games/valheim/prod.jsonnet - hscloud - Gitiles

 local kube = import "../../kube/kube.libsonnet";

 {
     local top = self,
     env(ns, name):: {
         local env = self,
         local cfg = env.cfg,
         cfg:: {
             name: name,
             displayName: name,
             image: "mbround18/valheim:latest",
             password: error "password must be set",
             storageClassName: "waw-hdd-redundant-3",
             port: 2456,
         },

         local named = function(component) "%s-%s" % [name, component],

         game: {
             local game = self,
             pvcs: {
                 backups: ns.Contain(kube.PersistentVolumeClaim(named("backups"))) {
                     spec+: {
                         storageClassName: cfg.storageClassName,
                         accessModes: ["ReadWriteOnce"],
                         resources: {
                             requests: { storage: "10Gi" },
                         },
                     },
                 },
                 saves: ns.Contain(kube.PersistentVolumeClaim(named("saves"))) {
                     spec+: {
                         storageClassName: cfg.storageClassName,
                         accessModes: ["ReadWriteOnce"],
                         resources: {
                             requests: { storage: "10Gi" },
                         },
                     },
                 },
                 server: ns.Contain(kube.PersistentVolumeClaim(named("server"))) {
                     spec+: {
                         storageClassName: cfg.storageClassName,
                         accessModes: ["ReadWriteOnce"],
                         resources: {
                             requests: { storage: "10Gi" },
                         },
                     },
                 },
             },
             svc: ns.Contain(kube.Service(named("external"))) {
                 target_pod:: game.deployment.spec.template,
                 spec+: {
                     ports: kube.mapToNamedList({
                         zero: { port: cfg.port, targetPort: cfg.port, protocol: "UDP" },
                         one: { port: cfg.port+1, targetPort: cfg.port+1, protocol: "UDP" },
                         two: { port: cfg.port+2, targetPort: cfg.port+2, protocol: "UDP" },
                     }),
                     type: "LoadBalancer",
                 },
             },

             scripts: ns.Contain(kube.ConfigMap(named("scripts"))) {
                 data: {
                     # Based on https://github.com/mbround18/valheim-docker ,
                     # removed all reliance on running as root (thus removed
                     # autoupdater/autobackups).
                     "entrypoint.sh": |||
                         #!/usr/bin/env bash
                         log() {
                             PREFIX="[entrypoint]"
                             printf "%-16s: %s\n" "${PREFIX}" "$1"
                         }
                         line() {
                             log "==========================================================================="
                         }
                         setup_filesystem() {
                             log "Setting up file systems"
                             mkdir -p /home/steam/valheim
                             mkdir -p /home/steam/valheim/logs
                             mkdir -p /home/steam/backups
                             mkdir -p /home/steam/scripts
                             mkdir -p /home/steam/valheim
                             cp /home/steam/steamcmd/linux64/steamclient.so /home/steam/valheim
                         }
                         line
                         log "Valheim Server - $(date)"
                         log "Initializing your container..."
                         line
                         setup_filesystem
                         log "Launching the rest of the fucking owl"
                         cd /home/steam/valheim || exit 1
                         exec "$@"
                     |||
                 },
             },
             secret: ns.Contain(kube.Secret(named("game"))) {
                 data_: {
                     # public game password
                     public: cfg.password,
                 },
             },
             deployment: ns.Contain(kube.Deployment(named("game"))) {
                 spec+: {
                     template+: {
                         spec+: {
                             containers_: {
                                 default: kube.Container("default") {
                                     image: cfg.image,
                                     command: [
                                         "/bin/bash", "/scripts/entrypoint.sh", "/home/steam/scripts/start_valheim.sh",
                                     ],
                                     volumeMounts_: {
                                         backups: { mountPath: "/home/steam/backups" },
                                         saves: { mountPath: "/home/steam/.config/unity3d/IronGate/Valheim" },
                                         server: { mountPath: "/home/steam/valheim" },
                                         scripts: { mountPath: "/scripts" },
                                     },
                                     ports_: {
                                         zero: { containerPort: cfg.port },
                                         one: { containerPort: cfg.port + 1 },
                                         two: { containerPort: cfg.port + 2 },
                                     },
                                     env_: {
                                         PUBLIC: "1",
                                         PASSWORD: kube.SecretKeyRef(game.secret, "public"),
                                         NAME: cfg.displayName,
                                         # Always attempt to update valheim on startup.
                                         FORCE_INSTALL: "1",
                                     },
                                     resources: {
                                         requests: {
                                             cpu: "500m",
                                             memory: "2Gi",
                                         },
                                         limits: {
                                             cpu: "1000m",
                                             memory: "4Gi",
                                         },
                                     },
                                 },
                             },
                             securityContext: {
                                 runAsUser: 1000,
                                 runAsGroup: 1000,
                                 fsGroup: 1000,
                             },
                             volumes_: {
                                 backups: kube.PersistentVolumeClaimVolume(game.pvcs.backups),
                                 saves: kube.PersistentVolumeClaimVolume(game.pvcs.saves),
                                 server: kube.PersistentVolumeClaimVolume(game.pvcs.server),
                                 scripts: kube.ConfigMapVolume(game.scripts),
                             },
                         },
                     },
                 },
             },
         },
     },

     # Make namespace for valheim.
     ns: kube.Namespace("valheim"),

     # Allow patryk and palid to administer this namespace via the namespace-admin clusterrole.
     adminRB: top.ns.Contain(kube.RoleBinding("sso:admins")) {
         subjects: [
             { apiGroup: "rbac.authorization.k8s.io", kind: "User", name: "%s@hackerspace.pl" % [u] }
             for u in ["patryk", "palid"]
         ],
         roleRef: {
             apiGroup: "rbac.authorization.k8s.io",
             kind: "ClusterRole",
             name: "system:admin-namespace",
         },
     },

     q3k: top.env(top.ns, "q3k") {
         cfg+: {
             ns: "valheim",
             password: (std.split(importstr "secrets/plain/q3k-public", "\n"))[0],
             displayName: "wypierdol z polski xD",
         },
     },
 }
	local kube = import "../../kube/kube.libsonnet";

	{
	local top = self,
	env(ns, name):: {
	local env = self,
	local cfg = env.cfg,
	cfg:: {
	name: name,
	displayName: name,
	image: "mbround18/valheim:latest",
	password: error "password must be set",
	storageClassName: "waw-hdd-redundant-3",
	port: 2456,
	},

	local named = function(component) "%s-%s" % [name, component],

	game: {
	local game = self,
	pvcs: {
	backups: ns.Contain(kube.PersistentVolumeClaim(named("backups"))) {
	spec+: {
	storageClassName: cfg.storageClassName,
	accessModes: ["ReadWriteOnce"],
	resources: {
	requests: { storage: "10Gi" },
	},
	},
	},
	saves: ns.Contain(kube.PersistentVolumeClaim(named("saves"))) {
	spec+: {
	storageClassName: cfg.storageClassName,
	accessModes: ["ReadWriteOnce"],
	resources: {
	requests: { storage: "10Gi" },
	},
	},
	},
	server: ns.Contain(kube.PersistentVolumeClaim(named("server"))) {
	spec+: {
	storageClassName: cfg.storageClassName,
	accessModes: ["ReadWriteOnce"],
	resources: {
	requests: { storage: "10Gi" },
	},
	},
	},
	},
	svc: ns.Contain(kube.Service(named("external"))) {
	target_pod:: game.deployment.spec.template,
	spec+: {
	ports: kube.mapToNamedList({
	zero: { port: cfg.port, targetPort: cfg.port, protocol: "UDP" },
	one: { port: cfg.port+1, targetPort: cfg.port+1, protocol: "UDP" },
	two: { port: cfg.port+2, targetPort: cfg.port+2, protocol: "UDP" },
	}),
	type: "LoadBalancer",
	},
	},

	scripts: ns.Contain(kube.ConfigMap(named("scripts"))) {
	data: {
	# Based on https://github.com/mbround18/valheim-docker ,
	# removed all reliance on running as root (thus removed
	# autoupdater/autobackups).
	"entrypoint.sh": \|\|\|
	#!/usr/bin/env bash
	log() {
	PREFIX="[entrypoint]"
	printf "%-16s: %s\n" "${PREFIX}" "$1"
	}
	line() {
	log "==========================================================================="
	}
	setup_filesystem() {
	log "Setting up file systems"
	mkdir -p /home/steam/valheim
	mkdir -p /home/steam/valheim/logs
	mkdir -p /home/steam/backups
	mkdir -p /home/steam/scripts
	mkdir -p /home/steam/valheim
	cp /home/steam/steamcmd/linux64/steamclient.so /home/steam/valheim
	}
	line
	log "Valheim Server - $(date)"
	log "Initializing your container..."
	line
	setup_filesystem
	log "Launching the rest of the fucking owl"
	cd /home/steam/valheim \|\| exit 1
	exec "$@"
	\|\|\|
	},
	},
	secret: ns.Contain(kube.Secret(named("game"))) {
	data_: {
	# public game password
	public: cfg.password,
	},
	},
	deployment: ns.Contain(kube.Deployment(named("game"))) {
	spec+: {
	template+: {
	spec+: {
	containers_: {
	default: kube.Container("default") {
	image: cfg.image,
	command: [
	"/bin/bash", "/scripts/entrypoint.sh", "/home/steam/scripts/start_valheim.sh",
	],
	volumeMounts_: {
	backups: { mountPath: "/home/steam/backups" },
	saves: { mountPath: "/home/steam/.config/unity3d/IronGate/Valheim" },
	server: { mountPath: "/home/steam/valheim" },
	scripts: { mountPath: "/scripts" },
	},
	ports_: {
	zero: { containerPort: cfg.port },
	one: { containerPort: cfg.port + 1 },
	two: { containerPort: cfg.port + 2 },
	},
	env_: {
	PUBLIC: "1",
	PASSWORD: kube.SecretKeyRef(game.secret, "public"),
	NAME: cfg.displayName,
	# Always attempt to update valheim on startup.
	FORCE_INSTALL: "1",
	},
	resources: {
	requests: {
	cpu: "500m",
	memory: "2Gi",
	},
	limits: {
	cpu: "1000m",
	memory: "4Gi",
	},
	},
	},
	},
	securityContext: {
	runAsUser: 1000,
	runAsGroup: 1000,
	fsGroup: 1000,
	},
	volumes_: {
	backups: kube.PersistentVolumeClaimVolume(game.pvcs.backups),
	saves: kube.PersistentVolumeClaimVolume(game.pvcs.saves),
	server: kube.PersistentVolumeClaimVolume(game.pvcs.server),
	scripts: kube.ConfigMapVolume(game.scripts),
	},
	},
	},
	},
	},
	},
	},

	# Make namespace for valheim.
	ns: kube.Namespace("valheim"),

	# Allow patryk and palid to administer this namespace via the namespace-admin clusterrole.
	adminRB: top.ns.Contain(kube.RoleBinding("sso:admins")) {
	subjects: [
	{ apiGroup: "rbac.authorization.k8s.io", kind: "User", name: "%s@hackerspace.pl" % [u] }
	for u in ["patryk", "palid"]
	],
	roleRef: {
	apiGroup: "rbac.authorization.k8s.io",
	kind: "ClusterRole",
	name: "system:admin-namespace",
	},
	},

	q3k: top.env(top.ns, "q3k") {
	cfg+: {
	ns: "valheim",
	password: (std.split(importstr "secrets/plain/q3k-public", "\n"))[0],
	displayName: "wypierdol z polski xD",
	},
	},
	}