synapse/manifests/bin/deploy.sh
2024-05-15 23:47:04 +02:00

58 lines
1.8 KiB
Bash
Executable File

#!/bin/bash -e
set -o pipefail
function kapply() {
for f in "$@"; do
kubectl apply -f \
<(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
done
}
function kcreatesec() {
kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
}
function kcreatecm() {
kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
}
function kgseckey() {
local sec="$1"; shift
local key="$1"; shift
kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d
}
function kgcmkey() {
local cm="$1"; shift
local key="$1"; shift
kubectl get configmap "$cm" -o jsonpath="{.data.$key}"
}
function get_synapse_key() {
kgcmkey synapse 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32
}
kapply common/db.yaml
export POSTGRES_HOST; POSTGRES_HOST="$(kgseckey postgres-app host)"
export POSTGRES_PORT; POSTGRES_PORT="$(kgseckey postgres-app port)"
export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)"
export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)"
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"
export API_SECRET; API_SECRET="$(get_synapse_key macaroon_secret_key)"
export TURN_SHARED_SECRET; TURN_SHARED_SECRET="$(get_synapse_key turn_shared_secret)"
export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)"
kcreatecm synapse \
--from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < config/homeserver.yaml) \
--from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < config/log.config)
kapply common/keys.yaml common/app.yaml common/delegation.yaml
kubectl rollout restart deployment delegation
kubectl rollout restart statefulset app