From a260d55826d91cdbc8c410137c8d6ed8513f13fe Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Wed, 31 Dec 2025 18:32:26 -0300 Subject: [PATCH] communication: remove one-shot syn2mas jobs --- services/communication/kustomization.yaml | 2 - .../communication/mas-syn2mas-check-job.yaml | 129 --------------- .../mas-syn2mas-migrate-job.yaml | 151 ------------------ 3 files changed, 282 deletions(-) delete mode 100644 services/communication/mas-syn2mas-check-job.yaml delete mode 100644 services/communication/mas-syn2mas-migrate-job.yaml diff --git a/services/communication/kustomization.yaml b/services/communication/kustomization.yaml index 1d83466..39d5890 100644 --- a/services/communication/kustomization.yaml +++ b/services/communication/kustomization.yaml @@ -8,8 +8,6 @@ resources: - mas-configmap.yaml - mas-deployment.yaml - mas-ingress.yaml - - mas-syn2mas-check-job.yaml - - mas-syn2mas-migrate-job.yaml - element-rendered.yaml - livekit-config.yaml - livekit.yaml diff --git a/services/communication/mas-syn2mas-check-job.yaml b/services/communication/mas-syn2mas-check-job.yaml deleted file mode 100644 index 724b625..0000000 --- a/services/communication/mas-syn2mas-check-job.yaml +++ /dev/null @@ -1,129 +0,0 @@ -# services/communication/mas-syn2mas-check-job.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: mas-syn2mas-check-v2 - namespace: communication -spec: - backoffLimit: 0 - template: - metadata: - labels: - app: mas-syn2mas-check-v2 - spec: - enableServiceLinks: false - restartPolicy: Never - nodeSelector: - hardware: rpi5 - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - preference: - matchExpressions: - - key: hardware - operator: In - values: ["rpi5","rpi4"] - initContainers: - - name: render-mas-config - image: alpine:3.20 - command: ["/bin/sh","-c"] - args: - - | - set -euo pipefail - umask 077 - DB_PASS_ESCAPED="$(printf '%s' "${MAS_DB_PASSWORD}" | sed 's/[\\/&]/\\&/g')" - MATRIX_SECRET_ESCAPED="$(printf '%s' "${MATRIX_SHARED_SECRET}" | sed 's/[\\/&]/\\&/g')" - KC_SECRET_ESCAPED="$(printf '%s' "${KEYCLOAK_CLIENT_SECRET}" | sed 's/[\\/&]/\\&/g')" - - sed \ - -e "s/@@MAS_DB_PASSWORD@@/${DB_PASS_ESCAPED}/g" \ - -e "s/@@MATRIX_SHARED_SECRET@@/${MATRIX_SECRET_ESCAPED}/g" \ - -e "s/@@KEYCLOAK_CLIENT_SECRET@@/${KC_SECRET_ESCAPED}/g" \ - /etc/mas/config.yaml > /rendered/config.yaml - chmod 0644 /rendered/config.yaml - env: - - name: MAS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: mas-db - key: password - - name: MATRIX_SHARED_SECRET - valueFrom: - secretKeyRef: - name: mas-secrets-runtime - key: matrix_shared_secret - - name: KEYCLOAK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: mas-secrets-runtime - key: keycloak_client_secret - volumeMounts: - - name: mas-config - mountPath: /etc/mas/config.yaml - subPath: config.yaml - readOnly: true - - name: rendered - mountPath: /rendered - readOnly: false - containers: - - name: syn2mas-check - image: ghcr.io/element-hq/matrix-authentication-service:1.8.0 - args: - - syn2mas - - check - - --config - - /rendered/config.yaml - - --synapse-config - - /synapse-config/homeserver.yaml - - --synapse-config - - /synapse-secret/config.yaml - - --synapse-database-uri - - "postgresql:" - env: - - name: PGHOST - value: postgres-service.postgres.svc.cluster.local - - name: PGPORT - value: "5432" - - name: PGDATABASE - value: synapse - - name: PGUSER - value: synapse - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: synapse-db - key: POSTGRES_PASSWORD - - name: PGSSLMODE - value: prefer - volumeMounts: - - name: rendered - mountPath: /rendered - readOnly: true - - name: synapse-config - mountPath: /synapse-config - readOnly: true - - name: synapse-secret - mountPath: /synapse-secret - readOnly: true - volumes: - - name: mas-config - configMap: - name: matrix-authentication-service-config - items: - - key: config.yaml - path: config.yaml - - name: rendered - emptyDir: {} - - name: synapse-config - configMap: - name: othrys-synapse-matrix-synapse - items: - - key: homeserver.yaml - path: homeserver.yaml - - name: synapse-secret - secret: - secretName: othrys-synapse-matrix-synapse - items: - - key: config.yaml - path: config.yaml diff --git a/services/communication/mas-syn2mas-migrate-job.yaml b/services/communication/mas-syn2mas-migrate-job.yaml deleted file mode 100644 index bc458a5..0000000 --- a/services/communication/mas-syn2mas-migrate-job.yaml +++ /dev/null @@ -1,151 +0,0 @@ -# services/communication/mas-syn2mas-migrate-job.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: mas-syn2mas-migrate-v4 - namespace: communication -spec: - backoffLimit: 0 - template: - metadata: - labels: - app: mas-syn2mas-migrate-v4 - spec: - enableServiceLinks: false - restartPolicy: Never - nodeSelector: - hardware: rpi5 - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - preference: - matchExpressions: - - key: hardware - operator: In - values: ["rpi5","rpi4"] - initContainers: - - name: render-mas-config - image: alpine:3.20 - command: ["/bin/sh","-c"] - args: - - | - set -euo pipefail - umask 077 - DB_PASS_ESCAPED="$(printf '%s' "${MAS_DB_PASSWORD}" | sed 's/[\\/&]/\\&/g')" - MATRIX_SECRET_ESCAPED="$(printf '%s' "${MATRIX_SHARED_SECRET}" | sed 's/[\\/&]/\\&/g')" - KC_SECRET_ESCAPED="$(printf '%s' "${KEYCLOAK_CLIENT_SECRET}" | sed 's/[\\/&]/\\&/g')" - - sed \ - -e "s/@@MAS_DB_PASSWORD@@/${DB_PASS_ESCAPED}/g" \ - -e "s/@@MATRIX_SHARED_SECRET@@/${MATRIX_SECRET_ESCAPED}/g" \ - -e "s/@@KEYCLOAK_CLIENT_SECRET@@/${KC_SECRET_ESCAPED}/g" \ - /etc/mas/config.yaml > /rendered/config.yaml - chmod 0644 /rendered/config.yaml - env: - - name: MAS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: mas-db - key: password - - name: MATRIX_SHARED_SECRET - valueFrom: - secretKeyRef: - name: mas-secrets-runtime - key: matrix_shared_secret - - name: KEYCLOAK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: mas-secrets-runtime - key: keycloak_client_secret - volumeMounts: - - name: mas-config - mountPath: /etc/mas/config.yaml - subPath: config.yaml - readOnly: true - - name: rendered - mountPath: /rendered - readOnly: false - containers: - - name: syn2mas-migrate - image: ghcr.io/element-hq/matrix-authentication-service:1.8.0 - args: - - syn2mas - - migrate - - --config - - /rendered/config.yaml - - --synapse-config - - /synapse-config/homeserver.yaml - - --synapse-config - - /synapse-secret/config.yaml - - --synapse-database-uri - - "postgresql:" - env: - - name: PGHOST - value: postgres-service.postgres.svc.cluster.local - - name: PGPORT - value: "5432" - - name: PGDATABASE - value: synapse - - name: PGUSER - value: synapse - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: synapse-db - key: POSTGRES_PASSWORD - - name: PGSSLMODE - value: prefer - volumeMounts: - - name: rendered - mountPath: /rendered - readOnly: true - - name: mas-secrets - mountPath: /etc/mas/secrets - readOnly: true - - name: mas-keys - mountPath: /etc/mas/keys - readOnly: true - - name: synapse-config - mountPath: /synapse-config - readOnly: true - - name: synapse-secret - mountPath: /synapse-secret - readOnly: true - volumes: - - name: mas-config - configMap: - name: matrix-authentication-service-config - items: - - key: config.yaml - path: config.yaml - - name: rendered - emptyDir: {} - - name: mas-secrets - secret: - secretName: mas-secrets-runtime - items: - - key: encryption - path: encryption - - key: matrix_shared_secret - path: matrix_shared_secret - - key: keycloak_client_secret - path: keycloak_client_secret - - name: mas-keys - secret: - secretName: mas-secrets-runtime - items: - - key: rsa_key - path: rsa_key - - name: synapse-config - configMap: - name: othrys-synapse-matrix-synapse - items: - - key: homeserver.yaml - path: homeserver.yaml - - name: synapse-secret - secret: - secretName: othrys-synapse-matrix-synapse - items: - - key: config.yaml - path: config.yaml