fix(matrix-synapse): adjust helm-hook for signing-key job

2024-11-01 19:31:39 +01:00 · 2024-11-01 19:31:39 +01:00 · d33ebc16e3
commit d33ebc16e3
parent ebf8a3eba2
4 changed files with 26 additions and 12 deletions
--- a/matrix-synapse/Chart.yaml
+++ b/matrix-synapse/Chart.yaml
@ -4,7 +4,7 @@ name: matrix-synapse
 description: Matrix reference homeserver
 icon: https://matrix.org/images/matrix-logo.svg
 type: application
-version: 0.3.8
+version: 0.3.9
 # renovate: image=ghcr.io/element-hq/synapse
 appVersion: 1.118.0
 maintainers:
--- a/matrix-synapse/README.adoc
+++ b/matrix-synapse/README.adoc
@ -2,7 +2,7 @@

 = matrix-synapse

-image::https://img.shields.io/badge/Version-0.3.8-informational?style=flat-square[Version: 0.3.8]
+image::https://img.shields.io/badge/Version-0.3.9-informational?style=flat-square[Version: 0.3.9]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-1.118.0-informational?style=flat-square[AppVersion: 1.118.0]
 == Maintainers
@ -407,10 +407,10 @@ helm uninstall matrix-synapse-release
 | `false`
 |

-| signingkey.job.annotations
+| signingkey.annotations
 | object
-| `{}`
-|
+| `{"helm.sh/hook":"pre-install,pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation,hook-succeeded"}`
+| Annotations to apply to the job and rbac for signing-key.

 | signingkey.job.enabled
 | bool
--- a/matrix-synapse/templates/signing-key/job.yaml
+++ b/matrix-synapse/templates/signing-key/job.yaml
@ -14,7 +14,9 @@ metadata:
    {{- include "matrix-synapse.labels" . | nindent 4 }}
    app.kubernetes.io/component: signingkey-job
  annotations:
-    helm.sh/resource-policy: keep
+    "helm.sh/resource-policy": keep
+    "helm.sh/hook-delete-policy": "hook-failed"
+    "helm.sh/hook": "pre-install"
 type: Opaque
 ---
 apiVersion: v1
@ -24,6 +26,10 @@ metadata:
  labels:
    {{- include "matrix-synapse.labels" . | nindent 4 }}
    app.kubernetes.io/component: signingkey-job
+  {{- with .Values.signingkey.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@ -32,6 +38,10 @@ metadata:
  labels:
    {{- include "matrix-synapse.labels" . | nindent 4 }}
    app.kubernetes.io/component: signingkey-job
+  {{- with .Values.signingkey.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 rules:
  - apiGroups:
      - ""
@ -51,6 +61,10 @@ metadata:
  labels:
    {{- include "matrix-synapse.labels" . | nindent 4 }}
    app.kubernetes.io/component: signingkey-job
+  {{- with .Values.signingkey.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@ -67,10 +81,10 @@ metadata:
  labels:
    {{- include "matrix-synapse.labels" . | nindent 4 }}
    app.kubernetes.io/component: signingkey-job
+  {{- with .Values.signingkey.annotations }}
  annotations:
-    {{- with .Values.signingkey.job.annotations }}
    {{- toYaml . | nindent 4 }}
-    {{- end }}
+  {{- end }}
 spec:
  ttlSecondsAfterFinished: 0
  template:
--- a/matrix-synapse/values.yaml
+++ b/matrix-synapse/values.yaml
@ -36,6 +36,10 @@ publicServerName:
 ## The source of the signing key used by Synapse in federation.
 ##
 signingkey:
+  # -- Annotations to apply to the job and rbac for signing-key.
+  annotations:
+    "helm.sh/hook": "pre-install,pre-upgrade"
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
  ## Enable a Kubernetes job to generate and store a signing key if one does not
  ## exist.
  ## If you have already run a Matrix server at some point on your domain then
@ -50,10 +54,6 @@ signingkey:
  job:
    enabled: true

-    ## Annotations to apply to the signing-key-job.
-    ##
-    annotations: {}
-
    publishImage:
      registry: docker.io
      repository: bitnami/kubectl