diff --git a/apps/matrix/templates/deployment.yaml b/apps/matrix/templates/deployment.yaml index de55a8a..cf5a63a 100644 --- a/apps/matrix/templates/deployment.yaml +++ b/apps/matrix/templates/deployment.yaml @@ -15,15 +15,15 @@ spec: use-as-service: {{ .Release.Name }} spec: initContainers: - - name: wait-for-cert - image: busybox - command: - - sh - - -c - - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 2; done - volumeMounts: - - name: etcletsencrypt - mountPath: "/etc/letsencrypt" + # - name: wait-for-cert + # image: busybox + # command: + # - sh + # - -c + # - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 2; done + # volumeMounts: + # - name: etcletsencrypt + # mountPath: "/etc/letsencrypt" - name: generate-matrix-signing-key image: ungleich/ungleich-matrix-synapse:{{ .Values.synapseVersion }} command: @@ -41,6 +41,22 @@ spec: - name: matrix-config mountPath: "/baseconfig" containers: + - name: certbot + image: ungleich/ungleich-certbot + ports: + - containerPort: 80 + env: + - name: DOMAIN + value: "{{ tpl .Values.fqdn . }}" + - name: EMAIL + value: "{{ .Values.email }}" + {{ if eq .Values.letsencryptStaging "no" }} + - name: STAGING + value: "no" + {{ end }} + volumeMounts: + - name: etcletsencrypt + mountPath: "/etc/letsencrypt" # This container will only start *after* the cert has been placed - name: debug image: alpine:latest @@ -108,6 +124,9 @@ spec: - name: postgres-data persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-postgres-data + - name: postgres-vars + secret: + secretName: {{ tpl .Values.identifier . }}-postgres-config - name: nginx-config configMap: name: {{ tpl .Values.identifier . }}-nginx-config @@ -191,41 +210,41 @@ spec: storage: 500Mi storageClassName: rook-ceph-block --- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ tpl .Values.identifier . }}-getcert -spec: - template: - metadata: - labels: - app: certbot-letsencrypt-getcert - use-as-service: {{ .Release.Name }} - spec: - restartPolicy: Never - containers: - - name: certbot - image: ungleich/ungleich-certbot - ports: - - containerPort: 80 - env: - - name: DOMAIN - value: "{{ tpl .Values.fqdn . }}" - - name: EMAIL - value: "{{ .Values.email }}" - {{ if eq .Values.letsencryptStaging "no" }} - - name: STAGING - value: "no" - {{ end }} - volumeMounts: - - name: etcletsencrypt - mountPath: "/etc/letsencrypt" - volumes: - - name: etcletsencrypt - persistentVolumeClaim: - claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs - backoffLimit: 3 ---- +# apiVersion: batch/v1 +# kind: Job +# metadata: +# name: {{ tpl .Values.identifier . }}-getcert +# spec: +# template: +# metadata: +# labels: +# app: certbot-letsencrypt-getcert +# use-as-service: {{ .Release.Name }} +# spec: +# restartPolicy: Never +# containers: +# - name: certbot +# image: ungleich/ungleich-certbot +# ports: +# - containerPort: 80 +# env: +# - name: DOMAIN +# value: "{{ tpl .Values.fqdn . }}" +# - name: EMAIL +# value: "{{ .Values.email }}" +# {{ if eq .Values.letsencryptStaging "no" }} +# - name: STAGING +# value: "no" +# {{ end }} +# volumeMounts: +# - name: etcletsencrypt +# mountPath: "/etc/letsencrypt" +# volumes: +# - name: etcletsencrypt +# persistentVolumeClaim: +# claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs +# backoffLimit: 3 +#--- apiVersion: v1 kind: ConfigMap metadata: @@ -258,7 +277,7 @@ metadata: name: {{ tpl .Values.identifier . }}-postgres-config annotations: secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD -stringdata: +stringData: POSTGRES_USER: "matrix-synapse" POSTGRES_DB: "matrix-synapse" POSTGRES_HOST: "localhost"