diff --git a/README.md b/README.adoc similarity index 68% rename from README.md rename to README.adoc index bf954b6..1203432 100644 --- a/README.md +++ b/README.adoc @@ -1,29 +1,26 @@ ---- -title: "Helm-Charts" -weight: 1 -cascade: - - url: /:sections/:title/ -url: /:sections ---- += helm-charts -## Usage +== Usage Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. +Refer to Helm's https://helm.sh/docs[documentation] to get started. Once Helm has been set up correctly, fetch the charts as follows: -```bash +[source,bash] +---- helm pull oci://codeberg.org/wrenix/helm-charts/ -``` +---- You can install a chart release using the following command: -```bash +[source,bash] +---- helm install oci://codeberg.org/wrenix/helm-charts/ --values values.yaml -``` +---- To uninstall a chart release use `helm`'s delete command: -```bash +[source,bash] +---- helm uninstall -``` +---- diff --git a/README.adoc.gotmpl b/README.adoc.gotmpl new file mode 100644 index 0000000..86d9dca --- /dev/null +++ b/README.adoc.gotmpl @@ -0,0 +1,72 @@ +{{ define "chart.header" }}= {{ .Name }} +{{ end }} +{{ define "chart.versionBadge" }} +image::https://img.shields.io/badge/Version-{{ .Version | replace "-" "--" }}-informational?style=flat-square[Version: {{ .Version }}]{{end}} +{{ define "chart.typeBadge" }} +image::https://img.shields.io/badge/Version-{{ .Type }}-informational?style=flat-square[Type: {{ .Type }}]{{end}} +{{ define "chart.appVersionBadge" }}{{- if (ne .AppVersion "") }} +image::https://img.shields.io/badge/AppVersion-{{ .AppVersion }}-informational?style=flat-square[AppVersion: {{ .AppVersion }}]{{ end }}{{end}} +{{ define "chart.maintainersHeader" }}== Maintainers{{ end }} +{{ define "chart.maintainersTable" }}.Maintainers +|=== +| Name | Email | Url + {{- range .Maintainers }} + +| {{ .Name }} +| {{ if .Email }}<{{ .Email }}>{{ end }} +| {{ if .Url }}<{{ .Url }}>{{ end }} + {{- end }} +|=== +{{ end }} +{{ define "chart.valuesHeader" }}== Values{{ end }} +{{ define "chart.valuesTable" }}.Values +|=== +| Key | Type | Default | Description + {{- range .Values }} + +| {{ .Key }} +| {{ .Type }} +| {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} +| {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} + {{- end }} +|=== +{{ end }} + +{{- define "chart.prerequirements" -}}{{- end -}} + +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.prerequirements" . }} + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/{{ template "chart.name" . }} +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install {{ template "chart.name" . }}-release oci://codeberg.org/wrenix/helm-charts/{{ template "chart.name" . }} --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall {{ template "chart.name" . }}-release +---- + +{{ template "chart.valuesSection" . }} + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/README.md.gotmpl b/README.md.gotmpl deleted file mode 100644 index ffed287..0000000 --- a/README.md.gotmpl +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: {{ .Name | quote }} -{{ if .Description }} -description: {{.Description | quote }} -{{ end }} ---- - -{{- define "chart.prerequirements" }} -{{- end }} - -{{ template "chart.header" . }} -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.badgesSection" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -{{ template "chart.maintainersSection" . }} - -{{ template "chart.sourcesSection" . }} - - - -{{ template "chart.prerequirements" . }} - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/{{ .Name }} -``` - -You can install a chart release using the following command: - -```bash -helm install {{ .Name }}-release oci://codeberg.org/wrenix/helm-charts/{{ .Name }} --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall {{ .Name }}-release -``` - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesSection" . }} - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/alertmanager-matrix/Chart.yaml b/alertmanager-matrix/Chart.yaml index 2195783..ea2d57b 100644 --- a/alertmanager-matrix/Chart.yaml +++ b/alertmanager-matrix/Chart.yaml @@ -2,9 +2,8 @@ apiVersion: v2 name: alertmanager-matrix description: Service for managing and receiving Alertmanager alerts on Matrix type: application -version: "0.1.11" -# renovate: image=docker.io/silkeh/alertmanager_matrix -appVersion: "0.5.0" +version: 0.1.5 +appVersion: "latest" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/alertmanager-matrix/README.adoc b/alertmanager-matrix/README.adoc index 55dd37b..d05bb3e 100644 --- a/alertmanager-matrix/README.adoc +++ b/alertmanager-matrix/README.adoc @@ -2,9 +2,9 @@ = alertmanager-matrix -image::https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square[Version: 0.1.11] +image::https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square[Version: 0.1.5] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square[AppVersion: 0.5.0] +image::https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square[AppVersion: latest] == Maintainers .Maintainers @@ -214,12 +214,12 @@ helm uninstall alertmanager-matrix-release | image.registry | string -| `"registry.gitlab.com"` +| `"docker.io"` | | image.repository | string -| `"wrenix/alertmanager_matrix"` +| `"silkeh/alertmanager_matrix"` | | image.tag @@ -280,7 +280,7 @@ helm uninstall alertmanager-matrix-release | logging.enabled | bool | `false` -| Deploy Flow for logging-operator +| Deploy Flow for [Logging-Operator](https://kube-logging.github.io/docs/) | logging.globalOutputRefs | list diff --git a/alertmanager-matrix/README.md b/alertmanager-matrix/README.md deleted file mode 100644 index ddb4ed3..0000000 --- a/alertmanager-matrix/README.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: "alertmanager-matrix" - -description: "Service for managing and receiving Alertmanager alerts on Matrix" - ---- - -# alertmanager-matrix - -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square) - -Service for managing and receiving Alertmanager alerts on Matrix - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix -``` - -You can install a chart release using the following command: - -```bash -helm install alertmanager-matrix-release oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall alertmanager-matrix-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| bot.alertmanager | string | `"http://localhost:9093"` | | -| bot.colors.alert | string | `"black"` | | -| bot.colors.critical | string | `"red"` | | -| bot.colors.error | string | `"red"` | | -| bot.colors.info | string | `"blue"` | | -| bot.colors.information | string | `"blue"` | | -| bot.colors.resolved | string | `"green"` | | -| bot.colors.silenced | string | `"gray"` | | -| bot.colors.warning | string | `"orange"` | | -| bot.icons.alert | string | `"🔔ī¸"` | | -| bot.icons.critical | string | `"🚨"` | | -| bot.icons.error | string | `"🚨"` | | -| bot.icons.info | string | `"ℹī¸"` | | -| bot.icons.information | string | `"ℹī¸"` | | -| bot.icons.resolved | string | `"✅"` | | -| bot.icons.silenced | string | `"🔕"` | | -| bot.icons.warning | string | `"⚠ī¸"` | | -| bot.matrix.homeserver | string | `"http://localhost:8008"` | | -| bot.matrix.rooms[0] | string | `"!not_existing:matrix.org"` | | -| bot.matrix.rooms[1] | string | `"!also_not_existing:matrix.org"` | | -| bot.matrix.token | string | `"SECRET_TOKEN"` | | -| bot.matrix.userID | string | `"bot"` | | -| bot.messageType | string | `"m.notice"` | | -| bot.showLabels | bool | `false` | | -| bot.template.html | string | `"{{ range .Alerts }}\n \n {{.StatusString|icon}}\n {{.StatusString|upper}}\n {{.AlertName}}:\n \n {{.Summary}}\n {{if ne .Fingerprint \"\"}}\n ({{.Fingerprint}})\n {{end}}\n {{if $.ShowLabels}}\n
\n Labels:\n {{.LabelString}}\n {{end}}\n
\n{{- end -}}\n"` | | -| bot.template.text | string | `"{{ range .Alerts }}\n {{- .StatusString|icon}} {{ .StatusString|upper }}{{ .AlertName }}: {{ .Summary }} {{ if ne .Fingerprint \"\" -}}\n ({{.Fingerprint}})\n {{- end}}\n {{- if $.ShowLabels -}}\n , labels:\n {{- .LabelString}}\n {{- end }}\n{{ end -}}\n"` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"registry.gitlab.com"` | | -| image.repository | string | `"wrenix/alertmanager_matrix"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| logging.additionalFilters | list | `[]` | Add other filters to Flow | -| logging.dedot | string | `nil` | if an filter (here or global) for dedot is active - for disable set `null` | -| logging.enabled | bool | `false` | Deploy Flow for logging-operator | -| logging.globalOutputRefs | list | `["default"]` | Flows globalOutputRefs for use of ClusterOutputs | -| logging.localOutputRefs | list | `[]` | Flows localOutputRefs for use of Outputs | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `4051` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/alertmanager-matrix/ci/ct-empty-values.yaml b/alertmanager-matrix/ci/ct-empty-values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/alertmanager-matrix/ci/ct-security-values.yaml b/alertmanager-matrix/ci/ct-security-values.yaml deleted file mode 100644 index b8b4c92..0000000 --- a/alertmanager-matrix/ci/ct-security-values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -replicaCount: 1 - -logging: - enabled: true - dedot: "-" - additionalFilters: - - grep: - exclude: - - key: "message" - pattern: '/^Sending message to /' - -bot: - matrix: - homeserver: "http://localhost:8008" - userID: "bot" - token: "SECRET_TOKEN" - rooms: - - "!not_existing:matrix.org" - - "!also_not_existing:matrix.org" - alertmanager: "http://localhost:9093" - showLabels: true - -serviceAccount: - create: true - -podSecurityContext: - fsGroup: 1000 - -securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsUser: 1000 - runAsGroup: 1000 - -resources: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - cpu: 4 diff --git a/alertmanager-matrix/templates/_helpers.tpl b/alertmanager-matrix/templates/_helpers.tpl index dbc7de8..9522fad 100644 --- a/alertmanager-matrix/templates/_helpers.tpl +++ b/alertmanager-matrix/templates/_helpers.tpl @@ -62,6 +62,7 @@ app{{.Values.logging.dedot }}kubernetes{{.Values.logging.dedot }}io/instance: {{ {{- end }} {{- end }} + {{/* Create the name of the service account to use */}} diff --git a/alertmanager-matrix/templates/deployment.yaml b/alertmanager-matrix/templates/deployment.yaml index e8e389e..7410292 100644 --- a/alertmanager-matrix/templates/deployment.yaml +++ b/alertmanager-matrix/templates/deployment.yaml @@ -68,12 +68,6 @@ spec: {{- end }} - name: ROOMS value: {{ .Values.bot.matrix.rooms | join "," | quote }} - readinessProbe: - tcpSocket: - port: http - livenessProbe: - tcpSocket: - port: http ports: - name: http containerPort: {{ .Values.service.port }} diff --git a/alertmanager-matrix/values.yaml b/alertmanager-matrix/values.yaml index e2e14ab..e8bfe23 100644 --- a/alertmanager-matrix/values.yaml +++ b/alertmanager-matrix/values.yaml @@ -5,8 +5,8 @@ replicaCount: 1 image: - registry: registry.gitlab.com - repository: wrenix/alertmanager_matrix + registry: docker.io + repository: silkeh/alertmanager_matrix pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. # latest with current: @@ -83,6 +83,22 @@ bot:
{{- end -}} +# Logging +# This Helm chart could also deploy Flow for the logging-operator +logging: + # -- Deploy Flow for [Logging-Operator](https://kube-logging.github.io/docs/) + enabled: false + # -- if an filter (here or global) for dedot is active - for disable set `null` + dedot: + # -- Add other filters to Flow + additionalFilters: [] + # -- Flows localOutputRefs for use of Outputs + localOutputRefs: [] + # -- Flows globalOutputRefs for use of ClusterOutputs + globalOutputRefs: + - "default" + + serviceAccount: # Specifies whether a service account should be created create: true @@ -150,19 +166,3 @@ nodeSelector: {} tolerations: [] affinity: {} - -# Logging -# This HelmChart could also deploy Flow for the [Logging-Operator](https://kube-logging.github.io/docs/) -# Configuration is optimzed for deliever to elasticsearch -logging: - # -- Deploy Flow for logging-operator - enabled: false - # -- if an filter (here or global) for dedot is active - for disable set `null` - dedot: - # -- Add other filters to Flow - additionalFilters: [] - # -- Flows localOutputRefs for use of Outputs - localOutputRefs: [] - # -- Flows globalOutputRefs for use of ClusterOutputs - globalOutputRefs: - - "default" diff --git a/alertmanager-ntfy/Chart.yaml b/alertmanager-ntfy/Chart.yaml index 5b2e5e1..5e0f97e 100644 --- a/alertmanager-ntfy/Chart.yaml +++ b/alertmanager-ntfy/Chart.yaml @@ -2,9 +2,8 @@ apiVersion: v2 name: alertmanager-ntfy description: Receiver for alertmanager to forward to ntfy.sh type: application -version: 0.1.5 -# renovate: image=codeberg.org/xenrox/ntfy-alertmanager -appVersion: "0.4.0" +version: 0.1.3 +appVersion: "0.3.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/matrix-sliding-sync/README.adoc b/alertmanager-ntfy/README.adoc similarity index 52% rename from matrix-sliding-sync/README.adoc rename to alertmanager-ntfy/README.adoc index 37179ba..bb3c735 100644 --- a/matrix-sliding-sync/README.adoc +++ b/alertmanager-ntfy/README.adoc @@ -1,10 +1,10 @@ -= matrix-sliding-sync += alertmanager-ntfy -image::https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square[Version: 0.2.2] +image::https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square[Version: 0.1.3] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.99.19-informational?style=flat-square[AppVersion: 0.99.19] +image::https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square[AppVersion: 0.3.0] == Maintainers .Maintainers @@ -24,21 +24,21 @@ Once Helm has been set up correctly, fetch the charts as follows: [source,bash] ---- -helm pull oci://codeberg.org/wrenix/helm-charts/matrix-sliding-sync +helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy ---- You can install a chart release using the following command: [source,bash] ---- -helm install matrix-sliding-sync-release oci://codeberg.org/wrenix/helm-charts/matrix-sliding-sync --values values.yaml +helm install alertmanager-ntfy-release oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy --values values.yaml ---- To uninstall a chart release use `helm`'s delete command: [source,bash] ---- -helm uninstall matrix-sliding-sync-release +helm uninstall alertmanager-ntfy-release ---- == Values @@ -72,125 +72,25 @@ helm uninstall matrix-sliding-sync-release | `80` | -| config.homeserver -| string -| `"http://localhost:8008"` -| - -| config.logLevel -| string -| `"INFO"` -| - -| config.metrics -| int -| `9100` -| - -| config.opentelemetry.password -| string -| `nil` -| - -| config.opentelemetry.url -| string -| `nil` -| - -| config.opentelemetry.username -| string -| `nil` -| - -| config.postgresql.database -| string -| `"sliding_sync"` -| - -| config.postgresql.host -| string -| `"localhost"` -| - -| config.postgresql.maxConn -| int -| `0` -| - -| config.postgresql.password -| string -| `"secret"` -| - -| config.postgresql.port -| int -| `5432` -| - -| config.postgresql.sslmode -| string -| `"disable"` -| - -| config.postgresql.username -| string -| `"sliding_sync"` -| - -| config.syncSecret -| string -| `nil` -| - | fullnameOverride | string | `""` | -| global.image.pullPolicy -| string -| `nil` -| if set it will overwrite all pullPolicy - -| global.image.registry -| string -| `nil` -| if set it will overwrite all registry entries - -| grafana.dashboards.annotations -| object -| `{}` -| - -| grafana.dashboards.enabled -| bool -| `false` -| - -| grafana.dashboards.labels.grafana_dashboard -| string -| `"1"` -| - | image.pullPolicy | string | `"IfNotPresent"` | -| image.registry -| string -| `"ghcr.io"` -| - | image.repository | string -| `"matrix-org/sliding-sync"` +| `"xenrox/ntfy-alertmanager"` | | image.tag | string -| `nil` -| Overrides the image tag whose default is the chart appVersion. +| `""` +| | imagePullSecrets | list @@ -232,11 +132,6 @@ helm uninstall matrix-sliding-sync-release | `[]` | -| livenessProbe.tcpSocket.port -| string -| `"http"` -| - | nameOverride | string | `""` @@ -247,6 +142,96 @@ helm uninstall matrix-sliding-sync-release | `{}` | +| ntfyAlertmanager.labels.entries[0].label +| string +| `"severity"` +| + +| ntfyAlertmanager.labels.entries[0].priority +| int +| `5` +| + +| ntfyAlertmanager.labels.entries[0].tags[0] +| string +| `"rotating_light"` +| + +| ntfyAlertmanager.labels.entries[0].value +| string +| `"critical"` +| + +| ntfyAlertmanager.labels.entries[1].label +| string +| `"severity"` +| + +| ntfyAlertmanager.labels.entries[1].priority +| int +| `1` +| + +| ntfyAlertmanager.labels.entries[1].value +| string +| `"info"` +| + +| ntfyAlertmanager.labels.entries[2].label +| string +| `"instance"` +| + +| ntfyAlertmanager.labels.entries[2].tags[0] +| string +| `"computer"` +| + +| ntfyAlertmanager.labels.entries[2].tags[1] +| string +| `"example"` +| + +| ntfyAlertmanager.labels.entries[2].value +| string +| `"example.com"` +| + +| ntfyAlertmanager.labels.order[0] +| string +| `"severity"` +| + +| ntfyAlertmanager.labels.order[1] +| string +| `"instance"` +| + +| ntfyAlertmanager.logLevel +| string +| `"info"` +| + +| ntfyAlertmanager.ntfy.topic +| string +| `"https://ntfy.sh/alertmanager-alerts"` +| + +| ntfyAlertmanager.port +| int +| `80` +| + +| ntfyAlertmanager.resolved.tags[0] +| string +| `"resolved"` +| + +| ntfyAlertmanager.resolved.tags[1] +| string +| `"partying_face"` +| + | podAnnotations | object | `{}` @@ -257,26 +242,11 @@ helm uninstall matrix-sliding-sync-release | `{}` | -| podSecurityContext.fsGroup -| int -| `2000` -| - -| prometheus.servicemonitor.enabled -| bool -| `false` -| - -| prometheus.servicemonitor.labels +| podSecurityContext | object | `{}` | -| readinessProbe.tcpSocket.port -| string -| `"http"` -| - | replicaCount | int | `1` @@ -287,29 +257,14 @@ helm uninstall matrix-sliding-sync-release | `{}` | -| securityContext.capabilities.drop[0] -| string -| `"ALL"` -| - -| securityContext.readOnlyRootFilesystem -| bool -| `true` -| - -| securityContext.runAsNonRoot -| bool -| `true` -| - -| securityContext.runAsUser -| int -| `1000` +| securityContext +| object +| `{}` | | service.port | int -| `8008` +| `80` | | service.type @@ -322,11 +277,6 @@ helm uninstall matrix-sliding-sync-release | `{}` | -| serviceAccount.automount -| bool -| `true` -| - | serviceAccount.create | bool | `true` @@ -341,16 +291,6 @@ helm uninstall matrix-sliding-sync-release | list | `[]` | - -| volumeMounts -| list -| `[]` -| - -| volumes -| list -| `[]` -| |=== Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/alertmanager-ntfy/README.md b/alertmanager-ntfy/README.md deleted file mode 100644 index d36a0f3..0000000 --- a/alertmanager-ntfy/README.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: "alertmanager-ntfy" - -description: "Receiver for alertmanager to forward to ntfy.sh" - ---- - -# alertmanager-ntfy - -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.0](https://img.shields.io/badge/AppVersion-0.4.0-informational?style=flat-square) - -Receiver for alertmanager to forward to ntfy.sh - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy -``` - -You can install a chart release using the following command: - -```bash -helm install alertmanager-ntfy-release oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall alertmanager-ntfy-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"codeberg.org"` | | -| image.repository | string | `"xenrox/ntfy-alertmanager"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| ntfyAlertmanager.labels.entries[0].label | string | `"severity"` | | -| ntfyAlertmanager.labels.entries[0].priority | int | `5` | | -| ntfyAlertmanager.labels.entries[0].tags[0] | string | `"rotating_light"` | | -| ntfyAlertmanager.labels.entries[0].value | string | `"critical"` | | -| ntfyAlertmanager.labels.entries[1].label | string | `"severity"` | | -| ntfyAlertmanager.labels.entries[1].priority | int | `1` | | -| ntfyAlertmanager.labels.entries[1].value | string | `"info"` | | -| ntfyAlertmanager.labels.entries[2].label | string | `"instance"` | | -| ntfyAlertmanager.labels.entries[2].tags[0] | string | `"computer"` | | -| ntfyAlertmanager.labels.entries[2].tags[1] | string | `"example"` | | -| ntfyAlertmanager.labels.entries[2].value | string | `"example.com"` | | -| ntfyAlertmanager.labels.order[0] | string | `"severity"` | | -| ntfyAlertmanager.labels.order[1] | string | `"instance"` | | -| ntfyAlertmanager.logLevel | string | `"info"` | | -| ntfyAlertmanager.ntfy.topic | string | `"https://ntfy.sh/alertmanager-alerts"` | | -| ntfyAlertmanager.port | int | `80` | | -| ntfyAlertmanager.resolved.tags[0] | string | `"resolved"` | | -| ntfyAlertmanager.resolved.tags[1] | string | `"partying_face"` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/alertmanager-ntfy/templates/deployment.yaml b/alertmanager-ntfy/templates/deployment.yaml index df66847..0588167 100644 --- a/alertmanager-ntfy/templates/deployment.yaml +++ b/alertmanager-ntfy/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http diff --git a/alertmanager-ntfy/values.yaml b/alertmanager-ntfy/values.yaml index 405a4d0..aec2bf6 100644 --- a/alertmanager-ntfy/values.yaml +++ b/alertmanager-ntfy/values.yaml @@ -5,7 +5,6 @@ replicaCount: 1 image: - registry: codeberg.org repository: xenrox/ntfy-alertmanager pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. diff --git a/authentik-application/Chart.yaml b/authentik-application/Chart.yaml index 8a96b3e..066ba97 100644 --- a/authentik-application/Chart.yaml +++ b/authentik-application/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: authentik-application description: "A Chart to deploy a secret for the authentik blueprint-sidecar." type: application -version: "0.4.5" +version: 0.4.1 maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/authentik-application/README.adoc b/authentik-application/README.adoc new file mode 100644 index 0000000..1d9dd75 --- /dev/null +++ b/authentik-application/README.adoc @@ -0,0 +1,274 @@ + + += authentik-application + +image::https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square[Version: 0.4.1] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +## Pre-Requirement +Usage of https://github.com/goauthentik/helm/pull/146 + +## or manual: +Install authentik with this `values.yaml`: +```yaml +serviceAccount: + create: true + +additionalContainers: + - name: sidecar-blueprints + image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1" + env: + - name: "FOLDER" + value: "/blueprints/sidecar" + - name: "LABEL" + value: "goauthentik_blueprint" + - name: "LABEL_VALUE" + value: "1" + # - name: "NAMESPACE" + # value: "ALL" + - name: "RESOURCE" + value: "both" + - name: "UNIQUE_FILENAMES" + value: "true" + volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + +volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + +volumes: + - name: sidecar-blueprints + emptyDir: {} +``` + +And create an Role and bind them on to the ServiceAccount to read secrets: +```yaml +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: authentik-blueprint-sidecar +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: authentik-blueprint-sidecar +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: authentik-blueprint-sidecar +subjects: + - kind: ServiceAccount + name: authentik +``` + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall authentik-application-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| blueprint.application.bindPolicyID +| string +| `nil` +| uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) + +| blueprint.application.description +| string +| `""` +| description of application + +| blueprint.application.group +| string +| `""` +| put this application in authentik in group + +| blueprint.application.icon +| string +| `""` +| icon of application (url) + +| blueprint.application.launchURL +| string +| `""` +| + +| blueprint.application.name +| string +| `""` +| application name in menu + +| blueprint.application.openInNewTab +| bool +| `false` +| open application in new tab + +| blueprint.application.policyEngineMode +| string +| `"any"` +| + +| blueprint.application.publisher +| string +| `""` +| publisher of application + +| blueprint.application.slug +| string +| `"app-name"` +| application slug + +| blueprint.authentik.domain +| string +| `"https://auth.wrenix.eu"` +| domain to authentik, used in generated url (like issuer) + +| blueprint.groups +| string +| `nil` +| authentik groups created / give access to this application disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid + +| blueprint.labels +| object +| `{"goauthentik_blueprint":"1"}` +| label of generated secret with blueprint + +| blueprint.provider.authorizationFlow +| string +| `"default-provider-authorization-implicit-consent"` +| + +| blueprint.provider.enabled +| bool +| `true` +| creat an provider for authentification (otherwise just a like in menu is created) + +| blueprint.provider.name +| string +| `""` +| + +| blueprint.provider.oidc.clientID +| string +| `nil` +| client id - generated if secret enabled + +| blueprint.provider.oidc.clientSecret +| string +| `nil` +| client secret - generated if secret enabled + +| blueprint.provider.oidc.clientType +| string +| `"confidential"` +| + +| blueprint.provider.oidc.redirectURL +| string +| `""` +| + +| blueprint.provider.oidc.scopes +| string +| `nil` +| Scope + +| blueprint.provider.oidc.signingKey +| string +| `""` +| Need for non-curve / RSA + +| blueprint.provider.proxy.cookieDomain +| string +| `""` +| + +| blueprint.provider.proxy.externalHost +| string +| `nil` +| + +| blueprint.provider.proxy.ingress.backend +| string +| `"authentik"` +| service backend to authentik + +| blueprint.provider.proxy.ingress.domain +| string +| `nil` +| domain of application (where outpost should be deployed) + +| blueprint.provider.proxy.ingress.enabled +| bool +| `false` +| deploy ingress on application domain for e.g. logout (WIP) + +| blueprint.provider.proxy.skipPathRegex +| string +| `""` +| + +| blueprint.provider.saml +| string +| `nil` +| + +| blueprint.provider.type +| string +| `"oidc"` +| type of application connection, current support: oidc, saml and proxy + +| secret.labels +| object +| `{}` +| label of secret to store generated secret + +| secret.name +| string +| `""` +| name of secret to store generated secret (like clientI) +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] + diff --git a/authentik-application/README.md b/authentik-application/README.md deleted file mode 100644 index c91ec39..0000000 --- a/authentik-application/README.md +++ /dev/null @@ -1,146 +0,0 @@ ---- -title: "authentik-application" - -description: "A Chart to deploy a secret for the authentik blueprint-sidecar." - ---- - -# authentik-application - -![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -A Chart to deploy a secret for the authentik blueprint-sidecar. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Pre-Requirement -Usage of https://github.com/goauthentik/helm/pull/146 - -## or manual: -Install authentik with this `values.yaml`: -```yaml -serviceAccount: - create: true - -additionalContainers: - - name: sidecar-blueprints - image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1" - env: - - name: "FOLDER" - value: "/blueprints/sidecar" - - name: "LABEL" - value: "goauthentik_blueprint" - - name: "LABEL_VALUE" - value: "1" - # - name: "NAMESPACE" - # value: "ALL" - - name: "RESOURCE" - value: "both" - - name: "UNIQUE_FILENAMES" - value: "true" - volumeMounts: - - name: sidecar-blueprints - mountPath: /blueprints/sidecar - -volumeMounts: - - name: sidecar-blueprints - mountPath: /blueprints/sidecar - -volumes: - - name: sidecar-blueprints - emptyDir: {} -``` - -And create an Role and bind them on to the ServiceAccount to read secrets: -```yaml ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: authentik-blueprint-sidecar -rules: - - apiGroups: [""] - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: authentik-blueprint-sidecar -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: authentik-blueprint-sidecar -subjects: - - kind: ServiceAccount - name: authentik -``` - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application -``` - -You can install a chart release using the following command: - -```bash -helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall authentik-application-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| blueprint.application.bindPolicyID | string | `nil` | uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) | -| blueprint.application.description | string | `""` | description of application | -| blueprint.application.group | string | `""` | put this application in authentik in group | -| blueprint.application.icon | string | `""` | icon of application (url) | -| blueprint.application.launchURL | string | `""` | | -| blueprint.application.name | string | `""` | application name in menu | -| blueprint.application.openInNewTab | bool | `false` | open application in new tab | -| blueprint.application.policyEngineMode | string | `"any"` | | -| blueprint.application.publisher | string | `""` | publisher of application | -| blueprint.application.slug | string | `"app-name"` | application slug | -| blueprint.authentik.domain | string | `"https://auth.wrenix.eu"` | domain to authentik, used in generated url (like issuer) | -| blueprint.groups | string | `nil` | authentik groups created / give access to this application disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid | -| blueprint.labels | object | `{"goauthentik_blueprint":"1"}` | label of generated secret with blueprint | -| blueprint.provider.authorizationFlow | string | `"default-provider-authorization-implicit-consent"` | | -| blueprint.provider.enabled | bool | `true` | creat an provider for authentification (otherwise just a like in menu is created) | -| blueprint.provider.invalidationFlow | string | `"default-provider-invalidation-flow"` | | -| blueprint.provider.name | string | `""` | | -| blueprint.provider.oidc.clientID | string | `nil` | client id - generated if secret enabled | -| blueprint.provider.oidc.clientSecret | string | `nil` | client secret - generated if secret enabled | -| blueprint.provider.oidc.clientType | string | `"confidential"` | | -| blueprint.provider.oidc.redirectURL | string | `""` | | -| blueprint.provider.oidc.scopes | string | `nil` | Scope | -| blueprint.provider.oidc.signingKey | string | `""` | Need for non-curve / RSA | -| blueprint.provider.proxy.cookieDomain | string | `""` | | -| blueprint.provider.proxy.externalHost | string | `nil` | | -| blueprint.provider.proxy.ingress.annotations | list | `[]` | annotations to ingress for outpost | -| blueprint.provider.proxy.ingress.backend | string | `"authentik"` | service backend to authentik | -| blueprint.provider.proxy.ingress.domain | string | `nil` | domain of application (where outpost should be deployed) | -| blueprint.provider.proxy.ingress.enabled | bool | `false` | deploy ingress on application domain for e.g. logout (WIP) | -| blueprint.provider.proxy.ingress.tls | list | `[]` | tls to ingress for outpost | -| blueprint.provider.proxy.skipPathRegex | string | `""` | | -| blueprint.provider.saml | string | `nil` | | -| blueprint.provider.type | string | `"oidc"` | type of application connection, current support: oidc, saml and proxy | -| secret.labels | object | `{}` | label of secret to store generated secret | -| secret.name | string | `""` | name of secret to store generated secret (like clientI) | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/authentik-application/files/provider/oidc.yaml.gotmpl b/authentik-application/files/provider/oidc.yaml.gotmpl index cc80565..6468f57 100644 --- a/authentik-application/files/provider/oidc.yaml.gotmpl +++ b/authentik-application/files/provider/oidc.yaml.gotmpl @@ -22,14 +22,11 @@ state: present attrs: authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]] - invalidation_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.invalidationFlow }}]] {{- with .Values.blueprint.provider.oidc }} client_type: {{ .clientType | quote }} client_id: {{ $clientID | quote }} client_secret: {{ $clientSecret | quote }} - redirect_uris: - - matching_mode: "strict" - url: {{ .redirectURL | quote }} + redirect_uris: {{ .redirectURL }} {{- with .tokenDuration }} access_token_validity: {{ . | quote }} {{- end }} diff --git a/authentik-application/templates/ingress.yaml b/authentik-application/templates/ingress.yaml index 0cdde0a..3a10ce9 100644 --- a/authentik-application/templates/ingress.yaml +++ b/authentik-application/templates/ingress.yaml @@ -6,10 +6,6 @@ metadata: name: {{ include "authentik-application.fullname" . }} labels: {{- include "authentik-application.labels" . | nindent 4 }} - {{- with .Values.blueprint.provider.proxy.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} spec: rules: - host: {{ .Values.blueprint.provider.proxy.ingress.domain | quote }} @@ -22,8 +18,4 @@ spec: name: {{ .Values.blueprint.provider.proxy.ingress.backend | quote }} port: name: http - {{- with .Values.blueprint.provider.proxy.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/authentik-application/values.yaml b/authentik-application/values.yaml index b3199e5..52fc7f6 100644 --- a/authentik-application/values.yaml +++ b/authentik-application/values.yaml @@ -16,7 +16,6 @@ blueprint: enabled: true name: "" authorizationFlow: "default-provider-authorization-implicit-consent" - invalidationFlow: "default-provider-invalidation-flow" # -- type of application connection, current support: oidc, saml and proxy type: "oidc" oidc: @@ -45,10 +44,6 @@ blueprint: domain: # -- service backend to authentik backend: authentik - # -- annotations to ingress for outpost - annotations: [] - # -- tls to ingress for outpost - tls: [] application: # -- application name in menu name: "" diff --git a/autopush/.gitignore b/autopush/.gitignore deleted file mode 100644 index 31014c3..0000000 --- a/autopush/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -charts/*.tgz -values_test.yaml diff --git a/autopush/.helmignore b/autopush/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/autopush/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/autopush/Chart.lock b/autopush/Chart.lock deleted file mode 100644 index 374ae78..0000000 --- a/autopush/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: redis - repository: oci://docker.io/bitnamicharts - version: 20.6.3 -digest: sha256:393d6daa4bc8cdb66a7b6b34571a98e240890e994cb717e6bd2886dab67d196b -generated: "2025-01-15T22:10:56.598818643+01:00" diff --git a/autopush/Chart.yaml b/autopush/Chart.yaml deleted file mode 100644 index 727c3dc..0000000 --- a/autopush/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v2 -name: autopush -description: A Helm chart for Kubernetes -icon: -type: application -version: 0.0.9 -# renovate: image=docker.io/mozilla-services/autopush-rs -appVersion: "1.72.2" -maintainers: - - name: WrenIX - url: https://wrenix.eu - -dependencies: - - name: redis - version: "20.6.3" - repository: "oci://docker.io/bitnamicharts" - condition: redis.internal diff --git a/autopush/README.md b/autopush/README.md deleted file mode 100644 index 057e0e6..0000000 --- a/autopush/README.md +++ /dev/null @@ -1,186 +0,0 @@ ---- -title: "autopush" - -description: "A Helm chart for Kubernetes" - ---- - -# autopush - -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.72.2](https://img.shields.io/badge/AppVersion-1.72.2-informational?style=flat-square) - -A Helm chart for Kubernetes - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -= Beta - -WARNING -==== -We let it run in production, but it is not stable / complete. - -TODOs: - - [ ] official container with redis backend, see: https://github.com/mozilla-services/autopush-rs/pull/813 - - [ ] automatical create CRYPT_KEY (instatt of key) - - [ ] better ingress / host name support - - [ ] Improve monitoring with alerts and grafana dashboard - -==== - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/autopush -``` - -You can install a chart release using the following command: - -```bash -helm install autopush-release oci://codeberg.org/wrenix/helm-charts/autopush --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall autopush-release -``` - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://docker.io/bitnamicharts | redis | 20.6.3 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| autoconnect.affinity | object | `{}` | | -| autoconnect.image.pullPolicy | string | `"IfNotPresent"` | | -| autoconnect.image.registry | string | `"codeberg.org"` | | -| autoconnect.image.repository | string | `"wrenix/autopush/autoconnect"` | | -| autoconnect.image.tag | string | `"latest"` | | -| autoconnect.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | -| autoconnect.nodeSelector | object | `{}` | | -| autoconnect.podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | -| autoconnect.podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | -| autoconnect.podSecurityContext | object | `{}` | | -| autoconnect.readinessProbe.httpGet.path | string | `"/health"` | | -| autoconnect.readinessProbe.httpGet.port | string | `"http"` | | -| autoconnect.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ | -| autoconnect.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | -| autoconnect.securityContext | object | `{}` | securityContext capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 | -| autoconnect.service.ports.http | int | `80` | | -| autoconnect.service.ports.router | int | `8081` | | -| autoconnect.service.type | string | `"ClusterIP"` | | -| autoconnect.tolerations | list | `[]` | | -| autoconnect.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo mountPath: "/etc/foo" readOnly: true | -| autoendpoint.affinity | object | `{}` | | -| autoendpoint.image.pullPolicy | string | `"IfNotPresent"` | | -| autoendpoint.image.registry | string | `"codeberg.org"` | | -| autoendpoint.image.repository | string | `"wrenix/autopush/autoendpoint"` | | -| autoendpoint.image.tag | string | `"latest"` | | -| autoendpoint.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | -| autoendpoint.nodeSelector | object | `{}` | | -| autoendpoint.podAnnotations | object | `{}` | | -| autoendpoint.podLabels | object | `{}` | | -| autoendpoint.podSecurityContext | object | `{}` | | -| autoendpoint.readinessProbe.httpGet.path | string | `"/health"` | | -| autoendpoint.readinessProbe.httpGet.port | string | `"http"` | | -| autoendpoint.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ | -| autoendpoint.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | -| autoendpoint.securityContext | object | `{}` | | -| autoendpoint.service.port | int | `80` | | -| autoendpoint.service.type | string | `"ClusterIP"` | | -| autoendpoint.tolerations | list | `[]` | | -| autoendpoint.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo mountPath: "/etc/foo" readOnly: true | -| config.cryptoKey | string | `""` | run https://github.com/mozilla-services/autopush-rs/blob/master/scripts/fernet_key.py | -| config.logs.backtrace | bool | `false` | enable backtrace of autopush | -| config.logs.level | string | `"warn"` | set log level of autopush | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| imagePullSecrets | list | `[]` | This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.host | string | `"chart-example.local"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | This is to override the chart name. | -| prometheus.enabled | bool | `true` | start statsd sidecar and configure | -| prometheus.image.pullPolicy | string | `"IfNotPresent"` | | -| prometheus.image.registry | string | `"docker.io"` | | -| prometheus.image.repository | string | `"prom/statsd-exporter"` | | -| prometheus.image.tag | string | `"v0.28.0"` | | -| prometheus.livenessProbe | object | `{"httpGet":{"path":"/","port":"metrics"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | -| prometheus.readinessProbe.httpGet.path | string | `"/"` | | -| prometheus.readinessProbe.httpGet.port | string | `"metrics"` | | -| prometheus.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.default.alertLabels | object | `{}` | | -| prometheus.rules.default.enabled | bool | `true` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.securityContext | object | `{}` | securityContext capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| prometheus.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo mountPath: "/etc/foo" readOnly: true | -| redis.architecture | string | `"standalone"` | | -| redis.auth.enabled | bool | `true` | | -| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time | -| redis.auth.existingSecret | string | `nil` | Or use existing secret with "redis-password" key instead of static password | -| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret | -| redis.auth.password | string | `"autopush"` | XXX Change me! | -| redis.dbid | int | `0` | Database ID for non-default database | -| redis.external.existingSecretPasswordKey | string | `"redis-password"` | Password key to be retrieved from existing secret | -| redis.external.host | string | `"redis"` | | -| redis.external.port | int | `6379` | | -| redis.global.storageClass | string | `""` | | -| redis.internal | bool | `true` | | -| redis.master.persistence.enabled | bool | `true` | | -| redis.master.service.port | int | `6379` | | -| redis.replica.persistence.enabled | bool | `true` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| unifiedPush.affinity | object | `{}` | | -| unifiedPush.config.gateway.allowedHosts | list | `[]` | | -| unifiedPush.config.gateway.generic.enable | bool | `true` | | -| unifiedPush.config.gateway.matrix.enable | bool | `true` | | -| unifiedPush.config.uaid | string | `""` | | -| unifiedPush.config.verbose | bool | `false` | | -| unifiedPush.enabled | bool | `false` | | -| unifiedPush.image.pullPolicy | string | `"IfNotPresent"` | | -| unifiedPush.image.registry | string | `"docker.io"` | | -| unifiedPush.image.repository | string | `"unifiedpush/common-proxies"` | | -| unifiedPush.image.tag | string | `"v2.2.0"` | | -| unifiedPush.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | -| unifiedPush.nodeSelector | object | `{}` | | -| unifiedPush.podAnnotations | object | `{}` | | -| unifiedPush.podLabels | object | `{}` | | -| unifiedPush.podSecurityContext | object | `{}` | | -| unifiedPush.readinessProbe.httpGet.path | string | `"/health"` | | -| unifiedPush.readinessProbe.httpGet.port | string | `"http"` | | -| unifiedPush.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ | -| unifiedPush.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | -| unifiedPush.securityContext | object | `{}` | | -| unifiedPush.service.port | int | `80` | | -| unifiedPush.service.type | string | `"ClusterIP"` | | -| unifiedPush.tolerations | list | `[]` | | -| unifiedPush.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo mountPath: "/etc/foo" readOnly: true | -| volumes | list | `[]` | Additional volumes on the output Deployment definition. - name: foo secret: secretName: mysecret optional: false | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/autopush/_docs.gotmpl b/autopush/_docs.gotmpl deleted file mode 100644 index fb13262..0000000 --- a/autopush/_docs.gotmpl +++ /dev/null @@ -1,15 +0,0 @@ -{{ define "chart.prerequirements" -}} -= Beta - -WARNING -==== -We let it run in production, but it is not stable / complete. - -TODOs: - - [ ] official container with redis backend, see: https://github.com/mozilla-services/autopush-rs/pull/813 - - [ ] automatical create CRYPT_KEY (instatt of key) - - [ ] better ingress / host name support - - [ ] Improve monitoring with alerts and grafana dashboard - -==== -{{ end }} diff --git a/autopush/ci/ct-empty-values.yaml b/autopush/ci/ct-empty-values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/autopush/ci/ct-monitor-values.yaml b/autopush/ci/ct-monitor-values.yaml deleted file mode 100644 index f589e9d..0000000 --- a/autopush/ci/ct-monitor-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -prometheus: - enabled: true - servicemonitor: - enabled: true - labels: - prometheus: default diff --git a/autopush/container/Containerfile b/autopush/container/Containerfile deleted file mode 100644 index 25167df..0000000 --- a/autopush/container/Containerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM python:3.13-slim - -# Set the working directory -WORKDIR /app - -# Copy the requirements file -COPY requirements.txt . - -# Install any needed packages -RUN pip install -r requirements.txt - -# Copy the application code into the container -COPY setup.py setup.py - -CMD ["python", "setup.py"] diff --git a/autopush/container/requirements.txt b/autopush/container/requirements.txt deleted file mode 100644 index 0d38bc5..0000000 --- a/autopush/container/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -cryptography diff --git a/autopush/container/setup.py b/autopush/container/setup.py deleted file mode 100644 index 3cbdcd2..0000000 --- a/autopush/container/setup.py +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/env python3 -from cryptography.fernet import Fernet - -if __name__ == '__main__': - print(Fernet.generate_key().decode("UTF-8")) diff --git a/autopush/grafana_dashboards/overview.json b/autopush/grafana_dashboards/overview.json deleted file mode 100644 index f0c0390..0000000 --- a/autopush/grafana_dashboards/overview.json +++ /dev/null @@ -1,355 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 4, - "panels": [], - "title": "Push", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 9, - "x": 0, - "y": 1 - }, - "id": 1, - "options": { - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": true, - "values": [ - "percent" - ] - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "11.4.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(autopush_notification_message_retrieved{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)", - "legendFormat": "Retrieved: {{namespace}}", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(autopush_notification_message_deleted{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)", - "hide": false, - "instant": false, - "legendFormat": "Deleted: {{namespace}}", - "range": true, - "refId": "B" - } - ], - "title": "Notification Message", - "transparent": true, - "type": "piechart" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 8, - "x": 10, - "y": 1 - }, - "id": 2, - "options": { - "legend": { - "displayMode": "list", - "placement": "right", - "showLegend": true, - "values": [ - "percent" - ] - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "11.4.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(autopush_ua_notification_sent{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)", - "hide": false, - "instant": false, - "legendFormat": "OS: {{namespace}}/{{os}}", - "range": true, - "refId": "A" - } - ], - "title": "UA Notify Send", - "transparent": true, - "type": "piechart" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 9 - }, - "id": 5, - "panels": [], - "title": "Endpoint", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 10 - }, - "id": 3, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "11.4.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(autoendpoint_api_error_no_subscription{namespace=~\"$namespace\"}[$__range])) without(container,endpoint,instance,pod,service,job)", - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "No Subscription API Error", - "transparent": true, - "type": "timeseries" - } - ], - "preload": false, - "refresh": "", - "schemaVersion": 40, - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "prometheus" - }, - "label": "datasource", - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "current": { - "text": [ - "chaos-autopush" - ], - "value": [ - "chaos-autopush" - ] - }, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(statsd_exporter_build_info,namespace)", - "includeAll": true, - "multi": true, - "name": "namespace", - "options": [], - "query": { - "qryType": 1, - "query": "label_values(statsd_exporter_build_info,namespace)", - "refId": "PrometheusVariableQueryEditor-VariableQuery" - }, - "refresh": 1, - "regex": "", - "type": "query" - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": {}, - "timezone": "browser", - "title": "Autopush: Overview", - "version": 0, - "weekStart": "" -} diff --git a/autopush/templates/_helpers.tpl b/autopush/templates/_helpers.tpl deleted file mode 100644 index 237e348..0000000 --- a/autopush/templates/_helpers.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "autopush.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "autopush.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "autopush.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "autopush.labels" -}} -helm.sh/chart: {{ include "autopush.chart" . }} -{{ include "autopush.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "autopush.selectorLabels" -}} -app.kubernetes.io/name: {{ include "autopush.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "autopush.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "autopush.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Prometheus-sidecar -*/}} -{{- define "autopush.containerPrometheus" -}} -{{- with .Values.prometheus }} -{{- if .enabled }} -- name: statsd-exporter - securityContext: - {{- toYaml .securityContext | nindent 4 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - name: metrics - containerPort: 9102 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 4 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 4 }} - resources: - {{- toYaml .resources | nindent 4 }} - {{- with .volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/autopush/templates/autoconnect/deployment.yaml b/autopush/templates/autoconnect/deployment.yaml deleted file mode 100644 index de027ec..0000000 --- a/autopush/templates/autoconnect/deployment.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- with .Values.autoconnect }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "autopush.fullname" $ }}-autoconnect - labels: - {{- include "autopush.labels" $ | nindent 4 }} -spec: - replicas: {{ .replicaCount }} - selector: - matchLabels: - {{- include "autopush.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: autoconnect - template: - metadata: - {{- with .podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "autopush.labels" $ | nindent 8 }} - app.kubernetes.io/component: autoconnect - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "autopush.serviceAccountName" $ }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: autoconnect - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "autopush.fullname" $ }}-env - env: - - name: "AUTOCONNECT__DB_DSN" - {{- if $.Values.redis.auth.enabled }} - value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST)" - {{- else }} - value: "redis://$(REDIS_HOST)" - {{- end }} - - name: "AUTOCONNECT__CRYPTO_KEY" - valueFrom: - secretKeyRef: - name: {{ include "autopush.fullname" $ }}-env - key: "CRYPTO_KEY" - ports: - - name: http - containerPort: 8080 - protocol: TCP - - name: router - containerPort: {{ .service.ports.router }} - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- with .volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- include "autopush.containerPrometheus" $ | nindent 8 }} - {{- with .volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/autopush/templates/autoconnect/service.yaml b/autopush/templates/autoconnect/service.yaml deleted file mode 100644 index b94b1fc..0000000 --- a/autopush/templates/autoconnect/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "autopush.fullname" . }}-autoconnect - labels: - {{- include "autopush.labels" . | nindent 4 }} - app.kubernetes.io/metrics: "true" -spec: - type: {{ .Values.autoconnect.service.type }} - selector: - {{- include "autopush.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: autoconnect - ports: - - port: {{ .Values.autoconnect.service.ports.http }} - targetPort: http - protocol: TCP - name: http - - port: {{ .Values.autoconnect.service.ports.router }} - targetPort: router - protocol: TCP - name: router - {{- if .Values.prometheus.enabled }} - - port: 9100 - targetPort: metrics - protocol: TCP - name: metrics - {{- end }} diff --git a/autopush/templates/autoendpoint/deployment.yaml b/autopush/templates/autoendpoint/deployment.yaml deleted file mode 100644 index f738b48..0000000 --- a/autopush/templates/autoendpoint/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{- with .Values.autoendpoint }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "autopush.fullname" $ }}-autoendpoint - labels: - {{- include "autopush.labels" $ | nindent 4 }} -spec: - replicas: {{ .replicaCount }} - selector: - matchLabels: - {{- include "autopush.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: autoendpoint - template: - metadata: - {{- with .podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "autopush.labels" $ | nindent 8 }} - app.kubernetes.io/component: autoendpoint - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "autopush.serviceAccountName" $ }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: autoendpoint - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "autopush.fullname" $ }}-env - env: - - name: "AUTOEND__DB_DSN" - {{- if $.Values.redis.auth.enabled }} - value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST)" - {{- else }} - value: "redis://$(REDIS_HOST)" - {{- end }} - - name: "AUTOEND__CRYPTO_KEYS" - valueFrom: - secretKeyRef: - name: {{ include "autopush.fullname" $ }}-env - key: "CRYPTO_KEY" - ports: - - name: http - containerPort: 8000 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- with .volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- include "autopush.containerPrometheus" $ | nindent 8 }} - {{- with .volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/autopush/templates/autoendpoint/service.yaml b/autopush/templates/autoendpoint/service.yaml deleted file mode 100644 index 94f3eac..0000000 --- a/autopush/templates/autoendpoint/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "autopush.fullname" . }}-autoendpoint - labels: - {{- include "autopush.labels" . | nindent 4 }} - app.kubernetes.io/metrics: "true" -spec: - type: {{ .Values.autoendpoint.service.type }} - selector: - {{- include "autopush.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: autoendpoint - ports: - - port: {{ .Values.autoendpoint.service.port }} - targetPort: http - protocol: TCP - name: http - {{- if .Values.prometheus.enabled }} - - port: 9100 - targetPort: metrics - protocol: TCP - name: metrics - {{- end }} diff --git a/autopush/templates/configmap_grafana_dashboards.yaml b/autopush/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 0b8850c..0000000 --- a/autopush/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "autopush.fullname" . }}-grafana-dashboards - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- toYaml .Values.grafana.dashboards.labels | nindent 4 }} - annotations: - {{- toYaml .Values.grafana.dashboards.annotations | nindent 4 }} -data: - {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/autopush/templates/ingress.yaml b/autopush/templates/ingress.yaml deleted file mode 100644 index a5e2dd4..0000000 --- a/autopush/templates/ingress.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "autopush.fullname" . }} - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} - {{- end }} - {{- with .Values.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} - rules: - - host: {{ .Values.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "autopush.fullname" $ }}-autoconnect - port: - name: http - - host: {{ printf "updates.%s" .Values.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "autopush.fullname" $ }}-autoendpoint - port: - name: http - {{- with .Values.unifiedPush }} - {{- if .enabled }} - {{- if .config.gateway.generic.enable }} - - path: /generic/ - pathType: Prefix - backend: - service: - name: {{ include "autopush.fullname" $ }}-unifiedpush - port: - name: http - {{- end }} - {{- if .config.gateway.matrix.enable }} - - path: /_matrix/push/v1/notify - pathType: Prefix - backend: - service: - name: {{ include "autopush.fullname" $ }}-unifiedpush - port: - name: http - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/autopush/templates/prometheus-rules.yaml b/autopush/templates/prometheus-rules.yaml deleted file mode 100644 index c7d1b34..0000000 --- a/autopush/templates/prometheus-rules.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.prometheus.rules.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "autopush.fullname" . }} - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- with .Values.prometheus.rules.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - groups: - {{- if .Values.prometheus.rules.default.enabled }} - - name: {{ template "autopush.fullname" . }}-Endpoint - rules: - - alert: "autopush: No Subscription API Error" - expr: 'sum(increase(autoendpoint_api_error_no_subscription{}[1h])) without (container,endpoint,pod,instance) > 0' - for: 5m - labels: - severity: critical - {{- with .Values.prometheus.rules.default.alertLabels }} - {{- toYaml . | nindent 12 }} - {{- end }} - annotations: - {{` - summary: "autoendpoint: No Subscription API Error in {{ $labels.namespace }}/{{ $labels.job }} increate in the last hour" - `}} - {{/* - - name: {{ template "autopush.fullname" . }}-Push - rules: - */}} - {{- end }} - {{- with .Values.prometheus.rules.additionalRules }} - - name: {{ template "autopush.fullname" $ }}-Additional - rules: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/autopush/templates/secret.yaml b/autopush/templates/secret.yaml deleted file mode 100644 index bb84a35..0000000 --- a/autopush/templates/secret.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "autopush.fullname" . }}-env - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" -type: Opaque -data: - {{/* GLOBAL */}} - RUST_BACKTRACE: {{ ternary "1" "0" .Values.config.logs.backtrace | b64enc }} - RUST_LOG: {{ .Values.config.logs.level | b64enc }} - {{- with .Values.redis }} - {{- if .auth.enabled }} - {{- with .auth.password }} - REDIS_HOST_PASSWORD: {{ . | b64enc }} - {{- end }} - {{- end }} - {{- if .internal }} - REDIS_HOST: {{ printf "%s-redis-master:%.0f/%.0f" (include "autopush.fullname" $) .master.service.port .dbid | b64enc }} - {{- else }} - REDIS_HOST: {{ printf "%s:%s/$.0f" .external.host .external.port .dbid | b64enc }} - {{- end }} - {{- end }} - CRYPTO_KEY: {{ printf "[%s]" .Values.config.cryptoKey | b64enc }} - {{/* autoconnect */}} - {{- if .Values.ingress.tls }} - AUTOCONNECT__ENDPOINT_SCHEME: {{ "https" | b64enc }} - AUTOCONNECT__ENDPOINT_PORT: {{ "443" | b64enc }} - {{- else }} - AUTOCONNECT__ENDPOINT_SCHEME: {{ "http" | b64enc }} - AUTOCONNECT__ENDPOINT_PORT: {{ "80" | b64enc }} - {{- end }} - AUTOCONNECT__ENDPOINT_HOSTNAME: {{ printf "updates.%s" .Values.ingress.host | b64enc }} - AUTOCONNECT__ROUTER_HOSTNAME: {{ printf "%s-autoconnect" (include "autopush.fullname" .) | b64enc }} - AUTOCONNECT__ROUTER_PORT: {{ toYaml .Values.autoconnect.service.ports.router | b64enc }} - {{- if .Values.prometheus.enabled }} - AUTOCONNECT__STATSD_HOST: {{ "127.0.0.1" | b64enc}} - AUTOCONNECT__STATSD_PORT: {{ "9125" | b64enc }} - {{- end }} - {{/* autoendpoint */}} - AUTOEND__HOST: {{ "::" | b64enc }} - {{- if .Values.ingress.tls }} - AUTOEND__ENDPOINT_URL: {{ printf "https://updates.%s" .Values.ingress.host | b64enc }} - {{- else }} - AUTOEND__ENDPOINT_URL: {{ printf "http://updates.%s" .Values.ingress.host | b64enc }} - {{- end }} - {{- if .Values.prometheus.enabled }} - AUTOEND__STATSD_HOST: {{ "127.0.0.1" | b64enc }} - AUTOEND__STATSD_PORT: {{ "9125" | b64enc }} - {{- end }} diff --git a/autopush/templates/serviceaccount.yaml b/autopush/templates/serviceaccount.yaml deleted file mode 100644 index f341e97..0000000 --- a/autopush/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "autopush.serviceAccountName" . }} - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/autopush/templates/servicemonitor.yaml b/autopush/templates/servicemonitor.yaml deleted file mode 100644 index 44569c5..0000000 --- a/autopush/templates/servicemonitor.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "autopush.fullname" . }} - labels: - {{- include "autopush.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "autopush.selectorLabels" . | nindent 6 }} - app.kubernetes.io/metrics: "true" - endpoints: - - port: metrics -{{- end }} diff --git a/autopush/templates/unifiedpush/deployment.yaml b/autopush/templates/unifiedpush/deployment.yaml deleted file mode 100644 index 62ddbd5..0000000 --- a/autopush/templates/unifiedpush/deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- with .Values.unifiedPush }} -{{- if .enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "autopush.fullname" $ }}-unifiedpush - labels: - {{- include "autopush.labels" $ | nindent 4 }} -spec: - replicas: {{ .replicaCount }} - selector: - matchLabels: - {{- include "autopush.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: unifiedpush - template: - metadata: - {{- with .podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "autopush.labels" $ | nindent 8 }} - app.kubernetes.io/component: unifiedpush - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "autopush.serviceAccountName" $ }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: common-proxies - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "UP_LISTEN" - value: ":8080" - {{- if .config.verbose }} - - name: "UP_VERBOSE" - value: "true" - {{- end }} - {{- with .config.uaid }} - - name: "UP_UAID" - value: {{ . | quote }} - {{- end }} - {{- if .config.gateway.generic.enable }} - - name: "UP_GATEWAY_GENERIC_ENABLE" - value: "true" - {{- end }} - {{- if .config.gateway.matrix.enable }} - - name: "UP_GATEWAY_MATRIX_ENABLE" - value: "true" - {{- end }} - {{- with .config.gateway.allowedHosts }} - - name: "UP_GATEWAY_ALLOWEDHOSTS" - value: {{ join "," . | quote }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- with .volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/autopush/templates/unifiedpush/service.yaml b/autopush/templates/unifiedpush/service.yaml deleted file mode 100644 index 300a35c..0000000 --- a/autopush/templates/unifiedpush/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.unifiedPush.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "autopush.fullname" . }}-unifiedpush - labels: - app.kubernetes.io/metrics: "true" - {{- include "autopush.labels" . | nindent 4 }} -spec: - type: {{ .Values.unifiedPush.service.type }} - selector: - {{- include "autopush.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: unifiedpush - ports: - - port: {{ .Values.unifiedPush.service.port }} - targetPort: http - protocol: TCP - name: http -{{- end }} diff --git a/autopush/values.yaml b/autopush/values.yaml deleted file mode 100644 index e17ad54..0000000 --- a/autopush/values.yaml +++ /dev/null @@ -1,378 +0,0 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -# -- This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# -- This is to override the chart name. -nameOverride: "" -fullnameOverride: "" - - -config: - logs: - # -- set log level of autopush - level: warn - # -- enable backtrace of autopush - backtrace: false - # -- run https://github.com/mozilla-services/autopush-rs/blob/master/scripts/fernet_key.py - cryptoKey: "" - -prometheus: - # -- start statsd sidecar and configure - enabled: true - - servicemonitor: - enabled: false - labels: {} - rules: - enabled: false - labels: {} - default: - enabled: true - alertLabels: {} - additionalRules: [] - - image: - registry: docker.io - repository: prom/statsd-exporter - pullPolicy: IfNotPresent - tag: v0.28.0 - - # -- securityContext - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - securityContext: {} - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - resources: {} - - # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - httpGet: - path: / - port: metrics - readinessProbe: - httpGet: - path: / - port: metrics - - # -- Additional volumeMounts on the output Deployment definition. - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - volumeMounts: [] - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -## This configuration is for the internal Redis that's deployed for use with -## workers/sharding, for an external Redis server you want to set enabled to -## false and configure the externalRedis block. -## -redis: - internal: true - # -- Database ID for non-default database - dbid: 0 - - auth: - enabled: true - # -- XXX Change me! - password: autopush - # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time - existingSecret: "" - # -- Password key to be retrieved from existing secret - existingSecretPasswordKey: "" - - # -- Or use existing secret with "redis-password" key instead of static password - existingSecret: - external: - host: redis - port: 6379 - - # -- Password key to be retrieved from existing secret - existingSecretPasswordKey: redis-password - - - architecture: standalone - global: - storageClass: "" - master: - persistence: - enabled: true - service: - port: 6379 - replica: - persistence: - enabled: true - -autoconnect: - # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ - replicaCount: 1 - image: - registry: codeberg.org - repository: wrenix/autopush/autoconnect - pullPolicy: IfNotPresent - tag: latest - # -- This is for setting Kubernetes Annotations to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - # -- This is for setting Kubernetes Labels to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - podSecurityContext: {} - # fsGroup: 2000 - - # -- securityContext - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - securityContext: {} - - # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ - service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - ports: - http: 80 - router: 8081 - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - resources: {} - - # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - httpGet: - path: /health - port: http - readinessProbe: - httpGet: - path: /health - port: http - - # -- Additional volumeMounts on the output Deployment definition. - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - volumeMounts: [] - -autoendpoint: - # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ - replicaCount: 1 - image: - registry: codeberg.org - repository: wrenix/autopush/autoendpoint - pullPolicy: IfNotPresent - tag: latest - - # This is for setting Kubernetes Annotations to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - # This is for setting Kubernetes Labels to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ - service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - port: 80 - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - resources: {} - - # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - httpGet: - path: /health - port: http - readinessProbe: - httpGet: - path: /health - port: http - - # -- Additional volumeMounts on the output Deployment definition. - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - volumeMounts: [] - -unifiedPush: - enabled: false - # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ - replicaCount: 1 - image: - registry: docker.io - repository: unifiedpush/common-proxies - pullPolicy: IfNotPresent - tag: "v2.2.0" - - config: - verbose: false - uaid: "" - gateway: - generic: - enable: true - matrix: - enable: true - allowedHosts: [] - - # This is for setting Kubernetes Annotations to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - # This is for setting Kubernetes Labels to a Pod. - # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - podLabels: {} - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ - service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - port: 80 - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - resources: {} - - # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - livenessProbe: - httpGet: - path: /health - port: http - readinessProbe: - httpGet: - path: /health - port: http - - # -- Additional volumeMounts on the output Deployment definition. - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - volumeMounts: [] - - -# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - host: chart-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - -# -- Additional volumes on the output Deployment definition. -# - name: foo -# secret: -# secretName: mysecret -# optional: false -volumes: [] diff --git a/conduit/Chart.yaml b/conduit/Chart.yaml index f08ac21..08a6220 100644 --- a/conduit/Chart.yaml +++ b/conduit/Chart.yaml @@ -3,9 +3,8 @@ name: conduit description: Conduit is a simple, fast and reliable chat server powered by Matrix. icon: https://conduit.rs/conduit.svg type: application -version: "1.0.2" -# renovate: image=docker.io/matrixconduit/matrix-conduit -appVersion: "0.9.0" +version: 0.2.2 +appVersion: "0.6.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/conduit/README.adoc b/conduit/README.adoc new file mode 100644 index 0000000..5071413 --- /dev/null +++ b/conduit/README.adoc @@ -0,0 +1,406 @@ + + += conduit + +image::https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square[Version: 0.2.2] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square[AppVersion: 0.6.0] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/conduit +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install conduit-release oci://codeberg.org/wrenix/helm-charts/conduit --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall conduit-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| conduit.allowEncryption +| bool +| `true` +| + +| conduit.allowFederation +| bool +| `true` +| + +| conduit.allowRegistration +| bool +| `false` +| + +| conduit.allowRoomCreation +| bool +| `true` +| + +| conduit.allowUnstableRoomVersions +| bool +| `true` +| + +| conduit.log +| string +| `nil` +| + +| conduit.maxConcurrentRequests +| string +| `nil` +| + +| conduit.maxRequestSize +| string +| `"20000000"` +| in bytes default 20 MB + +| conduit.registrationToken +| string +| `nil` +| + +| conduit.server_name +| string +| `"your.server.name"` +| + +| conduit.trustedServers[0] +| string +| `"matrix.org"` +| + +| conduit.wellKnownClient +| string +| `"your.server.name"` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.repository +| string +| `"registry.gitlab.com/famedly/conduit/matrix-conduit"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `6167` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| + +| wellknown.affinity +| object +| `{}` +| + +| wellknown.client."m.homeserver".base_url +| string +| `"https://your.server.name/"` +| + +| wellknown.client."org.matrix.msc3575.proxy".url +| string +| `"https://your.server.name/"` +| + +| wellknown.containerPort +| int +| `80` +| + +| wellknown.enabled +| bool +| `true` +| + +| wellknown.env +| list +| `[]` +| + +| wellknown.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| wellknown.image.repository +| string +| `"nginx"` +| + +| wellknown.image.tag +| string +| `"1.25"` +| + +| wellknown.nodeSelector +| object +| `{}` +| + +| wellknown.podAnnotations +| list +| `[]` +| + +| wellknown.podLabels +| object +| `{}` +| + +| wellknown.podSecurityContext +| object +| `{}` +| + +| wellknown.replicaCount +| int +| `1` +| + +| wellknown.resources +| object +| `{}` +| + +| wellknown.securityContext +| object +| `{}` +| + +| wellknown.server."m.server" +| string +| `"your.server.name:443"` +| + +| wellknown.service.annotations +| object +| `{}` +| + +| wellknown.service.port +| int +| `8080` +| + +| wellknown.service.type +| string +| `"ClusterIP"` +| + +| wellknown.tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/conduit/README.md b/conduit/README.md deleted file mode 100644 index 077d31e..0000000 --- a/conduit/README.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: "conduit" - -description: "Conduit is a simple, fast and reliable chat server powered by Matrix." - ---- - -# conduit - -![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) - -Conduit is a simple, fast and reliable chat server powered by Matrix. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/conduit -``` - -You can install a chart release using the following command: - -```bash -helm install conduit-release oci://codeberg.org/wrenix/helm-charts/conduit --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall conduit-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| conduit.allowEncryption | bool | `true` | | -| conduit.allowFederation | bool | `true` | | -| conduit.allowRegistration | bool | `false` | | -| conduit.allowRoomCreation | bool | `true` | | -| conduit.allowUnstableRoomVersions | bool | `true` | | -| conduit.log | string | `nil` | | -| conduit.maxConcurrentRequests | string | `nil` | | -| conduit.maxRequestSize | string | `"20000000"` | in bytes default 20 MB | -| conduit.registrationToken | string | `nil` | | -| conduit.server_name | string | `"your.server.name"` | | -| conduit.trustedServers[0] | string | `"matrix.org"` | | -| conduit.wellKnown.client | string | `""` | client well-known configuration in conduit | -| conduit.wellKnown.server | string | `"https://your.server.name"` | server well-known configuration in conduit | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"matrixconduit/matrix-conduit"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `6167` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| wellknown.affinity | object | `{}` | | -| wellknown.client | object | `{"m.homeserver":{"base_url":"https://your.server.name/"},"org.matrix.msc3575.proxy":{"url":"https://your.server.name/"}}` | client entry in well-known | -| wellknown.containerPort | int | `80` | | -| wellknown.enabled | bool | `false` | | -| wellknown.env | list | `[]` | | -| wellknown.image.pullPolicy | string | `"IfNotPresent"` | | -| wellknown.image.registry | string | `"docker.io"` | | -| wellknown.image.repository | string | `"library/nginx"` | | -| wellknown.image.tag | string | `"1.27.3"` | | -| wellknown.nginxServerConf | string | `"server {\n listen {{ .containerPort }};\n server_name localhost;\n\n location /.well-known/matrix/server {\n return 200 {{ toJson .server | quote }};\n types { } default_type \"application/json; charset=utf-8\";\n }\n\n location /.well-known/matrix/client {\n return 200 {{ toJson .client | quote }};\n types { } default_type \"application/json; charset=utf-8\";\n add_header \"Access-Control-Allow-Origin\" *;\n }\n\n location / {\n # return 200 'Welcome to the your.server.name conduit server!';\n # types { } default_type \"text/plain; charset=utf-8\";\n return 404;\n }\n\n location /nginx_health {\n return 200 'OK';\n types { } default_type \"text/plain; charset=utf-8\";\n }\n}"` | nginx config | -| wellknown.nodeSelector | object | `{}` | | -| wellknown.podAnnotations | list | `[]` | | -| wellknown.podLabels | object | `{}` | | -| wellknown.podSecurityContext | object | `{}` | | -| wellknown.replicaCount | int | `1` | | -| wellknown.resources | object | `{}` | | -| wellknown.rewriteRoot | bool | `false` | if ingress is enabled: specifies whether ingress should redirect the `/`-Location to the wellknown server | -| wellknown.securityContext | object | `{}` | | -| wellknown.server | object | `{"m.server":"your.server.name:443"}` | server entry in well-known | -| wellknown.service.annotations | object | `{}` | | -| wellknown.service.port | int | `8080` | | -| wellknown.service.type | string | `"ClusterIP"` | | -| wellknown.tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/conduit/ci/empty-values.yaml b/conduit/ci/empty-values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/conduit/ci/well-known-values.yaml b/conduit/ci/well-known-values.yaml deleted file mode 100644 index 0982dd2..0000000 --- a/conduit/ci/well-known-values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -conduit: - server_name: test.wrenix.eu - wellKnown: - server: "overwritten-test:443" - client: "https://overwritten-test" - -wellknown: - enabled: true - -ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - host: test.wrenix.eu - paths: - - path: / - pathType: Prefix - tls: - - secretName: test - hosts: - - test.wrenix.eu diff --git a/conduit/templates/deployment.yaml b/conduit/templates/deployment.yaml index 8c10770..9514288 100644 --- a/conduit/templates/deployment.yaml +++ b/conduit/templates/deployment.yaml @@ -38,9 +38,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http @@ -63,8 +61,6 @@ spec: value: "0.0.0.0" - name: "CONDUIT_SERVER_NAME" value: {{ .Values.conduit.server_name | quote }} - - name: "CONDUIT_CONFIG" - value: "" - name: "CONDUIT_DATABASE_PATH" value: "/var/lib/matrix-conduit" - name: "CONDUIT_DATABASE_BACKEND" @@ -97,14 +93,10 @@ spec: - name: "CONDUIT_REGISTRATION_TOKEN" value: {{ . | quote }} {{- end }} - {{- with .Values.conduit.wellKnown.client }} + {{- with .Values.conduit.wellKnownClient }} - name: "CONDUIT_WELL_KNOWN_CLIENT" value: {{ . | quote }} {{- end }} - {{- with .Values.conduit.wellKnown.server }} - - name: "CONDUIT_WELL_KNOWN_SERVER" - value: {{ . | quote }} - {{- end }} volumeMounts: - name: "data" mountPath: "/var/lib/matrix-conduit" @@ -131,4 +123,4 @@ spec: claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "conduit.fullname" . }}{{- end }} {{- else }} emptyDir: {} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/conduit/templates/ingress.yaml b/conduit/templates/ingress.yaml index 851dbf3..1962e8b 100644 --- a/conduit/templates/ingress.yaml +++ b/conduit/templates/ingress.yaml @@ -76,14 +76,5 @@ spec: name: {{ include "conduit.fullname" . }}-wellknown port: name: http - {{- if .Values.wellknown.rewriteRoot }} - - path: / - pathType: Exact - backend: - service: - name: {{ include "conduit.fullname" . }}-wellknown - port: - name: http - {{- end }} {{- end }} {{- end }} diff --git a/conduit/templates/wellknown/configmap.yaml b/conduit/templates/wellknown/configmap.yaml index d902f1e..868c59c 100644 --- a/conduit/templates/wellknown/configmap.yaml +++ b/conduit/templates/wellknown/configmap.yaml @@ -2,11 +2,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "conduit.fullname" . }}-nginx-wellknown + name: {{ include "conduit.fullname" . }}-wellknown labels: {{- include "conduit.labels" . | nindent 4 }} data: - {{- with .Values.wellknown}} - default.conf: {{ tpl .nginxServerConf . | toYaml | nindent 4 }} - {{- end }} -{{- end }} + server: {{ toJson .Values.wellknown.server | quote }} + client: {{ toJson .Values.wellknown.client | quote }} +{{- end }} \ No newline at end of file diff --git a/conduit/templates/wellknown/deployment.yaml b/conduit/templates/wellknown/deployment.yaml index 9ccd0c7..7f4a54d 100644 --- a/conduit/templates/wellknown/deployment.yaml +++ b/conduit/templates/wellknown/deployment.yaml @@ -5,13 +5,14 @@ metadata: name: {{ include "conduit.fullname" . }}-wellknown labels: {{- include "conduit.labels" . | nindent 4 }} - app.kubernetes.io/component: wellknown spec: - replicas: {{ .Values.wellknown.replicaCount }} + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} selector: matchLabels: {{- include "conduit.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: wellknown + type: wellknown template: metadata: {{- with .Values.wellknown.podAnnotations }} @@ -20,7 +21,6 @@ spec: {{- end }} labels: {{- include "conduit.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: wellknown {{- with .Values.wellknown.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -37,9 +37,7 @@ spec: - name: wellknown securityContext: {{- toYaml .Values.wellknown.securityContext | nindent 12 }} - {{- with .Values.wellknown.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag }}" - {{- end }} + image: "{{ .Values.wellknown.image.repository }}:{{ .Values.wellknown.image.tag }}" imagePullPolicy: {{ .Values.wellknown.image.pullPolicy }} ports: - name: http @@ -47,19 +45,17 @@ spec: protocol: TCP livenessProbe: httpGet: - path: /nginx_health + path: / port: http readinessProbe: httpGet: - path: /nginx_health + path: / port: http resources: - {{- toYaml .Values.wellknown.resources | nindent 12 }} + {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - - name: "wellknown-nginx-conf" - mountPath: "/etc/nginx/conf.d/default.conf" - subPath: default.conf - readOnly: true + - name: "data" + mountPath: "/usr/share/nginx/html/.well-known/matrix/" {{- with .Values.wellknown.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -73,7 +69,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - - name: "wellknown-nginx-conf" + - name: "data" configMap: - name: {{ include "conduit.fullname" . }}-nginx-wellknown -{{- end }} + name: {{ include "conduit.fullname" . }}-wellknown +{{- end }} \ No newline at end of file diff --git a/conduit/values.yaml b/conduit/values.yaml index 9e45997..c5e8d6b 100644 --- a/conduit/values.yaml +++ b/conduit/values.yaml @@ -5,8 +5,7 @@ replicaCount: 1 image: - registry: docker.io - repository: matrixconduit/matrix-conduit + repository: registry.gitlab.com/famedly/conduit/matrix-conduit pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -40,19 +39,14 @@ conduit: # log: "warn,rocket=off,_=off,sled=off" log: registrationToken: - wellKnown: - # -- client well-known configuration in conduit - client: "" - # -- server well-known configuration in conduit - server: "https://your.server.name" + wellKnownClient: "your.server.name" wellknown: - enabled: false + enabled: true image: - registry: docker.io - repository: library/nginx + repository: nginx pullPolicy: IfNotPresent - tag: "1.27.3" + tag: "1.25" replicaCount: 1 podLabels: {} @@ -71,48 +65,15 @@ wellknown: port: 8080 annotations: {} - # -- if ingress is enabled: specifies whether ingress should redirect the `/`-Location to the wellknown server - rewriteRoot: false - - # -- server entry in well-known + # TO EDIT: server: "m.server": "your.server.name:443" - # -- client entry in well-known client: "m.homeserver": "base_url": "https://your.server.name/" "org.matrix.msc3575.proxy": "url": "https://your.server.name/" - # -- nginx config - nginxServerConf: |- - server { - listen {{ .containerPort }}; - server_name localhost; - - location /.well-known/matrix/server { - return 200 {{ toJson .server | quote }}; - types { } default_type "application/json; charset=utf-8"; - } - - location /.well-known/matrix/client { - return 200 {{ toJson .client | quote }}; - types { } default_type "application/json; charset=utf-8"; - add_header "Access-Control-Allow-Origin" *; - } - - location / { - # return 200 'Welcome to the your.server.name conduit server!'; - # types { } default_type "text/plain; charset=utf-8"; - return 404; - } - - location /nginx_health { - return 200 'OK'; - types { } default_type "text/plain; charset=utf-8"; - } - } - podLabels: {} podAnnotations: {} diff --git a/ct.yaml b/ct.yaml index abe9bc8..f3f3954 100644 --- a/ct.yaml +++ b/ct.yaml @@ -1,4 +1,4 @@ target-branch: main -since: HEAD~1 +since: HEAD~2 chart-dirs: - . diff --git a/docs/antora.yml b/docs/antora.yml new file mode 100644 index 0000000..1bbd506 --- /dev/null +++ b/docs/antora.yml @@ -0,0 +1,8 @@ +name: wrenix-helm +title: "WrenIX's Helm charts" +version: + main: latest + +nav: + - modules/ROOT/nav.adoc + - modules/charts/nav.adoc diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc new file mode 100644 index 0000000..5d67faa --- /dev/null +++ b/docs/modules/ROOT/nav.adoc @@ -0,0 +1 @@ +* xref:index.adoc[Home] diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc new file mode 120000 index 0000000..2cfd4f7 --- /dev/null +++ b/docs/modules/ROOT/pages/index.adoc @@ -0,0 +1 @@ +../../../../README.adoc \ No newline at end of file diff --git a/docs/modules/charts/generate.sh b/docs/modules/charts/generate.sh new file mode 100755 index 0000000..cb87b5f --- /dev/null +++ b/docs/modules/charts/generate.sh @@ -0,0 +1,14 @@ +#!/bin/sh +ROOT_DIR="./docs/modules/charts/" + +echo "* charts" > "${ROOT_DIR}/nav.adoc" +for name in * ; do + if \ + [ ! -d $name ] || \ + [ ! -f $name/Chart.yaml ] \ + ; then + continue; + fi + ln -sf "../../../../${name}/README.adoc" "${ROOT_DIR}/pages/${name}.adoc"; + echo "** xref:${name}.adoc[${name}]" >> "${ROOT_DIR}/nav.adoc" +done diff --git a/docs/modules/charts/nav.adoc b/docs/modules/charts/nav.adoc new file mode 100644 index 0000000..a798632 --- /dev/null +++ b/docs/modules/charts/nav.adoc @@ -0,0 +1,16 @@ +* charts +** xref:alertmanager-matrix.adoc[alertmanager-matrix] +** xref:alertmanager-ntfy.adoc[alertmanager-ntfy] +** xref:authentik-application.adoc[authentik-application] +** xref:conduit.adoc[conduit] +** xref:forgejo-runner.adoc[forgejo-runner] +** xref:grampsweb.adoc[grampsweb] +** xref:headscale.adoc[headscale] +** xref:headscale-ui.adoc[headscale-ui] +** xref:hydrogen-web.adoc[hydrogen-web] +** xref:jellyfin.adoc[jellyfin] +** xref:miniserve.adoc[miniserve] +** xref:monitoring.adoc[monitoring] +** xref:ntfy.adoc[ntfy] +** xref:postgresql.adoc[postgresql] +** xref:stalwart.adoc[stalwart] diff --git a/docs/modules/charts/pages/alertmanager-matrix.adoc b/docs/modules/charts/pages/alertmanager-matrix.adoc new file mode 120000 index 0000000..ff1eee6 --- /dev/null +++ b/docs/modules/charts/pages/alertmanager-matrix.adoc @@ -0,0 +1 @@ +../../../../alertmanager-matrix/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/alertmanager-ntfy.adoc b/docs/modules/charts/pages/alertmanager-ntfy.adoc new file mode 120000 index 0000000..e2a0a08 --- /dev/null +++ b/docs/modules/charts/pages/alertmanager-ntfy.adoc @@ -0,0 +1 @@ +../../../../alertmanager-ntfy/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/authentik-application.adoc b/docs/modules/charts/pages/authentik-application.adoc new file mode 120000 index 0000000..70e47ed --- /dev/null +++ b/docs/modules/charts/pages/authentik-application.adoc @@ -0,0 +1 @@ +../../../../authentik-application/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/conduit.adoc b/docs/modules/charts/pages/conduit.adoc new file mode 120000 index 0000000..6875802 --- /dev/null +++ b/docs/modules/charts/pages/conduit.adoc @@ -0,0 +1 @@ +../../../../conduit/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/forgejo-runner.adoc b/docs/modules/charts/pages/forgejo-runner.adoc new file mode 120000 index 0000000..0eb60e0 --- /dev/null +++ b/docs/modules/charts/pages/forgejo-runner.adoc @@ -0,0 +1 @@ +../../../../forgejo-runner/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/grampsweb.adoc b/docs/modules/charts/pages/grampsweb.adoc new file mode 120000 index 0000000..a22b6d5 --- /dev/null +++ b/docs/modules/charts/pages/grampsweb.adoc @@ -0,0 +1 @@ +../../../../grampsweb/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/headscale-ui.adoc b/docs/modules/charts/pages/headscale-ui.adoc new file mode 120000 index 0000000..bcac646 --- /dev/null +++ b/docs/modules/charts/pages/headscale-ui.adoc @@ -0,0 +1 @@ +../../../../headscale-ui/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/headscale.adoc b/docs/modules/charts/pages/headscale.adoc new file mode 120000 index 0000000..ae41e9a --- /dev/null +++ b/docs/modules/charts/pages/headscale.adoc @@ -0,0 +1 @@ +../../../../headscale/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/hydrogen-web.adoc b/docs/modules/charts/pages/hydrogen-web.adoc new file mode 120000 index 0000000..bfe8227 --- /dev/null +++ b/docs/modules/charts/pages/hydrogen-web.adoc @@ -0,0 +1 @@ +../../../../hydrogen-web/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/jellyfin.adoc b/docs/modules/charts/pages/jellyfin.adoc new file mode 120000 index 0000000..90b210f --- /dev/null +++ b/docs/modules/charts/pages/jellyfin.adoc @@ -0,0 +1 @@ +../../../../jellyfin/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/miniserve.adoc b/docs/modules/charts/pages/miniserve.adoc new file mode 120000 index 0000000..c268382 --- /dev/null +++ b/docs/modules/charts/pages/miniserve.adoc @@ -0,0 +1 @@ +../../../../miniserve/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/monitoring.adoc b/docs/modules/charts/pages/monitoring.adoc new file mode 120000 index 0000000..5852e47 --- /dev/null +++ b/docs/modules/charts/pages/monitoring.adoc @@ -0,0 +1 @@ +../../../../monitoring/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/ntfy.adoc b/docs/modules/charts/pages/ntfy.adoc new file mode 120000 index 0000000..b037d84 --- /dev/null +++ b/docs/modules/charts/pages/ntfy.adoc @@ -0,0 +1 @@ +../../../../ntfy/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/postgresql.adoc b/docs/modules/charts/pages/postgresql.adoc new file mode 120000 index 0000000..05240d6 --- /dev/null +++ b/docs/modules/charts/pages/postgresql.adoc @@ -0,0 +1 @@ +../../../../postgresql/README.adoc \ No newline at end of file diff --git a/docs/modules/charts/pages/stalwart.adoc b/docs/modules/charts/pages/stalwart.adoc new file mode 120000 index 0000000..61d619b --- /dev/null +++ b/docs/modules/charts/pages/stalwart.adoc @@ -0,0 +1 @@ +../../../../stalwart/README.adoc \ No newline at end of file diff --git a/element-call/Chart.yaml b/element-call/Chart.yaml deleted file mode 100644 index 9f27a48..0000000 --- a/element-call/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: element-call -description: Run Element-Call and his dependencies -type: application -version: "0.1.7" -# renovate: image=ghcr.io/element-hq/element-call -appVersion: "0.7.1" -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/element-call/README.md b/element-call/README.md deleted file mode 100644 index 1c85841..0000000 --- a/element-call/README.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: "element-call" - -description: "Run Element-Call and his dependencies" - ---- - -# element-call - -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.1](https://img.shields.io/badge/AppVersion-0.7.1-informational?style=flat-square) - -Run Element-Call and his dependencies - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/element-call -``` - -You can install a chart release using the following command: - -```bash -helm install element-call-release oci://codeberg.org/wrenix/helm-charts/element-call --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall element-call-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| service.call.affinity | object | `{}` | | -| service.call.config | object | `{}` | | -| service.call.image.pullPolicy | string | `"IfNotPresent"` | | -| service.call.image.registry | string | `"ghcr.io"` | | -| service.call.image.repository | string | `"element-hq/element-call"` | | -| service.call.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| service.call.ingress.host | string | `nil` | | -| service.call.livenessProbe.httpGet.path | string | `"/"` | | -| service.call.livenessProbe.httpGet.port | string | `"http"` | | -| service.call.networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| service.call.networkPolicy.egress.extra | list | `[]` | egress rules | -| service.call.networkPolicy.enabled | bool | `false` | | -| service.call.networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| service.call.nodeSelector | object | `{}` | | -| service.call.podAnnotations | object | `{}` | | -| service.call.podLabels | object | `{}` | | -| service.call.podSecurityContext | object | `{}` | | -| service.call.readinessProbe.httpGet.path | string | `"/"` | | -| service.call.readinessProbe.httpGet.port | string | `"http"` | | -| service.call.replicaCount | int | `1` | | -| service.call.resources | object | `{}` | | -| service.call.securityContext | object | `{}` | | -| service.call.serviceAccount.annotations | object | `{}` | | -| service.call.serviceAccount.automount | bool | `true` | | -| service.call.serviceAccount.create | bool | `true` | | -| service.call.serviceAccount.name | string | `""` | | -| service.call.tolerations | list | `[]` | | -| service.lkJWT.affinity | object | `{}` | | -| service.lkJWT.config.key | string | `"devkey"` | | -| service.lkJWT.config.secret | string | `"secret"` | | -| service.lkJWT.config.url | string | `""` | | -| service.lkJWT.enabled | bool | `true` | | -| service.lkJWT.image.pullPolicy | string | `"IfNotPresent"` | | -| service.lkJWT.image.registry | string | `"ghcr.io"` | | -| service.lkJWT.image.repository | string | `"element-hq/lk-jwt-service"` | | -| service.lkJWT.image.tag | string | `"sha-4a29504"` | | -| service.lkJWT.ingress.host | string | `nil` | | -| service.lkJWT.livenessProbe.httpGet.path | string | `"/healthz"` | | -| service.lkJWT.livenessProbe.httpGet.port | string | `"http"` | | -| service.lkJWT.networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy | -| service.lkJWT.networkPolicy.egress.extra | list | `[]` | egress rules | -| service.lkJWT.networkPolicy.enabled | bool | `false` | | -| service.lkJWT.networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| service.lkJWT.nodeSelector | object | `{}` | | -| service.lkJWT.podAnnotations | object | `{}` | | -| service.lkJWT.podLabels | object | `{}` | | -| service.lkJWT.podSecurityContext | object | `{}` | | -| service.lkJWT.readinessProbe.httpGet.path | string | `"/healthz"` | | -| service.lkJWT.readinessProbe.httpGet.port | string | `"http"` | | -| service.lkJWT.replicaCount | int | `1` | | -| service.lkJWT.resources | object | `{}` | | -| service.lkJWT.securityContext | object | `{}` | | -| service.lkJWT.serviceAccount.annotations | object | `{}` | | -| service.lkJWT.serviceAccount.automount | bool | `true` | | -| service.lkJWT.serviceAccount.create | bool | `true` | | -| service.lkJWT.serviceAccount.name | string | `""` | | -| service.lkJWT.tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/element-call/_docs.gotmpl b/element-call/_docs.gotmpl deleted file mode 100644 index 8b13789..0000000 --- a/element-call/_docs.gotmpl +++ /dev/null @@ -1 +0,0 @@ - diff --git a/element-call/templates/_helpers.tpl b/element-call/templates/_helpers.tpl deleted file mode 100644 index 063b922..0000000 --- a/element-call/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "element-call.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "element-call.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "element-call.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "element-call.labels" -}} -helm.sh/chart: {{ include "element-call.chart" . }} -{{ include "element-call.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "element-call.selectorLabels" -}} -app.kubernetes.io/name: {{ include "element-call.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "element-call.serviceAccountName" -}} -{{- $ := get . "root" }} -{{- $suffix := get . "suffix" }} -{{- with get . "ctx" }} -{{- if .serviceAccount.create }} -{{- if $suffix }} -{{- default (printf "%s-%s" (include "element-call.fullname" $) $suffix) .serviceAccount.name }} -{{- else }} -{{- default (include "element-call.fullname" $) .serviceAccount.name }} -{{- end }} -{{- else }} -{{- default "default" .serviceAccount.name }} -{{- end }} -{{- end }} -{{- end }} diff --git a/element-call/templates/configmap.yaml b/element-call/templates/configmap.yaml deleted file mode 100644 index 4e7df01..0000000 --- a/element-call/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "element-call.fullname" . }} - labels: - {{- include "element-call.labels" . | nindent 4 }} -data: - "config.json": | - {{- toJson .Values.service.call.config | nindent 4 }} diff --git a/element-call/templates/deployment.yaml b/element-call/templates/deployment.yaml deleted file mode 100644 index 695a1a4..0000000 --- a/element-call/templates/deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- $fullName := include "element-call.fullname" . -}} -{{- with .Values.service.call }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $fullName }} - labels: - {{- include "element-call.labels" $ | nindent 4 }} - app.kubernetes.io/component: call -spec: - {{- if not $.Values.autoscaling.enabled }} - replicas: {{ .replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "element-call.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: call - template: - metadata: - {{- with .podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "element-call.labels" $ | nindent 8 }} - app.kubernetes.io/component: call - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with $.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" .) }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: call - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - volumeMounts: - - mountPath: /app/config.json - name: config - subPath: config.json - volumes: - - name: config - configMap: - name: {{ $fullName }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }}{{/* end-with .service.call */}} diff --git a/element-call/templates/hpa.yaml b/element-call/templates/hpa.yaml deleted file mode 100644 index 573a25d..0000000 --- a/element-call/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "element-call.fullname" . }} - labels: - {{- include "element-call.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "element-call.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/element-call/templates/ingress.yaml b/element-call/templates/ingress.yaml deleted file mode 100644 index cced22b..0000000 --- a/element-call/templates/ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "element-call.fullname" . -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "element-call.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} - {{- end }} - {{- with .Values.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} - rules: - - host: {{ .Values.service.call.ingress.host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - name: http - {{- if .Values.service.lkJWT.enabled }} - {{- if (eq .Values.service.lkJWT.ingress.host .Values.service.call.ingress.host)}} - - host: {{ .Values.service.lkJWT.ingress.host | quote }} - http: - paths: - {{- end }} - - path: /sfu/get - pathType: Exact - backend: - service: - name: {{ $fullName }}-lk-jwt - port: - name: http - {{- end }} -{{- end }} diff --git a/element-call/templates/lk-jwt/deployment.yaml b/element-call/templates/lk-jwt/deployment.yaml deleted file mode 100644 index 037ef4f..0000000 --- a/element-call/templates/lk-jwt/deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- $fullName := include "element-call.fullname" . -}} -{{- with .Values.service.lkJWT }} -{{- if .enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $fullName }}-lk-jwt - labels: - {{- include "element-call.labels" $ | nindent 4 }} - app.kubernetes.io/component: lk-jwt -spec: - {{- if not $.Values.autoscaling.enabled }} - replicas: {{ .replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "element-call.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: lk-jwt - template: - metadata: - annotations: - secret-env-hash: {{ include (print $.Template.BasePath "/lk-jwt/secret.yaml") $ | sha256sum }} - {{- with .podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "element-call.labels" $ | nindent 8 }} - app.kubernetes.io/component: lk-jwt - {{- with .podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with $.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "lk-jwt") }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: lk-jwt - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "LK_JWT_PORT" - value: "8080" - - name: "LIVEKIT_URL" - value: {{ .config.url }} - envFrom: - - secretRef: - name: {{ $fullName }}-lk-jwt - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }}{{/* end-if .enabled */}} -{{- end }}{{/* end-with .Values.service.lkJWT */}} diff --git a/element-call/templates/lk-jwt/networkpolicy.yaml b/element-call/templates/lk-jwt/networkpolicy.yaml deleted file mode 100644 index b04dbb7..0000000 --- a/element-call/templates/lk-jwt/networkpolicy.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- with .Values.service.lkJWT.networkPolicy }} -{{- if and $.Values.service.lkJWT.enabled .enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "element-call.fullname" $ }}-lk-jwt - labels: - {{- include "element-call.labels" $ | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "element-call.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: lk-jwt - policyTypes: - - Ingress - {{- if .egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: 8080 - protocol: TCP - from: - {{- toYaml .ingress.http | nindent 8 }} - {{- with .egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/element-call/templates/lk-jwt/secret.yaml b/element-call/templates/lk-jwt/secret.yaml deleted file mode 100644 index 771f342..0000000 --- a/element-call/templates/lk-jwt/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.service.lkJWT.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "element-call.fullname" . }}-lk-jwt - labels: - {{- include "element-call.labels" . | nindent 4 }} -data: - {{- with .Values.service.lkJWT.config }} - LIVEKIT_KEY: {{ .key | b64enc }} - LIVEKIT_SECRET: {{ .secret | b64enc }} - {{- end }} -{{- end }} diff --git a/element-call/templates/lk-jwt/service.yaml b/element-call/templates/lk-jwt/service.yaml deleted file mode 100644 index 90f602a..0000000 --- a/element-call/templates/lk-jwt/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.service.lkJWT.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "element-call.fullname" . }}-lk-jwt - labels: - {{- include "element-call.labels" . | nindent 4 }} -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - {{- include "element-call.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: lk-jwt -{{- end }} diff --git a/element-call/templates/lk-jwt/serviceaccount.yaml b/element-call/templates/lk-jwt/serviceaccount.yaml deleted file mode 100644 index 4ce35f4..0000000 --- a/element-call/templates/lk-jwt/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- with .Values.service.lkJWT }} -{{- if and .enabled .serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "lk-jwt") }} - labels: - {{- include "element-call.labels" $ | nindent 4 }} - {{- with .serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .serviceAccount.automount }} -{{- end }} -{{- end }} diff --git a/element-call/templates/networkpolicy.yaml b/element-call/templates/networkpolicy.yaml deleted file mode 100644 index 3aab727..0000000 --- a/element-call/templates/networkpolicy.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- with .Values.service.call.networkPolicy }} -{{- if .enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "element-call.fullname" $ }} - labels: - {{- include "element-call.labels" $ | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "element-call.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: call - policyTypes: - - Ingress - {{- if .egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: 8080 - protocol: TCP - from: - {{- toYaml .ingress.http | nindent 8 }} - {{- with .egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/element-call/templates/service.yaml b/element-call/templates/service.yaml deleted file mode 100644 index cb76c9e..0000000 --- a/element-call/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "element-call.fullname" . }} - labels: - {{- include "element-call.labels" . | nindent 4 }} -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - {{- include "element-call.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: call diff --git a/element-call/templates/serviceaccount.yaml b/element-call/templates/serviceaccount.yaml deleted file mode 100644 index 806d9f0..0000000 --- a/element-call/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- with .Values.service.call }} -{{- if .serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "") }} - labels: - {{- include "element-call.labels" $ | nindent 4 }} - {{- with .serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .serviceAccount.automount }} -{{- end }} -{{- end }} diff --git a/element-call/values.yaml b/element-call/values.yaml deleted file mode 100644 index a2ebc4c..0000000 --- a/element-call/values.yaml +++ /dev/null @@ -1,146 +0,0 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -ingress: - enabled: false - className: "" - annotations: {} - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -service: - call: - replicaCount: 1 - image: - registry: ghcr.io - repository: element-hq/element-call - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion. - tag: - config: {} - ingress: - host: - networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: {} - serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - - podAnnotations: {} - podLabels: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - nodeSelector: {} - tolerations: [] - affinity: {} - - lkJWT: - enabled: true - replicaCount: 1 - image: - registry: ghcr.io - repository: element-hq/lk-jwt-service - pullPolicy: IfNotPresent - tag: sha-4a29504 - config: - url: "" - key: "devkey" - secret: "secret" - ingress: - host: - networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: false - # -- egress rules - extra: [] - livenessProbe: - httpGet: - path: /healthz - port: http - readinessProbe: - httpGet: - path: /healthz - port: http - resources: {} - serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - - podAnnotations: {} - podLabels: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - nodeSelector: {} - tolerations: [] - affinity: {} diff --git a/forgejo-runner/Chart.yaml b/forgejo-runner/Chart.yaml index 56218fe..4fad372 100644 --- a/forgejo-runner/Chart.yaml +++ b/forgejo-runner/Chart.yaml @@ -2,9 +2,8 @@ apiVersion: v2 name: forgejo-runner description: Deploy runner for an forgejo instance (default codeberg.org) type: application -version: "0.4.10" -# renovate: image=code.forgejo.org/forgejo/runner -appVersion: "6.1.0" +version: 0.1.5 +appVersion: "3.2.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/forgejo-runner/README.adoc b/forgejo-runner/README.adoc new file mode 100644 index 0000000..6471c33 --- /dev/null +++ b/forgejo-runner/README.adoc @@ -0,0 +1,246 @@ + + += forgejo-runner + +image::https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square[Version: 0.1.5] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-3.2.0-informational?style=flat-square[AppVersion: 3.2.0] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/forgejo-runner +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install forgejo-runner-release oci://codeberg.org/wrenix/helm-charts/forgejo-runner --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall forgejo-runner-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| dind.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| dind.image.registry +| string +| `"docker.io"` +| + +| dind.image.repository +| string +| `"library/docker"` +| + +| dind.image.tag +| string +| `"24.0.7-dind"` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"code.forgejo.org"` +| + +| image.repository +| string +| `"forgejo/runner"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| kubectl.image.pullPolicy +| string +| `"IfNotPresent"` +| + +| kubectl.image.registry +| string +| `"docker.io"` +| + +| kubectl.image.repository +| string +| `"bitnami/kubectl"` +| + +| kubectl.image.tag +| string +| `"1.28.5"` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| runner.config.create +| bool +| `true` +| + +| runner.config.existingSecret +| string +| `""` +| use existingSecret instatt + +| runner.config.instance +| string +| `"https://codeberg.org"` +| + +| runner.config.name +| string +| `nil` +| + +| runner.config.token +| string +| `nil` +| + +| securityContext.privileged +| bool +| `true` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.automount +| bool +| `true` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| + +| volumeMounts +| list +| `[]` +| + +| volumes +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/forgejo-runner/README.md b/forgejo-runner/README.md deleted file mode 100644 index 40b20f8..0000000 --- a/forgejo-runner/README.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: "forgejo-runner" - -description: "Deploy runner for an forgejo instance (default codeberg.org)" - ---- - -# forgejo-runner - -![Version: 0.4.10](https://img.shields.io/badge/Version-0.4.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.1.0](https://img.shields.io/badge/AppVersion-6.1.0-informational?style=flat-square) - -Deploy runner for an forgejo instance (default codeberg.org) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -{{< callout type="warning" >}} -Me, wrenix, switch to woodpecker and maybe does not test every change. -{{< /callout >}} - -## Accessing docker socket inside job containers - -To access the docker socket inside the job containers, the following example values may be used (see `values-dind-bypass.yaml`): - -``` yaml {filename="values.yaml"} -runner: - config: - create: true - existingSecret: "" - file: - log: - level: "info" - runner: - file: ".runner" - capacity: 1 - envs: - A_TEST_ENV_NAME_1: null - A_TEST_ENV_NAME_2: null - DOCKER_HOST: tcp://127.0.0.1:2376 - DOCKER_TLS_VERIFY: 1 - DOCKER_CERT_PATH: /certs/client - container: - network: host - enable_ipv6: false - privileged: false - options: -v /certs/client:/certs/client - valid_volumes: - - /certs/client - -``` - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/forgejo-runner -``` - -You can install a chart release using the following command: - -```bash -helm install forgejo-runner-release oci://codeberg.org/wrenix/helm-charts/forgejo-runner --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall forgejo-runner-release -``` - -## Values - -### Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| runner.config.file.cache.dir | string | `""` | The directory to store the cache data. If it's empty, the cache data will be stored in $HOME/.cache/actcache. | -| runner.config.file.cache.enabled | bool | `true` | Enable cache server to use actions/cache. | -| runner.config.file.cache.external_server | string | `""` | The external cache server URL. Valid only when enable is true. If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. The URL should generally end with "/". | -| runner.config.file.cache.host | string | `""` | The host of the cache server. It's not for the address to listen, but the address to connect from job containers. So 0.0.0.0 is a bad choice, leave it empty to detect automatically. | -| runner.config.file.cache.port | int | `0` | The port of the cache server. 0 means to use a random available port. | -| runner.config.file.container.docker_host | string | `"-"` | overrides the docker client host with the specified one. If "-", an available docker host will automatically be found. If empty, an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock). Otherwise the specified docker host will be used and an error will be returned if it doesn't work. | -| runner.config.file.container.enable_ipv6 | bool | `false` | Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. Only takes effect if "network" is set to "". | -| runner.config.file.container.force_pull | bool | `false` | Pull docker image(s) even if already present | -| runner.config.file.container.network | string | `""` | Specifies the network to which the container will connect. Could be host, bridge or the name of a custom network. If it's empty, create a network automatically. | -| runner.config.file.container.options | string | `nil` | And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). | -| runner.config.file.container.privileged | bool | `false` | And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). | -| runner.config.file.container.valid_volumes | list | `[]` | Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: valid_volumes: - data - /src/*.json If you want to allow any volume, please use the following configuration: valid_volumes: - '**' | -| runner.config.file.container.workdir_parent | string | `nil` | The parent directory of a job's working directory. If it's empty, /workspace will be used. | -| runner.config.file.host.workdir_parent | string | `nil` | The parent directory of a job's working directory. If it's empty, $HOME/.cache/act/ will be used. | -| runner.config.file.log.job_level | string | `"info"` | The level of logging for jobs, can be trace, debug, info, earn, error, fatal | -| runner.config.file.log.level | string | `"info"` | The level of logging, can be trace, debug, info, warn, error, fatal | -| runner.config.file.runner.capacity | int | `1` | Execute how many tasks concurrently at the same time. | -| runner.config.file.runner.env_file | string | `".env"` | Extra environment variables to run jobs from a file. It will be ignored if it's empty or the file doesn't exist. | -| runner.config.file.runner.envs | object | `{"A_TEST_ENV_NAME_1":"a_test_env_value_1","A_TEST_ENV_NAME_2":"a_test_env_value_2"}` | Extra environment variables to run jobs. | -| runner.config.file.runner.fetch_interval | string | `"2s"` | The interval for fetching the job from the Forgejo instance. | -| runner.config.file.runner.fetch_timeout | string | `"5s"` | The timeout for fetching the job from the Forgejo instance. | -| runner.config.file.runner.file | string | `".runner"` | Runner config which contains id and token of this runner (autogenerate with create) | -| runner.config.file.runner.insecure | bool | `false` | Whether skip verifying the TLS certificate of the Forgejo instance. | -| runner.config.file.runner.labels | list | `[]` | The labels of a runner are used to determine which jobs the runner can run, and how to run them. Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"] If it's empty when registering, it will ask for inputting labels. If it's empty when execute `deamon`, will use labels in `.runner` file. | -| runner.config.file.runner.timeout | string | `"3h"` | The timeout for a job to be finished. Please note that the Forgejo instance also has a timeout (3h by default) for the job. So the job could be stopped by the Forgejo instance if it's timeout is shorter than this. | - -### Other Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.behavior | object | `{}` | behavior of HPA Example: scaleDown: stabilizationWindowSeconds: 300 policies: - type: Pods value: 1 periodSeconds: 60 scaleUp: stabilizationWindowSeconds: 0 policies: - type: Pods value: 1 periodSeconds: 60 | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| dind.image.pullPolicy | string | `"IfNotPresent"` | | -| dind.image.registry | string | `"docker.io"` | | -| dind.image.repository | string | `"library/docker"` | | -| dind.image.tag | string | `"27.5.0-dind"` | | -| extraEnvVars | list | `[]` | Additional environment variables to be set on runner container Example: extraEnvVars: - name: FOO value: "bar" | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"code.forgejo.org"` | | -| image.repository | string | `"forgejo/runner"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| kubectl.image.pullPolicy | string | `"IfNotPresent"` | | -| kubectl.image.registry | string | `"docker.io"` | | -| kubectl.image.repository | string | `"bitnami/kubectl"` | | -| kubectl.image.tag | string | `"1.32.1"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| runner.config.create | bool | `true` | | -| runner.config.existingSecret | string | `""` | use existingSecret instatt | -| runner.config.instance | string | `"https://codeberg.org"` | | -| runner.config.name | string | `nil` | | -| runner.config.token | string | `nil` | | -| securityContext.privileged | bool | `true` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/forgejo-runner/_docs.gotmpl b/forgejo-runner/_docs.gotmpl index 42e2cf5..e69de29 100644 --- a/forgejo-runner/_docs.gotmpl +++ b/forgejo-runner/_docs.gotmpl @@ -1,16 +0,0 @@ -{{ define "chart.prerequirements" -}} -{{` -{{< callout type="warning" >}} -Me, wrenix, switch to woodpecker and maybe does not test every change. -{{< /callout >}} -`}} -## Accessing docker socket inside job containers - -To access the docker socket inside the job containers, the following example values may be used (see `values-dind-bypass.yaml`): - -``` yaml {filename="values.yaml"} -{{ .Files.Get "values-dind-bypass.yaml" }} -``` - -{{ end }} - diff --git a/forgejo-runner/templates/deployment.yaml b/forgejo-runner/templates/deployment.yaml index f7a6a60..acf801c 100644 --- a/forgejo-runner/templates/deployment.yaml +++ b/forgejo-runner/templates/deployment.yaml @@ -48,15 +48,7 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - "sh" - - "-c" - - | - while ! nc -z 127.0.0.1 2376 -|=== - -== Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's https://helm.sh/docs[documentation] to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -[source,bash] ----- -helm pull oci://codeberg.org/wrenix/helm-charts/gotosocial ----- - -You can install a chart release using the following command: - -[source,bash] ----- -helm install gotosocial-release oci://codeberg.org/wrenix/helm-charts/gotosocial --values values.yaml ----- - -To uninstall a chart release use `helm`'s delete command: - -[source,bash] ----- -helm uninstall gotosocial-release ----- - -== Values - -.Values -|=== -| Key | Type | Default | Description - -| affinity -| object -| `{}` -| - -| autoscaling.enabled -| bool -| `false` -| - -| autoscaling.maxReplicas -| int -| `100` -| - -| autoscaling.minReplicas -| int -| `1` -| - -| autoscaling.targetCPUUtilizationPercentage -| int -| `80` -| - -| fullnameOverride -| string -| `""` -| - -| global.image.pullPolicy -| string -| `nil` -| if set it will overwrite all pullPolicy - -| global.image.registry -| string -| `nil` -| if set it will overwrite all registry entries - -| gotosocial.accountDomain -| string -| `""` -| - -| gotosocial.accounts.allowCustomCSS -| bool -| `false` -| Allow accounts on this instance to set custom CSS for their profile pages and statuses. Enabling this setting will allow accounts to upload custom CSS via the /user settings page, which will then be rendered on the web view of the account's profile and statuses. For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false', since setting it to true allows malicious accounts to make their profile pages misleading, unusable or even dangerous to visitors. In other words, you should only enable this setting if you trust the users on your instance not to produce harmful CSS. Regardless of what this value is set to, any uploaded CSS will not be federated to other instances, it will only be shown on profiles and statuses on *this* instance. - -| gotosocial.accounts.approvalRequired -| bool -| `true` -| Do sign up requests require approval from an admin/moderator before an account can sign in/use the server? - -| gotosocial.accounts.customCSSLength -| int -| `10000` -| If accounts-allow-custom-css is true, this is the permitted length in characters for CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false. - -| gotosocial.accounts.reasonRequired -| bool -| `true` -| Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)? - -| gotosocial.accounts.registrationOpen -| bool -| `true` -| Do we want people to be able to just submit sign up requests, or do we want invite only? - -| gotosocial.applicationName -| string -| `"gotosocial"` -| - -| gotosocial.database.address -| string -| `""` -| Database address or parameters. For Postgres, this should be the address or socket at which the database can be reached. - -| gotosocial.database.database -| string -| `"gotosocial"` -| Name of the database to use within the provided database type. - -| gotosocial.database.password -| string -| `""` -| Password to use for the database connection - -| gotosocial.database.port -| int -| `5432` -| Port for database connection. - -| gotosocial.database.tlsCACert -| string -| `""` -| Path to a CA certificate on the host machine for db certificate validation. If this is left empty, just the host certificates will be used. If filled in, the certificate will be loaded and added to host certificates. - -| gotosocial.database.tlsMode -| string -| `"disabled"` -| Disable, enable, or require SSL/TLS connection to the database. If "disable" then no TLS connection will be attempted. If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs). If "require" then TLS will be required to make a connection, and a valid certificate must be presented. - -| gotosocial.database.type -| string -| `"sqlite"` -| Database type. Options: ["postgres","sqlite"] - -| gotosocial.database.username -| string -| `""` -| Username for the database connection. - -| gotosocial.host -| string -| `"localhost"` -| - -| gotosocial.instance.deliverToSharedInboxes -| bool -| `true` -| This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually. Shared inbox delivery can significantly reduce network load when delivering to multiple recipients share an inbox (eg., on large Mastodon instances). See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery - -| gotosocial.instance.expose.peers -| bool -| `false` -| Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint. - -| gotosocial.instance.expose.publicTimeline -| bool -| `false` -| This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually. Shared inbox delivery can significantly reduce network load when delivering to multiple recipients share an inbox (eg., on large Mastodon instances). See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery - -| gotosocial.instance.expose.suspended -| bool -| `false` -| Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order to see a list of instances that this instance blocks/suspends. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint. WARNING: Setting this variable to 'true' may result in your instance being scraped by blocklist scrapers. See: https://docs.gotosocial.org/en/latest/admin/domain_blocks/#block-announce-bots - -| gotosocial.instance.expose.suspendedWeb -| bool -| `false` -| Allow unauthenticated users to view /about/suspended, showing the HTML rendered list of instances that this instance blocks/suspends. - -| gotosocial.instance.federation.mode -| string -| `"blocklist"` -| Federation mode to use for this instance. "blocklist" -- open federation by default. Only instances that are explicitly blocked will be denied (unless they are also explicitly allowed). "allowlist" -- closed federation by default. Only instances that are explicitly allowed will be able to interact with this instance. For more details on blocklist and allowlist modes, check the documentation at: https://docs.gotosocial.org/en/latest/admin/federation_modes Options: ["blocklist", "allowlist"] - -| gotosocial.instance.federation.spamFilter -| bool -| `false` -| Enable spam filtering heuristics for messages entering your instance via the federation API. Regardless of what you set here, basic checks for message relevancy will still be performed, but you can try enabling this setting if you are being spammed with unwanted messages from other instances, and want to more strictly filter out spam messages. THIS IS CURRENTLY AN EXPERIMENTAL SETTING, AND MAY FILTER OUT LEGITIMATE MESSAGES, OR FAIL TO FILTER OUT SPAMMY MESSAGES. It is recommended to only enable this setting when the fediverse is in the midst of a spam wave, and you need to batten down the hatches to keep your instance usable. The decision of whether a message counts as spam or not is made based on the following heuristics, in order, where receiver = the account on your instance that received a message in their inbox, and requester = the account on a remote instance that sent the message. First, basic relevancy checks 1. Receiver follows requester. Return OK. 2. Statusable doesn't mention receiver. Return NotRelevant. If instance-federation-spam-filter = false, then return OK now. Otherwise check: 3. Receiver is locked and is followed by requester. Return OK. 4. Five or more people are mentioned. Return Spam. 5. Receiver follow (requests) a mentioned account. Return OK. 6. Statusable has a media attachment. Return Spam. 7. Statusable contains non-mention, non-hashtag links. Return Spam. Messages identified as spam will be dropped from your instance, and not inserted into the database, or into home timelines or notifications. - -| gotosocial.instance.injectMastodonVersion -| bool -| `false` -| This flag will inject a Mastodon version into the version field that is included in /api/v1/instance. This version is often used by Mastodon clients to do API feature detection. By injecting a Mastodon compatible version, it is possible to cajole those clients to behave correctly with GoToSocial. - -| gotosocial.instance.languages -| list -| `[]` -| BCP47 language tags to indicate preferred languages of users on this instance. If you provide these, you should provide these in order from most-preferred to least-preferred, but note that leaving out a language from this array doesn't mean it can't be used on this instance, it only means it won't be advertised as a preferred instance language. It is valid to provide no entries here; your instance will then have no particular preferred language. See here for commonly-used tags: https://en.wikipedia.org/wiki/IETF_language_tag#List_of_common_primary_language_subtags See here for all current tags: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry Example: ["nl", "en-gb", "fr"] - -| gotosocial.landingPageUser -| string -| `""` -| - -| gotosocial.metrics.auth.enabled -| bool -| `false` -| - -| gotosocial.metrics.auth.password -| string -| `""` -| - -| gotosocial.metrics.auth.username -| string -| `""` -| - -| gotosocial.metrics.enabled -| bool -| `true` -| - -| gotosocial.oidc.adminGroups -| list -| `["admins"]` -| If the returned ID token contains a 'groups' claim that matches one of the groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance - -| gotosocial.oidc.clientID -| string -| `""` -| The ID for this client as registered with the OIDC provider. - -| gotosocial.oidc.clientSecret -| string -| `""` -| The secret for this client as registered with the OIDC provider. - -| gotosocial.oidc.enabled -| bool -| `false` -| Enable authentication with external OIDC provider. If set to true, then the other OIDC options must be set as well. If this is set to false, then the standard internal oauth flow will be used, where users sign in to GtS with username/password. - -| gotosocial.oidc.idpName -| string -| `""` -| Name of the oidc idp (identity provider). This will be shown to users when they log in. - -| gotosocial.oidc.issuer -| string -| `""` -| The OIDC issuer URI. This is where GtS will redirect users to for login. Typically this will look like a standard web URL. - -| gotosocial.oidc.linkExisting -| bool -| `false` -| Link OIDC authenticated users to existing ones based on their email address. This is mostly intended for migration purposes if you were running previous versions of GTS which only correlated users with their email address. Should be set to false for most usecases. - -| gotosocial.oidc.scopes -| list -| `["openid","email","profile","groups"]` -| Scopes to request from the OIDC provider. The returned values will be used to populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. 'profile' is used to extract a username for the newly created user. 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups. - -| gotosocial.oidc.skipVerification -| bool -| `false` -| Skip the normal verification flow of tokens returned from the OIDC provider, ie., don't check the expiry or signature. This should only be used in debugging or testing, never ever in a production environment as it's extremely unsafe! - -| gotosocial.smtp.discloseRecipients -| bool -| `false` -| If true, when an email is sent that has multiple recipients, each recipient will be included in the To field, so that each recipient can see who else got the email, and they can 'reply all' to the other recipients if they want to. If false, email will be sent to Undisclosed Recipients, and each recipient will not be able to see who else received the email. It might be useful to change this setting to 'true' if you want to be able to discuss new moderation reports with other admins by 'replying-all' to the notification email. - -| gotosocial.smtp.from -| string -| `""` -| 'From' address for sent emails. - -| gotosocial.smtp.host -| string -| `""` -| The hostname of the smtp server you want to use. If this is not set, smtp will not be used to send emails, and you can ignore the other settings. - -| gotosocial.smtp.password -| string -| `""` -| Password to use when authenticating with the smtp server. This should have been provided to you by your smtp host. - -| gotosocial.smtp.port -| int -| `0` -| Port to use to connect to the smtp server. - -| gotosocial.smtp.username -| string -| `""` -| Username to use when authenticating with the smtp server. This should have been provided to you by your smtp host. This is often, but not always, an email address. - -| gotosocial.storage.backend -| string -| `"local"` -| Type of storage backend to use. Examples: ["local", "s3"] Default: "local" (storage on local disk) - -| gotosocial.storage.s3.accessKey -| string -| `""` -| Access key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend. - -| gotosocial.storage.s3.bucket -| string -| `""` -| Name of the storage bucket. If you have already encoded your bucket name in the storage-s3-endpoint, this value will be used as a directory containing your data. The bucket must exist prior to starting GoToSocial Only required when running with the s3 storage backend. - -| gotosocial.storage.s3.endpoint -| string -| `""` -| API endpoint of the S3 compatible service. Only required when running with the s3 storage backend. GoToSocial uses "DNS-style" when accessing buckets. If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address - -| gotosocial.storage.s3.proxy -| bool -| `false` -| If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL. - -| gotosocial.storage.s3.secretKey -| string -| `""` -| Secret key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend. - -| gotosocial.storage.s3.useSSL -| bool -| `true` -| Use SSL for S3 connections. Only set this to 'false' when testing locally. - -| gotosocial.tracing.enabled -| bool -| `false` -| Enable OpenTelemetry based tracing support. - -| gotosocial.tracing.endpoint -| string -| `""` -| Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme. - -| gotosocial.tracing.insecureTransport -| bool -| `false` -| Disable TLS for the gRPC and HTTP transport protocols. - -| gotosocial.tracing.transport -| string -| `"grpc"` -| Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP. - -| gotosocial.tz -| string -| `"UTC"` -| - -| image.pullPolicy -| string -| `"IfNotPresent"` -| - -| image.registry -| string -| `"docker.io"` -| - -| image.repository -| string -| `"superseriousbusiness/gotosocial"` -| - -| image.tag -| string -| `""` -| Overrides the image tag whose default is the chart appVersion. - -| imagePullSecrets -| list -| `[]` -| - -| ingress.annotations -| object -| `{}` -| - -| ingress.className -| string -| `""` -| - -| ingress.enabled -| bool -| `false` -| - -| ingress.hosts[0].host -| string -| `"chart-example.local"` -| - -| ingress.hosts[0].paths[0].path -| string -| `"/"` -| - -| ingress.hosts[0].paths[0].pathType -| string -| `"ImplementationSpecific"` -| - -| ingress.tls -| list -| `[]` -| - -| nameOverride -| string -| `""` -| - -| nodeSelector -| object -| `{}` -| - -| persistence.accessMode -| string -| `"ReadWriteOnce"` -| accessMode - -| persistence.annotations -| object -| `{}` -| - -| persistence.enabled -| bool -| `true` -| Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - -| persistence.existingClaim -| string -| `nil` -| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound - -| persistence.hostPath -| string -| `nil` -| Do not create an PVC, direct use hostPath in Pod - -| persistence.size -| string -| `"10Gi"` -| size - -| persistence.storageClass -| string -| `nil` -| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) - -| podAnnotations -| object -| `{}` -| - -| podLabels -| object -| `{}` -| - -| podSecurityContext -| object -| `{}` -| - -| prometheus.servicemonitor.enabled -| bool -| `false` -| - -| prometheus.servicemonitor.labels -| object -| `{}` -| - -| replicaCount -| int -| `1` -| - -| resources -| object -| `{}` -| - -| securityContext -| object -| `{}` -| - -| service.port -| int -| `8080` -| - -| service.type -| string -| `"ClusterIP"` -| - -| serviceAccount.annotations -| object -| `{}` -| Annotations to add to the service account - -| serviceAccount.automount -| bool -| `true` -| Automatically mount a ServiceAccount's API credentials? - -| serviceAccount.create -| bool -| `false` -| Specifies whether a service account should be created - -| serviceAccount.name -| string -| `""` -| The name of the service account to use. If not set and create is true, a name is generated using the fullname template - -| tolerations -| list -| `[]` -| - -| volumeMounts -| list -| `[]` -| - -| volumes -| list -| `[]` -| -|=== - -Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] - diff --git a/gotosocial/README.md b/gotosocial/README.md deleted file mode 100644 index 51d55e1..0000000 --- a/gotosocial/README.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: "gotosocial" - -description: "With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to!" - ---- - -# gotosocial - -![Version: 0.2.7](https://img.shields.io/badge/Version-0.2.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.17.3](https://img.shields.io/badge/AppVersion-0.17.3-informational?style=flat-square) - -With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to! - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/gotosocial -``` - -You can install a chart release using the following command: - -```bash -helm install gotosocial-release oci://codeberg.org/wrenix/helm-charts/gotosocial --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall gotosocial-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| gotosocial.accountDomain | string | `""` | | -| gotosocial.accounts.allowCustomCSS | bool | `false` | Allow accounts on this instance to set custom CSS for their profile pages and statuses. Enabling this setting will allow accounts to upload custom CSS via the /user settings page, which will then be rendered on the web view of the account's profile and statuses. For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false', since setting it to true allows malicious accounts to make their profile pages misleading, unusable or even dangerous to visitors. In other words, you should only enable this setting if you trust the users on your instance not to produce harmful CSS. Regardless of what this value is set to, any uploaded CSS will not be federated to other instances, it will only be shown on profiles and statuses on *this* instance. | -| gotosocial.accounts.approvalRequired | bool | `true` | Do sign up requests require approval from an admin/moderator before an account can sign in/use the server? | -| gotosocial.accounts.customCSSLength | int | `10000` | If accounts-allow-custom-css is true, this is the permitted length in characters for CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false. | -| gotosocial.accounts.reasonRequired | bool | `true` | Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)? | -| gotosocial.accounts.registrationOpen | bool | `true` | Do we want people to be able to just submit sign up requests, or do we want invite only? | -| gotosocial.applicationName | string | `"gotosocial"` | | -| gotosocial.database.address | string | `""` | Database address or parameters. For Postgres, this should be the address or socket at which the database can be reached. | -| gotosocial.database.database | string | `"gotosocial"` | Name of the database to use within the provided database type. | -| gotosocial.database.password | string | `""` | Password to use for the database connection | -| gotosocial.database.port | int | `5432` | Port for database connection. | -| gotosocial.database.tlsCACert | string | `""` | Path to a CA certificate on the host machine for db certificate validation. If this is left empty, just the host certificates will be used. If filled in, the certificate will be loaded and added to host certificates. | -| gotosocial.database.tlsMode | string | `"disabled"` | Disable, enable, or require SSL/TLS connection to the database. If "disable" then no TLS connection will be attempted. If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs). If "require" then TLS will be required to make a connection, and a valid certificate must be presented. | -| gotosocial.database.type | string | `"sqlite"` | Database type. Options: ["postgres","sqlite"] | -| gotosocial.database.username | string | `""` | Username for the database connection. | -| gotosocial.host | string | `"localhost"` | | -| gotosocial.instance.deliverToSharedInboxes | bool | `true` | This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually. Shared inbox delivery can significantly reduce network load when delivering to multiple recipients share an inbox (eg., on large Mastodon instances). See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery | -| gotosocial.instance.expose.peers | bool | `false` | Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint. | -| gotosocial.instance.expose.publicTimeline | bool | `false` | This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually. Shared inbox delivery can significantly reduce network load when delivering to multiple recipients share an inbox (eg., on large Mastodon instances). See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery | -| gotosocial.instance.expose.suspended | bool | `false` | Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order to see a list of instances that this instance blocks/suspends. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint. WARNING: Setting this variable to 'true' may result in your instance being scraped by blocklist scrapers. See: https://docs.gotosocial.org/en/latest/admin/domain_blocks/#block-announce-bots | -| gotosocial.instance.expose.suspendedWeb | bool | `false` | Allow unauthenticated users to view /about/suspended, showing the HTML rendered list of instances that this instance blocks/suspends. | -| gotosocial.instance.federation.mode | string | `"blocklist"` | Federation mode to use for this instance. "blocklist" -- open federation by default. Only instances that are explicitly blocked will be denied (unless they are also explicitly allowed). "allowlist" -- closed federation by default. Only instances that are explicitly allowed will be able to interact with this instance. For more details on blocklist and allowlist modes, check the documentation at: https://docs.gotosocial.org/en/latest/admin/federation_modes Options: ["blocklist", "allowlist"] | -| gotosocial.instance.federation.spamFilter | bool | `false` | Enable spam filtering heuristics for messages entering your instance via the federation API. Regardless of what you set here, basic checks for message relevancy will still be performed, but you can try enabling this setting if you are being spammed with unwanted messages from other instances, and want to more strictly filter out spam messages. THIS IS CURRENTLY AN EXPERIMENTAL SETTING, AND MAY FILTER OUT LEGITIMATE MESSAGES, OR FAIL TO FILTER OUT SPAMMY MESSAGES. It is recommended to only enable this setting when the fediverse is in the midst of a spam wave, and you need to batten down the hatches to keep your instance usable. The decision of whether a message counts as spam or not is made based on the following heuristics, in order, where receiver = the account on your instance that received a message in their inbox, and requester = the account on a remote instance that sent the message. First, basic relevancy checks 1. Receiver follows requester. Return OK. 2. Statusable doesn't mention receiver. Return NotRelevant. If instance-federation-spam-filter = false, then return OK now. Otherwise check: 3. Receiver is locked and is followed by requester. Return OK. 4. Five or more people are mentioned. Return Spam. 5. Receiver follow (requests) a mentioned account. Return OK. 6. Statusable has a media attachment. Return Spam. 7. Statusable contains non-mention, non-hashtag links. Return Spam. Messages identified as spam will be dropped from your instance, and not inserted into the database, or into home timelines or notifications. | -| gotosocial.instance.injectMastodonVersion | bool | `false` | This flag will inject a Mastodon version into the version field that is included in /api/v1/instance. This version is often used by Mastodon clients to do API feature detection. By injecting a Mastodon compatible version, it is possible to cajole those clients to behave correctly with GoToSocial. | -| gotosocial.instance.languages | list | `[]` | BCP47 language tags to indicate preferred languages of users on this instance. If you provide these, you should provide these in order from most-preferred to least-preferred, but note that leaving out a language from this array doesn't mean it can't be used on this instance, it only means it won't be advertised as a preferred instance language. It is valid to provide no entries here; your instance will then have no particular preferred language. See here for commonly-used tags: https://en.wikipedia.org/wiki/IETF_language_tag#List_of_common_primary_language_subtags See here for all current tags: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry Example: ["nl", "en-gb", "fr"] | -| gotosocial.landingPageUser | string | `""` | | -| gotosocial.metrics.auth.enabled | bool | `false` | | -| gotosocial.metrics.auth.password | string | `""` | | -| gotosocial.metrics.auth.username | string | `""` | | -| gotosocial.metrics.enabled | bool | `true` | | -| gotosocial.oidc.adminGroups | list | `["admins"]` | If the returned ID token contains a 'groups' claim that matches one of the groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance | -| gotosocial.oidc.clientID | string | `""` | The ID for this client as registered with the OIDC provider. | -| gotosocial.oidc.clientSecret | string | `""` | The secret for this client as registered with the OIDC provider. | -| gotosocial.oidc.enabled | bool | `false` | Enable authentication with external OIDC provider. If set to true, then the other OIDC options must be set as well. If this is set to false, then the standard internal oauth flow will be used, where users sign in to GtS with username/password. | -| gotosocial.oidc.idpName | string | `""` | Name of the oidc idp (identity provider). This will be shown to users when they log in. | -| gotosocial.oidc.issuer | string | `""` | The OIDC issuer URI. This is where GtS will redirect users to for login. Typically this will look like a standard web URL. | -| gotosocial.oidc.linkExisting | bool | `false` | Link OIDC authenticated users to existing ones based on their email address. This is mostly intended for migration purposes if you were running previous versions of GTS which only correlated users with their email address. Should be set to false for most usecases. | -| gotosocial.oidc.scopes | list | `["openid","email","profile","groups"]` | Scopes to request from the OIDC provider. The returned values will be used to populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. 'profile' is used to extract a username for the newly created user. 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups. | -| gotosocial.oidc.skipVerification | bool | `false` | Skip the normal verification flow of tokens returned from the OIDC provider, ie., don't check the expiry or signature. This should only be used in debugging or testing, never ever in a production environment as it's extremely unsafe! | -| gotosocial.smtp.discloseRecipients | bool | `false` | If true, when an email is sent that has multiple recipients, each recipient will be included in the To field, so that each recipient can see who else got the email, and they can 'reply all' to the other recipients if they want to. If false, email will be sent to Undisclosed Recipients, and each recipient will not be able to see who else received the email. It might be useful to change this setting to 'true' if you want to be able to discuss new moderation reports with other admins by 'replying-all' to the notification email. | -| gotosocial.smtp.from | string | `""` | 'From' address for sent emails. | -| gotosocial.smtp.host | string | `""` | The hostname of the smtp server you want to use. If this is not set, smtp will not be used to send emails, and you can ignore the other settings. | -| gotosocial.smtp.password | string | `""` | Password to use when authenticating with the smtp server. This should have been provided to you by your smtp host. | -| gotosocial.smtp.port | int | `0` | Port to use to connect to the smtp server. | -| gotosocial.smtp.username | string | `""` | Username to use when authenticating with the smtp server. This should have been provided to you by your smtp host. This is often, but not always, an email address. | -| gotosocial.storage.backend | string | `"local"` | Type of storage backend to use. Examples: ["local", "s3"] Default: "local" (storage on local disk) | -| gotosocial.storage.s3.accessKey | string | `""` | Access key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend. | -| gotosocial.storage.s3.bucket | string | `""` | Name of the storage bucket. If you have already encoded your bucket name in the storage-s3-endpoint, this value will be used as a directory containing your data. The bucket must exist prior to starting GoToSocial Only required when running with the s3 storage backend. | -| gotosocial.storage.s3.endpoint | string | `""` | API endpoint of the S3 compatible service. Only required when running with the s3 storage backend. GoToSocial uses "DNS-style" when accessing buckets. If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address | -| gotosocial.storage.s3.proxy | bool | `false` | If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL. | -| gotosocial.storage.s3.secretKey | string | `""` | Secret key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend. | -| gotosocial.storage.s3.useSSL | bool | `true` | Use SSL for S3 connections. Only set this to 'false' when testing locally. | -| gotosocial.tracing.enabled | bool | `false` | Enable OpenTelemetry based tracing support. | -| gotosocial.tracing.endpoint | string | `""` | Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme. | -| gotosocial.tracing.insecureTransport | bool | `false` | Disable TLS for the gRPC and HTTP transport protocols. | -| gotosocial.tracing.transport | string | `"grpc"` | Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP. | -| gotosocial.tz | string | `"UTC"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"superseriousbusiness/gotosocial"` | | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | accessMode | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"10Gi"` | size | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `8080` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | -| serviceAccount.create | bool | `false` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/gotosocial/_docs.gotmpl b/gotosocial/_docs.gotmpl deleted file mode 100644 index 8b13789..0000000 --- a/gotosocial/_docs.gotmpl +++ /dev/null @@ -1 +0,0 @@ - diff --git a/gotosocial/ci/ct-values.yaml b/gotosocial/ci/ct-values.yaml deleted file mode 100644 index 742b38e..0000000 --- a/gotosocial/ci/ct-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -gotosocial: - metrics: - enabled: true - auth: - enabled: true - username: "test" - password: "test1234" - -prometheus: - servicemonitor: - enabled: true - labels: - prometheus: default diff --git a/gotosocial/templates/NOTES.txt b/gotosocial/templates/NOTES.txt deleted file mode 100644 index 83a6715..0000000 --- a/gotosocial/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gotosocial.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gotosocial.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gotosocial.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gotosocial.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/gotosocial/templates/_helpers.tpl b/gotosocial/templates/_helpers.tpl deleted file mode 100644 index 5d536d9..0000000 --- a/gotosocial/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "gotosocial.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gotosocial.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gotosocial.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "gotosocial.labels" -}} -helm.sh/chart: {{ include "gotosocial.chart" . }} -{{ include "gotosocial.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "gotosocial.selectorLabels" -}} -app.kubernetes.io/name: {{ include "gotosocial.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "gotosocial.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "gotosocial.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/gotosocial/templates/deployment.yaml b/gotosocial/templates/deployment.yaml deleted file mode 100644 index 9f13ba1..0000000 --- a/gotosocial/templates/deployment.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "gotosocial.fullname" . }} - labels: - {{- include "gotosocial.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - strategy: - type: Recreate - selector: - matchLabels: - {{- include "gotosocial.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - "confighash": {{ toYaml .Values.gotosocial | sha256sum | trunc 32 }} - "confighash.metrics-auth": {{ toYaml .Values.gotosocial.metrics.auth | sha256sum | trunc 32 }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gotosocial.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gotosocial.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image}} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "gotosocial.fullname" . }} - {{- if .Values.gotosocial.metrics.auth.enabled }} - - secretRef: - name: {{ include "gotosocial.fullname" . }}-metrics-auth - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - startupProbe: - httpGet: - path: / - port: http - failureThreshold: 60 - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: data - mountPath: /gotosocial/storage - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: data - {{- if .Values.persistence.enabled }} - {{- if .Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ .Values.persistence.hostPath | quote }} - {{- else }}{{/* else .persistence.hostPath */}} - persistentVolumeClaim: - claimName: {{ coalesce .Values.persistence.existingClaim (include "gotosocial.fullname" .) }} - {{- end }}{{/* end-else .persistence.hostPath */}} - {{- else }}{{/* else .persistence.enabled */}} - emptyDir: {} - {{- end }}{{/* end-else .persistence.enabled */}} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/gotosocial/templates/hpa.yaml b/gotosocial/templates/hpa.yaml deleted file mode 100644 index 52cb678..0000000 --- a/gotosocial/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gotosocial.fullname" . }} - labels: - {{- include "gotosocial.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "gotosocial.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/gotosocial/templates/ingress.yaml b/gotosocial/templates/ingress.yaml deleted file mode 100644 index 0d622c7..0000000 --- a/gotosocial/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "gotosocial.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "gotosocial.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/gotosocial/templates/metrics/secret.yaml b/gotosocial/templates/metrics/secret.yaml deleted file mode 100644 index d3362c6..0000000 --- a/gotosocial/templates/metrics/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- with .Values.gotosocial.metrics.auth }} -{{- if and $.Values.gotosocial.metrics.enabled .enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "gotosocial.fullname" $ }}-metrics-auth - labels: - {{- include "gotosocial.labels" $ | nindent 4 }} - annotations: - "confighash.metrics-auth": {{ toYaml . | sha256sum | trunc 32 }} -data: - GTS_METRICS_AUTH_ENABLED: {{ "true" | b64enc }} - GTS_METRICS_AUTH_USERNAME: {{ .username | b64enc }} - GTS_METRICS_AUTH_PASSWORD: {{ .password | b64enc }} -{{- end }}{{/* end-if .enabled */}} -{{- end }}{{/* end-with .gotosocial.metrics.auth */}} diff --git a/gotosocial/templates/metrics/servicemonitor.yaml b/gotosocial/templates/metrics/servicemonitor.yaml deleted file mode 100644 index f5149cf..0000000 --- a/gotosocial/templates/metrics/servicemonitor.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.gotosocial.metrics.enabled .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "gotosocial.fullname" . }} - labels: - {{- include "gotosocial.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "gotosocial.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: "/metrics" - {{- if .Values.gotosocial.metrics.auth.enabled }} - basicAuth: - username: - name: {{ include "gotosocial.fullname" . }}-metrics-auth - key: GTS_METRICS_AUTH_USERNAME - password: - name: {{ include "gotosocial.fullname" . }}-metrics-auth - key: GTS_METRICS_AUTH_PASSWORD - {{- end }} -{{- end }} diff --git a/gotosocial/templates/secret.yaml b/gotosocial/templates/secret.yaml deleted file mode 100644 index 070a6f6..0000000 --- a/gotosocial/templates/secret.yaml +++ /dev/null @@ -1,142 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "gotosocial.fullname" . }} - annotations: - "confighash": {{ toYaml .Values.gotosocial | sha256sum | trunc 32 }} - labels: - {{- include "gotosocial.labels" . | nindent 4 }} -data: - {{- with .Values.gotosocial }} - TZ: {{ .tz | b64enc }} - - GTS_APPLICATION_NAME: {{ .applicationName | b64enc }} - {{- with .landingPageUser }} - GTS_LANDING_PAGE_USER: {{ . | b64enc }} - {{- end }} - GTS_HOST: {{ .host | b64enc }} - GTS_ACCOUNT_DOMAIN: {{ .accountDomain | b64enc }} - - GTS_DB_TYPE: {{ .database.type | b64enc }} - {{- if (eq .database.type "sqlite") }} - {{- if (eq .storage.backend "local") }} - GTS_DB_ADDRESS: {{ "/gotosocial/storage/sqlite.db" | b64enc }} - GTS_DB_SQLITE_JOURNAL_MODE: {{ "WAL" | b64enc }} - GTS_DB_SQLITE_SYNCHRONOUS: {{ "NORMAL" | b64enc }} - GTS_DB_SQLITE_CACHE_SIZE: {{ "8MiB" | b64enc }} - GTS_DB_SQLITE_BUSY_TIMEOUT: {{ "30m" | b64enc }} - {{- else }} - {{- fail "sqlite needs storage-backend is local" }} - {{- end }}{{/* end-else-if local */}} - {{- else }}{{/* else-if sqlite */}} - {{- with .database }} - GTS_DB_ADDRESS: {{ .address | b64enc }} - GTS_DB_PORT: {{ toYaml .port | b64enc }} - GTS_DB_USER: {{ .username | b64enc }} - GTS_DB_PASSWORD: {{ .password | b64enc }} - GTS_DB_DATABASE: {{ .database | b64enc }} - GTS_DB_TLS_MODE: {{ .tlsMode | b64enc }} - {{- with .tlsCACert }} - GTS_DB_TLS_CA_CERT: {{ . | b64enc }} - {{- end }} - GTS_DB_MAX_OPEN_CONNS_MULTIPLIER: {{ "8" | b64enc }} - {{- end }}{{/* end-with .database */}} - {{- end }}{{/* end-else-if sqlite */}} - - {{- with .instance }} - {{- with .languages }} - GTS_INSTANCE_LANGUAGES: {{ . | join "," | b64enc }} - {{- end }} - {{- with .federation }} - GTS_INSTANCE_FEDERATION_MODE: {{ .mode | b64enc }} - GTS_INSTANCE_FEDERATION_SPAM_FILTER: {{ toYaml .spamFilter | b64enc }} - {{- end }}{{/* end-with federation */}} - {{- with .expose }} - GTS_INSTANCE_EXPOSE_PEERS: {{ toYaml .peers | b64enc }} - GTS_INSTANCE_EXPOSE_SUSPENDED: {{ toYaml .suspended | b64enc }} - GTS_INSTANCE_EXPOSE_SUSPENDED_WEB: {{ toYaml .suspendedWeb | b64enc }} - GTS_INSTANCE_EXPOSE_PUBLIC_TIMELINE: {{ toYaml .publicTimeline | b64enc }} - {{- end }}{{/* end-with expose */}} - GTS_INSTANCE_DELIVER_TO_SHARED_INBOXES: {{ toYaml .deliverToSharedInboxes | b64enc }} - GTS_INSTANCE_INJECT_MASTODON_VERSION: {{ toYaml .injectMastodonVersion | b64enc }} - {{- end }}{{/* end-with instance */}} - - {{- with .accounts }} - GTS_ACCOUNTS_REGISTRATION_OPEN: {{ toYaml .registrationOpen | b64enc }} - GTS_ACCOUNTS_APPROVAL_REQUIRED: {{ toYaml .approvalRequired | b64enc }} - GTS_ACCOUNTS_REASON_REQUIRED: {{ toYaml .reasonRequired | b64enc }} - GTS_ACCOUNTS_ALLOW_CUSTOM_CSS: {{ toYaml .allowCustomCSS | b64enc }} - GTS_ACCOUNTS_CUSTOM_CSS_LENGTH: {{ toYaml .customCSSLength | b64enc }} - {{- end }}{{/* end-with accounts */}} - - GTS_STORAGE_BACKEND: {{ .storage.backend | b64enc }} - {{- if (eq .storage.backend "local") }} - GTS_STORAGE_LOCAL_BASE_PATH: {{ "/gotosocial/storage" | b64enc }} - {{- end }} - {{- if (eq .storage.backend "s3") }} - {{- with .storage.s3 }} - {{- with .endpoint }} - GTS_STORAGE_S3_ENDPOINT: {{ toYaml . | b64enc }} - {{- end }} - {{- with .proxy }} - GTS_STORAGE_S3_PROXY: {{ toYaml . | b64enc }} - {{- end }} - {{- with .useSSL }} - GTS_STORAGE_S3_USE_SSL: {{ toYaml . | b64enc }} - {{- end }} - {{- with .bucket }} - GTS_STORAGE_S3_BUCKET: {{ toYaml . | b64enc }} - {{- end }} - {{- with .accessKey }} - GTS_STORAGE_S3_ACCESS_KEY: {{ toYaml . | b64enc }} - {{- end }} - {{- with .secretKey }} - GTS_STORAGE_S3_SECRET_KEY: {{ toYaml . | b64enc }} - {{- end }} - {{- end }}{{/* end-with .storage.s3 */}} - {{- end }}{{/* end-if .storage.backed == s3 */}} - - {{- with .oidc }} - GTS_OIDC_ENABLED: {{ toYaml .enabled | b64enc }} - GTS_OIDC_IDP_NAME: {{ .idpName | b64enc }} - GTS_OIDC_SKIP_VERIFICATION: {{ toYaml .skipVerification | b64enc }} - GTS_OIDC_ISSUER: {{ .issuer | b64enc }} - GTS_OIDC_CLIENT_ID: {{ .clientID | b64enc }} - GTS_OIDC_CLIENT_SECRET: {{ .clientSecret | b64enc }} - GTS_OIDC_SCOPES: {{ .scopes | join "," | b64enc }} - GTS_OIDC_LINK_EXISTING: {{ toYaml .linkExisting | b64enc }} - GTS_OIDC_ADMIN_GROUPS: {{ .adminGroups | join "," | b64enc }} - {{- end }}{{/* end-with oidc */}} - - {{- with .smtp }} - {{- with .host }} - GTS_SMTP_HOST: {{ . | b64enc }} - {{- end }} - GTS_SMTP_PORT: {{ toYaml .port | b64enc }} - {{- with .username }} - GTS_SMTP_USERNAME: {{ . | b64enc }} - {{- end }} - {{- with .password }} - GTS_SMTP_PASSWORD: {{ . | b64enc }} - {{- end }} - {{- with .from }} - GTS_SMTP_FROM: {{ . | b64enc }} - {{- end }} - GTS_SMTP_DISCLOSE_RECIPIENTS: {{ toYaml .discloseRecipients | b64enc }} - {{- end }}{{/* end-with smtp */}} - - GTS_METRICS_ENABLED: {{ toYaml .metrics.enabled | b64enc }} - - # https://www.w3.org/TR/trace-context/#traceparent-header - GTS_REQUEST_ID_HEADER: {{ "Traceparent" | b64enc }} - {{- with .tracing }} - {{- if .enabled }} - GTS_TRACING_ENABLED: {{ "true" | b64enc}} - GTS_TRACING_TRANSPORT: {{ .transport | b64enc }} - GTS_TRACING_ENDPOINT: {{ .endpoint | b64enc }} - GTS_TRACING_INSECURE_TRANSPORT: {{ toYaml .insecureTransport | b64enc }} - {{- end }}{{/* end-if .tracing.enabled */}} - {{- end }}{{/* end-with .tracing */}} - - {{- end }}{{/* end-with .gotosocial */}} diff --git a/gotosocial/templates/service.yaml b/gotosocial/templates/service.yaml deleted file mode 100644 index 0d2bf2d..0000000 --- a/gotosocial/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gotosocial.fullname" . }} - labels: - {{- include "gotosocial.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "gotosocial.selectorLabels" . | nindent 4 }} diff --git a/gotosocial/templates/serviceaccount.yaml b/gotosocial/templates/serviceaccount.yaml deleted file mode 100644 index 3adecd6..0000000 --- a/gotosocial/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gotosocial.serviceAccountName" . }} - labels: - {{- include "gotosocial.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/gotosocial/templates/tests/test-connection.yaml b/gotosocial/templates/tests/test-connection.yaml deleted file mode 100644 index 546b2f6..0000000 --- a/gotosocial/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "gotosocial.fullname" . }}-test-connection" - labels: - {{- include "gotosocial.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "gotosocial.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/gotosocial/values.yaml b/gotosocial/values.yaml deleted file mode 100644 index 11260c5..0000000 --- a/gotosocial/values.yaml +++ /dev/null @@ -1,400 +0,0 @@ -# Default values for gotosocial. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -replicaCount: 1 - -image: - registry: docker.io - repository: superseriousbusiness/gotosocial - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -gotosocial: - tz: "UTC" - applicationName: "gotosocial" - landingPageUser: "" - host: "localhost" - accountDomain: "" - database: - # -- Database type. - # Options: ["postgres","sqlite"] - type: "sqlite" - # -- Database address or parameters. - # For Postgres, this should be the address or socket at which the database can be reached. - address: "" - # -- Port for database connection. - port: 5432 - # -- Username for the database connection. - username: "" - # -- Password to use for the database connection - password: "" - # -- Name of the database to use within the provided database type. - database: "gotosocial" - # -- Disable, enable, or require SSL/TLS connection to the database. - # If "disable" then no TLS connection will be attempted. - # If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs). - # If "require" then TLS will be required to make a connection, and a valid certificate must be presented. - tlsMode: "disabled" - # -- Path to a CA certificate on the host machine for db certificate validation. - # If this is left empty, just the host certificates will be used. - # If filled in, the certificate will be loaded and added to host certificates. - tlsCACert: "" - - instance: - # -- BCP47 language tags to indicate preferred languages of users on this instance. - # - # If you provide these, you should provide these in order from most-preferred to least-preferred, - # but note that leaving out a language from this array doesn't mean it can't be used on this instance, - # it only means it won't be advertised as a preferred instance language. - # - # It is valid to provide no entries here; your instance will then have no particular preferred language. - # - # See here for commonly-used tags: https://en.wikipedia.org/wiki/IETF_language_tag#List_of_common_primary_language_subtags - # See here for all current tags: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry - # - # Example: ["nl", "en-gb", "fr"] - languages: [] - federation: - # -- Federation mode to use for this instance. - # - # "blocklist" -- open federation by default. Only instances that are explicitly - # blocked will be denied (unless they are also explicitly allowed). - # - # "allowlist" -- closed federation by default. Only instances that are explicitly - # allowed will be able to interact with this instance. - # - # For more details on blocklist and allowlist modes, check the documentation at: - # https://docs.gotosocial.org/en/latest/admin/federation_modes - # - # Options: ["blocklist", "allowlist"] - mode: "blocklist" - # -- Enable spam filtering heuristics for messages entering your instance - # via the federation API. Regardless of what you set here, basic checks - # for message relevancy will still be performed, but you can try enabling - # this setting if you are being spammed with unwanted messages from other - # instances, and want to more strictly filter out spam messages. - # - # THIS IS CURRENTLY AN EXPERIMENTAL SETTING, AND MAY FILTER OUT LEGITIMATE - # MESSAGES, OR FAIL TO FILTER OUT SPAMMY MESSAGES. It is recommended to - # only enable this setting when the fediverse is in the midst of a spam - # wave, and you need to batten down the hatches to keep your instance usable. - # - # The decision of whether a message counts as spam or not is made based on - # the following heuristics, in order, where receiver = the account on your - # instance that received a message in their inbox, and requester = the - # account on a remote instance that sent the message. - # - # First, basic relevancy checks - # - # 1. Receiver follows requester. Return OK. - # 2. Statusable doesn't mention receiver. Return NotRelevant. - # - # If instance-federation-spam-filter = false, then return OK now. - # Otherwise check: - # - # 3. Receiver is locked and is followed by requester. Return OK. - # 4. Five or more people are mentioned. Return Spam. - # 5. Receiver follow (requests) a mentioned account. Return OK. - # 6. Statusable has a media attachment. Return Spam. - # 7. Statusable contains non-mention, non-hashtag links. Return Spam. - # - # Messages identified as spam will be dropped from your instance, and not - # inserted into the database, or into home timelines or notifications. - spamFilter: false - expose: - # -- Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order - # to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated - # users (members of the instance) will still be able to query the endpoint. - peers: false - # -- Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order - # to see a list of instances that this instance blocks/suspends. Even if set to 'false', then authenticated - # users (members of the instance) will still be able to query the endpoint. - # - # WARNING: Setting this variable to 'true' may result in your instance being scraped by blocklist scrapers. - # See: https://docs.gotosocial.org/en/latest/admin/domain_blocks/#block-announce-bots - suspended: false - # -- Allow unauthenticated users to view /about/suspended, - # showing the HTML rendered list of instances that this instance blocks/suspends. - suspendedWeb: false - # -- This flag tweaks whether GoToSocial will deliver ActivityPub messages - # to the shared inbox of a recipient, if one is available, instead of delivering - # each message to each actor who should receive a message individually. - # - # Shared inbox delivery can significantly reduce network load when delivering - # to multiple recipients share an inbox (eg., on large Mastodon instances). - # - # See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery - publicTimeline: false - # -- This flag tweaks whether GoToSocial will deliver ActivityPub messages - # to the shared inbox of a recipient, if one is available, instead of delivering - # each message to each actor who should receive a message individually. - # - # Shared inbox delivery can significantly reduce network load when delivering - # to multiple recipients share an inbox (eg., on large Mastodon instances). - # - # See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery - deliverToSharedInboxes: true - # -- This flag will inject a Mastodon version into the version field that - # is included in /api/v1/instance. This version is often used by Mastodon clients - # to do API feature detection. By injecting a Mastodon compatible version, it is - # possible to cajole those clients to behave correctly with GoToSocial. - injectMastodonVersion: false - - accounts: - # -- Do we want people to be able to just submit sign up requests, or do we want invite only? - registrationOpen: true - # -- Do sign up requests require approval from an admin/moderator before an account can sign in/use the server? - approvalRequired: true - # -- Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)? - reasonRequired: true - # -- Allow accounts on this instance to set custom CSS for their profile pages and statuses. - # Enabling this setting will allow accounts to upload custom CSS via the /user settings page, - # which will then be rendered on the web view of the account's profile and statuses. - # - # For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false', - # since setting it to true allows malicious accounts to make their profile pages misleading, unusable - # or even dangerous to visitors. In other words, you should only enable this setting if you trust - # the users on your instance not to produce harmful CSS. - # - # Regardless of what this value is set to, any uploaded CSS will not be federated to other instances, - # it will only be shown on profiles and statuses on *this* instance. - allowCustomCSS: false - # -- If accounts-allow-custom-css is true, this is the permitted length in characters for - # CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false. - customCSSLength: 10000 - storage: - # -- Type of storage backend to use. - # Examples: ["local", "s3"] - # Default: "local" (storage on local disk) - backend: "local" - s3: - # -- API endpoint of the S3 compatible service. - # Only required when running with the s3 storage backend. - # GoToSocial uses "DNS-style" when accessing buckets. - # If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address - endpoint: "" - # -- If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL. - proxy: false - # -- Use SSL for S3 connections. - # - # Only set this to 'false' when testing locally. - useSSL: true - # -- Name of the storage bucket. - # - # If you have already encoded your bucket name in the storage-s3-endpoint, this - # value will be used as a directory containing your data. - # - # The bucket must exist prior to starting GoToSocial - # - # Only required when running with the s3 storage backend. - bucket: "" - # -- Access key part of the S3 credentials. - # Consider setting this value using environment variables to avoid leaking it via the config file - # Only required when running with the s3 storage backend. - accessKey: "" - # -- Secret key part of the S3 credentials. - # Consider setting this value using environment variables to avoid leaking it via the config file - # Only required when running with the s3 storage backend. - secretKey: "" - oidc: - # -- Enable authentication with external OIDC provider. If set to true, then - # the other OIDC options must be set as well. If this is set to false, then the standard - # internal oauth flow will be used, where users sign in to GtS with username/password. - enabled: false - # -- Name of the oidc idp (identity provider). This will be shown to users when they log in. - idpName: "" - # -- Skip the normal verification flow of tokens returned from the OIDC provider, ie., - # don't check the expiry or signature. This should only be used in debugging or testing, - # never ever in a production environment as it's extremely unsafe! - skipVerification: false - # -- The OIDC issuer URI. This is where GtS will redirect users to for login. - # Typically this will look like a standard web URL. - issuer: "" - # -- The ID for this client as registered with the OIDC provider. - clientID: "" - # -- The secret for this client as registered with the OIDC provider. - clientSecret: "" - # -- Scopes to request from the OIDC provider. The returned values will be used to - # populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. - # 'profile' is used to extract a username for the newly created user. - # 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups. - scopes: - - "openid" - - "email" - - "profile" - - "groups" - # -- Link OIDC authenticated users to existing ones based on their email address. - # This is mostly intended for migration purposes if you were running previous versions of GTS - # which only correlated users with their email address. Should be set to false for most usecases. - linkExisting: false - # -- If the returned ID token contains a 'groups' claim that matches one of the - # groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance - adminGroups: - - "admins" - smtp: - # -- The hostname of the smtp server you want to use. - # If this is not set, smtp will not be used to send emails, and you can ignore the other settings. - host: "" - # -- Port to use to connect to the smtp server. - port: 0 - # -- Username to use when authenticating with the smtp server. - # This should have been provided to you by your smtp host. - # This is often, but not always, an email address. - username: "" - # -- Password to use when authenticating with the smtp server. - # This should have been provided to you by your smtp host. - password: "" - # -- 'From' address for sent emails. - from: "" - # -- If true, when an email is sent that has multiple recipients, each recipient - # will be included in the To field, so that each recipient can see who else got the - # email, and they can 'reply all' to the other recipients if they want to. - # - # If false, email will be sent to Undisclosed Recipients, and each recipient will not - # be able to see who else received the email. - # - # It might be useful to change this setting to 'true' if you want to be able to discuss - # new moderation reports with other admins by 'replying-all' to the notification email. - discloseRecipients: false - metrics: - enabled: true - auth: - enabled: false - username: "" - password: "" - tracing: - # -- Enable OpenTelemetry based tracing support. - enabled: false - # -- Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP. - transport: grpc - # -- Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme. - endpoint: "" - # -- Disable TLS for the gRPC and HTTP transport protocols. - insecureTransport: false - -prometheus: - servicemonitor: - enabled: false - labels: {} - -serviceAccount: - # -- Specifies whether a service account should be created - create: false - # -- Automatically mount a ServiceAccount's API credentials? - automount: true - # -- Annotations to add to the service account - annotations: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 8080 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} - - -persistence: - # -- Enable persistence using Persistent Volume Claims - # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - enabled: true - annotations: {} - # -- Persistent Volume Storage Class - # If defined, storageClassName: - # If set to "-", storageClassName: "", which disables dynamic provisioning - # If undefined (the default) or set to null, no storageClassName spec is - # set, choosing the default provisioner. (gp2 on AWS, standard on - # GKE, AWS & OpenStack) - storageClass: - - # -- A manually managed Persistent Volume and Claim - # Requires persistence.enabled: true - # If defined, PVC must be created manually before volume will be bound - existingClaim: - - # -- Do not create an PVC, direct use hostPath in Pod - hostPath: - # -- accessMode - accessMode: ReadWriteOnce - # -- size - size: 10Gi diff --git a/grampsweb/Chart.yaml b/grampsweb/Chart.yaml index 14b651e..0426216 100644 --- a/grampsweb/Chart.yaml +++ b/grampsweb/Chart.yaml @@ -3,9 +3,8 @@ name: grampsweb description: A Helm chart for gramps web icon: https://raw.githubusercontent.com/gramps-project/Gramps.js/main/images/icon512.png type: application -version: "0.2.6" -# renovate: image=ghcr.io/gramps-project/grampsweb -appVersion: "24.12.2" +version: 0.1.4 +appVersion: "24.1.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/speedtest-exporter/README.adoc b/grampsweb/README.adoc similarity index 57% rename from speedtest-exporter/README.adoc rename to grampsweb/README.adoc index 3c767c6..4f52b4c 100644 --- a/speedtest-exporter/README.adoc +++ b/grampsweb/README.adoc @@ -1,10 +1,10 @@ -= speedtest-exporter += grampsweb -image::https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square[Version: 0.2.1] +image::https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square[Version: 0.1.4] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-3.5.4-informational?style=flat-square[AppVersion: 3.5.4] +image::https://img.shields.io/badge/AppVersion-24.1.0-informational?style=flat-square[AppVersion: 24.1.0] == Maintainers .Maintainers @@ -24,21 +24,21 @@ Once Helm has been set up correctly, fetch the charts as follows: [source,bash] ---- -helm pull oci://codeberg.org/wrenix/helm-charts/speedtest-exporter +helm pull oci://codeberg.org/wrenix/helm-charts/grampsweb ---- You can install a chart release using the following command: [source,bash] ---- -helm install speedtest-exporter-release oci://codeberg.org/wrenix/helm-charts/speedtest-exporter --values values.yaml +helm install grampsweb-release oci://codeberg.org/wrenix/helm-charts/grampsweb --values values.yaml ---- To uninstall a chart release use `helm`'s delete command: [source,bash] ---- -helm uninstall speedtest-exporter-release +helm uninstall grampsweb-release ---- == Values @@ -72,49 +72,49 @@ helm uninstall speedtest-exporter-release | `80` | -| config.cacheFor -| int -| `0` -| cache result for seconds - -| config.server -| string -| `nil` -| speedtest-serverid - -| config.timeout -| int -| `90` -| timeout of speedtest - | fullnameOverride | string | `""` | -| global.image.pullPolicy +| gramps.baseURL | string -| `nil` -| if set it will overwrite all pullPolicy - -| global.image.registry -| string -| `nil` -| if set it will overwrite all registry entries - -| grafana.dashboards.annotations -| object -| `{}` +| `"https://gramps.example.org"` | -| grafana.dashboards.enabled +| gramps.mail.from +| string +| `nil` +| "From" address for automated e-mails + +| gramps.mail.host +| string +| `nil` +| SMTP server host (e.g. for sending password reset e-mails) + +| gramps.mail.password +| string +| `nil` +| SMTP server password + +| gramps.mail.port +| int +| `465` +| SMTP server port. + +| gramps.mail.useTLS | bool -| `false` -| +| `true` +| Boolean, whether to use TLS for sending e-mails. Defaults to true. When using STARTTLS, set this to false and use a port different from 25. -| grafana.dashboards.labels.grafana_dashboard +| gramps.mail.username | string -| `"1"` +| `nil` +| SMTP server username + +| gramps.tree +| string +| `"Gramps Web"` | | image.pullPolicy @@ -129,7 +129,7 @@ helm uninstall speedtest-exporter-release | image.repository | string -| `"miguelndecarvalho/speedtest-exporter"` +| `"gramps-project/grampsweb"` | | image.tag @@ -177,46 +177,51 @@ helm uninstall speedtest-exporter-release | `[]` | -| livenessProbe.httpGet.path -| string -| `"/"` -| - -| livenessProbe.httpGet.port -| string -| `"http"` -| - | nameOverride | string | `""` | -| networkPolicy.egress.enabled -| bool -| `false` -| activate egress no networkpolicy - -| networkPolicy.egress.extra -| list -| `[]` -| egress rules - -| networkPolicy.enabled -| bool -| `false` -| - -| networkPolicy.ingress.http -| list -| `[]` -| ingress for http port (e.g. ingress-controller, prometheus) - | nodeSelector | object | `{}` | +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"5Gi"` +| + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + | podAnnotations | object | `{}` @@ -232,36 +237,6 @@ helm uninstall speedtest-exporter-release | `{}` | -| prometheus.servicemonitor.enabled -| bool -| `false` -| - -| prometheus.servicemonitor.interval -| string -| `"1h"` -| interval - -| prometheus.servicemonitor.labels -| object -| `{}` -| - -| prometheus.servicemonitor.scrapeTimeout -| string -| `"2m"` -| scrape timeout - -| readinessProbe.httpGet.path -| string -| `"/"` -| - -| readinessProbe.httpGet.port -| string -| `"http"` -| - | replicaCount | int | `1` @@ -279,7 +254,7 @@ helm uninstall speedtest-exporter-release | service.port | int -| `80` +| `5000` | | service.type diff --git a/grampsweb/README.md b/grampsweb/README.md deleted file mode 100644 index 7d4b0d4..0000000 --- a/grampsweb/README.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: "grampsweb" - -description: "A Helm chart for gramps web" - ---- - -# grampsweb - -![Version: 0.2.6](https://img.shields.io/badge/Version-0.2.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 24.12.2](https://img.shields.io/badge/AppVersion-24.12.2-informational?style=flat-square) - -A Helm chart for gramps web - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/grampsweb -``` - -You can install a chart release using the following command: - -```bash -helm install grampsweb-release oci://codeberg.org/wrenix/helm-charts/grampsweb --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall grampsweb-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| gramps.baseURL | string | `"https://gramps.example.org"` | Base URL where the API can be reached (e.g. https://mygramps.mydomain.com/). This is necessary e.g. to build correct passwort reset links | -| gramps.mail.from | string | `nil` | "From" address for automated e-mails | -| gramps.mail.host | string | `nil` | SMTP server host (e.g. for sending password reset e-mails) | -| gramps.mail.password | string | `nil` | SMTP server password | -| gramps.mail.port | int | `465` | SMTP server port. | -| gramps.mail.useTLS | bool | `true` | Boolean, whether to use TLS for sending e-mails. Defaults to true. When using STARTTLS, set this to false and use a port different from 25. | -| gramps.mail.username | string | `nil` | SMTP server username | -| gramps.mediaPrefixTree | bool | `false` | whether or not to use a separate subfolder for the media files of each tree. Defaults to False, but strongly recommend to use True in a multi-tree setup | -| gramps.tree | string | `"Gramps Web"` | To enable multi-tree support, the TREE config option must be set to a single asterisk `*` | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"gramps-project/grampsweb"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"5Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `5000` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/grampsweb/templates/deployment.yaml b/grampsweb/templates/deployment.yaml index f3e15ae..7c6592f 100644 --- a/grampsweb/templates/deployment.yaml +++ b/grampsweb/templates/deployment.yaml @@ -36,6 +36,13 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.gramps }} + env: + - name: "GRAMPSWEB_TREE" + value: "{{ .tree }}" + - name: "GRAMPSWEB_BASE_URL" + value: "{{ .baseURL }}" + {{- end }} envFrom: - secretRef: name: {{ include "grampsweb.fullname" . }} diff --git a/grampsweb/templates/networkpolicy.yaml b/grampsweb/templates/networkpolicy.yaml deleted file mode 100644 index cec8c65..0000000 --- a/grampsweb/templates/networkpolicy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "grampsweb.fullname" . }} - labels: - {{- include "grampsweb.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "grampsweb.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: {{ .Values.service.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/grampsweb/templates/secret.yaml b/grampsweb/templates/secret.yaml index 2baa59e..ab2b1b0 100644 --- a/grampsweb/templates/secret.yaml +++ b/grampsweb/templates/secret.yaml @@ -6,15 +6,6 @@ metadata: labels: {{- include "grampsweb.labels" . | nindent 4 }} data: - {{- with .Values.gramps.baseURL }} - GRAMPSWEB_BASE_URL: {{ . | b64enc }} - {{- end }} - {{- with .Values.gramps.tree }} - GRAMPSWEB_TREE: {{ . | b64enc }} - {{- end }} - {{- with .Values.gramps.mediaPrefixTree }} - GRAMPSWEB_MEDIA_PREFIX_TREE: {{ . | ternary "TRUE" "FALSE" | b64enc }} - {{- end }} {{- with .Values.gramps.mediaBaseDir }} GRAMPSWEB_MEDIA_BASE_DIR: {{ . | b64enc }} {{- end }} diff --git a/grampsweb/values.yaml b/grampsweb/values.yaml index 5427161..0fc804a 100644 --- a/grampsweb/values.yaml +++ b/grampsweb/values.yaml @@ -16,12 +16,8 @@ nameOverride: "" fullnameOverride: "" gramps: - # -- To enable multi-tree support, the TREE config option must be set to a single asterisk `*` tree: "Gramps Web" - # -- Base URL where the API can be reached (e.g. https://mygramps.mydomain.com/). This is necessary e.g. to build correct passwort reset links baseURL: "https://gramps.example.org" - # -- whether or not to use a separate subfolder for the media files of each tree. Defaults to False, but strongly recommend to use True in a multi-tree setup - mediaPrefixTree: false mail: # -- SMTP server host (e.g. for sending password reset e-mails) host: @@ -90,17 +86,6 @@ service: type: ClusterIP port: 5000 -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/headscale-ui/Chart.yaml b/headscale-ui/Chart.yaml index 5c486cd..fe213cc 100644 --- a/headscale-ui/Chart.yaml +++ b/headscale-ui/Chart.yaml @@ -3,9 +3,8 @@ name: headscale-ui description: A simple Headscale web UI for small-scale deployments. icon: https://raw.githubusercontent.com/gurucomputing/headscale-ui/master/static/favicon.png type: application -version: 0.2.2 -# renovate: image=ghcr.io/gurucomputing/headscale-ui -appVersion: "2025.01.20" +version: 0.1.2 +appVersion: "2023.01.30-beta-1" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/headscale-ui/README.adoc b/headscale-ui/README.adoc new file mode 100644 index 0000000..3e4744a --- /dev/null +++ b/headscale-ui/README.adoc @@ -0,0 +1,206 @@ + + += headscale-ui + +image::https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square[Version: 0.1.2] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-2023.01.30-beta-1-informational?style=flat-square[AppVersion: 2023.01.30-beta-1] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/headscale-ui +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install headscale-ui-release oci://codeberg.org/wrenix/helm-charts/headscale-ui --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall headscale-ui-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.repository +| string +| `"ghcr.io/gurucomputing/headscale-ui"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `80` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/headscale-ui/README.md b/headscale-ui/README.md deleted file mode 100644 index 6692895..0000000 --- a/headscale-ui/README.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: "headscale-ui" - -description: "A simple Headscale web UI for small-scale deployments." - ---- - -# headscale-ui - -![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2025.01.20](https://img.shields.io/badge/AppVersion-2025.01.20-informational?style=flat-square) - -A simple Headscale web UI for small-scale deployments. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/headscale-ui -``` - -You can install a chart release using the following command: - -```bash -helm install headscale-ui-release oci://codeberg.org/wrenix/helm-charts/headscale-ui --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall headscale-ui-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"gurucomputing/headscale-ui"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| networkPolicy.ingress.https | list | `[]` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port.http | int | `8080` | | -| service.port.https | int | `8443` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/headscale-ui/templates/deployment.yaml b/headscale-ui/templates/deployment.yaml index bb2d38b..29a6155 100644 --- a/headscale-ui/templates/deployment.yaml +++ b/headscale-ui/templates/deployment.yaml @@ -34,21 +34,11 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image}} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "HTTP_PORT" - value: {{ .Values.service.port.http | quote }} - - name: "HTTPS_PORT" - value: {{ .Values.service.port.https | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http - containerPort: {{ .Values.service.port.http }} - protocol: TCP - - name: https - containerPort: {{ .Values.service.port.https }} + containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: httpGet: diff --git a/headscale-ui/templates/ingress.yaml b/headscale-ui/templates/ingress.yaml index 3919fc1..885bcbf 100644 --- a/headscale-ui/templates/ingress.yaml +++ b/headscale-ui/templates/ingress.yaml @@ -1,6 +1,18 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "headscale-ui.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }} @@ -11,8 +23,8 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} {{- end }} {{- if .Values.ingress.tls }} tls: @@ -31,12 +43,19 @@ spec: paths: {{- range .paths }} - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: name: {{ $fullName }} port: - name: http + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/headscale-ui/templates/networkpolicy.yaml b/headscale-ui/templates/networkpolicy.yaml deleted file mode 100644 index 0a01ab1..0000000 --- a/headscale-ui/templates/networkpolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "headscale-ui.fullname" . }} - labels: - {{- include "headscale-ui.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "headscale-ui.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - {{- with .Values.networkPolicy.ingress.http }} - - ports: - - port: {{ $.Values.service.port.http }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.ingress.https }} - - ports: - - port: {{ $.Values.service.port.https }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/headscale-ui/templates/service.yaml b/headscale-ui/templates/service.yaml index 4e5818e..7a3c136 100644 --- a/headscale-ui/templates/service.yaml +++ b/headscale-ui/templates/service.yaml @@ -7,13 +7,9 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port.http }} + - port: {{ .Values.service.port }} targetPort: http protocol: TCP name: http - - port: {{ .Values.service.port.https }} - targetPort: https - protocol: TCP - name: https selector: {{- include "headscale-ui.selectorLabels" . | nindent 4 }} diff --git a/headscale-ui/values.yaml b/headscale-ui/values.yaml index 47015d1..7fa54df 100644 --- a/headscale-ui/values.yaml +++ b/headscale-ui/values.yaml @@ -1,15 +1,11 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: +# Default values for headscale-ui. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. replicaCount: 1 image: - registry: ghcr.io - repository: gurucomputing/headscale-ui + repository: ghcr.io/gurucomputing/headscale-ui pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -43,21 +39,7 @@ securityContext: {} service: type: ClusterIP - port: - http: 8080 - https: 8443 - -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - https: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] + port: 80 ingress: enabled: false diff --git a/headscale/.gitignore b/headscale/.gitignore deleted file mode 100644 index dea9083..0000000 --- a/headscale/.gitignore +++ /dev/null @@ -1 +0,0 @@ -values_test.yaml diff --git a/headscale/Chart.yaml b/headscale/Chart.yaml index b461907..1cea2e3 100644 --- a/headscale/Chart.yaml +++ b/headscale/Chart.yaml @@ -3,9 +3,8 @@ name: headscale description: An open source, self-hosted implementation of the Tailscale control server. icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg type: application -version: 1.0.0 -# renovate: image=ghcr.io/headscale/headscale -appVersion: "0.23.0" +version: 0.2.3 +appVersion: "0.22.3" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/headscale/README.adoc b/headscale/README.adoc new file mode 100644 index 0000000..07ff7ec --- /dev/null +++ b/headscale/README.adoc @@ -0,0 +1,426 @@ + + += headscale + +image::https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square[Version: 0.2.3] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-0.22.3-informational?style=flat-square[AppVersion: 0.22.3] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/headscale +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall headscale-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| headscale.certmanager.dnsNames[0] +| string +| `"example.com"` +| + +| headscale.certmanager.enabled +| bool +| `true` +| + +| headscale.certmanager.issuerRef.group +| string +| `"cert-manager.io"` +| + +| headscale.certmanager.issuerRef.kind +| string +| `"ClusterIssuer"` +| + +| headscale.certmanager.issuerRef.name +| string +| `"letsencrypt-prod"` +| + +| headscale.config.db_path +| string +| `"/var/lib/headscale/db.sqlite"` +| + +| headscale.config.db_type +| string +| `"sqlite3"` +| + +| headscale.config.derp.paths +| list +| `[]` +| + +| headscale.config.derp.server.enabled +| bool +| `true` +| + +| headscale.config.derp.server.region_code +| string +| `"headscale"` +| + +| headscale.config.derp.server.region_id +| int +| `999` +| + +| headscale.config.derp.server.region_name +| string +| `"Headscale Embedded DERP"` +| + +| headscale.config.derp.server.stun_listen_addr +| string +| `"0.0.0.0:3478"` +| + +| headscale.config.derp.update_frequency +| string +| `"24h"` +| + +| headscale.config.derp.urls +| list +| `[]` +| + +| headscale.config.disable_check_updates +| bool +| `true` +| + +| headscale.config.grpc_listen_addr +| string +| `":50443"` +| + +| headscale.config.listen_addr +| string +| `":8080"` +| + +| headscale.config.metrics_listen_addr +| string +| `":9090"` +| + +| headscale.config.noise.private_key_path +| string +| `"/etc/headscale/secrets/noise.key"` +| + +| headscale.config.private_key_path +| string +| `"/etc/headscale/secrets/wireguard.key"` +| + +| headscale.config.server_url +| string +| `"http://127.0.0.1:8080"` +| + +| headscale.config.tls_cert_path +| string +| `"/etc/headscale/certs/tls.crt"` +| + +| headscale.config.tls_key_path +| string +| `"/etc/headscale/certs/tls.key"` +| + +| headscale.keys.create +| bool +| `true` +| Create a new private key, if not exists + +| headscale.keys.existingSecret +| string +| `""` +| Use an existing secret + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.repository +| string +| `"headscale/headscale"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `false` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Create a PV on Node with given hostPath storageClass has to be manual + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| prometheus.rules.additionalRules +| list +| `[]` +| + +| prometheus.rules.enabled +| bool +| `false` +| + +| prometheus.rules.labels +| object +| `{}` +| + +| prometheus.servicemonitor.enabled +| bool +| `false` +| + +| prometheus.servicemonitor.labels +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.annotations +| string +| `nil` +| + +| service.derp.annotations +| string +| `nil` +| + +| service.derp.port +| int +| `3478` +| + +| service.derp.type +| string +| `"LoadBalancer"` +| + +| service.port.grpc +| int +| `50443` +| + +| service.port.http +| int +| `8080` +| + +| service.port.metrics +| int +| `9090` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/headscale/README.md b/headscale/README.md deleted file mode 100644 index 3e80569..0000000 --- a/headscale/README.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: "headscale" - -description: "An open source, self-hosted implementation of the Tailscale control server." - ---- - -# headscale - -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.23.0](https://img.shields.io/badge/AppVersion-0.23.0-informational?style=flat-square) - -An open source, self-hosted implementation of the Tailscale control server. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/headscale -``` - -You can install a chart release using the following command: - -```bash -helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall headscale-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| headscale.certmanager.dnsNames[0] | string | `"example.com"` | | -| headscale.certmanager.enabled | bool | `true` | | -| headscale.certmanager.issuerRef.group | string | `"cert-manager.io"` | | -| headscale.certmanager.issuerRef.kind | string | `"ClusterIssuer"` | | -| headscale.certmanager.issuerRef.name | string | `"letsencrypt-prod"` | | -| headscale.config.database.postgres.host | string | `"localhost"` | | -| headscale.config.database.postgres.name | string | `"headscale"` | | -| headscale.config.database.postgres.pass | string | `"bar"` | | -| headscale.config.database.postgres.port | int | `5432` | | -| headscale.config.database.postgres.user | string | `"foo"` | | -| headscale.config.database.sqlite.path | string | `"/var/lib/headscale/db.sqlite"` | | -| headscale.config.database.type | string | `"sqlite"` | | -| headscale.config.derp.paths | list | `[]` | | -| headscale.config.derp.server.enabled | bool | `true` | | -| headscale.config.derp.server.private_key_path | string | `"/etc/headscale/secrets/derp.key"` | | -| headscale.config.derp.server.region_code | string | `"headscale"` | | -| headscale.config.derp.server.region_id | int | `999` | | -| headscale.config.derp.server.region_name | string | `"Headscale Embedded DERP"` | | -| headscale.config.derp.server.stun_listen_addr | string | `"0.0.0.0:3478"` | | -| headscale.config.derp.update_frequency | string | `"24h"` | | -| headscale.config.derp.urls | list | `[]` | | -| headscale.config.disable_check_updates | bool | `true` | | -| headscale.config.dns.base_domain | string | `"example.com"` | | -| headscale.config.grpc_listen_addr | string | `":50443"` | | -| headscale.config.listen_addr | string | `":8080"` | | -| headscale.config.metrics_listen_addr | string | `":9090"` | | -| headscale.config.noise.private_key_path | string | `"/etc/headscale/secrets/noise.key"` | | -| headscale.config.prefixes.allocation | string | `"sequential"` | | -| headscale.config.prefixes.v4 | string | `"100.64.0.0/10"` | | -| headscale.config.prefixes.v6 | string | `"fd7a:115c:a1e0::/48"` | | -| headscale.config.private_key_path | string | `"/etc/headscale/secrets/wireguard.key"` | | -| headscale.config.server_url | string | `"http://127.0.0.1:8080"` | | -| headscale.config.tls_cert_path | string | `"/etc/headscale/certs/tls.crt"` | | -| headscale.config.tls_key_path | string | `"/etc/headscale/certs/tls.key"` | | -| headscale.keys.create | bool | `true` | Create a new private key, if not exists | -| headscale.keys.existingSecret | string | `""` | Use an existing secret | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"juanfont/headscale"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.derp | list | `[{"ipBlock":{"cidr":"0.0.0.0/0"}},{"ipBlock":{"cidr":"::/0"}}]` | ingress for derp | -| networkPolicy.ingress.grpc | list | `[]` | ingress for grpc port | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| networkPolicy.ingress.metrics | list | `[]` | ingress for metrics port (e.g. prometheus) | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `false` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Create a PV on Node with given hostPath storageClass has to be manual | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.defaults.enabled | bool | `true` | | -| prometheus.rules.defaults.filter | string | `""` | | -| prometheus.rules.defaults.lastUpdates.critical | int | `3600` | | -| prometheus.rules.defaults.lastUpdates.info | int | `300` | | -| prometheus.rules.defaults.lastUpdates.warning | int | `600` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.annotations | string | `nil` | | -| service.derp.annotations | string | `nil` | | -| service.derp.port | int | `3478` | | -| service.derp.type | string | `"LoadBalancer"` | | -| service.port.grpc | int | `50443` | | -| service.port.http | int | `8080` | | -| service.port.metrics | int | `9090` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/headscale/templates/deployment.yaml b/headscale/templates/deployment.yaml index be2b749..51061b5 100644 --- a/headscale/templates/deployment.yaml +++ b/headscale/templates/deployment.yaml @@ -35,11 +35,10 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: + - "headscale" - "serve" ports: - name: http @@ -109,8 +108,6 @@ spec: path: "wireguard.key" - key: "noise.key" path: "noise.key" - - key: "derp.key" - path: "derp.key" {{- if .Values.headscale.certmanager.enabled }} - name: certs secret: diff --git a/headscale/templates/jobs.yaml b/headscale/templates/jobs.yaml index f848d1c..2f249a4 100644 --- a/headscale/templates/jobs.yaml +++ b/headscale/templates/jobs.yaml @@ -17,9 +17,6 @@ metadata: labels: app.kubernetes.io/component: keys-job {{- include "headscale.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -28,9 +25,6 @@ metadata: labels: app.kubernetes.io/component: keys-job {{- include "headscale.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" rules: - apiGroups: - "" @@ -50,9 +44,6 @@ metadata: labels: app.kubernetes.io/component: keys-job {{- include "headscale.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -68,68 +59,54 @@ metadata: name: {{ $name }} labels: {{- include "headscale.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" spec: template: spec: restartPolicy: "Never" serviceAccount: {{ $name }} - initContainers: - - name: generate-key - {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}-debug" - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - sh - - -c - - | - set -e - echo "generate private-keys" - headscale generate private-key --output json > /etc/headscale/secrets/wireguard.json - headscale generate private-key --output json > /etc/headscale/secrets/noise.json - headscale generate private-key --output json > /etc/headscale/secrets/derp.json - ls /etc/headscale/secrets/ - volumeMounts: - - name: config - mountPath: "/etc/headscale" - readOnly: true - - mountPath: "/etc/headscale/secrets" - name: secrets containers: - name: upload-key image: bitnami/kubectl command: - sh - -c - - | + - | # check if key already exists - key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data}" 2> /dev/null) + key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data['wireguard.key']}" 2> /dev/null) [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 - if ! echo $key | jq -e 'has("wireguard.key")' 2> /dev/null ; then - echo "store wireguard.key" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(jq -r '.["private_key"] | split(":")[1] | @base64' /etc/headscale/secrets/wireguard.json)\"}}" - fi - if ! echo $key | jq -e 'has("noise.key")' 2> /dev/null ; then - echo "store noise.key" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(jq -r '.["private_key"] | @base64' /etc/headscale/secrets/noise.json)\"}}" - elif ! echo $key | jq -e '.["noise.key"] |@base64d | contains("privkey")' 2> /dev/null ; then - echo "patch noise.key" - newKey="privkey:$(echo $key | jq -r '.["noise.key"]|@base64d')" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(echo $newKey | base64 -w0)\"}}" - fi - if ! echo $key | jq -e 'has("derp.key")' 2> /dev/null ; then - echo "store derp.key" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"derp.key\":\"$(jq -r '.["private_key"] | @base64' /etc/headscale/secrets/derp.json)\"}}" - fi + [ -n "$key" ] && echo "Key already created, exiting." && exit 0 + # wait for wireguard key + while [ ! -f /etc/headscale/secrets/wireguard.key ]; do + echo "Waiting for wireguard key.." + sleep 5; + done + # update secret + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(base64 /etc/headscale/secrets/wireguard.key | tr -d '\n')\"}}" + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(base64 /etc/headscale/secrets/noise.key | tr -d '\n')\"}}" [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 echo "Signing key successfully created." volumeMounts: - mountPath: /etc/headscale/secrets name: secrets readOnly: true + - name: generate-key + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - sh + - -c + - | + set -e + /bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/wireguard.key + chown 1001:1001 /etc/headscale/secrets/wireguard.key + /bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/noise.key + chown 1001:1001 /etc/headscale/secrets/noise.key + volumeMounts: + - name: config + mountPath: "/etc/headscale" + readOnly: true + - mountPath: "/etc/headscale/secrets" + name: secrets volumes: - name: config secret: diff --git a/headscale/templates/networkpolicy.yaml b/headscale/templates/networkpolicy.yaml deleted file mode 100644 index c908973..0000000 --- a/headscale/templates/networkpolicy.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "headscale.fullname" . }} - labels: - {{- include "headscale.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "headscale.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - {{- with .Values.networkPolicy.ingress.http }} - - ports: - - port: {{ $.Values.service.port.http }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.ingress.metrics }} - - ports: - - port: {{ $.Values.service.port.metrics }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.ingress.grpc }} - - ports: - - port: {{ $.Values.service.port.grpc }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.ingress.derp }} - - ports: - - port: {{ $.Values.service.derp.port }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/headscale/templates/prometheus-rules.yaml b/headscale/templates/prometheus-rules.yaml deleted file mode 100644 index 9e59535..0000000 --- a/headscale/templates/prometheus-rules.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.prometheus.rules.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "headscale.fullname" . }} - labels: - {{- include "headscale.labels" . | nindent 4 }} - {{- with .Values.prometheus.rules.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - groups: - {{- if .Values.prometheus.rules.defaults.enabled }} - - name: {{ template "headscale.fullname" . }}-Defaults - rules: - {{- range $key, $value := .Values.prometheus.rules.defaults.lastUpdates }} - - alert: "Headscale: offline machines" - expr: 'time() - sum(headscale_last_update_seconds{ {{ $.Values.prometheus.rules.defaults.filter }} }) without(endpoint,container,pod,instance,service,namespace,job) > {{ $value }}' - for: "1m" - labels: - severity: "{{ $key }}" - {{` - annotations: - summary: "{{ $labels.machine }} of {{ $labels.user }} is offline for {{ humanizeDuration $value }}" - `}} - {{- end }} - {{- end }} - {{- if .Values.prometheus.rules.additionalRules }} - - name: {{ template "headscale.fullname" . }}-Additional - rules: {{- toYaml .Values.prometheus.rules.additionalRules | nindent 4 }} - {{- end }} -{{- end }} diff --git a/headscale/templates/secret.yaml b/headscale/templates/secret.yaml index 467ea1f..649ccc8 100644 --- a/headscale/templates/secret.yaml +++ b/headscale/templates/secret.yaml @@ -4,7 +4,6 @@ kind: Secret metadata: name: {{ include "headscale.fullname" . }} annotations: - "helm.sh/hook": "pre-install,pre-upgrade" config-hash: {{ toYaml .Values.headscale.config | sha256sum | trunc 32 }} type: Opaque stringData: diff --git a/headscale/values.yaml b/headscale/values.yaml index d90e827..6208e1c 100644 --- a/headscale/values.yaml +++ b/headscale/values.yaml @@ -5,8 +5,7 @@ replicaCount: 1 image: - registry: ghcr.io - repository: juanfont/headscale + repository: headscale/headscale pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -36,20 +35,21 @@ headscale: grpc_listen_addr: ":50443" server_url: http://127.0.0.1:8080 - disable_check_updates: true # SQLite config - database: - type: sqlite - sqlite: - # For production: - path: /var/lib/headscale/db.sqlite - postgres: - host: localhost - port: 5432 - name: headscale - user: foo - pass: bar + db_type: sqlite3 + + # For production: + db_path: /var/lib/headscale/db.sqlite + + # # Postgres config + # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank. + # db_type: postgres + # db_host: localhost + # db_port: 5432 + # db_name: headscale + # db_user: foo + # db_pass: bar private_key_path: "/etc/headscale/secrets/wireguard.key" noise: private_key_path: "/etc/headscale/secrets/noise.key" @@ -58,10 +58,6 @@ headscale: ## Use already defined certificates: tls_cert_path: "/etc/headscale/certs/tls.crt" tls_key_path: "/etc/headscale/certs/tls.key" - prefixes: - v6: fd7a:115c:a1e0::/48 - v4: 100.64.0.0/10 - allocation: sequential derp: server: enabled: true @@ -69,14 +65,12 @@ headscale: region_code: "headscale" region_name: "Headscale Embedded DERP" stun_listen_addr: "0.0.0.0:3478" - private_key_path: "/etc/headscale/secrets/derp.key" urls: [] # - https://controlplane.tailscale.com/derpmap/default paths: [] # auto_update_enabled: true update_frequency: 24h - dns: - base_domain: example.com + disable_check_updates: true prometheus: servicemonitor: @@ -85,13 +79,7 @@ prometheus: rules: enabled: false labels: {} - defaults: - enabled: true - filter: "" - lastUpdates: - critical: 3600 - warning: 600 - info: 300 + # current no default alertrules are provided additionalRules: [] ## Enable persistence using Persistent Volume Claims @@ -165,28 +153,6 @@ service: annotations: port: 3478 -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - # -- ingress for metrics port (e.g. prometheus) - metrics: [] - # -- ingress for grpc port - grpc: [] - # -- ingress for derp - derp: - - ipBlock: - cidr: 0.0.0.0/0 - - ipBlock: - cidr: ::/0 - - egress: - # -- activate egress no networkpolicy - enabled: false - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/home-assistant/.helmignore b/home-assistant/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/home-assistant/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/home-assistant/Chart.yaml b/home-assistant/Chart.yaml deleted file mode 100644 index 62cdbed..0000000 --- a/home-assistant/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: home-assistant -description: Home Assistant with tooling to run on an k3s pi -icon: https://www.home-assistant.io/images/favicon-192x192.png -type: application -version: 0.3.3 -# renovate: image=ghcr.io/home-assistant/home-assistant -appVersion: "2025.1.3" -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/home-assistant/README.md b/home-assistant/README.md deleted file mode 100644 index 8532654..0000000 --- a/home-assistant/README.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: "home-assistant" - -description: "Home Assistant with tooling to run on an k3s pi" - ---- - -# home-assistant - -![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2025.1.3](https://img.shields.io/badge/AppVersion-2025.1.3-informational?style=flat-square) - -Home Assistant with tooling to run on an k3s pi - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/home-assistant -``` - -You can install a chart release using the following command: - -```bash -helm install home-assistant-release oci://codeberg.org/wrenix/helm-charts/home-assistant --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall home-assistant-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"home-assistant/home-assistant"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nats.enabled | bool | `true` | | -| nats.image.pullPolicy | string | `"IfNotPresent"` | | -| nats.image.registry | string | `"docker.io"` | | -| nats.image.repository | string | `"library/nats"` | | -| nats.image.tag | string | `"2.10.24-scratch"` | | -| nats.livenessProbe.tcpSocket.port | string | `"nats"` | | -| nats.readinessProbe.tcpSocket.port | string | `"nats"` | | -| nats.resources.limits.cpu | string | `"100m"` | | -| nats.resources.limits.memory | string | `"128Mi"` | | -| nats.resources.requests.cpu | string | `"100m"` | | -| nats.resources.requests.memory | string | `"128Mi"` | | -| nats.service.port.mqtt | int | `1883` | | -| nats.service.port.nats | int | `4222` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `false` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.podmonitor.bearerTokenSecret | object | `{}` | | -| prometheus.podmonitor.enabled | bool | `false` | | -| prometheus.podmonitor.labels | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | -| zigbee2mqtt.config.homeassistant.enabled | bool | `true` | | -| zigbee2mqtt.config.serial.port | string | `"/dev/ttyACM0"` | | -| zigbee2mqtt.device | string | `"/dev/ttyACM0"` | | -| zigbee2mqtt.enabled | bool | `true` | | -| zigbee2mqtt.image.pullPolicy | string | `"IfNotPresent"` | | -| zigbee2mqtt.image.registry | string | `"docker.io"` | | -| zigbee2mqtt.image.repository | string | `"koenkk/zigbee2mqtt"` | | -| zigbee2mqtt.image.tag | string | `"2.0.0"` | | -| zigbee2mqtt.ingress.hosts | list | `[]` | | -| zigbee2mqtt.securityContext.privileged | bool | `true` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/home-assistant/_docs.gotmpl b/home-assistant/_docs.gotmpl deleted file mode 100644 index e69de29..0000000 diff --git a/home-assistant/artifacthub-repo.yml b/home-assistant/artifacthub-repo.yml deleted file mode 100644 index c801df4..0000000 --- a/home-assistant/artifacthub-repo.yml +++ /dev/null @@ -1 +0,0 @@ -repositoryID: a2209d76-d5e9-4809-ac29-536b59035c65 diff --git a/home-assistant/templates/NOTES.txt b/home-assistant/templates/NOTES.txt deleted file mode 100644 index c7d9c05..0000000 --- a/home-assistant/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "home-assistant.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "home-assistant.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "home-assistant.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "home-assistant.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/home-assistant/templates/_helpers.tpl b/home-assistant/templates/_helpers.tpl deleted file mode 100644 index 6dfd7cf..0000000 --- a/home-assistant/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "home-assistant.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "home-assistant.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "home-assistant.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "home-assistant.labels" -}} -helm.sh/chart: {{ include "home-assistant.chart" . }} -{{ include "home-assistant.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "home-assistant.selectorLabels" -}} -app.kubernetes.io/name: {{ include "home-assistant.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "home-assistant.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "home-assistant.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/home-assistant/templates/deployment.yaml b/home-assistant/templates/deployment.yaml deleted file mode 100644 index 7424548..0000000 --- a/home-assistant/templates/deployment.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "home-assistant.fullname" . }} - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "home-assistant.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: home-assistant - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "home-assistant.labels" . | nindent 8 }} - app.kubernetes.io/component: home-assistant - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "home-assistant.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - name: http - containerPort: 8123 - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: /config - {{- end }} - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - {{- if .Values.persistence.enabled }} - - name: "data" - {{- if and .Values.persistence.hostPath (ne .Values.persistence.storageClass "manual" ) }} - hostPath: - path: {{ .Values.persistence.hostPath }} - {{- else }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "miniserve.fullname" . }}{{- end }} - {{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/home-assistant/templates/hpa.yaml b/home-assistant/templates/hpa.yaml deleted file mode 100644 index ce6b54e..0000000 --- a/home-assistant/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "home-assistant.fullname" . }} - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "home-assistant.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/home-assistant/templates/ingress.yaml b/home-assistant/templates/ingress.yaml deleted file mode 100644 index 1ee1473..0000000 --- a/home-assistant/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "home-assistant.fullname" . }} - labels: - {{- include "home-assistant.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} - {{- end }} - {{- with .Values.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "home-assistant.fullname" $ }} - port: - name: http - {{- if and $.Values.zigbee2mqtt.enabled (not $.Values.zigbee2mqtt.ingress.hosts) }} - - path: /zigbee2mqtt - pathType: Prefix - backend: - service: - name: {{ include "home-assistant.fullname" $ }}-zigbee2mqtt - port: - name: http - {{- end }} - {{- end }} - {{- if $.Values.zigbee2mqtt.enabled }} - {{- range .Values.zigbee2mqtt.ingress.hosts }} - - host: {{ . | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "home-assistant.fullname" $ }}-zigbee2mqtt - port: - name: http - {{- end }} - {{- end }} -{{- end }} diff --git a/home-assistant/templates/nats/configmap.yaml b/home-assistant/templates/nats/configmap.yaml deleted file mode 100644 index 18f19aa..0000000 --- a/home-assistant/templates/nats/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.nats.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "home-assistant.fullname" . }}-nats - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -data: - server.conf: |- - port: 4222 - jetstream { - store_dir: /var/lib/nats - } - mqtt { - port: 1883 - } -{{- end }} diff --git a/home-assistant/templates/nats/deployment.yaml b/home-assistant/templates/nats/deployment.yaml deleted file mode 100644 index f56ae76..0000000 --- a/home-assistant/templates/nats/deployment.yaml +++ /dev/null @@ -1,102 +0,0 @@ -{{- if .Values.nats.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "home-assistant.fullname" . }}-nats - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "home-assistant.selectorLabels" . | nindent 6 }} - type: nats - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "home-assistant.labels" . | nindent 8 }} - type: nats - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "home-assistant.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.nats.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - name: nats - containerPort: 4222 - protocol: TCP - - name: mqtt - containerPort: 1883 - protocol: TCP - livenessProbe: - {{- toYaml .Values.nats.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.nats.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.nats.resources | nindent 12 }} - volumeMounts: - - name: config - mountPath: /nats-server.conf - subPath: nats-server.conf - readOnly: true - {{- if .Values.persistence.enabled }} - - name: data - mountPath: /var/lib/nats - {{- end }} - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: "config" - configMap: - name: {{ include "home-assistant.fullname" . }}-nats - items: - - key: "server.conf" - path: "nats-server.conf" - {{- if .Values.persistence.enabled }} - - name: "data" - {{- if and .Values.persistence.hostPath (ne .Values.persistence.storageClass "manual" ) }} - hostPath: - path: {{ .Values.persistence.hostPath }}/nats/ - {{- else }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "miniserve.fullname" . }}{{- end }} - {{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/home-assistant/templates/nats/service.yaml b/home-assistant/templates/nats/service.yaml deleted file mode 100644 index 2778db4..0000000 --- a/home-assistant/templates/nats/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.nats.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "home-assistant.fullname" . }}-nats - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - selector: - {{- include "home-assistant.selectorLabels" . | nindent 4 }} - type: nats - ports: - - name: nats - port: {{ .Values.nats.service.port.nats }} - protocol: TCP - targetPort: nats - - name: mqtt - port: {{ .Values.nats.service.port.mqtt }} - protocol: TCP - targetPort: mqtt -{{- end }} diff --git a/home-assistant/templates/podmonitor.yaml b/home-assistant/templates/podmonitor.yaml deleted file mode 100644 index 1ef9aa6..0000000 --- a/home-assistant/templates/podmonitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.prometheus.podmonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ include "home-assistant.fullname" . }} - labels: - {{- include "home-assistant.labels" . | nindent 4 }} - {{- with .Values.prometheus.podmonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "home-assistant.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: home-assistant - podMetricsEndpoints: - - port: http - path: "/api/prometheus" - bearerTokenSecret: - {{- toYaml .Values.prometheus.podmonitor.bearerTokenSecret | nindent 8 }} -{{- end }} diff --git a/home-assistant/templates/service.yaml b/home-assistant/templates/service.yaml deleted file mode 100644 index c7e68dd..0000000 --- a/home-assistant/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "home-assistant.fullname" . }} - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - selector: - {{- include "home-assistant.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: home-assistant - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http diff --git a/home-assistant/templates/serviceaccount.yaml b/home-assistant/templates/serviceaccount.yaml deleted file mode 100644 index 24f065d..0000000 --- a/home-assistant/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "home-assistant.serviceAccountName" . }} - labels: - {{- include "home-assistant.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/home-assistant/templates/tests/test-connection.yaml b/home-assistant/templates/tests/test-connection.yaml deleted file mode 100644 index ebc75fb..0000000 --- a/home-assistant/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "home-assistant.fullname" . }}-test-connection" - labels: - {{- include "home-assistant.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "home-assistant.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/home-assistant/templates/zigbee2mqtt/configmap.yaml b/home-assistant/templates/zigbee2mqtt/configmap.yaml deleted file mode 100644 index 94705ab..0000000 --- a/home-assistant/templates/zigbee2mqtt/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.zigbee2mqtt.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "home-assistant.fullname" . }}-zigbee2mqtt - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -data: - ZIGBEE2MQTT_CONFIG_MQTT_SERVER: {{ printf "mqtt://%s-nats:%v" (include "home-assistant.fullname" .) .Values.nats.service.port.mqtt }} - ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_OUTPUT: '["console"]' - {{- with .Values.zigbee2mqtt.config }} - {{- with .homeassistant }} - {{- with .enabled }} - ZIGBEE2MQTT_CONFIG_HOMEASSISTANT_ENABLED: {{ . | quote }} - {{- end }} - {{- end }} - {{- range $key, $value := .serial}} - ZIGBEE2MQTT_CONFIG_SERIAL_{{ $key | upper }}: {{ $value | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/home-assistant/templates/zigbee2mqtt/deployment.yaml b/home-assistant/templates/zigbee2mqtt/deployment.yaml deleted file mode 100644 index 7ef85c0..0000000 --- a/home-assistant/templates/zigbee2mqtt/deployment.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- if .Values.zigbee2mqtt.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "home-assistant.fullname" . }}-zigbee2mqtt - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - strategy: - type: Recreate - selector: - matchLabels: - {{- include "home-assistant.selectorLabels" . | nindent 6 }} - type: zigbee2mqtt - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "home-assistant.labels" . | nindent 8 }} - type: zigbee2mqtt - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "home-assistant.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.zigbee2mqtt.securityContext | nindent 12 }} - {{- with .Values.zigbee2mqtt.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - envFrom: - - configMapRef: - name: {{ include "home-assistant.fullname" . }}-zigbee2mqtt - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: device - mountPath: {{ .Values.zigbee2mqtt.config.serial.port }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: /app/data - {{- end }} - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: device - hostPath: - path: {{ .Values.zigbee2mqtt.device }} - {{- if .Values.persistence.enabled }} - - name: "data" - {{- if and .Values.persistence.hostPath (ne .Values.persistence.storageClass "manual" ) }} - hostPath: - path: {{ .Values.persistence.hostPath }}/zigbee2mqtt - {{- else }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "miniserve.fullname" . }}{{- end }} - {{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/home-assistant/templates/zigbee2mqtt/service.yaml b/home-assistant/templates/zigbee2mqtt/service.yaml deleted file mode 100644 index b323ab8..0000000 --- a/home-assistant/templates/zigbee2mqtt/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.zigbee2mqtt.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "home-assistant.fullname" . }}-zigbee2mqtt - labels: - {{- include "home-assistant.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - selector: - {{- include "home-assistant.selectorLabels" . | nindent 4 }} - type: zigbee2mqtt - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: http -{{- end }} diff --git a/home-assistant/values.yaml b/home-assistant/values.yaml deleted file mode 100644 index 8afd727..0000000 --- a/home-assistant/values.yaml +++ /dev/null @@ -1,181 +0,0 @@ -replicaCount: 1 - -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -image: - registry: ghcr.io - repository: home-assistant/home-assistant - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -nats: - enabled: true - image: - registry: docker.io - repository: library/nats - pullPolicy: IfNotPresent - tag: "2.10.24-scratch" - service: - port: - nats: 4222 - mqtt: 1883 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - - livenessProbe: - tcpSocket: - port: nats - readinessProbe: - tcpSocket: - port: nats - -zigbee2mqtt: - enabled: true - image: - registry: docker.io - repository: koenkk/zigbee2mqtt - pullPolicy: IfNotPresent - tag: 2.0.0 - device: /dev/ttyACM0 - securityContext: - privileged: true - ingress: - hosts: [] - config: - homeassistant: - enabled: true - serial: - port: /dev/ttyACM0 - -prometheus: - podmonitor: - enabled: false - labels: {} - bearerTokenSecret: {} - -persistence: - enabled: false - annotations: {} - # -- data Persistent Volume Storage Class - # If defined, storageClassName: - # If set to "-", storageClassName: "", which disables dynamic provisioning - # If undefined (the default) or set to null, no storageClassName spec is - # set, choosing the default provisioner. (gp2 on AWS, standard on - # GKE, AWS & OpenStack) - # - storageClass: - - # -- A manually managed Persistent Volume and Claim - # Requires persistence.enabled: true - # If defined, PVC must be created manually before volume will be bound - existingClaim: - - ## use container hostPatch or an PV if you set storageClass to manual - hostPath: - accessMode: ReadWriteOnce - size: 1Gi - -serviceAccount: - # -- Specifies whether a service account should be created - create: true - # -- Annotations to add to the service account - annotations: {} - # -- The name of the service account to use. - # -- If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -livenessProbe: - httpGet: - path: / - port: http -readinessProbe: - httpGet: - path: / - port: http - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/hydrogen-web/Chart.yaml b/hydrogen-web/Chart.yaml index b06ec87..19b3ba5 100644 --- a/hydrogen-web/Chart.yaml +++ b/hydrogen-web/Chart.yaml @@ -3,9 +3,8 @@ name: hydrogen-web description: A Helm Chart to install hydrogen-web (a nextgen Matrix Webclient) icon: https://raw.githubusercontent.com/element-hq/hydrogen-web/master/src/platform/web/assets/icon.svg type: application -version: "0.1.9" -# renovate: image=ghcr.io/element-hq/hydrogen-web -appVersion: "0.5.1" +version: 0.1.5 +appVersion: "0.4.1" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/hydrogen-web/README.adoc b/hydrogen-web/README.adoc index 21a65e4..f8a5eff 100644 --- a/hydrogen-web/README.adoc +++ b/hydrogen-web/README.adoc @@ -2,9 +2,9 @@ = hydrogen-web -image::https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square[Version: 0.1.9] +image::https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square[Version: 0.1.5] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.5.1-informational?style=flat-square[AppVersion: 0.5.1] +image::https://img.shields.io/badge/AppVersion-0.4.1-informational?style=flat-square[AppVersion: 0.4.1] == Maintainers .Maintainers diff --git a/hydrogen-web/README.md b/hydrogen-web/README.md deleted file mode 100644 index cc3ee37..0000000 --- a/hydrogen-web/README.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: "hydrogen-web" - -description: "A Helm Chart to install hydrogen-web (a nextgen Matrix Webclient)" - ---- - -# hydrogen-web - -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.1](https://img.shields.io/badge/AppVersion-0.5.1-informational?style=flat-square) - -A Helm Chart to install hydrogen-web (a nextgen Matrix Webclient) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/hydrogen-web -``` - -You can install a chart release using the following command: - -```bash -helm install hydrogen-web-release oci://codeberg.org/wrenix/helm-charts/hydrogen-web --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall hydrogen-web-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| hydrogen.bugReportEndpointUrl" | string | `"https://element.io/bugreports/submit"` | | -| hydrogen.defaultHomeServer | string | `"matrix.org"` | | -| hydrogen.defaultTheme.dark | string | `"element-dark"` | | -| hydrogen.defaultTheme.light | string | `"element-light"` | | -| hydrogen.push.appId | string | `"io.element.hydrogen.web"` | | -| hydrogen.push.applicationServerKey | string | `"BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM"` | | -| hydrogen.push.gatewayUrl | string | `"https://matrix.org"` | | -| hydrogen.themeManifests[0] | string | `"assets/theme-element.json"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"ghcr.io/element-hq/hydrogen-web"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `8080` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/jellyfin/Chart.yaml b/jellyfin/Chart.yaml index 1566162..c35124d 100644 --- a/jellyfin/Chart.yaml +++ b/jellyfin/Chart.yaml @@ -3,9 +3,8 @@ name: jellyfin description: The Free Software Media System icon: https://raw.githubusercontent.com/jellyfin/jellyfin-ux/master/branding/SVG/icon-transparent.svg type: application -version: "0.3.8" -# renovate: image=ghcr.io/jellyfin/jellyfin -appVersion: "10.10.4" +version: 0.1.5 +appVersion: "10.8.13" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/jellyfin/README.adoc b/jellyfin/README.adoc new file mode 100644 index 0000000..4ad9276 --- /dev/null +++ b/jellyfin/README.adoc @@ -0,0 +1,251 @@ + + += jellyfin + +image::https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square[Version: 0.1.5] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-10.8.13-informational?style=flat-square[AppVersion: 10.8.13] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/jellyfin +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install jellyfin-release oci://codeberg.org/wrenix/helm-charts/jellyfin --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall jellyfin-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.repository +| string +| `"docker.io/jellyfin/jellyfin"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.config.hostPath +| string +| `nil` +| + +| persistence.config.nfs.path +| string +| `"/"` +| + +| persistence.config.nfs.server +| string +| `nil` +| + +| persistence.config.pvc.enabled +| bool +| `false` +| + +| persistence.media.hostPath +| string +| `nil` +| + +| persistence.media.nfs.path +| string +| `"/"` +| + +| persistence.media.nfs.server +| string +| `nil` +| + +| persistence.media.pvc.enabled +| bool +| `false` +| + +| persistence.media.readOnly +| bool +| `true` +| + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `8096` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/jellyfin/README.md b/jellyfin/README.md deleted file mode 100644 index e5aaf8d..0000000 --- a/jellyfin/README.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: "jellyfin" - -description: "The Free Software Media System" - ---- - -# jellyfin - -![Version: 0.3.8](https://img.shields.io/badge/Version-0.3.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 10.10.4](https://img.shields.io/badge/AppVersion-10.10.4-informational?style=flat-square) - -The Free Software Media System - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/jellyfin -``` - -You can install a chart release using the following command: - -```bash -helm install jellyfin-release oci://codeberg.org/wrenix/helm-charts/jellyfin --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall jellyfin-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.enabled | bool | `false` | | -| config.image | object | `{"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"tomwright/dasel","tag":"2.8.1"}` | image to patch config | -| config.metrics | bool | `false` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"jellyfin/jellyfin"` | | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller, prometheus) | -| nodeSelector | object | `{}` | | -| persistence.config.hostPath | string | `nil` | | -| persistence.config.nfs.path | string | `"/"` | | -| persistence.config.nfs.server | string | `nil` | | -| persistence.config.pvc.enabled | bool | `false` | | -| persistence.media.hostPath | string | `nil` | | -| persistence.media.nfs.path | string | `"/"` | | -| persistence.media.nfs.server | string | `nil` | | -| persistence.media.pvc.enabled | bool | `false` | | -| persistence.media.readOnly | bool | `true` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `8096` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/jellyfin/files/config-patch.sh.gotmpl b/jellyfin/files/config-patch.sh.gotmpl deleted file mode 100644 index ceff831..0000000 --- a/jellyfin/files/config-patch.sh.gotmpl +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -dasel -f /config/config/system.xml put ServerConfiguration.EnableMetrics -t bool -v {{ .Values.config.metrics | quote}} diff --git a/jellyfin/grafana_dashboards/my.json b/jellyfin/grafana_dashboards/my.json deleted file mode 100644 index 307664d..0000000 --- a/jellyfin/grafana_dashboards/my.json +++ /dev/null @@ -1,585 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 4, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(dotnet_total_memory_bytes{container=\"jellyfin\"}) without (endpoint,instance,pod)", - "interval": "", - "legendFormat": "Dotnet total memory", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(process_private_memory_bytes{container=\"jellyfin\"}) without (endpoint,instance,pod)", - "hide": false, - "interval": "", - "legendFormat": "Process private memory", - "range": true, - "refId": "B" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(process_working_set_bytes{container=\"jellyfin\"}) without (endpoint,instance,pod)", - "hide": false, - "interval": "", - "legendFormat": "Process working set", - "range": true, - "refId": "C" - } - ], - "title": "Memory usage", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(rate(dotnet_exceptions_total{container=\"jellyfin\"}[$__rate_interval])) without (endpoint,instance,pod)", - "interval": "", - "legendFormat": "{{type}}", - "range": true, - "refId": "A" - } - ], - "title": "Exceptions", - "type": "timeseries" - }, - { - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 9 - }, - "id": 11, - "title": "HTTP Requests", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 8, - "x": 0, - "y": 10 - }, - "id": 8, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(irate(http_requests_received_total{container=\"jellyfin\"}[$__rate_interval])) without (endpoint,instance,pod)", - "interval": "", - "legendFormat": "{{method}} {{controller}} {{action}} {{code}}", - "range": true, - "refId": "A" - } - ], - "title": "Requests per Seconds", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 7, - "x": 8, - "y": 10 - }, - "id": 9, - "options": { - "calculate": false, - "cellGap": 1, - "color": { - "exponent": 0.5, - "fill": "dark-orange", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 64 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "showColorScale": false, - "yHistogram": false - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false - } - }, - "pluginVersion": "11.0.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(increase(http_request_duration_seconds_bucket{container=\"jellyfin\"}[$__rate_interval])) by(le)", - "format": "heatmap", - "interval": "", - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Latency", - "type": "heatmap" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "log": 10, - "type": "log" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 9, - "x": 15, - "y": 10 - }, - "id": 10, - "options": { - "legend": { - "calcs": [ - "mean", - "lastNotNull" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true, - "sortBy": "Name", - "sortDesc": false - }, - "tooltip": { - "maxHeight": 600, - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "histogram_quantile(0.95, sum(rate(http_request_duration_seconds_bucket{container=\"jellyfin\"}[$__rate_interval])) without(container,endpoint, instance, pod, code, exported_endpoint, method,action))", - "interval": "", - "legendFormat": "{{controller}}.", - "range": true, - "refId": "A" - } - ], - "title": "Latency", - "type": "timeseries" - } - ], - "refresh": "30s", - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "prometheus" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timeRangeUpdatedDuringEditOrView": false, - "timepicker": {}, - "timezone": "", - "title": "Jellyfin", - "uid": "zkWB8mtnk", - "version": 1, - "weekStart": "" -} \ No newline at end of file diff --git a/jellyfin/templates/configmap.yaml b/jellyfin/templates/configmap.yaml deleted file mode 100644 index 7252259..0000000 --- a/jellyfin/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.config.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "jellyfin.fullname" . }}-config - labels: - {{- include "jellyfin.labels" . | nindent 4 }} -data: - patch.sh: |- - {{ tpl (.Files.Get "files/config-patch.sh.gotmpl") . | nindent 4 }} -{{- end }} diff --git a/jellyfin/templates/configmap_grafana_dashboards.yaml b/jellyfin/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 1f5ae52..0000000 --- a/jellyfin/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "jellyfin.fullname" $ }}-grafana-dashboards - labels: - {{- include "jellyfin.labels" $ | nindent 4 }} - {{- toYaml $.Values.grafana.dashboards.labels | nindent 4 }} - annotations: - {{- toYaml $.Values.grafana.dashboards.annotations | nindent 4 }} -data: - {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/jellyfin/templates/deployment.yaml b/jellyfin/templates/deployment.yaml index cce06ba..f1585f0 100644 --- a/jellyfin/templates/deployment.yaml +++ b/jellyfin/templates/deployment.yaml @@ -32,32 +32,12 @@ spec: serviceAccountName: {{ include "jellyfin.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- if .Values.config.enabled }} - initContainers: - - name: patch-config - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.config.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - command: - - "/bin/sh" - - "/scripts/init.sh" - volumeMounts: - - mountPath: /config - name: config - - mountPath: /scripts - name: configmap - {{- end }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: {{ .Values.service.port }} @@ -70,12 +50,6 @@ spec: httpGet: path: / port: http - startupProbe: - httpGet: - path: / - port: http - failureThreshold: 60 - periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: @@ -116,15 +90,6 @@ spec: {{- end }} - name: cache emptyDir: {} - {{- if .Values.config.enabled }} - - name: configmap - configMap: - name: {{ include "jellyfin.fullname" . }}-config - defaultMode: 0755 - items: - - key: "patch.sh" - path: "init.sh" - {{- end }} - name: media {{- with .Values.persistence.media }} {{- if .nfs.server }} diff --git a/jellyfin/templates/networkpolicy.yaml b/jellyfin/templates/networkpolicy.yaml deleted file mode 100644 index ea76391..0000000 --- a/jellyfin/templates/networkpolicy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "jellyfin.fullname" . }} - labels: - {{- include "jellyfin.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "jellyfin.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: {{ .Values.service.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/jellyfin/templates/servicemonitor.yaml b/jellyfin/templates/servicemonitor.yaml deleted file mode 100644 index f99ead8..0000000 --- a/jellyfin/templates/servicemonitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.config.metrics .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "jellyfin.fullname" . }} - labels: - {{- include "jellyfin.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "jellyfin.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: "/metrics" -{{- end }} - diff --git a/jellyfin/templates/tests/test-connection.yaml b/jellyfin/templates/tests/test-connection.yaml new file mode 100644 index 0000000..98fb0ee --- /dev/null +++ b/jellyfin/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "jellyfin.fullname" . }}-test-connection" + labels: + {{- include "jellyfin.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "jellyfin.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/jellyfin/values.yaml b/jellyfin/values.yaml index d668303..a2e87ab 100644 --- a/jellyfin/values.yaml +++ b/jellyfin/values.yaml @@ -1,33 +1,19 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: +# Default values for jellyfin. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. replicaCount: 1 image: - registry: ghcr.io - repository: jellyfin/jellyfin + repository: docker.io/jellyfin/jellyfin pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion. + # Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -config: - enabled: false - # -- image to patch config - image: - registry: ghcr.io - repository: tomwright/dasel - pullPolicy: IfNotPresent - tag: "2.8.1" - metrics: false - persistence: config: nfs: @@ -72,29 +58,6 @@ service: type: ClusterIP port: 8096 -prometheus: - servicemonitor: - enabled: false - labels: {} - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller, prometheus) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/matrix-authentication-service/.helmignore b/matrix-authentication-service/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/matrix-authentication-service/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/matrix-authentication-service/Chart.yaml b/matrix-authentication-service/Chart.yaml deleted file mode 100644 index e9792db..0000000 --- a/matrix-authentication-service/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v2 -name: matrix-authentication-service -description: OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861) -icon: https://matrix.org/images/matrix-logo.svg -type: application -version: "0.0.7" -# renovate: image=ghcr.io/matrix-org/matrix-authentication-service -appVersion: "0.11.0" -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/matrix-authentication-service/README.adoc b/matrix-authentication-service/README.adoc deleted file mode 100644 index 263cb2b..0000000 --- a/matrix-authentication-service/README.adoc +++ /dev/null @@ -1,666 +0,0 @@ - - -= matrix-authentication-service - -image::https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square[Version: 0.0.7] -image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square[AppVersion: 0.11.0] -== Maintainers - -.Maintainers -|=== -| Name | Email | Url - -| WrenIX -| -| -|=== - -== Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's https://helm.sh/docs[documentation] to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -[source,bash] ----- -helm pull oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service ----- - -You can install a chart release using the following command: - -[source,bash] ----- -helm install matrix-authentication-service-release oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service --values values.yaml ----- - -To uninstall a chart release use `helm`'s delete command: - -[source,bash] ----- -helm uninstall matrix-authentication-service-release ----- - -== Values - -.Values -|=== -| Key | Type | Default | Description - -| affinity -| object -| `{}` -| - -| autoscaling.enabled -| bool -| `false` -| - -| autoscaling.maxReplicas -| int -| `100` -| - -| autoscaling.minReplicas -| int -| `1` -| - -| autoscaling.targetCPUUtilizationPercentage -| int -| `80` -| - -| config.branding.imprint -| string -| `nil` -| - -| config.branding.logo_uri -| string -| `nil` -| - -| config.branding.policy_uri -| string -| `nil` -| - -| config.branding.service_name -| string -| `nil` -| - -| config.branding.tos_uri -| string -| `nil` -| - -| config.clients -| list -| `[]` -| - -| config.database.connect_timeout -| int -| `30` -| - -| config.database.database -| string -| `"sliding_sync"` -| - -| config.database.host -| string -| `"localhost"` -| - -| config.database.idle_timeout -| int -| `600` -| - -| config.database.max_connections -| int -| `10` -| - -| config.database.max_lifetime -| int -| `1800` -| - -| config.database.min_connections -| int -| `0` -| - -| config.database.password -| string -| `"secret"` -| - -| config.database.port -| int -| `5432` -| - -| config.database.username -| string -| `"sliding_sync"` -| - -| config.email.from -| string -| `"\"Authentication Service\" "` -| - -| config.email.reply_to -| string -| `"\"Authentication Service\" "` -| - -| config.email.transport -| string -| `"blackhole"` -| - -| config.experimental.access_token_ttl -| int -| `300` -| - -| config.experimental.compat_token_ttl -| int -| `300` -| - -| config.http.issuer -| string -| `"http://[::]:8080/"` -| - -| config.http.listeners[0].binds[0].address -| string -| `"[::]:8080"` -| - -| config.http.listeners[0].name -| string -| `"http"` -| - -| config.http.listeners[0].proxy_protocol -| bool -| `false` -| - -| config.http.listeners[0].resources[0].name -| string -| `"discovery"` -| - -| config.http.listeners[0].resources[1].name -| string -| `"human"` -| - -| config.http.listeners[0].resources[2].name -| string -| `"oauth"` -| - -| config.http.listeners[0].resources[3].name -| string -| `"compat"` -| - -| config.http.listeners[0].resources[4].name -| string -| `"graphql"` -| - -| config.http.listeners[0].resources[4].playground -| bool -| `true` -| - -| config.http.listeners[0].resources[5].name -| string -| `"assets"` -| - -| config.http.listeners[0].resources[5].path -| string -| `"/usr/local/share/mas-cli/assets/"` -| - -| config.http.listeners[1].binds[0].address -| string -| `"[::]:8081"` -| - -| config.http.listeners[1].name -| string -| `"internal"` -| - -| config.http.listeners[1].resources[0].name -| string -| `"health"` -| - -| config.http.listeners[2].binds[0].address -| string -| `"[::]:9100"` -| - -| config.http.listeners[2].name -| string -| `"metrics"` -| - -| config.http.listeners[2].resources[0].name -| string -| `"prometheus"` -| - -| config.http.public_base -| string -| `"http://[::]:8080/"` -| - -| config.http.trusted_proxies[0] -| string -| `"192.128.0.0/16"` -| - -| config.http.trusted_proxies[1] -| string -| `"172.16.0.0/12"` -| - -| config.http.trusted_proxies[2] -| string -| `"10.0.0.0/10"` -| - -| config.http.trusted_proxies[3] -| string -| `"127.0.0.1/8"` -| - -| config.http.trusted_proxies[4] -| string -| `"fd00::/8"` -| - -| config.http.trusted_proxies[5] -| string -| `"::1/128"` -| - -| config.matrix.endpoint -| string -| `"http://localhost:8008/"` -| - -| config.matrix.homeserver -| string -| `"localhost:8008"` -| - -| config.matrix.secret -| string -| `"kPnqGbK9hmSRK41DZTgVJxfKVAiLrY6G"` -| - -| config.passwords.enabled -| bool -| `true` -| - -| config.passwords.schemes[0].algorithm -| string -| `"argon2id"` -| - -| config.passwords.schemes[0].version -| int -| `1` -| - -| config.policy.authorization_grant_entrypoint -| string -| `"authorization_grant/violation"` -| - -| config.policy.client_registration_entrypoint -| string -| `"client_registration/violation"` -| - -| config.policy.data -| string -| `nil` -| - -| config.policy.email_entrypoint -| string -| `"email/violation"` -| - -| config.policy.password_entrypoint -| string -| `"password/violation"` -| - -| config.policy.register_entrypoint -| string -| `"register/violation"` -| - -| config.policy.wasm_module -| string -| `"/usr/local/share/mas-cli/policy.wasm"` -| - -| config.secrets.encryption -| string -| `nil` -| - -| config.secrets.keys -| list -| `[]` -| - -| config.telemetry.metrics.exporter -| string -| `"prometheus"` -| - -| config.telemetry.sentry.dsn -| string -| `nil` -| - -| config.telemetry.tracing.exporter -| string -| `"none"` -| - -| config.telemetry.tracing.propagators -| list -| `[]` -| - -| config.templates.assets_manifest -| string -| `"/usr/local/share/mas-cli/manifest.json"` -| - -| config.templates.path -| string -| `"/usr/local/share/mas-cli/templates/"` -| - -| config.templates.translations_path -| string -| `"/usr/local/share/mas-cli/translations/"` -| - -| config.upstream_oauth2.providers -| list -| `[]` -| - -| fullnameOverride -| string -| `""` -| - -| global.image.pullPolicy -| string -| `nil` -| if set it will overwrite all pullPolicy - -| global.image.registry -| string -| `nil` -| if set it will overwrite all registry entries - -| image.pullPolicy -| string -| `"IfNotPresent"` -| - -| image.registry -| string -| `"ghcr.io"` -| - -| image.repository -| string -| `"matrix-org/matrix-authentication-service"` -| - -| image.tag -| string -| `nil` -| Overrides the image tag whose default is the chart appVersion. - -| imagePullSecrets -| list -| `[]` -| - -| ingress.annotations -| object -| `{}` -| - -| ingress.className -| string -| `""` -| - -| ingress.enabled -| bool -| `false` -| - -| ingress.hosts[0].host -| string -| `"auth.matrix.chart-example.local"` -| - -| ingress.hosts[0].paths[0].path -| string -| `"/l"` -| - -| ingress.hosts[0].paths[0].pathType -| string -| `"Prefix"` -| - -| ingress.hosts[1].host -| string -| `"matrix.chart-example.local"` -| - -| ingress.hosts[1].paths[0].path -| string -| `"/_matrix/client/v3/login"` -| - -| ingress.hosts[1].paths[0].pathType -| string -| `"Exact"` -| - -| ingress.hosts[1].paths[1].path -| string -| `"/_matrix/client/v3/logout"` -| - -| ingress.hosts[1].paths[1].pathType -| string -| `"Exact"` -| - -| ingress.hosts[1].paths[2].path -| string -| `"/_matrix/client/v3/refresh"` -| - -| ingress.hosts[1].paths[2].pathType -| string -| `"Exact"` -| - -| ingress.tls -| list -| `[]` -| - -| livenessProbe.httpGet.path -| string -| `"/health"` -| - -| livenessProbe.httpGet.port -| string -| `"internal"` -| - -| nameOverride -| string -| `""` -| - -| nodeSelector -| object -| `{}` -| - -| podAnnotations -| object -| `{}` -| - -| podLabels -| object -| `{}` -| - -| podSecurityContext.fsGroup -| int -| `1000` -| - -| prometheus.servicemonitor.enabled -| bool -| `false` -| - -| prometheus.servicemonitor.labels -| object -| `{}` -| - -| readinessProbe.httpGet.path -| string -| `"/health"` -| - -| readinessProbe.httpGet.port -| string -| `"internal"` -| - -| replicaCount -| int -| `1` -| - -| resources -| object -| `{}` -| - -| securityContext.capabilities.drop[0] -| string -| `"ALL"` -| - -| securityContext.readOnlyRootFilesystem -| bool -| `true` -| - -| securityContext.runAsNonRoot -| bool -| `true` -| - -| securityContext.runAsUser -| int -| `1000` -| - -| service.port.http -| int -| `8080` -| - -| service.port.metrics -| int -| `9100` -| - -| service.type -| string -| `"ClusterIP"` -| - -| serviceAccount.annotations -| object -| `{}` -| - -| serviceAccount.automount -| bool -| `true` -| - -| serviceAccount.create -| bool -| `true` -| - -| serviceAccount.name -| string -| `""` -| - -| tolerations -| list -| `[]` -| - -| volumeMounts -| list -| `[]` -| - -| volumes -| list -| `[]` -| -|=== - -Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/matrix-authentication-service/README.md b/matrix-authentication-service/README.md deleted file mode 100644 index d29c6e3..0000000 --- a/matrix-authentication-service/README.md +++ /dev/null @@ -1,170 +0,0 @@ ---- -title: "matrix-authentication-service" - -description: "OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)" - ---- - -# matrix-authentication-service - -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square) - -OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service -``` - -You can install a chart release using the following command: - -```bash -helm install matrix-authentication-service-release oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall matrix-authentication-service-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.branding.imprint | string | `nil` | | -| config.branding.logo_uri | string | `nil` | | -| config.branding.policy_uri | string | `nil` | | -| config.branding.service_name | string | `nil` | | -| config.branding.tos_uri | string | `nil` | | -| config.clients | list | `[]` | | -| config.database.connect_timeout | int | `30` | | -| config.database.database | string | `"sliding_sync"` | | -| config.database.host | string | `"localhost"` | | -| config.database.idle_timeout | int | `600` | | -| config.database.max_connections | int | `10` | | -| config.database.max_lifetime | int | `1800` | | -| config.database.min_connections | int | `0` | | -| config.database.password | string | `"secret"` | | -| config.database.port | int | `5432` | | -| config.database.username | string | `"sliding_sync"` | | -| config.email.from | string | `"\"Authentication Service\" "` | | -| config.email.reply_to | string | `"\"Authentication Service\" "` | | -| config.email.transport | string | `"blackhole"` | | -| config.experimental.access_token_ttl | int | `300` | | -| config.experimental.compat_token_ttl | int | `300` | | -| config.http.issuer | string | `"http://[::]:8080/"` | | -| config.http.listeners[0].binds[0].address | string | `"[::]:8080"` | | -| config.http.listeners[0].name | string | `"http"` | | -| config.http.listeners[0].proxy_protocol | bool | `false` | | -| config.http.listeners[0].resources[0].name | string | `"discovery"` | | -| config.http.listeners[0].resources[1].name | string | `"human"` | | -| config.http.listeners[0].resources[2].name | string | `"oauth"` | | -| config.http.listeners[0].resources[3].name | string | `"compat"` | | -| config.http.listeners[0].resources[4].name | string | `"graphql"` | | -| config.http.listeners[0].resources[4].playground | bool | `true` | | -| config.http.listeners[0].resources[5].name | string | `"assets"` | | -| config.http.listeners[0].resources[5].path | string | `"/usr/local/share/mas-cli/assets/"` | | -| config.http.listeners[1].binds[0].address | string | `"[::]:8081"` | | -| config.http.listeners[1].name | string | `"internal"` | | -| config.http.listeners[1].resources[0].name | string | `"health"` | | -| config.http.listeners[2].binds[0].address | string | `"[::]:9100"` | | -| config.http.listeners[2].name | string | `"metrics"` | | -| config.http.listeners[2].resources[0].name | string | `"prometheus"` | | -| config.http.public_base | string | `"http://[::]:8080/"` | | -| config.http.trusted_proxies[0] | string | `"192.128.0.0/16"` | | -| config.http.trusted_proxies[1] | string | `"172.16.0.0/12"` | | -| config.http.trusted_proxies[2] | string | `"10.0.0.0/10"` | | -| config.http.trusted_proxies[3] | string | `"127.0.0.1/8"` | | -| config.http.trusted_proxies[4] | string | `"fd00::/8"` | | -| config.http.trusted_proxies[5] | string | `"::1/128"` | | -| config.matrix.endpoint | string | `"http://localhost:8008/"` | | -| config.matrix.homeserver | string | `"localhost:8008"` | | -| config.matrix.secret | string | `"kPnqGbK9hmSRK41DZTgVJxfKVAiLrY6G"` | | -| config.passwords.enabled | bool | `true` | | -| config.passwords.schemes[0].algorithm | string | `"argon2id"` | | -| config.passwords.schemes[0].version | int | `1` | | -| config.policy.authorization_grant_entrypoint | string | `"authorization_grant/violation"` | | -| config.policy.client_registration_entrypoint | string | `"client_registration/violation"` | | -| config.policy.data | string | `nil` | | -| config.policy.email_entrypoint | string | `"email/violation"` | | -| config.policy.password_entrypoint | string | `"password/violation"` | | -| config.policy.register_entrypoint | string | `"register/violation"` | | -| config.policy.wasm_module | string | `"/usr/local/share/mas-cli/policy.wasm"` | | -| config.secrets.encryption | string | `nil` | | -| config.secrets.keys | list | `[]` | | -| config.telemetry.metrics.exporter | string | `"prometheus"` | | -| config.telemetry.sentry.dsn | string | `nil` | | -| config.telemetry.tracing.exporter | string | `"none"` | | -| config.telemetry.tracing.propagators | list | `[]` | | -| config.templates.assets_manifest | string | `"/usr/local/share/mas-cli/manifest.json"` | | -| config.templates.path | string | `"/usr/local/share/mas-cli/templates/"` | | -| config.templates.translations_path | string | `"/usr/local/share/mas-cli/translations/"` | | -| config.upstream_oauth2.providers | list | `[]` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"matrix-org/matrix-authentication-service"` | | -| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"auth.matrix.chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/l"` | | -| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | -| ingress.hosts[1].host | string | `"matrix.chart-example.local"` | | -| ingress.hosts[1].paths[0].path | string | `"/_matrix/client/v3/login"` | | -| ingress.hosts[1].paths[0].pathType | string | `"Exact"` | | -| ingress.hosts[1].paths[1].path | string | `"/_matrix/client/v3/logout"` | | -| ingress.hosts[1].paths[1].pathType | string | `"Exact"` | | -| ingress.hosts[1].paths[2].path | string | `"/_matrix/client/v3/refresh"` | | -| ingress.hosts[1].paths[2].pathType | string | `"Exact"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/health"` | | -| livenessProbe.httpGet.port | string | `"internal"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext.fsGroup | int | `1000` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/health"` | | -| readinessProbe.httpGet.port | string | `"internal"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext.capabilities.drop[0] | string | `"ALL"` | | -| securityContext.readOnlyRootFilesystem | bool | `true` | | -| securityContext.runAsNonRoot | bool | `true` | | -| securityContext.runAsUser | int | `1000` | | -| service.port.http | int | `8080` | | -| service.port.metrics | int | `9100` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/matrix-authentication-service/_docs.gotmpl b/matrix-authentication-service/_docs.gotmpl deleted file mode 100644 index e69de29..0000000 diff --git a/matrix-authentication-service/templates/NOTES.txt b/matrix-authentication-service/templates/NOTES.txt deleted file mode 100644 index c536676..0000000 --- a/matrix-authentication-service/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "matrix-authentication-service.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "matrix-authentication-service.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "matrix-authentication-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port.http }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "matrix-authentication-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/matrix-authentication-service/templates/_helpers.tpl b/matrix-authentication-service/templates/_helpers.tpl deleted file mode 100644 index 74b0985..0000000 --- a/matrix-authentication-service/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "matrix-authentication-service.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "matrix-authentication-service.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "matrix-authentication-service.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "matrix-authentication-service.labels" -}} -helm.sh/chart: {{ include "matrix-authentication-service.chart" . }} -{{ include "matrix-authentication-service.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "matrix-authentication-service.selectorLabels" -}} -app.kubernetes.io/name: {{ include "matrix-authentication-service.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "matrix-authentication-service.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "matrix-authentication-service.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/matrix-authentication-service/templates/deployment.yaml b/matrix-authentication-service/templates/deployment.yaml deleted file mode 100644 index 20e6035..0000000 --- a/matrix-authentication-service/templates/deployment.yaml +++ /dev/null @@ -1,141 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "matrix-authentication-service.fullname" . }} - labels: - {{- include "matrix-authentication-service.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "matrix-authentication-service.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "matrix-authentication-service.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "matrix-authentication-service.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - initContainers: - - name: database-migrate - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "MAS_CONFIG" - value: "/etc/mas-config.yaml" - command: - - /usr/local/bin/mas-cli - - database - - migrate - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: config - mountPath: "/etc/mas-config.yaml" - subPath: "mas-config.yaml" - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - - name: config-sync - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "MAS_CONFIG" - value: "/etc/mas-config.yaml" - command: - - /usr/local/bin/mas-cli - - config - - sync - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: config - mountPath: "/etc/mas-config.yaml" - subPath: "mas-config.yaml" - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "MAS_CONFIG" - value: "/etc/mas-config.yaml" - ports: - - name: http - containerPort: {{ .Values.service.port.http }} - protocol: TCP - - name: internal - containerPort: 8081 - protocol: TCP - {{- with .Values.service.port.metrics }} - - name: metrics - containerPort: {{ . }} - protocol: TCP - {{- end }} - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: config - mountPath: "/etc/mas-config.yaml" - subPath: "mas-config.yaml" - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: config - secret: - secretName: {{ include "matrix-authentication-service.fullname" . }} - items: - - key: "config.yaml" - path: "mas-config.yaml" - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/matrix-authentication-service/templates/hpa.yaml b/matrix-authentication-service/templates/hpa.yaml deleted file mode 100644 index e361269..0000000 --- a/matrix-authentication-service/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "matrix-authentication-service.fullname" . }} - labels: - {{- include "matrix-authentication-service.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "matrix-authentication-service.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/matrix-authentication-service/templates/ingress.yaml b/matrix-authentication-service/templates/ingress.yaml deleted file mode 100644 index fc4c84f..0000000 --- a/matrix-authentication-service/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "matrix-authentication-service.fullname" . -}} -{{- $svcPort := .Values.service.port.http -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "matrix-authentication-service.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/matrix-authentication-service/templates/secrets.yaml b/matrix-authentication-service/templates/secrets.yaml deleted file mode 100644 index 4edb2b6..0000000 --- a/matrix-authentication-service/templates/secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- $secretName := include "matrix-authentication-service.fullname" . }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - labels: - {{- include "matrix-authentication-service.labels" . | nindent 4 }} -data: - {{- $mergeObj := dict }} - {{- $currentData := lookup "v1" "Secret" .Release.Namespace $secretName }} - - {{- if not .Values.config.secrets.encryption }} - {{- $secretEncrpytion := (dig "data" "secret_encryption" "" $currentData | b64dec) | default (randAscii 64 | sha256sum) }} - secret_encryption: {{ $secretEncrpytion | b64enc }} - {{- $mergeObj = mergeOverwrite $mergeObj ( dict - "secrets" (dict - "encryption" $secretEncrpytion - ) - ) }} - {{- end }} - - {{- if not .Values.config.secrets.keys }} - {{- $keyRSA := (dig "data" "key_rsa" "" $currentData | b64dec) | default (genPrivateKey "rsa") }} - {{- $keyECDSA := (dig "data" "key_ecdsa" "" $currentData | b64dec) | default (genPrivateKey "ecdsa") }} - key_rsa: {{ $keyRSA | b64enc }} - key_ecdsa: {{ $keyECDSA | b64enc }} - {{- $mergeObj = mergeOverwrite $mergeObj ( dict - "secrets" (dict - "keys" (list - (dict - "kid" "rsa" - "key" $keyRSA - ) - (dict - "kid" "ecdsa" - "key" $keyECDSA - ) - ) - ) - ) }} - {{- end }} - config.yaml: |- - {{ mergeOverwrite .Values.config $mergeObj | toYaml | b64enc }} diff --git a/matrix-authentication-service/templates/service.yaml b/matrix-authentication-service/templates/service.yaml deleted file mode 100644 index 5734b7e..0000000 --- a/matrix-authentication-service/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "matrix-authentication-service.fullname" . }} - labels: - {{- include "matrix-authentication-service.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - selector: - {{- include "matrix-authentication-service.selectorLabels" . | nindent 4 }} - ports: - - name: http - protocol: TCP - port: {{ .Values.service.port.http }} - targetPort: http - {{- with .Values.service.port.metrics }} - - name: metrics - protocol: TCP - port: {{ . }} - targetPort: metrics - {{- end }} diff --git a/matrix-authentication-service/templates/serviceaccount.yaml b/matrix-authentication-service/templates/serviceaccount.yaml deleted file mode 100644 index 7c9e8f8..0000000 --- a/matrix-authentication-service/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "matrix-authentication-service.serviceAccountName" . }} - labels: - {{- include "matrix-authentication-service.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/matrix-authentication-service/templates/servicemonitor.yaml b/matrix-authentication-service/templates/servicemonitor.yaml deleted file mode 100644 index 4168407..0000000 --- a/matrix-authentication-service/templates/servicemonitor.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "matrix-authentication-service.fullname" . }} - labels: - {{- include "matrix-authentication-service.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "matrix-authentication-service.selectorLabels" . | nindent 6 }} - endpoints: - - port: metrics - path: "/metrics" -{{- end }} diff --git a/matrix-authentication-service/templates/tests/test-connection.yaml b/matrix-authentication-service/templates/tests/test-connection.yaml deleted file mode 100644 index 593372a..0000000 --- a/matrix-authentication-service/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "matrix-authentication-service.fullname" . }}-test-connection" - labels: - {{- include "matrix-authentication-service.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "matrix-authentication-service.fullname" . }}:{{ .Values.service.port.http }}'] - restartPolicy: Never diff --git a/matrix-authentication-service/values.yaml b/matrix-authentication-service/values.yaml deleted file mode 100644 index 1924585..0000000 --- a/matrix-authentication-service/values.yaml +++ /dev/null @@ -1,223 +0,0 @@ ---- -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -image: - registry: ghcr.io - repository: matrix-org/matrix-authentication-service - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion. - tag: - -replicaCount: 1 - -config: - clients: [] - http: - listeners: - - name: http - resources: - - name: discovery - - name: human - - name: oauth - - name: compat - - name: graphql - playground: true - - name: assets - path: /usr/local/share/mas-cli/assets/ - binds: - - address: '[::]:8080' - proxy_protocol: false - - name: internal - resources: - - name: health - binds: - - address: '[::]:8081' - - name: metrics - resources: - - name: prometheus - binds: - - address: '[::]:9100' - trusted_proxies: - - 192.128.0.0/16 - - 172.16.0.0/12 - - 10.0.0.0/10 - - 127.0.0.1/8 - - fd00::/8 - - ::1/128 - public_base: http://[::]:8080/ - issuer: http://[::]:8080/ - database: - host: localhost - port: 5432 - username: sliding_sync - password: secret - database: sliding_sync - max_connections: 10 - min_connections: 0 - connect_timeout: 30 - idle_timeout: 600 - max_lifetime: 1800 - telemetry: - tracing: - exporter: none - propagators: [] - metrics: - exporter: prometheus - sentry: - dsn: null - templates: - path: /usr/local/share/mas-cli/templates/ - assets_manifest: /usr/local/share/mas-cli/manifest.json - translations_path: /usr/local/share/mas-cli/translations/ - email: - from: '"Authentication Service" ' - reply_to: '"Authentication Service" ' - transport: blackhole - secrets: - encryption: - keys: [] - passwords: - enabled: true - schemes: - - version: 1 - algorithm: argon2id - matrix: - homeserver: localhost:8008 - secret: kPnqGbK9hmSRK41DZTgVJxfKVAiLrY6G - endpoint: http://localhost:8008/ - policy: - wasm_module: /usr/local/share/mas-cli/policy.wasm - client_registration_entrypoint: client_registration/violation - register_entrypoint: register/violation - authorization_grant_entrypoint: authorization_grant/violation - password_entrypoint: password/violation - email_entrypoint: email/violation - data: null - upstream_oauth2: - providers: [] - branding: - service_name: null - policy_uri: null - tos_uri: null - imprint: null - logo_uri: null - experimental: - access_token_ttl: 300 - compat_token_ttl: 300 - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -prometheus: - servicemonitor: - enabled: false - labels: {} - -podAnnotations: {} -podLabels: {} - -podSecurityContext: - fsGroup: 1000 - -securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - -service: - type: ClusterIP - port: - http: 8080 - metrics: 9100 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: auth.matrix.chart-example.local - paths: - - path: /l - pathType: Prefix - - host: matrix.chart-example.local - paths: - - path: /_matrix/client/v3/login - pathType: Exact - - path: /_matrix/client/v3/logout - pathType: Exact - - path: /_matrix/client/v3/refresh - pathType: Exact - tls: [] - # - secretName: chart-example-tls - # hosts: - # - auth.matrix.chart-example.local - # - matrix.chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -livenessProbe: - httpGet: - port: internal - path: /health -readinessProbe: - httpGet: - port: internal - path: /health - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/matrix-sliding-sync/.helmignore b/matrix-sliding-sync/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/matrix-sliding-sync/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/matrix-sliding-sync/Chart.yaml b/matrix-sliding-sync/Chart.yaml deleted file mode 100644 index 06c81bd..0000000 --- a/matrix-sliding-sync/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v2 -name: matrix-sliding-sync -description: Proxy implementation of MSC3575's sync protocol. -icon: https://matrix.org/images/matrix-logo.svg -type: application -version: "0.2.2" -# renovate: image=ghcr.io/matrix-org/sliding-sync -appVersion: "0.99.19" -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/matrix-sliding-sync/README.md b/matrix-sliding-sync/README.md deleted file mode 100644 index 422c3f3..0000000 --- a/matrix-sliding-sync/README.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: "matrix-sliding-sync" - -description: "Proxy implementation of MSC3575's sync protocol." - ---- - -# matrix-sliding-sync - -![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.99.19](https://img.shields.io/badge/AppVersion-0.99.19-informational?style=flat-square) - -Proxy implementation of MSC3575's sync protocol. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/matrix-sliding-sync -``` - -You can install a chart release using the following command: - -```bash -helm install matrix-sliding-sync-release oci://codeberg.org/wrenix/helm-charts/matrix-sliding-sync --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall matrix-sliding-sync-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.homeserver | string | `"http://localhost:8008"` | | -| config.logLevel | string | `"INFO"` | | -| config.metrics | int | `9100` | | -| config.opentelemetry.password | string | `nil` | | -| config.opentelemetry.url | string | `nil` | | -| config.opentelemetry.username | string | `nil` | | -| config.postgresql.database | string | `"sliding_sync"` | | -| config.postgresql.host | string | `"localhost"` | | -| config.postgresql.maxConn | int | `0` | | -| config.postgresql.password | string | `"secret"` | | -| config.postgresql.port | int | `5432` | | -| config.postgresql.sslmode | string | `"disable"` | | -| config.postgresql.username | string | `"sliding_sync"` | | -| config.syncSecret | string | `nil` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"matrix-org/sliding-sync"` | | -| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.tcpSocket.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext.fsGroup | int | `2000` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| readinessProbe.tcpSocket.port | string | `"http"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext.capabilities.drop[0] | string | `"ALL"` | | -| securityContext.readOnlyRootFilesystem | bool | `true` | | -| securityContext.runAsNonRoot | bool | `true` | | -| securityContext.runAsUser | int | `1000` | | -| service.port | int | `8008` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/matrix-sliding-sync/_docs.gotmpl b/matrix-sliding-sync/_docs.gotmpl deleted file mode 100644 index e69de29..0000000 diff --git a/matrix-sliding-sync/grafana_dashboards/sliding-sync.json b/matrix-sliding-sync/grafana_dashboards/sliding-sync.json deleted file mode 100644 index 639f914..0000000 --- a/matrix-sliding-sync/grafana_dashboards/sliding-sync.json +++ /dev/null @@ -1,2120 +0,0 @@ -{ - "__inputs": [], - "__elements": {}, - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "10.4.1" - }, - { - "type": "panel", - "id": "heatmap", - "name": "Heatmap", - "version": "" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "1.0.0" - }, - { - "type": "panel", - "id": "timeseries", - "name": "Time series", - "version": "" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 1, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 14, - "panels": [], - "title": "Sliding Sync API", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Actively syncing clients i.e the connection hasn't expired yet. ", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "conns" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Expired Connections (full buffer)" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - }, - { - "id": "custom.lineStyle", - "value": { - "dash": [ - 0, - 10 - ], - "fill": "dot" - } - }, - { - "id": "color", - "value": { - "fixedColor": "purple", - "mode": "fixed" - } - }, - { - "id": "custom.showPoints", - "value": "always" - }, - { - "id": "custom.lineWidth", - "value": 0 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Expired Connections (timed out)" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - }, - { - "id": "color", - "value": { - "fixedColor": "blue", - "mode": "fixed" - } - }, - { - "id": "custom.showPoints", - "value": "always" - }, - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 0 - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 6, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.5.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "exemplar": false, - "expr": "sum(sliding_sync_api_num_active_conns)", - "fullMetaSearch": false, - "includeNullMetadata": true, - "instant": false, - "legendFormat": "Active Connections", - "range": true, - "refId": "A", - "useBackend": false - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "expr": "increase(sliding_sync_api_expiry_conn_buffer_full[5m])", - "fullMetaSearch": false, - "hide": false, - "includeNullMetadata": false, - "legendFormat": "Expired Connections (full buffer)", - "range": true, - "refId": "B", - "useBackend": false - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "expr": "increase(sliding_sync_api_expiry_conn_timed_out[5m])", - "fullMetaSearch": false, - "hide": false, - "includeNullMetadata": true, - "legendFormat": "Expired Connections (timed out)", - "range": true, - "refId": "C", - "useBackend": false - } - ], - "title": "# active sliding sync connections", - "transformations": [ - { - "id": "renameByRegex", - "options": { - "regex": "sliding-sync-api-(.*)", - "renamePattern": "$1" - } - } - ], - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "The number of devices blocked on an initial v2 sync. This number should never remain >0 for more than 15 minutes, unless there is a flood of new users to the system.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "conns" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 1 - }, - "id": 166, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.5.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "exemplar": false, - "expr": "sliding_sync_api_num_devices_pending_ensure_polling", - "fullMetaSearch": false, - "includeNullMetadata": true, - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "A", - "useBackend": false - } - ], - "title": "EnsurePolling calls outstanding", - "transformations": [ - { - "id": "renameByRegex", - "options": { - "regex": "sliding-sync-api-(.*)", - "renamePattern": "$1" - } - } - ], - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Excludes time waiting for live updates. Excludes initial requests.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "red", - "mode": "palette-classic", - "seriesBy": "max" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 0, - "pointSize": 4, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "99%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - }, - { - "id": "custom.fillOpacity", - "value": 35 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "95%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "50%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "25%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "75%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Request rate" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - }, - { - "id": "unit", - "value": "hertz" - }, - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "color", - "value": { - "fixedColor": "purple", - "mode": "fixed" - } - }, - { - "id": "custom.showPoints", - "value": "always" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "90%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "super-light-orange", - "mode": "fixed" - } - } - ] - }, - { - "__systemRef": "hideSeriesFrom", - "matcher": { - "id": "byNames", - "options": { - "mode": "exclude", - "names": [ - "Request rate" - ], - "prefix": "All except:", - "readOnly": true - } - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "legend": false, - "tooltip": false, - "viz": true - } - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 9 - }, - "id": 152, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.2.2", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.99, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "range": true, - "refId": "99" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.90, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "90%", - "range": true, - "refId": "90" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.75, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "75%", - "range": true, - "refId": "75" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.5, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "50%", - "range": true, - "refId": "50" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.25, sum by(le) (rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "25%", - "range": true, - "refId": "25" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "exemplar": false, - "expr": "sum(rate(sliding_sync_api_process_duration_secs_count{initial=\"0\"}[$window_size]))", - "hide": false, - "instant": false, - "legendFormat": "Request rate", - "range": true, - "refId": "A" - } - ], - "title": "API processing time quantiles", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 9 - }, - "id": 157, - "options": { - "calculate": false, - "cellGap": 1, - "color": { - "exponent": 0.5, - "fill": "dark-orange", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 64 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false - } - }, - "pluginVersion": "10.4.1", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "builder", - "expr": "sum(rate(sliding_sync_api_setup_duration_secs_bucket{}[$__rate_interval])) by (le)", - "format": "heatmap", - "legendFormat": "{{le}}", - "range": true, - "refId": "A" - } - ], - "title": "Request setup times", - "type": "heatmap" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Requests take more that 50s. This is our best proxy for \"how many people's requests are wedged\". Should be a flat 0.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "line" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 17 - }, - "id": 159, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "disableTextWrap": false, - "editorMode": "builder", - "expr": "sum(increase(sliding_sync_api_slow_requests[5m]))", - "fullMetaSearch": false, - "includeNullMetadata": true, - "legendFormat": "__auto", - "range": true, - "refId": "A", - "useBackend": false - } - ], - "title": "Slow requests", - "type": "timeseries" - }, - { - "cards": {}, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateOranges", - "exponent": 0.5, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "If this goes high, it may indicate poor DB performance when querying.", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 17 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 10, - "legend": { - "show": true - }, - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 2, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false, - "unit": "dtdurations" - } - }, - "pluginVersion": "10.4.1", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(increase(sliding_sync_api_process_duration_secs_bucket{initial=\"1\"}[$__rate_interval])) by (le)", - "format": "heatmap", - "legendFormat": "{{le}}", - "range": true, - "refId": "A" - } - ], - "title": "Time taken to process initial sliding sync requests", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "format": "dtdurations", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "cards": {}, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateOranges", - "exponent": 0.5, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Excludes live streaming blocks. If this goes high, it may indicate poor DB performance when querying.", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 25 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 15, - "legend": { - "show": true - }, - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 2, - "cellValues": { - "decimals": 3 - }, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": false - }, - "yAxis": { - "axisPlacement": "left", - "min": "0", - "reverse": false, - "unit": "dtdurations" - } - }, - "pluginVersion": "10.4.1", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(rate(sliding_sync_api_process_duration_secs_bucket{initial=\"0\"}[$__rate_interval])) by (le)", - "format": "heatmap", - "interval": "", - "legendFormat": "{{le}}", - "range": true, - "refId": "A" - } - ], - "title": "Time taken to process changes (ranges/filter/sorting/etc) in sliding sync requests", - "tooltip": { - "show": true, - "showHistogram": false - }, - "tooltipDecimals": 3, - "type": "heatmap", - "xAxis": { - "show": true - }, - "xBucketSize": "", - "yAxis": { - "format": "dtdurations", - "logBase": 1, - "min": "0", - "show": true - }, - "yBucketBound": "auto" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 33 - }, - "id": 12, - "panels": [], - "title": "V2 Poller", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Number of /sync connections to upstream homeserver. Generally always goes up, unless users log out and invalidate the access_token being used.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - } - ] - }, - "unit": "pollers", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 34 - }, - "id": 4, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.5.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "exemplar": false, - "expr": "sliding_sync_poller_num_pollers{}", - "instant": false, - "legendFormat": "{{pod}}", - "range": true, - "refId": "A" - } - ], - "title": "# v2 pollers", - "type": "timeseries" - }, - { - "cards": {}, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateOranges", - "exponent": 0.5, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "The higher this is, the bigger the latency from sending events -> receiving events. Excludes initial /sync requests", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 34 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 8, - "legend": { - "show": false - }, - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 2, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": false - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": false - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false, - "unit": "dtdurations" - } - }, - "pluginVersion": "10.3.3", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(increase(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$__rate_interval])) by (le)", - "format": "heatmap", - "legendFormat": "{{le}}", - "range": true, - "refId": "A" - } - ], - "title": "Time taken to process sync v2 responses", - "tooltip": { - "show": true, - "showHistogram": false - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "format": "dtdurations", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "If this drops too low, this means pollers are blocked on something (DB conns, executor, etc)", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "area" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "red" - }, - { - "color": "green", - "value": 0.75 - } - ] - }, - "unit": "percentunit", - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 42 - }, - "id": 165, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sliding_sync_poller_num_outstanding_sync_v2_reqs{}/sliding_sync_poller_num_pollers{}", - "legendFormat": "{{pod}}", - "range": true, - "refId": "A" - } - ], - "title": "Ratio of pollers waiting for v2 response", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "If this number drops to 0, this indicates something is blocking all pollers from doing work. This number will scale with the number of pollers on the process.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 42 - }, - "id": 167, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "rate(sliding_sync_poller_total_num_polls{}[5m])", - "legendFormat": "{{pod}}", - "range": true, - "refId": "A" - } - ], - "title": "Rate of poll loop iterations", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "NB: Proxy requests a timeline limit of 50.\n\nTODO: make it clear how many syncs were limited", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 50 - }, - "id": 16, - "options": { - "calculate": false, - "cellGap": 1, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "dark-orange", - "min": 0, - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 64 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto", - "value": "v2 syncs" - }, - "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": true - }, - "yAxis": { - "axisLabel": "timeline events", - "axisPlacement": "left", - "max": "50", - "reverse": false - } - }, - "pluginVersion": "10.3.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(rate(sliding_sync_poller_timeline_size_bucket{limited=\"unlimited\"}[$__rate_interval])) by (le)", - "format": "heatmap", - "legendFormat": "{{limited}}", - "range": true, - "refId": "A" - } - ], - "title": "Timeline size of unlimited pollers", - "type": "heatmap" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Updates from v2 pollers sent to pubsub. Abnormal spikes could be from spam or lack of duplicate suppression in the proxy.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unitScale": true - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 50 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum by (payload_type) (rate(sliding_sync_poller_num_payloads{}[$window_size]))", - "legendFormat": "{{payload_type}}", - "range": true, - "refId": "A" - } - ], - "title": "Payload Rate", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "description": "Excludes time waiting for v2 sync requests. Excludes initial polls.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "red", - "mode": "palette-classic", - "seriesBy": "max" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 0, - "pointSize": 4, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - } - ] - }, - "unit": "s", - "unitScale": true - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "99%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - }, - { - "id": "custom.fillOpacity", - "value": 35 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "95%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "50%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "25%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "75%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Poll rate" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - }, - { - "id": "unit", - "value": "hertz" - }, - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "color", - "value": { - "fixedColor": "purple", - "mode": "fixed" - } - }, - { - "id": "custom.showPoints", - "value": "always" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "90%" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "super-light-orange", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 59 - }, - "id": 153, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.2.2", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.99, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "range": true, - "refId": "99" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.90, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "90%", - "range": true, - "refId": "90" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.75, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "75%", - "range": true, - "refId": "75" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.5, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "50%", - "range": true, - "refId": "50" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.25, sum by(le) (rate(sliding_sync_poller_process_duration_secs_bucket{initial=\"0\"}[$window_size])))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "25%", - "range": true, - "refId": "25" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, - "editorMode": "code", - "expr": "sum(rate(sliding_sync_poller_process_duration_secs_count{initial=\"0\"}[$window_size]))", - "hide": false, - "legendFormat": "Poll rate", - "range": true, - "refId": "A" - } - ], - "title": "Poller processing time quantiles", - "type": "timeseries" - } - ], - "refresh": "", - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [ - { - "auto": true, - "auto_count": 100, - "auto_min": "30s", - "current": { - "selected": true, - "text": "auto", - "value": "$__auto_interval_window_size" - }, - "description": "Window to use for aggregating buckets/moving averages", - "hide": 0, - "label": "Window size", - "name": "window_size", - "options": [ - { - "selected": true, - "text": "auto", - "value": "$__auto_interval_window_size" - }, - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "2m", - "value": "2m" - }, - { - "selected": false, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "15m", - "value": "15m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "2h", - "value": "2h" - } - ], - "query": "30s,1m,2m,5m,10m,15m,30m,1h,2h", - "queryValue": "", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - }, - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "c433c715-0878-4d85-877c-465ce5b8cac4" - }, - "hide": 0, - "includeAll": false, - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Sliding Sync", - "uid": "slidingsync", - "version": 27, - "weekStart": "" - } \ No newline at end of file diff --git a/matrix-sliding-sync/templates/NOTES.txt b/matrix-sliding-sync/templates/NOTES.txt deleted file mode 100644 index 62e2871..0000000 --- a/matrix-sliding-sync/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "matrix-sliding-sync.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "matrix-sliding-sync.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "matrix-sliding-sync.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "matrix-sliding-sync.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/matrix-sliding-sync/templates/_helpers.tpl b/matrix-sliding-sync/templates/_helpers.tpl deleted file mode 100644 index 672a34c..0000000 --- a/matrix-sliding-sync/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "matrix-sliding-sync.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "matrix-sliding-sync.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "matrix-sliding-sync.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "matrix-sliding-sync.labels" -}} -helm.sh/chart: {{ include "matrix-sliding-sync.chart" . }} -{{ include "matrix-sliding-sync.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "matrix-sliding-sync.selectorLabels" -}} -app.kubernetes.io/name: {{ include "matrix-sliding-sync.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "matrix-sliding-sync.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "matrix-sliding-sync.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/matrix-sliding-sync/templates/configmap_grafana_dashboards.yaml b/matrix-sliding-sync/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 46043ed..0000000 --- a/matrix-sliding-sync/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "matrix-sliding-sync.fullname" . }}-grafana-db - labels: - {{- include "matrix-sliding-sync.labels" $ | nindent 4 }} - {{- with .Values.grafana.dashboards.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.grafana.dashboards.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -data: - {{- ($.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/matrix-sliding-sync/templates/deployment.yaml b/matrix-sliding-sync/templates/deployment.yaml deleted file mode 100644 index bd9bfa4..0000000 --- a/matrix-sliding-sync/templates/deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "matrix-sliding-sync.fullname" . }} - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "matrix-sliding-sync.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "matrix-sliding-sync.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "matrix-sliding-sync.fullname" . }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - {{- with .Values.config.metrics }} - - name: metrics - containerPort: {{ . }} - protocol: TCP - {{- end }} - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/matrix-sliding-sync/templates/hpa.yaml b/matrix-sliding-sync/templates/hpa.yaml deleted file mode 100644 index 2be38cd..0000000 --- a/matrix-sliding-sync/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "matrix-sliding-sync.fullname" . }} - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "matrix-sliding-sync.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/matrix-sliding-sync/templates/ingress.yaml b/matrix-sliding-sync/templates/ingress.yaml deleted file mode 100644 index d707a17..0000000 --- a/matrix-sliding-sync/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "matrix-sliding-sync.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/matrix-sliding-sync/templates/secrets.yaml b/matrix-sliding-sync/templates/secrets.yaml deleted file mode 100644 index 531e392..0000000 --- a/matrix-sliding-sync/templates/secrets.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- $secretName := include "matrix-sliding-sync.fullname" . }} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 4 }} -data: - SYNCV3_SERVER: {{ .Values.config.homeserver | b64enc }} - {{- with .Values.config.postgresql }} - SYNCV3_DB: {{ (printf "postgresql://%s:%s@%s:%v/%s?sslmode=%s" - .username - .password - .host - .port - .database - .sslmode - ) | b64enc }} - {{- end }} - SYNCV3_SECRET: {{ .Values.config.syncSecret - | default (dig "data" "SYNCV3_SECRET" "" $secret | b64dec) - | default (randAlphaNum 64) - | b64enc - }} - SYNCV3_BINDADDR: {{ printf ":%v" .Values.service.port | b64enc }} - {{- with .Values.config.metrics }} - SYNCV3_PROM: {{ printf ":%v" . | b64enc }} - {{- end }} - {{- with .Values.config.opentelemetry }} - {{- with .url }} - SYNCV3_OTLP_URL: {{ . | b64enc }} - {{- end }} - {{- with .username }} - SYNCV3_OTLP_USERNAME: {{ . | b64enc }} - {{- end }} - {{- with .password }} - SYNCV3_OTLP_PASSWORD: {{ . | b64enc }} - {{- end }} - {{- end }} - SYNCV3_LOG_LEVEL: {{ .Values.config.logLevel | b64enc }} - SYNCV3_MAX_DB_CONN: {{ toString .Values.config.postgresql.maxConn | b64enc }} diff --git a/matrix-sliding-sync/templates/service.yaml b/matrix-sliding-sync/templates/service.yaml deleted file mode 100644 index 62d6040..0000000 --- a/matrix-sliding-sync/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "matrix-sliding-sync.fullname" . }} - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - name: http - protocol: TCP - port: {{ .Values.service.port }} - targetPort: http - {{- with .Values.config.metrics }} - - name: metrics - protocol: TCP - port: {{ . }} - targetPort: metrics - {{- end }} - selector: - {{- include "matrix-sliding-sync.selectorLabels" . | nindent 4 }} diff --git a/matrix-sliding-sync/templates/serviceaccount.yaml b/matrix-sliding-sync/templates/serviceaccount.yaml deleted file mode 100644 index b47cf33..0000000 --- a/matrix-sliding-sync/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "matrix-sliding-sync.serviceAccountName" . }} - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/matrix-sliding-sync/templates/servicemonitor.yaml b/matrix-sliding-sync/templates/servicemonitor.yaml deleted file mode 100644 index 57d2e4e..0000000 --- a/matrix-sliding-sync/templates/servicemonitor.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "matrix-sliding-sync.fullname" . }} - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - path: "/metrics" - selector: - matchLabels: - {{- include "matrix-sliding-sync.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/matrix-sliding-sync/templates/tests/test-connection.yaml b/matrix-sliding-sync/templates/tests/test-connection.yaml deleted file mode 100644 index 78ac09f..0000000 --- a/matrix-sliding-sync/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "matrix-sliding-sync.fullname" . }}-test-connection" - labels: - {{- include "matrix-sliding-sync.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "matrix-sliding-sync.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/matrix-sliding-sync/values.yaml b/matrix-sliding-sync/values.yaml deleted file mode 100644 index 0440fc2..0000000 --- a/matrix-sliding-sync/values.yaml +++ /dev/null @@ -1,140 +0,0 @@ ---- -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -image: - registry: ghcr.io - repository: matrix-org/sliding-sync - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion. - tag: - -replicaCount: 1 - -config: - homeserver: http://localhost:8008 - syncSecret: - postgresql: - host: localhost - port: 5432 - database: sliding_sync - username: sliding_sync - password: secret - sslmode: disable - maxConn: 0 - metrics: 9100 - opentelemetry: - url: - username: - password: - logLevel: INFO - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -prometheus: - servicemonitor: - enabled: false - labels: {} - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -podAnnotations: {} -podLabels: {} - -podSecurityContext: - fsGroup: 2000 - -securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - -service: - type: ClusterIP - port: 8008 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -livenessProbe: - tcpSocket: - port: http -readinessProbe: - tcpSocket: - port: http - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/matrix-synapse/.gitignore b/matrix-synapse/.gitignore deleted file mode 100644 index 31014c3..0000000 --- a/matrix-synapse/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -charts/*.tgz -values_test.yaml diff --git a/matrix-synapse/.helmignore b/matrix-synapse/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/matrix-synapse/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/matrix-synapse/Chart.lock b/matrix-synapse/Chart.lock deleted file mode 100644 index d7dc37a..0000000 --- a/matrix-synapse/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: postgresql - repository: oci://docker.io/bitnamicharts - version: 16.4.3 -- name: redis - repository: oci://docker.io/bitnamicharts - version: 20.6.3 -digest: sha256:dd37b0663f93a21ea0d23e5041b48efef3cef63a051f2942eb095d1b95e63d7d -generated: "2025-01-15T22:06:14.404148475+01:00" diff --git a/matrix-synapse/Chart.yaml b/matrix-synapse/Chart.yaml deleted file mode 100644 index bffccdb..0000000 --- a/matrix-synapse/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v2 -name: matrix-synapse -description: Matrix reference homeserver -icon: https://matrix.org/images/matrix-logo.svg -type: application -version: "1.0.11" -# renovate: image=ghcr.io/element-hq/synapse -appVersion: 1.122.0 -maintainers: - - name: WrenIX - url: https://wrenix.eu - -dependencies: - - name: postgresql - version: "^16.3.1" - repository: "oci://docker.io/bitnamicharts" - condition: postgresql.enabled - - name: redis - version: "20.6.3" - repository: "oci://docker.io/bitnamicharts" - condition: redis.enabled diff --git a/matrix-synapse/README.md b/matrix-synapse/README.md deleted file mode 100644 index fc5347e..0000000 --- a/matrix-synapse/README.md +++ /dev/null @@ -1,283 +0,0 @@ ---- -title: "matrix-synapse" - -description: "Matrix reference homeserver" - ---- - -# matrix-synapse - -![Version: 1.0.11](https://img.shields.io/badge/Version-1.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.122.0](https://img.shields.io/badge/AppVersion-1.122.0-informational?style=flat-square) - -Matrix reference homeserver - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/matrix-synapse -``` - -You can install a chart release using the following command: - -```bash -helm install matrix-synapse-release oci://codeberg.org/wrenix/helm-charts/matrix-synapse --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall matrix-synapse-release -``` - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://docker.io/bitnamicharts | postgresql | ^16.3.1 | -| oci://docker.io/bitnamicharts | redis | 20.6.3 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| config.bindAddresses | list | `["::"]` | The bind addresses to use for the default listeners | -| config.extraListeners | list | `[]` | | -| config.extraMainListenerTypes | list | `[]` | | -| config.reportStats | bool | `false` | | -| config.trustedKeyServers | list | `[{"server_name":"matrix.org"}]` | A set of trusted servers to contact if another server doesn't respond to a signing key request. | -| config.useStructuredLogging | bool | `false` | | -| externalPostgresql.database | string | `"synapse"` | | -| externalPostgresql.extraArgs | object | `{}` | Extra arguments for the database connection ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config | -| externalPostgresql.options | object | `{}` | set extra configuration ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config e.g. txn_limit, allow_unsafe_locale | -| externalPostgresql.port | int | `5432` | | -| externalPostgresql.username | string | `"synapse"` | | -| externalRedis.port | int | `6379` | | -| extraConfig | object | `{}` | | -| extraLoggers | object | `{}` | | -| extraSecrets | object | `{}` | | -| fullnameOverride | string | `nil` | Override the full name of the installed chart. | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"element-hq/synapse"` | | -| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| ingress.annotations | object | `{}` | | -| ingress.csHosts | list | `[]` | | -| ingress.csPaths | list | `[]` | | -| ingress.enabled | bool | `true` | | -| ingress.hosts | list | `[]` | | -| ingress.includeServerName | bool | `true` | | -| ingress.includeUnderscoreSynapse | bool | `true` | | -| ingress.paths | list | `[]` | | -| ingress.tls | list | `[]` | | -| ingress.traefikPaths | bool | `false` | | -| ingress.wkHosts | list | `[]` | | -| nameOverride | string | `nil` | Override part of the installed name, will still keep release name. | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"10Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| postgresql.auth.database | string | `"synapse"` | | -| postgresql.auth.password | string | `"synapse"` | | -| postgresql.auth.username | string | `"synapse"` | | -| postgresql.enabled | bool | `true` | | -| postgresql.extraArgs | object | `{}` | Extra arguments for the database connection ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config | -| postgresql.options | object | `{}` | set extra configuration ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config e.g. txn_limit, allow_unsafe_locale | -| postgresql.primary.initdb.args | string | `"--lc-collate=C --lc-ctype=C"` | | -| postgresql.primary.persistence.size | string | `"16Gi"` | | -| prometheus.podmonitor.enabled | bool | `false` | | -| prometheus.podmonitor.labels | object | `{}` | | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.defaults.enabled | bool | `true` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| publicServerName | string | `nil` | The public Matrix server name, this will be used for any public URLs in config as well as for client API links in the ingress. | -| redis.architecture | string | `"standalone"` | | -| redis.auth.enabled | bool | `true` | | -| redis.auth.existingSecret | string | `nil` | Or use existing secret with "redis-password" key instead of static password | -| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time | -| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret | -| redis.auth.password | string | `"synapse"` | XXX Change me! | -| redis.enabled | bool | `true` | | -| redis.global.storageClass | string | `""` | | -| redis.master.persistence.enabled | bool | `true` | | -| redis.master.service.port | int | `6379` | | -| redis.replica.persistence.enabled | bool | `true` | | -| serverName | string | `nil` | The Matrix domain name, this is what will be used for the domain part in your MXIDs. | -| service.port | int | `8008` | | -| service.targetPort | string | `"http"` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `false` | | -| signingkey.annotations | object | `{"helm.sh/hook":"pre-install,pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation,hook-succeeded"}` | Annotations to apply to the job and rbac for signing-key. | -| signingkey.job.enabled | bool | `true` | | -| signingkey.job.publishImage.pullPolicy | string | `"IfNotPresent"` | | -| signingkey.job.publishImage.registry | string | `"docker.io"` | | -| signingkey.job.publishImage.repository | string | `"bitnami/kubectl"` | | -| signingkey.job.publishImage.tag | string | `"latest"` | | -| signingkey.resources | object | `{}` | | -| synapse.affinity | object | `{}` | | -| synapse.annotations | object | `{}` | | -| synapse.extraCommands | list | `[]` | | -| synapse.extraEnv | list | `[]` | | -| synapse.extraVolumeMounts | list | `[]` | | -| synapse.extraVolumes | list | `[]` | | -| synapse.labels | object | `{}` | | -| synapse.livenessProbe.httpGet.path | string | `"/health"` | | -| synapse.livenessProbe.httpGet.port | string | `"http"` | | -| synapse.nodeSelector | object | `{}` | | -| synapse.podSecurityContext | object | `{}` | | -| synapse.readinessProbe.httpGet.path | string | `"/health"` | | -| synapse.readinessProbe.httpGet.port | string | `"http"` | | -| synapse.resources | object | `{}` | | -| synapse.securityContext | object | `{}` | | -| synapse.startupProbe.failureThreshold | int | `12` | | -| synapse.startupProbe.httpGet.path | string | `"/health"` | | -| synapse.startupProbe.httpGet.port | string | `"http"` | | -| synapse.strategy.type | string | `"RollingUpdate"` | | -| synapse.tolerations | list | `[]` | | -| volumePermissions.enabled | bool | `false` | | -| volumePermissions.gid | int | `666` | | -| volumePermissions.image.pullPolicy | string | `"Always"` | | -| volumePermissions.image.registry | string | `"docker.io"` | | -| volumePermissions.image.repository | string | `"library/alpine"` | | -| volumePermissions.image.tag | string | `"3.21.2"` | | -| volumePermissions.resources | object | `{}` | | -| volumePermissions.uid | int | `666` | | -| wellknown.affinity | object | `{}` | | -| wellknown.client | object | `{}` | Data to serve on .well-known/matrix/client. m.homeserver: base_url: https://matrix.example.com | -| wellknown.containerPort | int | `80` | | -| wellknown.element | object | `{}` | Data to serve on .well-known/element/element.json call: widget_url: https://call.element.io | -| wellknown.enabled | bool | `false` | | -| wellknown.env | list | `[]` | | -| wellknown.image.pullPolicy | string | `"IfNotPresent"` | | -| wellknown.image.registry | string | `"docker.io"` | | -| wellknown.image.repository | string | `"library/nginx"` | | -| wellknown.image.tag | string | `"1.27.3"` | | -| wellknown.nodeSelector | object | `{}` | | -| wellknown.podAnnotations | list | `[]` | | -| wellknown.podLabels | object | `{}` | | -| wellknown.podSecurityContext | object | `{}` | | -| wellknown.replicaCount | int | `1` | | -| wellknown.resources | object | `{}` | | -| wellknown.securityContext | object | `{}` | | -| wellknown.server | object | `{}` | The host and port combo to serve on .well-known/matrix/server. m.server: matrix.example.com:443 | -| wellknown.service.annotations | object | `{}` | | -| wellknown.service.port | int | `8080` | | -| wellknown.service.type | string | `"ClusterIP"` | | -| wellknown.tolerations | list | `[]` | | -| workers.appservice.enabled | bool | `false` | | -| workers.appservice.generic | bool | `true` | | -| workers.appservice.name | string | `"appservices"` | | -| workers.default.affinity | object | `{}` | | -| workers.default.annotations | object | `{}` | | -| workers.default.extraCommands | list | `[]` | | -| workers.default.extraEnv | list | `[]` | | -| workers.default.livenessProbe.httpGet.path | string | `"/health"` | | -| workers.default.livenessProbe.httpGet.port | string | `"metrics"` | | -| workers.default.nodeSelector | object | `{}` | | -| workers.default.podSecurityContext | object | `{}` | | -| workers.default.readinessProbe.httpGet.path | string | `"/health"` | | -| workers.default.readinessProbe.httpGet.port | string | `"metrics"` | | -| workers.default.replicaCount | int | `1` | | -| workers.default.resources | object | `{}` | | -| workers.default.securityContext | object | `{}` | | -| workers.default.startupProbe.failureThreshold | int | `6` | | -| workers.default.startupProbe.httpGet.path | string | `"/health"` | | -| workers.default.startupProbe.httpGet.port | string | `"metrics"` | | -| workers.default.strategy.type | string | `"RollingUpdate"` | | -| workers.default.tolerations | list | `[]` | | -| workers.default.volumeMounts | list | `[]` | | -| workers.default.volumes | list | `[]` | | -| workers.federation_sender.enabled | bool | `false` | | -| workers.frontend_proxy.csPaths[0] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload"` | | -| workers.frontend_proxy.enabled | bool | `false` | | -| workers.frontend_proxy.listeners[0] | string | `"client"` | | -| workers.generic_worker.csPaths[0] | string | `"/_matrix/client/(api/v1|r0|v3)/events$"` | | -| workers.generic_worker.csPaths[10] | string | `"/_matrix/client/(r0|v3|unstable)/account/3pid$"` | | -| workers.generic_worker.csPaths[11] | string | `"/_matrix/client/(r0|v3|unstable)/account/whoami$"` | | -| workers.generic_worker.csPaths[12] | string | `"/_matrix/client/(r0|v3|unstable)/devices$"` | | -| workers.generic_worker.csPaths[13] | string | `"/_matrix/client/versions$"` | | -| workers.generic_worker.csPaths[14] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$"` | | -| workers.generic_worker.csPaths[15] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/"` | | -| workers.generic_worker.csPaths[16] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$"` | | -| workers.generic_worker.csPaths[17] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/search$"` | | -| workers.generic_worker.csPaths[18] | string | `"/_matrix/client/(r0|v3|unstable)/keys/query$"` | | -| workers.generic_worker.csPaths[19] | string | `"/_matrix/client/(r0|v3|unstable)/keys/changes$"` | | -| workers.generic_worker.csPaths[1] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$"` | | -| workers.generic_worker.csPaths[20] | string | `"/_matrix/client/(r0|v3|unstable)/keys/claim$"` | | -| workers.generic_worker.csPaths[21] | string | `"/_matrix/client/(r0|v3|unstable)/room_keys/"` | | -| workers.generic_worker.csPaths[22] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/login$"` | | -| workers.generic_worker.csPaths[23] | string | `"/_matrix/client/(r0|v3|unstable)/register$"` | | -| workers.generic_worker.csPaths[24] | string | `"/_matrix/client/v1/register/m.login.registration_token/validity$"` | | -| workers.generic_worker.csPaths[25] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact"` | | -| workers.generic_worker.csPaths[26] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send"` | | -| workers.generic_worker.csPaths[27] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/"` | | -| workers.generic_worker.csPaths[28] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$"` | | -| workers.generic_worker.csPaths[29] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/join/"` | | -| workers.generic_worker.csPaths[2] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$"` | | -| workers.generic_worker.csPaths[30] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/profile/"` | | -| workers.generic_worker.csPaths[31] | string | `"/_matrix/client/(r0|v3|unstable)/user_directory/search"` | | -| workers.generic_worker.csPaths[3] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$"` | | -| workers.generic_worker.csPaths[4] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/"` | | -| workers.generic_worker.csPaths[5] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$"` | | -| workers.generic_worker.csPaths[6] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$"` | | -| workers.generic_worker.csPaths[7] | string | `"/_matrix/client/v1/rooms/.*/hierarchy$"` | | -| workers.generic_worker.csPaths[8] | string | `"/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$"` | | -| workers.generic_worker.csPaths[9] | string | `"/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"` | | -| workers.generic_worker.enabled | bool | `false` | | -| workers.generic_worker.generic | bool | `true` | | -| workers.generic_worker.listeners[0] | string | `"client"` | | -| workers.generic_worker.listeners[1] | string | `"federation"` | | -| workers.generic_worker.paths[0] | string | `"/_matrix/federation/v1/event/"` | | -| workers.generic_worker.paths[10] | string | `"/_matrix/federation/(v1|v2)/send_leave/"` | | -| workers.generic_worker.paths[11] | string | `"/_matrix/federation/(v1|v2)/invite/"` | | -| workers.generic_worker.paths[12] | string | `"/_matrix/federation/v1/event_auth/"` | | -| workers.generic_worker.paths[13] | string | `"/_matrix/federation/v1/exchange_third_party_invite/"` | | -| workers.generic_worker.paths[14] | string | `"/_matrix/federation/v1/user/devices/"` | | -| workers.generic_worker.paths[15] | string | `"/_matrix/key/v2/query"` | | -| workers.generic_worker.paths[16] | string | `"/_matrix/federation/v1/hierarchy/"` | | -| workers.generic_worker.paths[17] | string | `"/_matrix/federation/v1/send/"` | | -| workers.generic_worker.paths[1] | string | `"/_matrix/federation/v1/state/"` | | -| workers.generic_worker.paths[2] | string | `"/_matrix/federation/v1/state_ids/"` | | -| workers.generic_worker.paths[3] | string | `"/_matrix/federation/v1/backfill/"` | | -| workers.generic_worker.paths[4] | string | `"/_matrix/federation/v1/get_missing_events/"` | | -| workers.generic_worker.paths[5] | string | `"/_matrix/federation/v1/publicRooms"` | | -| workers.generic_worker.paths[6] | string | `"/_matrix/federation/v1/query/"` | | -| workers.generic_worker.paths[7] | string | `"/_matrix/federation/v1/make_join/"` | | -| workers.generic_worker.paths[8] | string | `"/_matrix/federation/v1/make_leave/"` | | -| workers.generic_worker.paths[9] | string | `"/_matrix/federation/(v1|v2)/send_join/"` | | -| workers.media_repository.csPaths[0] | string | `"/_matrix/media/.*"` | | -| workers.media_repository.csPaths[1] | string | `"/_synapse/admin/v1/purge_media_cache$"` | | -| workers.media_repository.csPaths[2] | string | `"/_synapse/admin/v1/room/.*/media"` | | -| workers.media_repository.csPaths[3] | string | `"/_synapse/admin/v1/user/.*/media"` | | -| workers.media_repository.csPaths[4] | string | `"/_synapse/admin/v1/media/"` | | -| workers.media_repository.csPaths[5] | string | `"/_synapse/admin/v1/quarantine_media/"` | | -| workers.media_repository.csPaths[6] | string | `"/_synapse/admin/v1/users/.*/media$"` | | -| workers.media_repository.enabled | bool | `false` | | -| workers.media_repository.listeners[0] | string | `"media"` | | -| workers.media_repository.paths[0] | string | `"/_matrix/media/.*"` | | -| workers.pusher.enabled | bool | `false` | | -| workers.user_dir.csPaths[0] | string | `"/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$"` | | -| workers.user_dir.enabled | bool | `false` | | -| workers.user_dir.listeners[0] | string | `"client"` | | -| workers.user_dir.name | string | `"userdir"` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/matrix-synapse/_docs.gotmpl b/matrix-synapse/_docs.gotmpl deleted file mode 100644 index e69de29..0000000 diff --git a/matrix-synapse/ci/ct-values.yaml b/matrix-synapse/ci/ct-values.yaml deleted file mode 100644 index d2e8bc2..0000000 --- a/matrix-synapse/ci/ct-values.yaml +++ /dev/null @@ -1 +0,0 @@ -serverName: "example.org" diff --git a/matrix-synapse/files/well-known/nginx.conf b/matrix-synapse/files/well-known/nginx.conf deleted file mode 100644 index c31b073..0000000 --- a/matrix-synapse/files/well-known/nginx.conf +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name localhost; - - location / { - add_header Access-Control-Allow-Origin "*"; - root /usr/share/nginx/html; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } -} diff --git a/matrix-synapse/grafana_dashboards/README.adoc b/matrix-synapse/grafana_dashboards/README.adoc deleted file mode 100644 index ace575c..0000000 --- a/matrix-synapse/grafana_dashboards/README.adoc +++ /dev/null @@ -1,4 +0,0 @@ -# Readme - -## Changelog from monitoring resources -- Dashboard: https://github.com/element-hq/synapse/blob/v1.101.0/contrib/grafana/synapse.json diff --git a/matrix-synapse/grafana_dashboards/synapse.json b/matrix-synapse/grafana_dashboards/synapse.json deleted file mode 100644 index 30d6d87..0000000 --- a/matrix-synapse/grafana_dashboards/synapse.json +++ /dev/null @@ -1,13473 +0,0 @@ -{ - "__elements": {}, - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "9.2.2" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph (old)", - "version": "" - }, - { - "type": "panel", - "id": "heatmap", - "name": "Heatmap", - "version": "" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "1.0.0" - }, - { - "type": "panel", - "id": "timeseries", - "name": "Time series", - "version": "" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "enable": false, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "limit": 100, - "name": "Annotations & Alerts", - "showIn": 0, - "type": "dashboard" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "enable": true, - "expr": "changes(process_start_time_seconds{instance=\"$instance\",job=~\"synapse\"}[$bucket_size]) * on (instance, job) group_left(version) synapse_build_info{instance=\"$instance\",job=\"synapse\"}", - "iconColor": "purple", - "name": "deploys", - "titleFormat": "Deployed {{version}}" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [ - { - "asDropdown": false, - "icon": "external link", - "includeVars": true, - "keepTime": true, - "tags": [ - "matrix" - ], - "title": "Dashboards", - "type": "dashboards" - } - ], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 73, - "panels": [], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Overview", - "type": "row" - }, - { - "cards": { - "cardPadding": -1, - "cardRound": 0 - }, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "heatmap": {}, - "hideZeroBuckets": false, - "highlightCards": true, - "id": 189, - "legend": { - "show": false - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": -1, - "cellRadius": 0, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Inferno", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": false - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false, - "unit": "s" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',instance=\"$instance\",code=~\"2..\"}[$bucket_size])) by (le)", - "format": "heatmap", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "Event Send Time (excluding errors, all workers)", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "format": "s", - "logBase": 2, - "show": true - }, - "yBucketBound": "auto" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "hiddenSeries": false, - "id": 152, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Avg", - "fill": 0, - "linewidth": 3 - }, - { - "alias": "99%", - "color": "#C4162A", - "fillBelowTo": "90%" - }, - { - "alias": "90%", - "color": "#FF7383", - "fillBelowTo": "75%" - }, - { - "alias": "75%", - "color": "#FFEE52", - "fillBelowTo": "50%" - }, - { - "alias": "50%", - "color": "#73BF69", - "fillBelowTo": "25%" - }, - { - "alias": "25%", - "color": "#1F60C4", - "fillBelowTo": "5%" - }, - { - "alias": "5%", - "lines": false - }, - { - "alias": "Average", - "color": "rgb(255, 255, 255)", - "lines": true, - "linewidth": 3 - }, - { - "alias": "Events", - "color": "#B877D9", - "hideTooltip": true, - "points": true, - "yaxis": 2, - "zindex": -3 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.99, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "refId": "D" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.9, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "90%", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.75, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "75%", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.5, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "50%", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.25, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) by (le))", - "legendFormat": "25%", - "refId": "F" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.05, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) by (le))", - "legendFormat": "5%", - "refId": "G" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_http_server_response_time_seconds_sum{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) / sum(rate(synapse_http_server_response_time_seconds_count{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size]))", - "legendFormat": "Average", - "refId": "H" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_storage_events_persisted_events_total{instance=\"$instance\"}[$bucket_size]))", - "hide": false, - "instant": false, - "legendFormat": "Events", - "refId": "E" - } - ], - "thresholds": [ - { - "$$hashKey": "object:283", - "colorMode": "warning", - "fill": false, - "line": true, - "op": "gt", - "value": 1, - "yaxis": "left" - }, - { - "$$hashKey": "object:284", - "colorMode": "critical", - "fill": false, - "line": true, - "op": "gt", - "value": 2, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "Event Send Time Quantiles (excluding errors, all workers)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:255", - "format": "s", - "label": "", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:256", - "format": "hertz", - "label": "", - "logBase": 1, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 75, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 3, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(process_cpu_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} ", - "refId": "A" - } - ], - "thresholds": [ - { - "$$hashKey": "object:566", - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "value": 1, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:538", - "format": "percentunit", - "logBase": 1, - "max": "1.5", - "min": "0", - "show": true - }, - { - "$$hashKey": "object:539", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 10 - }, - "hiddenSeries": false, - "id": 198, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 3, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "process_resident_memory_bytes{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}} {{index}}", - "refId": "A", - "step": 20, - "target": "" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(process_resident_memory_bytes{instance=\"$instance\",job=~\"$job\",index=~\"$index\"})", - "hide": true, - "interval": "", - "legendFormat": "total", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "transformations": [], - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1560", - "format": "bytes", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:1561", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 1, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 10, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 19 - }, - "id": 245, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "synapse_build_info{instance=\"$instance\", job=\"synapse\"} - 1", - "legendFormat": "version {{version}}", - "range": true, - "refId": "deployed_synapse_versions" - } - ], - "title": "Deployed Synapse versions over time", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 19 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:639", - "alias": "/max$/", - "color": "#890F02", - "fill": 0, - "legend": false - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "process_open_fds{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}}", - "refId": "A", - "step": 20 - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "process_max_fds{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": true, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} max", - "refId": "B", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Open FDs", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:650", - "format": "none", - "label": "", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:651", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 26 - }, - "id": 54, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 27 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 3, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:1240", - "alias": "/user/" - }, - { - "$$hashKey": "object:1241", - "alias": "/system/" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(process_cpu_system_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} system ", - "metric": "", - "range": true, - "refId": "B", - "step": 20 - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(process_cpu_user_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} user", - "refId": "A", - "step": 20 - } - ], - "thresholds": [ - { - "$$hashKey": "object:1278", - "colorMode": "custom", - "fillColor": "rgba(255, 255, 255, 1)", - "line": true, - "lineColor": "rgba(216, 200, 27, 0.27)", - "op": "gt", - "value": 0.5, - "yaxis": "left" - }, - { - "$$hashKey": "object:1279", - "colorMode": "custom", - "fillColor": "rgba(255, 255, 255, 1)", - "line": true, - "lineColor": "rgb(87, 6, 16)", - "op": "gt", - "value": 0.8, - "yaxis": "left" - }, - { - "$$hashKey": "object:1498", - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "value": 1, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "CPU", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1250", - "format": "percentunit", - "label": "", - "logBase": 1, - "max": "1.2", - "min": 0, - "show": true - }, - { - "$$hashKey": "object:1251", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Shows the time in which the given percentage of reactor ticks completed, over the sampled timespan", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 27 - }, - "id": 105, - "interval": "", - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "8.3.2", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "histogram_quantile(0.999, rate(python_twisted_reactor_tick_time_bucket{index=~\"$index\",instance=\"$instance\",job=~\"$job\"}[$bucket_size]))", - "hide": false, - "interval": "", - "legendFormat": "{{job}}-{{index}} 99.9%", - "refId": "E" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "histogram_quantile(0.99, rate(python_twisted_reactor_tick_time_bucket{index=~\"$index\",instance=\"$instance\",job=~\"$job\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} 99%", - "refId": "A", - "step": 20 - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "histogram_quantile(0.95, rate(python_twisted_reactor_tick_time_bucket{index=~\"$index\",instance=\"$instance\",job=~\"$job\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} 95%", - "refId": "B" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.90, rate(python_twisted_reactor_tick_time_bucket{index=~\"$index\",instance=\"$instance\",job=~\"$job\"}[$bucket_size]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} 90%", - "refId": "C" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(python_twisted_reactor_tick_time_sum{index=~\"$index\",instance=\"$instance\",job=~\"$job\"}[$bucket_size]) / rate(python_twisted_reactor_tick_time_count{index=~\"$index\",instance=\"$instance\",job=~\"$job\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} mean", - "refId": "D" - } - ], - "title": "Reactor tick quantiles", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 34 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "process_resident_memory_bytes{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}} {{index}}", - "refId": "A", - "step": 20, - "target": "" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(process_resident_memory_bytes{instance=\"$instance\",job=~\"$job\",index=~\"$index\"})", - "interval": "", - "legendFormat": "total", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "transformations": [], - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 34 - }, - "hiddenSeries": false, - "id": 49, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/^up/", - "legend": false, - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "scrape_duration_seconds{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Prometheus scrape time", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "logBase": 1, - "min": "0", - "show": true - }, - { - "decimals": 0, - "format": "none", - "label": "", - "logBase": 1, - "max": "0", - "min": "-1", - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 41 - }, - "hiddenSeries": false, - "id": 53, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:116", - "alias": "/^version .*/", - "lines": true, - "linewidth": 6, - "points": false - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "min_over_time(up{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}}", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "synapse_build_info{instance=\"$instance\", job=\"synapse\"} - 1", - "hide": false, - "legendFormat": "version {{version}}", - "range": true, - "refId": "deployed_synapse_versions" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Up", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 41 - }, - "hiddenSeries": false, - "id": 120, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_http_server_response_ru_utime_seconds{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])+rate(synapse_http_server_response_ru_stime_seconds{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{method}} {{servlet}} {{tag}}", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_background_process_ru_utime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])+rate(synapse_background_process_ru_stime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{name}}", - "refId": "B" - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "value": 1, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "Stacked CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:572", - "format": "percentunit", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:573", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 48 - }, - "hiddenSeries": false, - "id": 136, - "interval": "", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_http_client_requests_total{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "legendFormat": "{{job}}-{{index}} {{method}}", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_http_matrixfederationclient_requests_total{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "legendFormat": "{{job}}-{{index}} {{method}} (federation)", - "range": true, - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Outgoing HTTP request rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:123", - "format": "reqps", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:124", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "active threads", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 48 - }, - "id": 207, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "synapse_threadpool_working_threads{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "interval": "", - "legendFormat": "{{job}}-{{index}} {{name}}", - "refId": "A" - } - ], - "title": "Threadpool activity", - "type": "timeseries" - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Process info", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 56, - "panels": [ - { - "cards": { - "cardPadding": -1, - "cardRound": 0 - }, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 28 - }, - "heatmap": {}, - "hideZeroBuckets": false, - "highlightCards": true, - "id": 85, - "legend": { - "show": false - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": -1, - "cellRadius": 0, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Inferno", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": false - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "reverse": false, - "unit": "s" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',instance=\"$instance\"}[$bucket_size])) by (le)", - "format": "heatmap", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "Event Send Time (Including errors, across all workers)", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "format": "s", - "logBase": 2, - "show": true - }, - "yBucketBound": "auto" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 28 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_storage_events_persisted_events_total{instance=\"$instance\"}[$bucket_size])) without (job,index)", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 20, - "target": "" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Events Persisted (all workers)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:102", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:103", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "decimals": 1, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 37 - }, - "hiddenSeries": false, - "id": 40, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_events_persisted_by_source_type{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{type}}", - "refId": "D" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Events/s Local vs Remote", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "label": "", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "decimals": 1, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 37 - }, - "hiddenSeries": false, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_events_persisted_by_event_type{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "{{type}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Events/s by Type", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": { - "irc-freenode (local)": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "decimals": 1, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 44 - }, - "hiddenSeries": false, - "id": 44, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_events_persisted_by_origin{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{origin_entity}} ({{origin_type}})", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Events/s by Origin", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "decimals": 1, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 44 - }, - "hiddenSeries": false, - "id": 45, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(synapse_storage_events_persisted_events_sep_total{job=~\"$job\",index=~\"$index\", type=\"m.room.member\",instance=\"$instance\", origin_type=\"local\"}[$bucket_size])) by (origin_type, origin_entity)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{origin_entity}} ({{origin_type}})", - "range": true, - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Memberships/s by Origin", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:232", - "format": "hertz", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:233", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 51 - }, - "hiddenSeries": false, - "id": 118, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatDirection": "h", - "seriesOverrides": [ - { - "$$hashKey": "object:316", - "alias": "mean", - "linewidth": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "histogram_quantile(0.99, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',instance=\"$instance\",code=~\"2..\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) without (method))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} 99%", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.95, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',instance=\"$instance\",code=~\"2..\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) without (method))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} 95%", - "refId": "B" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.90, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',instance=\"$instance\",code=~\"2..\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) without (method))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} 90%", - "refId": "C" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.50, sum(rate(synapse_http_server_response_time_seconds_bucket{servlet='RoomSendEventRestServlet',instance=\"$instance\",code=~\"2..\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) without (method))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} 50%", - "refId": "D" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(synapse_http_server_response_time_seconds_sum{servlet='RoomSendEventRestServlet',instance=\"$instance\",code=~\"2..\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) without (method) / sum(rate(synapse_http_server_response_time_seconds_count{servlet='RoomSendEventRestServlet',instance=\"$instance\",code=~\"2..\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) without (method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} mean", - "range": true, - "refId": "E" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Event send time quantiles by worker", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:263", - "format": "s", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:264", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "CPU and DB time spent on most expensive state resolution in a room, summed over all workers. This is a very rough proxy for \"how fast is state res\", but it doesn't accurately represent the system load (e.g. it completely ignores cheap state resolutions).\n", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 30, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "normal" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s/s" - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 51 - }, - "id": 222, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": false, - "expr": "sum(rate(synapse_state_res_db_for_biggest_room_seconds_total{instance=\"$instance\"}[1m]))", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "legendFormat": "DB time", - "refId": "B" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": false, - "expr": "sum(rate(synapse_state_res_cpu_for_biggest_room_seconds_total{instance=\"$instance\"}[1m]))", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "legendFormat": "CPU time", - "refId": "C" - } - ], - "title": "Stateres worst-case", - "type": "timeseries" - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Event persistence", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 28 - }, - "id": 57, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 29 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_http_server_requests_received_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{method}} {{servlet}} {{tag}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [ - { - "$$hashKey": "object:234", - "colorMode": "custom", - "fill": true, - "fillColor": "rgba(216, 200, 27, 0.27)", - "op": "gt", - "value": 100, - "yaxis": "left" - }, - { - "$$hashKey": "object:235", - "colorMode": "custom", - "fill": true, - "fillColor": "rgba(234, 112, 112, 0.22)", - "op": "gt", - "value": 250, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "Request Count by arrival time", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:206", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:207", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 29 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_http_server_requests_received_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\",method!=\"OPTIONS\"}[$bucket_size]) and topk(10,synapse_http_server_requests_received_total{instance=\"$instance\",job=~\"$job\",method!=\"OPTIONS\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{method}} {{servlet}} {{job}}-{{index}}", - "refId": "A", - "step": 20, - "target": "" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Top 10 Request Counts", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:305", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:306", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 37 - }, - "hiddenSeries": false, - "id": 139, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_http_server_in_flight_requests_ru_utime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])+rate(synapse_http_server_in_flight_requests_ru_stime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{method}} {{servlet}} {{tag}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [ - { - "$$hashKey": "object:135", - "colorMode": "custom", - "fill": true, - "fillColor": "rgba(216, 200, 27, 0.27)", - "op": "gt", - "value": 100, - "yaxis": "left" - }, - { - "$$hashKey": "object:136", - "colorMode": "custom", - "fill": true, - "fillColor": "rgba(234, 112, 112, 0.22)", - "op": "gt", - "value": 250, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "Total CPU Usage by Endpoint", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:107", - "format": "percentunit", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:108", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 37 - }, - "hiddenSeries": false, - "id": 52, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "(rate(synapse_http_server_in_flight_requests_ru_utime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])+rate(synapse_http_server_in_flight_requests_ru_stime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) / rate(synapse_http_server_requests_received_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{method}} {{servlet}} {{tag}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [ - { - "$$hashKey": "object:417", - "colorMode": "custom", - "fill": true, - "fillColor": "rgba(216, 200, 27, 0.27)", - "op": "gt", - "value": 100, - "yaxis": "left" - }, - { - "$$hashKey": "object:418", - "colorMode": "custom", - "fill": true, - "fillColor": "rgba(234, 112, 112, 0.22)", - "op": "gt", - "value": 250, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "Average CPU Usage by Endpoint", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:389", - "format": "s", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:390", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_http_server_in_flight_requests_db_txn_duration_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{method}} {{servlet}} {{tag}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "DB Usage by endpoint", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:488", - "format": "percentunit", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:489", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 45 - }, - "hiddenSeries": false, - "id": 47, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "(sum(rate(synapse_http_server_response_time_seconds_sum{instance=\"$instance\",job=~\"$job\",index=~\"$index\",tag!=\"incremental_sync\"}[$bucket_size])) without (code))/(sum(rate(synapse_http_server_response_time_seconds_count{instance=\"$instance\",job=~\"$job\",index=~\"$index\",tag!=\"incremental_sync\"}[$bucket_size])) without (code))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{method}} {{servlet}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Non-sync avg response time", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 53 - }, - "hiddenSeries": false, - "id": 103, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Total", - "color": "rgb(255, 255, 255)", - "fill": 0, - "linewidth": 3 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "topk(10,synapse_http_server_in_flight_requests_count{instance=\"$instance\",job=~\"$job\",index=~\"$index\"})", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{method}} {{servlet}}", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(avg_over_time(synapse_http_server_in_flight_requests_count{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size]))", - "interval": "", - "legendFormat": "Total", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Requests in flight", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Requests", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 29 - }, - "id": 97, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 99, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_background_process_ru_utime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])+rate(synapse_background_process_ru_stime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "CPU usage by background jobs", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 30 - }, - "hiddenSeries": false, - "id": 101, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_background_process_db_txn_duration_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]) + rate(synapse_background_process_db_sched_duration_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "DB usage by background jobs (including scheduling time)", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 39 - }, - "hiddenSeries": false, - "id": 138, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_background_process_in_flight_count{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}", - "legendFormat": "{{job}}-{{index}} {{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Background jobs in flight", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Background jobs", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 30 - }, - "id": 81, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 31 - }, - "hiddenSeries": false, - "id": 79, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_federation_client_sent_transactions_total{instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "successful txn rate", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_util_metrics_block_count_total{block_name=\"_send_new_transaction\",instance=\"$instance\"}[$bucket_size]) - ignoring (block_name) rate(synapse_federation_client_sent_transactions_total{instance=\"$instance\"}[$bucket_size]))", - "legendFormat": "failed txn rate", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Outgoing federation transaction rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 31 - }, - "hiddenSeries": false, - "id": 83, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_federation_server_received_pdus_total{instance=~\"$instance\"}[$bucket_size]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "pdus", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_federation_server_received_edus_total{instance=~\"$instance\"}[$bucket_size]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "edus", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Incoming PDU/EDU rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 40 - }, - "hiddenSeries": false, - "id": 109, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(synapse_federation_client_sent_pdu_destinations_count_total{instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "pdus", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_federation_client_sent_edus_total{instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "edus", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Outgoing PDU/EDU rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 40 - }, - "hiddenSeries": false, - "id": 111, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_federation_client_sent_edus_by_type_total{instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{type}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Outgoing EDUs by type", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:462", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:463", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Triangular growth may indicate a problem with federation sending from the remote host --- but it may also be the case that everyone is asleep and no messages are being sent.\n\nSee https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_metrics_domains", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 60, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "line" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 60 - } - ] - }, - "unit": "m" - }, - "overrides": [ - { - "__systemRef": "hideSeriesFrom", - "matcher": { - "id": "byNames", - "options": { - "mode": "exclude", - "names": [ - "libera.chat " - ], - "prefix": "All except:", - "readOnly": true - } - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "legend": false, - "tooltip": false, - "viz": true - } - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 49 - }, - "id": 243, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "(time() - max without (job, index, host) (avg_over_time(synapse_federation_last_received_pdu_time[10m]))) / 60", - "instant": false, - "legendFormat": "{{server_name}} ", - "range": true, - "refId": "A" - } - ], - "title": "Age of last PDU received from nominated hosts", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Triangular growth may indicate a problem with federation senders on the monitored instance---but it may also be the case that everyone is asleep and no messages are being sent.\n\nSee https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_metrics_domains", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 60, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "line" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 60 - } - ] - }, - "unit": "m" - }, - "overrides": [ - { - "__systemRef": "hideSeriesFrom", - "matcher": { - "id": "byNames", - "options": { - "mode": "exclude", - "names": [ - "libera.chat" - ], - "prefix": "All except:", - "readOnly": true - } - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "legend": false, - "tooltip": false, - "viz": true - } - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 49 - }, - "id": 241, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "(time() - max without (job, index, host) (avg_over_time(synapse_federation_last_sent_pdu_time[10m]))) / 60", - "instant": false, - "legendFormat": "{{server_name}}", - "range": true, - "refId": "A" - } - ], - "title": "Age of last PDU sent to nominated hosts", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "The number of events in the in-memory queues ", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 57 - }, - "hiddenSeries": false, - "id": 142, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "synapse_federation_transaction_queue_pending_pdus{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "interval": "", - "legendFormat": "pending PDUs {{job}}-{{index}}", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_federation_transaction_queue_pending_edus{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "interval": "", - "legendFormat": "pending EDUs {{job}}-{{index}}", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "In-memory federation transmission queues", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:547", - "format": "short", - "label": "events", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:548", - "format": "short", - "label": "", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Number of events queued up on the master process for processing by the federation sender", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 57 - }, - "hiddenSeries": false, - "id": 140, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_federation_send_queue_presence_changed_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "presence changed", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_federation_send_queue_presence_map_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "presence map", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_federation_send_queue_presence_destinations_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "presence destinations", - "refId": "E" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_federation_send_queue_keyed_edu_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "keyed edus", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_federation_send_queue_edus_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "other edus", - "refId": "D" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_federation_send_queue_pos_time_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "stream positions", - "refId": "F" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Outgoing EDU queues on master", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "cards": { - "cardPadding": -1 - }, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "min": 0, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 66 - }, - "heatmap": {}, - "hideZeroBuckets": false, - "highlightCards": true, - "id": 166, - "legend": { - "show": false - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": -1, - "cellValues": { - "decimals": 2 - }, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "min": 0, - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Inferno", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": false - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "decimals": 0, - "reverse": false, - "unit": "s" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_event_processing_lag_by_event_bucket{instance=\"$instance\",name=\"federation_sender\"}[$bucket_size])) by (le)", - "format": "heatmap", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ le }}", - "refId": "A" - } - ], - "title": "Federation send PDU lag", - "tooltip": { - "show": true, - "showHistogram": true - }, - "tooltipDecimals": 2, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "decimals": 0, - "format": "s", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 66 - }, - "hiddenSeries": false, - "id": 162, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Avg", - "fill": 0, - "linewidth": 3 - }, - { - "alias": "99%", - "color": "#C4162A", - "fillBelowTo": "90%" - }, - { - "alias": "90%", - "color": "#FF7383", - "fillBelowTo": "75%" - }, - { - "alias": "75%", - "color": "#FFEE52", - "fillBelowTo": "50%" - }, - { - "alias": "50%", - "color": "#73BF69", - "fillBelowTo": "25%" - }, - { - "alias": "25%", - "color": "#1F60C4", - "fillBelowTo": "5%" - }, - { - "alias": "5%", - "lines": false - }, - { - "alias": "Average", - "color": "rgb(255, 255, 255)", - "lines": true, - "linewidth": 3 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.99, sum(rate(synapse_event_processing_lag_by_event_bucket{name='federation_sender',index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "99%", - "refId": "D" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.9, sum(rate(synapse_event_processing_lag_by_event_bucket{name='federation_sender',index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "90%", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.75, sum(rate(synapse_event_processing_lag_by_event_bucket{name='federation_sender',index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "75%", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.5, sum(rate(synapse_event_processing_lag_by_event_bucket{name='federation_sender',index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "50%", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.25, sum(rate(synapse_event_processing_lag_by_event_bucket{name='federation_sender',index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "interval": "", - "legendFormat": "25%", - "refId": "F" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.05, sum(rate(synapse_event_processing_lag_by_event_bucket{name='federation_sender',index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "interval": "", - "legendFormat": "5%", - "refId": "G" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_event_processing_lag_by_event_sum{name='federation_sender',index=~\"$index\",instance=\"$instance\"}[$bucket_size])) / sum(rate(synapse_event_processing_lag_by_event_count{name='federation_sender',index=~\"$index\",instance=\"$instance\"}[$bucket_size]))", - "interval": "", - "legendFormat": "Average", - "refId": "H" - } - ], - "thresholds": [ - { - "colorMode": "warning", - "fill": false, - "line": true, - "op": "gt", - "value": 0.25, - "yaxis": "left" - }, - { - "colorMode": "critical", - "fill": false, - "line": true, - "op": "gt", - "value": 1, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "Federation send PDU lag quantiles", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "hertz", - "label": "", - "logBase": 1, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "cards": { - "cardPadding": -1 - }, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "min": 0, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 75 - }, - "heatmap": {}, - "hideZeroBuckets": false, - "highlightCards": true, - "id": 164, - "legend": { - "show": false - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": -1, - "cellValues": { - "decimals": 2 - }, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "min": 0, - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Inferno", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": false - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "decimals": 0, - "reverse": false, - "unit": "s" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_federation_server_pdu_process_time_bucket{instance=\"$instance\"}[$bucket_size])) by (le)", - "format": "heatmap", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ le }}", - "refId": "A" - } - ], - "title": "Handle inbound PDU time", - "tooltip": { - "show": true, - "showHistogram": true - }, - "tooltipDecimals": 2, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "decimals": 0, - "format": "s", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 75 - }, - "hiddenSeries": false, - "id": 203, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "synapse_federation_server_oldest_inbound_pdu_in_staging{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}}", - "range": true, - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Age of oldest event in staging area", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:92", - "format": "ms", - "logBase": 1, - "min": 0, - "show": true - }, - { - "$$hashKey": "object:93", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 84 - }, - "hiddenSeries": false, - "id": 202, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "synapse_federation_server_number_inbound_pdu_in_staging{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}}", - "range": true, - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Number of events in federation staging area", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:92", - "format": "none", - "logBase": 1, - "min": 0, - "show": true - }, - { - "$$hashKey": "object:93", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 84 - }, - "hiddenSeries": false, - "id": 205, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_federation_soft_failed_events_total{instance=\"$instance\"}[$bucket_size]))", - "interval": "", - "legendFormat": "soft-failed events", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Soft-failed event rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:131", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:132", - "format": "short", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Federation", - "type": "row" - }, - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 227, - "panels": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 154 - }, - "id": 239, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(increase(synapse_rate_limit_reject_total{instance=\"$instance\"}[$bucket_size]))", - "refId": "A" - } - ], - "title": "Number of rate limit rejected requests", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 154 - }, - "id": 235, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(increase(synapse_rate_limit_sleep_total{instance=\"$instance\"}[$bucket_size]))", - "refId": "A" - } - ], - "title": "Number of requests being slept by the rate limiter", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Why is the data zero (0)? https://github.com/matrix-org/synapse/pull/13541#discussion_r951926322", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 162 - }, - "id": 237, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.0.4", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(increase(synapse_rate_limit_reject_affected_hosts{instance=\"$instance\"}[$bucket_size]))", - "refId": "A" - } - ], - "title": "Number of hosts being rejected by the rate limiter", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "https://github.com/matrix-org/synapse/pull/13541", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 162 - }, - "id": 233, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.0.4", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(increase(synapse_rate_limit_sleep_affected_hosts{instance=\"$instance\"}[$bucket_size]))", - "refId": "A" - } - ], - "title": "Number of hosts being slept by the rate limiter", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 170 - }, - "hiddenSeries": false, - "id": 229, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:276", - "alias": "Avg", - "fill": 0, - "linewidth": 3 - }, - { - "$$hashKey": "object:277", - "alias": "99%", - "color": "#C4162A", - "fillBelowTo": "90%" - }, - { - "$$hashKey": "object:278", - "alias": "90%", - "color": "#FF7383", - "fillBelowTo": "75%" - }, - { - "$$hashKey": "object:279", - "alias": "75%", - "color": "#FFEE52", - "fillBelowTo": "50%" - }, - { - "$$hashKey": "object:280", - "alias": "50%", - "color": "#73BF69", - "fillBelowTo": "25%" - }, - { - "$$hashKey": "object:281", - "alias": "25%", - "color": "#1F60C4", - "fillBelowTo": "5%" - }, - { - "$$hashKey": "object:282", - "alias": "5%", - "lines": false - }, - { - "$$hashKey": "object:283", - "alias": "Average", - "color": "rgb(255, 255, 255)", - "lines": true, - "linewidth": 3 - }, - { - "$$hashKey": "object:284", - "alias": ">99%", - "color": "#B877D9", - "fill": 3, - "lines": true - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.9995, sum(rate(synapse_rate_limit_queue_wait_time_seconds_bucket{index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": ">99%", - "range": true, - "refId": "E" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.99, sum(rate(synapse_rate_limit_queue_wait_time_seconds_bucket{index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "range": true, - "refId": "D" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.9, sum(rate(synapse_rate_limit_queue_wait_time_seconds_bucket{index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "90%", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.75, sum(rate(synapse_rate_limit_queue_wait_time_seconds_bucket{index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "75%", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.5, sum(rate(synapse_rate_limit_queue_wait_time_seconds_bucket{index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "50%", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.25, sum(rate(synapse_rate_limit_queue_wait_time_seconds_bucket{index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "legendFormat": "25%", - "refId": "F" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.05, sum(rate(synapse_rate_limit_queue_wait_time_seconds_bucket{index=~\"$index\",instance=\"$instance\"}[$bucket_size])) by (le))", - "legendFormat": "5%", - "refId": "G" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_rate_limit_queue_wait_time_seconds_sum{index=~\"$index\",instance=\"$instance\"}[$bucket_size])) / sum(rate(synapse_rate_limit_queue_wait_time_seconds_count{index=~\"$index\",instance=\"$instance\"}[$bucket_size]))", - "legendFormat": "Average", - "refId": "H" - } - ], - "thresholds": [ - { - "$$hashKey": "object:283", - "colorMode": "warning", - "fill": false, - "line": true, - "op": "gt", - "value": 1, - "yaxis": "left" - }, - { - "$$hashKey": "object:284", - "colorMode": "critical", - "fill": false, - "line": true, - "op": "gt", - "value": 2, - "yaxis": "left" - } - ], - "timeRegions": [], - "title": "Rate limit queue wait time Quantiles (all workers)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:255", - "format": "s", - "label": "", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:256", - "format": "hertz", - "label": "", - "logBase": 1, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "line" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - } - ] - }, - "unit": "hertz" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Default reject threshold (50 requests within a second)" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "red", - "mode": "fixed" - } - }, - { - "id": "custom.lineWidth", - "value": 2 - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 170 - }, - "id": 231, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_rate_limit_sleep_total{instance=\"$instance\"}[$bucket_size]))", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "50", - "hide": false, - "legendFormat": "Default reject threshold (50 requests within a second)", - "range": true, - "refId": "B" - } - ], - "title": "Rate of requests being slept by the rate limiter", - "type": "timeseries" - } - ], - "title": "Federation rate limiter", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 60, - "panels": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "hertz" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 155 - }, - "id": 51, - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.2.2", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_http_httppusher_http_pushes_processed_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]) and on (instance, job, index) (synapse_http_httppusher_http_pushes_failed_total + synapse_http_httppusher_http_pushes_processed_total) > 0", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "processed {{job}}-{{index}}", - "range": true, - "refId": "A", - "step": 20 - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_http_httppusher_http_pushes_failed_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]) and on (instance, job, index) (synapse_http_httppusher_http_pushes_failed_total + synapse_http_httppusher_http_pushes_processed_total) > 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "failed {{job}}-{{index}}", - "range": true, - "refId": "B", - "step": 20 - } - ], - "title": "HTTP Push rate", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 155 - }, - "hiddenSeries": false, - "id": 134, - "legend": { - "avg": false, - "current": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "topk(10,synapse_pushers{job=~\"$job\",index=~\"$index\", instance=\"$instance\"})", - "legendFormat": "{{kind}} {{app_id}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Active pusher instances by app", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Pushes", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 33 - }, - "id": 219, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "How many entries in current state that we are iterating over while calculating push rules.", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 33 - }, - "hiddenSeries": false, - "id": 209, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "8.4.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(rate(synapse_push_bulk_push_rule_evaluator_push_rules_state_size_counter_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{index}}", - "metric": "synapse_push_bulk_push_rule_evaluator_push_rules_state_size_counter_total", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Iterations over State", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "label": "", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Rate that the cached push rules for a room get invalidated due to underlying push rules being changed. ", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 33 - }, - "hiddenSeries": false, - "id": 211, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "8.4.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(rate(synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{index}}", - "metric": "synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter_total", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Push Rule Invalidations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "label": "", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "How often the \"delta optimisation\" happens.\n\nThe delta optimisation is when we update the push rules for a room incrementally after a state change where we know the delta between the old state and the new state.\n\nThis can't happen if we don't the delta or we're calculating push rules from scratch.", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 40 - }, - "hiddenSeries": false, - "id": 213, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "8.4.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Number of calls", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(rate(synapse_util_caches_cache_hits{job=\"$job\",index=~\"$index\",name=\"push_rules_delta_state_cache_metric\",instance=\"$instance\"}[$bucket_size]))/sum(rate(synapse_util_caches_cache{job=\"$job\",index=~\"$index\", name=\"push_rules_delta_state_cache_metric\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Hit Rate", - "metric": "synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter_total", - "refId": "A", - "step": 2 - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(rate(synapse_util_caches_cache{job=\"$job\",index=~\"$index\", name=\"push_rules_delta_state_cache_metric\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Number of calls", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Delta Optimisation", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": "", - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "hertz", - "label": "", - "logBase": 1, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "How often we have the correct cached push rules for a room.", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 40 - }, - "hiddenSeries": false, - "id": 215, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "8.4.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Number of calls", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(rate(synapse_util_caches_cache_hits{job=\"$job\",index=~\"$index\",name=\"room_push_rule_cache\",instance=\"$instance\"}[$bucket_size]))/sum(rate(synapse_util_caches_cache{job=\"$job\",index=~\"$index\", name=\"room_push_rule_cache\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Hit Rate", - "metric": "synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter_total", - "refId": "A", - "step": 2 - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(rate(synapse_util_caches_cache{job=\"$job\",index=~\"$index\", name=\"room_push_rule_cache\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Number of calls", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "How often we reuse existing calculated push rules", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": "", - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "hertz", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "How often we have existing cached push rules for the room. \n\nNote that these might be outdated and need to be recalculated if the state has changed.", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 47 - }, - "hiddenSeries": false, - "id": 217, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "8.4.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Number of calls", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(rate(synapse_util_caches_cache_hits{job=\"$job\",index=~\"$index\",name=\"_get_rules_for_room\",instance=\"$instance\"}[$bucket_size]))/sum(rate(synapse_util_caches_cache{job=\"$job\",index=~\"$index\", name=\"_get_rules_for_room\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Hit Rate", - "metric": "synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter_total", - "refId": "A", - "step": 2 - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(rate(synapse_util_caches_cache{job=\"$job\",index=~\"$index\", name=\"_get_rules_for_room\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Number of calls", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "How often we have the RulesForRoom cached", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": "", - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "hertz", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Push Rule Cache", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 58, - "panels": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 48, - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "9.0.4", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_schedule_time_sum{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])/rate(synapse_storage_schedule_time_count[$bucket_size])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}}", - "refId": "A", - "step": 20 - } - ], - "title": "Avg time waiting for db conn", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Shows the time in which the given percentage of database queries were scheduled, over the sampled timespan", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 35 - }, - "hiddenSeries": false, - "id": 104, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.99, rate(synapse_storage_schedule_time_bucket{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{job}} {{index}} 99%", - "refId": "A", - "step": 20 - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.95, rate(synapse_storage_schedule_time_bucket{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}} {{index}} 95%", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.90, rate(synapse_storage_schedule_time_bucket{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}} {{index}} 90%", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_schedule_time_sum{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])/rate(synapse_storage_schedule_time_count{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{index}} mean", - "refId": "D" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Db scheduling time quantiles", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 42 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "topk(10, rate(synapse_storage_transaction_time_count_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{desc}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Top DB transactions by txn rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 42 - }, - "hiddenSeries": false, - "id": 11, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_transaction_time_sum_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{desc}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "DB transactions by total txn time", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 49 - }, - "hiddenSeries": false, - "id": 180, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": false - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_transaction_time_sum_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])/rate(synapse_storage_transaction_time_count_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{desc}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Average DB txn time", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 6, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 49 - }, - "hiddenSeries": false, - "id": 200, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.99, sum(rate(synapse_storage_schedule_time_bucket{index=~\"$index\",instance=\"$instance\",job=\"$job\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "refId": "D" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.9, sum(rate(synapse_storage_schedule_time_bucket{index=~\"$index\",instance=\"$instance\",job=\"$job\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "90%", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.75, sum(rate(synapse_storage_schedule_time_bucket{index=~\"$index\",instance=\"$instance\",job=\"$job\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "75%", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.5, sum(rate(synapse_storage_schedule_time_bucket{index=~\"$index\",instance=\"$instance\",job=\"$job\"}[$bucket_size])) by (le))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "50%", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Time waiting for DB connection quantiles", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:203", - "format": "s", - "label": "", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:204", - "format": "short", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Database", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 35 - }, - "id": 59, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 13, - "w": 12, - "x": 0, - "y": 158 - }, - "hiddenSeries": false, - "id": 12, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_metrics_block_ru_utime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\",block_name!=\"wrapped_request_handler\"}[$bucket_size]) + rate(synapse_util_metrics_block_ru_stime_seconds_total[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{block_name}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Total CPU Usage by Block", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 13, - "w": 12, - "x": 12, - "y": 158 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "(rate(synapse_util_metrics_block_ru_utime_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]) + rate(synapse_util_metrics_block_ru_stime_seconds_total[$bucket_size])) / rate(synapse_util_metrics_block_count_total[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{block_name}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Average CPU Time per Block", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 13, - "w": 12, - "x": 0, - "y": 171 - }, - "hiddenSeries": false, - "id": 13, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "rate(synapse_util_metrics_block_db_txn_duration_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{block_name}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Total DB Usage by Block", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:196", - "format": "percentunit", - "logBase": 1, - "min": 0, - "show": true - }, - { - "$$hashKey": "object:197", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "The time each database transaction takes to execute, on average, broken down by metrics block.", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 13, - "w": 12, - "x": 12, - "y": 171 - }, - "hiddenSeries": false, - "id": 27, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_metrics_block_db_txn_duration_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]) / rate(synapse_util_metrics_block_db_txn_count_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{block_name}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Average Database Transaction time, by Block", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 13, - "w": 12, - "x": 0, - "y": 184 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_metrics_block_db_txn_duration_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]) / rate(synapse_util_metrics_block_db_txn_count_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{block_name}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Average Transactions per Block", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 13, - "w": 12, - "x": 12, - "y": 184 - }, - "hiddenSeries": false, - "id": 25, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_metrics_block_time_seconds_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]) / rate(synapse_util_metrics_block_count_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{block_name}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Average Wallclock Time per Block", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:180", - "format": "s", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:181", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 15, - "w": 12, - "x": 0, - "y": 197 - }, - "hiddenSeries": false, - "id": 154, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_metrics_block_count_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "interval": "", - "legendFormat": "{{job}}-{{index}} {{block_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Block count", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Per-block metrics", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 36 - }, - "id": 61, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 36 - }, - "hiddenSeries": false, - "id": 1, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_caches_cache_hits{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])/rate(synapse_util_caches_cache{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{name}} {{job}}-{{index}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Cache Hit Ratio", - "tooltip": { - "msResolution": true, - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": "", - "logBase": 1, - "max": "1", - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 36 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_util_caches_cache_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{name}} {{job}}-{{index}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Cache Size", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 46 - }, - "hiddenSeries": false, - "id": 38, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_caches_cache{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{name}} {{job}}-{{index}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Cache request rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "rps", - "logBase": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 46 - }, - "hiddenSeries": false, - "id": 39, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "max", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "topk(10, rate(synapse_util_caches_cache{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size]) - rate(synapse_util_caches_cache_hits{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{name}} {{job}}-{{index}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Top 10 cache misses", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:101", - "format": "rps", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:102", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 56 - }, - "hiddenSeries": false, - "id": 65, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.0.4", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_caches_cache_evicted_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{name}} ({{reason}}) {{job}}-{{index}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Cache eviction rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "label": "entries / second", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Caches", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 37 - }, - "id": 148, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 29 - }, - "hiddenSeries": false, - "id": 146, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_util_caches_response_cache_size{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "interval": "", - "legendFormat": "{{name}} {{job}}-{{index}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Response cache size", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 29 - }, - "hiddenSeries": false, - "id": 150, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_util_caches_response_cache_hits{instance=\"$instance\", job=~\"$job\", index=~\"$index\"}[$bucket_size])/rate(synapse_util_caches_response_cache{instance=\"$instance\", job=~\"$job\", index=~\"$index\"}[$bucket_size])", - "interval": "", - "legendFormat": "{{name}} {{job}}-{{index}}", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "", - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Response cache hit rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Response caches", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 38 - }, - "id": 62, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 91, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(python_gc_time_sum{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[10m])", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} gen {{gen}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Total GC time by bucket (10m smoothing)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "decimals": 3, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 30 - }, - "hiddenSeries": false, - "id": 21, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "null as zero", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(python_gc_time_sum{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])/rate(python_gc_time_count[$bucket_size])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} {{index}} gen {{gen}} ", - "refId": "A", - "step": 20, - "target": "" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Average GC Time Per Collection", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "'gen 0' shows the number of objects allocated since the last gen0 GC.\n'gen 1' / 'gen 2' show the number of gen0/gen1 GCs since the last gen1/gen2 GC.", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 39 - }, - "hiddenSeries": false, - "id": 89, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/gen 0$/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "python_gc_counts{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} gen {{gen}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Allocation counts", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Gen N-1 GCs since last Gen N GC", - "logBase": 1, - "show": true - }, - { - "format": "short", - "label": "Objects since last Gen 0 GC", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 39 - }, - "hiddenSeries": false, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(python_gc_unreachable_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])/rate(python_gc_time_count{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} gen {{gen}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Object counts per collection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 48 - }, - "hiddenSeries": false, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(python_gc_time_count{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} gen {{gen}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "GC frequency", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "cards": { - "cardPadding": 0 - }, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateSpectral", - "exponent": 0.5, - "min": 0, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 48 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 87, - "legend": { - "show": true - }, - "links": [], - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(python_gc_time_bucket[$bucket_size])) by (le)", - "format": "heatmap", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "GC durations", - "tooltip": { - "show": true, - "showHistogram": false - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "format": "s", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "GC", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 63, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 162 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum (rate(synapse_replication_tcp_protocol_outbound_commands_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) without (name, conn_id)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{command}}", - "refId": "A", - "step": 20 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Rate of outgoing commands", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:89", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:90", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "hertz" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 162 - }, - "id": 41, - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "8.4.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "rate(synapse_replication_tcp_resource_stream_updates_total{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{stream_name}}", - "refId": "A", - "step": 20 - } - ], - "title": "Rate of outgoing RDATA commands, by stream", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "hertz" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 169 - }, - "id": 42, - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "8.4.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum (rate(synapse_replication_tcp_protocol_inbound_commands_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])) without (name, conn_id)", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}}-{{index}} {{command}}", - "refId": "A", - "step": 20 - } - ], - "title": "Rate of incoming commands (including echoes)", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMin": 1, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "hertz" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 169 - }, - "id": 220, - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "8.4.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "rate(synapse_replication_tcp_protocol_inbound_rdata_count_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{stream_name}}", - "refId": "A", - "step": 20 - } - ], - "title": "Rate of incoming RDATA commands (excluding echoes), by stream", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 176 - }, - "hiddenSeries": false, - "id": 144, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_replication_tcp_command_queue{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "interval": "", - "legendFormat": "{{stream_name}} {{job}}-{{index}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Queued incoming RDATA commands, by stream", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:218", - "format": "short", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:219", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 176 - }, - "hiddenSeries": false, - "id": 115, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_replication_tcp_protocol_close_reason_total{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{reason_type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Replication connection close reasons", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:260", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:261", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 183 - }, - "hiddenSeries": false, - "id": 113, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_replication_tcp_resource_connections_per_stream{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{stream_name}}", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_replication_tcp_resource_total_connections{job=~\"$job\",index=~\"$index\",instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}}", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Replication connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Replication", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 40 - }, - "id": 69, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 163 - }, - "hiddenSeries": false, - "id": 67, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "max(synapse_event_persisted_position{instance=\"$instance\"}) - on() group_right() synapse_event_processing_positions{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Event processing lag", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "events", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 163 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "time()*1000-synapse_event_processing_last_ts{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{name}}", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Age of last processed event", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 172 - }, - "hiddenSeries": false, - "id": 121, - "interval": "", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "paceLength": 10, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "deriv(synapse_event_processing_last_ts{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])/1000 - 1", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}-{{index}} {{name}}", - "refId": "B" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Event processing catchup rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "fallbehind(-) / catchup(+): s/sec", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Event processing loop positions", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 41 - }, - "id": 126, - "panels": [ - { - "cards": { - "cardPadding": 0 - }, - "color": { - "cardColor": "#B877D9", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "min": 0, - "mode": "opacity" - }, - "dataFormat": "tsbuckets", - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Colour reflects the number of rooms with the given number of forward extremities, or fewer.\n\nThis is only updated once an hour.", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 42 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 122, - "legend": { - "show": true - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 1, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#B877D9", - "min": 0, - "mode": "opacity", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "decimals": 0, - "reverse": false, - "unit": "short" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_forward_extremities_bucket{instance=\"$instance\"} and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0)", - "format": "heatmap", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "Number of rooms, by number of forward extremities in room", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "decimals": 0, - "format": "short", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Number of rooms with the given number of forward extremities or fewer.\n\nThis is only updated once an hour.", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 42 - }, - "hiddenSeries": false, - "id": 124, - "interval": "", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_forward_extremities_bucket{instance=\"$instance\"} > 0", - "format": "heatmap", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Room counts, by number of extremities", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "Number of rooms", - "logBase": 10, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "cards": { - "cardPadding": 0 - }, - "color": { - "cardColor": "#5794F2", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "min": 0, - "mode": "opacity" - }, - "dataFormat": "tsbuckets", - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Colour reflects the number of events persisted to rooms with the given number of forward extremities, or fewer.", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 50 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 127, - "legend": { - "show": true - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 1, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#5794F2", - "min": 0, - "mode": "opacity", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "decimals": 0, - "reverse": false, - "unit": "short" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_events_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0)", - "format": "heatmap", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "Events persisted, by number of forward extremities in room (heatmap)", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "decimals": 0, - "format": "short", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "For a given percentage P, the number X where P% of events were persisted to rooms with X forward extremities or fewer.", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 50 - }, - "hiddenSeries": false, - "id": 128, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.5, rate(synapse_storage_events_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "50%", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.75, rate(synapse_storage_events_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "75%", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.90, rate(synapse_storage_events_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "90%", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.99, rate(synapse_storage_events_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "refId": "D" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Events persisted, by number of forward extremities in room (quantiles)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Number of extremities in room", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "cards": { - "cardPadding": 0 - }, - "color": { - "cardColor": "#FF9830", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "min": 0, - "mode": "opacity" - }, - "dataFormat": "tsbuckets", - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Colour reflects the number of events persisted to rooms with the given number of stale forward extremities, or fewer.\n\nStale forward extremities are those that were in the previous set of extremities as well as the new.", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 58 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 129, - "legend": { - "show": true - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 1, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#FF9830", - "min": 0, - "mode": "opacity", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "decimals": 0, - "reverse": false, - "unit": "short" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_storage_events_stale_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0)", - "format": "heatmap", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "Events persisted, by number of stale forward extremities in room (heatmap)", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "decimals": 0, - "format": "short", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "For given percentage P, the number X where P% of events were persisted to rooms with X stale forward extremities or fewer.\n\nStale forward extremities are those that were in the previous set of extremities as well as the new.", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 58 - }, - "hiddenSeries": false, - "id": 130, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.5, rate(synapse_storage_events_stale_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "50%", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.75, rate(synapse_storage_events_stale_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "75%", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.90, rate(synapse_storage_events_stale_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "90%", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.99, rate(synapse_storage_events_stale_forward_extremities_persisted_bucket{instance=\"$instance\"}[$bucket_size]) and on (index, instance, job) (synapse_storage_events_persisted_events_total > 0))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "99%", - "refId": "D" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Events persisted, by number of stale forward extremities in room (quantiles)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Number of stale forward extremities in room", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "cards": { - "cardPadding": 0 - }, - "color": { - "cardColor": "#73BF69", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "min": 0, - "mode": "opacity" - }, - "dataFormat": "tsbuckets", - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Colour reflects the number of state resolution operations performed over the given number of state groups, or fewer.", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 66 - }, - "heatmap": {}, - "hideZeroBuckets": true, - "highlightCards": true, - "id": 131, - "legend": { - "show": true - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": 1, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#73BF69", - "min": 0, - "mode": "opacity", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": true - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "decimals": 0, - "reverse": false, - "unit": "short" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_state_number_state_groups_in_resolution_bucket{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size])", - "format": "heatmap", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "Number of state resolution performed, by number of state groups involved (heatmap)", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "decimals": 0, - "format": "short", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "For a given percentage P, the number X where P% of state resolution operations took place over X state groups or fewer.", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 66 - }, - "hiddenSeries": false, - "id": 132, - "interval": "", - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "histogram_quantile(0.5, rate(synapse_state_number_state_groups_in_resolution_bucket{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "50%", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.75, rate(synapse_state_number_state_groups_in_resolution_bucket{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "75%", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.90, rate(synapse_state_number_state_groups_in_resolution_bucket{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "90%", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "histogram_quantile(0.99, rate(synapse_state_number_state_groups_in_resolution_bucket{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "99%", - "refId": "D" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Number of state resolutions performed, by number of state groups involved (quantiles)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Number of state groups", - "logBase": 1, - "min": "0", - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "When we do a state res while persisting events we try and see if we can prune any stale extremities.", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 74 - }, - "hiddenSeries": false, - "id": 179, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_storage_events_state_resolutions_during_persistence_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "interval": "", - "legendFormat": "State res ", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_storage_events_potential_times_prune_extremities_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "interval": "", - "legendFormat": "Potential to prune", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_storage_events_times_pruned_extremities_total{instance=\"$instance\",job=~\"$job\",index=~\"$index\"}[$bucket_size]))", - "interval": "", - "legendFormat": "Pruned", - "refId": "C" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Stale extremity dropping", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Extremities", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 42 - }, - "id": 158, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 43 - }, - "hiddenSeries": false, - "id": 156, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:632", - "alias": "Max", - "color": "#bf1b00", - "fill": 0, - "linewidth": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "max(synapse_admin_mau_max{instance=\"$instance\"})", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "Max", - "range": true, - "refId": "B" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "max(synapse_admin_mau_current{instance=\"$instance\"})", - "hide": false, - "legendFormat": "Current", - "range": true, - "refId": "C" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "MAU Limits", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:176", - "format": "short", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:177", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 43 - }, - "hiddenSeries": false, - "id": 160, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "synapse_admin_mau_current_mau_by_service{instance=\"$instance\"}", - "interval": "", - "legendFormat": "{{ app_service }}", - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "MAU by Appservice", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "MAU", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 43 - }, - "id": 177, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 44 - }, - "hiddenSeries": false, - "id": 173, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_notifier_users_woken_by_stream_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{stream}} {{index}}", - "metric": "synapse_notifier", - "range": true, - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Notifier Streams Woken", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:734", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:735", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 44 - }, - "hiddenSeries": false, - "id": 175, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_handler_presence_get_updates_total{job=~\"$job\",instance=\"$instance\"}[$bucket_size])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{type}} {{index}}", - "range": true, - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Presence Stream Fetch Type Rates", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:819", - "format": "hertz", - "logBase": 1, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:820", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Notifier", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 44 - }, - "id": 170, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 168, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_appservice_api_sent_events_total{instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "{{service}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Sent Events rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:177", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:178", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 45 - }, - "hiddenSeries": false, - "id": 171, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_appservice_api_sent_transactions_total{instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "{{exported_service }} {{ service }}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Transactions rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:260", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:261", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Appservices", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 45 - }, - "id": 188, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 46 - }, - "hiddenSeries": false, - "id": 182, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_handler_presence_notified_presence_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "Notified", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_handler_presence_federation_presence_out_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "Remote ping", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_handler_presence_presence_updates_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "Total updates", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_handler_presence_federation_presence_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "Remote updates", - "refId": "D" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(synapse_handler_presence_bump_active_time_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "Bump active time", - "refId": "E" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Presence", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 46 - }, - "hiddenSeries": false, - "id": 184, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_handler_presence_state_transition_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "{{from}} -> {{to}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Presence state transitions", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1090", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:1091", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 54 - }, - "hiddenSeries": false, - "id": 186, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_handler_presence_notify_reason_total{job=\"$job\",index=~\"$index\",instance=\"$instance\"}[$bucket_size])", - "interval": "", - "legendFormat": "{{reason}}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Presence notify reason", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:165", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:166", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Presence", - "type": "row" - }, - { - "collapsed": true, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 46 - }, - "id": 197, - "panels": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "hertz" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 191, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.0.4", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_external_cache_set{job=~\"$job\", instance=\"$instance\", index=~\"$index\"}[$bucket_size])", - "interval": "", - "legendFormat": "{{ cache_name }} {{job}}-{{ index }}", - "range": true, - "refId": "A" - } - ], - "title": "External Cache Set Rate", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 47 - }, - "hiddenSeries": false, - "id": 193, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.2.2", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum without (hit) (rate(synapse_external_cache_get{job=~\"$job\", instance=\"$instance\", index=~\"$index\"}[$bucket_size]))", - "interval": "", - "legendFormat": "{{ cache_name }} {{job}}-{{ index }}", - "range": true, - "refId": "A" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "External Cache Get Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:390", - "format": "hertz", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:391", - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "cards": { - "cardPadding": -1 - }, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateInferno", - "exponent": 0.5, - "min": 0, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 55 - }, - "heatmap": {}, - "hideZeroBuckets": false, - "highlightCards": true, - "id": 195, - "legend": { - "show": false - }, - "links": [], - "options": { - "calculate": false, - "calculation": {}, - "cellGap": -1, - "cellValues": { - "decimals": 2 - }, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "min": 0, - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Inferno", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": false - }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "decimals": 0, - "reverse": false, - "unit": "s" - } - }, - "pluginVersion": "9.2.2", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(synapse_external_cache_response_time_seconds_bucket{index=~\"$index\",instance=\"$instance\",job=~\"$job\"}[$bucket_size])) by (le)", - "format": "heatmap", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "External Cache Response Time", - "tooltip": { - "show": true, - "showHistogram": true - }, - "tooltipDecimals": 2, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "decimals": 0, - "format": "s", - "logBase": 1, - "show": true - }, - "yBucketBound": "auto" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - } - ] - }, - "unit": "hertz" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 55 - }, - "id": 223, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.0.4", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(synapse_external_cache_get{job=~\"$job\", instance=\"$instance\", index=~\"$index\", hit=\"False\"}[$bucket_size])", - "interval": "", - "legendFormat": "{{ cache_name }} {{job}}-{{ index }}", - "range": true, - "refId": "A" - } - ], - "title": "External Cache Miss Rate", - "type": "timeseries" - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "External Cache", - "type": "row" - } - ], - "refresh": false, - "schemaVersion": 37, - "style": "dark", - "tags": [ - "matrix" - ], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "default", - "value": "default" - }, - "hide": 0, - "includeAll": false, - "multi": false, - "name": "DS_PROMETHEUS", - "label": "Datasource", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allFormat": "glob", - "auto": true, - "auto_count": 100, - "auto_min": "30s", - "current": { - "selected": false, - "text": "auto", - "value": "$__auto_interval_bucket_size" - }, - "hide": 0, - "includeAll": false, - "label": "Bucket Size", - "multi": false, - "multiFormat": "glob", - "name": "bucket_size", - "options": [ - { - "selected": true, - "text": "auto", - "value": "$__auto_interval_bucket_size" - }, - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "2m", - "value": "2m" - }, - { - "selected": false, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "15m", - "value": "15m" - } - ], - "query": "30s,1m,2m,5m,10m,15m", - "queryValue": "", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - }, - { - "current": {}, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "", - "hide": 0, - "includeAll": false, - "multi": false, - "name": "instance", - "options": [], - "query": { - "query": "label_values(synapse_util_metrics_block_ru_utime_seconds_total, instance)", - "refId": "Prometheus-instance-Variable-Query" - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allFormat": "regex wildcard", - "allValue": "", - "current": {}, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "", - "hide": 0, - "hideLabel": false, - "includeAll": true, - "label": "Job", - "multi": true, - "multiFormat": "regex values", - "name": "job", - "options": [], - "query": { - "query": "label_values(synapse_util_metrics_block_ru_utime_seconds_total, job)", - "refId": "Prometheus-job-Variable-Query" - }, - "refresh": 2, - "refresh_on_load": false, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allFormat": "regex wildcard", - "allValue": ".*", - "current": {}, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "", - "hide": 0, - "hideLabel": false, - "includeAll": true, - "label": "", - "multi": true, - "multiFormat": "regex values", - "name": "index", - "options": [], - "query": { - "query": "label_values(synapse_util_metrics_block_ru_utime_seconds_total, index)", - "refId": "Prometheus-index-Variable-Query" - }, - "refresh": 2, - "refresh_on_load": false, - "regex": "", - "skipUrlSync": false, - "sort": 3, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "now": true, - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Synapse", - "uid": "000000012", - "version": 160, - "weekStart": "" -} diff --git a/matrix-synapse/templates/NOTES.txt b/matrix-synapse/templates/NOTES.txt deleted file mode 100644 index 5d8ce00..0000000 --- a/matrix-synapse/templates/NOTES.txt +++ /dev/null @@ -1,41 +0,0 @@ -** Note, this chart may take a while to finish setup, please be patient ** -{{- if .Values.signingkey.job.enabled }} -** Also, remember to disable the signingkey job (signingkey.job.enabled=false) ** -{{- end }} -{{- if not .Values.ingress.enabled }} - -Synapse has been installed without an ingress, you will need to manage -accesses to the services yourself. -{{- else }} - -Your Synapse install is now starting, you should soon be able to access it on -the following URL(s); - {{- range (concat .Values.ingress.csHosts (list (.Values.publicServerName | default .Values.serverName))) }} - {{- if $.Values.ingress.tls }} -https://{{ . }} - {{- else }} -http://{{ . }} - {{- end }} - {{- end }} -{{ if not .Values.wellknown.enabled }} -Note that for federation to work you will need to either add an SRV record or -set up a /.well-known/matrix/server response. -Refer to https://github.com/matrix-org/synapse/blob/master/docs/federate.md -for more information. -{{- end }} -{{- end }} - -{{- if .Values.config.enableRegistration }} -You should be able to connect to your Synapse install with any compatible -Matrix client - and register an account - as soon as final setup is done. - -You can also create an admin user with the following command; -{{- else }} -You can create a user in your new Synapse install by running the following -command; (replacing USERNAME and PASSWORD) -{{- end }} - - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=synapse" -o jsonpath="{.items[0].metadata.name}") - kubectl exec --namespace {{ .Release.Namespace }} $POD_NAME -- register_new_matrix_user -c /synapse/config/homeserver.yaml -c /synapse/config/conf.d/secrets.yaml -u USERNAME -p PASSWORD --admin http://localhost:8008 - -You can also specify --no-admin to create a non-admin user. diff --git a/matrix-synapse/templates/_helpers.tpl b/matrix-synapse/templates/_helpers.tpl deleted file mode 100644 index 0899f14..0000000 --- a/matrix-synapse/templates/_helpers.tpl +++ /dev/null @@ -1,258 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "matrix-synapse.name" -}} -{{- .Values.nameOverride | default .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "matrix-synapse.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Values.nameOverride | default .Chart.Name -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default replication name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "matrix-synapse.replicationname" -}} -{{- printf "%s-%s" .Release.Name "replication" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default worker name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "matrix-synapse.workername" -}} -{{- with get . "root" }} -{{- $ = . }} -{{- end }} -{{- printf "%s-%s" $.Release.Name .worker | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default external component name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "matrix-synapse.externalname" -}} -{{- with get . "root" }} -{{- $ = . }} -{{- end }} -{{- printf "%s-%s" $.Release.Name .external | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "matrix-synapse.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "matrix-synapse.labels" -}} -helm.sh/chart: {{ include "matrix-synapse.chart" . }} -{{ include "matrix-synapse.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "matrix-synapse.selectorLabels" -}} -app.kubernetes.io/name: {{ include "matrix-synapse.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Pull secrets -*/}} -{{- define "matrix-synapse.imagePullSecrets" -}} -{{- if or .Values.image.pullSecrets .Values.wellknown.image.pullSecrets .Values.volumePermissions.pullSecrets }} -imagePullSecrets: - {{- with .Values.image.pullSecrets }} - {{- . | toYaml | nindent 2 }} - {{- end }} - {{- with .Values.wellknown.image.pullSecrets }} - {{- . | toYaml | nindent 2 }} - {{- end }} - {{- with .Values.volumePermissions.image.pullSecrets }} - {{- . | toYaml | nindent 2 }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "matrix-synapse.postgresql.fullname" -}} -{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Set postgres host -*/}} -{{- define "matrix-synapse.postgresql.host" -}} -{{- if .Values.postgresql.enabled -}} -{{- template "matrix-synapse.postgresql.fullname" . -}} -{{- else -}} -{{ required "A valid externalPostgresql.host is required" .Values.externalPostgresql.host }} -{{- end -}} -{{- end -}} - -{{/* -Set postgres secret -*/}} -{{- define "matrix-synapse.postgresql.secret" -}} -{{- if .Values.postgresql.enabled -}} -{{- template "matrix-synapse.postgresql.fullname" . -}} -{{- else -}} -{{- template "matrix-synapse.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Set postgres port -*/}} -{{- define "matrix-synapse.postgresql.port" -}} -{{- if .Values.postgresql.enabled -}} -{{- if .Values.postgresql.service -}} -{{- .Values.postgresql.service.port | default 5432 }} -{{- else -}} -5432 -{{- end -}} -{{- else -}} -{{- required "A valid externalPostgresql.port is required" .Values.externalPostgresql.port -}} -{{- end -}} -{{- end -}} - -{{/* -Set postgresql username -*/}} -{{- define "matrix-synapse.postgresql.username" -}} -{{- if .Values.postgresql.enabled -}} -{{ required "A valid postgresql.auth.username is required" .Values.postgresql.auth.username }} -{{- else -}} -{{ required "A valid externalPostgresql.username is required" .Values.externalPostgresql.username }} -{{- end -}} -{{- end -}} - -{{/* -Set postgresql password -*/}} -{{- define "matrix-synapse.postgresql.password" -}} -{{- if .Values.postgresql.enabled -}} -{{ required "A valid postgresql.auth.password is required" .Values.postgresql.auth.password }} -{{- else if not (and .Values.externalPostgresql.existingSecret .Values.externalPostgresql.existingSecretPasswordKey) -}} -{{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }} -{{- end -}} -{{- end -}} - -{{/* -Set postgresql database -*/}} -{{- define "matrix-synapse.postgresql.database" -}} -{{- if .Values.postgresql.enabled -}} -{{- if .Values.postgresql.postgresqlDatabase -}} -{{- fail "You need to switch to the new postgresql.auth values." -}} -{{- end -}} -{{- .Values.postgresql.auth.database | default "synapse" }} -{{- else -}} -{{ required "A valid externalPostgresql.database is required" .Values.externalPostgresql.database }} -{{- end -}} -{{- end -}} - - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "matrix-synapse.redis.fullname" -}} -{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Set redis host -*/}} -{{- define "matrix-synapse.redis.host" -}} -{{- if .Values.redis.enabled -}} -{{- printf "%s-%s" (include "matrix-synapse.redis.fullname" .) "master" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{ required "A valid externalRedis.host is required" .Values.externalRedis.host }} -{{- end -}} -{{- end -}} - -{{/* -Set redis secret -*/}} -{{- define "matrix-synapse.redis.secret" -}} -{{- if .Values.redis.enabled -}} -{{- template "matrix-synapse.redis.fullname" . -}} -{{- else -}} -{{- template "matrix-synapse.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Set redis port -*/}} -{{- define "matrix-synapse.redis.port" -}} -{{- if .Values.redis.enabled -}} -{{- .Values.redis.master.service.port | default 6379 }} -{{- else -}} -{{ required "A valid externalRedis.port is required" .Values.externalRedis.port }} -{{- end -}} -{{- end -}} - -{{/* -Set redis password -*/}} -{{- define "matrix-synapse.redis.password" -}} -{{- if (and .Values.redis.enabled .Values.redis.password) -}} -{{ .Values.redis.password }} -{{- else if (and .Values.redis.enabled .Values.redis.auth.password) -}} -{{ .Values.redis.auth.password }} -{{- else if .Values.externalRedis.password -}} -{{ .Values.externalRedis.password }} -{{- end -}} -{{- end -}} - -{{/* -Set redis database id -*/}} -{{- define "matrix-synapse.redis.dbid" -}} -{{- if .Values.redis.dbid -}} -{{ .Values.redis.dbid }} -{{- else if .Values.externalRedis.dbid -}} -{{ .Values.externalRedis.dbid }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "matrix-synapse.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "matrix-synapse.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/matrix-synapse/templates/configmap.yaml b/matrix-synapse/templates/configmap.yaml deleted file mode 100644 index 728f9d4..0000000 --- a/matrix-synapse/templates/configmap.yaml +++ /dev/null @@ -1,169 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "matrix-synapse.fullname" . }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} -data: - log.yaml: | - version: 1 - formatters: - {{- if .Values.config.useStructuredLogging }} - structured: - class: synapse.logging.TerseJsonFormatter - {{- else }} - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' - {{- end }} - filters: - context: - (): synapse.util.logcontext.LoggingContextFilter - request: "" - handlers: - console: - class: logging.StreamHandler - formatter: {{ if .Values.config.useStructuredLogging }}structured{{ else }}precise{{ end }} - filters: [context] - level: {{ .Values.config.logLevel | default "INFO" }} - loggers: - synapse: - level: {{ .Values.config.logLevel | default "INFO" }} - {{- with .Values.extraLoggers -}} - {{ . | toYaml | nindent 8 }} - {{- end }} - root: - level: {{ .Values.config.logLevel | default "INFO" }} - handlers: [console] - homeserver.yaml: | - # NOTE: - # Secrets are stored in separate configs to better fit K8s concepts - - ## Server ## - - server_name: {{ required "You need to specify a serverName" .Values.serverName | quote }} - public_baseurl: {{ .Values.config.publicBaseurl | default (printf "https://%s" (.Values.publicServerName | default .Values.serverName)) | quote }} - pid_file: /homeserver.pid - web_client: False - soft_file_limit: 0 - log_config: "/synapse/config/log.yaml" - report_stats: {{ required "You need to specify config.reportStats" .Values.config.reportStats }} - - instance_map: - main: - host: {{ include "matrix-synapse.replicationname" . }} - port: 9093 - {{- range $worker, $config := .Values.workers }} - {{- if and $config.enabled $config.name $config.listeners (has "replication" $config.listeners) }} - {{- $name := $worker | replace "_" "-" }} - {{ $config.name | quote }}: - host: {{ include "matrix-synapse.workername" (dict "root" $ "worker" $name) | quote }} - port: 9093 - {{- end }}{{/* end-if .enabled ... */}} - {{- end }}{{/* end-range .workers */}} - - ## Ports ## - {{- $bindAddresses := .Values.config.bindAddresses }} - - listeners: - - port: 8008 - tls: false - bind_addresses: {{ toJson $bindAddresses }} - type: http - x_forwarded: true - - resources: - - names: - - client - - federation - {{- with .Values.config.extraMainListenerTypes }} - {{- . | toYaml | nindent 14 }} - {{- end }} - compress: false - - - port: 9090 - tls: false - bind_addresses: {{ toJson $bindAddresses }} - type: http - - resources: - - names: [metrics] - compress: false - - - port: 9093 - tls: false - bind_addresses: {{ toJson $bindAddresses }} - type: http - - resources: - - names: [replication] - compress: false - {{- if .Values.config.extraListeners }} - {{ .Values.config.extraListeners | toYaml | nindent 6 }} - {{- end }} - - ## Files ## - - media_store_path: "/synapse/data/media" - uploads_path: "/synapse/data/uploads" - {{- if .Values.config.recaptcha }} - - ## Captcha ## - - recaptcha_public_key: {{ .Values.config.recaptcha.publicKey | quote }} - enable_registration_captcha: true - {{- end }} - {{- if .Values.config.turnUris }} - - ## Turn ## - - turn_uris: - {{ toYaml .Values.config.turnUris | nindent 6 }} - {{- end }} - - ## Registration ## - - enable_registration: {{ .Values.config.enableRegistration | default false }} - - ## Metrics ### - - enable_metrics: true - - ## Signing Keys ## - - signing_key_path: "/synapse/keys/signing.key" - - # The trusted servers to download signing keys from. - trusted_key_servers: {{- .Values.config.trustedKeyServers | toYaml | nindent 6 }} - - ## Workers ## - {{- range $worker, $config := .Values.workers }} - {{- if $config.enabled }} - {{- if or (eq $worker "pusher") (eq ($config.app | default "") "pusher") }} - - # For pusher worker - start_pushers: false - {{- else if or (eq $worker "appservice") (eq ($config.app | default "") "appservice") }} - - # For appservice worker - notify_appservices_from_worker: {{ $config.name | quote }} - {{- else if or (eq $worker "federation_sender") (eq ($config.app | default "") "federation_sender") }} - - # For federation_sender worker - send_federation: false - {{- else if or (eq $worker "media_repository") (eq ($config.app | default "") "media_repository") }} - - # For media_repository worker - enable_media_repo: false - {{- else if or (eq $worker "user_dir") (eq ($config.app | default "") "user_dir") }} - - # For user_dir worker - update_user_directory_from_worker: {{ $config.name | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.extraConfig }} - - ## Extra config ## - {{ . | toYaml | nindent 4 }} - {{- end }} diff --git a/matrix-synapse/templates/configmap_grafana_dashboards.yaml b/matrix-synapse/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 1dbd1c4..0000000 --- a/matrix-synapse/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "matrix-synapse.fullname" . }}-grafana-db - labels: - {{- include "matrix-synapse.labels" $ | nindent 4 }} - {{- with .Values.grafana.dashboards.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.grafana.dashboards.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -data: - {{- ($.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/matrix-synapse/templates/deployment.yaml b/matrix-synapse/templates/deployment.yaml deleted file mode 100644 index 9f15533..0000000 --- a/matrix-synapse/templates/deployment.yaml +++ /dev/null @@ -1,212 +0,0 @@ -{{- $needsVolumePermissions := and .Values.volumePermissions.enabled (or .Values.persistence.enabled .Values.persistence.existingClaim) }} -{{- if (and .Values.postgresql.enabled (and (not .Values.postgresql.auth.password) (not .Values.postgresql.existingSecret))) -}} -{{- fail "You must specify a static postgres password or existing secret if using the included postgres chart" -}} -{{- end -}} -{{- if (and .Values.redis.enabled (and .Values.redis.usePassword (and (not .Values.redis.auth.password) (not .Values.redis.auth.existingSecret)))) -}} -{{- fail "You must specify a static redis password or existing secret if using the included redis chart" -}} -{{- end -}} ---- -# Server: {{ required "A valid serverName is required" .Values.serverName }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "matrix-synapse.fullname" . }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: synapse -spec: - replicas: 1 - strategy: - {{- toYaml .Values.synapse.strategy | nindent 4 }} - selector: - matchLabels: - {{- include "matrix-synapse.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: synapse - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- with .Values.synapse.annotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "matrix-synapse.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: synapse - {{- with .Values.synapse.labels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "matrix-synapse.serviceAccountName" . }} - {{- include "matrix-synapse.imagePullSecrets" . | nindent 6 }} - securityContext: - {{- toYaml .Values.synapse.podSecurityContext | nindent 8 }} - {{- if $needsVolumePermissions }} - initContainers: - - name: volume-permissions - command: - - sh - - -c - - | - chown {{ .Values.volumePermissions.uid }}:{{ .Values.volumePermissions.gid }} -R /synapse/data - {{- with .Values.volumePermissions.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - resources: - {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - securityContext: - runAsNonRoot: false - runAsUser: 0 - volumeMounts: - - name: media - mountPath: /synapse/data - {{- end }} - containers: - - name: synapse - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - {{- if or .Values.postgresql.enabled .Values.externalPostgresql.existingSecret }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.postgresql.enabled }} - name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" .) }} - key: password - {{- else }} - name: {{ .Values.externalPostgresql.existingSecret }} - key: {{ .Values.externalPostgresql.existingSecretPasswordKey }} - {{- end }} - {{- end }} - {{- if or (and .Values.redis.enabled (default .Values.redis.usePassword true)) .Values.externalRedis.existingSecret }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.redis.enabled }} - name: {{ .Values.redis.auth.existingSecret | default (include "matrix-synapse.redis.fullname" .) }} - key: redis-password - {{- else }} - name: {{ .Values.externalRedis.existingSecret }} - key: {{ .Values.externalRedis.existingSecretPasswordKey }} - {{- end -}} - {{- end }} - {{- with .Values.synapse.extraEnv }} - {{- . | toYaml | nindent 12 }} - {{- end }} - command: - - sh - - -c - - | - cat /synapse/secrets/*.yaml | \ - sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \ - -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ - > /synapse/config/conf.d/secrets.yaml - - {{- if .Values.synapse.extraCommands }} - - {{ range .Values.synapse.extraCommands }} - {{ . }} - {{- end }} - {{- end }} - - exec python -B -m synapse.app.homeserver \ - -c /synapse/config/homeserver.yaml \ - -c /synapse/config/conf.d/ - securityContext: - {{- toYaml .Values.synapse.securityContext | nindent 12 }} - ports: - - name: http - containerPort: 8008 - protocol: TCP - - name: replication - containerPort: 9093 - protocol: TCP - - name: metrics - containerPort: 9090 - protocol: TCP - {{- with .Values.synapse.livenessProbe }} - livenessProbe: - {{- . | toYaml | nindent 12 }} - {{- end }} - {{- with .Values.synapse.readinessProbe }} - readinessProbe: - {{- . | toYaml | nindent 12 }} - {{- end }} - {{- with .Values.synapse.startupProbe }} - startupProbe: - {{- . | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - - name: config - mountPath: /synapse/config - - name: tmpconf - mountPath: /synapse/config/conf.d - - name: secrets - mountPath: /synapse/secrets - - name: signingkey - mountPath: /synapse/keys - - name: media - mountPath: /synapse/data - - name: tmpdir - mountPath: /tmp - {{- with .Values.synapse.extraVolumeMounts }} - {{- . | toYaml | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.synapse.resources | nindent 12 }} - volumes: - - name: config - configMap: - name: {{ include "matrix-synapse.fullname" . }} - - name: secrets - secret: - secretName: {{ include "matrix-synapse.fullname" . }} - - name: signingkey - secret: - secretName: {{ .Values.signingkey.existingSecret | default (include "matrix-synapse.workername" (dict "root" . "worker" "signingkey")) | quote }} - items: - - key: {{ .Values.signingkey.existingSecretKey | default "signing.key" | quote }} - path: signing.key - - name: tmpconf - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: media - {{- $mediaworker := false }} - {{- range $worker, $config := .Values.workers }} - {{- if eq $worker "media_repository" }} - {{- $mediaworker = ($config.enabled | default false) }} - {{- end }} - {{- end }} - {{- if $mediaworker }} - emptyDir: {} - {{- else }} - {{- if .Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ .Values.persistence.hostPath | quote }} - {{- else if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "matrix-synapse.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }}{{/* end-if hostPath+persistent*/}} - {{- end }}{{/* end-if not $mediaworker */}} - {{- with .Values.synapse.extraVolumes }} - {{- . | toYaml | nindent 8 }} - {{- end }} - {{- with .Values.synapse.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.synapse.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.synapse.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/matrix-synapse/templates/ingress.yaml b/matrix-synapse/templates/ingress.yaml deleted file mode 100644 index b23731f..0000000 --- a/matrix-synapse/templates/ingress.yaml +++ /dev/null @@ -1,207 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "matrix-synapse.fullname" . -}} -{{- $wkName := include "matrix-synapse.externalname" (dict "root" . "external" "wellknown") -}} -{{- $v1Ingress := .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} -{{- if $v1Ingress -}} -apiVersion: networking.k8s.io/v1 -{{- else -}} -apiVersion: networking.k8s.io/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - {{- if .secretName }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} -{{- end }} - rules: - {{- $csHosts := .Values.ingress.csHosts }} - {{- if .Values.ingress.includeServerName }} - {{- $csHosts = concat (list (.Values.publicServerName | default .Values.serverName)) $csHosts }} - {{- end }} - {{- $s2sHosts := .Values.ingress.hosts }} - {{- if .Values.ingress.includeServerName }} - {{- $s2sHosts = concat (list .Values.serverName) $s2sHosts }} - {{- end }} - {{- $wkHosts := .Values.ingress.wkHosts }} - {{- if .Values.ingress.includeServerName }} - {{- $wkHosts = concat (list .Values.serverName) $wkHosts }} - {{- end }} - {{- $hosts := uniq (concat $s2sHosts $csHosts $wkHosts) }} - {{- range $hosts }} - {{- $host := . }} - - host: {{ . | quote }} - http: - paths: - {{- $default := $.Values.workers.default }} - {{- range $worker, $config := $.Values.workers }} - {{- $name := $worker | replace "_" "-" }} - {{- if and $config.enabled $config.listeners (or $config.paths $config.csPaths) }} - {{- $service := include "matrix-synapse.workername" (dict "root" $ "worker" $name) }} - {{- if has $host $csHosts }} - {{- range $config.csPaths }} - {{- if $.Values.ingress.traefikPaths }} - - path: {{ printf "/{path:%s}" (trimPrefix "/" .) | quote }} - backend: - {{- if $v1Ingress }} - service: - name: {{ $service }} - port: - number: 8083 - pathType: ImplementationSpecific - {{- else }} - serviceName: {{ $service }} - servicePort: 8083 - {{- end }} - {{- else }} - - path: {{ . | quote }} - backend: - {{- if $v1Ingress }} - service: - name: {{ $service }} - port: - number: 8083 - pathType: ImplementationSpecific - {{- else }} - serviceName: {{ $service }} - servicePort: 8083 - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if has $host $s2sHosts }} - {{- range $config.paths }} - {{- if $.Values.ingress.traefikPaths }} - - path: {{ printf "/{path:%s}" (trimPrefix "/" .) | quote }} - backend: - {{- if $v1Ingress }} - service: - name: {{ $service }} - port: - number: 8083 - pathType: ImplementationSpecific - {{- else }} - serviceName: {{ $service }} - servicePort: 8083 - {{- end }} - {{- else }} - - path: {{ . | quote }} - backend: - {{- if $v1Ingress }} - service: - name: {{ $service }} - port: - number: 8083 - pathType: ImplementationSpecific - {{- else }} - serviceName: {{ $service }} - servicePort: 8083 - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - - {{- if has . $csHosts }} - {{- with $.Values.ingress.csPaths }} - {{ . | toYaml | nindent 10 }} - {{- end }} - {{- end }} - {{- if has . $s2sHosts }} - {{- with $.Values.ingress.paths }} - {{ . | toYaml | nindent 10 }} - {{- end }} - {{- end }} - - {{- if or (has . $csHosts) (has . $s2sHosts) }} - - path: /_matrix - backend: - {{- if $v1Ingress }} - service: - name: {{ $fullName }} - port: - number: {{ $.Values.service.port }} - pathType: Prefix - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $.Values.service.port }} - {{- end }} - {{- end }} - - {{- if and (has . $csHosts) $.Values.ingress.includeUnderscoreSynapse }} - - path: /_synapse - backend: - {{- if $v1Ingress }} - service: - name: {{ $fullName }} - port: - number: {{ $.Values.service.port }} - pathType: Prefix - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $.Values.service.port }} - {{- end }} - {{- end }} - - {{- if has . $wkHosts }} - {{- if $.Values.wellknown.enabled }} - - path: /.well-known/matrix - backend: - {{- if $v1Ingress }} - service: - name: {{ $wkName }} - port: - number: {{ $.Values.wellknown.service.port | default 80 }} - pathType: Prefix - {{- else }} - serviceName: {{ $wkName }} - servicePort: {{ $.Values.wellknown.service.port | default 80 }} - {{- end }} - - path: /.well-known/element - backend: - {{- if $v1Ingress }} - service: - name: {{ $wkName }} - port: - number: {{ $.Values.wellknown.service.port | default 80 }} - pathType: Prefix - {{- else }} - serviceName: {{ $wkName }} - servicePort: {{ $.Values.wellknown.service.port | default 80 }} - {{- end }} - {{- else }} - - path: /.well-known/matrix - backend: - {{- if $v1Ingress }} - service: - name: {{ $fullName }} - port: - number: {{ $.Values.service.port }} - pathType: Prefix - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $.Values.service.port }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/matrix-synapse/templates/podmonitor.yaml b/matrix-synapse/templates/podmonitor.yaml deleted file mode 100644 index 03bfeca..0000000 --- a/matrix-synapse/templates/podmonitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.prometheus.podmonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ include "matrix-synapse.fullname" . }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - {{- with .Values.prometheus.podmonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "matrix-synapse.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: synapse - podMetricsEndpoints: - - port: metrics - path: "/_synapse/metrics" -{{- end }} diff --git a/matrix-synapse/templates/prometheus-rules.yaml b/matrix-synapse/templates/prometheus-rules.yaml deleted file mode 100644 index d3073d7..0000000 --- a/matrix-synapse/templates/prometheus-rules.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- if and ( .Values.prometheus.rules.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "matrix-synapse.fullname" . }} - {{- with .Values.prometheus.rules.namespace }} - namespace: {{ . | quote }} - {{- end }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - {{- with .Values.prometheus.rules.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - groups: - {{- if .Values.prometheus.rules.defaults.enabled }} - - name: {{ template "matrix-synapse.name" . }}-Defaults - rules: - - ### - ### Prometheus Console Only - ### The following rules are only needed if you use the Prometheus Console - ### in contrib/prometheus/consoles/synapse.html - ### - - record: 'synapse_federation_client_sent' - labels: - type: "EDU" - expr: 'synapse_federation_client_sent_edus_total + 0' - - record: 'synapse_federation_client_sent' - labels: - type: "PDU" - expr: 'synapse_federation_client_sent_pdu_destinations_count_total + 0' - - record: 'synapse_federation_client_sent' - labels: - type: "Query" - expr: 'sum(synapse_federation_client_sent_queries) by (job)' - - - record: 'synapse_federation_server_received' - labels: - type: "EDU" - expr: 'synapse_federation_server_received_edus_total + 0' - - record: 'synapse_federation_server_received' - labels: - type: "PDU" - expr: 'synapse_federation_server_received_pdus_total + 0' - - record: 'synapse_federation_server_received' - labels: - type: "Query" - expr: 'sum(synapse_federation_server_received_queries) by (job)' - - - record: 'synapse_federation_transaction_queue_pending' - labels: - type: "EDU" - expr: 'synapse_federation_transaction_queue_pending_edus + 0' - - record: 'synapse_federation_transaction_queue_pending' - labels: - type: "PDU" - expr: 'synapse_federation_transaction_queue_pending_pdus + 0' - ### - ### End of 'Prometheus Console Only' rules block - ### - - - ### - ### Grafana Only - ### The following rules are only needed if you use the Grafana dashboard - ### in contrib/grafana/synapse.json - ### - - record: synapse_storage_events_persisted_by_source_type - expr: sum without(type, origin_type, origin_entity) (synapse_storage_events_persisted_events_sep_total{origin_type="remote"}) - labels: - type: remote - - record: synapse_storage_events_persisted_by_source_type - expr: sum without(type, origin_type, origin_entity) (synapse_storage_events_persisted_events_sep_total{origin_entity="*client*",origin_type="local"}) - labels: - type: local - - record: synapse_storage_events_persisted_by_source_type - expr: sum without(type, origin_type, origin_entity) (synapse_storage_events_persisted_events_sep_total{origin_entity!="*client*",origin_type="local"}) - labels: - type: bridges - - - record: synapse_storage_events_persisted_by_event_type - expr: sum without(origin_entity, origin_type) (synapse_storage_events_persisted_events_sep_total) - - - record: synapse_storage_events_persisted_by_origin - expr: sum without(type) (synapse_storage_events_persisted_events_sep_total) - ### - ### End of 'Grafana Only' rules block - ### - {{- end }}{{/* end-if .defaults.enabled */}} - - {{- with .Values.prometheus.rules.additionalRules }} - - name: {{ template "matrix-synapse.name" $ }}-Additional - rules: - {{- toYaml . | nindent 4 }} - {{- end }}{{/* end-with additionalRules */}} -{{- end }} diff --git a/matrix-synapse/templates/pvc.yaml b/matrix-synapse/templates/pvc.yaml deleted file mode 100644 index 0a33298..0000000 --- a/matrix-synapse/templates/pvc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and - .Values.persistence.enabled - (not .Values.persistence.existingClaim) - (not .Values.persistence.hostPath) --}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "matrix-synapse.fullname" . }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - {{- with .Values.persistence.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- with .Values.persistence.storageClass }} - {{- if (eq "-" .) }} - storageClassName: "" - {{- else }} - storageClassName: {{ . | quote }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/matrix-synapse/templates/secrets.yaml b/matrix-synapse/templates/secrets.yaml deleted file mode 100644 index 0871249..0000000 --- a/matrix-synapse/templates/secrets.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "matrix-synapse.fullname" . }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} -stringData: - config.yaml: | - {{- if .Values.config.recaptcha }} - ## Captcha ## - - recaptcha_private_key: {{ .Values.config.recaptcha.privateKey | quote }} - {{- end }} - {{- if .Values.config.turnSecret }} - - ## Turn ## - - turn_shared_secret: {{ .Values.config.turnSecret | quote }} - - {{- end }} - ## Registration ## - - registration_shared_secret: {{ .Values.config.registrationSharedSecret | default (randAlphaNum 24) | quote }} - - ## API Configuration ## - - {{- if .Values.config.macaroonSecretKey }} - - macaroon_secret_key: {{ .Values.config.macaroonSecretKey | quote }} - {{- end }} - - ## Database configuration ## - - database: - name: "psycopg2" - {{- $postgresConfig := .Values.externalPostgresql }} - {{- if .Values.postgresql.enabled }} - {{- $postgresConfig = .Values.postgresql }} - {{- end }} - {{- with $postgresConfig.options }} - {{- toYaml . | nindent 6 }} - {{- end }} - args: - host: {{ include "matrix-synapse.postgresql.host" . | quote }} - port: {{ include "matrix-synapse.postgresql.port" . }} - sslmode: {{ $postgresConfig.sslmode | default "prefer" | quote }} - user: {{ include "matrix-synapse.postgresql.username" . | quote }} - {{- $postgresPass := include "matrix-synapse.postgresql.password" . }} - {{- if and $postgresPass (not .Values.postgresql.existingSecret) }} - password: {{ $postgresPass | quote }} - {{- else }} - password: "@@POSTGRES_PASSWORD@@" - {{- end }} - database: {{ include "matrix-synapse.postgresql.database" . | quote }} - cp_min: 5 - cp_max: 10 - {{- with $postgresConfig.extraArgs }} - {{- toYaml . | nindent 8 }} - {{- end }} - - ## Redis configuration ## - - redis: - enabled: true - host: {{ include "matrix-synapse.redis.host" . | quote }} - {{- with (include "matrix-synapse.redis.port" .) }} - port: {{ . }} - {{- end }} - {{- $redisPass := include "matrix-synapse.redis.password" . }} - {{- if or .Values.redis.auth.enabled .Values.redis.usePassword .Values.redis.password .Values.redis.auth.password .Values.externalRedis.password }} - {{- if and $redisPass (not .Values.redis.auth.existingSecret) }} - password: {{ $redisPass | quote }} - {{- else }} - password: "@@REDIS_PASSWORD@@" - {{- end }} - {{- end }} - {{- with (include "matrix-synapse.redis.dbid" .) }} - dbid: {{ . }} - {{- end }} - - {{- with .Values.extraSecrets }} - - ## Extra secrets ## - {{ . | toYaml | nindent 4 }} - {{- end }} diff --git a/matrix-synapse/templates/service.yaml b/matrix-synapse/templates/service.yaml deleted file mode 100644 index 10a0254..0000000 --- a/matrix-synapse/templates/service.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "matrix-synapse.fullname" . }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type | default "ClusterIP" }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort | default "http" }} - protocol: TCP - name: http - selector: - app.kubernetes.io/component: synapse - {{- include "matrix-synapse.selectorLabels" . | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "matrix-synapse.replicationname" . }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} -spec: - type: ClusterIP - ports: - - port: 9093 - targetPort: replication - protocol: TCP - name: replication - selector: - {{- include "matrix-synapse.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: synapse -{{- $default := .Values.workers.default }} -{{- range $worker, $config := .Values.workers }} -{{- if and $config.enabled $config.listeners }} -{{- $name := $worker | replace "_" "-" }} -{{- $release := $.Release.Name }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "matrix-synapse.workername" (dict "root" $ "worker" $name) }} - labels: - {{- include "matrix-synapse.labels" $ | nindent 4 }} -spec: - type: ClusterIP - ports: - - port: 8083 - targetPort: listener - protocol: TCP - name: listener - {{- if has "replication" $config.listeners }} - - port: 9093 - targetPort: replication - protocol: TCP - name: replication - {{- end }} - selector: - {{- include "matrix-synapse.selectorLabels" $ | nindent 4 }} - app.kubernetes.io/component: {{ $name }} -{{- end }} -{{- end }} diff --git a/matrix-synapse/templates/serviceaccount.yaml b/matrix-synapse/templates/serviceaccount.yaml deleted file mode 100644 index 81ca2b8..0000000 --- a/matrix-synapse/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.name | default (include "matrix-synapse.fullname" .) }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - annotations: - {{- with .Values.serviceAccount.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/matrix-synapse/templates/signing-key/job.yaml b/matrix-synapse/templates/signing-key/job.yaml deleted file mode 100644 index c9a9979..0000000 --- a/matrix-synapse/templates/signing-key/job.yaml +++ /dev/null @@ -1,153 +0,0 @@ -{{- $secretName := include "matrix-synapse.workername" (dict "root" . "worker" "signingkey") }} - -{{- if .Values.signingkey.job.enabled }} -{{- if .Values.signingkey.existingSecret }} -{{- fail "Can't specify both signingkey.job.enabled and signingkey.existingSecret" }} -{{- end }} -{{- $name := include "matrix-synapse.workername" (dict "root" . "worker" "signingkey-job") }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: signingkey-job - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook-delete-policy": "hook-failed" - "helm.sh/hook": "pre-install" -type: Opaque ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $name }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: signingkey-job - {{- with .Values.signingkey.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $name }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: signingkey-job - {{- with .Values.signingkey.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - {{ $secretName }} - verbs: - - get - - update - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $name }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: signingkey-job - {{- with .Values.signingkey.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $name }} -subjects: - - kind: ServiceAccount - name: {{ $name }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $name }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: signingkey-job - {{- with .Values.signingkey.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - ttlSecondsAfterFinished: 0 - template: - metadata: - labels: - {{- include "matrix-synapse.labels" . | nindent 8 }} - app.kubernetes.io/component: signingkey-job - spec: - containers: - - name: signing-key-generate - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - command: - - sh - - -c - - | - echo "Generating signing key..." - if which generate_signing_key.py >/dev/null; then - generate_signing_key.py -o /synapse/keys/signing.key - else - generate_signing_key -o /synapse/keys/signing.key - fi - resources: - {{- toYaml .Values.signingkey.resources | nindent 12 }} - volumeMounts: - - mountPath: /synapse/keys - name: matrix-synapse-keys - - name: signing-key-upload - {{- with .Values.signingkey.job.publishImage }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - command: - - sh - - -c - - | - # check if key already exists - key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data['signing.key']}" 2> /dev/null) - [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 - [ -n "$key" ] && echo "Key already created, exiting." && exit 0 - # wait for config - while [ ! -f /synapse/keys/signing.key ]; do - echo "Waiting for key.." - sleep 5; - done - # update secret - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"signing.key\":\"$(base64 /synapse/keys/signing.key | tr -d '\n')\"}}" - [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 - echo "Key successfully created." - resources: - {{- toYaml .Values.signingkey.resources | nindent 12 }} - volumeMounts: - - mountPath: /synapse/keys - name: matrix-synapse-keys - readOnly: true - restartPolicy: Never - serviceAccount: {{ $name }} - volumes: - - name: matrix-synapse-keys - emptyDir: {} - parallelism: 1 - completions: 1 - backoffLimit: 1 -{{- end }} diff --git a/matrix-synapse/templates/tests/test-connection.yaml b/matrix-synapse/templates/tests/test-connection.yaml deleted file mode 100644 index 466e954..0000000 --- a/matrix-synapse/templates/tests/test-connection.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "matrix-synapse.fullname" . }}-test-connection" - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "matrix-synapse.fullname" . }}:{{ $.Values.service.port }}/_matrix/client/versions'] - restartPolicy: Never diff --git a/matrix-synapse/templates/wellknown/configmap.yaml b/matrix-synapse/templates/wellknown/configmap.yaml deleted file mode 100644 index beb5158..0000000 --- a/matrix-synapse/templates/wellknown/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.wellknown.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "matrix-synapse.externalname" (dict "root" . "external" "wellknown") }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: wellknown -data: - server: |- - {{- with .Values.wellknown.server }} - {{- toJson . | nindent 4 }} - {{- else }} - {{- dict "m.server" (printf "%s:%d" (.Values.publicServerName | default .Values.serverName) 443) | toJson | nindent 4 }} - {{- end }} - client: |- - {{- with .Values.wellknown.client }} - {{- toJson . | nindent 4 }} - {{- else }} - {{- dict "m.homeserver" (dict "base_url" (printf "https://%s/" (.Values.publicServerName | default .Values.serverName))) | toJson | nindent 4 }} - {{- end }} - element.json: |- - {{- toJson .Values.wellknown.element | nindent 4 }} - {{- (.Files.Glob "files/well-known/nginx.conf" ).AsConfig | nindent 2 }} -{{- end -}}{{/* end-if .wellknown.enabled */}} diff --git a/matrix-synapse/templates/wellknown/deployment.yaml b/matrix-synapse/templates/wellknown/deployment.yaml deleted file mode 100644 index de2ef39..0000000 --- a/matrix-synapse/templates/wellknown/deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- if .Values.wellknown.enabled }} -{{- $wkName := include "matrix-synapse.externalname" (dict "root" . "external" "wellknown") -}} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ $wkName }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: wellknown -spec: - replicas: {{ .Values.wellknown.replicaCount }} - selector: - matchLabels: - {{- include "matrix-synapse.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: wellknown - template: - metadata: - annotations: - checksum/config: {{ include (print .Template.BasePath "/wellknown/configmap.yaml") . | sha256sum }} - {{- with .Values.wellknown.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "matrix-synapse.selectorLabels" . | nindent 8 }} - {{- with .Values.wellknown.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - app.kubernetes.io/component: wellknown - spec: - {{- include "matrix-synapse.imagePullSecrets" . | nindent 6 }} - securityContext: - {{- toYaml .Values.wellknown.podSecurityContext | nindent 8 }} - containers: - - name: wellknown - securityContext: - {{- toYaml .Values.wellknown.securityContext | nindent 12 }} - {{- with .Values.wellknown.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - containerPort: {{ .Values.wellknown.containerPort }} - name: http - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: - {{- toYaml .Values.wellknown.resources | nindent 12 }} - volumeMounts: - - name: "data" - mountPath: "/usr/share/nginx/html/.well-known/matrix/client" - subPath: "client" - - name: "data" - mountPath: "/usr/share/nginx/html/.well-known/matrix/server" - subPath: "server" - - name: "data" - mountPath: "/usr/share/nginx/html/.well-known/element/element.json" - subPath: "element.json" - - name: "data" - mountPath: "/etc/nginx/conf.d/default.conf" - subPath: "nginx.conf" - {{- with .Values.wellknown.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.wellknown.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.wellknown.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: "data" - configMap: - name: {{ $wkName }} -{{- end }} diff --git a/matrix-synapse/templates/wellknown/service.yaml b/matrix-synapse/templates/wellknown/service.yaml deleted file mode 100644 index 5a4ab4d..0000000 --- a/matrix-synapse/templates/wellknown/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.wellknown.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "matrix-synapse.externalname" (dict "root" . "external" "wellknown") }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} - app.kubernetes.io/component: wellknown -spec: - type: {{ .Values.wellknown.service.type | default "ClusterIP" }} - ports: - - port: {{ .Values.wellknown.service.port | default 80 }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "matrix-synapse.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: wellknown -{{- end }} diff --git a/matrix-synapse/templates/worker/configmap.yaml b/matrix-synapse/templates/worker/configmap.yaml deleted file mode 100644 index 9078b28..0000000 --- a/matrix-synapse/templates/worker/configmap.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- $any := false }} -{{- range $worker, $config := .Values.workers }} - {{- if $config.enabled }} - {{- $any = true }} - {{- end }} -{{- end }} - -{{- if $any }} -{{- $wkName := include "matrix-synapse.workername" (dict "root" . "worker" "workers") -}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $wkName }} - labels: - {{- include "matrix-synapse.labels" . | nindent 4 }} -data: -{{- $default := .Values.workers.default -}} -{{- range $worker, $config := .Values.workers -}} - {{- if $config.enabled -}} - {{- $name := $worker | replace "_" "-" }} - {{- $app := $config.app | default $worker }} - - {{ $name }}.worker: | - worker_app: "synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $app }}" -{{- if $config.name -}} -{{- if (gt ($config.replicaCount | int) 1) -}} -{{- fail "Replica count must be 1 if a worker has a unique name." -}} -{{- end }} - worker_name: {{ $config.name }} -{{- end }} -{{- $bindAddresses := $config.bindAddresses | default $.Values.config.bindAddresses | default (list "::") }} - - worker_listeners: - - port: 9090 - tls: false - bind_addresses: {{ toJson $bindAddresses }} - type: http - - resources: - - names: [metrics] - compress: false - {{- if $config.listeners }} - {{- if has "replication" $config.listeners }} - {{- if not $config.name }} - {{- fail "Workers with replication listeners must have unique names." }} - {{- end }} - - - port: 9093 - tls: false - bind_addresses: {{ toJson $bindAddresses }} - type: http - x_forwarded: true - - resources: - - names: [replication] - compress: false - {{- end }} - - - port: 8083 - tls: false - bind_addresses: {{ toJson $bindAddresses }} - type: http - x_forwarded: true - - resources: - - names: - {{- toYaml (without $config.listeners "replication") | nindent 14 }} - compress: false - {{- end }} - - worker_log_config: /synapse/config/log.yaml - {{- if $config.extraConfig }} - - # Extra config - {{ toYaml $config.extraConfig | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/matrix-synapse/templates/worker/deployment.yaml b/matrix-synapse/templates/worker/deployment.yaml deleted file mode 100644 index 2f56af4..0000000 --- a/matrix-synapse/templates/worker/deployment.yaml +++ /dev/null @@ -1,221 +0,0 @@ -{{- $needsVolumePermissions := and .Values.volumePermissions.enabled (or .Values.persistence.enabled .Values.persistence.existingClaim) }} -{{- $default := .Values.workers.default }} -{{- range $worker, $config := .Values.workers }} -{{- if $config.enabled }} -{{- $name := $worker | replace "_" "-" }} -{{- $app := $config.app | default $worker }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "matrix-synapse.workername" (dict "root" $ "worker" $name) }} - labels: - {{- include "matrix-synapse.labels" $ | nindent 4 }} - app.kubernetes.io/component: {{ $name }} -spec: - replicas: {{ $config.replicaCount | default $default.replicaCount }} - {{- with ($config.strategy | default $default.strategy) }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "matrix-synapse.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: {{ $name }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} - checksum/worker-config: {{ include (print $.Template.BasePath "/worker/configmap.yaml") $ | sha256sum }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") $ | sha256sum }} - {{- with ($config.annotations | default $default.annotations) }} - {{ . | toYaml | nindent 8 }} - {{- end }} - labels: - {{- include "matrix-synapse.selectorLabels" $ | nindent 8 }} - app.kubernetes.io/component: {{ $name }} - {{- with ($config.labels | default $default.labels) }} - {{ . | toYaml | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "matrix-synapse.serviceAccountName" $ }} - {{- include "matrix-synapse.imagePullSecrets" $ | nindent 6 }} - securityContext: - {{- $config.podSecurityContext | default $default.podSecurityContext | toYaml | nindent 8 }} - {{- if and $needsVolumePermissions (eq $name "media-repository") }} - initContainers: - - name: volume-permissions - {{- with $.Values.volumePermissions.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - command: - - sh - - -c - - | - chown {{ $.Values.volumePermissions.uid }}:{{ $.Values.volumePermissions.gid }} -R /synapse/data - securityContext: - runAsNonRoot: false - runAsUser: 0 - resources: {{ $.Values.volumePermissions.resources | toYaml | nindent 12 }} - volumeMounts: - - name: media - mountPath: /synapse/data - {{- end }} - containers: - - name: {{ $name }} - command: - - sh - - -c - - | - cat /synapse/secrets/*.yaml | \ - sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \ - -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ - > /synapse/config/conf.d/secrets.yaml - - {{- if (or $config.extraCommands $default.extraCommands) }} - - {{- with $config.extraCommands | default $default.extraCommands }} - {{ range . }} - {{ . | nindent 14 }} - {{- end }} - {{- end }} - {{- end }} - - exec python -B -m synapse.app.{{ (not (not $config.generic)) | ternary "generic_worker" $app }} \ - -c /synapse/config/homeserver.yaml \ - -c /synapse/config/conf.d/ \ - -c /synapse/config/{{ $name }}.worker - env: - {{- if or $.Values.postgresql.enabled $.Values.externalPostgresql.existingSecret }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - {{- if $.Values.postgresql.enabled }} - name: {{ $.Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }} - key: password - {{- else }} - name: {{ $.Values.externalPostgresql.existingSecret }} - key: {{ $.Values.externalPostgresql.existingSecretPasswordKey }} - {{- end }} - {{- end }} - {{- if or (and $.Values.redis.enabled (default $.Values.redis.usePassword true)) $.Values.externalRedis.existingSecret }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - {{- if $.Values.redis.enabled }} - name: {{ $.Values.redis.auth.existingSecret | default (include "matrix-synapse.redis.fullname" $) }} - key: redis-password - {{- else }} - name: {{ $.Values.externalRedis.existingSecret }} - key: {{ $.Values.externalRedis.existingSecretPasswordKey }} - {{- end -}} - {{- end }} - {{- with $config.extraEnv | default $default.extraEnv }} - {{- . | toYaml | nindent 12 }} - {{- end }} - securityContext: - {{- $config.securityContext | default $default.securityContext | toYaml | nindent 12 }} - {{- with $.Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - name: metrics - containerPort: 9090 - protocol: TCP - {{- if $config.listeners }} - - name: listener - containerPort: 8083 - protocol: TCP - {{- if has "replication" $config.listeners }} - - name: replication - containerPort: 9093 - protocol: TCP - {{- end }} - {{- if (or $config.readinessProbe $default.readinessProbe) }} - readinessProbe: - {{- $config.readinessProbe | default $default.readinessProbe | toYaml | nindent 12 }} - {{- end }} - {{- end }} - {{- if (or $config.livenessProbe $default.livenessProbe) }} - livenessProbe: - {{- $config.livenessProbe | default $default.livenessProbe | toYaml | nindent 12 }} - {{- end }} - {{- if (or $config.startupProbe $default.startupProbe) }} - startupProbe: - {{- $config.startupProbe | default $default.startupProbe | toYaml | nindent 12 }} - {{- end }} - resources: - {{- $config.resources | default $default.resources | toYaml | nindent 12 }} - volumeMounts: - - name: config - mountPath: /synapse/config/homeserver.yaml - subPath: homeserver.yaml - - name: config - mountPath: /synapse/config/log.yaml - subPath: log.yaml - - name: worker-config - mountPath: /synapse/config/{{ $name }}.worker - subPath: {{ $name }}.worker - - name: tmpconf - mountPath: /synapse/config/conf.d - - name: secrets - mountPath: /synapse/secrets - - name: signingkey - mountPath: /synapse/keys - {{- if eq $name "media-repository" }} - - name: media - mountPath: /synapse/data - {{- end }} - {{- with $config.volumeMounts | default $default.volumeMounts }} - {{ . | toYaml | nindent 12 }} - {{- end }} - {{- with $config.nodeSelector | default $default.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $config.affinity | default $default.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $config.tolerations | default $default.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: config - configMap: - name: {{ include "matrix-synapse.fullname" $ }} - - name: worker-config - configMap: - name: {{ include "matrix-synapse.workername" (dict "root" $ "worker" "workers") }} - - name: secrets - secret: - secretName: {{ include "matrix-synapse.fullname" $ }} - - name: signingkey - secret: - secretName: {{ $.Values.signingkey.existingSecret | default (include "matrix-synapse.workername" (dict "root" $ "worker" "signingkey")) | quote }} - items: - - key: {{ $.Values.signingkey.existingSecretKey | default "signing.key" | quote }} - path: signing.key - - name: tmpconf - emptyDir: {} - {{- if eq $name "media-repository" }} - - name: media - {{- if $.Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ .Values.persistence.hostPath | quote }} - {{- else if $.Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ $.Values.persistence.existingClaim | default (include "matrix-synapse.fullname" $) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- end }}{{/* end-if media-repository */}} - {{- with $config.volumes | default $default.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/matrix-synapse/values.yaml b/matrix-synapse/values.yaml deleted file mode 100644 index 1343b15..0000000 --- a/matrix-synapse/values.yaml +++ /dev/null @@ -1,950 +0,0 @@ ---- - -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -image: - registry: ghcr.io - repository: element-hq/synapse - # -- Overrides the image tag whose default is the chart appVersion. - tag: - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -# -- Override part of the installed name, will still keep release name. -nameOverride: - -# -- Override the full name of the installed chart. -fullnameOverride: - - -# -- The Matrix domain name, this is what will be used for the domain part in your MXIDs. -serverName: - -# -- The public Matrix server name, this will be used for any public URLs in config as well as for client API links in the ingress. -publicServerName: - -## The source of the signing key used by Synapse in federation. -## -signingkey: - # -- Annotations to apply to the job and rbac for signing-key. - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - ## Enable a Kubernetes job to generate and store a signing key if one does not - ## exist. - ## If you have already run a Matrix server at some point on your domain then - ## you will want to keep the old signing key, either by using the `existingSecret` - ## configuration, or by including the old key under `extraConfig.old_signing_keys` - ## - ## If you lose your signing key then any federation traffic from your instance - ## might not be trusted any more by the wider network. - ## - ## After the initial install, the job should be disabled to speed up subsequent upgrades. - ## - job: - enabled: true - - publishImage: - registry: docker.io - repository: bitnami/kubectl - tag: latest - pullPolicy: IfNotPresent - - ## Specify an existing signing key secret, will need to be created in advance. - ## - # existingSecret: secret-name - # existingSecretKey: signing.key - - ## Resources to apply to the signing key generation job - ## - resources: {} - # limits: - # cpu: 100m - # memory: 250Mi - # requests: - # cpu: 100m - # memory: 250Mi - -## Matrix configuration values that affect other parts of the chart, for any -## value not handled by this block, you will want to instead set it in -## extraConfig below. -## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml -## -config: - ## The publicly accessible URL for the Synapse instance, will default to - ## https://. - ## - # publicBaseurl: 'https://matrix.example.com' - - ## The log level for Synapse and all modules. - ## - # logLevel: INFO - - ## Should usage stats be reported - ## - reportStats: false - - ## Protect registration with recaptcha. (optional) - ## - # recaptcha: - # publicKey: '' - # privateKey: '' - - ## URIs and secret key for TURN servers to use to help establish 1:1 WebRTC - ## calls. - ## - # turnUris: [] - # turnSecret: '' - - ## Registration configuration, note that registration with the - ## container-internal register_new_matrix_user tool is always possible. - ## - # enableRegistration: false - - ## NB; this value will default to a random string if not specified. - # registrationSharedSecret: '' - - ## NB; Strongly recommended to set this to a secure value. - # macaroonSecretKey: '' - - # -- A set of trusted servers to contact if another server doesn't respond to a signing key request. - trustedKeyServers: - - server_name: matrix.org - # verify_keys: - # "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" - - # -- The bind addresses to use for the default listeners - bindAddresses: - - '::' - - ## Extra listeners to configure. - ## - extraListeners: [] - # - port: 9000 - # bind_addresses: ['::'] - # type: manhole - - ## Extra listener types to add onto the main listener. - ## - extraMainListenerTypes: [] - # - consent - - ## Logging - # use TerseJsonFormatter structured logging - # Ref: https://matrix-org.github.io/synapse/latest/structured_logging.html - useStructuredLogging: false - -## Specify arbitrary Synapse configuration here; -## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml -## -extraConfig: {} -# old_signing_keys: -# "ed25519:id": { key: "base64string", expired_ts: 123456789123 } -# use_presence: false -# enable_search: false -# federation_domain_whitelist: -# - lon.example.com -# - nyc.example.com -# - syd.example.com -# dynamic_thumbnails: true - -## Specify additional loggers configutation here; -## Ref: https://matrix-org.github.io/synapse/latest/structured_logging.html -extraLoggers: {} -# synapse.storage.SQL: -# level: WARNING - -## Specify arbitrary - secret - Synapse configuration here; -## These values will be stored in secrets instead of configmaps -## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml -## -extraSecrets: {} -# password_config: -# pepper: '' - -## Configuration to apply to the main Synapse pod. -## -synapse: - ## Only really applicable when the deployment has an RWO PV attached (e.g. when media repository - ## is enabled for the main Synapse pod) - ## Since replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## - strategy: - type: RollingUpdate - - ## Annotations to apply to the main Synapse pod. - ## - annotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/path: "/_synapse/metrics" - # prometheus.io/port: "9090" - - ## Labels to apply to the main Synapse pod. - ## - labels: {} - - ## Additional environment variables to apply to the main Synapse pod - ## - extraEnv: [] - # - name: LD_PRELOAD - # value: /usr/lib/x86_64-linux-gnu/libjemalloc.so.2 - # - name: SYNAPSE_CACHE_FACTOR - # value: "2" - - ## Additional volumes to mount into Synapse - ## - extraVolumes: [] - # - name: spamcheck - # flexVolume: - # driver: ananace/git-live - # options: - # repo: https://github.com/company/synapse-module - # interval: 1d - # readOnly: true - extraVolumeMounts: [] - # - name: spamcheck - # mountPath: /usr/local/lib/python3.7/site-packages/company - - ## Extra commands to run when starting Synapse - ## - extraCommands: [] - # - 'apt-get update -yqq && apt-get install patch -yqq' - # - 'patch -d/usr/local/lib/python3.7/site-packages/synapse -p2 < /synapse/patches/something.patch' - - ## Configuration for the pod security policy, Synapse will by always run as - ## its own user, even if not set. - ## Note that changing this may also require you to use the volumePermission - ## helper depending on your storage. - ## - ## NB; The synapse install is currently unable to run as anything but UID:GID - ## 666:666. - ## - podSecurityContext: {} - # fsGroup: 666 - # runAsGroup: 666 - # runAsUser: 666 - - ## Configuration for the container security policy, refer to the above - ## podSecurityContext for more relevant information. - ## - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 666 - - ## Resources to apply to the main Synapse pod. - ## - resources: {} - # limits: - # cpu: 1000m - # memory: 2500Mi - # requests: - # cpu: 1000m - # memory: 2500Mi - - ## Liveness probe configuration to use - ## - livenessProbe: - httpGet: - path: /health - port: http - - ## Readiness probe configuration to use - ## - readinessProbe: - httpGet: - path: /health - port: http - - ## Startup probe configuration to use - ## - startupProbe: - failureThreshold: 12 - httpGet: - path: /health - port: http - - ## Node selectors to set for the main Synapse pod. - ## - nodeSelector: {} - - ## Tolerations to set for the main Synapse pod. - ## - tolerations: [] - - ## Affinity to set for the main Synapse pod. - ## - affinity: {} - -## Configuration for handling Synapse workers, which are useful for handling -## high-load deployments. -## -## More information is available at; -## https://github.com/matrix-org/synapse/blob/master/docs/workers.md -## -workers: - ## Default configuration, this is inherited into all workers, and can also be - ## overriden on each worker type. - ## - default: - ## The number of worker replicas, note that some workers require special - ## handling. Refer to the information URL above. - ## - replicaCount: 1 - - ## Update strategy - only really applicable for deployments with RWO PVs attached (e.g. media repository) - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## - strategy: - type: RollingUpdate - - ## A specific name for this worker, can't be set globally. - ## Note that this can only be set when replicaCount is 1 - # name: - - ## Additional configuration to set for the worker, can't be set globally. - # extraConfig: {} - - ## Annotations to apply to the worker. - ## - annotations: {} - # prometheus.io/scrape: "true" - # prometheus.io/path: /_synapse/metrics - # prometheus.io/port: 9090 - - ## Additional environment variables to add to the worker. - ## - extraEnv: [] - # - name: LD_PRELOAD - # value: /usr/lib/x86_64-linux-gnu/libjemalloc.so.2 - # - name: SYNAPSE_CACHE_FACTOR - # value: "1.0" - - ## Additional volumes to add to the worker. - ## Useful for the media repo, or for adding Python modules. - ## - volumes: [] - volumeMounts: [] - - ## Extra commands to run when starting Synapse - ## - extraCommands: [] - # - 'apt-get update -yqq && apt-get install patch -yqq' - # - 'patch -d/usr/local/lib/python3.7/site-packages/synapse -p2 < /synapse/patches/something.patch' - - ## Security context information to set to the worker. - ## - podSecurityContext: {} - # fsGroup: 666 - # runAsGroup: 666 - # runAsUser: 666 - - ## Container security context information to set to the worker. - ## - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 666 - - ## Resources to apply to the worker. - ## - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - ## Liveness probe configuration to use - ## - livenessProbe: - httpGet: - path: /health - port: metrics - - ## Readiness probe configuration to use - ## - readinessProbe: - httpGet: - path: /health - port: metrics - - ## Readiness probe configuration to use - ## Defaults to allowing workers 60 seconds to start up - ## - startupProbe: - failureThreshold: 6 - httpGet: - path: /health - port: metrics - - ## Node selector configuration to set on the worker. - ## - nodeSelector: {} - - ## Toleration configuration to set on the worker. - ## - tolerations: [] - - ## Affinity configuration to set on the worker. - ## - affinity: {} - - ## The generic worker can be used to handle most endpoints. - ## Be careful when enabling the sync endpoints as they can eat large amounts of - ## resources. Refer to the information URL above for more info. - ## Proper load balancing with the K8s Ingress resource may not be possible. - ## - generic_worker: - enabled: false - generic: true - listeners: [client, federation] - csPaths: - ## Sync requests - # - "/_matrix/client/(r0|v3)/sync$" - - "/_matrix/client/(api/v1|r0|v3)/events$" - # - "/_matrix/client/(api/v1|r0|v3)/initialSync$" - # - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" - - ## Client API requests - - "/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" - - "/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" - - "/_matrix/client/v1/rooms/.*/hierarchy$" - - "/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" - - "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" - - "/_matrix/client/(r0|v3|unstable)/account/3pid$" - - "/_matrix/client/(r0|v3|unstable)/account/whoami$" - - "/_matrix/client/(r0|v3|unstable)/devices$" - - "/_matrix/client/versions$" - - "/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" - - "/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" - - "/_matrix/client/(api/v1|r0|v3|unstable)/search$" - - ## Encryption requests - - "/_matrix/client/(r0|v3|unstable)/keys/query$" - - "/_matrix/client/(r0|v3|unstable)/keys/changes$" - - "/_matrix/client/(r0|v3|unstable)/keys/claim$" - - "/_matrix/client/(r0|v3|unstable)/room_keys/" - - ## Registration/login requests - - "/_matrix/client/(api/v1|r0|v3|unstable)/login$" - - "/_matrix/client/(r0|v3|unstable)/register$" - - "/_matrix/client/v1/register/m.login.registration_token/validity$" - - ## Event sending requests - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" - - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" - - "/_matrix/client/(api/v1|r0|v3|unstable)/join/" - - "/_matrix/client/(api/v1|r0|v3|unstable)/profile/" - - ## User directory search requests - - "/_matrix/client/(r0|v3|unstable)/user_directory/search" - - ## Worker event streams - ## See https://matrix-org.github.io/synapse/latest/workers.html#stream-writers - ## - - ## The typing event stream - # - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" - - ## The to_device event stream - # - "/_matrix/client/(r0|v3|unstable)/sendToDevice/" - - ## The account_data event stream - # - "/_matrix/client/(r0|v3|unstable)/.*/tags" - # - "/_matrix/client/(r0|v3|unstable)/.*/account_data" - - ## The receipts event stream - # - "/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" - # - "/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" - - ## The presence event stream - # - "/_matrix/client/(api/v1|r0|v3|unstable)/presence/" - - paths: - ## Federation requests - - "/_matrix/federation/v1/event/" - - "/_matrix/federation/v1/state/" - - "/_matrix/federation/v1/state_ids/" - - "/_matrix/federation/v1/backfill/" - - "/_matrix/federation/v1/get_missing_events/" - - "/_matrix/federation/v1/publicRooms" - - "/_matrix/federation/v1/query/" - - "/_matrix/federation/v1/make_join/" - - "/_matrix/federation/v1/make_leave/" - - "/_matrix/federation/(v1|v2)/send_join/" - - "/_matrix/federation/(v1|v2)/send_leave/" - - "/_matrix/federation/(v1|v2)/invite/" - - "/_matrix/federation/v1/event_auth/" - - "/_matrix/federation/v1/exchange_third_party_invite/" - - "/_matrix/federation/v1/user/devices/" - - "/_matrix/key/v2/query" - - "/_matrix/federation/v1/hierarchy/" - - ## Inbound federation transaction request - - "/_matrix/federation/v1/send/" - - ## To separate the generic worker into specific concerns - for example federation transaction receiving; - ## NB; This worker should have incoming traffic routed based on source IP, which is - ## left as an exercise to the reader. - ## https://github.com/matrix-org/synapse/blob/develop/docs/workers.md#load-balancing - # federation_reader: - # enabled: true - # generic: true - # listeners: [federation] - # paths: - # - "/_matrix/federation/v1/send/" - - ## Or /sync handling. - ## NB; Care should be taken to route users to the same instance when scaling this worker, - ## this is left as an exercise to the reader. - ## https://github.com/matrix-org/synapse/blob/develop/docs/workers.md#load-balancing - # synchrotron: - # enabled: true - # generic: true - # listeners: [client] - # csPaths: - # - "/_matrix/client/(v2_alpha|r0|v3)/sync$" - # - "/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$" - # - "/_matrix/client/(api/v1|r0|v3)/initialSync$" - # - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" - - ## Specialized - non-generic workers below; - - ## This worker deals with pushing notifications. - ## NB; Only one instance of this worker can be run at a time, refer to the - ## information URL above. - ## - pusher: - enabled: false - - ## This worker handles sending data to registered appservices. - ## NB; Only one instance of this worker can be run at at time, refer to the - ## information URL above. - ## - appservice: - enabled: false - generic: true - name: appservices - - ## This worker handles sending federation traffic to other Synapse servers. - ## - federation_sender: - enabled: false - - ## Specialized workers can also be run as multiple separate instances, - ## make sure to read the relevant documentation. - ## - # federation_sender_other: - # app: federation_sender - # enabled: false - - ## This worker deals with serving and storing media. - ## NB; Running multiple instances will conflict with background jobs. - ## - media_repository: - enabled: false - listeners: [media] - csPaths: - - "/_matrix/media/.*" - - "/_synapse/admin/v1/purge_media_cache$" - - "/_synapse/admin/v1/room/.*/media" - - "/_synapse/admin/v1/user/.*/media" - - "/_synapse/admin/v1/media/" - - "/_synapse/admin/v1/quarantine_media/" - - "/_synapse/admin/v1/users/.*/media$" - paths: - - "/_matrix/media/.*" - - ## This worker deals with user directory searches. - ## - user_dir: - enabled: false - name: userdir - listeners: [client] - csPaths: - - "/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$" - - ## This worker handles key uploads, and may also stub out presence if that is - ## disabled. If you set extraConfig.use_presence=false then you may want to - ## uncomment the second path. - ## - frontend_proxy: - enabled: false - listeners: [client] - csPaths: - - "/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload" - # - "/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status" - -## This will set up a Lighttpd server to respond to any -## /.well-known/matrix/server requests, to make federation possible without -## adding SRV-records to DNS. -## -wellknown: - enabled: false - image: - registry: docker.io - repository: library/nginx - tag: 1.27.3 - pullPolicy: IfNotPresent - - replicaCount: 1 - podLabels: {} - podAnnotations: [] - podSecurityContext: {} - securityContext: {} - containerPort: 80 - env: [] - resources: {} - nodeSelector: {} - tolerations: [] - affinity: {} - - service: - type: ClusterIP - port: 8080 - annotations: {} - - # -- The host and port combo to serve on .well-known/matrix/server. - # m.server: matrix.example.com:443 - server: {} - - # -- Data to serve on .well-known/matrix/client. - # m.homeserver: - # base_url: https://matrix.example.com - client: {} - # -- Data to serve on .well-known/element/element.json - # call: - # widget_url: https://call.element.io - element: {} - -## This configuration is for setting up the internally provided Postgres server, -## if you instead want to use an existing server, then you may want to set -## enabled to false and configure the externalPostgresql block. -## -postgresql: - enabled: true - - auth: - # XXX Change me! - password: synapse - - ## Or use existing secret with "password" key - ## instead of static password - ## - # existingSecret: postgresql-secret - - username: synapse - database: synapse - - primary: - initdb: - args: "--lc-collate=C --lc-ctype=C" - - persistence: - # storageClass: "-" - size: 16Gi - - # -- set extra configuration - # ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config - # e.g. txn_limit, allow_unsafe_locale - options: {} - - # -- Extra arguments for the database connection - # ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config - extraArgs: {} - -## An externally configured Postgres server to use for Synapse's database, note -## that the database needs to have both COLLATE and CTYPE set to "C". -## -externalPostgresql: - # host: postgres - port: 5432 - username: synapse - # password: synapse - - ## The name of an existing secret with postgresql credentials - # existingSecret: postgres-secrets - - ## Password key to be retrieved from existing secret - # existingSecretPasswordKey: postgres-password - - database: synapse - # sslmode: prefer - - # -- set extra configuration - # ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config - # e.g. txn_limit, allow_unsafe_locale - options: {} - - # -- Extra arguments for the database connection - # ref: https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#synapse-config - extraArgs: {} - -## This configuration is for the internal Redis that's deployed for use with -## workers/sharding, for an external Redis server you want to set enabled to -## false and configure the externalRedis block. -## -redis: - enabled: true - - ## Database ID for non-default database - # dbid: 0 - - auth: - enabled: true - # -- XXX Change me! - password: synapse - # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time - existingSecret: "" - # -- Password key to be retrieved from existing secret - existingSecretPasswordKey: "" - - # -- Or use existing secret with "redis-password" key instead of static password - existingSecret: - - architecture: standalone - global: - storageClass: "" - master: - persistence: - enabled: true - service: - port: 6379 - replica: - persistence: - enabled: true -## An externally configured Redis server to use for workers/sharding. -## -externalRedis: - # host: redis - port: 6379 - # password: synapse - - ## Database ID for non-default database - # dbid: 0 - - ## The name of an existing secret with redis credentials - # existingSecret: redis-secrets - - ## Password key to be retrieved from existing secret - # existingSecretPasswordKey: redis-password - -## Persistence configuration for the media repository function. -## This PVC will be mounted in either Synapse or a media_repo worker. -## -## NB; If you want to be able to scale this, you will have to set the -## accessMode to RWX/ReadWriteMany. -## -persistence: - enabled: true - annotations: {} - # -- Persistent Volume Storage Class - # If defined, storageClassName: - # If set to "-", storageClassName: "", which disables dynamic provisioning - # If undefined (the default) or set to null, no storageClassName spec is - # set, choosing the default provisioner. (gp2 on AWS, standard on - # GKE, AWS & OpenStack) - storageClass: - - # -- A manually managed Persistent Volume and Claim - # Requires persistence.enabled: true - # If defined, PVC must be created manually before volume will be bound - existingClaim: - - # -- Do not create an PVC, direct use hostPath in Pod - hostPath: - accessMode: ReadWriteOnce - size: 10Gi - -## Set up an init container to chown the mounted media if necessary. -## -volumePermissions: - enabled: false - - uid: 666 - gid: 666 - - image: - registry: docker.io - repository: library/alpine - tag: 3.21.2 - pullPolicy: Always - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - resources: {} - # resources: - # requests: - # memory: 128Mi - # cpu: 100m - -## Configuration for the main Synapse service. -## To use TLS inside Synapse itself, add an TLS listener, and change the ports -## configured in here. -## -service: - type: ClusterIP - port: 8008 - targetPort: http - -## The K8s ingress configuration, this will be quite heavily used in order to -## set up all routing necessary for use with a sharded Synapse instance. -## If you're not using a Ingress compatible K8s ingress, you will need to set up -## your own routing instead. -## -ingress: - enabled: true - - ## Generate traefik-compatible regex paths instead of nginx-compatible ones. - ## - traefikPaths: false - - ## Annotations to apply to the created ingress resource. - ## - annotations: {} - # nginx.ingress.kubernetes.io/use-regex: "true" - # # Sync proxy-body-size with Synapse's max_upload_size which is 10M by default - # nginx.ingress.kubernetes.io/proxy-body-size: 10m - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - ## Hosts to add to the ingress configuration for handling Client-to-Server - ## API request paths. - ## - ## NB; config.serverName is included if includeServerName is set. (default) - ## - csHosts: [] - # - matrix.example.com - - ## Additional hosts to add to the ingress configuration for handling - ## Server-to-Server API requests. - ## - ## NB; config.serverName is included if includeServerName is set. (default) - ## - hosts: [] - # - example.com - - ## Additional hosts to add to the ingress configuration for handling - ## well-known requests. - ## - ## NB; config.serverName is included if includeServerName is set. (default) - ## - wkHosts: [] - # - example.com - - ## Additional paths to add to the Server-to-Server ingress blocks, will be - ## inserted before the /_matrix catch-all path. - ## - paths: [] - # # K8s 1.19+ - # - path: /_matrix/media - # pathType: Prefix - # backend: - # service: - # name: matrix-media-repo - # port: 8000 - # # K8s <1.19 - # - path: /_matrix/media - # backend: - # serviceName: matrix-media-repo - # servicePort: 8000 - - ## Additional paths to add to the Client-to-Server ingress blocks, will be - ## inserted before the /_matrix and /_synapse catch-all paths. - ## - csPaths: [] - # # K8s 1.19+ - # - path: /_matrix/media - # pathType: Prefix - # backend: - # service: - # name: matrix-media-repo - # port: - # number: 8000 - # # K8s <1.19 - # - path: /_matrix/media - # backend: - # serviceName: matrix-media-repo - # servicePort: 8000 - - ## Should the /_synapse path be included in the ingress, admin APIs are - ## provided under this path. - ## - includeUnderscoreSynapse: true - - ## Should config.serverName be included in the list of ingress paths, can be - ## set to false if the main domain is managed in some external way. - ## - includeServerName: true - - ## TLS configuration to include in the ingress configuration - ## - tls: [] - # - secretName: chart-example-tls - # hosts: - # - example.com - # - matrix.example.com - - ## Set the name of the IngressClass cluster resource (optional) - ## https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec - # className: can-be-anything - -## Specifies whether a service account should be created, and annotations to add. -## -serviceAccount: - create: false - annotations: {} - # eks.amazonaws.com/role-arn: arn:aws:iam::000000000000:role/matrix-synapse - # name: non-default-service-name - -prometheus: - podmonitor: - enabled: false - labels: {} - rules: - enabled: false - labels: {} - defaults: - enabled: true - additionalRules: [] - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} diff --git a/mautrix-bridge/.helmignore b/mautrix-bridge/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/mautrix-bridge/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/mautrix-bridge/Chart.yaml b/mautrix-bridge/Chart.yaml deleted file mode 100644 index 8793e12..0000000 --- a/mautrix-bridge/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -name: mautrix-bridge -description: A Matrix puppeting bridge mautrix. -type: application -version: 0.0.16 -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/mautrix-bridge/README.md b/mautrix-bridge/README.md deleted file mode 100644 index e87da16..0000000 --- a/mautrix-bridge/README.md +++ /dev/null @@ -1,225 +0,0 @@ ---- -title: "mautrix-bridge" - -description: "A Matrix puppeting bridge mautrix." - ---- - -# mautrix-bridge - -![Version: 0.0.16](https://img.shields.io/badge/Version-0.0.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -A Matrix puppeting bridge mautrix. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -For use of the bridge: -* **signal**, use the `./bridge-values/signal/values.yaml` -* **slack**, use the `./bridge-values/slack/values.yaml` - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/mautrix-bridge -``` - -You can install a chart release using the following command: - -```bash -helm install mautrix-bridge-release oci://codeberg.org/wrenix/helm-charts/mautrix-bridge --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall mautrix-bridge-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.appservice.address | string | `"http://localhost:29328"` | The address that the homeserver can use to connect to this appservice. | -| config.appservice.as_token | string | `""` | | -| config.appservice.async_transactions | bool | `false` | Should incoming events be handled asynchronously? This may be necessary for large public instances with lots of messages going through. However, messages will not be guaranteed to be bridged in the same order they were sent in. | -| config.appservice.bot.avatar | string | `"mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp"` | | -| config.appservice.bot.displayname | string | `"Signal bridge bot"` | Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty to leave display name/avatar as-is. | -| config.appservice.bot.username | string | `"signalbot"` | Username of the appservice bot. | -| config.appservice.ephemeral_events | bool | `true` | Whether or not to receive ephemeral events via appservice transactions. Requires MSC2409 support (i.e. Synapse 1.22+). | -| config.appservice.hostname | string | `"0.0.0.0"` | The hostname and port where this appservice should listen. | -| config.appservice.hs_token | string | `""` | | -| config.appservice.id | string | `"signal"` | The unique ID of this appservice. | -| config.appservice.port | int | `29328` | | -| config.appservice.public_address | string | `nil` | | -| config.appservice.username_template | string | `"signal_{{.}}"` | Localpart template of MXIDs for Signal users. {{.}} is replaced with the internal ID of the Signal user. | -| config.backfill.enabled | bool | `false` | Whether to do backfilling at all. | -| config.backfill.max_catchup_messages | int | `500` | Maximum number of missed messages to backfill after bridge restarts. | -| config.backfill.max_initial_messages | int | `50` | Maximum number of messages to backfill in empty rooms. | -| config.backfill.queue.batch_delay | int | `20` | Delay between batches in seconds. | -| config.backfill.queue.batch_size | int | `100` | Number of messages to backfill in one batch. | -| config.backfill.queue.enabled | bool | `false` | Should the backfill queue be enabled? | -| config.backfill.queue.max_batches | int | `-1` | Maximum number of batches to backfill per portal. If set to -1, all available messages will be backfilled. | -| config.backfill.queue.max_batches_override | object | `{}` | Optional network-specific overrides for max batches. Interpretation of this field depends on the network connector. | -| config.backfill.threads.max_initial_messages | int | `50` | Maximum number of messages to backfill in a new thread. | -| config.backfill.unread_hours_threshold | int | `720` | If a backfilled chat is older than this number of hours, mark it as read even if it's unread on the remote network. | -| config.bridge.bridge_matrix_leave | bool | `false` | Should leaving Matrix rooms be bridged as leaving groups on the remote network? | -| config.bridge.cleanup_on_logout.bad_credentials.private | string | `"nothing"` | | -| config.bridge.cleanup_on_logout.bad_credentials.relayed | string | `"nothing"` | | -| config.bridge.cleanup_on_logout.bad_credentials.shared_has_users | string | `"nothing"` | | -| config.bridge.cleanup_on_logout.bad_credentials.shared_no_users | string | `"nothing"` | | -| config.bridge.cleanup_on_logout.enabled | bool | `false` | Should cleanup on logout be enabled at all? | -| config.bridge.cleanup_on_logout.manual.private | string | `"nothing"` | Action for private portals which will never be shared with other Matrix users. | -| config.bridge.cleanup_on_logout.manual.relayed | string | `"nothing"` | Action for portals with a relay user configured. | -| config.bridge.cleanup_on_logout.manual.shared_has_users | string | `"nothing"` | Action for portals which have other logged-in Matrix users. | -| config.bridge.cleanup_on_logout.manual.shared_no_users | string | `"nothing"` | Action for portals which may be shared, but don't currently have any other Matrix users. | -| config.bridge.command_prefix | string | `"!bridge"` | The prefix for commands. Only required in non-management rooms. | -| config.bridge.mute_only_on_create | bool | `true` | Should room mute status only be synced when creating the portal? Like tags, mutes can't currently be synced back to the remote network. | -| config.bridge.permissions | object | `{"*":"relay","@admin:example.com":"admin","example.com":"user"}` | Permissions for using the bridge. Permitted values: relay - Talk through the relaybot (if enabled), no access otherwise commands - Access to use commands in the bridge, but not login. user - Access to use the bridge with puppeting. admin - Full access, user level with some additional administration tools. Permitted keys: * - All Matrix users domain - All users on that homeserver mxid - Specific user | -| config.bridge.personal_filtering_spaces | bool | `true` | Should the bridge create a space for each login containing the rooms that account is in? | -| config.bridge.private_chat_portal_meta | bool | `false` | Whether the bridge should set names and avatars explicitly for DM portals. This is only necessary when using clients that don't support MSC4171. | -| config.bridge.relay.admin_only | bool | `true` | Should only admins be allowed to set themselves as relay users? | -| config.bridge.relay.default_relays | list | `[]` | List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. | -| config.bridge.relay.displayname_format | string | `"{{ .DisambiguatedName }}"` | For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names. This has all the Sender variables available under message_formats (but without the .Sender prefix). Note that you need to manually remove the displayname from message_formats above. | -| config.bridge.relay.enabled | bool | `false` | Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any authenticated user into a relaybot for that chat. | -| config.bridge.relay.message_formats | object | `{"m.audio":"{{ .Sender.DisambiguatedName }} sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}","m.emote":"* {{ .Sender.DisambiguatedName }} {{ .Message }}","m.file":"{{ .Sender.DisambiguatedName }} sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}","m.image":"{{ .Sender.DisambiguatedName }} sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}","m.location":"{{ .Sender.DisambiguatedName }} sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}","m.notice":"{{ .Sender.DisambiguatedName }}: {{ .Message }}","m.text":"{{ .Sender.DisambiguatedName }}: {{ .Message }}","m.video":"{{ .Sender.DisambiguatedName }} sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}"}` | The formats to use when sending messages via the relaybot. Available variables: .Sender.UserID - The Matrix user ID of the sender. .Sender.Displayname - The display name of the sender (if set). .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room. .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set, plus the user ID in parentheses if the displayname is not unique. If the displayname is not set, this is just the user ID. .Message - The `formatted_body` field of the message. .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string. .FileName - The name of the file being sent. | -| config.bridge.tag_only_on_create | bool | `true` | Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority. Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone. | -| config.database.max_conn_idle_time | string | `nil` | Maximum connection idle time and lifetime before they're closed. Disabled if null. Parsed with https://pkg.go.dev/time#ParseDuration | -| config.database.max_conn_lifetime | string | `nil` | | -| config.database.max_idle_conns | int | `2` | | -| config.database.max_open_conns | int | `20` | Maximum number of connections. Mostly relevant for Postgres. | -| config.database.type | string | `"postgres"` | The database type. "sqlite3-fk-wal" and "postgres" are supported. | -| config.database.uri | string | `"postgres://user:password@host/database?sslmode=disable"` | The database URI. SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. https://github.com/mattn/go-sqlite3#connection-string Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql | -| config.direct_media.allow_proxy | bool | `true` | If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916 media download redirects if the requester supports it. Optionally, you can force redirects and not allow proxying at all by setting this to false. This option does nothing if the remote network does not support media downloads over HTTP. | -| config.direct_media.enabled | bool | `false` | Should custom mxc:// URIs be used instead of reuploading media? | -| config.direct_media.media_id_prefix | string | `nil` | Optionally specify a custom prefix for the media ID part of the MXC URI. | -| config.direct_media.server_key | string | `""` | Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file. This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them. | -| config.direct_media.server_name | string | `"discord-media.example.com"` | The server name to use for the custom mxc:// URIs. This server name will effectively be a real Matrix server, it just won't implement anything other than media. You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge. | -| config.direct_media.well_known_response | string | `nil` | Optionally a custom .well-known response. This defaults to `server_name:443` | -| config.double_puppet.allow_discovery | bool | `false` | Whether to allow client API URL discovery for other servers. When using this option, users on other servers can use double puppeting even if their server URLs aren't explicitly added to the servers map above. | -| config.double_puppet.secrets | object | `{"example.com":"as_token:foobar"}` | Shared secrets for automatic double puppeting. See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions. | -| config.double_puppet.servers | object | `{"example.com":"https://example.com"}` | Servers to always allow double puppeting from. This is only for other servers and should NOT contain the server the bridge is on. | -| config.encryption.allow | bool | `false` | Allow encryption, work in group chat rooms with e2ee enabled | -| config.encryption.allow_key_sharing | bool | `false` | Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. You must use a client that supports requesting keys from other users to use this feature. | -| config.encryption.appservice | bool | `false` | Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. | -| config.encryption.default | bool | `false` | Default to encryption, force-enable encryption in all portals the bridge creates This will cause the bridge bot to be in private chats for the encryption to work properly. | -| config.encryption.delete_keys | object | `{"delete_fully_used_on_decrypt":false,"delete_on_device_delete":false,"delete_outbound_on_ack":false,"delete_outdated_inbound":false,"delete_prev_on_new_session":false,"dont_store_outbound":false,"periodically_delete_expired":false,"ratchet_on_decrypt":false}` | Options for deleting megolm sessions from the bridge. | -| config.encryption.delete_keys.delete_fully_used_on_decrypt | bool | `false` | Delete fully used keys (index >= max_messages) after decrypting messages. | -| config.encryption.delete_keys.delete_on_device_delete | bool | `false` | Delete megolm sessions received from a device when the device is deleted. | -| config.encryption.delete_keys.delete_outbound_on_ack | bool | `false` | Beeper-specific: delete outbound sessions when hungryserv confirms that the user has uploaded the key to key backup. | -| config.encryption.delete_keys.delete_outdated_inbound | bool | `false` | Delete inbound megolm sessions that don't have the received_at field used for automatic ratcheting and expired session deletion. This is meant as a migration to delete old keys prior to the bridge update. | -| config.encryption.delete_keys.delete_prev_on_new_session | bool | `false` | Delete previous megolm sessions from same device when receiving a new one. | -| config.encryption.delete_keys.dont_store_outbound | bool | `false` | Don't store outbound sessions in the inbound table. | -| config.encryption.delete_keys.periodically_delete_expired | bool | `false` | Periodically delete megolm sessions when 2x max_age has passed since receiving the session. | -| config.encryption.delete_keys.ratchet_on_decrypt | bool | `false` | Ratchet megolm sessions forward after decrypting messages. | -| config.encryption.pickle_key | string | `nil` | | -| config.encryption.plaintext_mentions | string | `nil` | | -| config.encryption.require | bool | `false` | Require encryption, drop any unencrypted messages. | -| config.encryption.rotation.disable_device_change_key_rotation | bool | `false` | Disable rotating keys when a user's devices change? You should not enable this option unless you understand all the implications. | -| config.encryption.rotation.enable_custom | bool | `false` | Enable custom Megolm room key rotation settings. Note that these settings will only apply to rooms created after this option is set. | -| config.encryption.rotation.messages | int | `100` | The maximum number of messages that should be sent with a given a session before changing it. The Matrix spec recommends 100 as the default. | -| config.encryption.rotation.milliseconds | int | `604800000` | The maximum number of milliseconds a session should be used before changing it. The Matrix spec recommends 604800000 (a week) as the default. | -| config.encryption.verification_levels.receive | string | `"unverified"` | Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix. | -| config.encryption.verification_levels.send | string | `"unverified"` | Minimum level that the bridge should accept for incoming Matrix messages. | -| config.encryption.verification_levels.share | string | `"cross-signed-tofu"` | Minimum level that the bridge should require for accepting key requests. | -| config.homeserver.address | string | `"https://matrix.example.com"` | The address that this appservice can use to connect to the homeserver. | -| config.homeserver.async_media | bool | `false` | Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? | -| config.homeserver.domain | string | `"example.com"` | The domain of the homeserver (also known as server_name, used for MXIDs, etc). | -| config.homeserver.message_send_checkpoint_endpoint | string | `nil` | Endpoint for reporting per-message status. | -| config.homeserver.ping_interval_seconds | int | `0` | How often should the websocket be pinged? Pinging will be disabled if this is zero. | -| config.homeserver.public_address | string | `nil` | | -| config.homeserver.software | string | `"standard"` | What software is the homeserver running? Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. | -| config.homeserver.status_endpoint | string | `nil` | The URL to push real-time bridge status to. If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. The bridge will use the appservice as_token to authorize requests. | -| config.homeserver.websocket | bool | `false` | Should the bridge use a websocket for connecting to the homeserver? The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, mautrix-asmux (deprecated), and hungryserv (proprietary). | -| config.homeserver.websocket_proxy | string | `""` | | -| config.logging.min_level | string | `"warn"` | | -| config.logging.writers[0].format | string | `"json"` | | -| config.logging.writers[0].type | string | `"stdout"` | | -| config.management_room_text.additional_help | string | `""` | Optional extra text sent when joining a management room. | -| config.management_room_text.welcome | string | `"Hello, I'm a Signal bridge bot."` | Sent when joining a room. | -| config.management_room_text.welcome_connected | string | `"Use `help` for help."` | Sent when joining a management room and the user is already logged in. | -| config.management_room_text.welcome_unconnected | string | `"Use `help` for help or `login` to log in."` | Sent when joining a management room and the user is not logged in. | -| config.matrix.delivery_receipts | bool | `false` | Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal? | -| config.matrix.federate_rooms | bool | `true` | Whether or not created rooms should have federation enabled. If false, created portal rooms will never be federated. | -| config.matrix.message_error_notices | bool | `true` | Whether the bridge should send error notices via m.notice events when a message fails to bridge. | -| config.matrix.message_status_events | bool | `false` | Whether the bridge should send the message status as a custom com.beeper.message_send_status event. | -| config.matrix.sync_direct_chat_list | bool | `false` | Should the bridge update the m.direct account data event when double puppeting is enabled. Note that updating the m.direct event is not atomic (except with mautrix-asmux) and is therefore prone to race conditions. | -| config.provisioning.debug_endpoints | bool | `false` | Enable debug API at /debug with provisioning authentication. | -| config.provisioning.prefix | string | `"/_matrix/provision"` | Prefix for the provisioning API paths. | -| config.provisioning.shared_secret | string | `"generate"` | Shared secret for authentication. If set to "generate", a random secret will be generated, or if set to "disable", the provisioning API will be disabled. | -| config.public_media.enabled | bool | `false` | Should public media be enabled at all? The public_address field under the appservice section MUST be set when enabling public media. | -| config.public_media.expiry | int | `0` | Number of seconds that public media URLs are valid for. If set to 0, URLs will never expire. | -| config.public_media.hash_length | int | `32` | Length of hash to use for public media URLs. Must be between 0 and 32. | -| config.public_media.signing_key | string | `"generate"` | A key for signing public media URLs. If set to "generate", a random key will be generated. | -| config.signal.device_name | string | `"mautrix-signal"` | Default device name that shows up in the Signal app. | -| config.signal.displayname_template | string | `"{{ printf \"%s (%s) %s\" (or .ProfileName .ContactName \"Unknown user\") (or .PhoneNumber \"Unknown number\" (or .AboutEmoji \"\")}}"` | Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. {{.ProfileName}} - The Signal profile name set by the user. {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. {{.PhoneNumber}} - The phone number of the user. {{.UUID}} - The UUID of the Signal user. {{.AboutEmoji}} - The emoji set by the user in their profile. | -| config.signal.location_format | string | `"https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s"` | | -| config.signal.note_to_self_avatar | string | `"mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL"` | | -| config.signal.number_in_topic | bool | `true` | Should the Signal user's phone number be included in the room topic in private chat portal rooms? | -| config.signal.sync_contacts_on_startup | bool | `true` | Should the bridge request the user's contact list from the phone on startup? | -| config.signal.use_contact_avatars | bool | `false` | Should avatars from the user's contact list be used? This is not safe on multi-user instances. | -| config.signal.use_outdated_profiles | bool | `false` | Should the bridge sync ghost user info even if profile fetching fails? This is not safe on multi-user instances. | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"dock.mau.dev"` | | -| image.repository | string | `""` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/_matrix/mau/live"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | accessMode | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"10Gi"` | size | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/_matrix/mau/ready"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| registration."de.sorunome.msc2409.push_ephemeral" | bool | `true` | | -| registration.namespaces.users[0].exclusive | bool | `true` | | -| registration.namespaces.users[0].regex | string | `"^@signalbot:example.org$"` | | -| registration.namespaces.users[1].exclusive | bool | `true` | | -| registration.namespaces.users[1].regex | string | `"^@signal_.*:example.org$"` | | -| registration.push_ephemeral | bool | `true` | | -| registration.rate_limited | bool | `false` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `false` | | -| serviceAccount.create | bool | `false` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/mautrix-bridge/_docs.gotmpl b/mautrix-bridge/_docs.gotmpl deleted file mode 100644 index 867fd60..0000000 --- a/mautrix-bridge/_docs.gotmpl +++ /dev/null @@ -1,5 +0,0 @@ -{{ define "chart.prerequirements" -}} -For use of the bridge: -* **signal**, use the `./bridge-values/signal/values.yaml` -* **slack**, use the `./bridge-values/slack/values.yaml` -{{ end }} diff --git a/mautrix-bridge/bridge-values/signal/values.yaml b/mautrix-bridge/bridge-values/signal/values.yaml deleted file mode 100644 index 629a640..0000000 --- a/mautrix-bridge/bridge-values/signal/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -image: - repository: mautrix/signal - tag: "v0.7.5" - -config: - bridge: - command_prefix: '!signal' - database: - uri: postgres://user:password@host/maturix-signal?sslmode=disable - appservice: - id: signal - bot: - username: signalbot - displayname: Signal bridge bot - avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - username_template: signal_{{.}} - - management_room_text: - welcome: "Hello, I'm a Signal bridge bot." - - signal: - # -- Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. - # {{.ProfileName}} - The Signal profile name set by the user. - # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. - # {{.PhoneNumber}} - The phone number of the user. - # {{.UUID}} - The UUID of the Signal user. - # {{.AboutEmoji}} - The emoji set by the user in their profile. - displayname_template: '{{ printf "%s (%s) %s" (or .ProfileName .ContactName "Unknown user") (or .PhoneNumber "Unknown number" (or .AboutEmoji "")}}' - # -- Should avatars from the user's contact list be used? This is not safe on multi-user instances. - use_contact_avatars: false - # -- Should the bridge request the user's contact list from the phone on startup? - sync_contacts_on_startup: true - # -- Should the bridge sync ghost user info even if profile fetching fails? This is not safe on multi-user instances. - use_outdated_profiles: false - # -- Should the Signal user's phone number be included in the room topic in private chat portal rooms? - number_in_topic: true - # -- Default device name that shows up in the Signal app. - device_name: mautrix-signal - # Avatar image for the Note to Self room. - note_to_self_avatar: mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL - # Format for generating URLs from location messages for sending to Signal. - # Google Maps: 'https://www.google.com/maps/place/%[1]s,%[2]s' - # OpenStreetMap: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' - location_format: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' - -registration: - namespaces: - users: - - regex: ^@signalbot:example.org$ - exclusive: true - - regex: ^@signal_.*:example.org$ - exclusive: true diff --git a/mautrix-bridge/bridge-values/slack/values.yaml b/mautrix-bridge/bridge-values/slack/values.yaml deleted file mode 100644 index 2057b0f..0000000 --- a/mautrix-bridge/bridge-values/slack/values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -image: - repository: mautrix/slack - tag: "v0.1.4" - -config: - bridge: - command_prefix: '!slack' - database: - uri: postgres://user:password@host/mautrix-slack?sslmode=disable - appservice: - id: slack - bot: - username: slackbot - displayname: "Slack bridge bot" - avatar: "mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem" - username_template: slack_{{.}} - - management_room_text: - welcome: "Hello, I'm a Slack bridge bot." - - slack: - displayname_template: '{{or .Profile.DisplayName .Profile.RealName .Name}}{{if .IsBot}} (bot){{end}}' - channel_name_template: '{{if and .IsChannel (not .IsPrivate)}}#{{end}}{{.Name}}{{if .IsNoteToSelf}} (you){{end}}' - team_name_template: "{{ .Name }}" - custom_emoji_reactions: true - workspace_avatar_in_rooms: false - participant_sync_count: 5 - participant_sync_only_on_create: true - mute_channels_by_default: false - backfill: - conversation_count: -1 - -registration: - namespaces: - users: - - regex: ^@slackbot:example.org$ - exclusive: true - - regex: ^@slack_.*:example.org$ - exclusive: true diff --git a/mautrix-bridge/templates/NOTES.txt b/mautrix-bridge/templates/NOTES.txt deleted file mode 100644 index 3041f61..0000000 --- a/mautrix-bridge/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mautrix-bridge.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mautrix-bridge.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mautrix-bridge.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mautrix-bridge.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/mautrix-bridge/templates/_helpers.tpl b/mautrix-bridge/templates/_helpers.tpl deleted file mode 100644 index e4f9350..0000000 --- a/mautrix-bridge/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "mautrix-bridge.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mautrix-bridge.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mautrix-bridge.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "mautrix-bridge.labels" -}} -helm.sh/chart: {{ include "mautrix-bridge.chart" . }} -{{ include "mautrix-bridge.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "mautrix-bridge.selectorLabels" -}} -app.kubernetes.io/name: {{ include "mautrix-bridge.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "mautrix-bridge.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "mautrix-bridge.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/mautrix-bridge/templates/deployment.yaml b/mautrix-bridge/templates/deployment.yaml deleted file mode 100644 index 0d798c2..0000000 --- a/mautrix-bridge/templates/deployment.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "mautrix-bridge.fullname" . }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "mautrix-bridge.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - "checksum/secret": {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "mautrix-bridge.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.config.appservice.port }} - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: data - mountPath: /data - - name: config - mountPath: /data/config.yaml - subPath: config.yaml - - name: config - mountPath: /data/registration.yaml - subPath: registration.yaml - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: config - secret: - secretName: {{ include "mautrix-bridge.fullname" . }} - items: - - key: config.yaml - path: config.yaml - - key: registration.yaml - path: registration.yaml - - name: "data" - {{- if .Values.persistence.enabled }} - {{- if .Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ .Values.persistence.hostPath | quote }} - {{- else }}{{/* else .persistence.hostPath */}} - persistentVolumeClaim: - claimName: {{ coalesce .Values.persistence.existingClaim (include "mautrix-bridge.fullname" .) }} - {{- end }}{{/* end-else .persistence.hostPath */}} - {{- else }}{{/* else .persistence.enabled */}} - emptyDir: {} - {{- end }}{{/* end-else .persistence.enabled */}} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/mautrix-bridge/templates/hpa.yaml b/mautrix-bridge/templates/hpa.yaml deleted file mode 100644 index 9eeec5b..0000000 --- a/mautrix-bridge/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "mautrix-bridge.fullname" . }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "mautrix-bridge.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/mautrix-bridge/templates/ingress.yaml b/mautrix-bridge/templates/ingress.yaml deleted file mode 100644 index 3ebc28e..0000000 --- a/mautrix-bridge/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "mautrix-bridge.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/mautrix-bridge/templates/pvc.yaml b/mautrix-bridge/templates/pvc.yaml deleted file mode 100644 index 52ddf3d..0000000 --- a/mautrix-bridge/templates/pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- with .Values.persistence }} -{{- if and - .enabled - (not .existingClaim) - (not .hostPath) --}} ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "mautrix-bridge.fullname" $ }} - labels: - {{- include "mautrix-bridge.labels" $ | nindent 4 }} - {{- with .annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: - - {{ .accessMode | quote }} - resources: - requests: - storage: {{ .size | quote }} - {{- with .storageClass }} - {{- if (eq "-" .) }} - storageClassName: "" - {{- else }} - storageClassName: {{ . | quote }} - {{- end }} - {{- end }} -{{- end }}{{/* end-if .enabled */}} -{{- end }}{{/* end-with .persistence */}} - diff --git a/mautrix-bridge/templates/secrets.yaml b/mautrix-bridge/templates/secrets.yaml deleted file mode 100644 index f024ead..0000000 --- a/mautrix-bridge/templates/secrets.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -{{ $secretName := include "mautrix-bridge.fullname" . }} -{{- $asToken := get .Values.config.appservice "as_token" }} -{{- $hsToken := get .Values.config.appservice "hs_token" }} -{{- $senderLocalpart := false }} -{{- if not (and $asToken $hsToken $senderLocalpart) }} -{{- with (lookup "v1" "Secret" .Release.Namespace $secretName)}} -{{- with get . "data" }} -{{- $asToken = $asToken | default (get . "as_token" | b64dec) }} -{{- $hsToken = $hsToken | default (get . "hs_token" | b64dec) }} -{{- $senderLocalpart = (get . "sender_localpart" | b64dec) }} -{{- end }} -{{- end }} -{{- end }} -{{- $asToken = $asToken | default (randAlphaNum 64) }} -{{- $hsToken = $hsToken | default (randAlphaNum 64) }} -{{- $senderLocalpart = $senderLocalpart | default (randAlphaNum 64) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} -type: Opaque -data: - as_token: {{ $asToken | b64enc }} - hs_token: {{ $hsToken | b64enc }} - sender_localpart: {{ $senderLocalpart | b64enc }} - config.yaml: {{ mergeOverwrite (dict - "appservice" (dict - "as_token" $asToken - "hs_token" $hsToken - ) - "bridge" (dict - "login_shared_secret_map" (dict - .Values.config.homeserver.domain (printf "as_token:%s" $asToken) - ) - ) - ) .Values.config | toYaml | b64enc }} - registration.yaml: {{ mergeOverwrite (dict - "id" .Values.config.appservice.id - "as_token" $asToken - "hs_token" $hsToken - "url" .Values.config.appservice.address - "sender_localpart" $senderLocalpart - ) .Values.registration | toYaml | b64enc }} diff --git a/mautrix-bridge/templates/service.yaml b/mautrix-bridge/templates/service.yaml deleted file mode 100644 index 541a761..0000000 --- a/mautrix-bridge/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.config .Values.config.appservice }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mautrix-bridge.fullname" . }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - publishNotReadyAddresses: true - selector: - {{- include "mautrix-bridge.selectorLabels" . | nindent 4 }} - ports: - - port: {{ .Values.config.appservice.port }} - targetPort: http - protocol: TCP - name: http -{{- end }} diff --git a/mautrix-bridge/templates/serviceaccount.yaml b/mautrix-bridge/templates/serviceaccount.yaml deleted file mode 100644 index 9940f45..0000000 --- a/mautrix-bridge/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mautrix-bridge.serviceAccountName" . }} - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/mautrix-bridge/templates/tests/test-connection.yaml b/mautrix-bridge/templates/tests/test-connection.yaml deleted file mode 100644 index ae40be7..0000000 --- a/mautrix-bridge/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "mautrix-bridge.fullname" . }}-test-connection" - labels: - {{- include "mautrix-bridge.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "mautrix-bridge.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/mautrix-bridge/values.yaml b/mautrix-bridge/values.yaml deleted file mode 100644 index 76ff0e6..0000000 --- a/mautrix-bridge/values.yaml +++ /dev/null @@ -1,569 +0,0 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -replicaCount: 1 - -image: - registry: dock.mau.dev - repository: "" - tag: "" - pullPolicy: IfNotPresent - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -config: - # Bridge config - bridge: - # -- The prefix for commands. Only required in non-management rooms. - command_prefix: '!bridge' - # -- Should the bridge create a space for each login containing the rooms that account is in? - personal_filtering_spaces: true - # -- Whether the bridge should set names and avatars explicitly for DM portals. - # This is only necessary when using clients that don't support MSC4171. - private_chat_portal_meta: false - - # -- Should leaving Matrix rooms be bridged as leaving groups on the remote network? - bridge_matrix_leave: false - # -- Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority. - # Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone. - tag_only_on_create: true - # -- Should room mute status only be synced when creating the portal? - # Like tags, mutes can't currently be synced back to the remote network. - mute_only_on_create: true - - # What should be done to portal rooms when a user logs out or is logged out? - # Permitted values: - # nothing - Do nothing, let the user stay in the portals - # kick - Remove the user from the portal rooms, but don't delete them - # unbridge - Remove all ghosts in the room and disassociate it from the remote chat - # delete - Remove all ghosts and users from the room (i.e. delete it) - cleanup_on_logout: - # -- Should cleanup on logout be enabled at all? - enabled: false - # Settings for manual logouts (explicitly initiated by the Matrix user) - manual: - # -- Action for private portals which will never be shared with other Matrix users. - private: nothing - # -- Action for portals with a relay user configured. - relayed: nothing - # -- Action for portals which may be shared, but don't currently have any other Matrix users. - shared_no_users: nothing - # -- Action for portals which have other logged-in Matrix users. - shared_has_users: nothing - # Settings for credentials being invalidated (initiated by the remote network, possibly through user action). - # Keys have the same meanings as in the manual section. - bad_credentials: - private: nothing - relayed: nothing - shared_no_users: nothing - shared_has_users: nothing - - # Settings for relay mode - relay: - # -- Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any - # authenticated user into a relaybot for that chat. - enabled: false - # -- Should only admins be allowed to set themselves as relay users? - admin_only: true - # -- List of user login IDs which anyone can set as a relay, as long as the relay user is in the room. - default_relays: [] - # -- The formats to use when sending messages via the relaybot. - # Available variables: - # .Sender.UserID - The Matrix user ID of the sender. - # .Sender.Displayname - The display name of the sender (if set). - # .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room. - # .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set, - # plus the user ID in parentheses if the displayname is not unique. - # If the displayname is not set, this is just the user ID. - # .Message - The `formatted_body` field of the message. - # .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string. - # .FileName - The name of the file being sent. - message_formats: - m.text: "{{ .Sender.DisambiguatedName }}: {{ .Message }}" - m.notice: "{{ .Sender.DisambiguatedName }}: {{ .Message }}" - m.emote: "* {{ .Sender.DisambiguatedName }} {{ .Message }}" - m.file: "{{ .Sender.DisambiguatedName }} sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}" - m.image: "{{ .Sender.DisambiguatedName }} sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}" - m.audio: "{{ .Sender.DisambiguatedName }} sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}" - m.video: "{{ .Sender.DisambiguatedName }} sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}" - m.location: "{{ .Sender.DisambiguatedName }} sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}" - # -- For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names. - # This has all the Sender variables available under message_formats (but without the .Sender prefix). - # Note that you need to manually remove the displayname from message_formats above. - displayname_format: "{{ .DisambiguatedName }}" - - # -- Permissions for using the bridge. - # Permitted values: - # relay - Talk through the relaybot (if enabled), no access otherwise - # commands - Access to use commands in the bridge, but not login. - # user - Access to use the bridge with puppeting. - # admin - Full access, user level with some additional administration tools. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - "*": relay - "example.com": user - "@admin:example.com": admin - - - # Database config. - database: - # -- The database type. "sqlite3-fk-wal" and "postgres" are supported. - type: postgres - # -- The database URI. - # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. - # https://github.com/mattn/go-sqlite3#connection-string - # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable - # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql - uri: postgres://user:password@host/database?sslmode=disable - # -- Maximum number of connections. Mostly relevant for Postgres. - max_open_conns: 20 - max_idle_conns: 2 - # -- Maximum connection idle time and lifetime before they're closed. Disabled if null. - # Parsed with https://pkg.go.dev/time#ParseDuration - max_conn_idle_time: null - max_conn_lifetime: null - - # Homeserver details. - homeserver: - # -- The address that this appservice can use to connect to the homeserver. - address: https://matrix.example.com - # -- The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: example.com - # -- Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? - async_media: false - public_address: - - # -- What software is the homeserver running? - # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. - software: standard - # -- The URL to push real-time bridge status to. - # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. - # The bridge will use the appservice as_token to authorize requests. - status_endpoint: null - # -- Endpoint for reporting per-message status. - message_send_checkpoint_endpoint: null - - # -- Should the bridge use a websocket for connecting to the homeserver? - # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, - # mautrix-asmux (deprecated), and hungryserv (proprietary). - websocket: false - websocket_proxy: "" - # -- How often should the websocket be pinged? Pinging will be disabled if this is zero. - ping_interval_seconds: 0 - - - # Application service host/registration related details. - # Changing these values requires regeneration of the registration. - appservice: - # -- The address that the homeserver can use to connect to this appservice. - address: http://localhost:29328 - public_address: - # -- The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29328 - - # -- The unique ID of this appservice. - id: signal - # Appservice bot details. - bot: - # -- Username of the appservice bot. - username: signalbot - # -- Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - displayname: Signal bridge bot - avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - - as_token: "" - hs_token: "" - - # -- Whether or not to receive ephemeral events via appservice transactions. - # Requires MSC2409 support (i.e. Synapse 1.22+). - ephemeral_events: true - # -- Should incoming events be handled asynchronously? - # This may be necessary for large public instances with lots of messages going through. - # However, messages will not be guaranteed to be bridged in the same order they were sent in. - async_transactions: false - - # -- Localpart template of MXIDs for Signal users. - # {{.}} is replaced with the internal ID of the Signal user. - username_template: signal_{{.}} - - matrix: - # -- Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal? - delivery_receipts: false - # -- Whether the bridge should send the message status as a custom com.beeper.message_send_status event. - message_status_events: false - # -- Whether the bridge should send error notices via m.notice events when a message fails to bridge. - message_error_notices: true - # -- Should the bridge update the m.direct account data event when double puppeting is enabled. - # Note that updating the m.direct event is not atomic (except with mautrix-asmux) - # and is therefore prone to race conditions. - sync_direct_chat_list: false - # -- Whether or not created rooms should have federation enabled. - # If false, created portal rooms will never be federated. - federate_rooms: true - - # Settings for provisioning API - provisioning: - # -- Prefix for the provisioning API paths. - prefix: /_matrix/provision - # -- Shared secret for authentication. If set to "generate", a random secret will be generated, - # or if set to "disable", the provisioning API will be disabled. - shared_secret: generate - # -- Enable debug API at /debug with provisioning authentication. - debug_endpoints: false - - # Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks). - # These settings control whether the bridge will provide such public media access. - public_media: - # -- Should public media be enabled at all? - # The public_address field under the appservice section MUST be set when enabling public media. - enabled: false - # -- A key for signing public media URLs. - # If set to "generate", a random key will be generated. - signing_key: generate - # -- Number of seconds that public media URLs are valid for. - # If set to 0, URLs will never expire. - expiry: 0 - # -- Length of hash to use for public media URLs. Must be between 0 and 32. - hash_length: 32 - - # Settings for converting remote media to custom mxc:// URIs instead of reuploading. - # More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html - direct_media: - # -- Should custom mxc:// URIs be used instead of reuploading media? - enabled: false - # -- The server name to use for the custom mxc:// URIs. - # This server name will effectively be a real Matrix server, it just won't implement anything other than media. - # You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge. - server_name: discord-media.example.com - # -- Optionally a custom .well-known response. This defaults to `server_name:443` - well_known_response: - # -- Optionally specify a custom prefix for the media ID part of the MXC URI. - media_id_prefix: - # -- If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916 - # media download redirects if the requester supports it. Optionally, you can force redirects - # and not allow proxying at all by setting this to false. - # This option does nothing if the remote network does not support media downloads over HTTP. - allow_proxy: true - # -- Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file. - # This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them. - server_key: "" - - # Settings for backfilling messages. - # Note that the exact way settings are applied depends on the network connector. - # See https://docs.mau.fi/bridges/general/backfill.html for more details. - backfill: - # -- Whether to do backfilling at all. - enabled: false - # -- Maximum number of messages to backfill in empty rooms. - max_initial_messages: 50 - # -- Maximum number of missed messages to backfill after bridge restarts. - max_catchup_messages: 500 - # -- If a backfilled chat is older than this number of hours, - # mark it as read even if it's unread on the remote network. - unread_hours_threshold: 720 - # Settings for backfilling threads within other backfills. - threads: - # -- Maximum number of messages to backfill in a new thread. - max_initial_messages: 50 - # Settings for the backwards backfill queue. This only applies when connecting to - # Beeper as standard Matrix servers don't support inserting messages into history. - queue: - # -- Should the backfill queue be enabled? - enabled: false - # -- Number of messages to backfill in one batch. - batch_size: 100 - # -- Delay between batches in seconds. - batch_delay: 20 - # -- Maximum number of batches to backfill per portal. - # If set to -1, all available messages will be backfilled. - max_batches: -1 - # -- Optional network-specific overrides for max batches. - # Interpretation of this field depends on the network connector. - max_batches_override: {} - - - # Settings for enabling double puppeting - double_puppet: - # -- Servers to always allow double puppeting from. - # This is only for other servers and should NOT contain the server the bridge is on. - servers: - example.com: https://example.com - # -- Whether to allow client API URL discovery for other servers. When using this option, - # users on other servers can use double puppeting even if their server URLs aren't - # explicitly added to the servers map above. - allow_discovery: false - # -- Shared secrets for automatic double puppeting. - # See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions. - secrets: - example.com: as_token:foobar - - # End-to-bridge encryption support options. - # - # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. - encryption: - # -- Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # -- Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # -- Require encryption, drop any unencrypted messages. - require: false - # -- Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. - appservice: false - plaintext_mentions: - pickle_key: - # -- Options for deleting megolm sessions from the bridge. - delete_keys: - # -- Beeper-specific: delete outbound sessions when hungryserv confirms - # that the user has uploaded the key to key backup. - delete_outbound_on_ack: false - # -- Don't store outbound sessions in the inbound table. - dont_store_outbound: false - # -- Ratchet megolm sessions forward after decrypting messages. - ratchet_on_decrypt: false - # -- Delete fully used keys (index >= max_messages) after decrypting messages. - delete_fully_used_on_decrypt: false - # -- Delete previous megolm sessions from same device when receiving a new one. - delete_prev_on_new_session: false - # -- Delete megolm sessions received from a device when the device is deleted. - delete_on_device_delete: false - # -- Periodically delete megolm sessions when 2x max_age has passed since receiving the session. - periodically_delete_expired: false - # -- Delete inbound megolm sessions that don't have the received_at field used for - # automatic ratcheting and expired session deletion. This is meant as a migration - # to delete old keys prior to the bridge update. - delete_outdated_inbound: false - # What level of device verification should be required from users? - # - # Valid levels: - # unverified - Send keys to all device in the room. - # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. - # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). - # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. - # Note that creating user signatures from the bridge bot is not currently possible. - # verified - Require manual per-device verification - # (currently only possible by modifying the `trust` column in the `crypto_device` database table). - verification_levels: - # -- Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix. - receive: unverified - # -- Minimum level that the bridge should accept for incoming Matrix messages. - send: unverified - # -- Minimum level that the bridge should require for accepting key requests. - share: cross-signed-tofu - # -- Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. - # You must use a client that supports requesting keys from other users to use this feature. - allow_key_sharing: false - # Options for Megolm room key rotation. These options allow you to - # configure the m.room.encryption event content. See: - # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for - # more information about that event. - rotation: - # -- Enable custom Megolm room key rotation settings. Note that these - # settings will only apply to rooms created after this option is - # set. - enable_custom: false - # -- The maximum number of milliseconds a session should be used - # before changing it. The Matrix spec recommends 604800000 (a week) - # as the default. - milliseconds: 604800000 - # -- The maximum number of messages that should be sent with a given a - # session before changing it. The Matrix spec recommends 100 as the - # default. - messages: 100 - - # -- Disable rotating keys when a user's devices change? - # You should not enable this option unless you understand all the implications. - disable_device_change_key_rotation: false - - - # Logging config. See https://github.com/tulir/zeroconfig for details. - logging: - min_level: warn - writers: - - type: stdout - format: json - - # Messages sent upon joining a management room. - # Markdown is supported. The defaults are listed below. - management_room_text: - # -- Sent when joining a room. - welcome: "Hello, I'm a Signal bridge bot." - # -- Sent when joining a management room and the user is already logged in. - welcome_connected: "Use `help` for help." - # -- Sent when joining a management room and the user is not logged in. - welcome_unconnected: "Use `help` for help or `login` to log in." - # -- Optional extra text sent when joining a management room. - additional_help: "" - - signal: - # -- Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. - # {{.ProfileName}} - The Signal profile name set by the user. - # {{.ContactName}} - The name for the user from your phone's contact list. This is not safe on multi-user instances. - # {{.PhoneNumber}} - The phone number of the user. - # {{.UUID}} - The UUID of the Signal user. - # {{.AboutEmoji}} - The emoji set by the user in their profile. - displayname_template: '{{ printf "%s (%s) %s" (or .ProfileName .ContactName "Unknown user") (or .PhoneNumber "Unknown number" (or .AboutEmoji "")}}' - # -- Should avatars from the user's contact list be used? This is not safe on multi-user instances. - use_contact_avatars: false - # -- Should the bridge request the user's contact list from the phone on startup? - sync_contacts_on_startup: true - # -- Should the bridge sync ghost user info even if profile fetching fails? This is not safe on multi-user instances. - use_outdated_profiles: false - # -- Should the Signal user's phone number be included in the room topic in private chat portal rooms? - number_in_topic: true - # -- Default device name that shows up in the Signal app. - device_name: mautrix-signal - # Avatar image for the Note to Self room. - note_to_self_avatar: mxc://maunium.net/REBIVrqjZwmaWpssCZpBlmlL - # Format for generating URLs from location messages for sending to Signal. - # Google Maps: 'https://www.google.com/maps/place/%[1]s,%[2]s' - # OpenStreetMap: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' - location_format: 'https://www.openstreetmap.org/?mlat=%[1]s&mlon=%[2]s' - -registration: - # token from config.appservice.id - # id: - # taken from config.appservice.address - # url: - # taken from config.appservice.as_token default: self-generate - # as_token: - # taken from config.appservice.hs_token default: self-generate - # hs_token: - # take from config.appservice.bot.username - # sender_localpart: signalbot - rate_limited: false - namespaces: - users: - - regex: ^@signalbot:example.org$ - exclusive: true - - regex: ^@signal_.*:example.org$ - exclusive: true - de.sorunome.msc2409.push_ephemeral: true - push_ephemeral: true - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Automatically mount a ServiceAccount's API credentials? - automount: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -livenessProbe: - httpGet: - path: /_matrix/mau/live - port: http -readinessProbe: - httpGet: - path: /_matrix/mau/ready - port: http - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -persistence: - # -- Enable persistence using Persistent Volume Claims - # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - enabled: true - annotations: {} - # -- Persistent Volume Storage Class - # If defined, storageClassName: - # If set to "-", storageClassName: "", which disables dynamic provisioning - # If undefined (the default) or set to null, no storageClassName spec is - # set, choosing the default provisioner. (gp2 on AWS, standard on - # GKE, AWS & OpenStack) - storageClass: - - # -- A manually managed Persistent Volume and Claim - # Requires persistence.enabled: true - # If defined, PVC must be created manually before volume will be bound - existingClaim: - - # -- Do not create an PVC, direct use hostPath in Pod - hostPath: - # -- accessMode - accessMode: ReadWriteOnce - # -- size - size: 10Gi diff --git a/miniserve/Chart.yaml b/miniserve/Chart.yaml index fd683b0..3f86570 100644 --- a/miniserve/Chart.yaml +++ b/miniserve/Chart.yaml @@ -3,9 +3,8 @@ name: miniserve description: A Helm chart for Kubernetes icon: https://raw.githubusercontent.com/svenstaro/miniserve/master/data/logo.svg type: application -version: "0.4.3" -# renovate: image=docker.io/svenstaro/miniserve -appVersion: "0.28.0" +version: 0.3.5 +appVersion: "0.26.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/miniserve/README.adoc b/miniserve/README.adoc index c0f3d20..743e291 100644 --- a/miniserve/README.adoc +++ b/miniserve/README.adoc @@ -2,9 +2,9 @@ = miniserve -image::https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square[Version: 0.4.3] +image::https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square[Version: 0.3.5] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.28.0-informational?style=flat-square[AppVersion: 0.28.0] +image::https://img.shields.io/badge/AppVersion-0.26.0-informational?style=flat-square[AppVersion: 0.26.0] == Maintainers .Maintainers @@ -277,26 +277,6 @@ helm uninstall miniserve-release | `""` | -| networkPolicy.egress.enabled -| bool -| `true` -| activate egress no networkpolicy - -| networkPolicy.egress.extra -| list -| `[]` -| egress rules - -| networkPolicy.enabled -| bool -| `false` -| - -| networkPolicy.ingress.http -| list -| `[]` -| ingress for http port (e.g. ingress-controller) - | nodeSelector | object | `{}` diff --git a/miniserve/README.md b/miniserve/README.md deleted file mode 100644 index dc33a2b..0000000 --- a/miniserve/README.md +++ /dev/null @@ -1,119 +0,0 @@ ---- -title: "miniserve" - -description: "A Helm chart for Kubernetes" - ---- - -# miniserve - -![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.28.0](https://img.shields.io/badge/AppVersion-0.28.0-informational?style=flat-square) - -A Helm chart for Kubernetes - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/miniserve -``` - -You can install a chart release using the following command: - -```bash -helm install miniserve-release oci://codeberg.org/wrenix/helm-charts/miniserve --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall miniserve-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| data.args | list | `[]` | used for commandline flags | -| data.auth | string | `""` | Set authentication. Currently supported formats: username:password, username:sha256:hash, username:sha512:hash (e.g. joe:123, joe:sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3) | -| data.colorScheme | string | `"squirrel"` | Default color scheme | -| data.colorSchemeDark | string | `"archlinux"` | Default color scheme | -| data.dirsFirst | bool | `true` | List directories first | -| data.enable.tar | bool | `false` | Enable uncompressed tar archive generation | -| data.enable.tarGZ | bool | `false` | Enable gz-compressed tar archive generation | -| data.enable.zip | bool | `false` | Enable zip archive generation WARNING: Zipping large directories can result in out-of-memory exception because zip generation is done in memory and cannot be sent on the fly | -| data.hidden | bool | `false` | Show hidden files | -| data.hideThemeSelector | bool | `false` | Hide theme selector | -| data.hideVersionFooter | bool | `true` | Hide version footer | -| data.index | string | `"index.html"` | Normally, when miniserve serves a directory, it creates a listing for that directory. However, if a directory contains this file, miniserve will serve that file instead. | -| data.noSymlinks | bool | `false` | Hide symlinks in listing and prevent them from being followed | -| data.path | string | `"/data"` | Which path to serve | -| data.prettyURLs | bool | `false` | Activate Pretty URLs mode | -| data.qrcode | bool | `false` | Enable QR code display | -| data.readme | bool | `false` | Enable README.md rendering in directories | -| data.routePrefix | string | `""` | Use a specific route prefix | -| data.showSymlinkInfo | bool | `false` | Visualize symlinks in directory listing | -| data.showWGETFooter | bool | `true` | If enabled, display a wget command to recursively download the current directory | -| data.spa | bool | `false` | Activate SPA (Single Page Application) mode | -| data.title | string | `""` | Shown instead of host in page title and heading | -| data.upload.allowedDir | string | `""` | Enable file uploading (and optionally specify for which directory) | -| data.upload.mediaType | string | `""` | Specify uploadable media types: possible values image, audio, video | -| data.upload.mkdir | bool | `false` | Enable creating directories | -| data.upload.overwriteFiles | bool | `false` | Enable overriding existing files during file upload | -| data.upload.rawMediaType | string | `""` | Directly specify the uploadable media type expression | -| data.verbose | bool | `false` | Be verbose, includes emitting access logs | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/svenstaro/miniserve"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `false` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources.limits.memory | string | `"256Mi"` | | -| resources.requests.cpu | string | `"80m"` | | -| resources.requests.memory | string | `"128Mi"` | | -| securityContext | object | `{}` | | -| service.port | int | `8080` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/miniserve/templates/networkpolicy.yaml b/miniserve/templates/networkpolicy.yaml deleted file mode 100644 index 2df2ebf..0000000 --- a/miniserve/templates/networkpolicy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "miniserve.fullname" . }} - labels: - {{- include "miniserve.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "miniserve.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: {{ .Values.service.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/miniserve/values.yaml b/miniserve/values.yaml index 9ae54d7..f2ff6e6 100644 --- a/miniserve/values.yaml +++ b/miniserve/values.yaml @@ -126,17 +126,6 @@ service: type: ClusterIP port: 8080 -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/monitoring/Chart.yaml b/monitoring/Chart.yaml index f6afb12..6a0a1dd 100644 --- a/monitoring/Chart.yaml +++ b/monitoring/Chart.yaml @@ -3,7 +3,7 @@ name: monitoring description: Deploy helper for probes and scrapeconfig of prometheus-operator icon: https://prometheus.io/assets/favicons/android-chrome-192x192.png type: application -version: "0.2.1" +version: 0.1.1 maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/monitoring/README.adoc b/monitoring/README.adoc index 3ccba34..f072c4f 100644 --- a/monitoring/README.adoc +++ b/monitoring/README.adoc @@ -2,7 +2,7 @@ = monitoring -image::https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square[Version: 0.2.1] +image::https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square[Version: 0.1.1] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] == Maintainers @@ -48,24 +48,14 @@ helm uninstall monitoring-release | prober | list -| `[{"ipv4":true,"ipv6":true,"name":"local","spec":{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}}]` +| `[{"name":"local","spec":{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}}]` | prober for each the following probes are created (multiside probes) | prober[0] | object -| `{"ipv4":true,"ipv6":true,"name":"local","spec":{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}}` +| `{"name":"local","spec":{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}}` | name of prober -| prober[0].ipv4 -| bool -| `true` -| use this prober for ipv4 probes (default: true) - -| prober[0].ipv6 -| bool -| `true` -| use this prober for ipv6 probes (default: true) - | prober[0].spec | object | `{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}` @@ -84,12 +74,12 @@ helm uninstall monitoring-release | probes[0].ipv4 | bool | `true` -| setup one for ipv4 (see module and his suffix - default: true) +| setup one for ipv4 (see module and his suffix) | probes[0].ipv6 | bool | `true` -| setup one for ipv6 (see module and his suffix - default: true) +| setup one for ipv6 (see module and his suffix) | probes[0].name | string @@ -104,12 +94,12 @@ helm uninstall monitoring-release | probes[1].ipv4 | bool | `true` -| setup one for ipv4 (see module and his suffix - default: true) +| setup one for ipv4 (see module and his suffix) | probes[1].ipv6 | bool | `false` -| setup one for ipv6 (see module and his suffix - default: true) +| setup one for ipv6 (see module and his suffix) | probes[1].module | string diff --git a/monitoring/README.md b/monitoring/README.md deleted file mode 100644 index 5378712..0000000 --- a/monitoring/README.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: "monitoring" - -description: "Deploy helper for probes and scrapeconfig of prometheus-operator" - ---- - -# monitoring - -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -Deploy helper for probes and scrapeconfig of prometheus-operator - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/monitoring -``` - -You can install a chart release using the following command: - -```bash -helm install monitoring-release oci://codeberg.org/wrenix/helm-charts/monitoring --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall monitoring-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| prober | list | `[{"ipv4":true,"ipv6":true,"name":"local","spec":{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}}]` | prober for each the following probes are created (multiside probes) | -| prober[0] | object | `{"ipv4":true,"ipv6":true,"name":"local","spec":{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}}` | name of prober | -| prober[0].ipv4 | bool | `true` | use this prober for ipv4 probes (default: true) | -| prober[0].ipv6 | bool | `true` | use this prober for ipv6 probes (default: true) | -| prober[0].spec | object | `{"path":"/probe","url":"prometheus-blackbox-exporter:9115"}` | spec of prober (like url, path, scheme ...) | -| probes[0] | object | `{"groups":{"framasoft":["framasoft.org","degooglisons-internet.org","framapiaf.org","framatube.org"]},"ipv4":true,"ipv6":true,"module":"http_2xx","name":"http"}` | probe module (suffix with _ipv4 and ipv6 if enabled) | -| probes[0].groups | object | `{"framasoft":["framasoft.org","degooglisons-internet.org","framapiaf.org","framatube.org"]}` | groups with targets | -| probes[0].ipv4 | bool | `true` | setup one for ipv4 (see module and his suffix - default: true) | -| probes[0].ipv6 | bool | `true` | setup one for ipv6 (see module and his suffix - default: true) | -| probes[0].name | string | `"http"` | name of probe | -| probes[1].groups | object | `{"digitalcourage":["digitalcourage.de","nuudel.digitalcourage.de","digitalcourage.social"]}` | groups with targets | -| probes[1].ipv4 | bool | `true` | setup one for ipv4 (see module and his suffix - default: true) | -| probes[1].ipv6 | bool | `false` | setup one for ipv6 (see module and his suffix - default: true) | -| probes[1].module | string | `"http_2xx"` | | -| probes[1].name | string | `"http-ipv4"` | name of probe | -| prometheus.probe.labels | object | `{"prometheus":"default"}` | labels on Probe | -| prometheus.scrape.labels | object | `{"prometheus":"default"}` | labels on ScrapeConfig | -| scrapes[0] | object | `{"groups":{"de":["ber.de.local:9100","fra.de.local:9100","ham.de.local:9100"],"ie":["dub.ie.local:9100","ork.ie.local:9100"]},"name":"nodes"}` | name of scrape | -| scrapes[0].groups | object | `{"de":["ber.de.local:9100","fra.de.local:9100","ham.de.local:9100"],"ie":["dub.ie.local:9100","ork.ie.local:9100"]}` | groups with targets | -| scrapes[1].auth.password | string | `nil` | basic auth password | -| scrapes[1].auth.token | string | `nil` | bearer token | -| scrapes[1].auth.username | string | `nil` | basic auth username | -| scrapes[1].groups | object | `{"de":["fra.de.s3.local:9000","ham.de.s3.local:9000"],"ie":["dub.ie.s3.local:9000"]}` | groups with targets | -| scrapes[1].metricsPath | string | `"/minio/v2/metrics/node"` | metric path on scrape | -| scrapes[1].name | string | `"minio"` | | -| scrapes[1].scheme | string | `"http"` | schema on scrape | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/monitoring/templates/probe.yaml b/monitoring/templates/probe.yaml index 6ac90bd..4636d78 100644 --- a/monitoring/templates/probe.yaml +++ b/monitoring/templates/probe.yaml @@ -3,15 +3,7 @@ {{- range $groupName, $group := $probe.groups }} {{- $proto := "ipv4" }} {{- range $proto := (list "ipv4" "ipv6") }} -{{- if and - (or - (not (hasKey $probe $proto)) - (get $probe $proto) - ) - (or - (not (hasKey $prober $proto)) - (get $prober $proto) - ) }} +{{- if (get $probe $proto) }} --- apiVersion: monitoring.coreos.com/v1 kind: Probe @@ -20,17 +12,16 @@ metadata: labels: {{- toYaml $.Values.prometheus.probe.labels | nindent 4 }} spec: + jobName: "blackbox-{{ $probe.name }}-{{ $proto }}" prober: {{- toYaml $prober.spec | nindent 4}} module: "{{ $probe.module }}_{{ $proto }}" targets: staticConfig: labels: - prober: {{ $prober.name }} group: {{ $groupName }} - proto: {{ $proto }} - module: {{ $probe.module }} probe: {{ $probe.name }} + prober: {{ $prober.name }} static: {{- toYaml $group | nindent 8 }} {{- end }} diff --git a/monitoring/values.yaml b/monitoring/values.yaml index 00bb24e..0c8893f 100644 --- a/monitoring/values.yaml +++ b/monitoring/values.yaml @@ -45,10 +45,6 @@ scrapes: prober: # -- name of prober - name: "local" - # -- use this prober for ipv4 probes (default: true) - ipv4: true - # -- use this prober for ipv6 probes (default: true) - ipv6: true # -- spec of prober (like url, path, scheme ...) spec: url: "prometheus-blackbox-exporter:9115" @@ -59,9 +55,9 @@ probes: - module: http_2xx # -- name of probe name: http - # -- setup one for ipv4 (see module and his suffix - default: true) + # -- setup one for ipv4 (see module and his suffix) ipv4: true - # -- setup one for ipv6 (see module and his suffix - default: true) + # -- setup one for ipv6 (see module and his suffix) ipv6: true # -- groups with targets groups: @@ -75,9 +71,9 @@ probes: - module: http_2xx # -- name of probe name: http-ipv4 - # -- setup one for ipv4 (see module and his suffix - default: true) + # -- setup one for ipv4 (see module and his suffix) ipv4: true - # -- setup one for ipv6 (see module and his suffix - default: true) + # -- setup one for ipv6 (see module and his suffix) ipv6: false # -- groups with targets groups: diff --git a/ntfy/Chart.yaml b/ntfy/Chart.yaml index 43d3f8c..cf6fff6 100644 --- a/ntfy/Chart.yaml +++ b/ntfy/Chart.yaml @@ -3,9 +3,8 @@ name: ntfy description: A Helm chart for Kubernetes icon: https://github.com/binwiederhier/ntfy/raw/main/web/public/static/images/pwa-512x512.png type: application -version: "0.4.9" -# renovate: image=docker.io/binwiederhier/ntfy -appVersion: "2.11.0" +version: 0.1.7 +appVersion: "2.8.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/ntfy/README.adoc b/ntfy/README.adoc new file mode 100644 index 0000000..78c9c8d --- /dev/null +++ b/ntfy/README.adoc @@ -0,0 +1,526 @@ + + += ntfy + +image::https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square[Version: 0.1.7] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square[AppVersion: 2.8.0] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/ntfy +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install ntfy-release oci://codeberg.org/wrenix/helm-charts/ntfy --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall ntfy-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| fullnameOverride +| string +| `""` +| + +| grafana.dashboards.annotations +| object +| `{}` +| + +| grafana.dashboards.enabled +| bool +| `false` +| + +| grafana.dashboards.labels.grafana_dashboard +| string +| `"1"` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.repository +| string +| `"binwiederhier/ntfy"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| ntfy.attachment.cacheDir +| string +| `nil` +| + +| ntfy.attachment.expireDuration +| string +| `"3h"` +| + +| ntfy.attachment.sizeLimit.file +| string +| `"15M"` +| + +| ntfy.attachment.sizeLimit.total +| string +| `"5G"` +| + +| ntfy.auth.defaultAccess +| string +| `"read-write"` +| + +| ntfy.auth.file +| string +| `nil` +| + +| ntfy.auth.startupQueries +| string +| `nil` +| + +| ntfy.baseURL +| string +| `"https://ntfy.example.org"` +| + +| ntfy.behindProxy +| bool +| `true` +| + +| ntfy.cache.batch.size +| int +| `0` +| + +| ntfy.cache.batch.timeout +| string +| `"0s"` +| + +| ntfy.cache.duration +| string +| `"12h"` +| + +| ntfy.cache.file +| string +| `nil` +| + +| ntfy.cache.startupQueries +| string +| `nil` +| + +| ntfy.enableLogin +| bool +| `false` +| + +| ntfy.enableReservations +| bool +| `false` +| + +| ntfy.enableSignup +| bool +| `false` +| + +| ntfy.firebaseKeyFile +| string +| `nil` +| + +| ntfy.globalTopicLimit +| int +| `15000` +| + +| ntfy.keepaliveInterval +| string +| `"45s"` +| + +| ntfy.listen.certFile +| string +| `nil` +| + +| ntfy.listen.http +| string +| `":80"` +| + +| ntfy.listen.https +| string +| `nil` +| + +| ntfy.listen.keyFile +| string +| `nil` +| + +| ntfy.listen.unix +| string +| `nil` +| + +| ntfy.listen.unixMode +| string +| `nil` +| + +| ntfy.managerInterval +| string +| `"1m"` +| + +| ntfy.metrics.enable +| bool +| `true` +| + +| ntfy.metrics.port +| int +| `9000` +| + +| ntfy.smtp.sender.addr +| string +| `nil` +| + +| ntfy.smtp.sender.from +| string +| `nil` +| + +| ntfy.smtp.sender.pass +| string +| `nil` +| + +| ntfy.smtp.sender.user +| string +| `nil` +| + +| ntfy.smtp.server.addrPrefix +| string +| `nil` +| + +| ntfy.smtp.server.domain +| string +| `nil` +| + +| ntfy.upstreamBaseURL +| string +| `"https://ntfy.sh"` +| + +| ntfy.visitor.attachment.dailyBandwidthLimit +| string +| `"500M"` +| + +| ntfy.visitor.attachment.totalSizeLimit +| string +| `"100M"` +| + +| ntfy.visitor.email.limitBurst +| int +| `16` +| + +| ntfy.visitor.email.limitReplenish +| string +| `"1h"` +| + +| ntfy.visitor.request.limitBurst +| int +| `60` +| + +| ntfy.visitor.request.limitExemptHosts +| string +| `""` +| + +| ntfy.visitor.request.limitReplenish +| string +| `"5s"` +| + +| ntfy.visitor.subscriberRateLimiting +| bool +| `false` +| + +| ntfy.visitor.subscriptionLimit +| int +| `30` +| + +| ntfy.webRoot +| string +| `"app"` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `false` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Create a PV on Node with given hostPath storageClass has to be manual + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| prometheus.rules.additionalRules +| list +| `[]` +| + +| prometheus.rules.enabled +| bool +| `false` +| + +| prometheus.rules.labels +| object +| `{}` +| + +| prometheus.servicemonitor.enabled +| bool +| `false` +| + +| prometheus.servicemonitor.labels +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.http.port +| int +| `80` +| + +| service.http.type +| string +| `"ClusterIP"` +| + +| service.smtp.enabled +| bool +| `false` +| + +| service.smtp.port +| int +| `25` +| + +| service.smtp.type +| string +| `"LoadBalancer"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `true` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/ntfy/README.md b/ntfy/README.md deleted file mode 100644 index e325dda..0000000 --- a/ntfy/README.md +++ /dev/null @@ -1,157 +0,0 @@ ---- -title: "ntfy" - -description: "A Helm chart for Kubernetes" - ---- - -# ntfy - -![Version: 0.4.9](https://img.shields.io/badge/Version-0.4.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.11.0](https://img.shields.io/badge/AppVersion-2.11.0-informational?style=flat-square) - -A Helm chart for Kubernetes - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/ntfy -``` - -You can install a chart release using the following command: - -```bash -helm install ntfy-release oci://codeberg.org/wrenix/helm-charts/ntfy --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall ntfy-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| env | list | `[]` | set env in container for usage Environment variables | -| envFrom | list | `[]` | set envFrom in container for usage of ConfigMaps or Secrets as a bunch of Environment variables | -| fullnameOverride | string | `""` | | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"binwiederhier/ntfy"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| kubectl.image | object | `{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"bitnami/kubectl","tag":"1.32.1"}` | image needed for setup (store generated VAPID / WebPush keys) | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | -| networkPolicy.ingress.metrics | list | `[]` | ingress for metrics port (e.g. prometheus) | -| networkPolicy.ingress.smtp | list | `[]` | ingress for smtp | -| nodeSelector | object | `{}` | | -| ntfy.attachment.cacheDir | string | `nil` | | -| ntfy.attachment.expireDuration | string | `"3h"` | | -| ntfy.attachment.sizeLimit.file | string | `"15M"` | | -| ntfy.attachment.sizeLimit.total | string | `"5G"` | | -| ntfy.auth.defaultAccess | string | `"read-write"` | | -| ntfy.auth.file | string | `nil` | | -| ntfy.auth.startupQueries | string | `nil` | | -| ntfy.baseURL | string | `"https://ntfy.example.org"` | | -| ntfy.behindProxy | bool | `true` | | -| ntfy.cache.batch.size | int | `0` | | -| ntfy.cache.batch.timeout | string | `"0s"` | | -| ntfy.cache.duration | string | `"12h"` | | -| ntfy.cache.file | string | `nil` | | -| ntfy.cache.startupQueries | string | `nil` | | -| ntfy.enableLogin | bool | `false` | | -| ntfy.enableReservations | bool | `false` | | -| ntfy.enableSignup | bool | `false` | | -| ntfy.firebaseKeyFile | string | `nil` | | -| ntfy.globalTopicLimit | int | `15000` | | -| ntfy.keepaliveInterval | string | `"45s"` | | -| ntfy.listen.certFile | string | `nil` | | -| ntfy.listen.http | string | `":80"` | | -| ntfy.listen.https | string | `nil` | | -| ntfy.listen.keyFile | string | `nil` | | -| ntfy.listen.unix | string | `nil` | | -| ntfy.listen.unixMode | string | `nil` | | -| ntfy.managerInterval | string | `"1m"` | | -| ntfy.metrics.enable | bool | `true` | | -| ntfy.metrics.port | int | `9000` | | -| ntfy.smtp.sender.addr | string | `nil` | | -| ntfy.smtp.sender.from | string | `nil` | | -| ntfy.smtp.sender.pass | string | `nil` | | -| ntfy.smtp.sender.user | string | `nil` | | -| ntfy.smtp.server.addrPrefix | string | `nil` | | -| ntfy.smtp.server.domain | string | `nil` | | -| ntfy.upstreamBaseURL | string | `"https://ntfy.sh"` | | -| ntfy.visitor.attachment.dailyBandwidthLimit | string | `"500M"` | | -| ntfy.visitor.attachment.totalSizeLimit | string | `"100M"` | | -| ntfy.visitor.email.limitBurst | int | `16` | | -| ntfy.visitor.email.limitReplenish | string | `"1h"` | | -| ntfy.visitor.request.limitBurst | int | `60` | | -| ntfy.visitor.request.limitExemptHosts | string | `""` | | -| ntfy.visitor.request.limitReplenish | string | `"5s"` | | -| ntfy.visitor.subscriberRateLimiting | bool | `false` | | -| ntfy.visitor.subscriptionLimit | int | `30` | | -| ntfy.webPush.emailAddress | string | `""` | | -| ntfy.webPush.file | string | `"/data/webpush.db"` | | -| ntfy.webPush.keys.create | bool | `false` | | -| ntfy.webPush.keys.private | string | `nil` | | -| ntfy.webPush.keys.public | string | `nil` | | -| ntfy.webRoot | string | `"app"` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `false` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Create a PV on Node with given hostPath storageClass has to be manual | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | set securityContext on pod level | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | set securityContext on container level | -| service.http.port | int | `80` | | -| service.http.type | string | `"ClusterIP"` | | -| service.smtp.enabled | bool | `false` | | -| service.smtp.port | int | `25` | | -| service.smtp.type | string | `"LoadBalancer"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| updateStrategy.type | string | `"Recreate"` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/ntfy/grafana_dashboards/ntfy-1679170350783.json b/ntfy/grafana_dashboards/ntfy-1679170350783.json index 1a1470e..72a68bc 100644 --- a/ntfy/grafana_dashboards/ntfy-1679170350783.json +++ b/ntfy/grafana_dashboards/ntfy-1679170350783.json @@ -1,4 +1,31 @@ { + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.4.3" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], "annotations": { "list": [ { @@ -24,6 +51,7 @@ "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, + "id": null, "links": [], "liveNow": false, "panels": [ @@ -75,7 +103,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -83,11 +110,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -139,7 +164,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -147,11 +171,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -203,7 +225,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -211,11 +232,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -272,7 +291,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -280,11 +298,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -337,7 +353,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -345,11 +360,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -402,7 +415,6 @@ "graphMode": "none", "justifyMode": "auto", "orientation": "auto", - "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "last" @@ -410,11 +422,9 @@ "fields": "", "values": false }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true + "textMode": "auto" }, - "pluginVersion": "11.2.0", + "pluginVersion": "9.4.3", "targets": [ { "datasource": { @@ -453,13 +463,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -468,7 +476,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -560,13 +567,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -575,7 +580,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -691,13 +695,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -706,7 +708,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -786,13 +787,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -801,7 +800,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -882,13 +880,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -897,7 +893,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -977,13 +972,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -992,7 +985,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1060,6 +1052,7 @@ } ], "title": "Attachments: Total cache size", + "transformations": [], "type": "timeseries" }, { @@ -1073,13 +1066,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1088,7 +1079,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1180,13 +1170,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1195,7 +1183,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1275,13 +1262,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1290,7 +1275,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1382,13 +1366,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1397,7 +1379,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1489,13 +1470,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1504,7 +1483,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1596,13 +1574,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1611,7 +1587,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1705,13 +1680,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1720,7 +1693,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1800,13 +1772,11 @@ "mode": "palette-classic" }, "custom": { - "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -1815,7 +1785,6 @@ "tooltip": false, "viz": false }, - "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1888,7 +1857,8 @@ ], "refresh": "1m", "revision": 1, - "schemaVersion": 39, + "schemaVersion": 38, + "style": "dark", "tags": [], "templating": { "list": [ @@ -1896,7 +1866,7 @@ "current": { "selected": false, "text": "Prometheus", - "value": "prometheus" + "value": "Prometheus" }, "hide": 0, "includeAll": false, @@ -1920,6 +1890,6 @@ "timezone": "", "title": "ntfy", "uid": "TO6HgexVz", - "version": 1, + "version": 2, "weekStart": "" -} +} \ No newline at end of file diff --git a/ntfy/templates/configmap.yaml b/ntfy/templates/configmap.yaml index 87c9066..e7bd7d5 100644 --- a/ntfy/templates/configmap.yaml +++ b/ntfy/templates/configmap.yaml @@ -83,16 +83,6 @@ data: {{- end }} {{- end }} - # web-push - {{- with .Values.ntfy.webPush }} - {{- with .file }} - NTFY_WEB_PUSH_FILE: {{ . | quote }} - {{- end }} - {{- with .emailAddress }} - NTFY_WEB_PUSH_EMAIL_ADDRESS: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.ntfy.keepaliveInterval }} NTFY_KEEPALIVE_INTERVAL: {{ . | quote }} {{- end }} @@ -141,4 +131,4 @@ data: NTFY_ENABLE_LOGIN: {{ .Values.ntfy.enableLogin | quote }} NTFY_ENABLE_RESERVATIONS: {{ .Values.ntfy.enableReservations | quote }} NTFY_ENABLE_METRICS: {{ .Values.ntfy.metrics.enable | quote }} - NTFY_METRICS_LISTEN_HTTP: ":{{ .Values.ntfy.metrics.port }}" + NTFY_METRICS_LISTEN_HTTP: ":{{ .Values.ntfy.metrics.port }}" \ No newline at end of file diff --git a/ntfy/templates/deployment.yaml b/ntfy/templates/deployment.yaml index 3e16e91..8550abe 100644 --- a/ntfy/templates/deployment.yaml +++ b/ntfy/templates/deployment.yaml @@ -11,10 +11,6 @@ spec: selector: matchLabels: {{- include "ntfy.selectorLabels" . | nindent 6 }} - strategy: - {{- with .Values.updateStrategy }} - {{- toYaml . | nindent 4 }} - {{- end }} template: metadata: annotations: @@ -42,18 +38,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: [ "serve" ] - {{- with .Values.env }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} envFrom: - configMapRef: name: {{ include "ntfy.fullname" . }}-env - - secretRef: - name: {{ include "ntfy.fullname" . }}-env - {{- with .Values.envFrom }} - {{- toYaml . | nindent 12 }} - {{- end }} ports: - name: http containerPort: {{ .Values.service.http.port }} @@ -63,11 +50,9 @@ spec: containerPort: {{ .Values.ntfy.metrics.port }} protocol: TCP {{- end }} - {{- if .Values.service.smtp.enabled }} - name: smtp containerPort: {{ .Values.service.smtp.port }} protocol: TCP - {{- end }} livenessProbe: httpGet: path: /v1/health diff --git a/ntfy/templates/networkpolicy.yaml b/ntfy/templates/networkpolicy.yaml deleted file mode 100644 index a6c1a75..0000000 --- a/ntfy/templates/networkpolicy.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "ntfy.fullname" . }} - labels: - {{- include "ntfy.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "ntfy.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - {{- with .Values.networkPolicy.ingress.http }} - - ports: - - port: {{ $.Values.service.http.port }} - protocol: TCP - from: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if and .Values.ntfy.metrics.enable .Values.networkPolicy.ingress.metrics }} - - ports: - - port: {{ .Values.ntfy.metrics.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.metrics | nindent 8 }} - {{- end }} - {{- if and .Values.service.smtp.enabled .Values.networkPolicy.ingress.smtp }} - - ports: - - port: {{ .Values.service.smtp.port }} - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.smtp | nindent 8 }} - {{- end }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/ntfy/templates/secret.yaml b/ntfy/templates/secret.yaml deleted file mode 100644 index 32cb8a7..0000000 --- a/ntfy/templates/secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -{{- $fullname := include "ntfy.fullname" . }} -{{- $secretName := printf "%s-env" $fullname }} -{{- $public := .Values.ntfy.webPush.keys.public }} -{{- $private := .Values.ntfy.webPush.keys.private }} - -{{- with (lookup "v1" "Secret" .Release.Namespace $secretName)}} -{{- with get . "data" }} -{{- $public = $public | default (get . "NTFY_WEB_PUSH_PUBLIC_KEY" | b64dec) }} -{{- $private = $private | default (get . "NTFY_WEB_PUSH_PRIVATE_KEY" | b64dec) }} -{{- end }} -{{- end }} - - -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - annotations: - helm.sh/resource-policy: keep - confighash: {{ .Values.ntfy | toYaml | sha256sum | trunc 32 }} - labels: - {{- include "ntfy.labels" . | nindent 4 }} -data: - - # web-push - {{- with $public }} - NTFY_WEB_PUSH_PUBLIC_KEY: {{ . | b64enc }} - {{- end }} - {{- with $private }} - NTFY_WEB_PUSH_PRIVATE_KEY: {{ . | b64enc }} - {{- end }} diff --git a/ntfy/templates/setup/job.yaml b/ntfy/templates/setup/job.yaml deleted file mode 100644 index 2050ec8..0000000 --- a/ntfy/templates/setup/job.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ntfy.webPush.keys.create }} ---- -{{- $fullname := (include "ntfy.fullname" .) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $fullname }}-setup - labels: - {{- include "ntfy.labels" . | nindent 4 }} - app.kubernetes.io/component: setup-job -spec: - template: - metadata: - labels: - {{- include "ntfy.labels" . | nindent 8 }} - app.kubernetes.io/component: setup-job - spec: - restartPolicy: "Never" - serviceAccount: {{ $fullname }}-setup - containers: - - name: upload-config - image: "{{ .Values.kubectl.image.registry }}/{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}" - command: - - sh - - -c - - | - # check if key already exists - key=$(kubectl get secret {{ $fullname }}-env -o jsonpath="{.data['NTFY_WEB_PUSH_PRIVATE_KEY']}" 2> /dev/null) - [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 - [ -n "$key" ] && echo "Config already created, exiting." && exit 0 - # wait for config - while [ ! -f /data/output ]; do - echo "Waiting for config.." - sleep 5; - done - # update secret - public=$(grep -Po 'web-push-public-key: \K[^$]*' /data/output) - private=$(grep -Po 'web-push-private-key: \K[^$]*' /data/output) - kubectl patch secret {{ $fullname }}-env -p '{"data":{"NTFY_WEB_PUSH_PRIVATE_KEY":"'$(echo -n "$private" | base64 -w 0)'","NTFY_WEB_PUSH_PUBLIC_KEY":"'$(echo -n "$public" | base64 -w 0)'"}}' - [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 - echo "VAPID/WebPush successfully setup with public-key: ${public}" - volumeMounts: - - mountPath: /data/ - name: data - readOnly: true - - name: generate-config - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}" - command: - - sh - - -c - - ntfy webpush keys 2> /data/output - volumeMounts: - - mountPath: /data/ - name: data - volumes: - - name: data - emptyDir: {} - parallelism: 1 - completions: 1 - backoffLimit: 1 -{{- end }} diff --git a/ntfy/templates/setup/role.yaml b/ntfy/templates/setup/role.yaml deleted file mode 100644 index 23d93da..0000000 --- a/ntfy/templates/setup/role.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.ntfy.webPush.keys.create }} ---- -{{- $fullname := (include "ntfy.fullname" .) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $fullname }}-setup - labels: - {{- include "ntfy.labels" . | nindent 4 }} - app.kubernetes.io/component: setup-job -rules: - - apiGroups: - - "" - resources: - - secrets - resourceNames: - - {{ $fullname }}-env - verbs: - - get - - update - - patch -{{- end }} diff --git a/ntfy/templates/setup/rolebinding.yaml b/ntfy/templates/setup/rolebinding.yaml deleted file mode 100644 index 64eab0f..0000000 --- a/ntfy/templates/setup/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.ntfy.webPush.keys.create }} ---- -{{- $fullname := (include "ntfy.fullname" .) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $fullname }}-setup - labels: - {{- include "ntfy.labels" . | nindent 4 }} - app.kubernetes.io/component: setup-job -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $fullname }}-setup -subjects: - - kind: ServiceAccount - name: {{ $fullname }}-setup - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/ntfy/templates/setup/serviceaccount.yaml b/ntfy/templates/setup/serviceaccount.yaml deleted file mode 100644 index 1b5d727..0000000 --- a/ntfy/templates/setup/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.ntfy.webPush.keys.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ntfy.fullname" . }}-setup - labels: - {{- include "ntfy.labels" . | nindent 4 }} - app.kubernetes.io/component: setup-job -{{- end }} diff --git a/ntfy/values.yaml b/ntfy/values.yaml index 4206140..67badd8 100644 --- a/ntfy/values.yaml +++ b/ntfy/values.yaml @@ -10,21 +10,10 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "" -kubectl: - # -- image needed for setup (store generated VAPID / WebPush keys) - image: - registry: docker.io - repository: bitnami/kubectl - pullPolicy: IfNotPresent - tag: 1.32.1 - imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -updateStrategy: - type: Recreate - ntfy: baseURL: "https://ntfy.example.org" listen: @@ -74,13 +63,6 @@ ntfy: server: domain: null addrPrefix: null - webPush: - keys: - create: false - public: - private: - file: "/data/webpush.db" - emailAddress: "" globalTopicLimit: 15000 visitor: subscriptionLimit: 30 @@ -159,16 +141,9 @@ serviceAccount: podLabels: {} podAnnotations: {} -# -- set env in container for usage Environment variables -env: [] -# -- set envFrom in container for usage of ConfigMaps or Secrets as a bunch of Environment variables -envFrom: [] - -# -- set securityContext on pod level podSecurityContext: {} # fsGroup: 2000 -# -- set securityContext on container level securityContext: {} # capabilities: # drop: @@ -187,21 +162,6 @@ service: type: LoadBalancer port: 25 -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller) - http: [] - # -- ingress for metrics port (e.g. prometheus) - metrics: [] - # -- ingress for smtp - smtp: [] - egress: - # -- activate egress no networkpolicy - enabled: true - # -- egress rules - extra: [] - ingress: enabled: false className: "" diff --git a/postgresql/Chart.yaml b/postgresql/Chart.yaml index 904d0b0..7847d13 100644 --- a/postgresql/Chart.yaml +++ b/postgresql/Chart.yaml @@ -4,9 +4,8 @@ name: "postgresql" description: "A Helm chart for running PostgreSQL (Postgres) database" icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg type: "application" -version: "0.2.3" -# renovate: image=docker.io/library/postgres -appVersion: "17.2-alpine" +version: "0.1.4" +appVersion: "16.1-alpine3.18" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/postgresql/README.adoc b/postgresql/README.adoc new file mode 100644 index 0000000..60e7dfb --- /dev/null +++ b/postgresql/README.adoc @@ -0,0 +1,226 @@ + + += postgresql + +image::https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square[Version: 0.1.4] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-16.1-alpine3.18-informational?style=flat-square[AppVersion: 16.1-alpine3.18] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/postgresql +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install postgresql-release oci://codeberg.org/wrenix/helm-charts/postgresql --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall postgresql-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| fullnameOverride +| string +| `""` +| + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"docker.io"` +| + +| image.repository +| string +| `"postgres"` +| + +| image.tag +| string +| `""` +| + +| imagePullSecrets +| list +| `[]` +| + +| job.annotations +| object +| `{"helm.sh/hook":"post-install,post-upgrade","helm.sh/hook-delete-policy":"before-hook-creation,hook-succeeded"}` +| Annotations (usefull to delete job by helm afterwards) + +| job.databases +| object +| `{}` +| Bootstrap databases into postgresql server. When databases already exists, they will stay untouched. databases: "name_of_database": owner: "existing_user_which_will_get_grant" additionalParams: "" # Optional + +| job.enabled +| bool +| `true` +| Enable database bootstrapping. + +| job.retries +| int +| `60` +| Amount of retries while waiting for postgresql server is available. + +| job.users +| object +| `{}` +| Bootstrap users into postgresql server. When users already exists, they will stay untouched. users: username: RandomPassword0#" + +| job.wait +| int +| `5` +| Time to wait in each wait in each iteration until postgresql server is available. + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"1Gi"` +| + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| postgres.password +| string +| `"SUPERSTRONGPW"` +| Database password. + +| postgres.user +| string +| `"postgres"` +| Database user. + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.port +| int +| `5432` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.create +| bool +| `false` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/postgresql/README.md b/postgresql/README.md deleted file mode 100644 index 7c7f5ac..0000000 --- a/postgresql/README.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: "postgresql" - -description: "A Helm chart for running PostgreSQL (Postgres) database" - ---- - -# postgresql - -![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 17.2-alpine](https://img.shields.io/badge/AppVersion-17.2--alpine-informational?style=flat-square) - -A Helm chart for running PostgreSQL (Postgres) database - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/postgresql -``` - -You can install a chart release using the following command: - -```bash -helm install postgresql-release oci://codeberg.org/wrenix/helm-charts/postgresql --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall postgresql-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoupgrade.enabled | bool | `true` | | -| autoupgrade.image.pullPolicy | string | `"IfNotPresent"` | | -| autoupgrade.image.registry | string | `"docker.io"` | | -| autoupgrade.image.repository | string | `"pgautoupgrade/pgautoupgrade"` | | -| autoupgrade.image.tag | string | `"17-alpine"` | | -| autoupgrade.securityContext | object | `{}` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"library/postgres"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| job.annotations | object | `{"helm.sh/hook":"post-install,post-upgrade","helm.sh/hook-delete-policy":"before-hook-creation,hook-succeeded"}` | Annotations (usefull to delete job by helm afterwards) | -| job.databases | object | `{}` | Bootstrap databases into postgresql server. When databases already exists, they will stay untouched. databases: "name_of_database": owner: "existing_user_which_will_get_grant" additionalParams: "" # Optional | -| job.enabled | bool | `true` | Enable database bootstrapping. | -| job.retries | int | `60` | Amount of retries while waiting for postgresql server is available. | -| job.users | object | `{}` | Bootstrap users into postgresql server. When users already exists, they will stay untouched. users: username: RandomPassword0#" | -| job.wait | int | `5` | Time to wait in each wait in each iteration until postgresql server is available. | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"1Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| postgres.password | string | `"SUPERSTRONGPW"` | Database password. | -| postgres.user | string | `"postgres"` | Database user. | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `5432` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `false` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/postgresql/ci/ct-values.yaml b/postgresql/ci/ct-values.yaml deleted file mode 100644 index 26e5e8e..0000000 --- a/postgresql/ci/ct-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -job: - users: - user-name: "RandomPassword0#" - - databases: - "name_of_database": - owner: "existing_user_which_will_get_grant" - additionalParams: "" diff --git a/postgresql/files/10-init-user.sh b/postgresql/files/10-init-user.sh index 504d377..3a87be2 100644 --- a/postgresql/files/10-init-user.sh +++ b/postgresql/files/10-init-user.sh @@ -1,10 +1,10 @@ {{- range $username, $password := .Values.job.users }} -echo 'user {{ $username | quote }}:' -psql -tc "SELECT 1 FROM pg_user WHERE usename = {{ $username | squote }}" | grep -q 1; +echo 'user "{{ $username }}":' +psql -tc "SELECT 1 FROM pg_user WHERE usename = '{{ $username }}'" | grep -q 1; if [ $? -ne 0 ]; then - psql -c "CREATE USER \"{{ $username }}\" WITH ENCRYPTED PASSWORD {{ $password | squote }}"; + psql -c "CREATE USER {{ $username }} WITH ENCRYPTED PASSWORD '{{ $password }}'"; else - psql -c "ALTER USER \"{{ $username }}\" WITH ENCRYPTED PASSWORD {{ $password | squote }}"; + psql -c "ALTER USER {{ $username }} WITH ENCRYPTED PASSWORD '{{ $password }}'"; fi echo "" {{- end }} diff --git a/postgresql/files/20-init-db.sh b/postgresql/files/20-init-db.sh index de42b09..5dec00e 100644 --- a/postgresql/files/20-init-db.sh +++ b/postgresql/files/20-init-db.sh @@ -1,10 +1,10 @@ {{- range $name, $config := .Values.job.databases }} -echo 'database {{ $name | quote }}:' -psql -tc "SELECT 1 FROM pg_database WHERE datname = {{ $name | squote }}" | grep -q 1 +echo 'database "{{ $name }}":' +psql -tc "SELECT 1 FROM pg_database WHERE datname = '{{ $name }}'" | grep -q 1 if [ $? -ne 0 ]; then - psql -c 'CREATE DATABASE {{ $name | quote }} {{ with $config.additionalParams }}{{ . }} {{ end }}'; + psql -c "CREATE DATABASE {{ $name }} {{ with $config.additionalParams }}{{ . }} {{ end }}"; fi -psql -c 'ALTER DATABASE {{ $name | quote }} OWNER TO {{ $config.owner | quote }}'; -psql -c 'GRANT ALL PRIVILEGES ON DATABASE {{ $name | quote }} TO {{ $config.owner | quote }}'; +psql -c "ALTER DATABASE {{ $name }} OWNER TO {{ $config.owner }}"; +psql -c "GRANT ALL PRIVILEGES ON DATABASE {{ $name }} TO {{ $config.owner }}"; echo "" {{- end }} diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index 5c2f284..389d628 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -29,32 +29,12 @@ spec: serviceAccountName: {{ include "postgresql.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- with .Values.autoupgrade }} - {{- if .enabled }} - initContainers: - - name: upgrade - securityContext: - {{- toYaml .securityContext | nindent 12 }} - {{- with .image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - - name: "PGAUTO_ONESHOT" - value: "yes" - volumeMounts: - - name: "data" - mountPath: "/var/lib/postgresql/data" - {{- end }}{{/* end-if autoupgrade.enabled */}} - {{- end }}{{/* end-with autoupgrade */}} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: "POSTGRES_PASSWORD" value: {{ .Values.postgres.password | quote }} diff --git a/postgresql/values.yaml b/postgresql/values.yaml index 139fc70..a7fb84c 100644 --- a/postgresql/values.yaml +++ b/postgresql/values.yaml @@ -1,13 +1,10 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: +# Default values for postgresql. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. image: registry: docker.io - repository: library/postgres + repository: postgres pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -118,19 +115,3 @@ job: # owner: "existing_user_which_will_get_grant" # additionalParams: "" # Optional databases: {} - -autoupgrade: - enabled: true - image: - registry: docker.io - repository: pgautoupgrade/pgautoupgrade - pullPolicy: IfNotPresent - tag: "17-alpine" - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 diff --git a/pretix/.gitignore b/pretix/.gitignore deleted file mode 100644 index 948259a..0000000 --- a/pretix/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/*.tgz diff --git a/pretix/.helmignore b/pretix/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/pretix/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/pretix/Chart.lock b/pretix/Chart.lock deleted file mode 100644 index d8fae94..0000000 --- a/pretix/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: postgresql - repository: oci://docker.io/bitnamicharts - version: 16.4.3 -- name: redis - repository: oci://docker.io/bitnamicharts - version: 20.6.3 -digest: sha256:dd37b0663f93a21ea0d23e5041b48efef3cef63a051f2942eb095d1b95e63d7d -generated: "2025-01-15T22:10:16.363478706+01:00" diff --git a/pretix/Chart.yaml b/pretix/Chart.yaml deleted file mode 100644 index 05e3379..0000000 --- a/pretix/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: pretix -description: Reinventing ticket presales, one ticket at a time. -type: application -version: 0.1.4 -# renovate: image=docker.io/pretix/standalone -appVersion: "2024.11.0" -keywords: - - event-tickets -maintainers: - - name: WrenIX - url: https://wrenix.eu -sources: - - https://github.com/pretix/pretix - - https://codeberg.org/wrenix/helm-charts/src/branch/main/pretix - - https://hub.docker.com/r/pretix/standalone -dependencies: - - name: postgresql - version: "^16.3.1" - repository: "oci://docker.io/bitnamicharts" - condition: postgresql.enabled - - name: redis - version: "20.6.3" - repository: "oci://docker.io/bitnamicharts" - condition: redis.enabled diff --git a/pretix/README.md b/pretix/README.md deleted file mode 100644 index 97bfc7e..0000000 --- a/pretix/README.md +++ /dev/null @@ -1,292 +0,0 @@ ---- -title: "pretix" - -description: "Reinventing ticket presales, one ticket at a time." - ---- - -# pretix - -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) - -Reinventing ticket presales, one ticket at a time. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Source Code - -* -* -* - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/pretix -``` - -You can install a chart release using the following command: - -```bash -helm install pretix-release oci://codeberg.org/wrenix/helm-charts/pretix --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall pretix-release -``` - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://docker.io/bitnamicharts | postgresql | ^16.3.1 | -| oci://docker.io/bitnamicharts | redis | 20.6.3 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| cronSchedule | string | `"*/30 * * * *"` | | -| env.PRETIX_CELERY_BACKEND | string | `"redis://:changeme@pretix-redis-master/1"` | | -| env.PRETIX_CELERY_BROKER | string | `"redis://:changeme@pretix-redis-master/2"` | | -| env.PRETIX_DATABASE_BACKEND | string | `"postgresql"` | | -| env.PRETIX_DATABASE_HOST | string | `"pretix-postgresql"` | | -| env.PRETIX_DATABASE_NAME | string | `"pretix"` | | -| env.PRETIX_DATABASE_PASSWORD | string | `"pretix"` | | -| env.PRETIX_DATABASE_USER | string | `"pretix"` | | -| env.PRETIX_MAIL_FROM | string | `"test@example.com"` | | -| env.PRETIX_MAIL_HOST | string | `nil` | | -| env.PRETIX_MAIL_PASSWORD | string | `nil` | | -| env.PRETIX_MAIL_PORT | int | `587` | | -| env.PRETIX_MAIL_TLS | bool | `true` | | -| env.PRETIX_MAIL_USER | string | `nil` | | -| env.PRETIX_METRICS_ENABLED | bool | `false` | | -| env.PRETIX_METRICS_PASSPHRASE | string | `"pretix"` | | -| env.PRETIX_METRICS_USER | string | `"pretix"` | | -| env.PRETIX_PRETIX_CURRENCY | string | `"EUR"` | | -| env.PRETIX_PRETIX_DATADIR | string | `"/data"` | | -| env.PRETIX_PRETIX_INSTANCE_NAME | string | `"Pretix Helm"` | | -| env.PRETIX_PRETIX_TRUST_X_FORWARDED_FOR | bool | `true` | | -| env.PRETIX_PRETIX_TRUST_X_FORWARDED_PROTO | bool | `true` | | -| env.PRETIX_PRETIX_URL | string | `"http://localhost"` | | -| env.PRETIX_REDIS_LOCATION | string | `"redis://:changeme@pretix-redis-master/0"` | | -| env.PRETIX_REDIS_SESSIONS | bool | `true` | | -| fullnameOverride | string | `""` | | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"pretix/standalone"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.httpHeaders[0].name | string | `"host"` | | -| livenessProbe.httpGet.httpHeaders[0].value | string | `"localhost"` | | -| livenessProbe.httpGet.path | string | `"/healthcheck/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"5Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| postgresql.auth.database | string | `"pretix"` | | -| postgresql.auth.password | string | `"pretix"` | | -| postgresql.auth.postgresPassword | string | `"supersecureadminpassword"` | | -| postgresql.auth.username | string | `"pretix"` | | -| postgresql.enabled | bool | `true` | | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | broken, Host need to be localhost on request (instatt of ip) needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003 | -| prometheus.servicemonitor.interval | string | `nil` | interval | -| prometheus.servicemonitor.labels | object | `{}` | | -| prometheus.servicemonitor.scrapeTimeout | string | `nil` | scrape timeout | -| readinessProbe.httpGet.httpHeaders[0].name | string | `"host"` | | -| readinessProbe.httpGet.httpHeaders[0].value | string | `"localhost"` | | -| readinessProbe.httpGet.path | string | `"/healthcheck/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| redis.architecture | string | `"standalone"` | | -| redis.auth.enabled | bool | `true` | | -| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time | -| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret | -| redis.auth.password | string | `"changeme"` | | -| redis.enabled | bool | `true` | | -| redis.global.storageClass | string | `""` | | -| redis.master.persistence.enabled | bool | `true` | | -| redis.replica.persistence.enabled | bool | `true` | | -| replicas.taskworker | int | `1` | | -| replicas.web | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -# pretix - -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) - -Reinventing ticket presales, one ticket at a time. - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Source Code - -* -* -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://docker.io/bitnamicharts | postgresql | ^16.3.1 | -| oci://docker.io/bitnamicharts | redis | 20.6.3 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| cronSchedule | string | `"*/30 * * * *"` | | -| env.PRETIX_CELERY_BACKEND | string | `"redis://:changeme@pretix-redis-master/1"` | | -| env.PRETIX_CELERY_BROKER | string | `"redis://:changeme@pretix-redis-master/2"` | | -| env.PRETIX_DATABASE_BACKEND | string | `"postgresql"` | | -| env.PRETIX_DATABASE_HOST | string | `"pretix-postgresql"` | | -| env.PRETIX_DATABASE_NAME | string | `"pretix"` | | -| env.PRETIX_DATABASE_PASSWORD | string | `"pretix"` | | -| env.PRETIX_DATABASE_USER | string | `"pretix"` | | -| env.PRETIX_MAIL_FROM | string | `"test@example.com"` | | -| env.PRETIX_MAIL_HOST | string | `nil` | | -| env.PRETIX_MAIL_PASSWORD | string | `nil` | | -| env.PRETIX_MAIL_PORT | int | `587` | | -| env.PRETIX_MAIL_TLS | bool | `true` | | -| env.PRETIX_MAIL_USER | string | `nil` | | -| env.PRETIX_METRICS_ENABLED | bool | `false` | | -| env.PRETIX_METRICS_PASSPHRASE | string | `"pretix"` | | -| env.PRETIX_METRICS_USER | string | `"pretix"` | | -| env.PRETIX_PRETIX_CURRENCY | string | `"EUR"` | | -| env.PRETIX_PRETIX_DATADIR | string | `"/data"` | | -| env.PRETIX_PRETIX_INSTANCE_NAME | string | `"Pretix Helm"` | | -| env.PRETIX_PRETIX_TRUST_X_FORWARDED_FOR | bool | `true` | | -| env.PRETIX_PRETIX_TRUST_X_FORWARDED_PROTO | bool | `true` | | -| env.PRETIX_PRETIX_URL | string | `"http://localhost"` | | -| env.PRETIX_REDIS_LOCATION | string | `"redis://:changeme@pretix-redis-master/0"` | | -| env.PRETIX_REDIS_SESSIONS | bool | `true` | | -| fullnameOverride | string | `""` | | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"pretix/standalone"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.httpHeaders[0].name | string | `"host"` | | -| livenessProbe.httpGet.httpHeaders[0].value | string | `"localhost"` | | -| livenessProbe.httpGet.path | string | `"/healthcheck/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"5Gi"` | | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| postgresql.auth.database | string | `"pretix"` | | -| postgresql.auth.password | string | `"pretix"` | | -| postgresql.auth.postgresPassword | string | `"supersecureadminpassword"` | | -| postgresql.auth.username | string | `"pretix"` | | -| postgresql.enabled | bool | `true` | | -| prometheus.rules.additionalRules | list | `[]` | | -| prometheus.rules.enabled | bool | `false` | | -| prometheus.rules.labels | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | broken, Host need to be localhost on request (instatt of ip) needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003 | -| prometheus.servicemonitor.interval | string | `nil` | interval | -| prometheus.servicemonitor.labels | object | `{}` | | -| prometheus.servicemonitor.scrapeTimeout | string | `nil` | scrape timeout | -| readinessProbe.httpGet.httpHeaders[0].name | string | `"host"` | | -| readinessProbe.httpGet.httpHeaders[0].value | string | `"localhost"` | | -| readinessProbe.httpGet.path | string | `"/healthcheck/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| redis.architecture | string | `"standalone"` | | -| redis.auth.enabled | bool | `true` | | -| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time | -| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret | -| redis.auth.password | string | `"changeme"` | | -| redis.enabled | bool | `true` | | -| redis.global.storageClass | string | `""` | | -| redis.master.persistence.enabled | bool | `true` | | -| redis.replica.persistence.enabled | bool | `true` | | -| replicas.taskworker | int | `1` | | -| replicas.web | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/pretix/ci/all-values.yaml b/pretix/ci/all-values.yaml deleted file mode 100644 index a79e60c..0000000 --- a/pretix/ci/all-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -env: - a: a - -persistence: - enabled: true - -ingress: - enabled: true - annotations: - a: a diff --git a/pretix/ci/empty-values.yaml b/pretix/ci/empty-values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/pretix/templates/NOTES.txt b/pretix/templates/NOTES.txt deleted file mode 100644 index 2215ad7..0000000 --- a/pretix/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pretix.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pretix.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pretix.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pretix.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/pretix/templates/configmap_grafana_dashboards.yaml b/pretix/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index d9ff230..0000000 --- a/pretix/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "pretix.fullname" . }}-grafana-dashboards - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- toYaml .Values.grafana.dashboards.labels | nindent 4 }} - annotations: - {{- toYaml .Values.grafana.dashboards.annotations | nindent 4 }} -data: - {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/pretix/templates/cronjob.yaml b/pretix/templates/cronjob.yaml deleted file mode 100644 index 8ddfe27..0000000 --- a/pretix/templates/cronjob.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} -spec: - schedule: {{ .Values.cronSchedule | quote }} - jobTemplate: - spec: - template: - metadata: - annotations: - checksum/secret: {{ toYaml $.Values.env | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 12 }} - {{- end }} - labels: - {{- include "pretix.labels" . | nindent 12 }} - app.kubernetes.io/component: cronjob - {{- with .Values.podLabels }} - {{- toYaml . | nindent 12 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 12 }} - {{- end }} - serviceAccountName: {{ include "pretix.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 12 }} - restartPolicy: OnFailure - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 16 }} - {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "pretix.fullname" . }} - env: - # Migrations are handled by helm hooks in pretix-migrate.yaml - - name: AUTOMIGRATE - value: "skip" - command: [ "pretix" ] - args: [ "cron" ] - resources: - {{- toYaml .Values.resources | nindent 16 }} - volumeMounts: - - name: pretix-data - mountPath: /data - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 16 }} - {{- end }} - volumes: - - name: pretix-data - {{- if .Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ .Values.persistence.hostPath | quote }} - {{- else if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ with .Values.persistence.existingClaim }}{{ . }}{{- else }}{{ template "pretix.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 12 }} - {{- end }} diff --git a/pretix/templates/deployment.yaml b/pretix/templates/deployment.yaml deleted file mode 100644 index 20dc63d..0000000 --- a/pretix/templates/deployment.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- range $component := list "web" "taskworker" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "pretix.fullname" $ }}-{{ $component }} - labels: - {{- include "pretix.labels" $ | nindent 4 }} - app.kubernetes.io/component: {{ $component }} -spec: - {{- if not $.Values.autoscaling.enabled }} - replicas: {{ get $.Values.replicas $component }} - {{- end }} - selector: - matchLabels: - {{- include "pretix.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: {{ $component }} - template: - metadata: - annotations: - checksum/secret: {{ toYaml $.Values.env | sha256sum }} - {{- with $.Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "pretix.labels" $ | nindent 8 }} - app.kubernetes.io/component: {{ $component }} - {{- with $.Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with $.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "pretix.serviceAccountName" $ }} - securityContext: - {{- toYaml $.Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ $.Chart.Name }} - securityContext: - {{- toYaml $.Values.securityContext | nindent 12 }} - {{- with $.Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ .pullPolicy }} - {{- end }} - env: - # Migrations are handled by helm hooks in pretix-migrate.yaml - - name: AUTOMIGRATE - value: "skip" - envFrom: - - secretRef: - name: {{ include "pretix.fullname" $ }} - command: [ "pretix" ] - args: [ {{ $component | quote }} ] - {{- if (eq $component "web") }} - ports: - - name: http - containerPort: {{ $.Values.service.port }} - protocol: TCP - livenessProbe: - {{- toYaml $.Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml $.Values.readinessProbe | nindent 12 }} - {{- end }} - resources: - {{- toYaml $.Values.resources | nindent 12 }} - volumeMounts: - - name: pretix-data - mountPath: /data - {{- with $.Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: pretix-data - {{- if $.Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ $.Values.persistence.hostPath | quote }} - {{- else if $.Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ with $.Values.persistence.existingClaim }}{{ . }}{{- else }}{{ template "pretix.fullname" $ }}{{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- with $.Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/pretix/templates/ingress.yaml b/pretix/templates/ingress.yaml deleted file mode 100644 index 7ab4d99..0000000 --- a/pretix/templates/ingress.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- with .pathType }} - pathType: {{ . }} - {{- end }} - backend: - service: - name: {{ include "pretix.fullname" $ }}-web - port: - name: http - {{- end }} - {{- end }} -{{- end }} diff --git a/pretix/templates/job-migrate.yaml b/pretix/templates/job-migrate.yaml deleted file mode 100644 index aabb446..0000000 --- a/pretix/templates/job-migrate.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "pretix.fullname" . }}-migrate - labels: - {{- include "pretix.labels" . | nindent 4 }} - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-weight: "5" - helm.sh/hook-delete-policy: hook-succeeded -spec: - template: - metadata: - annotations: - checksum/secret: {{ toYaml .Values.env | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "pretix.labels" . | nindent 8 }} - app.kubernetes.io/component: cronjob - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "pretix.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - restartPolicy: OnFailure - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ .pullPolicy }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "pretix.fullname" . }} - command: [ "pretix" ] - args: [ "migrate" ] - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: pretix-data - mountPath: /data - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: pretix-data - {{- if .Values.persistence.hostPath }} - hostPath: - type: Directory - path: {{ .Values.persistence.hostPath | quote }} - {{- else if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ with .Values.persistence.existingClaim }}{{ . }}{{- else }}{{ template "pretix.fullname" . }}{{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/pretix/templates/prometheus-rules.yaml b/pretix/templates/prometheus-rules.yaml deleted file mode 100644 index b229eb7..0000000 --- a/pretix/templates/prometheus-rules.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.prometheus.rules.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- with .Values.prometheus.rules.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ template "pretix.fullname" . }}-Additional - rules: - - alert: "pretix: error in task" - expr: rate(pretix_task_runs_total{status!="success"}[1h])!=0 - for: 5m - labels: - severity: critical - annotations: - {{` - summary: "pretix task of {{ $labels.instance }} has an error on {{ $labels.task_name }} in the last hour" - `}} - {{- with .Values.prometheus.rules.additionalRules }} - - name: {{ template "pretix.fullname" $ }}-Additional - rules: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/pretix/templates/pvc.yaml b/pretix/templates/pvc.yaml deleted file mode 100644 index 3f694e5..0000000 --- a/pretix/templates/pvc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and - .Values.persistence.enabled - (not .Values.persistence.hostPath) - (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- with .Values.persistence.annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- with .Values.persistence.storageClass }} - {{- if (eq "-" .) }} - storageClassName: "" - {{- else }} - storageClassName: {{ . | quote }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/pretix/templates/secrets.yaml b/pretix/templates/secrets.yaml deleted file mode 100644 index 6c377e0..0000000 --- a/pretix/templates/secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - annotations: - checksum/secret: {{ toYaml $.Values.env | sha256sum }} -data: - {{- range $name, $value := .Values.env }} - {{ $name }}: {{ toYaml $value | b64enc }} - {{- end }} diff --git a/pretix/templates/service.yaml b/pretix/templates/service.yaml deleted file mode 100644 index 2dff661..0000000 --- a/pretix/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- range $component := list "web" "taskworker" }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "pretix.fullname" $ }}-{{ $component }} - labels: - {{- include "pretix.labels" $ | nindent 4 }} - app.kubernetes.io/component: {{ $component }} -spec: - type: {{ $.Values.service.type }} - selector: - {{- include "pretix.selectorLabels" $ | nindent 4 }} - app.kubernetes.io/component: {{ $component }} - ports: - - port: {{ $.Values.service.port }} - targetPort: http - protocol: TCP - name: http -{{- end }} diff --git a/pretix/templates/servicemonitor.yaml b/pretix/templates/servicemonitor.yaml deleted file mode 100644 index 9c167fd..0000000 --- a/pretix/templates/servicemonitor.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if and .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "pretix.fullname" . }} - labels: - {{- include "pretix.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "pretix.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: web - endpoints: - - port: http - path: "/metrics" - enableHttp2: false - basicAuth: - username: - name: {{ include "pretix.fullname" . }} - key: PRETIX_METRICS_USER - password: - name: {{ include "pretix.fullname" . }} - key: PRETIX_METRICS_PASSPHRASE - {{- with .Values.prometheus.servicemonitor }} - {{- with .interval }} - interval: {{ . }} - {{- end }} - {{- with .scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - {{- end }} -{{- end }} - diff --git a/pretix/templates/tests/test-connection.yaml b/pretix/templates/tests/test-connection.yaml deleted file mode 100644 index 904e9ba..0000000 --- a/pretix/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "pretix.fullname" . }}-test-connection" - labels: - {{- include "pretix.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "pretix.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/pretix/values.yaml b/pretix/values.yaml deleted file mode 100644 index f839a79..0000000 --- a/pretix/values.yaml +++ /dev/null @@ -1,237 +0,0 @@ -# Default values for pretix. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ -replicas: - web: 1 - taskworker: 1 - -# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ -image: - registry: docker.io - repository: pretix/standalone - # This sets the pull policy for images. - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -cronSchedule: "*/30 * * * *" - -env: - PRETIX_PRETIX_INSTANCE_NAME: Pretix Helm - PRETIX_PRETIX_URL: http://localhost - PRETIX_PRETIX_CURRENCY: EUR - PRETIX_PRETIX_DATADIR: /data - PRETIX_PRETIX_TRUST_X_FORWARDED_FOR: true - PRETIX_PRETIX_TRUST_X_FORWARDED_PROTO: true - PRETIX_MAIL_FROM: test@example.com - PRETIX_MAIL_HOST: - PRETIX_MAIL_USER: - PRETIX_MAIL_PASSWORD: - PRETIX_MAIL_PORT: 587 - PRETIX_MAIL_TLS: true - PRETIX_DATABASE_BACKEND: postgresql - PRETIX_DATABASE_NAME: pretix - PRETIX_DATABASE_USER: pretix - PRETIX_DATABASE_PASSWORD: pretix - PRETIX_DATABASE_HOST: pretix-postgresql - PRETIX_REDIS_LOCATION: redis://:changeme@pretix-redis-master/0 - PRETIX_REDIS_SESSIONS: true - PRETIX_CELERY_BACKEND: redis://:changeme@pretix-redis-master/1 - PRETIX_CELERY_BROKER: redis://:changeme@pretix-redis-master/2 - PRETIX_METRICS_ENABLED: false - PRETIX_METRICS_USER: pretix - PRETIX_METRICS_PASSPHRASE: pretix - -# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# This is to override the chart name. -nameOverride: "" -fullnameOverride: "" - -# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -# This is for setting Kubernetes Annotations to a Pod. -# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -podAnnotations: {} - -# This is for setting Kubernetes Labels to a Pod. -# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - annotations: {} - # -- Persistent Volume Storage Class - # If defined, storageClassName: - # If set to "-", storageClassName: "", which disables dynamic provisioning - # If undefined (the default) or set to null, no storageClassName spec is - # set, choosing the default provisioner. (gp2 on AWS, standard on - # GKE, AWS & OpenStack) - # - storageClass: - - # -- A manually managed Persistent Volume and Claim - # Requires persistence.enabled: true - # If defined, PVC must be created manually before volume will be bound - existingClaim: - - # -- Do not create an PVC, direct use hostPath in Pod - hostPath: - accessMode: ReadWriteOnce - size: 5Gi - -# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ -service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports - port: 80 - -prometheus: - servicemonitor: - # -- broken, Host need to be localhost on request (instatt of ip) - # needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003 - enabled: false - labels: {} - # -- interval - interval: - # -- scrape timeout - scrapeTimeout: - rules: - enabled: false - labels: {} - # current no default alertrules are provided - additionalRules: [] - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ -livenessProbe: - httpGet: - path: /healthcheck/ - port: http - httpHeaders: - - name: "host" - value: localhost -readinessProbe: - httpGet: - path: /healthcheck/ - port: http - httpHeaders: - - name: "host" - value: localhost - -# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} - - -postgresql: - enabled: true - auth: - database: pretix - username: pretix - password: pretix - postgresPassword: supersecureadminpassword - -redis: - enabled: true - architecture: standalone - auth: - enabled: true - password: 'changeme' - # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time - existingSecret: "" - # -- Password key to be retrieved from existing secret - existingSecretPasswordKey: "" - global: - storageClass: "" - master: - persistence: - enabled: true - replica: - persistence: - enabled: true diff --git a/publish.sh b/publish.sh index d0596e5..7f174bf 100755 --- a/publish.sh +++ b/publish.sh @@ -1,18 +1,19 @@ #/bin/sh -HELM_REPO=${HELM_REPO:-codeberg.org/wrenix/helm-charts} -HELM_REPO_URL="oci://${HELM_REPO}" +HELM_REPO=${HELM_REPO:-oci://codeberg.org/wrenix/helm-charts} COMMIT_SCOPE=${2:-fix} COMMIT_MESSAGE=${1:-"update appVersion"} +helm-docs -t ./README.adoc.gotmpl -t _docs.gotmpl -o README.adoc -ct lint # || exit 1 +./docs/modules/charts/generate.sh + +ct lint || exit 1 for p in * ; do if \ [ ! -d $p ] || \ - [ $p == docs ] || \ [ ! -f $p/Chart.yaml ] \ ; then continue @@ -21,7 +22,7 @@ for p in * ; do echo "${p}:"; # last pkg - lastTag=$(git tag -l "${p}-v*" | sort --sort=version | tail -1) + lastTag=$(git tag -l "${p}-v*" | tail -1) lastVersion=${lastTag#${p}-v} echo "last pkg: ${lastVersion}" @@ -41,8 +42,7 @@ for p in * ; do if [ "$tag" == "$lastTag" ]; then echo "changed helmchart should create new pkg - diff line count has:" echo $(git diff "${lastTag}" -- "${p}" | wc -l); - echo - continue; + exit 1 fi else echo "nothing todo" @@ -50,33 +50,13 @@ for p in * ; do continue; fi fi - - set -e - echo "update docs" - helm-docs -t ./README.md.gotmpl -t _docs.gotmpl -o README.md -g "${p}" - rm -f "${p}/README.adoc" - echo - - echo "package and push helm-chart" helm package "${p}" - helm push "${p}-${v}.tgz" "${HELM_REPO_URL}"; - oras tag "${HELM_REPO}/${p}:${v}" "${v%\.[0-9]*}" "${v%\.[0-9]*\.[0-9]*}" "latest" - echo + helm push "${p}-${v}.tgz" "${HELM_REPO}"; - echo "update artifacthub.io" - set +e - oras push "${HELM_REPO}/${p}:artifacthub.io" \ - --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \ - "${p}/artifacthub-repo.yml":application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml - echo - - echo "push to git" git add "${p}/" git commit -m "${COMMIT_SCOPE}(${p}): ${COMMIT_MESSAGE}" - set -e git tag "${tag}" --no-sign; git push --tags origin main; - set +e echo done diff --git a/speedtest-exporter/.helmignore b/speedtest-exporter/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/speedtest-exporter/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/speedtest-exporter/Chart.yaml b/speedtest-exporter/Chart.yaml deleted file mode 100644 index 6f0c203..0000000 --- a/speedtest-exporter/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: speedtest-exporter -description: -icon: https://b.cdnst.net/images/favicons/favicon-180.png -type: application -version: "0.2.1" -# renovate: image=ghcr.io/miguelndecarvalho/speedtest-exporter -appVersion: "3.5.4" -maintainers: - - name: WrenIX - url: https://wrenix.eu diff --git a/speedtest-exporter/README.md b/speedtest-exporter/README.md deleted file mode 100644 index 0c88a0f..0000000 --- a/speedtest-exporter/README.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: "speedtest-exporter" - ---- - -# speedtest-exporter - -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.5.4](https://img.shields.io/badge/AppVersion-3.5.4-informational?style=flat-square) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/speedtest-exporter -``` - -You can install a chart release using the following command: - -```bash -helm install speedtest-exporter-release oci://codeberg.org/wrenix/helm-charts/speedtest-exporter --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall speedtest-exporter-release -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.cacheFor | int | `0` | cache result for seconds | -| config.server | string | `nil` | speedtest-serverid | -| config.timeout | int | `90` | timeout of speedtest | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| grafana.dashboards.annotations | object | `{}` | | -| grafana.dashboards.enabled | bool | `false` | | -| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"ghcr.io"` | | -| image.repository | string | `"miguelndecarvalho/speedtest-exporter"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy | -| networkPolicy.egress.extra | list | `[]` | egress rules | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller, prometheus) | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.interval | string | `"1h"` | interval | -| prometheus.servicemonitor.labels | object | `{}` | | -| prometheus.servicemonitor.scrapeTimeout | string | `"2m"` | scrape timeout | -| readinessProbe.httpGet.path | string | `"/"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/speedtest-exporter/_docs.gotmpl b/speedtest-exporter/_docs.gotmpl deleted file mode 100644 index e69de29..0000000 diff --git a/speedtest-exporter/grafana_dashboards/Speedtest-Exporter.json b/speedtest-exporter/grafana_dashboards/Speedtest-Exporter.json deleted file mode 100644 index b74dbb8..0000000 --- a/speedtest-exporter/grafana_dashboards/Speedtest-Exporter.json +++ /dev/null @@ -1,843 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "description": "Dashboard for Speedtest Exporter https://github.com/MiguelNdeCarvalho/speedtest-exporter", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 13665, - "graphTooltip": 0, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 1, - "text": "DOWN" - }, - "1": { - "index": 0, - "text": "UP" - } - }, - "type": "value" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "yellow", - "value": null - }, - { - "color": "red", - "value": 0 - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 12, - "x": 0, - "y": 0 - }, - "id": null, - "options": { - "colorMode": "background", - "graphMode": "area", - "justifyMode": "center", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "value", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "sum(speedtest_up{job=~\"$job\"}) without (instance,pod)", - "instant": false, - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Status of the Speedtest-Exporter", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "ServerID of the last test done", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 15, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "center", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "value", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "sum(speedtest_server_id{job=~\"$job\"})", - "instant": false, - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "ServerID (Last test done)", - "type": "stat" - }, - { - "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 8, - "panels": [], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "refId": "A" - } - ], - "title": "Gauges", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "binbps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 4 - }, - "id": 10, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(speedtest_download_bits_per_second{job=~\"$job\"}) without (instance,pod)", - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Download Speed", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "binbps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 4 - }, - "id": 12, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(speedtest_upload_bits_per_second{job=~\"$job\"}) without (instance,pod)", - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Upload Speed", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "ms" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 4 - }, - "id": 13, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "avg(speedtest_ping_latency_milliseconds{job=~\"$job\"}) without (instance,pod)", - "instant": false, - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Ping", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "ms" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 4 - }, - "id": 11, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.1.0", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": false, - "expr": "avg(speedtest_jitter_latency_milliseconds{job=~\"$job\"}) without (instance,pod)", - "instant": false, - "interval": "", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Jitter", - "type": "stat" - }, - { - "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 12 - }, - "id": 6, - "panels": [], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "refId": "A" - } - ], - "title": "Graphics", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 50, - "gradientMode": "opacity", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "binbps" - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Upload: .*/" - }, - "properties": [ - { - "id": "custom.transform", - "value": "negative-Y" - } - ] - } - ] - }, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 2, - "options": { - "legend": { - "calcs": [ - "mean", - "max", - "logmin" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "8.4.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(speedtest_download_bits_per_second{job=~\"$job\"}) without (instance,pod)", - "interval": "", - "legendFormat": "Download: {{ instance }}", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(speedtest_upload_bits_per_second{job=~\"$job\"}) without (instance,pod)", - "hide": false, - "instant": false, - "legendFormat": "Upload: {{ instance }}", - "range": true, - "refId": "B" - } - ], - "title": "Traffic Speed", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "Time", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "opacity", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "ms" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Jitter (ms)" - }, - "properties": [ - { - "id": "custom.axisPlacement", - "value": "right" - } - ] - } - ] - }, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 22 - }, - "id": 4, - "options": { - "legend": { - "calcs": [ - "mean", - "max", - "logmin" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "8.4.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "avg(speedtest_ping_latency_milliseconds{job=~\"$job\"}) without (instance,pod)", - "interval": "", - "legendFormat": "Ping (ms)", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "avg(speedtest_jitter_latency_milliseconds{job=~\"$job\"}) without (instance,pod)", - "instant": false, - "interval": "", - "legendFormat": "Jitter (ms)", - "refId": "B" - } - ], - "title": "Ping and Jitter (ms)", - "type": "timeseries" - } - ], - "refresh": "5m", - "schemaVersion": 39, - "tags": [ - "network" - ], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "default", - "value": "default" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(speedtest_up, job)", - "hide": 0, - "includeAll": true, - "label": "Job", - "multi": true, - "name": "job", - "options": [], - "query": { - "query": "label_values(speedtest_up, job)", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - } - ] - }, - "time": { - "from": "now-2d", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Speedtest-Exporter Dashboard", - "uid": "-fs18ztMz", - "version": 1, - "weekStart": "" -} diff --git a/speedtest-exporter/templates/NOTES.txt b/speedtest-exporter/templates/NOTES.txt deleted file mode 100644 index d840f1a..0000000 --- a/speedtest-exporter/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "speedtest-exporter.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "speedtest-exporter.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "speedtest-exporter.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "speedtest-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/speedtest-exporter/templates/_helpers.tpl b/speedtest-exporter/templates/_helpers.tpl deleted file mode 100644 index 6b2c229..0000000 --- a/speedtest-exporter/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "speedtest-exporter.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "speedtest-exporter.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "speedtest-exporter.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "speedtest-exporter.labels" -}} -helm.sh/chart: {{ include "speedtest-exporter.chart" . }} -{{ include "speedtest-exporter.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "speedtest-exporter.selectorLabels" -}} -app.kubernetes.io/name: {{ include "speedtest-exporter.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "speedtest-exporter.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "speedtest-exporter.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/configmap_grafana_dashboards.yaml b/speedtest-exporter/templates/configmap_grafana_dashboards.yaml deleted file mode 100644 index 830812d..0000000 --- a/speedtest-exporter/templates/configmap_grafana_dashboards.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.grafana.dashboards.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "speedtest-exporter.fullname" $ }}-grafana-dashboards - labels: - {{- include "speedtest-exporter.labels" $ | nindent 4 }} - {{- toYaml $.Values.grafana.dashboards.labels | nindent 4 }} - annotations: - {{- toYaml $.Values.grafana.dashboards.annotations | nindent 4 }} -data: - {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }} -{{- end }} diff --git a/speedtest-exporter/templates/deployment.yaml b/speedtest-exporter/templates/deployment.yaml deleted file mode 100644 index 6ec8bba..0000000 --- a/speedtest-exporter/templates/deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "speedtest-exporter.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "speedtest-exporter.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} - image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" - imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} - {{- end }} - env: - {{- with .Values.config.server }} - - name: "SPEEDTEST_SERVER" - value: {{ . | quote }} - {{- end }} - {{- with .Values.config.cacheFor }} - - name: "SPEEDTEST_CACHE_FOR" - value: {{ . | quote }} - {{- end }} - {{- with .Values.config.timeout }} - - name: "SPEEDTEST_TIMEOUT" - value: {{ . | quote }} - {{- end }} - ports: - - name: http - containerPort: 9798 - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/speedtest-exporter/templates/hpa.yaml b/speedtest-exporter/templates/hpa.yaml deleted file mode 100644 index a1c4a6d..0000000 --- a/speedtest-exporter/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "speedtest-exporter.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/ingress.yaml b/speedtest-exporter/templates/ingress.yaml deleted file mode 100644 index e5fc79a..0000000 --- a/speedtest-exporter/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "speedtest-exporter.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/networkpolicy.yaml b/speedtest-exporter/templates/networkpolicy.yaml deleted file mode 100644 index cb011b3..0000000 --- a/speedtest-exporter/templates/networkpolicy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include "speedtest-exporter.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - ingress: - - ports: - - port: 9798 - protocol: TCP - from: - {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml .extra | nindent 4 }} - {{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/service.yaml b/speedtest-exporter/templates/service.yaml deleted file mode 100644 index ac6246a..0000000 --- a/speedtest-exporter/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "speedtest-exporter.selectorLabels" . | nindent 4 }} diff --git a/speedtest-exporter/templates/serviceaccount.yaml b/speedtest-exporter/templates/serviceaccount.yaml deleted file mode 100644 index 9d0600f..0000000 --- a/speedtest-exporter/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "speedtest-exporter.serviceAccountName" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/speedtest-exporter/templates/servicemonitor.yaml b/speedtest-exporter/templates/servicemonitor.yaml deleted file mode 100644 index b5fe422..0000000 --- a/speedtest-exporter/templates/servicemonitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "speedtest-exporter.fullname" . }} - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "speedtest-exporter.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: "/metrics" - {{- with .Values.prometheus.servicemonitor }} - {{- with .interval }} - interval: {{ . }} - {{- end }} - {{- with .scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - {{- end }} -{{- end }} diff --git a/speedtest-exporter/templates/tests/test-connection.yaml b/speedtest-exporter/templates/tests/test-connection.yaml deleted file mode 100644 index 2c6125f..0000000 --- a/speedtest-exporter/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "speedtest-exporter.fullname" . }}-test-connection" - labels: - {{- include "speedtest-exporter.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "speedtest-exporter.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/speedtest-exporter/values.yaml b/speedtest-exporter/values.yaml deleted file mode 100644 index e85daa6..0000000 --- a/speedtest-exporter/values.yaml +++ /dev/null @@ -1,146 +0,0 @@ -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -replicaCount: 1 - -image: - registry: ghcr.io - repository: miguelndecarvalho/speedtest-exporter - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -config: - # -- speedtest-serverid - server: - # -- cache result for seconds - cacheFor: 0 - # -- timeout of speedtest - timeout: 90 - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podLabels: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -prometheus: - servicemonitor: - enabled: false - labels: {} - # -- interval - interval: 1h - # -- scrape timeout - scrapeTimeout: 2m - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: {} - -networkPolicy: - enabled: false - ingress: - # -- ingress for http port (e.g. ingress-controller, prometheus) - http: [] - egress: - # -- activate egress no networkpolicy - enabled: false - # -- egress rules - extra: [] - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -livenessProbe: - httpGet: - path: / - port: http -readinessProbe: - httpGet: - path: / - port: http - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/stalwart-mail/.gitignore b/stalwart-mail/.gitignore deleted file mode 100644 index dea9083..0000000 --- a/stalwart-mail/.gitignore +++ /dev/null @@ -1 +0,0 @@ -values_test.yaml diff --git a/stalwart-mail/.helmignore b/stalwart-mail/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/stalwart-mail/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/stalwart-mail/README.md b/stalwart-mail/README.md deleted file mode 100644 index 14abf7d..0000000 --- a/stalwart-mail/README.md +++ /dev/null @@ -1,221 +0,0 @@ ---- -title: "stalwart-mail" - -description: "Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP)" - ---- - -# stalwart-mail - -![Version: 0.0.23](https://img.shields.io/badge/Version-0.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.3](https://img.shields.io/badge/AppVersion-0.11.3-informational?style=flat-square) - -Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP) - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| WrenIX | | | - -= Alpha - -WARNING -==== -We stop working on this Helm-Chart. -There are still many breaking change like: - -* https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings] - -We hope that stalward mail-server becomes more stable. - -==== - -## Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's [documentation](https://helm.sh/docs) to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -```bash -helm pull oci://codeberg.org/wrenix/helm-charts/stalwart-mail -``` - -You can install a chart release using the following command: - -```bash -helm install stalwart-mail-release oci://codeberg.org/wrenix/helm-charts/stalwart-mail --values values.yaml -``` - -To uninstall a chart release use `helm`'s delete command: - -```bash -helm uninstall stalwart-mail-release -``` - -## Values - -### DKIM - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| config.auth.dkim.sign | list | `[{"if":"listener != 'smtp'","then":"['rsa', 'ed25519']"},{"else":false}]` | auth rule for signing with dkim | -| config.auth.dkim.verify | string | `"relaxed"` | verify of dkim signature (relaxed, strict, disable) | - -### Authentification - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| config.authentication.fallback-admin.secret | string | `"%{env:FALLBACK_ADMIN_SECRET}%"` | password for fallback authentfication (use env for store in secrets of kubernetes) | -| config.authentication.fallback-admin.user | string | `"admin"` | username for fallback authentfication | -| secrets.env.FALLBACK_ADMIN_SECRET | string | `"supersecret"` | password for fallback authentfication (env) | - -### Other Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| certificate.certmanager.dnsNames[0] | string | `"chart-example.local"` | | -| certificate.certmanager.enabled | bool | `true` | | -| certificate.certmanager.issuerRef.group | string | `"cert-manager.io"` | | -| certificate.certmanager.issuerRef.kind | string | `"ClusterIssuer"` | | -| certificate.certmanager.issuerRef.name | string | `"letsencrypt-prod"` | | -| certificate.secretName | string | `nil` | not needed if certmanager is used | -| config.directory.internal.store | string | `"rocksdb"` | | -| config.directory.internal.type | string | `"internal"` | | -| config.metrics.prometheus.auth.secret | string | `"%{env:METRICS_SECRET}%"` | | -| config.metrics.prometheus.auth.username | string | `"%{env:METRICS_USERNAME}%"` | | -| config.metrics.prometheus.enable | bool | `true` | | -| config.server.allowed-ip."10.42.0.1/16" | string | `""` | | -| config.server.listener.http.bind[0] | string | `"[::]:80"` | | -| config.server.listener.http.protocol | string | `"http"` | | -| config.server.listener.https.bind[0] | string | `"[::]:443"` | | -| config.server.listener.https.protocol | string | `"http"` | | -| config.server.listener.https.tls.implicit | bool | `true` | | -| config.server.listener.imap.bind[0] | string | `"[::]:143"` | | -| config.server.listener.imap.protocol | string | `"imap"` | | -| config.server.listener.imaptls.bind[0] | string | `"[::]:993"` | | -| config.server.listener.imaptls.protocol | string | `"imap"` | | -| config.server.listener.imaptls.tls.implicit | bool | `true` | | -| config.server.listener.pop3.bind[0] | string | `"[::]:110"` | | -| config.server.listener.pop3.protocol | string | `"pop3"` | | -| config.server.listener.pop3s.bind[0] | string | `"[::]:995"` | | -| config.server.listener.pop3s.protocol | string | `"pop3"` | | -| config.server.listener.pop3s.tls.implicit | bool | `true` | | -| config.server.listener.sieve.bind[0] | string | `"[::]:4190"` | | -| config.server.listener.sieve.protocol | string | `"managesieve"` | | -| config.server.listener.smtp.bind[0] | string | `"[::]:25"` | | -| config.server.listener.smtp.protocol | string | `"smtp"` | | -| config.server.listener.submission.bind[0] | string | `"[::]:587"` | | -| config.server.listener.submission.protocol | string | `"smtp"` | | -| config.server.listener.submissions.bind[0] | string | `"[::]:465"` | | -| config.server.listener.submissions.protocol | string | `"smtp"` | | -| config.server.listener.submissions.tls.implicit | bool | `true` | | -| config.storage.blob | string | `"rocksdb"` | | -| config.storage.data | string | `"rocksdb"` | | -| config.storage.directory | string | `"internal"` | | -| config.storage.fts | string | `"rocksdb"` | | -| config.storage.lookup | string | `"rocksdb"` | | -| config.store.rocksdb.compression | string | `"lz4"` | | -| config.store.rocksdb.path | string | `"/data"` | | -| config.store.rocksdb.type | string | `"rocksdb"` | | -| config.tracer.otel.enable | bool | `false` | | -| config.tracer.otel.endpoint | string | `"https://127.0.0.1/otel"` | | -| config.tracer.otel.headers | list | `[]` | headers for usage with http (e.g. 'Authorization: ') | -| config.tracer.otel.level | string | `"info"` | | -| config.tracer.otel.transport | string | `"grpc"` | grpc or http | -| config.tracer.otel.type | string | `"open-telemetry"` | | -| config.tracer.stdout.ansi | bool | `false` | | -| config.tracer.stdout.enable | bool | `true` | | -| config.tracer.stdout.level | string | `"info"` | | -| config.tracer.stdout.type | string | `"stdout"` | | -| env | list | `[]` | | -| fullnameOverride | string | `""` | | -| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | -| global.image.registry | string | `nil` | if set it will overwrite all registry entries | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"stalwartlabs/mail-server"` | | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/healthz/live"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| persistence.accessMode | string | `"ReadWriteOnce"` | accessMode | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ | -| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | -| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod | -| persistence.size | string | `"10Gi"` | size | -| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| prometheus.servicemonitor.enabled | bool | `false` | | -| prometheus.servicemonitor.labels | object | `{}` | | -| readinessProbe.httpGet.path | string | `"/healthz/ready"` | | -| readinessProbe.httpGet.port | string | `"http"` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| secrets.env.METRICS_SECRET | string | `"scrape_metrics_password"` | | -| secrets.env.METRICS_USERNAME | string | `"scrape_metrics_user"` | | -| securityContext | object | `{}` | | -| service.annotations | object | `{}` | | -| service.ipFamilies[0] | string | `"IPv4"` | | -| service.ipFamilyPolicy | string | `"SingleStack"` | other option is RequireDualStack | -| service.ports.http | int | `80` | | -| service.ports.https | int | `443` | | -| service.ports.imap | int | `143` | | -| service.ports.imaptls | int | `993` | | -| service.ports.pop3 | int | `110` | | -| service.ports.pop3s | int | `995` | | -| service.ports.sieve | int | `4190` | | -| service.ports.smtp | int | `25` | | -| service.ports.submission | int | `587` | | -| service.ports.submissions | int | `465` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `false` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| traefik.enabled | bool | `false` | | -| traefik.ports.https.entrypoint | string | `"websecure"` | | -| traefik.ports.https.match | string | `nil` | | -| traefik.ports.https.passthroughTLS | bool | `true` | | -| traefik.ports.https.proxyProtocol | bool | `true` | | -| traefik.ports.imaptls.entrypoint | string | `"imaps"` | | -| traefik.ports.imaptls.match | string | `nil` | | -| traefik.ports.imaptls.passthroughTLS | bool | `true` | | -| traefik.ports.imaptls.proxyProtocol | bool | `true` | | -| traefik.ports.pop3s.entrypoint | string | `"pop3s"` | | -| traefik.ports.pop3s.match | string | `nil` | | -| traefik.ports.pop3s.passthroughTLS | bool | `true` | | -| traefik.ports.pop3s.proxyProtocol | bool | `true` | | -| traefik.ports.sieve.entrypoint | string | `"sieve"` | | -| traefik.ports.sieve.match | string | `nil` | | -| traefik.ports.sieve.passthroughTLS | bool | `true` | | -| traefik.ports.sieve.proxyProtocol | bool | `true` | | -| traefik.ports.smtp.entrypoint | string | `"smtp"` | | -| traefik.ports.smtp.match | string | `nil` | | -| traefik.ports.smtp.proxyProtocol | bool | `true` | | -| traefik.ports.submissions.entrypoint | string | `"smtps"` | | -| traefik.ports.submissions.match | string | `nil` | | -| traefik.ports.submissions.passthroughTLS | bool | `true` | | -| traefik.ports.submissions.proxyProtocol | bool | `true` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | - -Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) - diff --git a/stalwart-mail/_docs.gotmpl b/stalwart-mail/_docs.gotmpl deleted file mode 100644 index 61d69af..0000000 --- a/stalwart-mail/_docs.gotmpl +++ /dev/null @@ -1,14 +0,0 @@ -{{ define "chart.prerequirements" -}} -= Alpha - -WARNING -==== -We stop working on this Helm-Chart. -There are still many breaking change like: - -* https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings] - -We hope that stalward mail-server becomes more stable. - -==== -{{ end }} diff --git a/stalwart-mail/ci/ct-empty-values.yaml b/stalwart-mail/ci/ct-empty-values.yaml deleted file mode 100644 index 8b13789..0000000 --- a/stalwart-mail/ci/ct-empty-values.yaml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/stalwart-mail/ci/ct-traefik-values.yaml b/stalwart-mail/ci/ct-traefik-values.yaml deleted file mode 100644 index 4a5b430..0000000 --- a/stalwart-mail/ci/ct-traefik-values.yaml +++ /dev/null @@ -1,71 +0,0 @@ -config: - lookup: - default: - hostname: mail.example.org - - server: - listener: - smtp: - proxy: - trusted-networks: ["10.0.0.0/8"] - submission: - submissions: - proxy: - trusted-networks: ["10.0.0.0/8"] - - imap: - imaptls: - proxy: - trusted-networks: ["10.0.0.0/8"] - - pop3: - pop3s: - proxy: - trusted-networks: ["10.0.0.0/8"] - - sieve: - proxy: - trusted-networks: ["10.0.0.0/8"] - - # without proxy and tls for ingress (well-known) - http: - protocol: "http" - bind: ["[::]:8080"] - - https: - url: "https://mail.example.org" - proxy: - trusted-networks: ["10.0.0.0/8"] - -service: - ports: - submission: - imap: - pop3: - http: 8080 - -traefik: - enabled: true - host: mail.example.org - ports: - submission: - imap: - pop3: - # not exists - blub: - -ingress: - enabled: true - hosts: - - host: "example.org" - paths: - - path: /.well-known/jmap - pathType: Prefix - - path: /.well-known/mta-sts.txt - pathType: Exact - - path: /.well-known/mail-v1.xml - pathType: Exact - - path: /.well-known/autoconfig - pathType: Prefix - - path: /autodiscover - pathType: Prefix diff --git a/stalwart-mail/templates/_helpers.tpl b/stalwart-mail/templates/_helpers.tpl deleted file mode 100644 index 0aef1de..0000000 --- a/stalwart-mail/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "stalwart-mail.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "stalwart-mail.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "stalwart-mail.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "stalwart-mail.labels" -}} -helm.sh/chart: {{ include "stalwart-mail.chart" . }} -{{ include "stalwart-mail.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "stalwart-mail.selectorLabels" -}} -app.kubernetes.io/name: {{ include "stalwart-mail.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "stalwart-mail.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "stalwart-mail.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/stalwart-mail/templates/configmap.yaml b/stalwart-mail/templates/configmap.yaml deleted file mode 100644 index ae34beb..0000000 --- a/stalwart-mail/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "stalwart-mail.fullname" . }} - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} -data: - "config.toml": | - {{- toToml .Values.config | replace ".0\n" "\n" | nindent 4 }} diff --git a/stalwart-mail/templates/hpa.yaml b/stalwart-mail/templates/hpa.yaml deleted file mode 100644 index 066aacd..0000000 --- a/stalwart-mail/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "stalwart-mail.fullname" . }} - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "stalwart-mail.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/stalwart-mail/templates/pvc.yaml b/stalwart-mail/templates/pvc.yaml deleted file mode 100644 index 6e221f5..0000000 --- a/stalwart-mail/templates/pvc.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- with .Values.persistence }} -{{- if and .enabled (not .existingClaim) }} ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "stalwart-mail.fullname" $ }} - labels: - {{- include "stalwart-mail.labels" $ | nindent 4 }} - {{- with .annotations }} - annotations: - {{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: - - {{ .accessMode | quote }} - resources: - requests: - storage: {{ .size | quote }} - {{- with .storageClass }} - {{- if (eq "-" .) }} - storageClassName: "" - {{- else }} - storageClassName: {{ . | quote }} - {{- end }} - {{- end }} -{{- end }}{{/* end-if .enabled */}} -{{- end }}{{/* end-with .persistence */}} diff --git a/stalwart-mail/templates/secrets-env.yaml b/stalwart-mail/templates/secrets-env.yaml deleted file mode 100644 index 14a9584..0000000 --- a/stalwart-mail/templates/secrets-env.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "stalwart-mail.fullname" . }}-env - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} -data: - {{- range $key, $value := .Values.secrets.env }} - {{ $key }}: {{ $value | b64enc }} - {{- end }} diff --git a/stalwart-mail/templates/serviceaccount.yaml b/stalwart-mail/templates/serviceaccount.yaml deleted file mode 100644 index c5c9d86..0000000 --- a/stalwart-mail/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "stalwart-mail.serviceAccountName" . }} - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/stalwart-mail/templates/servicemonitor.yaml b/stalwart-mail/templates/servicemonitor.yaml deleted file mode 100644 index ef8058f..0000000 --- a/stalwart-mail/templates/servicemonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.config.metrics.prometheus.enable .Values.prometheus.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "stalwart-mail.fullname" . }} - labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} - {{- with .Values.prometheus.servicemonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "stalwart-mail.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - path: "/metrics/prometheus" - basicAuth: - username: - name: {{ include "stalwart-mail.fullname" . }}-env - key: METRICS_USERNAME - password: - name: {{ include "stalwart-mail.fullname" . }}-env - key: METRICS_SECRET -{{- end }} diff --git a/stalwart-mail/templates/traefik.yaml b/stalwart-mail/templates/traefik.yaml deleted file mode 100644 index ff32b51..0000000 --- a/stalwart-mail/templates/traefik.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.traefik.enabled }} -{{- range $port,$config := .Values.traefik.ports }} -{{- if $config }} ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRouteTCP -metadata: - name: {{ include "stalwart-mail.fullname" $ }}-{{ $port }} -spec: - entryPoints: - - {{ required (printf "traefik.ports.%s.entrypoint is required" $port) $config.entrypoint }} - routes: - - match: {{ $config.match | default (printf "HostSNI(`%s`)" $.Values.traefik.host) | quote }} - services: - - name: {{ include "stalwart-mail.fullname" $ }} - port: {{ $port }} - {{- if $config.proxyProtocol }} - proxyProtocol: - version: 2 - {{- end }} - {{- if $config.passthroughTLS }} - tls: - passthrough: true - {{- end }} -{{- end }}{{/* if config exists*/}} -{{- end }}{{/* end-range */}} -{{- end }}{{/* end-if .enabled */}} diff --git a/stalwart-mail/values.yaml b/stalwart-mail/values.yaml deleted file mode 100644 index 29efe2e..0000000 --- a/stalwart-mail/values.yaml +++ /dev/null @@ -1,318 +0,0 @@ -# Default values for stalwart. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: - image: - # -- if set it will overwrite all registry entries - registry: - # -- if set it will overwrite all pullPolicy - pullPolicy: - -replicaCount: 1 - -image: - registry: docker.io - repository: stalwartlabs/mail-server - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -config: - server: - listener: - smtp: - bind: ["[::]:25"] - protocol: "smtp" - submission: - bind: ["[::]:587"] - protocol: "smtp" - submissions: - bind: ["[::]:465"] - protocol: "smtp" - tls: - implicit: true - imap: - bind: ["[::]:143"] - protocol: "imap" - imaptls: - bind: ["[::]:993"] - protocol: "imap" - tls: - implicit: true - pop3: - bind: ["[::]:110"] - protocol: "pop3" - pop3s: - bind: ["[::]:995"] - protocol: "pop3" - tls: - implicit: true - sieve: - bind: ["[::]:4190"] - protocol: "managesieve" - http: - protocol: "http" - bind: ["[::]:80"] - https: - protocol: "http" - bind: ["[::]:443"] - tls: - implicit: true - allowed-ip: - "10.42.0.1/16": "" - - storage: - data: "rocksdb" - fts: "rocksdb" - blob: "rocksdb" - lookup: "rocksdb" - directory: "internal" - - store: - rocksdb: - type: rocksdb - path: "/data" - compression: "lz4" - - directory: - internal: - type: "internal" - store: "rocksdb" - - tracer: - otel: - enable: false - type: "open-telemetry" - level: "info" - # -- grpc or http - transport: "grpc" - endpoint: "https://127.0.0.1/otel" - # -- headers for usage with http (e.g. 'Authorization: ') - headers: [] - stdout: - enable: true - type: "stdout" - level: "info" - ansi: false - - auth: - dkim: - # -- auth rule for signing with dkim - # @section -- DKIM - sign: - - if: "listener != 'smtp'" - then: "['rsa', 'ed25519']" - - else: false - # -- verify of dkim signature (relaxed, strict, disable) - # @section -- DKIM - verify: "relaxed" - - authentication: - fallback-admin: - # -- username for fallback authentfication - # @section -- Authentification - user: "admin" - # -- password for fallback authentfication (use env for store in secrets of kubernetes) - # @section -- Authentification - secret: "%{env:FALLBACK_ADMIN_SECRET}%" - metrics: - prometheus: - enable: true - auth: - username: "%{env:METRICS_USERNAME}%" - secret: "%{env:METRICS_SECRET}%" - -secrets: - env: - # -- password for fallback authentfication (env) - # @section -- Authentification - FALLBACK_ADMIN_SECRET: supersecret - METRICS_USERNAME: "scrape_metrics_user" - METRICS_SECRET: "scrape_metrics_password" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} -podLabels: {} - -env: [] - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - ipFamilies: ["IPv4"] - # -- other option is RequireDualStack - ipFamilyPolicy: "SingleStack" - annotations: {} - ports: - smtp: 25 - submission: 587 - submissions: 465 - imap: 143 - imaptls: 993 - pop3: 110 - pop3s: 995 - sieve: 4190 - http: 80 - https: 443 - -livenessProbe: - httpGet: - path: /healthz/live - port: http -readinessProbe: - httpGet: - path: /healthz/ready - port: http - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -traefik: - enabled: false - ports: - smtp: - match: - entrypoint: smtp - proxyProtocol: true - submissions: - match: - entrypoint: smtps - proxyProtocol: true - passthroughTLS: true - imaptls: - match: - entrypoint: imaps - proxyProtocol: true - passthroughTLS: true - pop3s: - match: - entrypoint: pop3s - proxyProtocol: true - passthroughTLS: true - sieve: - match: - entrypoint: sieve - proxyProtocol: true - passthroughTLS: true - https: - match: - entrypoint: websecure - proxyProtocol: true - passthroughTLS: true - -certificate: - # -- not needed if certmanager is used - secretName: - certmanager: - enabled: true - issuerRef: - group: cert-manager.io - kind: ClusterIssuer - name: letsencrypt-prod - dnsNames: - - "chart-example.local" - -prometheus: - servicemonitor: - enabled: false - labels: {} - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# Additional volumes on the output Deployment definition. -volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. -volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -persistence: - # -- Enable persistence using Persistent Volume Claims - # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - enabled: true - annotations: {} - # -- Persistent Volume Storage Class - # If defined, storageClassName: - # If set to "-", storageClassName: "", which disables dynamic provisioning - # If undefined (the default) or set to null, no storageClassName spec is - # set, choosing the default provisioner. (gp2 on AWS, standard on - # GKE, AWS & OpenStack) - storageClass: - - # -- A manually managed Persistent Volume and Claim - # Requires persistence.enabled: true - # If defined, PVC must be created manually before volume will be bound - existingClaim: - - # -- Do not create an PVC, direct use hostPath in Pod - hostPath: - # -- accessMode - accessMode: ReadWriteOnce - # -- size - size: 10Gi diff --git a/gotosocial/.gitignore b/stalwart/.gitignore similarity index 100% rename from gotosocial/.gitignore rename to stalwart/.gitignore diff --git a/element-call/.helmignore b/stalwart/.helmignore similarity index 100% rename from element-call/.helmignore rename to stalwart/.helmignore diff --git a/stalwart-mail/Chart.yaml b/stalwart/Chart.yaml similarity index 55% rename from stalwart-mail/Chart.yaml rename to stalwart/Chart.yaml index 88b95e4..a771e30 100644 --- a/stalwart-mail/Chart.yaml +++ b/stalwart/Chart.yaml @@ -1,11 +1,10 @@ apiVersion: v2 -name: stalwart-mail +name: stalwart description: Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP) -icon: https://stalw.art/img/apple-touch-icon.png +icon: https://stalw.art/home/apple-touch-icon.png type: application -version: 0.0.23 -# renovate: image=docker.io/stalwartlabs/mail-server -appVersion: "0.11.3" +version: 0.1.0 +appVersion: "0.5.3" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/stalwart/README.adoc b/stalwart/README.adoc new file mode 100644 index 0000000..ad86ee9 --- /dev/null +++ b/stalwart/README.adoc @@ -0,0 +1,1059 @@ + + += stalwart + +image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +image::https://img.shields.io/badge/AppVersion-0.5.3-informational?style=flat-square[AppVersion: 0.5.3] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + += Archive + +WARNING +==== +We stop working on this Helm-Chart, because of an toxical (matrix-)chat behavour with denial of there bugs. +Here there list of bugs which was denial during chat (and partly solved afterwords): + +* https://github.com/stalwartlabs/mail-server/issues/208[X-Forwarded-For Header was not interprated like in documentations descripted] +* https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings] + +--- + +We hope somebody else find this helm-chart for developing his own version. +Maybe we delete this state, if we found other helm-charts for this software. + +==== + +== Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's https://helm.sh/docs[documentation] to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +[source,bash] +---- +helm pull oci://codeberg.org/wrenix/helm-charts/stalwart +---- + +You can install a chart release using the following command: + +[source,bash] +---- +helm install stalwart-release oci://codeberg.org/wrenix/helm-charts/stalwart --values values.yaml +---- + +To uninstall a chart release use `helm`'s delete command: + +[source,bash] +---- +helm uninstall stalwart-release +---- + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| affinity +| object +| `{}` +| + +| autoscaling.enabled +| bool +| `false` +| + +| autoscaling.maxReplicas +| int +| `100` +| + +| autoscaling.minReplicas +| int +| `1` +| + +| autoscaling.targetCPUUtilizationPercentage +| int +| `80` +| + +| config.acme.letsencrypt +| object +| `{"cache":"/opt/stalwart-mail/etc/acme","contact":["postmaster@%{DEFAULT_DOMAIN}%"],"directory":"https://acme-v02.api.letsencrypt.org/directory","port":443,"renew-before":"30d"}` +| acme with name letsencrypt (from: common/tls.toml) + +| config.acme.letsencrypt.cache +| string +| `"/opt/stalwart-mail/etc/acme"` +| acme cache (from: common/tls.toml) + +| config.acme.letsencrypt.contact +| list +| `["postmaster@%{DEFAULT_DOMAIN}%"]` +| acme contact (from: common/tls.toml) + +| config.acme.letsencrypt.directory +| string +| `"https://acme-v02.api.letsencrypt.org/directory"` +| acme directory (from: common/tls.toml) + +| config.acme.letsencrypt.port +| int +| `443` +| acme port (from: common/tls.toml) + +| config.acme.letsencrypt.renew-before +| string +| `"30d"` +| acme renew-before (from: common/tls.toml) + +| config.certificate.default +| object +| `{"cert":"file://__CERT_PATH__","private-key":"file://__PK_PATH__"}` +| certificate with name default (from: common/tls.toml) + +| config.certificate.default.cert +| string +| `"file://__CERT_PATH__"` +| certificate cert (from: common/tls.toml) + +| config.certificate.default.private-key +| string +| `"file://__PK_PATH__"` +| certificate private-key (from: common/tls.toml) + +| config.directory.memory +| object +| `{"disable":false,"options":{"catch-all":true,"subaddressing":true},"principals":[{"description":"Superuser","mail":["postmaster@%{DEFAULT_DOMAIN}%"],"name":"admin","secret":"changeme","type":"admin"}],"type":"memory"}` +| directory - with name memory (from: directory/internal.yaml) + +| config.directory.memory.disable +| bool +| `false` +| overwrite me, if not wanted + +| config.global.shared-map.capacity +| int +| `10` +| global shared-map capacity (from: common/server.toml) + +| config.global.shared-map.shard +| int +| `32` +| global shared-map shard (from: common/server.toml) + +| config.global.thread-pool +| string +| `nil` +| global thead-pool (from: common/server.toml) + +| config.global.tracing +| object +| `{"level":"info","method":"stdout"}` +| global tracing (from: common/tracing.toml) + +| config.imap.auth.allow-plain-text +| bool +| `false` +| imap auth allow-plain-text (from: imap/settings.toml) + +| config.imap.auth.max-failures +| int +| `3` +| imap auth max-failures(from: imap/settings.toml) + +| config.imap.folders.name.shared +| string +| `"Shared Folders"` +| imap folders name shared (from: imap/settings.toml) + +| config.imap.protocol.uidplus +| bool +| `false` +| imap protocol uidplus (from: imap/settings.toml) + +| config.imap.rate-limit.concurrent +| int +| `6` +| imap rate-limit concurrent (from: imap/settings.toml) + +| config.imap.rate-limit.requests +| string +| `"2000/1m"` +| imap rate-limit requests (from: imap/settings.toml) + +| config.imap.request.max-size +| int +| `52428800` +| imap request max-size (from: imap/settings.toml) + +| config.imap.timeout.anonymous +| string +| `"1m"` +| imap timeout anonymous (from: imap/settings.toml) + +| config.imap.timeout.authenticated +| string +| `"30m"` +| imap timeout authenticated (from: imap/settings.toml) + +| config.imap.timeout.idle +| string +| `"30m"` +| imap timeout idle (from: imap/settings.toml) + +| config.jmap.directory +| string +| `"%{DEFAULT_DIRECTORY}%"` +| jmap-directory (from: jmap/auth.yaml) + +| config.jmap.email +| object +| `{"max-attachment-size":50000000,"max-size":75000000,"parse":{"max-items":10}}` +| jmap-email + +| config.jmap.event-source +| object +| `{"throttle":"1s"}` +| jmap-event-source + +| config.jmap.mailbox +| object +| `{"max-depth":10,"max-name-length":255}` +| jmap-mailbox + +| config.jmap.principal +| object +| `{"allow-lookups":true}` +| jmap-principal + +| config.jmap.protocol +| object +| `{"changes":{"max-results":5000},"get":{"max-objects":500},"query":{"max-results":5000},"request":{"max-calls":16,"max-concurrent":4,"max-size":10000000},"set":{"max-objects":500},"upload":{"max-concurrent":4,"max-size":50000000,"quota":{"files":1000,"size":50000000},"ttl":"1h"}}` +| jmap-protocol (from: jmap/protocol.yaml) + +| config.jmap.push +| object +| `{"attempts":{"interval":"1m","max":3},"max-total":100,"retry":{"interval":"1s"},"throttle":"1ms","timeout":{"request":"10s","verify":"1s"}}` +| jmap-push (from: jmap/push.yaml) + +| config.jmap.rate-limit +| object +| `{"account":"1000/1m","anonymous":"100/1m","authentication":"10/1m","cache":{"size":1024},"use-forwarded":true}` +| jmap-rate-limit (from: jmap/ratelimit.yaml) + +| config.jmap.session +| object +| `{"cache":{"size":100,"ttl":"1h"},"purge":{"frequency":"0 3 *"}}` +| jmap-session (from: jmap/auth.yaml) + +| config.jmap.web-sockets +| object +| `{"heartbeat":"1m","throttle":"1s","timeout":"10m"}` +| jmap-web-sockets (from: jmap/websocket.yaml) + +| config.macros +| object +| `{"default_directory":"memory","default_domain":"__DOMAIN__","default_store":"sqlite","host":"__HOST__"}` +| macros (from: config.toml) + +| config.oauth.auth +| object +| `{"max-attempts":3}` +| oauth - auth + +| config.oauth.cache +| object +| `{"size":128}` +| oauth - cache + +| config.oauth.expiry +| object +| `{"auth-code":"10m","refresh-token":"30d","refresh-token-renew":"4d","token":"1h","user-code":"30m"}` +| oauth - expiry + +| config.oauth.key +| string +| `"__OAUTH_KEY__"` +| oauth - key + +| config.queue.hash +| int +| `64` +| queue-hash + +| config.queue.outbound +| object +| `{"ip-strategy":"ipv4-then-ipv6","limits":{"multihomed":2,"mx":7},"next-hop":[{"if":"rcpt-domain","in-list":"%{DEFAULT_DIRECTORY}%/domains","then":"local"},{"else":false}],"timeouts":{"connect":"3m","data":"10m","ehlo":"3m","greeting":"3m","mail-from":"3m","mta-sts":"2m","rcpt-to":"3m","tls":"2m"},"tls":{"allow-invalid-certs":false,"dane":"optional","mta-sts":"optional","starttls":"require"}}` +| queue-outbound + +| config.queue.path +| string +| `"/data/queue"` +| queue-path + +| config.queue.schedule +| object +| `{"expire":"5d","notify":["1d","3d"],"retry":["2m","5m","10m","15m","30m","1h","2h"]}` +| queue-schedule + +| config.report.analysis +| object +| `{"addresses":["dmarc@*","abuse@*","postmaster@*"],"forward":true}` +| report-analysis + +| config.report.dkim +| object +| `{"from-address":"noreply-dkim@%{DEFAULT_DOMAIN}%","from-name":"Report Subsystem","send":"1/1d","sign":["rsa"],"subject":"DKIM Authentication Failure Report"}` +| report-dkim + +| config.report.dmarc +| object +| `{"aggregate":{"from-address":"noreply-dmarc@%{DEFAULT_DOMAIN}%","from-name":"DMARC Report","max-size":26214400,"org-name":"%{DEFAULT_DOMAIN}%","send":"daily","sign":["rsa"]},"from-address":"noreply-dmarc@%{DEFAULT_DOMAIN}%","from-name":"Report Subsystem","send":"1/1d","sign":["rsa"],"subject":"DMARC Authentication Failure Report"}` +| report-dmarc + +| config.report.dmarc.aggregate.max-size +| int +| `26214400` +| default: 25 mb + +| config.report.dsn +| object +| `{"from-address":"MAILER-DAEMON@%{DEFAULT_DOMAIN}%","from-name":"Mail Delivery Subsystem","sign":["rsa"]}` +| report-dsn + +| config.report.hash +| int +| `64` +| report-hash + +| config.report.path +| string +| `"/data/reports"` +| report-path + +| config.report.spf +| object +| `{"from-address":"noreply-spf@%{DEFAULT_DOMAIN}%","from-name":"Report Subsystem","send":"1/1d","sign":["rsa"],"subject":"SPF Authentication Failure Report"}` +| report-spf + +| config.report.tls +| object +| `{"aggregate":{"from-address":"noreply-tls@%{DEFAULT_DOMAIN}%","from-name":"TLS Report","max-size":26214400,"org-name":"%{DEFAULT_DOMAIN}%","send":"daily","sign":["rsa"]}}` +| report-tls + +| config.report.tls.aggregate.max-size +| int +| `26214400` +| default: 25 mb + +| config.resolver.attempts +| int +| `2` +| resolver-attempts + +| config.resolver.cache +| object +| `{"ipv4":1024,"ipv6":1024,"mta-sts":1024,"mx":1024,"ptr":1024,"tlsa":1024,"txt":2048}` +| resolver-cache + +| config.resolver.concurrency +| int +| `2` +| resolver-concurrency + +| config.resolver.preserve-intermediates +| bool +| `true` +| resolver-preserve-intermediates + +| config.resolver.public-suffix +| list +| `["https://publicsuffix.org/list/public_suffix_list.dat","file:///opt/stalwart-mail/etc/spamfilter/maps/suffix_list.dat.gz"]` +| resolver-public-suffix + +| config.resolver.timeout +| string +| `"5s"` +| resolver-timeout + +| config.resolver.try-tcp-on-error +| bool +| `true` +| resolver-try-tcp-on-error + +| config.resolver.type +| string +| `"system"` +| resolver-type + +| config.server.hostname +| string +| `"%{HOST}%"` +| server hostname (from: common/server.toml) + +| config.server.listener +| object +| `{"http":{"bind":["[::]:80"],"protocol":"jmap","tls":{"implicit":true},"url":"https://%{HOST}%"},"imap":{"bind":["[::]:143"],"protocol":"imap"},"imaps":{"bind":["[::]:993"],"protocol":"imap","tls":{"implicit":true}},"sieve":{"bind":["[::]:4190"],"protocol":"managesieve","tls":{"implicit":true}},"smtp":{"bind":["[::]:25"],"protocol":"smtp"},"smtp-submission":{"bind":["[::]:587"],"protocol":"smtp"},"smtps":{"bind":["[::]:465"],"protocol":"smtp","tls":{"implicit":true}}}` +| server listener + +| config.server.listener.http +| object +| `{"bind":["[::]:80"],"protocol":"jmap","tls":{"implicit":true},"url":"https://%{HOST}%"}` +| jmap/listener.yaml + +| config.server.listener.imap +| object +| `{"bind":["[::]:143"],"protocol":"imap"}` +| server listener with name imap (from: imap/listener.toml) + +| config.server.listener.imaps +| object +| `{"bind":["[::]:993"],"protocol":"imap","tls":{"implicit":true}}` +| server listener with name imaps (from: imap/listener.toml) + +| config.server.listener.sieve +| object +| `{"bind":["[::]:4190"],"protocol":"managesieve","tls":{"implicit":true}}` +| server listener with name sieve (from: imap/listener.toml) + +| config.server.run-as.group +| string +| `"stalwart-mail"` +| server run-as group (from: common/server.toml) + +| config.server.run-as.user +| string +| `"stalwart-mail"` +| server run-as user (from: common/server.toml) + +| config.server.security.blocked-networks +| object +| `{}` +| server security blocked-networks (from: common/server.toml) + +| config.server.security.fail2ban +| string +| `"100/1d"` +| server security fail2ban (from: common/server.toml) + +| config.server.socket.backlog +| int +| `1024` +| server socket backlog (from: common/server.toml) + +| config.server.socket.linger +| int +| `1` +| server socket linger (from: common/server.toml) + +| config.server.socket.nodelay +| bool +| `true` +| server socket nodelay (from: common/server.toml) + +| config.server.socket.recv-buffer-size +| int +| `65535` +| server socket recv-buffer-size (from: common/server.toml) + +| config.server.socket.reuse-addr +| bool +| `true` +| server socket reuse-addr (from: common/server.toml) + +| config.server.socket.reuse-port +| bool +| `false` +| server socket reuse-port (from: common/server.toml) + +| config.server.socket.send-buffer-size +| int +| `65535` +| server socket send-buffer-size (from: common/server.toml) + +| config.server.socket.tos +| int +| `1` +| server socket tos (from: common/server.toml) + +| config.server.socket.ttl +| int +| `3600` +| server socket ttl (from: common/server.toml) + +| config.server.tls.acme +| string +| `nil` +| server tls acme (from: common/tls.toml) example: "letsencrypt" + +| config.server.tls.certificate +| string +| `"default"` +| server tls certificate (from: common/tls.toml) + +| config.server.tls.ciphers +| string +| `nil` +| server tls #ciphers (from: common/tls.toml) example: [ "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] + +| config.server.tls.enable +| bool +| `true` +| server tls enable (from: common/tls.toml) + +| config.server.tls.ignore-client-order +| bool +| `true` +| server tls ignore-client-order (from: common/tls.toml) + +| config.server.tls.implicit +| bool +| `false` +| server tls implicit (from: common/tls.toml) + +| config.server.tls.protocols +| string +| `nil` +| server tls protocols (from: common/tls.toml) example: ["TLSv1.2", "TLSv1.3"] + +| config.server.tls.sni +| string +| `nil` +| server tls sni (from: common/tls.toml) example: [{subject: "", certificate: ""}] + +| config.server.tls.timeout +| string +| `"1m"` +| server tls timeout (from: common/tls.toml) + +| config.sieve.trusted.from-addr +| string +| `"no-reply@%{DEFAULT_DOMAIN}%"` +| sieve trusted from-addr (from: common/sieve.toml) + +| config.sieve.trusted.from-name +| string +| `"Automated Message"` +| sieve trusted from-name (from: common/sieve.toml) + +| config.sieve.trusted.hostname +| string +| `"%{HOST}%"` +| sieve trusted hostname (from: common/sieve.toml) + +| config.sieve.trusted.limits.cpu +| int +| `1048576` +| sieve trusted limits cpu (from: common/sieve.toml) + +| config.sieve.trusted.limits.duplicate-expiry +| string +| `"7d"` +| sieve trusted limits duplicate-expiry (from: common/sieve.toml) + +| config.sieve.trusted.limits.nested-includes +| int +| `5` +| sieve trusted limits nested-includes (from: common/sieve.toml) + +| config.sieve.trusted.limits.out-messages +| int +| `5` +| sieve trusted limits out-messages (from: common/sieve.toml) + +| config.sieve.trusted.limits.received-headers +| int +| `50` +| sieve trusted limits received-headers (from: common/sieve.toml) + +| config.sieve.trusted.limits.redirects +| int +| `3` +| sieve trusted limits redirects (from: common/sieve.toml) + +| config.sieve.trusted.no-capability-check +| bool +| `true` +| sieve trusted no-capability-check (from: common/sieve.toml) + +| config.sieve.trusted.return-path +| string +| `""` +| sieve trusted return-path (from: common/sieve.toml) + +| config.sieve.trusted.scripts.connect +| string +| `nil` +| sieve trusted scripts connect (from: common/sieve.toml) + +| config.sieve.trusted.scripts.ehlo +| string +| `nil` +| sieve trusted scripts ehlo (from: common/sieve.toml) + +| config.sieve.trusted.scripts.mail +| string +| `nil` +| sieve trusted scripts mail (from: common/sieve.toml) + +| config.sieve.trusted.sign +| list +| `["rsa"]` +| sieve trusted sign (from: common/sieve.toml) + +| config.sieve.untrusted.default-expiry.duplicate +| string +| `"7d"` +| sieve untrusted default-expiry duplicate (from: common/sieve.toml) + +| config.sieve.untrusted.default-expiry.vacation +| string +| `"30d"` +| sieve untrusted default-expiry vacation (from: common/sieve.toml) + +| config.sieve.untrusted.disable-capabilities +| list +| `[]` +| sieve untrusted disable-capabilities (from: common/sieve.toml) + +| config.sieve.untrusted.limits.cpu +| int +| `5000` +| sieve untrusted limit cpu (from: common/sieve.toml) + +| config.sieve.untrusted.limits.header-size +| int +| `1024` +| sieve untrusted limit header-size (from: common/sieve.toml) + +| config.sieve.untrusted.limits.includes +| int +| `3` +| sieve untrusted limit includes (from: common/sieve.toml) + +| config.sieve.untrusted.limits.local-variables +| int +| `128` +| sieve untrusted limit local-variables (from: common/sieve.toml) + +| config.sieve.untrusted.limits.match-variables +| int +| `30` +| sieve untrusted limit match-variables (from: common/sieve.toml) + +| config.sieve.untrusted.limits.max-scripts +| int +| `256` +| sieve untrusted limit max-scripts (from: common/sieve.toml) + +| config.sieve.untrusted.limits.name-length +| int +| `512` +| sieve untrusted limit name-length (from: common/sieve.toml) + +| config.sieve.untrusted.limits.nested-blocks +| int +| `15` +| sieve untrusted limit nested-blocks (from: common/sieve.toml) + +| config.sieve.untrusted.limits.nested-foreverypart +| int +| `3` +| sieve untrusted limit nested-foreverypart (from: common/sieve.toml) + +| config.sieve.untrusted.limits.nested-includes +| int +| `3` +| sieve untrusted limit nested-includes (from: common/sieve.toml) + +| config.sieve.untrusted.limits.nested-tests +| int +| `15` +| sieve untrusted limit nested-tests (from: common/sieve.toml) + +| config.sieve.untrusted.limits.outgoing-messages +| int +| `3` +| sieve untrusted limit outgoing-messages (from: common/sieve.toml) + +| config.sieve.untrusted.limits.received-headers +| int +| `10` +| sieve untrusted limit received-headers (from: common/sieve.toml) + +| config.sieve.untrusted.limits.redirects +| int +| `1` +| sieve untrusted limit redirects (from: common/sieve.toml) + +| config.sieve.untrusted.limits.script-size +| int +| `102400` +| sieve untrusted limit script-size (from: common/sieve.toml) + +| config.sieve.untrusted.limits.string-length +| int +| `4096` +| sieve untrusted limit string-length (from: common/sieve.toml) + +| config.sieve.untrusted.limits.variable-name-length +| int +| `32` +| sieve untrusted limit variable-name-length (from: common/sieve.toml) + +| config.sieve.untrusted.limits.variable-size +| int +| `4096` +| sieve untrusted limit variable-size (from: common/sieve.toml) + +| config.sieve.untrusted.notification-uris +| list +| `["mailto"]` +| sieve untrusted notification-uris (from: common/sieve.toml) + +| config.sieve.untrusted.protected-headers +| list +| `["Original-Subject","Original-From","Received","Auto-Submitted"]` +| sieve untrusted protected-headers (from: common/sieve.toml) + +| config.sieve.untrusted.vacation.default-subject +| string +| `"Automated reply"` +| sieve untrusted vacation default-subject (from: common/sieve.toml) + +| config.sieve.untrusted.vacation.subject-prefix +| string +| `"Auto: "` +| sieve untrusted vacation subject-prefix (from: common/sieve.toml) + +| config.signature.rsa +| object +| `{"algorithm":"rsa-sha256","canonicalization":"relaxed/relaxed","domain":"%{DEFAULT_DOMAIN}%","headers":["From","To","Date","Subject","Message-ID"],"private-key":"file://opt/stalwart-mail/etc/dkim/private.key","report":true,"selector":"stalwart","set-body-length":false}` +| signature-rsa + +| config.storage.blob +| string +| `"%{DEFAULT_STORE}%"` +| storage blob (from: common/store.toml) + +| config.storage.cluster.node-id +| string +| `nil` +| storage - cluster - node-id (from: common/store.toml) + +| config.storage.data +| string +| `"%{DEFAULT_STORE}%"` +| storage data (from: common/store.toml) + +| config.storage.directory +| string +| `"%{DEFAULT_DIRECTORY}%"` +| storage directory (from: common/store.toml) + +| config.storage.encryption.append +| bool +| `false` +| storage encryption append (from: common/store.toml) + +| config.storage.encryption.enable +| bool +| `true` +| storage encryption enable (from: common/store.toml) + +| config.storage.fts +| string +| `"%{DEFAULT_STORE}%"` +| storage fts (from: common/store.toml) BROKEN / TODO see: https://github.com/stalwartlabs/mail-server/issues/211 + +| config.storage.fts.default-language +| string +| `"en"` +| storage - fts - default-language (from: common/store.toml) BROKEN / TODO see: https://github.com/stalwartlabs/mail-server/issues/211 + +| config.storage.lookup +| string +| `"%{DEFAULT_STORE}%"` +| storage lookup (from: common/store.toml) + +| config.storage.spam.header +| string +| `"X-Spam-Status: Yes"` +| storage spam header (from: common/store.toml) + +| config.store.fs +| object +| `{"depth":2,"disable":false,"path":"/data/blobs","purge":{"frequency":"0 3 *"},"type":"fs"}` +| store - with name fs + +| config.store.fs.disable +| bool +| `false` +| overwrite me, if not wanted + +| config.store.sqlite +| object +| `{"disable":false,"path":"/data/index.sqlite3","purge":{"frequency":"0 3 *"},"query":{"domains":"SELECT 1 FROM emails WHERE address LIKE '%@' || ? LIMIT 1","emails":"SELECT address FROM emails WHERE name = ? AND type != 'list' ORDER BY type DESC, address ASC","expand":"SELECT p.address FROM emails AS p JOIN emails AS l ON p.name = l.name WHERE p.type = 'primary' AND l.address = ? AND l.type = 'list' ORDER BY p.address LIMIT 50","members":"SELECT member_of FROM group_members WHERE name = ?","name":"SELECT name, type, secret, description, quota FROM accounts WHERE name = ? AND active = true","recipients":"SELECT name FROM emails WHERE address = ?","verify":"SELECT address FROM emails WHERE address LIKE '%' || ? || '%' AND type = 'primary' ORDER BY address LIMIT 5"},"type":"sqlite"}` +| store - with name sqlite + +| config.store.sqlite.disable +| bool +| `false` +| overwrite me, if not wanted + +| fullnameOverride +| string +| `""` +| + +| global.image.pullPolicy +| string +| `nil` +| if set it will overwrite all pullPolicy + +| global.image.registry +| string +| `nil` +| if set it will overwrite all registry entries + +| image.pullPolicy +| string +| `"IfNotPresent"` +| + +| image.registry +| string +| `"docker.io"` +| + +| image.repository +| string +| `"stalwartlabs/mail-server"` +| + +| image.tag +| string +| `""` +| Overrides the image tag whose default is the chart appVersion. + +| imagePullSecrets +| list +| `[]` +| + +| ingress.annotations +| object +| `{}` +| + +| ingress.className +| string +| `""` +| + +| ingress.enabled +| bool +| `false` +| + +| ingress.hosts[0].host +| string +| `"chart-example.local"` +| + +| ingress.hosts[0].paths[0].path +| string +| `"/"` +| + +| ingress.hosts[0].paths[0].pathType +| string +| `"ImplementationSpecific"` +| + +| ingress.tls +| list +| `[]` +| + +| nameOverride +| string +| `""` +| + +| nodeSelector +| object +| `{}` +| + +| persistence.accessMode +| string +| `"ReadWriteOnce"` +| accessMode + +| persistence.annotations +| object +| `{}` +| + +| persistence.enabled +| bool +| `true` +| Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + +| persistence.existingClaim +| string +| `nil` +| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound + +| persistence.hostPath +| string +| `nil` +| Do not create an PVC, direct use hostPath in Pod + +| persistence.size +| string +| `"10Gi"` +| size + +| persistence.storageClass +| string +| `nil` +| Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) + +| podAnnotations +| object +| `{}` +| + +| podLabels +| object +| `{}` +| + +| podSecurityContext +| object +| `{}` +| + +| replicaCount +| int +| `1` +| + +| resources +| object +| `{}` +| + +| securityContext +| object +| `{}` +| + +| service.annotations +| object +| `{}` +| + +| service.ipFamilies[0] +| string +| `"IPv4"` +| + +| service.ipFamilyPolicy +| string +| `"SingleStack"` +| other option is RequireDualStack + +| service.ports.http +| int +| `80` +| + +| service.ports.imap +| int +| `143` +| + +| service.ports.imaps +| int +| `993` +| + +| service.ports.sieve +| int +| `4190` +| + +| service.ports.smtp +| int +| `25` +| + +| service.ports.smtp-submission +| int +| `587` +| + +| service.ports.smtps +| int +| `465` +| + +| service.type +| string +| `"ClusterIP"` +| + +| serviceAccount.annotations +| object +| `{}` +| + +| serviceAccount.automount +| bool +| `true` +| + +| serviceAccount.create +| bool +| `false` +| + +| serviceAccount.name +| string +| `""` +| + +| tolerations +| list +| `[]` +| + +| volumeMounts +| list +| `[]` +| + +| volumes +| list +| `[]` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] + diff --git a/stalwart/_docs.gotmpl b/stalwart/_docs.gotmpl new file mode 100644 index 0000000..0fedfb3 --- /dev/null +++ b/stalwart/_docs.gotmpl @@ -0,0 +1,18 @@ +{{ define "chart.prerequirements" -}} += Archive + +WARNING +==== +We stop working on this Helm-Chart, because of an toxical (matrix-)chat behavour with denial of there bugs. +Here there list of bugs which was denial during chat (and partly solved afterwords): + +* https://github.com/stalwartlabs/mail-server/issues/208[X-Forwarded-For Header was not interprated like in documentations descripted] +* https://github.com/stalwartlabs/mail-server/issues/211[storage.fts in toml configuration has two meanings] + +--- + +We hope somebody else find this helm-chart for developing his own version. +Maybe we delete this state, if we found other helm-charts for this software. + +==== +{{ end }} diff --git a/pretix/templates/_helpers.tpl b/stalwart/templates/_helpers.tpl similarity index 75% rename from pretix/templates/_helpers.tpl rename to stalwart/templates/_helpers.tpl index f482705..df7a574 100644 --- a/pretix/templates/_helpers.tpl +++ b/stalwart/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "pretix.name" -}} +{{- define "stalwart.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "pretix.fullname" -}} +{{- define "stalwart.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "pretix.chart" -}} +{{- define "stalwart.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "pretix.labels" -}} -helm.sh/chart: {{ include "pretix.chart" . }} -{{ include "pretix.selectorLabels" . }} +{{- define "stalwart.labels" -}} +helm.sh/chart: {{ include "stalwart.chart" . }} +{{ include "stalwart.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "pretix.selectorLabels" -}} -app.kubernetes.io/name: {{ include "pretix.name" . }} +{{- define "stalwart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "stalwart.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "pretix.serviceAccountName" -}} +{{- define "stalwart.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "pretix.fullname" .) .Values.serviceAccount.name }} +{{- default (include "stalwart.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/stalwart-mail/templates/certificate.yaml b/stalwart/templates/certificate.yaml similarity index 79% rename from stalwart-mail/templates/certificate.yaml rename to stalwart/templates/certificate.yaml index 4cfea4d..6a0e753 100644 --- a/stalwart-mail/templates/certificate.yaml +++ b/stalwart/templates/certificate.yaml @@ -4,9 +4,9 @@ apiVersion: "cert-manager.io/v1" kind: Certificate metadata: - name: {{ include "stalwart-mail.fullname" $ }} + name: {{ include "stalwart.fullname" $ }} spec: - secretName: {{ include "stalwart-mail.fullname" $ }}-cert + secretName: {{ include "stalwart.fullname" $ }}-cert issuerRef: {{- toYaml .issuerRef | nindent 4 }} dnsNames: diff --git a/stalwart-mail/templates/deployment.yaml b/stalwart/templates/deployment.yaml similarity index 71% rename from stalwart-mail/templates/deployment.yaml rename to stalwart/templates/deployment.yaml index a6c92b1..20f2550 100644 --- a/stalwart-mail/templates/deployment.yaml +++ b/stalwart/templates/deployment.yaml @@ -1,26 +1,25 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "stalwart-mail.fullname" . }} + name: {{ include "stalwart.fullname" . }} labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} + {{- include "stalwart.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: - {{- include "stalwart-mail.selectorLabels" . | nindent 6 }} + {{- include "stalwart.selectorLabels" . | nindent 6 }} template: metadata: annotations: - config-hash: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - secret-env-hash: {{ include (print $.Template.BasePath "/secrets-env.yaml") . | sha256sum }} + confighash: {{ toYaml .Values.config | sha256sum | trunc 32 }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "stalwart-mail.labels" . | nindent 8 }} + {{- include "stalwart.labels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -29,42 +28,23 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "stalwart-mail.serviceAccountName" . }} + serviceAccountName: {{ include "stalwart.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- with .Values.image }} + {{- with .Values.image}} image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} {{- end }} - {{- with .Values.env }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} - envFrom: - - secretRef: - name: {{ include "stalwart-mail.fullname" . }}-env ports: {{- range $name, $port := .Values.service.ports }} - name: {{ $name }} containerPort: {{ $port }} protocol: TCP {{- end }} - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.startupProbe }} - startupProbe: - {{- toYaml . | nindent 12 }} - {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: @@ -82,7 +62,9 @@ spec: - name: config mountPath: "/opt/stalwart-mail/etc/config.toml" subPath: "config.toml" - readOnly: true + - name: config + mountPath: "/opt/stalwart-mail/etc/dkim/private.key" + subPath: "dkim.key" {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} - name: certificate mountPath: "/opt/stalwart-mail/etc/certs" @@ -92,12 +74,12 @@ spec: {{- end }} volumes: - name: "config" - configMap: - name: {{ include "stalwart-mail.fullname" . }} + secret: + secretName: {{ include "stalwart.fullname" . }} {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} - name: certificate secret: - secretName: {{ .Values.certificate.secretName | default (printf "%s-cert" (include "stalwart-mail.fullname" .)) }} + secretName: {{ .Values.certificate.secretName | default (printf "%s-cert" (include "stalwart.fullname" .)) }} {{- end }} - name: "data" {{- if .Values.persistence.enabled }} @@ -107,7 +89,7 @@ spec: path: {{ .Values.persistence.hostPath | quote }} {{- else }}{{/* else .persistence.hostPath */}} persistentVolumeClaim: - claimName: {{ coalesce .Values.persistence.existingClaim (include "stalwart-mail.fullname" .) }} + claimName: {{ coalesce .Values.persistence.existingClaim (include "stalwart.fullname" .) }} {{- end }}{{/* end-else .persistence.hostPath */}} {{- else }}{{/* else .persistence.enabled */}} emptyDir: {} diff --git a/pretix/templates/hpa.yaml b/stalwart/templates/hpa.yaml similarity index 85% rename from pretix/templates/hpa.yaml rename to stalwart/templates/hpa.yaml index 6ad556c..a627ae0 100644 --- a/pretix/templates/hpa.yaml +++ b/stalwart/templates/hpa.yaml @@ -2,14 +2,14 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ include "pretix.fullname" . }} + name: {{ include "stalwart.fullname" . }} labels: - {{- include "pretix.labels" . | nindent 4 }} + {{- include "stalwart.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "pretix.fullname" . }} + name: {{ include "stalwart.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: diff --git a/stalwart-mail/templates/ingress.yaml b/stalwart/templates/ingress.yaml similarity index 94% rename from stalwart-mail/templates/ingress.yaml rename to stalwart/templates/ingress.yaml index a4d7162..5112563 100644 --- a/stalwart-mail/templates/ingress.yaml +++ b/stalwart/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.ingress.enabled -}} -{{- $fullName := include "stalwart-mail.fullname" . -}} +{{- $fullName := include "stalwart.fullname" . -}} {{- $svcPort := .Values.service.ports.http -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} @@ -17,7 +17,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} + {{- include "stalwart.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/gotosocial/templates/pvc.yaml b/stalwart/templates/pvc.yaml similarity index 85% rename from gotosocial/templates/pvc.yaml rename to stalwart/templates/pvc.yaml index 31ff39f..9b95fe4 100644 --- a/gotosocial/templates/pvc.yaml +++ b/stalwart/templates/pvc.yaml @@ -4,9 +4,9 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ template "gotosocial.fullname" $ }} + name: {{ template "stalwart.fullname" $ }} labels: - {{- include "gotosocial.labels" $ | nindent 4 }} + {{- include "stalwart.labels" $ | nindent 4 }} {{- with .annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stalwart/templates/secrets.yaml b/stalwart/templates/secrets.yaml new file mode 100644 index 0000000..2f7ba1d --- /dev/null +++ b/stalwart/templates/secrets.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "stalwart.fullname" . }} + labels: + {{- include "stalwart.labels" . | nindent 4 }} + annotations: + confighash: {{ toYaml .Values.config | sha256sum | trunc 32 }} +data: + "config.toml": {{ regexReplaceAll + "trusted-networks = \\[(.*)\\]" + ( + toToml .Values.config + | replace ".0\n" "\n" + | replace "fts-table-duplicated-workaround" "fts" + ) + "trusted-networks = {${1}}" + | b64enc }} + "dkim.key": {{ genPrivateKey "rsa" | b64enc }} diff --git a/stalwart-mail/templates/service.yaml b/stalwart/templates/service.yaml similarity index 75% rename from stalwart-mail/templates/service.yaml rename to stalwart/templates/service.yaml index 00ef57c..546d6fa 100644 --- a/stalwart-mail/templates/service.yaml +++ b/stalwart/templates/service.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "stalwart-mail.fullname" . }} + name: {{ include "stalwart.fullname" . }} labels: - {{- include "stalwart-mail.labels" . | nindent 4 }} + {{- include "stalwart.labels" . | nindent 4 }} {{- with .Values.service.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -23,4 +23,4 @@ spec: {{- end }} {{- end }}{{/* end-with .service */}} selector: - {{- include "stalwart-mail.selectorLabels" . | nindent 4 }} + {{- include "stalwart.selectorLabels" . | nindent 4 }} diff --git a/pretix/templates/serviceaccount.yaml b/stalwart/templates/serviceaccount.yaml similarity index 73% rename from pretix/templates/serviceaccount.yaml rename to stalwart/templates/serviceaccount.yaml index 108fb1b..6990ab2 100644 --- a/pretix/templates/serviceaccount.yaml +++ b/stalwart/templates/serviceaccount.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "pretix.serviceAccountName" . }} + name: {{ include "stalwart.serviceAccountName" . }} labels: - {{- include "pretix.labels" . | nindent 4 }} + {{- include "stalwart.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/stalwart/templates/traefik.yaml b/stalwart/templates/traefik.yaml new file mode 100644 index 0000000..e07c33d --- /dev/null +++ b/stalwart/templates/traefik.yaml @@ -0,0 +1,21 @@ +{{- if .Values.traefik.enabled }} +{{- range $port,$entryport := .Values.traefik.ports }} +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteTCP +metadata: + name: {{ include "stalwart.fullname" $ }}-{{ $port }} +spec: + entryPoints: + - {{ $entryport }} + routes: + - match: HostSNI(`{{ $.Values.config.macros.host }}`) + services: + - name: {{ include "stalwart.fullname" $ }} + port: {{ $port}} + proxyProtocol: + version: 2 + tls: + passthrough: true +{{- end }} +{{- end }}{{/* end-if .enabled */}} diff --git a/stalwart/values.yaml b/stalwart/values.yaml new file mode 100644 index 0000000..8eaedbd --- /dev/null +++ b/stalwart/values.yaml @@ -0,0 +1,856 @@ +# Default values for stalwart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + image: + # -- if set it will overwrite all registry entries + registry: + # -- if set it will overwrite all pullPolicy + pullPolicy: + +replicaCount: 1 + +image: + registry: docker.io + repository: stalwartlabs/mail-server + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + + +## +# Configuration of stalwart mail-server +# defaults taken from: https://github.com/stalwartlabs/mail-server/tree/6aeadb9cda301ec5f210d8e8390515e6292592fa/resources/config +# +# files import completed: +# - config.toml +# - common/*.toml +# - imap/*.toml +# +## +config: + + + ## + # macros + ## + + # -- macros (from: config.toml) + macros: + host: "__HOST__" + default_domain: "__DOMAIN__" + default_directory: "memory" + default_store: "sqlite" + + + ## + # global + ## + + global: + shared-map: + # -- global shared-map capacity (from: common/server.toml) + capacity: 10 + # -- global shared-map shard (from: common/server.toml) + shard: 32 + + # -- global thead-pool (from: common/server.toml) + thread-pool: + + # -- global tracing (from: common/tracing.toml) + tracing: + method: "stdout" + level: "info" + + + ## + # server + ## + + server: + # -- server hostname (from: common/server.toml) + hostname: "%{HOST}%" + + security: + # -- server security blocked-networks (from: common/server.toml) + blocked-networks: {} + # -- server security fail2ban (from: common/server.toml) + fail2ban: "100/1d" + + run-as: + # -- server run-as user (from: common/server.toml) + user: "stalwart-mail" + # -- server run-as group (from: common/server.toml) + group: "stalwart-mail" + + socket: + # -- server socket nodelay (from: common/server.toml) + nodelay: true + # -- server socket reuse-addr (from: common/server.toml) + reuse-addr: true + # -- server socket reuse-port (from: common/server.toml) + reuse-port: false + # -- server socket backlog (from: common/server.toml) + backlog: 1024 + # -- server socket ttl (from: common/server.toml) + ttl: 3600 + # -- server socket send-buffer-size (from: common/server.toml) + send-buffer-size: 65535 + # -- server socket recv-buffer-size (from: common/server.toml) + recv-buffer-size: 65535 + # -- server socket linger (from: common/server.toml) + linger: 1 + # -- server socket tos (from: common/server.toml) + tos: 1 + + tls: + # -- server tls enable (from: common/tls.toml) + enable: true + # -- server tls implicit (from: common/tls.toml) + implicit: false + # -- server tls timeout (from: common/tls.toml) + timeout: "1m" + # -- server tls certificate (from: common/tls.toml) + certificate: "default" + # -- server tls acme (from: common/tls.toml) + # example: "letsencrypt" + acme: + # -- server tls sni (from: common/tls.toml) + # example: [{subject: "", certificate: ""}] + sni: + # -- server tls protocols (from: common/tls.toml) + # example: ["TLSv1.2", "TLSv1.3"] + protocols: + # -- server tls #ciphers (from: common/tls.toml) + # example: [ "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256", + # "TLS13_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + # "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + # "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] + ciphers: + # -- server tls ignore-client-order (from: common/tls.toml) + ignore-client-order: true + + # -- server listener + listener: + smtp: + protocol: "smtp" + bind: ["[::]:25"] + smtp-submission: + protocol: "smtp" + bind: ["[::]:587"] + smtps: + protocol: "smtp" + bind: ["[::]:465"] + tls: + implicit: true + + # -- server listener with name imap (from: imap/listener.toml) + imap: + bind: ["[::]:143"] + protocol: "imap" + + # -- server listener with name imaps (from: imap/listener.toml) + imaps: + bind: ["[::]:993"] + protocol: "imap" + tls: + implicit: true + + # -- server listener with name sieve (from: imap/listener.toml) + sieve: + bind: ["[::]:4190"] + protocol: "managesieve" + tls: + implicit: true + + # -- jmap/listener.yaml + http: + protocol: "jmap" + bind: ["[::]:80"] + url: "https://%{HOST}%" + + + ## + # sieve + ## + + sieve: + untrusted: + # -- sieve untrusted disable-capabilities (from: common/sieve.toml) + disable-capabilities: [] + # -- sieve untrusted notification-uris (from: common/sieve.toml) + notification-uris: ["mailto"] + # -- sieve untrusted protected-headers (from: common/sieve.toml) + protected-headers: ["Original-Subject", "Original-From", "Received", "Auto-Submitted"] + + limits: + # -- sieve untrusted limit name-length (from: common/sieve.toml) + name-length: 512 + # -- sieve untrusted limit max-scripts (from: common/sieve.toml) + max-scripts: 256 + # -- sieve untrusted limit script-size (from: common/sieve.toml) + script-size: 102400 + # -- sieve untrusted limit string-length (from: common/sieve.toml) + string-length: 4096 + # -- sieve untrusted limit variable-name-length (from: common/sieve.toml) + variable-name-length: 32 + # -- sieve untrusted limit variable-size (from: common/sieve.toml) + variable-size: 4096 + # -- sieve untrusted limit nested-blocks (from: common/sieve.toml) + nested-blocks: 15 + # -- sieve untrusted limit nested-tests (from: common/sieve.toml) + nested-tests: 15 + # -- sieve untrusted limit nested-foreverypart (from: common/sieve.toml) + nested-foreverypart: 3 + # -- sieve untrusted limit match-variables (from: common/sieve.toml) + match-variables: 30 + # -- sieve untrusted limit local-variables (from: common/sieve.toml) + local-variables: 128 + # -- sieve untrusted limit header-size (from: common/sieve.toml) + header-size: 1024 + # -- sieve untrusted limit includes (from: common/sieve.toml) + includes: 3 + # -- sieve untrusted limit nested-includes (from: common/sieve.toml) + nested-includes: 3 + # -- sieve untrusted limit cpu (from: common/sieve.toml) + cpu: 5000 + # -- sieve untrusted limit redirects (from: common/sieve.toml) + redirects: 1 + # -- sieve untrusted limit received-headers (from: common/sieve.toml) + received-headers: 10 + # -- sieve untrusted limit outgoing-messages (from: common/sieve.toml) + outgoing-messages: 3 + + vacation: + # -- sieve untrusted vacation default-subject (from: common/sieve.toml) + default-subject: "Automated reply" + # -- sieve untrusted vacation subject-prefix (from: common/sieve.toml) + subject-prefix: "Auto: " + + default-expiry: + # -- sieve untrusted default-expiry vacation (from: common/sieve.toml) + vacation: "30d" + # -- sieve untrusted default-expiry duplicate (from: common/sieve.toml) + duplicate: "7d" + + trusted: + # -- sieve trusted from-name (from: common/sieve.toml) + from-name: "Automated Message" + # -- sieve trusted from-addr (from: common/sieve.toml) + from-addr: "no-reply@%{DEFAULT_DOMAIN}%" + # -- sieve trusted return-path (from: common/sieve.toml) + return-path: "" + # -- sieve trusted hostname (from: common/sieve.toml) + hostname: "%{HOST}%" + # -- sieve trusted no-capability-check (from: common/sieve.toml) + no-capability-check: true + # -- sieve trusted sign (from: common/sieve.toml) + sign: ["rsa"] + + limits: + # -- sieve trusted limits redirects (from: common/sieve.toml) + redirects: 3 + # -- sieve trusted limits out-messages (from: common/sieve.toml) + out-messages: 5 + # -- sieve trusted limits received-headers (from: common/sieve.toml) + received-headers: 50 + # -- sieve trusted limits cpu (from: common/sieve.toml) + cpu: 1048576 + # -- sieve trusted limits nested-includes (from: common/sieve.toml) + nested-includes: 5 + # -- sieve trusted limits duplicate-expiry (from: common/sieve.toml) + duplicate-expiry: "7d" + + scripts: + # -- sieve trusted scripts connect (from: common/sieve.toml) + connect: + # -- sieve trusted scripts ehlo (from: common/sieve.toml) + ehlo: + # -- sieve trusted scripts mail (from: common/sieve.toml) + mail: + + ## + # storage + ## + + storage: + # -- storage data (from: common/store.toml) + data: "%{DEFAULT_STORE}%" + # -- storage fts (from: common/store.toml) + # BROKEN / TODO + # see: https://github.com/stalwartlabs/mail-server/issues/211 + fts: "%{DEFAULT_STORE}%" + # -- storage blob (from: common/store.toml) + blob: "%{DEFAULT_STORE}%" + # -- storage lookup (from: common/store.toml) + lookup: "%{DEFAULT_STORE}%" + # -- storage directory (from: common/store.toml) + directory: "%{DEFAULT_DIRECTORY}%" + encryption: + # -- storage encryption enable (from: common/store.toml) + enable: true + # -- storage encryption append (from: common/store.toml) + append: false + spam: + # -- storage spam header (from: common/store.toml) + header: "X-Spam-Status: Yes" + # BROKEN / TODO + # should be fts: + # see: https://github.com/stalwartlabs/mail-server/issues/211 + fts-table-duplicated-workaround: + # -- storage - fts - default-language (from: common/store.toml) + default-language: "en" + cluster: + # -- storage - cluster - node-id (from: common/store.toml) + node-id: + + + ## + # ACME + ## + + acme: + # -- acme with name letsencrypt (from: common/tls.toml) + letsencrypt: + # -- acme directory (from: common/tls.toml) + directory: "https://acme-v02.api.letsencrypt.org/directory" + # -- acme contact (from: common/tls.toml) + contact: ["postmaster@%{DEFAULT_DOMAIN}%"] + # -- acme cache (from: common/tls.toml) + cache: "/opt/stalwart-mail/etc/acme" + # -- acme port (from: common/tls.toml) + port: 443 + # -- acme renew-before (from: common/tls.toml) + renew-before: "30d" + + ## + # certificate + ## + + certificate: + # -- certificate with name default (from: common/tls.toml) + default: + # -- certificate cert (from: common/tls.toml) + cert: "file:///opt/stalwart-mail/etc/certs/tls.crt" + # -- certificate private-key (from: common/tls.toml) + private-key: "file:///opt/stalwart-mail/etc/certs/tls.key" + + + ## + # directory + ## + + directory: + + # -- directory - with name memory (from: directory/internal.yaml) + memory: + type: memory + # -- overwrite me, if not wanted + disable: false + options: + catch-all: true + subaddressing: true + principals: + - type: "admin" + description: "Superuser" + name: "admin" + secret: "changeme" + mail: + - "postmaster@%{DEFAULT_DOMAIN}%" + + + ## + # store + ## + + store: + + # -- store - with name sqlite + sqlite: + type: "sqlite" + # -- overwrite me, if not wanted + disable: false + path: "/data/index.sqlite3" + purge: + frequency: "0 3 *" + query: + name: "SELECT name, type, secret, description, quota FROM accounts WHERE name = ? AND active = true" + members: "SELECT member_of FROM group_members WHERE name = ?" + recipients: "SELECT name FROM emails WHERE address = ?" + emails: "SELECT address FROM emails WHERE name = ? AND type != 'list' ORDER BY type DESC, address ASC" + verify: "SELECT address FROM emails WHERE address LIKE '%' || ? || '%' AND type = 'primary' ORDER BY address LIMIT 5" + expand: "SELECT p.address FROM emails AS p JOIN emails AS l ON p.name = l.name WHERE p.type = 'primary' AND l.address = ? AND l.type = 'list' ORDER BY p.address LIMIT 50" + domains: "SELECT 1 FROM emails WHERE address LIKE '%@' || ? LIMIT 1" + + # -- store - with name fs + fs: + type: "fs" + # -- overwrite me, if not wanted + disable: false + path: "/data/blobs" + depth: 2 + purge: + frequency: "0 3 *" + + + ## + # OAuth + ## + + oauth: + + # -- oauth - key + key: "__OAUTH_KEY__" + + # -- oauth - auth + auth: + max-attempts: 3 + + # -- oauth - expiry + expiry: + user-code: "30m" + auth-code: "10m" + token: "1h" + refresh-token: "30d" + refresh-token-renew: "4d" + + # -- oauth - cache + cache: + size: 128 + + + ## + # SMTP configuration (smtp/*.yaml) + ## + + + ## + # query (from: smtp/queue.yaml) + ## + + queue: + # -- queue-path + path: "/data/queue" + # -- queue-hash + hash: 64 + + # -- queue-schedule + schedule: + retry: ["2m", "5m", "10m", "15m", "30m", "1h", "2h"] + notify: ["1d", "3d"] + expire: "5d" + + # -- queue-outbound + outbound: + # hostname: "%{HOST}%" + next-hop: + - if: "rcpt-domain" + in-list: "%{DEFAULT_DIRECTORY}%/domains" + then: "local" + - else: false + ip-strategy: "ipv4-then-ipv6" + tls: + dane: "optional" + mta-sts: "optional" + starttls: "require" + allow-invalid-certs: false + limits: + mx: 7 + multihomed: 2 + timeouts: + connect: "3m" + greeting: "3m" + tls: "2m" + ehlo: "3m" + mail-from: "3m" + rcpt-to: "3m" + data: "10m" + mta-sts: "2m" + + + ## + # Report (from: smtp/report.yaml) + ## + + report: + # -- report-path + path: "/data/reports" + # -- report-hash + hash: 64 + # submitter: "%{HOST}%" + + # -- report-analysis + analysis: + addresses: ["dmarc@*", "abuse@*", "postmaster@*"] + forward: true + # store: "/data/incoming" + + # -- report-dsn + dsn: + from-name: "Mail Delivery Subsystem" + from-address: "MAILER-DAEMON@%{DEFAULT_DOMAIN}%" + sign: ["rsa"] + + # -- report-dkim + dkim: + from-name: "Report Subsystem" + from-address: "noreply-dkim@%{DEFAULT_DOMAIN}%" + subject: "DKIM Authentication Failure Report" + sign: ["rsa"] + send: "1/1d" + + # -- report-spf + spf: + from-name: "Report Subsystem" + from-address: "noreply-spf@%{DEFAULT_DOMAIN}%" + subject: "SPF Authentication Failure Report" + send: "1/1d" + sign: ["rsa"] + + # -- report-dmarc + dmarc: + from-name: "Report Subsystem" + from-address: "noreply-dmarc@%{DEFAULT_DOMAIN}%" + subject: "DMARC Authentication Failure Report" + send: "1/1d" + sign: ["rsa"] + aggregate: + from-name: "DMARC Report" + from-address: "noreply-dmarc@%{DEFAULT_DOMAIN}%" + org-name: "%{DEFAULT_DOMAIN}%" + # contact-info: "" + send: "daily" + # -- default: 25 mb + max-size: 26214400 + sign: ["rsa"] + + # -- report-tls + tls: + aggregate: + from-name: "TLS Report" + from-address: "noreply-tls@%{DEFAULT_DOMAIN}%" + org-name: "%{DEFAULT_DOMAIN}%" + # contact-info: "" + send: "daily" + # -- default: 25 mb + max-size: 26214400 + sign: ["rsa"] + + + ## + # resolver (from: smtp/resolver.yaml) + ## + + resolver: + # -- resolver-type + type: "system" + # -- resolver-preserve-intermediates + preserve-intermediates: true + # -- resolver-concurrency + concurrency: 2 + # -- resolver-timeout + timeout: "5s" + # -- resolver-attempts + attempts: 2 + # -- resolver-try-tcp-on-error + try-tcp-on-error: true + # -- resolver-public-suffix + public-suffix: + - "https://publicsuffix.org/list/public_suffix_list.dat" + - "file:///opt/stalwart-mail/etc/spamfilter/maps/suffix_list.dat.gz" + + # -- resolver-cache + cache: + txt: 2048 + mx: 1024 + ipv4: 1024 + ipv6: 1024 + ptr: 1024 + tlsa: 1024 + mta-sts: 1024 + + + ## + # signature (from: smtp/signature.yaml) + ## + + signature: + # -- signature-rsa + rsa: + # public-key: "file://opt/stalwart-mail/etc/dkim/%{DEFAULT_DOMAIN}%.cert" + private-key: "file://opt/stalwart-mail/etc/dkim/private.key" + domain: "%{DEFAULT_DOMAIN}%" + selector: "stalwart" + headers: ["From", "To", "Date", "Subject", "Message-ID"] + algorithm: "rsa-sha256" + canonicalization: "relaxed/relaxed" + # expire: "10d" + # third-party: "" + # third-party-algo: "" + # auid: "" + set-body-length: false + report: true + + + ## + # IMAP + ## + + imap: + request: + # -- imap request max-size (from: imap/settings.toml) + max-size: 52428800 + auth: + # -- imap auth max-failures(from: imap/settings.toml) + max-failures: 3 + # -- imap auth allow-plain-text (from: imap/settings.toml) + allow-plain-text: false + folders: + name: + # -- imap folders name shared (from: imap/settings.toml) + shared: "Shared Folders" + timeout: + # -- imap timeout authenticated (from: imap/settings.toml) + authenticated: "30m" + # -- imap timeout anonymous (from: imap/settings.toml) + anonymous: "1m" + # -- imap timeout idle (from: imap/settings.toml) + idle: "30m" + rate-limit: + # -- imap rate-limit requests (from: imap/settings.toml) + requests: "2000/1m" + # -- imap rate-limit concurrent (from: imap/settings.toml) + concurrent: 6 + protocol: + # -- imap protocol uidplus (from: imap/settings.toml) + uidplus: false + + + ## + # JMAP + ## + + jmap: + # -- jmap-directory (from: jmap/auth.yaml) + directory: "%{DEFAULT_DIRECTORY}%" + # -- jmap-session (from: jmap/auth.yaml) + session: + cache: + ttl: "1h" + size: 100 + purge: + frequency: "0 3 *" + + # -- jmap-protocol (from: jmap/protocol.yaml) + protocol: + get: + max-objects: 500 + set: + max-objects: 500 + request: + max-concurrent: 4 + max-size: 10000000 + max-calls: 16 + query: + max-results: 5000 + upload: + max-size: 50000000 + max-concurrent: 4 + ttl: "1h" + quota: + files: 1000 + size: 50000000 + changes: + max-results: 5000 + + # -- jmap-mailbox + mailbox: + max-depth: 10 + max-name-length: 255 + + # -- jmap-email + email: + max-attachment-size: 50000000 + max-size: 75000000 + + parse: + max-items: 10 + + # -- jmap-principal + principal: + allow-lookups: true + + # -- jmap-push (from: jmap/push.yaml) + push: + max-total: 100 + throttle: "1ms" + attempts: + interval: "1m" + max: 3 + retry: + interval: "1s" + timeout: + request: "10s" + verify: "1s" + + # -- jmap-event-source + event-source: + throttle: "1s" + + # -- jmap-rate-limit (from: jmap/ratelimit.yaml) + rate-limit: + account: "1000/1m" + authentication: "10/1m" + anonymous: "100/1m" + use-forwarded: true + cache: + size: 1024 + + # -- jmap-web-sockets (from: jmap/websocket.yaml) + web-sockets: + throttle: "1s" + timeout: "10m" + heartbeat: "1m" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + ipFamilies: ["IPv4"] + # -- other option is RequireDualStack + ipFamilyPolicy: "SingleStack" + annotations: {} + ports: + smtp: 25 + smtp-submission: 587 + smtps: 465 + imap: 143 + imaps: 993 + sieve: 4190 + http: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +traefik: + enabled: false + ports: + http: websecure + imaps: imaps + smtps: smtps + +certificate: + # -- not needed if certmanager is used + secretName: + certmanager: + enabled: true + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: letsencrypt-prod + dnsNames: + - "chart-example.local" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +persistence: + # -- Enable persistence using Persistent Volume Claims + # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + enabled: true + annotations: {} + # -- Persistent Volume Storage Class + # If defined, storageClassName: + # If set to "-", storageClassName: "", which disables dynamic provisioning + # If undefined (the default) or set to null, no storageClassName spec is + # set, choosing the default provisioner. (gp2 on AWS, standard on + # GKE, AWS & OpenStack) + storageClass: + + # -- A manually managed Persistent Volume and Claim + # Requires persistence.enabled: true + # If defined, PVC must be created manually before volume will be bound + existingClaim: + + # -- Do not create an PVC, direct use hostPath in Pod + hostPath: + # -- accessMode + accessMode: ReadWriteOnce + # -- size + size: 10Gi