diff --git a/config/crd/element-deployment/replacements/starter-core/synapse.yaml b/config/crd/element-deployment/replacements/starter-core/synapse.yaml index ba49dc1..97e2d6f 100644 --- a/config/crd/element-deployment/replacements/starter-core/synapse.yaml +++ b/config/crd/element-deployment/replacements/starter-core/synapse.yaml @@ -1,4 +1,4 @@ -# Copyright 2023 New Vector Ltd +# Copyright 2023-2024 New Vector Ltd # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -32,13 +32,15 @@ spec: description: A configmap name media: type: object - default: {} + default: + volume: + size: 50Gi properties: volume: type: object + description: The volume holding media default: size: 50Gi - description: The volume holding media oneOf: - required: - size diff --git a/helm/operator/Chart.yaml b/helm/operator/Chart.yaml index 42e5985..f23f9c6 100644 --- a/helm/operator/Chart.yaml +++ b/helm/operator/Chart.yaml @@ -20,9 +20,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.17.20 +version: 2.17.21 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 2.17.20 +appVersion: 2.17.21 diff --git a/helm/operator/fragments/Deployment-conversion-webhook.yaml b/helm/operator/fragments/Deployment-conversion-webhook.yaml index d064567..6f5d3a1 100644 --- a/helm/operator/fragments/Deployment-conversion-webhook.yaml +++ b/helm/operator/fragments/Deployment-conversion-webhook.yaml @@ -48,10 +48,12 @@ spec: - containerPort: 7443 name: webhook-server protocol: TCP +{{- if $.Values.crds.conversionWebhook.tlsSecretName }} volumeMounts: - - mountPath: /k8s-webhook-server/serving-certs + - mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-cert readOnly: true +{{- end }} livenessProbe: httpGet: scheme: HTTPS @@ -73,9 +75,9 @@ spec: initialDelaySeconds: 5 args: - --tls-cert-file - - /k8s-webhook-server/serving-certs/tls.crt + - /tmp/k8s-webhook-server/serving-certs/tls.crt - --tls-private-key-file - - /k8s-webhook-server/serving-certs/tls.key + - /tmp/k8s-webhook-server/serving-certs/tls.key - --port - "7443" {{- with $.Values.crds.conversionWebhook.resources }} @@ -87,9 +89,11 @@ spec: {{- end }} serviceAccountName: '{{ include "__CHART_FUNCTIONS_NAMESPACE__.conversionWebhookFullname" . }}' terminationGracePeriodSeconds: 10 +{{- if $.Values.crds.conversionWebhook.tlsSecretName }} volumes: - name: webhook-cert secret: defaultMode: 420 secretName: {{ tpl $.Values.crds.conversionWebhook.tlsSecretName . }} -{{ end }} \ No newline at end of file +{{- end }} +{{ end }} diff --git a/helm/operator/templates/deployment-conversion-webhook.yaml b/helm/operator/templates/deployment-conversion-webhook.yaml index 7ecaf22..89299d9 100644 --- a/helm/operator/templates/deployment-conversion-webhook.yaml +++ b/helm/operator/templates/deployment-conversion-webhook.yaml @@ -48,10 +48,12 @@ spec: - containerPort: 7443 name: webhook-server protocol: TCP +{{- if $.Values.crds.conversionWebhook.tlsSecretName }} volumeMounts: - - mountPath: /k8s-webhook-server/serving-certs + - mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-cert readOnly: true +{{- end }} livenessProbe: httpGet: scheme: HTTPS @@ -73,9 +75,9 @@ spec: initialDelaySeconds: 5 args: - --tls-cert-file - - /k8s-webhook-server/serving-certs/tls.crt + - /tmp/k8s-webhook-server/serving-certs/tls.crt - --tls-private-key-file - - /k8s-webhook-server/serving-certs/tls.key + - /tmp/k8s-webhook-server/serving-certs/tls.key - --port - "7443" {{- with $.Values.crds.conversionWebhook.resources }} @@ -87,9 +89,11 @@ spec: {{- end }} serviceAccountName: '{{ include "elementOperator.conversionWebhookFullname" . }}' terminationGracePeriodSeconds: 10 +{{- if $.Values.crds.conversionWebhook.tlsSecretName }} volumes: - name: webhook-cert secret: defaultMode: 420 secretName: {{ tpl $.Values.crds.conversionWebhook.tlsSecretName . }} -{{ end }} \ No newline at end of file +{{- end }} +{{ end }} diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml index 83c4551..12418c7 100644 --- a/helm/operator/values.yaml +++ b/helm/operator/values.yaml @@ -34,7 +34,7 @@ crds: imagePullPolicy: Always image: repository: docker.io/vectorim/ess-core-operator-conversion-webhook - tag: 2.17.20 + tag: 2.17.21 operator: extraPodSpec: @@ -69,7 +69,7 @@ operator: imagePullPolicy: Always image: repository: docker.io/vectorim/ess-core-operator - tag: 2.17.20 + tag: 2.17.21 rbacProxy: resources: diff --git a/helm/updater/Chart.yaml b/helm/updater/Chart.yaml index 362f902..4e8db46 100644 --- a/helm/updater/Chart.yaml +++ b/helm/updater/Chart.yaml @@ -20,9 +20,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.17.20 +version: 2.17.21 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 2.17.20 +appVersion: 2.17.21 diff --git a/helm/updater/templates/customresourcedefinition-elementdeployment.yaml b/helm/updater/templates/customresourcedefinition-elementdeployment.yaml index f774331..39239de 100644 --- a/helm/updater/templates/customresourcedefinition-elementdeployment.yaml +++ b/helm/updater/templates/customresourcedefinition-elementdeployment.yaml @@ -1375,7 +1375,9 @@ spec: description: The key of the k8s secret containing Synapse Macaroon type: string media: - default: {} + default: + volume: + size: 50Gi properties: volume: default: @@ -4028,7 +4030,9 @@ spec: description: The key of the k8s secret containing Synapse Macaroon type: string media: - default: {} + default: + volume: + size: 50Gi properties: volume: default: diff --git a/helm/updater/templates/deployment-conversion-webhook.yaml b/helm/updater/templates/deployment-conversion-webhook.yaml index 0545849..5e98b5c 100644 --- a/helm/updater/templates/deployment-conversion-webhook.yaml +++ b/helm/updater/templates/deployment-conversion-webhook.yaml @@ -48,10 +48,12 @@ spec: - containerPort: 7443 name: webhook-server protocol: TCP +{{- if $.Values.crds.conversionWebhook.tlsSecretName }} volumeMounts: - - mountPath: /k8s-webhook-server/serving-certs + - mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-cert readOnly: true +{{- end }} livenessProbe: httpGet: scheme: HTTPS @@ -73,9 +75,9 @@ spec: initialDelaySeconds: 5 args: - --tls-cert-file - - /k8s-webhook-server/serving-certs/tls.crt + - /tmp/k8s-webhook-server/serving-certs/tls.crt - --tls-private-key-file - - /k8s-webhook-server/serving-certs/tls.key + - /tmp/k8s-webhook-server/serving-certs/tls.key - --port - "7443" {{- with $.Values.crds.conversionWebhook.resources }} @@ -87,9 +89,11 @@ spec: {{- end }} serviceAccountName: '{{ include "elementUpdater.conversionWebhookFullname" . }}' terminationGracePeriodSeconds: 10 +{{- if $.Values.crds.conversionWebhook.tlsSecretName }} volumes: - name: webhook-cert secret: defaultMode: 420 secretName: {{ tpl $.Values.crds.conversionWebhook.tlsSecretName . }} -{{ end }} \ No newline at end of file +{{- end }} +{{ end }} diff --git a/helm/updater/values.yaml b/helm/updater/values.yaml index 956bf56..d5cf24a 100644 --- a/helm/updater/values.yaml +++ b/helm/updater/values.yaml @@ -34,7 +34,7 @@ crds: imagePullPolicy: Always image: repository: docker.io/vectorim/ess-core-updater-conversion-webhook - tag: 2.17.20 + tag: 2.17.21 updater: extraPodSpec: @@ -69,7 +69,7 @@ updater: - ALL image: repository: docker.io/vectorim/ess-core-updater - tag: 2.17.20 + tag: 2.17.21 rbacProxy: resources: diff --git a/roles/elementdeployment/files/elementdeployment-schema.yaml b/roles/elementdeployment/files/elementdeployment-schema.yaml index c272935..15ff7b6 100644 --- a/roles/elementdeployment/files/elementdeployment-schema.yaml +++ b/roles/elementdeployment/files/elementdeployment-schema.yaml @@ -1370,7 +1370,9 @@ spec: description: The key of the k8s secret containing Synapse Macaroon type: string media: - default: {} + default: + volume: + size: 50Gi properties: volume: default: @@ -4023,7 +4025,9 @@ spec: description: The key of the k8s secret containing Synapse Macaroon type: string media: - default: {} + default: + volume: + size: 50Gi properties: volume: default: diff --git a/roles/generic_apply/tasks/main.yml b/roles/generic_apply/tasks/main.yml index 6ac0085..99d75cf 100644 --- a/roles/generic_apply/tasks/main.yml +++ b/roles/generic_apply/tasks/main.yml @@ -55,6 +55,7 @@ - ("in body must be of type object:" not in result.msg) - ("updates to statefulset spec for fields other than" not in result.msg) - ("missing metadata in converted object" not in result.msg) + - '("MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable" not in result.msg)' - name: "Maintain resources that risk to not support recreation" kubernetes.core.k8s: