ -1,42 +1,25 @@ -{{ include "common.values.setup" . }} - -{{- define "dendrite.keyVolume" -}} -enabled: {{ .Values.dendrite.matrix_key_secret.enabled | quote }} -type: "custom" -volumeSpec: - secret: - defaultMode: 0600 - secretName: {{ default (include "common.names.fullname" .) .Values.dendrite.matrix_key_secret.secretName }} -subPath: - - path: {{ .Values.dendrite.matrix_key_secret.key }} - mountPath: "/etc/dendrite/matrix_key.pem" -{{- end -}} -{{- define "dendrite.tlsVolume" -}} -enabled: {{ .Values.dendrite.tls_secret.enabled }} -type: "custom" -volumeSpec: - secret: - defaultMode: 0600 - secretName: {{ .Values.dendrite.tls_secret.secretName }} -subPath: - - path: {{ .Values.dendrite.tls_secret.crtKey }} - mountPath: "/etc/dendrite/server.crt" - - path: {{ .Values.dendrite.tls_secret.keyKey }} - mountPath: "/etc/dendrite/server.key" -{{- end -}} -{{- define "dendrite.configVolume" -}} -enabled: "true" -type: "custom" -volumeSpec: - secret: - defaultMode: 0600 - secretName: {{ include "common.names.fullname" . }}-config -subPath: - - path: dendrite.yaml - mountPath: "/etc/dendrite/dendrite.yaml" -{{- end -}} -{{- $_ := set .Values.persistence "dendrite-key" (include "dendrite.keyVolume" . | fromYaml) -}} -{{- $_ := set .Values.persistence "dendrite-config" (include "dendrite.configVolume" . | fromYaml) -}} -{{- $_ := set .Values.persistence "dendrite-tls" (include "dendrite.tlsVolume" . | fromYaml) -}} - -{{ include "common.all" . }} +{{- if .Values.dendrite.polylithEnabled }} + {{ $components := list "clientapi" "appserviceapi" "federationapi" "userapi" "keyserver" "mediaapi" "syncapi" "roomserver" "eduserver" }} + {{- range $components }} + {{- include "common.values.setup" (index $.Subcharts .) }} + {{- with (index $.Values .) }} + {{- if not .persistence }} + {{- $_ := set . "persistence" (dict)}} + {{- end }} + {{- $_ := set .persistence "dendrite-key" (include "dendrite.keyVolume" $ | fromYaml) -}} + {{- $_ := set .persistence "dendrite-config" (include "dendrite.configVolume" $ | fromYaml) -}} + {{- $_ := set .persistence "dendrite-tls" (include "dendrite.tlsVolume" $ | fromYaml) -}} + {{- $_ := set .persistence "jetstream" $.Values.persistence.jetstream -}} + {{- end }} + {{- include "common.all" (index $.Subcharts .) }} + {{- end }} + {{- with (index $.Values "mediaapi") }} + {{- $_ := set .persistence "media" $.Values.persistence.media -}} + {{- end }} +{{- else }} + {{ include "common.values.setup" . }} + {{- $_ := set .Values.persistence "dendrite-key" (include "dendrite.keyVolume" . | fromYaml) -}} + {{- $_ := set .Values.persistence "dendrite-config" (include "dendrite.configVolume" . | fromYaml) -}} + {{- $_ := set .Values.persistence "dendrite-tls" (include "dendrite.tlsVolume" . | fromYaml) -}} + {{ include "common.all" . }} +{{- end }} diff --git a/charts/incubator/dendrite/templates/dendrite-config.yaml b/charts/incubator/dendrite/templates/dendrite-config.yaml index 0c986884..d9edd4ec 100644 --- a/charts/incubator/dendrite/templates/dendrite-config.yaml +++ b/charts/incubator/dendrite/templates/dendrite-config.yaml @@ -1,6 +1,6 @@ {{- $connectionString := "file:" -}} {{- if .Values.postgresql.enabled}} -{{- $connectionString = print "postgresql://" .Values.postgresql.postgresqlUsername ":" .Values.postgresql.postgresqlPassword "@dendrite-postgresql/" -}} +{{- $connectionString = print "postgresql://" .Values.postgresql.postgresqlUsername ":" .Values.postgresql.postgresqlPassword "@" (include "common.names.fullname" .) "-postgresql/" -}} {{- end}} --- apiVersion: v1 @@ -10,7 +10,7 @@ metadata: type: Opaque stringData: dendrite.yaml: | - version: 1 + version: 2 global: server_name: {{ required "A server_name must be provided." .Values.dendrite.global.server_name | quote }} private_key: matrix_key.pem @@ -21,7 +21,7 @@ stringData: jetstream: addresses: {{- if .Values.nats.enabled }} - - {{ include "nats.fullname" .Subcharts.nats }}:4222 + - {{ template "common.names.fullname" . }}-nats:4222 {{- else }} [] {{- end }} @@ -39,40 +39,40 @@ stringData: cache_lifetime: {{ default "5m" .Values.dendrite.global.dns_cache.cache_lifetime }} app_service_api: internal_api: - listen: http://0.0.0.0:7777 - connect: http://appservice_api:7777 + listen: http://0.0.0.0:{{ .Values.appserviceapi.service.main.ports.internal.port }} + connect: http://{{ include "common.names.fullname" . }}-appserviceapi:{{ .Values.appserviceapi.service.main.ports.internal.port }} database: connection_string: {{ $connectionString }}dendrite_appservice?sslmode=disable max_open_conns: {{ .Values.dendrite.database.max_open_conns }} max_idle_conns: {{ .Values.dendrite.database.max_idle_conns }} conn_max_lifetime: {{ .Values.dendrite.database.conn_max_lifetime }} - config_files: {{- toYaml .Values.dendrite.components.app_service_api.config_files | nindent 8 }} + config_files: {{- toYaml .Values.appserviceapi.config.config_files | nindent 8 }} client_api: internal_api: - listen: http://0.0.0.0:7771 - connect: http://client_api:7771 + listen: http://0.0.0.0:{{ .Values.clientapi.service.main.ports.internal.port }} + connect: http://{{ include "common.names.fullname" . }}-clientapi:{{ .Values.clientapi.service.main.ports.internal.port }} external_api: - listen: http://0.0.0.0:8071 - registration_disabled: {{ default false .Values.dendrite.components.client_api.registration_disabled }} - registration_shared_secret: {{ default "" .Values.dendrite.components.client_api.registration_shared_secret | quote }} - enable_registration_captcha: {{ default false .Values.dendrite.components.client_api.captcha.enabled }} - recaptcha_public_key: {{ default "" .Values.dendrite.components.client_api.captcha.recaptcha_public_key | quote }} - recaptcha_private_key: {{ default "" .Values.dendrite.components.client_api.captcha.recaptcha_private_key | quote }} - recaptcha_bypass_secret: {{ default "" .Values.dendrite.components.client_api.captcha.recaptcha_bypass_secret | quote }} - recaptcha_siteverify_api: {{ default "" .Values.dendrite.components.client_api.captcha.recaptcha_siteverify_api | quote }} - turn: {{- toYaml .Values.dendrite.components.client_api.turn | nindent 8 }} + listen: http://0.0.0.0:{{ .Values.clientapi.service.main.ports.external.port }} + registration_disabled: {{ default false .Values.clientapi.config.registration_disabled }} + registration_shared_secret: {{ default "" .Values.clientapi.config.registration_shared_secret | quote }} + enable_registration_captcha: {{ default false .Values.clientapi.config.captcha.enabled }} + recaptcha_public_key: {{ default "" .Values.clientapi.config.captcha.recaptcha_public_key | quote }} + recaptcha_private_key: {{ default "" .Values.clientapi.config.captcha.recaptcha_private_key | quote }} + recaptcha_bypass_secret: {{ default "" .Values.clientapi.config.captcha.recaptcha_bypass_secret | quote }} + recaptcha_siteverify_api: {{ default "" .Values.clientapi.config.captcha.recaptcha_siteverify_api | quote }} + turn: {{- toYaml .Values.clientapi.config.turn | nindent 8 }} rate_limiting: - enabled: {{ default true .Values.dendrite.components.client_api.rate_limiting.enabled }} - threshold: {{ default 5 .Values.dendrite.components.client_api.rate_limiting.threshold }} - cooloff_ms: {{ default 500 .Values.dendrite.components.client_api.rate_limiting.cooloff_ms }} + enabled: {{ default true .Values.clientapi.config.rate_limiting.enabled }} + threshold: {{ default 5 .Values.clientapi.config.rate_limiting.threshold }} + cooloff_ms: {{ default 500 .Values.clientapi.config.rate_limiting.cooloff_ms }} edu_server: internal_api: listen: http://0.0.0.0:7778 - connect: http://edu_server:7778 + connect: http://{{ include "common.names.fullname" . }}-eduserver:7778 federation_api: internal_api: listen: http://0.0.0.0:7772 - connect: http://federation_api:7772 + connect: http://{{ include "common.names.fullname" . }}-federationapi:7772 external_api: listen: http://0.0.0.0:8072 database: @@ -80,20 +80,20 @@ stringData: max_open_conns: {{ .Values.dendrite.database.max_open_conns }} max_idle_conns: {{ .Values.dendrite.database.max_idle_conns }} conn_max_lifetime: {{ .Values.dendrite.database.conn_max_lifetime }} - federation_certificates: {{- toYaml .Values.dendrite.components.federation_api.federation_certificates | nindent 8 }} - send_max_retries: {{ default 16 .Values.dendrite.components.federation_api.send_max_retries }} - disable_tls_validation: {{ default false .Values.dendrite.components.federation_api.disable_tls_validation }} + federation_certificates: {{- toYaml .Values.federationapi.config.federation_certificates | nindent 8 }} + send_max_retries: {{ default 16 .Values.federationapi.config.send_max_retries }} + disable_tls_validation: {{ default false .Values.federationapi.config.disable_tls_validation }} proxy_outbound: - enabled: {{ default false .Values.dendrite.components.federation_api.proxy_outbound.enabled }} - protocol: {{ default "http" .Values.dendrite.components.federation_api.proxy_outbound.protocol | quote }} - host: {{ default "localhost" .Values.dendrite.components.federation_api.proxy_outbound.host | quote }} - port: {{ default 8080 .Values.dendrite.components.federation_api.proxy_outbound.port }} - key_perspectives: {{- toYaml .Values.dendrite.components.federation_api.key_perspectives | nindent 8 }} - prefer_direct_fetch: {{ default false .Values.dendrite.components.federation_api.prefer_direct_fetch }} + enabled: {{ default false .Values.federationapi.config.proxy_outbound.enabled }} + protocol: {{ default "http" .Values.federationapi.config.proxy_outbound.protocol | quote }} + host: {{ default "localhost" .Values.federationapi.config.proxy_outbound.host | quote }} + port: {{ default 8080 .Values.federationapi.config.proxy_outbound.port }} + key_perspectives: {{- toYaml .Values.federationapi.config.key_perspectives | nindent 8 }} + prefer_direct_fetch: {{ default false .Values.federationapi.config.prefer_direct_fetch }} key_server: internal_api: listen: http://0.0.0.0:7779 - connect: http://key_server:7779 + connect: http://{{ include "common.names.fullname" . }}-keyserver:7779 database: connection_string: {{ $connectionString }}dendrite_keyserver?sslmode=disable max_open_conns: {{ .Values.dendrite.database.max_open_conns }} @@ -102,7 +102,7 @@ stringData: media_api: internal_api: listen: http://0.0.0.0:7774 - connect: http://media_api:7774 + connect: http://{{ include "common.names.fullname" . }}-mediaapi:7774 external_api: listen: http://0.0.0.0:8074 database: @@ -110,15 +110,22 @@ stringData: max_open_conns: {{ .Values.dendrite.database.max_open_conns }} max_idle_conns: {{ .Values.dendrite.database.max_idle_conns }} conn_max_lifetime: {{ .Values.dendrite.database.conn_max_lifetime }} - base_path: {{ default "/var/dendrite/media" .Values.dendrite.components.media_api.base_path | quote }} - max_file_size_bytes: {{ default 10485760 .Values.dendrite.components.media_api.max_file_size_bytes }} - dynamic_thumbnails: {{ default false .Values.dendrite.components.media_api.dynamic_thumbnails }} - max_thumbnail_generators: {{ default 10 .Values.dendrite.components.media_api.max_thumbnail_generators }} - thumbnail_sizes: {{- toYaml .Values.dendrite.components.media_api.thumbnail_sizes | nindent 8 }} + base_path: {{ default "/var/dendrite/media" .Values.mediaapi.config.base_path | quote }} + max_file_size_bytes: {{ int ( default 10485760 .Values.mediaapi.config.max_file_size_bytes ) }} + dynamic_thumbnails: {{ default false .Values.mediaapi.config.dynamic_thumbnails }} + max_thumbnail_generators: {{ default 10 .Values.mediaapi.config.max_thumbnail_generators }} + thumbnail_sizes: {{- toYaml .Values.mediaapi.config.thumbnail_sizes | nindent 8 }} + mscs: + mscs: {{ .Values.dendrite.global.mscs | toYaml | nindent 8 }} + database: + connection_string: {{ $connectionString }}dendrite_mscs?sslmode=disable + max_open_conns: {{ .Values.dendrite.database.max_open_conns }} + max_idle_conns: {{ .Values.dendrite.database.max_idle_conns }} + conn_max_lifetime: {{ .Values.dendrite.database.conn_max_lifetime }} room_server: internal_api: listen: http://0.0.0.0:7770 - connect: http://room_server:7770 + connect: http://{{ include "common.names.fullname" . }}-roomserver:7770 database: connection_string: {{ $connectionString }}dendrite_roomserver?sslmode=disable max_open_conns: {{ .Values.dendrite.database.max_open_conns }} @@ -127,7 +134,7 @@ stringData: sync_api: internal_api: listen: http://0.0.0.0:7773 - connect: http://sync_api:7773 + connect: http://{{ include "common.names.fullname" . }}-syncapi:7773 external_api: listen: http://0.0.0.0:8073 database: @@ -138,7 +145,7 @@ stringData: user_api: internal_api: listen: http://0.0.0.0:7781 - connect: http://user_api:7781 + connect: http://{{ include "common.names.fullname" . }}-userapi:7781 account_database: connection_string: {{ $connectionString }}dendrite_userapi_accounts?sslmode=disable max_open_conns: {{ .Values.dendrite.database.max_open_conns }} diff --git a/charts/incubator/dendrite/templates/matrix-key-secret.yaml b/charts/incubator/dendrite/templates/matrix-key-secret.yaml new file mode 100644 index 00000000..4dcf99c1 --- /dev/null +++ b/charts/incubator/dendrite/templates/matrix-key-secret.yaml @@ -0,0 +1,9 @@ +{{- if .Values.dendrite.matrix_key_secret.create }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "dendrite.names.key" . }} +stringData: + {{ .Values.dendrite.matrix_key_secret.secretPath }}: | {{ .Values.dendrite.matrix_key_secret.keyBody | nindent 4 }} +{{- end }} diff --git a/charts/incubator/dendrite/templates/volumes.yaml b/charts/incubator/dendrite/templates/volumes.yaml new file mode 100644 index 00000000..36112534 --- /dev/null +++ b/charts/incubator/dendrite/templates/volumes.yaml @@ -0,0 +1,35 @@ +{{- define "dendrite.keyVolume" -}} +enabled: {{ .Values.dendrite.matrix_key_secret.enabled }} +type: "custom" +volumeSpec: + secret: + defaultMode: 0600 + secretName: {{ include "dendrite.names.key" . }} +subPath: + - path: {{ .Values.dendrite.matrix_key_secret.secretPath }} + mountPath: "/etc/dendrite/matrix_key.pem" +{{- end -}} +{{- define "dendrite.tlsVolume" -}} +enabled: {{ .Values.dendrite.tls_secret.enabled }} +type: "custom" +volumeSpec: + secret: + defaultMode: 0600 + secretName: {{ .Values.dendrite.tls_secret.existingSecret }} +subPath: + - path: {{ .Values.dendrite.tls_secret.crtPath }} + mountPath: "/etc/dendrite/server.crt" + - path: {{ .Values.dendrite.tls_secret.keyPath }} + mountPath: "/etc/dendrite/server.key" +{{- end -}} +{{- define "dendrite.configVolume" -}} +enabled: true +type: "custom" +volumeSpec: + secret: + defaultMode: 0600 + secretName: {{ include "common.names.fullname" . }}-config +subPath: + - path: dendrite.yaml + mountPath: "/etc/dendrite/dendrite.yaml" +{{- end -}} diff --git a/charts/incubator/dendrite/values.yaml b/charts/incubator/dendrite/values.yaml index 7276cdfd..28f0bf40 100644 --- a/charts/incubator/dendrite/values.yaml +++ b/charts/incubator/dendrite/values.yaml @@ -10,7 +10,7 @@ image: # -- image repository repository: matrixdotorg/dendrite-monolith # -- image tag - tag: "v0.5.1" + tag: "v0.6.2" # -- image pull policy pullPolicy: IfNotPresent @@ -47,32 +47,304 @@ persistence: media: enabled: false mountPath: &mediaPath /var/dendrite/media + accessMode: ReadWriteOnce + size: 5Gi # -- Configure Jetsream persistence. This is highly recommended in production. # @default -- See values.yaml jetstream: enabled: false mountPath: /var/dendrite/jetstream + accessMode: ReadWriteOnce + size: 1Gi + +# -- Configure the key server. +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- See values.yaml +keyserver: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7779 + args: "keyserver" + +# -- Configure the app service api. +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- See values.yaml +appserviceapi: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7777 + args: "appservice" + config: + config_files: [] + +# -- Configuration for the client api component. +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- See values.yaml +clientapi: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7771 + external: + enabled: true + port: 8071 + args: "clientapi" + config: + # -- Enable or disable registration for this homeserver. + registration_disabled: false + # -- Shared secret that allows registration, despite registration_disabled. + registration_shared_secret: "" + # -- Configure captcha for registration + # @default -- See values.yaml + captcha: + enabled: false + recaptcha_public_key: "" + recaptcha_private_key: "" + recaptcha_bypass_secret: "" + recaptcha_siteverify_api: "" + # -- Configure TURN + # @default -- See values.yaml + turn: + turn_user_lifetime: "" + turn_uris: [] + turn_shared_secret: "" + turn_username: "" + turn_password: "" + # -- Configure rate limiting. + # @default -- values.yaml + rate_limiting: + enabled: true + threshold: 5 + cooloff_ms: 500 + +# -- Configure the Federation API +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- values.yaml +federationapi: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7772 + external: + enabled: true + port: 8072 + args: "federationapi" + config: + federation-certificates: [] + send-max_retires: 16 + disable_tls_validation: false + proxy_outbound: + enabled: false + protocol: http + host: localhost + port: 8080 + key_perspectives: + - server_name: matrix.org + keys: + - key_id: ed25519:auto + public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw + - key_id: ed25519:a_RXGa + public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ + prefer_direct_fetch: false + +# -- Configure the User API +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- values.yaml +userapi: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7781 + args: "userapi" + +# -- Configure the Sync API +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- values.yaml +syncapi: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7773 + external: + enabled: true + port: 8073 + args: "syncapi" + +# -- Configure the Room Server +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- values.yaml +roomserver: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7770 + args: "roomserver" + +# -- Configure the edu server +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- values.yaml +eduserver: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7778 + args: "eduserver" + +# -- Configure the Media API +# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) +# @default -- values.yaml +mediaapi: + image: + # -- image repository + repository: matrixdotorg/dendrite-polylith + # -- image tag + tag: "v0.6.2" + # -- image pull policy + pullPolicy: IfNotPresent + service: + main: + ports: + http: + enabled: false + internal: + enabled: true + port: 7774 + external: + enabled: true + port: 8074 + args: "mediaapi" + config: + base_path: *mediaPath + max_file_size_bytes: 10485760 + dynamic_thumbnails: false + max_thumbnail_generators: 10 + thumbnail_sizes: + - width: 32 + height: 32 + method: crop + - width: 96 + height: 96 + method: crop + - width: 640 + height: 480 + method: scale # -- Configuration for Dendrite. # For more information see [the sample # denrite-config.yaml](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) # @default -- See values.yaml dendrite: + # -- Enable polylith deployment + polylithEnabled: false # -- If enabled, use an existing secrets for the TLS certificate and key. # Otherwise, to enable TLS a `server.crt` and `server.key` must be mounted at # `/etc/dendrite`. # @default -- See values.yaml tls_secret: enabled: false - secretName: "dendrite-tls" - crtKey: tls.crt - keyKey: tls.key - # -- If enabled, use an existing secret for matrix_key.pem. Otherwise a - # matrix_key.pem must be mounted to `/etc/dendrite`. - # @default -- See values.yaml + existingSecret: "" + crtPath: tls.crt + keyPath: tls.key matrix_key_secret: - enabled: false - key: matrix_key.pem + # -- Create matrix_key secret using the keyBody below. + create: false + # -- New Key Body + keyBody: "" + # -- Use an existing secret + existingSecret: "" + # -- Field in the secret to get the key from + secretPath: matrix_key.pem + # -- Configure database connection parameters. # @default -- See values.yaml database: @@ -109,77 +381,9 @@ dendrite: enabled: false cache_size: 256 cache_lifetime: "5m" - # -- Configure the dendrite components. - # @default -- See values.yaml - components: - # -- Configure the App Service API - # @default -- See values.yaml - app_service_api: - config_files: [] - # -- Configure the Client API - client_api: - # -- Enable or disable registration for this homeserver. - registration_disabled: false - # -- Shared secret that allows registration, despite registration_disabled. - registration_shared_secret: "" - # -- Configure captcha for registration - # @default -- See values.yaml - captcha: - enabled: false - recaptcha_public_key: "" - recaptcha_private_key: "" - recaptcha_bypass_secret: "" - recaptcha_siteverify_api: "" - # -- Configure TURN - # @default -- See values.yaml - turn: - turn_user_lifetime: "" - turn_uris: [] - turn_shared_secret: "" - turn_username: "" - turn_password: "" - # -- Configure rate limiting. - # @default -- values.yaml - rate_limiting: - enabled: true - threshold: 5 - cooloff_ms: 500 - # -- Configure the Federation API - # @default -- values.yaml - federation_api: - federation_certificates: [] - send_max_retires: 16 - disable_tls_validation: false - proxy_outbound: - enabled: false - protocol: http - host: localhost - port: 8080 - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - prefer_direct_fetch: false - # -- Configure the Media API - # @default -- values.yaml - media_api: - base_path: *mediaPath - max_file_size_bytes: 10485760 - dynamic_thumbnails: false - max_thumbnail_generators: 10 - thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 640 - height: 480 - method: scale + # -- Configure experimental MSC's + mscs: [] + # -- Configure opentracing. # @default -- See values.yaml tracing: @@ -194,6 +398,7 @@ dendrite: headers: null baggage_restrictions: null throttler: null + # -- Configure logging. # @default -- See values.yaml logging: @@ -221,6 +426,7 @@ nats: # deployments - an internal NATS server will be used in its place. # @default -- See value.yaml enabled: false - image: nats:2.7.1-alpine - jetstream: - enabled: true + nats: + image: nats:2.7.1-alpine + jetstream: + enabled: true