Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 37fbff768a60e21b79717616e3b8dbbd5bad4d07 / . / app / matrix / lib / appservice-irc.libsonnet
blob: b9e5b84c567d0c479e880460193d0f3cfd95182e [file] [log] [blame]
Serge Bazanski60076c72020-11-03 19:17:25 +0100[diff] [blame]1local kube = import "../../../kube/kube.libsonnet";
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]2
3{
4 AppServiceIrc(name):: {
5 local bridge = self,
6 local cfg = bridge.cfg,
7 cfg:: {
8 metadata: {},
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame^]9 config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0] {
10 ircService+: {
11 [if cfg.passwordEncryptionKeySecret != null then "passwordEncryptionKeyPath"]: "/key/key.pem"
12 },
13 },
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]14 image: error "image must be set",
15 storageClassName: error "storageClassName must be set",
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame^]16
17 # RSA encryption private key secret name containing "key.pem" key
18 # Create using:
19 # kubectl -n matrix create secret generic appservice-irc-password-encryption-key --from-file=key.pem=<(openssl genpkey -out - -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048)
20 passwordEncryptionKeySecret: null,
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]21 },
22
23 config: kube.ConfigMap("appservice-irc-%s" % [name]) {
24 metadata+: cfg.metadata,
25 data: {
26 "config.yaml": std.manifestJsonEx(cfg.config, ""),
27 },
28 },
29
30 dataVolume: kube.PersistentVolumeClaim("appservice-irc-%s" % [name]) {
31 metadata+: cfg.metadata,
32 spec+: {
33 storageClassName: cfg.storageClassName,
34 accessModes: [ "ReadWriteOnce" ],
35 resources: {
36 requests: {
37 storage: "10Gi",
38 },
39 },
40 },
41 },
42
43 bootstrapJob: kube.Job("appservice-irc-%s-bootstrap" % [name]) {
44 metadata+: cfg.metadata {
45 labels: {
46 "job-name": "appservice-irc-%s-bootstrap" % [name],
47 },
48 },
49 spec+: {
50 template+: {
51 spec+: {
52 volumes_: {
53 config: kube.ConfigMapVolume(bridge.config),
54 },
55 containers_: {
56 bootstrap: kube.Container("appservice-irc-%s-bootstrap" % [name]) {
57 image: cfg.image,
58 command: ["sh", "-c", "node app.js -r -u http://appservice-irc-%s:9999 -c /config/config.yaml -f /tmp/registration.yaml && cat /tmp/registration.yaml" % [name]],
59 volumeMounts_: {
60 config: { mountPath: "/config" },
61 },
62 },
63 },
64 },
65 },
66 },
67 },
68
69 deployment: kube.Deployment("appservice-irc-%s" % [name]) {
70 metadata+: cfg.metadata,
71 spec+: {
72 replicas: 1,
73 template+: {
74 spec+: {
75 volumes_: {
76 config: kube.ConfigMapVolume(bridge.config),
77 data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
78 registration: { secret: { secretName: "appservice-irc-%s-registration" % [name] } },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame^]79 } + (if cfg.passwordEncryptionKeySecret != null then {
80 key: { secret: { secretName: cfg.passwordEncryptionKeySecret } },
81 } else {}),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]82 nodeSelector: cfg.nodeSelector,
83 containers_: {
84 appserviceIrc: kube.Container("appservice-irc-%s" % [name]) {
85 image: cfg.image,
86 command: ["node", "app.js", "-c", "/config/config.yaml", "-f", "/registration/registration.yaml", "-p", "9999"],
87 ports_: {
88 http: { containerPort: 9999 },
89 },
90 volumeMounts_: {
91 registration: { mountPath: "/registration", },
92 config: { mountPath: "/config", },
93 data: { mountPath: "/data" },
Piotr Dobrowolski37fbff72021-02-13 20:17:33 +0100[diff] [blame^]94 } + (if cfg.passwordEncryptionKeySecret != null then {
95 key: { mountPath: "/key" },
96 } else {}),
Serge Bazanskicdba2912020-08-24 19:11:10 +0000[diff] [blame]97 },
98 },
99 },
100 },
101 },
102 },
103
104 svc: kube.Service("appservice-irc-%s" % [name]) {
105 metadata+: cfg.metadata,
106 target_pod:: bridge.deployment.spec.template,
107 },
108 },
109}