games/valheim/prod.jsonnet - hscloud - Gitiles

 local kube = import "../../kube/kube.libsonnet";

 {
     local top = self,
     env(ns, name):: {
         local env = self,
         local cfg = env.cfg,
         cfg:: {
             name: name,
             displayName: name,
             image: "mbround18/valheim:latest",
             password: error "password must be set",
             storageClassName: "waw-hdd-redundant-3",
             port: 2456,
         },

         local named = function(component) "%s-%s" % [name, component],

         game: {
             local game = self,
             pvcs: {
                 backups: ns.Contain(kube.PersistentVolumeClaim(named("backups"))) {
                     storage:: "10Gi",
                     storageClass:: cfg.storageClassName,
                 },
                 saves: ns.Contain(kube.PersistentVolumeClaim(named("saves"))) {
                     storage:: "10Gi",
                     storageClass:: cfg.storageClassName,
                 },
                 server: ns.Contain(kube.PersistentVolumeClaim(named("server"))) {
                     storage:: "10Gi",
                     storageClass:: cfg.storageClassName,
                 },
             },
             svc: ns.Contain(kube.Service(named("external"))) {
                 target:: game.deployment,
                 spec+: {
                     ports: kube.mapToNamedList({
                         zero: { port: cfg.port, targetPort: cfg.port, protocol: "UDP" },
                         one: { port: cfg.port+1, targetPort: cfg.port+1, protocol: "UDP" },
                         two: { port: cfg.port+2, targetPort: cfg.port+2, protocol: "UDP" },
                     }),
                     type: "LoadBalancer",
                 },
             },

             // Given to some external users/systems which manage a given valheim server in a namespace.
             // TODO(q3k): only grant privileges to the same server
             controlAccount: {
                 svcAccount: ns.Contain(kube.ServiceAccount(named("control"))),
                 role: ns.Contain(kube.Role("control")) {
                     rules: [
                         {
                             apiGroups: [""],
                             resources: ["pods"],
                             verbs: ["get", "list", "watch", "delete"],
                         },
                         {
                             apiGroups: [""],
                             resources: ["pods/log"],
                             verbs: ["get"],
                         },
                         {
                             apiGroups: ["apps"],
                             resources: ["deployments"],
                             verbs: ["get", "list", "watch"],
                         },
                     ],
                 },
                 roleBinding:  ns.Contain(kube.RoleBinding(named("control"))) {
                     subjects_: [
                         game.controlAccount.svcAccount,
                     ],
                     roleRef_: game.controlAccount.role,
                 },
             },

             scripts: ns.Contain(kube.ConfigMap(named("scripts"))) {
                 data: {
                     # Based on https://github.com/mbround18/valheim-docker ,
                     # removed all reliance on running as root (thus removed
                     # autoupdater/autobackups).
                     "entrypoint.sh": |||
                         #!/usr/bin/env bash
                         log() {
                             PREFIX="[entrypoint]"
                             printf "%-16s: %s\n" "${PREFIX}" "$1"
                         }
                         line() {
                             log "==========================================================================="
                         }
                         setup_filesystem() {
                             log "Setting up file systems"
                             mkdir -p /home/steam/valheim
                             mkdir -p /home/steam/valheim/logs
                             mkdir -p /home/steam/backups
                             mkdir -p /home/steam/scripts
                             mkdir -p /home/steam/valheim
                             cp /home/steam/steamcmd/linux64/steamclient.so /home/steam/valheim
                         }
                         line
                         log "Valheim Server - $(date)"
                         log "Initializing your container..."
                         line
                         setup_filesystem
                         log "Launching the rest of the fucking owl"
                         export HOME=/home/steam
                         cd /home/steam/valheim || exit 1
                         exec "$@"
                     |||
                 },
             },
             secret: ns.Contain(kube.Secret(named("game"))) {
                 data_: {
                     # public game password
                     public: cfg.password,
                 },
             },
             deployment: ns.Contain(kube.Deployment(named("game"))) {
                 spec+: {
                     template+: {
                         spec+: {
                             containers_: {
                                 default: kube.Container("default") {
                                     image: cfg.image,
                                     command: [
                                         "/bin/bash", "/scripts/entrypoint.sh", "/home/steam/scripts/start_valheim.sh",
                                     ],
                                     volumeMounts_: {
                                         backups: { mountPath: "/home/steam/backups" },
                                         saves: { mountPath: "/home/steam/.config/unity3d/IronGate/Valheim" },
                                         server: { mountPath: "/home/steam/valheim" },
                                         scripts: { mountPath: "/scripts" },
                                     },
                                     ports_: {
                                         zero: { containerPort: cfg.port },
                                         one: { containerPort: cfg.port + 1 },
                                         two: { containerPort: cfg.port + 2 },
                                     },
                                     env_: {
                                         PUBLIC: "1",
                                         PASSWORD: kube.SecretKeyRef(game.secret, "public"),
                                         NAME: cfg.displayName,
                                         # Always attempt to update valheim on startup.
                                         FORCE_INSTALL: "1",
                                     },
                                     resources: {
                                         requests: {
                                             cpu: "500m",
                                             memory: "2Gi",
                                         },
                                         limits: {
                                             cpu: "1000m",
                                             memory: "4Gi",
                                         },
                                     },
                                 },
                             },
                             securityContext: {
                                 runAsUser: 1000,
                                 runAsGroup: 1000,
                                 fsGroup: 1000,
                             },
                             volumes_: {
                                 backups: game.pvcs.backups.volume,
                                 saves: game.pvcs.saves.volume,
                                 server: game.pvcs.server.volume,
                                 scripts: game.scripts.volume,
                             },
                         },
                     },
                 },
             },
         },
     },

     # Make namespace for valheim.
     ns: kube.Namespace("valheim"),

     q3k: top.env(top.ns, "q3k") {
         cfg+: {
             ns: "valheim",
             password: (std.split(importstr "secrets/plain/q3k-public", "\n"))[0],
             displayName: "wypierdol z polski xD",
         },
     },
     q3k2: top.env(top.ns, "q3k2") {
         cfg+: {
             ns: "valheim",
             password: (std.split(importstr "secrets/plain/q3k2-public", "\n"))[0],
             displayName: "walhajm",
         },
     },
 }
	local kube = import "../../kube/kube.libsonnet";

	{
	local top = self,
	env(ns, name):: {
	local env = self,
	local cfg = env.cfg,
	cfg:: {
	name: name,
	displayName: name,
	image: "mbround18/valheim:latest",
	password: error "password must be set",
	storageClassName: "waw-hdd-redundant-3",
	port: 2456,
	},

	local named = function(component) "%s-%s" % [name, component],

	game: {
	local game = self,
	pvcs: {
	backups: ns.Contain(kube.PersistentVolumeClaim(named("backups"))) {
	storage:: "10Gi",
	storageClass:: cfg.storageClassName,
	},
	saves: ns.Contain(kube.PersistentVolumeClaim(named("saves"))) {
	storage:: "10Gi",
	storageClass:: cfg.storageClassName,
	},
	server: ns.Contain(kube.PersistentVolumeClaim(named("server"))) {
	storage:: "10Gi",
	storageClass:: cfg.storageClassName,
	},
	},
	svc: ns.Contain(kube.Service(named("external"))) {
	target:: game.deployment,
	spec+: {
	ports: kube.mapToNamedList({
	zero: { port: cfg.port, targetPort: cfg.port, protocol: "UDP" },
	one: { port: cfg.port+1, targetPort: cfg.port+1, protocol: "UDP" },
	two: { port: cfg.port+2, targetPort: cfg.port+2, protocol: "UDP" },
	}),
	type: "LoadBalancer",
	},
	},

	// Given to some external users/systems which manage a given valheim server in a namespace.
	// TODO(q3k): only grant privileges to the same server
	controlAccount: {
	svcAccount: ns.Contain(kube.ServiceAccount(named("control"))),
	role: ns.Contain(kube.Role("control")) {
	rules: [
	{
	apiGroups: [""],
	resources: ["pods"],
	verbs: ["get", "list", "watch", "delete"],
	},
	{
	apiGroups: [""],
	resources: ["pods/log"],
	verbs: ["get"],
	},
	{
	apiGroups: ["apps"],
	resources: ["deployments"],
	verbs: ["get", "list", "watch"],
	},
	],
	},
	roleBinding: ns.Contain(kube.RoleBinding(named("control"))) {
	subjects_: [
	game.controlAccount.svcAccount,
	],
	roleRef_: game.controlAccount.role,
	},
	},

	scripts: ns.Contain(kube.ConfigMap(named("scripts"))) {
	data: {
	# Based on https://github.com/mbround18/valheim-docker ,
	# removed all reliance on running as root (thus removed
	# autoupdater/autobackups).
	"entrypoint.sh": \|\|\|
	#!/usr/bin/env bash
	log() {
	PREFIX="[entrypoint]"
	printf "%-16s: %s\n" "${PREFIX}" "$1"
	}
	line() {
	log "==========================================================================="
	}
	setup_filesystem() {
	log "Setting up file systems"
	mkdir -p /home/steam/valheim
	mkdir -p /home/steam/valheim/logs
	mkdir -p /home/steam/backups
	mkdir -p /home/steam/scripts
	mkdir -p /home/steam/valheim
	cp /home/steam/steamcmd/linux64/steamclient.so /home/steam/valheim
	}
	line
	log "Valheim Server - $(date)"
	log "Initializing your container..."
	line
	setup_filesystem
	log "Launching the rest of the fucking owl"
	export HOME=/home/steam
	cd /home/steam/valheim \|\| exit 1
	exec "$@"
	\|\|\|
	},
	},
	secret: ns.Contain(kube.Secret(named("game"))) {
	data_: {
	# public game password
	public: cfg.password,
	},
	},
	deployment: ns.Contain(kube.Deployment(named("game"))) {
	spec+: {
	template+: {
	spec+: {
	containers_: {
	default: kube.Container("default") {
	image: cfg.image,
	command: [
	"/bin/bash", "/scripts/entrypoint.sh", "/home/steam/scripts/start_valheim.sh",
	],
	volumeMounts_: {
	backups: { mountPath: "/home/steam/backups" },
	saves: { mountPath: "/home/steam/.config/unity3d/IronGate/Valheim" },
	server: { mountPath: "/home/steam/valheim" },
	scripts: { mountPath: "/scripts" },
	},
	ports_: {
	zero: { containerPort: cfg.port },
	one: { containerPort: cfg.port + 1 },
	two: { containerPort: cfg.port + 2 },
	},
	env_: {
	PUBLIC: "1",
	PASSWORD: kube.SecretKeyRef(game.secret, "public"),
	NAME: cfg.displayName,
	# Always attempt to update valheim on startup.
	FORCE_INSTALL: "1",
	},
	resources: {
	requests: {
	cpu: "500m",
	memory: "2Gi",
	},
	limits: {
	cpu: "1000m",
	memory: "4Gi",
	},
	},
	},
	},
	securityContext: {
	runAsUser: 1000,
	runAsGroup: 1000,
	fsGroup: 1000,
	},
	volumes_: {
	backups: game.pvcs.backups.volume,
	saves: game.pvcs.saves.volume,
	server: game.pvcs.server.volume,
	scripts: game.scripts.volume,
	},
	},
	},
	},
	},
	},
	},

	# Make namespace for valheim.
	ns: kube.Namespace("valheim"),

	q3k: top.env(top.ns, "q3k") {
	cfg+: {
	ns: "valheim",
	password: (std.split(importstr "secrets/plain/q3k-public", "\n"))[0],
	displayName: "wypierdol z polski xD",
	},
	},
	q3k2: top.env(top.ns, "q3k2") {
	cfg+: {
	ns: "valheim",
	password: (std.split(importstr "secrets/plain/q3k2-public", "\n"))[0],
	displayName: "walhajm",
	},
	},
	}