forked from hswaw/hscloud
matrix.hackerspace.pl: use external postgres
Change-Id: Ie0bb76a4200f905bfd0c065cde81283271f8397a Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1483 Reviewed-by: informatic <informatic@hackerspace.pl>
This commit is contained in:
parent
26a7f5bb56
commit
f262868753
4 changed files with 50 additions and 59 deletions
|
@ -212,6 +212,23 @@ local coturn = import "./coturn.libsonnet";
|
|||
authSecret: { secretKeyRef: { name: "coturn", key: "auth_secret" } },
|
||||
},
|
||||
},
|
||||
|
||||
postgres: {
|
||||
# Deploy on-cluster postgres: a postgres instance backed by Ceph.
|
||||
# Okay for tiny baby synapses, not okay for chonkers. If not
|
||||
# enabled, bring your own external postgres.
|
||||
enable: true,
|
||||
|
||||
# If not deploying on-cluster postgres, the following needs to be
|
||||
# set.
|
||||
host: error "host must be set with off-cluster postgres",
|
||||
username: "synapse",
|
||||
database: "synapse",
|
||||
port: 5432,
|
||||
# Default to the same password secret ref that is used for
|
||||
# on-cluster postgres.
|
||||
password: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
|
||||
},
|
||||
},
|
||||
|
||||
# DEPRECATED: this needs to be removed in favor of namespace.Contain() in
|
||||
|
@ -227,7 +244,8 @@ local coturn = import "./coturn.libsonnet";
|
|||
|
||||
namespace: kube.Namespace(cfg.namespace),
|
||||
|
||||
postgres3: postgres {
|
||||
postgres3: if cfg.postgres.enable then postgres {
|
||||
local psql = self,
|
||||
cfg+: {
|
||||
namespace: cfg.namespace,
|
||||
appName: "synapse",
|
||||
|
@ -239,13 +257,18 @@ local coturn = import "./coturn.libsonnet";
|
|||
storageSize: "100Gi",
|
||||
initdbArgs: "--encoding='UTF8' --lc-collate='C' --lc-ctype='C'",
|
||||
|
||||
# Doesn't influence postgres instance, but used by synapse
|
||||
# libsonnet. Do not override.
|
||||
port: psql.svc.port,
|
||||
host: psql.svc.host,
|
||||
|
||||
opts: {
|
||||
max_connections: "300",
|
||||
shared_buffers: "80MB",
|
||||
wal_level: "logical",
|
||||
},
|
||||
},
|
||||
},
|
||||
} else {},
|
||||
|
||||
redis: redis {
|
||||
cfg+: {
|
||||
|
@ -312,8 +335,13 @@ local coturn = import "./coturn.libsonnet";
|
|||
|
||||
synapse: synapse {
|
||||
ns: app.namespace,
|
||||
postgres: app.postgres3,
|
||||
redis: app.redis,
|
||||
postgres: if cfg.postgres.enable then app.postgres3 else {
|
||||
# If not using on-cluster postgres, pass the config postgres object
|
||||
# as the postgres object into the synapse lib. It's a bit ugly (we
|
||||
# should have some common 'config' type instead) but it's good
|
||||
# enough.
|
||||
cfg: cfg.postgres,
|
||||
}, redis: app.redis,
|
||||
appservices: app.appservices,
|
||||
cfg+: app.cfg {
|
||||
image: app.cfg.images.synapse,
|
||||
|
|
|
@ -117,7 +117,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
mountData: false,
|
||||
|
||||
resources: {
|
||||
requests: { cpu: "300m", memory: "1Gi" },
|
||||
requests: { cpu: "300m", memory: "2Gi" },
|
||||
limits: { cpu: "1500m", memory: "2Gi" },
|
||||
},
|
||||
},
|
||||
|
@ -158,7 +158,13 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
SYNAPSE_MACAROON_SECRET_KEY: cfg.macaroonSecretKey,
|
||||
SYNAPSE_REGISTRATION_SHARED_SECRET: cfg.registrationSharedSecret,
|
||||
WORKER_REPLICATION_SECRET: cfg.workerReplicationSecret,
|
||||
|
||||
POSTGRES_PASSWORD: app.postgres.cfg.password,
|
||||
POSTGRES_USER: app.postgres.cfg.username,
|
||||
POSTGRES_DB: app.postgres.cfg.database,
|
||||
POSTGRES_HOST: app.postgres.cfg.host,
|
||||
POSTGRES_PORT: app.postgres.cfg.port,
|
||||
|
||||
REDIS_PASSWORD: app.redis.cfg.password,
|
||||
POD_NAME: { fieldRef: { fieldPath: "metadata.name" } },
|
||||
OIDC_CLIENT_SECRET: if cfg.oidc.enable then cfg.oidc.config.client_secret else "",
|
||||
|
@ -322,7 +328,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/",
|
||||
"/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)",
|
||||
"/_matrix/client/(api/v1|r0|v3|unstable)/join/",
|
||||
"/_matrix/client/(api/v1|r0|v3|unstable)/profile/",
|
||||
"/_matrix/client/(api/v1|r0|v3|unstable)/profile/"
|
||||
|
||||
# These need to be handled by stream writers, not supported yet
|
||||
# "/_matrix/client/(r0|v3|unstable)/sendToDevice/",
|
||||
|
|
|
@ -8,11 +8,11 @@ database:
|
|||
name: "psycopg2"
|
||||
allow_unsafe_locale: true
|
||||
args:
|
||||
user: "synapse"
|
||||
user: "$(POSTGRES_USER)"
|
||||
password: "$(POSTGRES_PASSWORD)"
|
||||
database: "synapse"
|
||||
host: "waw3-postgres"
|
||||
port: "5432"
|
||||
database: "$(POSTGRES_DB)"
|
||||
host: "$(POSTGRES_HOST)"
|
||||
port: "$(POSTGRES_PORT)"
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@ matrix {
|
|||
},
|
||||
db+: {
|
||||
password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""),
|
||||
host: "bc01n05.hswaw.net",
|
||||
},
|
||||
},
|
||||
coturn+: {
|
||||
|
@ -44,6 +45,11 @@ matrix {
|
|||
loadBalancerIP: "185.236.240.59",
|
||||
},
|
||||
},
|
||||
|
||||
postgres+: {
|
||||
enable: false,
|
||||
host: "bc01n05.hswaw.net",
|
||||
},
|
||||
},
|
||||
|
||||
riot+: {
|
||||
|
@ -91,55 +97,6 @@ matrix {
|
|||
},
|
||||
},
|
||||
|
||||
// Bump up storage to 200Gi from default 100Gi, use different name. The
|
||||
// new name corresponds to a manually migrated and sized-up PVC that
|
||||
// contains data from the original waw3-postgres PVC.
|
||||
postgres3+: {
|
||||
local psql = self,
|
||||
volumeClaim+: {
|
||||
metadata+: {
|
||||
name: "waw3-postgres-2",
|
||||
},
|
||||
spec+: {
|
||||
resources+: {
|
||||
requests+: {
|
||||
storage: "200Gi",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
tempVC: kube.PersistentVolumeClaim(psql.makeName("tempvc")) {
|
||||
metadata+: psql.metadata,
|
||||
spec+: {
|
||||
storageClassName: psql.cfg.storageClassName,
|
||||
accessModes: [ "ReadWriteOnce" ],
|
||||
resources: {
|
||||
requests: {
|
||||
storage: "200Gi",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
deployment+: {
|
||||
spec+: {
|
||||
template+: {
|
||||
spec+: {
|
||||
volumes_+: {
|
||||
temp: kube.PersistentVolumeClaimVolume(psql.tempVC),
|
||||
},
|
||||
containers_+: {
|
||||
postgres+: {
|
||||
volumeMounts_+: {
|
||||
temp: { mountPath: "/mnt/tmp/" },
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
appservices: {
|
||||
"irc-freenode": irc.AppServiceIrc("freenode") {
|
||||
cfg+: {
|
||||
|
|
Loading…
Reference in a new issue