This commit is contained in:
Tommy 2023-10-28 08:28:23 +02:00
parent bb0c39d7fc
commit f853ec0874
20 changed files with 30 additions and 691 deletions

View file

@ -10,10 +10,15 @@ Minimal charts built for use with my deployments based on Flux.
A simplified version of ananace chart, implementing secrets for PostgreSQL as well.
**** [[charts/matrix-media-repo][Matrix Media Repo]]
**** [[charts/matrix-synapse][Matrix Synapse]]
**** [[charts/synatainer][Synatainer]]
**** [[charts/sliding-sync-proxy][Matrix Sliding Sync / Sync v3 proxy]]
**** [[][Attic]]
[[https://github.com/zhaofengli/attic][Attic]] (introduction post [[https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343][here]]) is a Nix Binary Cache server that
reduces the time to compile and distribute builds.
docker pull ghcr.io/zhaofengli/attic:b43d12082e34bceb26038bdad0438fd68804cfcd
*** Usage

12
charts/attic/Chart.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: v2
name: attic-repo
description: A Nix binary caching server
appVersion: b43d12
type: application
version: 0.5
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -7,8 +7,9 @@ replicaCount: 1
##
image:
repository: turt2live/matrix-media-repo
repository: zhaofengli/attic
pullPolicy: IfNotPresent
# tag: ""
tag: b43d12082e34bceb26038bdad0438fd68804cfcd
imagePullSecrets: []
# nameOverride: ""
@ -20,7 +21,7 @@ imagePullSecrets: []
config:
datastores:
- type: file
id: "examplefile"
id: "artefacts"
forKinds: ["thumbnails", "remote_media", "local_media", "archives"]
opts:
path: /media
@ -36,16 +37,6 @@ config:
# ssl: true
# bucketName: "your-media-bucket"
# region: "sfo2"
#
# admins:
# - "@user:example.org"
#
# featureSupport:
# MSC2448:
# enabled: true
# sentry:
# enabled: true
# dsn: "https://examplekey@ingest.sentry.io/0"
## For setting extra parameters on the repo block, separated to avoid breaking
## the defaults when merging multiple configurations.
@ -81,64 +72,6 @@ persistence:
size: 16Gi
## This configuration is for setting up the internally provided Postgres server,
## if you instead want to use an existing server, then you may want to set
## enabled to false and configure the externalPostgresql block.
##
postgresql:
enabled: true
auth:
username: matrix_media_repo
database: matrix_media_repo
persistence:
size: 16G
## An externally configured Postgres server.
##
externalPostgresql:
# host: postgres
port: 5432
username: matrix_media_repo
# password:
database: matrix_media_repo
# sslMode: require
redis:
enabled: false
auth:
enabled: true
# XXX Change me!
password: media-repo
architecture: standalone
master:
persistence:
## Note that Synapse only uses redis as a synchronization utility, so no
## data will ever need to be persisted.
##
enabled: false
service:
port: 6379
statefulset:
updateStrategy: RollingUpdate
## An externally configured Redis server to use for workers/sharding.
##
externalRedis:
# host: redis
port: 6379
# password: media-repo
# database: 0
## The name of an existing secret with redis credentials
#existingSecret: redis-secrets
## Password key to be retrieved from existing secret
#existingSecretPasswordKey: redis-password
## Configures an application-specific service account.
##
serviceAccount:
@ -176,27 +109,6 @@ service:
port: 80
annotations: {}
## Ingress configuration.
##
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
## Set the name of the IngressClass cluster resource (optional)
## https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec
# className: can-be-anything
## Resource configuration for the application.
##
resources: {}
# limits:
# cpu: 250m
@ -205,16 +117,6 @@ resources: {}
# cpu: 250m
# memory: 512Mi
## Configure auto-scaling for the application.
## NB; Make sure to read all relevant documentation before playing with this.
##
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 4
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## Configure a PodMonitor definition for the application.
## Requires the Prometheus Operator
##
@ -224,22 +126,8 @@ podmonitor:
## Otherwise uses the default setting set in prometheus
# interval: 30s
## Node selectors to use when deploying the application.
##
nodeSelector: {}
## Tolerations to apply to the application.
##
tolerations: []
## Affinities to set on the application.
##
affinity: {}
## Deployment annotations
##
annotations: {}
## Deployment labels
##
labels: {}

3
charts/index.yaml Normal file
View file

@ -0,0 +1,3 @@
apiVersion: v1
entries: {}
generated: "2023-10-26T06:39:11.079729+02:00"

View file

@ -1,25 +0,0 @@
---
apiVersion: v2
name: matrix-media-repo
description: |
Matrix media repository with multi-domain in mind.
NB; Before updating the Chart to 3.0.0, make sure to read
https://docs.t2bot.io/matrix-media-repo/upgrading/130.html
appVersion: 1.3.2
type: application
version: 3.0.1
maintainers:
- name: Alexander Olofsson
email: ace@haxalot.com
dependencies:
- name: postgresql
version: ^12.1.4
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: redis
version: ^17.3.17
repository: https://charts.bitnami.com/bitnami
condition: redis.enabled

View file

@ -1,13 +0,0 @@
Copyright 2021 Alexander Olofsson
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View file

@ -1,207 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "matrix-media-repo.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "matrix-media-repo.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "matrix-media-repo.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Get the correct image tag name
*/}}
{{- define "matrix-media-repo.imageTag" -}}
{{- .Values.image.tag | default (printf "v%s" .Chart.AppVersion) -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "matrix-media-repo.labels" -}}
helm.sh/chart: {{ include "matrix-media-repo.chart" . }}
{{ include "matrix-media-repo.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "matrix-media-repo.selectorLabels" -}}
app.kubernetes.io/name: {{ include "matrix-media-repo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "matrix-media-repo.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "matrix-media-repo.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "matrix-media-repo.postgresql.fullname" -}}
{{- $name := .Values.postgresql.nameOverride | default "postgresql" -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Set postgres host
*/}}
{{- define "matrix-media-repo.postgresql.host" -}}
{{- if .Values.postgresql.enabled -}}
{{- template "matrix-media-repo.postgresql.fullname" . -}}
{{- else -}}
{{ required "A valid externalPostgresql.host is required" .Values.externalPostgresql.host }}
{{- end -}}
{{- end -}}
{{/*
Set postgres secret
*/}}
{{- define "matrix-media-repo.postgresql.secret" -}}
{{- if .Values.postgresql.enabled -}}
{{- template "matrix-media-repo.postgresql.fullname" . -}}
{{- else -}}
{{- template "matrix-media-repo.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Set postgres port
*/}}
{{- define "matrix-media-repo.postgresql.port" -}}
{{- if .Values.postgresql.enabled -}}
{{- if .Values.postgresql.service -}}
{{- .Values.postgresql.service.port | default 5432 }}
{{- else -}}
5432
{{- end -}}
{{- else -}}
{{- required "A valid externalPostgresql.port is required" .Values.externalPostgresql.port -}}
{{- end -}}
{{- end -}}
{{/*
Set postgresql username
*/}}
{{- define "matrix-media-repo.postgresql.username" -}}
{{- if .Values.postgresql.enabled -}}
{{- .Values.postgresql.auth.username | default "postgres" }}
{{- else -}}
{{ required "A valid externalPostgresql.username is required" .Values.externalPostgresql.username }}
{{- end -}}
{{- end -}}
{{/*
Set postgresql password
*/}}
{{- define "matrix-media-repo.postgresql.password" -}}
{{- if .Values.postgresql.enabled -}}
{{- .Values.postgresql.auth.password | default "" }}
{{- else -}}
{{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }}
{{- end -}}
{{- end -}}
{{/*
Set postgresql database
*/}}
{{- define "matrix-media-repo.postgresql.database" -}}
{{- if .Values.postgresql.enabled -}}
{{- .Values.postgresql.auth.database | default "synapse" }}
{{- else -}}
{{ required "A valid externalPostgresql.database is required" .Values.externalPostgresql.database }}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "matrix-media-repo.redis.fullname" -}}
{{- $name := .Values.redis.nameOverride | default "redis" -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Set redis host
*/}}
{{- define "matrix-media-repo.redis.host" -}}
{{- if .Values.redis.enabled -}}
{{- printf "%s-%s" (include "matrix-media-repo.redis.fullname" .) "master" | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{ required "A valid externalRedis.host is required" .Values.externalRedis.host }}
{{- end -}}
{{- end -}}
{{/*
Set redis secret
*/}}
{{- define "matrix-media-repo.redis.secret" -}}
{{- if .Values.redis.enabled -}}
{{- if .Values.redis.auth.existingSecret -}}
{{ .Values.redis.auth.existingSecret }}
{{- else -}}
{{- template "matrix-media-repo.redis.fullname" . -}}
{{- end -}}
{{- else -}}
{{- template "matrix-media-repo.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Set redis port
*/}}
{{- define "matrix-media-repo.redis.port" -}}
{{- if .Values.redis.enabled -}}
{{- .Values.redis.master.service.port | default 6379 }}
{{- else -}}
{{ required "A valid externalRedis.port is required" .Values.externalRedis.port }}
{{- end -}}
{{- end -}}
{{/*
Set redis password
*/}}
{{- define "matrix-media-repo.redis.password" -}}
{{- if .Values.redis.enabled -}}
{{ .Values.redis.password }}
{{- else if .Values.externalRedis.password -}}
{{ .Values.externalRedis.password }}
{{- end -}}
{{- end -}}

View file

@ -1,30 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "matrix-media-repo.fullname" . }}
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
data:
00-media-repo.yaml: |
repo:
bindAddress: '0.0.0.0'
port: 8000
logDirectory: '-'
{{- with .Values.extraRepo }}
{{- . | toYaml | nindent 6 }}
{{- end }}
metrics:
enabled: true
bindAddress: '0.0.0.0'
port: 9000
01-config.yaml: |
{{- .Values.config | toYaml | nindent 4 }}
{{- range $domain, $config := .Values.homeservers }}
02-{{ $domain | replace "." "-" }}.yaml: |
homeserver: {{ $domain }}
{{- $config | toYaml | nindent 4 }}
{{- end }}

View file

@ -1,113 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "matrix-media-repo.fullname" . }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "matrix-media-repo.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/secrets: {{ include (print .Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "matrix-media-repo.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "matrix-media-repo.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
command:
- sh
- -c
- |
(
while true; do
cp -u /config/secrets/* /config/config/* /config/combined/
sleep 30
done
) &
media_repo
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ include "matrix-media-repo.imageTag" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: REPO_CONFIG
value: /config/combined
ports:
- name: http
containerPort: 8000
protocol: TCP
- name: metrics
containerPort: 9000
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: http
readinessProbe:
httpGet:
path: /healthz
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: /config/combined
name: empty-combined
- mountPath: /config/config
name: config
- mountPath: /config/secrets
name: secrets
- mountPath: /media
name: data
{{- with .Values.extraVolumeMounts }}
{{- . | toYaml | nindent 12 }}
{{- end }}
volumes:
- name: empty-combined
emptyDir: {}
- name: config
configMap:
name: {{ include "matrix-media-repo.fullname" . }}
- name: secrets
secret:
secretName: {{ include "matrix-media-repo.fullname" . }}
- name: data
{{- if or .Values.persistence.enabled .Values.persistence.existingClaim }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "matrix-media-repo.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.extraVolumes }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

View file

@ -1,32 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "matrix-media-repo.fullname" . }}
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "matrix-media-repo.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

View file

@ -1,20 +0,0 @@
{{- if .Values.podmonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "matrix-media-repo.fullname" . }}
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
spec:
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
podMetricsEndpoints:
- path: /metrics
port: metrics
{{ if .Values.podmonitor.interval }}interval: {{ .Values.podmonitor.interval }}{{ end }}
selector:
matchLabels:
{{- include "matrix-media-repo.selectorLabels" . | nindent 6 }}
{{- end }}

View file

@ -1,21 +0,0 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "matrix-media-repo.fullname" . }}
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end -}}

View file

@ -1,35 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "matrix-media-repo.fullname" . }}
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
stringData:
00-database.yaml: |
database:
{{- $sslmode := "" }}
{{- if or .Values.postgresql.sslMode .Values.externalPostgresql.sslMode }}
{{- $sslmode = printf "?sslmode=%s" (.Values.postgresql.sslMode | default .Values.externalPostgresql.sslMode) }}
{{- end }}
postgres: "postgres://{{ include "matrix-media-repo.postgresql.username" . }}:{{ required "A password must be provided for Postgres" (include "matrix-media-repo.postgresql.password" .) }}@{{ include "matrix-media-repo.postgresql.host" . }}:{{ include "matrix-media-repo.postgresql.port" . }}/{{ include "matrix-media-repo.postgresql.database" . }}{{ $sslmode }}"
00-redis.yaml: |
redis:
{{- if .Values.redis.host }}
enabled: true
databaseNumber: {{ .Values.redis.database | default 0 }}
shards:
{{- $redisHost := include "matrix-media-repo.redis.host" . }}
{{- $redisPort := include "matrix-media-repo.redis.port" . }}
{{- $redisPass := include "matrix-media-repo.redis.password" . }}
- name: external
{{- if $redisPass }}
addr: "redis://:{{ $redisPass}}@{{ $redisHost }}:{{ $redisPort }}/{{ .Values.externalRedis.database | default 0 }}"
{{- else }}
addr: "{{ $redisHost }}:{{ $redisPort }}"
{{- end }}
{{- else }}
enabled: false
databaseNumber: 0
shards: []
{{- end }}

View file

@ -1,19 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "matrix-media-repo.fullname" . }}
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "matrix-media-repo.selectorLabels" . | nindent 4 }}

View file

@ -1,12 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "matrix-media-repo.serviceAccountName" . }}
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View file

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "matrix-media-repo.fullname" . }}-test-connection"
labels:
{{- include "matrix-media-repo.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "matrix-media-repo.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

View file

@ -8,15 +8,5 @@ appVersion: 1.94.0
type: application
version: 3.7.8
maintainers:
- name: Alexander Olofsson
email: ace@haxalot.com
dependencies:
- name: postgresql
version: ^12.1.4
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: redis
version: ^17.3.17
repository: https://charts.bitnami.com/bitnami
condition: redis.enabled
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -11,16 +11,5 @@ appVersion: 3.6.3
type: application
version: 5.5.3
maintainers:
- name: Alexander Olofsson
email: ace@haxalot.com
dependencies:
- name: postgresql
version: ^12.1.4
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: redis
version: ^17.3.17
repository: https://charts.bitnami.com/bitnami
condition: redis.enabled
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -7,11 +7,5 @@ appVersion: "0.99.11"
type: application
version: 0.2.5
maintainers:
- name: Alexander Olofsson
email: ace@haxalot.com
dependencies:
- name: postgresql
version: ^12.2.2
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: Tommy Skaug
email: tommy@skaug.me