bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

communication: add MAS syn2mas migrate job

Browse Source
This commit is contained in:
Brad Stein 2025-12-31 18:14:44 -03:00
parent 06a1cde738
commit af03ac6dbc
2 changed files with 130 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
services/communication/kustomization.yaml
View File

@ -9,6 +9,7 @@ resources:
- mas-deployment.yaml
- mas-ingress.yaml
- mas-syn2mas-check-job.yaml
- mas-syn2mas-migrate-job.yaml
- element-rendered.yaml
- livekit-config.yaml
- livekit.yaml

129
services/communication/mas-syn2mas-migrate-job.yaml Normal file
View File

@ -0,0 +1,129 @@
# services/communication/mas-syn2mas-migrate-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: mas-syn2mas-migrate
namespace: communication
spec:
backoffLimit: 0
template:
metadata:
labels:
app: mas-syn2mas-migrate
spec:
enableServiceLinks: false
restartPolicy: Never
nodeSelector:
hardware: rpi5
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 50
preference:
matchExpressions:
- key: hardware
operator: In
values: ["rpi5","rpi4"]
initContainers:
- name: render-mas-config
image: alpine:3.20
command: ["/bin/sh","-c"]
args:
- |
set -euo pipefail
umask 077
DB_PASS_ESCAPED="$(printf '%s' "${MAS_DB_PASSWORD}" | sed 's/[\\/&]/\\&/g')"
MATRIX_SECRET_ESCAPED="$(printf '%s' "${MATRIX_SHARED_SECRET}" | sed 's/[\\/&]/\\&/g')"
KC_SECRET_ESCAPED="$(printf '%s' "${KEYCLOAK_CLIENT_SECRET}" | sed 's/[\\/&]/\\&/g')"
sed \
-e "s/@@MAS_DB_PASSWORD@@/${DB_PASS_ESCAPED}/g" \
-e "s/@@MATRIX_SHARED_SECRET@@/${MATRIX_SECRET_ESCAPED}/g" \
-e "s/@@KEYCLOAK_CLIENT_SECRET@@/${KC_SECRET_ESCAPED}/g" \
/etc/mas/config.yaml > /rendered/config.yaml
chmod 0644 /rendered/config.yaml
env:
- name: MAS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mas-db
key: password
- name: MATRIX_SHARED_SECRET
valueFrom:
secretKeyRef:
name: mas-secrets-runtime
key: matrix_shared_secret
- name: KEYCLOAK_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: mas-secrets-runtime
key: keycloak_client_secret
volumeMounts:
- name: mas-config
mountPath: /etc/mas/config.yaml
subPath: config.yaml
readOnly: true
- name: rendered
mountPath: /rendered
readOnly: false
containers:
- name: syn2mas-migrate
image: ghcr.io/element-hq/matrix-authentication-service:1.8.0
args:
- syn2mas
- migrate
- --config
- /rendered/config.yaml
- --synapse-config
- /synapse-config/homeserver.yaml
- --synapse-config
- /synapse-secret/config.yaml
- --synapse-database-uri
- "postgresql:"
env:
- name: PGHOST
value: postgres-service.postgres.svc.cluster.local
- name: PGPORT
value: "5432"
- name: PGDATABASE
value: synapse
- name: PGUSER
value: synapse
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: synapse-db
key: POSTGRES_PASSWORD
- name: PGSSLMODE
value: prefer
volumeMounts:
- name: rendered
mountPath: /rendered
readOnly: true
- name: synapse-config
mountPath: /synapse-config
readOnly: true
- name: synapse-secret
mountPath: /synapse-secret
readOnly: true
volumes:
- name: mas-config
configMap:
name: matrix-authentication-service-config
items:
- key: config.yaml
path: config.yaml
- name: rendered
emptyDir: {}
- name: synapse-config
configMap:
name: othrys-synapse-matrix-synapse
items:
- key: homeserver.yaml
path: homeserver.yaml
- name: synapse-secret
secret:
secretName: othrys-synapse-matrix-synapse
items:
- key: config.yaml
path: config.yaml