Add matrix-media-repo chart

charts/matrix-media-repo/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/matrix-media-repo/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 8.9.9
+digest: sha256:96236bac2038bcac3b3d763400f66e8fba617db3b6ea539e1323a0b641b17bcb
+generated: "2020-08-10T13:39:11.874887873+02:00"

charts/matrix-media-repo/Chart.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v2
+name: matrix-media-repo
+description: Matrix media repository with multi-domain in mind.
+appVersion: 1.2.0
+
+type: application
+version: 0.1.0
+maintainers:
+  - name: Alexander Olofsson
+    email: ace@haxalot.com
+
+dependencies:
+  - name: postgresql
+    version: ~8.9.4
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.enabled

charts/matrix-media-repo/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "matrix-media-repo.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "matrix-media-repo.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "matrix-media-repo.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "matrix-media-repo.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

charts/matrix-media-repo/templates/_helpers.tpl

@@ -0,0 +1,148 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "matrix-media-repo.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "matrix-media-repo.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "matrix-media-repo.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Get the correct image tag name
+*/}}
+{{- define "matrix-media-repo.imageTag" -}}
+{{- .Values.image.tag | default (printf "v%s" .Chart.AppVersion) -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "matrix-media-repo.labels" -}}
+helm.sh/chart: {{ include "matrix-media-repo.chart" . }}
+{{ include "matrix-media-repo.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "matrix-media-repo.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "matrix-media-repo.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "matrix-media-repo.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "matrix-media-repo.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "matrix-media-repo.postgresql.fullname" -}}
+{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Set postgres host
+*/}}
+{{- define "matrix-media-repo.postgresql.host" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- template "matrix-media-repo.postgresql.fullname" . -}}
+{{- else -}}
+{{ required "A valid externalPostgresql.host is required" .Values.externalPostgresql.host }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgres secret
+*/}}
+{{- define "matrix-media-repo.postgresql.secret" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- template "matrix-media-repo.postgresql.fullname" . -}}
+{{- else -}}
+{{- template "matrix-media-repo.fullname" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgres port
+*/}}
+{{- define "matrix-media-repo.postgresql.port" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- if .Values.postgresql.service -}}
+{{- default 5432 .Values.postgresql.service.port }}
+{{- else -}}
+5432
+{{- end -}}
+{{- else -}}
+{{- required "A valid externalPostgresql.port is required" .Values.externalPostgresql.port -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgresql username
+*/}}
+{{- define "matrix-media-repo.postgresql.username" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- default "postgres" .Values.postgresql.postgresqlUsername }}
+{{- else -}}
+{{ required "A valid externalPostgresql.username is required" .Values.externalPostgresql.username }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgresql password
+*/}}
+{{- define "matrix-media-repo.postgresql.password" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- default "" .Values.postgresql.postgresqlPassword }}
+{{- else -}}
+{{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgresql database
+*/}}
+{{- define "matrix-media-repo.postgresql.database" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- default "synapse" .Values.postgresql.postgresqlDatabase }}
+{{- else -}}
+{{ required "A valid externalPostgresql.database is required" .Values.externalPostgresql.database }}
+{{- end -}}
+{{- end -}}

charts/matrix-media-repo/templates/configuration.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "matrix-media-repo.fullname" . }}
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+data:
+  00-media-repo.yaml: |
+    repo:
+      bindAddress: '0.0.0.0'
+      port: 8000
+      logDirectory: '-'
+
+    metrics:
+      enabled: true
+      bindAddress: '0.0.0.0'
+      port: 9000
+
+  01-config.yaml: |
+    {{- .Values.config | toYaml | nindent 4 }}
+
+{{- range $domain, $config := .Values.homeservers }}
+  02-{{ $domain | replace "." "-" }}.yaml: |
+    homeserver: {{ $domain }}
+    {{- $config | toYaml | nindent 4 }}
+
+{{- end }}

charts/matrix-media-repo/templates/deployment.yaml

@@ -0,0 +1,99 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "matrix-media-repo.fullname" . }}
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+spec:
+{{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+{{- end }}
+  selector:
+    matchLabels:
+      {{- include "matrix-media-repo.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") $ | sha256sum }}
+    {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      labels:
+        {{- include "matrix-media-repo.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "matrix-media-repo.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          command:
+            - sh
+            - -c
+            - |
+              (
+                while true; do
+                  cp -u /config/secrets/* /config/config/* /config/combined/
+                  sleep 30
+                done
+              ) &
+
+              REPO_CONFIG=/config/combined media_repo
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ include "matrix-media-repo.imageTag" . }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /config/combined
+              name: empty
+            - mountPath: /config/config
+              name: config
+            - mountPath: /config/secrets
+              name: secrets
+            - mountPath: /media
+              name: data
+      volumes:
+        - name: empty
+          emptyDir: {}
+        - name: config
+          configMap:
+            name: {{ include "matrix-media-repo.fullname" . }}
+        - name: secrets
+          secret:
+            secretName: {{ include "matrix-media-repo.fullname" . }}
+        - name: data
+      {{- if or .Values.persistence.enabled .Values.persistence.existingClaim }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim | default (include "matrix-media-repo.fullname" .) }}
+      {{- else }}
+          emptyDir: {}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/matrix-media-repo/templates/hpa.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "matrix-media-repo.fullname" . }}
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "matrix-media-repo.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+{{- end }}

charts/matrix-media-repo/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "matrix-media-repo.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+  {{- end }}

charts/matrix-media-repo/templates/pvc.yaml

@@ -0,0 +1,21 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "matrix-media-repo.fullname" . }}
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+  {{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+  {{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+  {{- end }}
+{{- end }}
+{{- end -}}

charts/matrix-media-repo/templates/secrets.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "matrix-media-repo.fullname" . }}
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+stringData:
+  00-database.yaml: |
+    database:
+{{- $sslmode := "" }}
+{{- if or .Values.postgresql.sslMode .Values.externalPostgresql.sslMode }}
+  {{- $sslmode = printf "?sslmode=%s" (.Values.postgresql.sslMode | default .Values.externalPostgresql.sslMode) }}
+{{- end }}
+      postgres: "postgres://{{ include "matrix-media-repo.postgresql.username" . }}:{{ required "A password must be provided for Postgres" (include "matrix-media-repo.postgresql.password" .) }}@{{ include "matrix-media-repo.postgresql.host" . }}/{{ include "matrix-media-repo.postgresql.database" . }}{{ $sslmode }}"
+

charts/matrix-media-repo/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "matrix-media-repo.fullname" . }}
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "matrix-media-repo.selectorLabels" . | nindent 4 }}

charts/matrix-media-repo/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "matrix-media-repo.serviceAccountName" . }}
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/matrix-media-repo/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "matrix-media-repo.fullname" . }}-test-connection"
+  labels:
+    {{- include "matrix-media-repo.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "matrix-media-repo.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

charts/matrix-media-repo/values.yaml

@@ -0,0 +1,147 @@
+---
+replicaCount: 1
+
+image:
+  repository: turt2live/matrix-media-repo
+  pullPolicy: IfNotPresent
+  # tag: ""
+
+imagePullSecrets: []
+# nameOverride: ""
+# fullnameOverride: ""
+
+## Global configuration
+## Ref: https://github.com/turt2live/matrix-media-repo/blob/master/config.sample.yaml
+##
+config:
+  datastores:
+    - type: file
+      enabled: true
+      forKinds: ["thumbnails", "remote_media", "local_media", "archives"]
+      opts:
+        path: /media
+#
+#   - type: s3
+#     enabled: true
+#     forKinds: ["thumbnails", "remote_media", "local_media", "archives"]
+#     opts:
+#       tempPath: "/tmp/mediarepo_s3_upload"
+#       endpoint: sfo2.digitaloceanspaces.com
+#       accessKeyId: ""
+#       accessSecret: ""
+#       ssl: true
+#       bucketName: "your-media-bucket"
+#       region: "sfo2"
+#
+# admins:
+#   - "@user:example.org"
+#
+# featureSupport:
+#   MSC2448:
+#     enabled: true
+
+## Per-domain configuration
+## Ref: https://github.com/turt2live/matrix-media-repo/blob/master/docs/config.md
+##
+homeservers: {}
+# example.org:
+#   csApi: 'https://example.org'
+#   backoffAt: 10
+#   adminApiKind: 'matrix'
+#   identicons:
+#     enabled: false
+
+## Media persistence
+## Can be disabled if no datastore uses it
+##
+persistence:
+  enabled: true
+
+  # existingClaim: matrix-media-repo
+  # storageClass: "-"
+  accessMode: ReadWriteOnce
+  size: 16Gi
+
+
+## This configuration is for setting up the internally provided Postgres server,
+## if you instead want to use an existing server, then you may want to set
+## enabled to false and configure the externalPostgresql block.
+##
+postgresql:
+  enabled: true
+
+  postgresqlUsername: matrix-media-repo
+  postgresqlDatabase: matrix-media-repo
+
+  persistence:
+    size: 16G
+
+## An externally configured Postgres server
+##
+externalPostgresql:
+  # host: postgres
+  port: 5432
+  username: matrix-media-repo
+  # password: matrix-media-repo
+  database: matrix-media-repo
+  # sslMode: require
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths: []
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # limits:
+  #   cpu: 250m
+  #   memory: 512Mi
+  # requests:
+  #   cpu: 250m
+  #   memory: 512Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 4
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}