From 6bce044532706b9a197cf6aab5a84012e7d48c21 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Tue, 13 Feb 2024 23:31:32 +0100 Subject: [PATCH] feat(matrix): Add synatainer as cronjob --- apps/base/matrix/kustomization.yaml | 1 + apps/base/matrix/synatainer.yaml | 48 ++++++++++++++++++++++ apps/k8s01/matrix/kustomization.yaml | 1 + apps/k8s01/matrix/matrix-token.yaml | 59 ++++++++++++++++++++++++++++ 4 files changed, 109 insertions(+) create mode 100644 apps/base/matrix/synatainer.yaml create mode 100644 apps/k8s01/matrix/matrix-token.yaml diff --git a/apps/base/matrix/kustomization.yaml b/apps/base/matrix/kustomization.yaml index a683fd35c..c88c46482 100644 --- a/apps/base/matrix/kustomization.yaml +++ b/apps/base/matrix/kustomization.yaml @@ -6,6 +6,7 @@ resources: - repository.yaml - release.yaml - database.yaml + - synatainer.yaml - ../../../shared/networkpolicies/allow-from-same-namespace.yaml - ../../../shared/networkpolicies/allow-from-ingress.yaml - ../../../shared/networkpolicies/allow-from-database.yaml diff --git a/apps/base/matrix/synatainer.yaml b/apps/base/matrix/synatainer.yaml new file mode 100644 index 000000000..057729603 --- /dev/null +++ b/apps/base/matrix/synatainer.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: synatainer +spec: + schedule: "2 2 * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: synatainer + image: registry.gitlab.com/mb-saces/synatainer:0.4.3 + imagePullPolicy: IfNotPresent + args: + - /usr/local/bin/synatainer-cron.sh + securityContext: + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + envs: + - name: PG_host + value: matrix-postgres.matrix.svc.cluster.local + - name: DB_NAME + value: synapse + - name: DB_USER + secretKeyRef: + name: synapse.matrix-postgres.credentials.postgresql.acid.zalan.do + key: username + - name: PGPASSWORD + secretKeyRef: + name: synapse.matrix-postgres.credentials.postgresql.acid.zalan.do + key: password + - name: SYNAPSE_HOST + value: http://matrix-synapse:8008 + - name: BEARER_TOKEN + secretKeyRef: + name: matrix-token + key: token + restartPolicy: OnFailure + securityContext: + runAsUser: 65534 + runAsGroup: 65534 + fsGroup: 65534 + runAsNonRoot: true \ No newline at end of file diff --git a/apps/k8s01/matrix/kustomization.yaml b/apps/k8s01/matrix/kustomization.yaml index 4124ed020..2f1f6629b 100644 --- a/apps/k8s01/matrix/kustomization.yaml +++ b/apps/k8s01/matrix/kustomization.yaml @@ -5,6 +5,7 @@ resources: - ../../base/matrix - certificate.yaml - signing-key.yaml + - matrix-token.yaml - slo.yaml - ../../../shared/resourcequotas/default.yaml patchesStrategicMerge: diff --git a/apps/k8s01/matrix/matrix-token.yaml b/apps/k8s01/matrix/matrix-token.yaml new file mode 100644 index 000000000..7f80cc2db --- /dev/null +++ b/apps/k8s01/matrix/matrix-token.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Secret +metadata: + name: matrix-token +type: Opaque +stringData: + token: ENC[AES256_GCM,data:d8tgPMGR1ZH0ygQZggP6eSx5C6LwQf94Hs2/Jg9h/ti4zxYq+FWFf208prsK5w==,iv:yZjl6+DSmUK1yAWDd68J01ioaioc/248mkHLhv1FC6w=,tag:VfH8aHfqovleaJmLOh1ajg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-02-13T22:28:49Z" + mac: ENC[AES256_GCM,data:+h7uVwHuL84flUy96Ffx/m4PJMXh3CIjO6SfBISOaRSDRuoiWvcX7S2icqENnQOxoujwbhddZHL2QKrbHUVVJBfePi2w9q4wslDUzOBKtodRVLu+8lXR0fxLudwM5Ke6+PQrko9nlqe6gMuVMR+3/RyTszmnU6/obN8xI3HE3Zw=,iv:9VGIYAKtDwgJpW1Dv87mLEUTvOKliY0cZ771gdGr8rk=,tag:e+Fqv5GzDvzeOz2riRLIuw==,type:str] + pgp: + - created_at: "2024-02-13T22:28:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcAQ/9F5gH8SkdSOT6xJxF7vG0nda+JtnbQg0hj3A6xnKdreVq + Aih0D0UP+EUVY6/Mju96vAYjyVivRs2LktM/WE5oiRJg3XL9XdbWQnFmiaY4MNuh + TKgVWFSgmYXSLGwL8sVglVZppFwWKEZb07CEUWOj0DSmcJE3AYYrsUGHHT6+I6X3 + K1zXGiqn0v7xz2NnUi6jjxsEx9Z5XMn+wZNfaoCIpXdg2VhVFF1ivceF+x9YfB2u + lvIV9VFYU8a20pTLn73MbLpZPcSs+Cc3HnogbiRuitIGSORhLLHZQrvFWWVqWxH3 + sMtxIAi9jACkLzqbYp1oUYvEOtiqpyGyrMVhj/45hEDQwXntxsa/d8iSs4nw/+ue + hKWQS1NwpHvdsxLY/zeeG5AjtjiURwyFa3e824u0JonwZfWHBPytZTpA52HJ4Wob + +zJKtJSOIMYImI3xoLrzONjIwj8aGYYA9nIM7QXa2Xuc/4Ge+9PAhhyR+hiHCp83 + rAqH9WPuYVUBx8V/IknhK4P1Hk2W7ZnALjMduMYDcHs/SVryABG4TV1bBQ7rqDOH + MszAmeiZm/o2DRuA/buIlYyRmTMpL4TsC/ceKS4uiaNBBO+NQ68Pi8fepw9XW1IB + CuXO2wzTLUiDYWaMoFEvHbsCZup+A3FSSlcBHr8IIsA6m9tEj0XzpuJGgijTrQHS + UQHy0RX5WPpvCUSjH5HK+nfhefR6Xfcx2X2YHadKs5XqBGATWOUACpezREbs1YN8 + tQ4ocFQy0XZf1iVhEU+jYx3nJE/oXw+DiPUzlNMLsLxRYQ== + =/2Ng + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2024-02-13T22:28:35Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPAQ//cyG/1eRSndV0sBQ8kf7x+TMJyu2mp6zzU2PcjTckHKCM + l3YfAmAXAGYngO8o/IW6lwt27gTB1AYT/5EQJ/VV5s2I0xygMOxoA0IAj0sTLS+4 + l3ZNmKm29JZD+6p3+9Pu3ZKsVq1ovkdosrDHAK5j6qn6/4H0odaYAQB0fqkWNnW+ + FMKG/sz6qjDvtcy4DY3rsu2BhzTBbd7/kMhnvzprIkO0/B0FpFwt7W/zvUepp8TJ + wo3WrqlqSUBBSmi8WMkTcSQd8cBDosZlqG4ayB7mPZT5HxrGHj87+jKBd4YFvPFr + FEqzzpjVbY5VP3v6puf/LX+42otzAyZcLaOvKIxtum0INzRHicJ79mAQ6sUOfqkO + aU6X16UBxc30/AhA2b5YkY7nxKoaHuwenWiZM9kZpiZN9ZaiveQqzt3r86l43Kw7 + efUcTEIbl8+hDpkRrm4XLsG1jhMBLlb6PfulqPx0Eyt2TZwjR1ATR7pN57Trfnkj + nz+E6uO8Uvm8+pnTJE8fQnPnA7IKMs+faH8yFee57Y/dsvH/jaSngDm6bKtNKvJ9 + Engu8A3QCyvgezRVYLL7fE0LMcYqXrSEbtevRiGIWE6uSN6+ku5RmMqYiASwcw0n + VI148Ucm8RCm8wJX23CgYahMkQGljZ4vTASOm8QW38KxxOh6AWnXLoTjIxzp+cfU + aAEJAhAb1NtwJqf9T9dm5T9pU6gbbztR4AxoVVbqEp8kGC5TjxHaJm4tr5i2LGwe + 3n5jslySTVabUOviqUiUfZsrrT2CFXNvZmfk6rMdOkp43ao/RlgkkQW3058A0DgE + 6r79vtgX9KzZ + =ZgO2 + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$ + version: 3.7.3 -- GitLab