pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

feat: add mas

Browse source
This commit is contained in:
Tommy 2024-04-12 16:28:52 +02:00
parent 8322a356f7
commit 5869dcecae
No known key found for this signature in database
8 changed files with 287 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
charts/matrix-authentication-service/Chart.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: v2
name: matrix-authentication-service
description: OAuth 2.0 and OpenID Provider for Matrix Homeservers (MSC3861)
icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4
type: application
version: 0.1.0
# renovate: image=ghcr.io/matrix-org/matrix-authentication-service
appVersion: "0.9.0"
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me
keywords:
- kubernetes
- matrix
- authentication
- elementx
- service
sources:
- https://github.com/matrix-org/matrix-authentication-service

30
charts/matrix-authentication-service/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,30 @@
# Define a template for the chart's full name.
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "matrix-authentication-service.fullname" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end }}
# Define a template for standard labels.
{{/*
Common labels
*/}}
{{- define "matrix-authentication-service.labels" -}}
helm.sh/chart: {{ include "matrix-authentication-service.chart" . }}
app.kubernetes.io/name: {{ include "matrix-authentication-service.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.Version | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
# Define a template for the chart name and version.
{{/*
Generate basic labels
*/}}
{{- define "matrix-authentication-service.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" -}}
{{- end }}
# Optionally, add more helper templates as needed.

102
charts/matrix-authentication-service/templates/deployment.yaml Normal file
View file

@ -0,0 +1,102 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "matrix-authentication-service.fullname" . }}
labels:
{{- include "matrix-authentication-service.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ include "matrix-authentication-service.fullname" . }}
template:
metadata:
labels:
app: {{ include "matrix-authentication-service.fullname" . }}
spec:
serviceAccountName: {{ include "matrix-authentication-service.fullname" . }}
initContainers:
- name: database-migrate
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- with .Values.image }}
image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
{{- end }}
env:
- name: "MAS_CONFIG"
value: "/etc/mas-config.yaml"
command:
- /usr/local/bin/mas-cli
- database
- migrate
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: config
mountPath: "/etc/mas-config.yaml"
subPath: "mas-config.yaml"
readOnly: true
- name: config-sync
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- with .Values.image }}
image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
{{- end }}
env:
- name: "MAS_CONFIG"
value: "/etc/mas-config.yaml"
command:
- /usr/local/bin/mas-cli
- config
- sync
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: config
mountPath: "/etc/mas-config.yaml"
subPath: "mas-config.yaml"
readOnly: true
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- with .Values.image }}
image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
{{- end }}
env:
- name: "MAS_CONFIG"
value: "/etc/mas-config.yaml"
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: internal
containerPort: 8081
protocol: TCP
- name: metrics
containerPort: 9100
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: config
mountPath: "/etc/mas-config.yaml"
subPath: "mas-config.yaml"
readOnly: true
volumes:
- name: config
secret:
secretName: {{ .Values.existingSecretConfigMap }}
items:
- key: "config.yaml"
path: "mas-config.yaml"

13
charts/matrix-authentication-service/templates/service.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "matrix-authentication-service.fullname" . }}
labels:
{{- include "matrix-authentication-service.labels" . | nindent 4 }}
spec:
selector:
app: {{ include "matrix-authentication-service.fullname" . }}
ports:
- port: 8080
targetPort: 8080

7
charts/matrix-authentication-service/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "matrix-authentication-service.fullname" . }}
labels:
{{- include "matrix-authentication-service.labels" . | nindent 4 }}

18
charts/matrix-authentication-service/templates/servicemonitor.yaml Normal file
View file

@ -0,0 +1,18 @@
{{- if .Values.prometheus.servicemonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "matrix-authentication-service.fullname" . }}
labels:
{{- include "matrix-authentication-service.labels" . | nindent 4 }}
{{- with .Values.prometheus.servicemonitor.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "matrix-authentication-service.selectorLabels" . | nindent 6 }}
endpoints:
- port: metrics
path: "/metrics"
{{- end }}

49
charts/matrix-authentication-service/tests/values.yaml Normal file
View file

@ -0,0 +1,49 @@
nameOverride: ""
fullnameOverride: ""
existingSecretConfigMap: matrix-authentication-service-secret
image:
registry: ghcr.io
repository: matrix-org/matrix-authentication-service
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion.
tag:
replicaCount: 1
podAnnotations: {}
podLabels: {}
podSecurityContext:
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
livenessProbe:
httpGet:
port: internal
path: /health
readinessProbe:
httpGet:
port: internal
path: /health
prometheus:
servicemonitor:
enabled: false
labels: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi

49
charts/matrix-authentication-service/values.yaml Normal file
View file

@ -0,0 +1,49 @@
nameOverride: ""
fullnameOverride: ""
existingSecretConfigMap: matrix-authentication-service-secret
image:
registry: ghcr.io
repository: matrix-org/matrix-authentication-service
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion.
tag:
replicaCount: 1
podAnnotations: {}
podLabels: {}
podSecurityContext:
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
livenessProbe:
httpGet:
port: internal
path: /health
readinessProbe:
httpGet:
port: internal
path: /health
prometheus:
servicemonitor:
enabled: false
labels: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi