Extend Dendrite Helm chart with some additional config options (#3077)

This set of changes introduces a few (compatible) changes to the Helm
chart:
- Allow PVC class to be set on each PVC, not only one-for-all.
- Allow Prometheus servicemonitor and rules labels to be empty.
- Have the option to generate the ingress (incl. TLS config) based on
dendrite_config.


* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off below using a legally
identifiable
name](https://matrix-org.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: Omar Pakker <[email protected]>

---------

Signed-off-by: Omar Pakker <[email protected]>
Co-authored-by: Till <[email protected]>

Author: Omar007

helm/dendrite/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: dendrite
-version: "0.12.3"
+version: "0.12.4"
 appVersion: "0.12.0"
 description: Dendrite Matrix Homeserver
 type: application

helm/dendrite/templates/ingress.yaml

@@ -1,32 +1,33 @@
 {{- if .Values.ingress.enabled -}}
-  {{- $fullName := include "dendrite.fullname" . -}}
-  {{- $svcPort := .Values.service.port -}}
-  {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
-  {{- end }}
-  {{- end }}
-  {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- $fullName := include "dendrite.fullname" . -}}
+{{- $serverNameHost := .Values.dendrite_config.global.server_name -}}
+{{- $wellKnownServerHost := default $serverNameHost (regexFind "^[^:]+" .Values.dendrite_config.global.well_known_server_name) -}}
+{{- $wellKnownClientHost := default $serverNameHost (regexFind "^[^:]+" .Values.dendrite_config.global.well_known_client_name) -}}
+{{- $allHosts := list $serverNameHost $wellKnownServerHost $wellKnownClientHost | uniq -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1
-  {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
-  {{- else -}}
+{{- else -}}
 apiVersion: extensions/v1beta1
-  {{- end }}
+{{- end }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}
   labels:
     {{- include "dendrite.labels" . | nindent 4 }}
   annotations:
+    {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+    kubernetes.io/ingress.class: {{ .Values.ingress.className }}
+    {{- end }}
     {{- with .Values.ingress.annotations }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
   {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
   ingressClassName: {{ .Values.ingress.className }}
   {{- end }}
-  {{- if .Values.ingress.tls }}
+  {{- if kindIs "slice" .Values.ingress.tls }}
   tls:
     {{- range .Values.ingress.tls }}
     - hosts:
@@ -35,8 +36,16 @@ spec:
         {{- end }}
       secretName: {{ .secretName }}
     {{- end }}
+  {{- else if .Values.ingress.tls.generate }}
+  tls:
+    - hosts:
+        {{- range $allHosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ $fullName }}-ingress-tls
   {{- end }}
   rules:
+    {{- if .Values.ingress.hostName }}
     - host: {{ .Values.ingress.hostName | quote }}
       http:
         paths:
@@ -47,9 +56,60 @@ spec:
               service:
                 name: {{ $fullName }}
                 port:
-                  number: {{ $svcPort }}
+                  name: http
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: http
+              {{- end }}
+    {{- else }}
+    - host: {{ $serverNameHost | quote }}
+      http:
+        paths:
+          - path: /.well-known/matrix
+            pathType: Prefix
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  name: http
               {{- else }}
               serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
+              servicePort: http
               {{- end }}
-  {{- end }}
+    - host: {{ $wellKnownServerHost | quote }}
+      http:
+        paths:
+          {{- range list "/_matrix/key" "/_matrix/federation" }}
+          - path: {{ . | quote }}
+            pathType: Prefix
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  name: http
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: http
+              {{- end }}
+          {{- end }}
+    - host: {{ $wellKnownClientHost | quote }}
+      http:
+        paths:
+          {{- range list "/_matrix/client" "/_matrix/media" }}
+          - path: {{ . | quote }}
+            pathType: Prefix
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  name: http
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: http
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}

helm/dendrite/templates/prometheus-rules.yaml

@@ -6,7 +6,9 @@ metadata:
   name: {{ include "dendrite.fullname" . }}
   labels:
     {{- include "dendrite.labels" . | nindent 4 }}
-    {{- toYaml .Values.prometheus.rules.labels | nindent 4 }}
+    {{- with .Values.prometheus.rules.labels }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
 spec:
   groups:
   {{- if .Values.prometheus.rules.additionalRules }}

helm/dendrite/templates/pvc.yaml

@@ -12,7 +12,7 @@ spec:
   resources:
     requests:
       storage: {{ .Values.persistence.media.capacity }}
-  storageClassName: {{ .Values.persistence.storageClass }}
+  storageClassName: {{ default .Values.persistence.storageClass .Values.persistence.media.storageClass }}
 {{ end }}
 {{ if not .Values.persistence.jetstream.existingClaim }}
 ---
@@ -28,7 +28,7 @@ spec:
   resources:
     requests:
       storage: {{ .Values.persistence.jetstream.capacity }}
-  storageClassName: {{ .Values.persistence.storageClass }}
+  storageClassName: {{ default .Values.persistence.storageClass .Values.persistence.jetstream.storageClass }}
 {{ end }}
 {{ if not .Values.persistence.search.existingClaim }}
 ---
@@ -44,5 +44,5 @@ spec:
   resources:
     requests:
       storage: {{ .Values.persistence.search.capacity }}
-  storageClassName: {{ .Values.persistence.storageClass }}
-{{ end }}
+  storageClassName: {{ default .Values.persistence.storageClass .Values.persistence.search.storageClass }}
+{{ end }}

helm/dendrite/templates/servicemonitor.yaml

@@ -9,7 +9,9 @@ metadata:
   name: {{ include "dendrite.fullname" . }}
   labels:
     {{- include "dendrite.labels" . | nindent 4 }}
-    {{- toYaml .Values.prometheus.servicemonitor.labels | nindent 4 }}
+    {{- with .Values.prometheus.servicemonitor.labels }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
 spec:
   endpoints:
     - port: http

helm/dendrite/values.yaml

@@ -19,29 +19,38 @@ signing_key:
 resources:
   requests:
     memory: "512Mi"
-
   limits:
     memory: "4096Mi"
 
 persistence:
-  # -- The storage class to use for volume claims. Defaults to the
-  # cluster default storage class.
+  # -- The storage class to use for volume claims.
+  # Used unless specified at the specific component.
+  # Defaults to the cluster default storage class.
   storageClass: ""
   jetstream:
     # -- Use an existing volume claim for jetstream
     existingClaim: ""
     # -- PVC Storage Request for the jetstream volume
     capacity: "1Gi"
+    # -- The storage class to use for volume claims.
+    # Defaults to persistence.storageClass
+    storageClass: ""
   media:
     # -- Use an existing volume claim for media files
     existingClaim: ""
     # -- PVC Storage Request for the media volume
     capacity: "1Gi"
+    # -- The storage class to use for volume claims.
+    # Defaults to persistence.storageClass
+    storageClass: ""
   search:
     # -- Use an existing volume claim for the fulltext search index
     existingClaim: ""
     # -- PVC Storage Request for the search volume
     capacity: "1Gi"
+    # -- The storage class to use for volume claims.
+    # Defaults to persistence.storageClass
+    storageClass: ""
 
 # -- Add additional volumes to the Dendrite Pod
 extraVolumes: []
@@ -50,7 +59,6 @@ extraVolumes: []
 #   secret:
 #     secretName: extra-config
 
-
 # -- Configure additional mount points volumes in the Dendrite Pod
 extraVolumeMounts: []
 # ex.
@@ -212,7 +220,6 @@ dendrite_config:
       # - msc2836    (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
       # - msc2946    (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
 
-
   app_service_api:
     # -- Disable the validation of TLS certificates of appservices. This is
     # not recommended in production since it may allow appservice traffic
@@ -359,14 +366,18 @@ postgresql:
     enabled: false
 
 ingress:
-  # -- Create an ingress for a monolith deployment
+  # -- Create an ingress for the deployment
   enabled: false
-  hosts: []
+  # -- The ingressClass to use. Will be converted to annotation if not yet supported.
   className: ""
-  hostName: ""
   # -- Extra, custom annotations
   annotations: {}
-
+  # -- The ingress hostname for your matrix server.
+  # Should align with the server_name and well_known_* hosts.
+  # If not set, generated from the dendrite_config values.
+  hostName: ""
+  # -- TLS configuration. Should contain information for the server_name and well-known hosts.
+  # Alternatively, set tls.generate=true to generate defaults based on the dendrite_config.
   tls: []
 
 service: