| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 1 | local kube = import "../../../kube/kube.libsonnet"; |
| 2 | |
| 3 | { |
| 4 | local app = self, |
| 5 | local cfg = app.cfg, |
| 6 | cfg:: { |
| 7 | image: error "cfg.image needs to be set", |
| 8 | |
| 9 | homeservers: [], |
| 10 | admins: [], |
| 11 | |
| 12 | s3: { |
| 13 | endpoint: error "cfg.s3.endpoint needs to be set", |
| 14 | accessKey: error "cfg.s3.accessKey needs to be set", |
| 15 | secretKey: error "cfg.s3.secretKey needs to be set", |
| 16 | bucketName: error "cfg.s3.bucketName needs to be set", |
| 17 | region: error "cfg.s3.region needs to be set", |
| 18 | }, |
| 19 | |
| 20 | db: { |
| 21 | username: error "cfg.db.username needs to be set", |
| 22 | password: error "cfg.db.password needs to be set", |
| 23 | database: error "cfg.db.database needs to be set", |
| 24 | host: error "cfg.db.host needs to be set", |
| 25 | }, |
| 26 | }, |
| 27 | |
| 28 | ns:: error "ns needs to be a kube.Namespace object", |
| 29 | |
| 30 | config:: { |
| 31 | repo: { |
| 32 | bindAddress: "0.0.0.0", |
| 33 | port: 8000, |
| Piotr Dobrowolski | 21c8cd6 | 2021-09-16 13:07:54 +0200 | [diff] [blame] | 34 | useForwardedHost: false, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 35 | }, |
| 36 | database: { |
| 37 | postgres: "postgres://%s:%s@%s/%s?sslmode=disable" % [cfg.db.username, cfg.db.password, cfg.db.host, cfg.db.database], |
| 38 | }, |
| 39 | homeservers: cfg.homeservers, |
| 40 | admins: cfg.admins, |
| Piotr Dobrowolski | 21c8cd6 | 2021-09-16 13:07:54 +0200 | [diff] [blame] | 41 | thumbnails: { |
| 42 | maxSourceBytes: 10485760 * 3, |
| 43 | }, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 44 | datastores: [ |
| 45 | { |
| 46 | type: "s3", |
| 47 | enabled: true, |
| 48 | forKinds: ["all"], |
| 49 | opts: { |
| 50 | tempPath: "/tmp/mediarepo_s3_upload", |
| 51 | endpoint: cfg.s3.endpoint, |
| 52 | accessKeyId: cfg.s3.accessKey, |
| 53 | accessSecret: cfg.s3.secretKey, |
| 54 | ssl: false, |
| 55 | bucketName: cfg.s3.bucketName, |
| 56 | region: cfg.s3.region, |
| 57 | }, |
| 58 | } |
| 59 | ], |
| 60 | }, |
| 61 | |
| 62 | configSecret: app.ns.Contain(kube.Secret("media-repo-config")) { |
| 63 | data_: { |
| 64 | "config.yaml": std.manifestJsonEx(app.config, ""), |
| 65 | }, |
| 66 | }, |
| 67 | |
| 68 | deployment: app.ns.Contain(kube.Deployment("media-repo")) { |
| 69 | spec+: { |
| 70 | replicas: 1, |
| 71 | template+: { |
| 72 | spec+: { |
| 73 | volumes_: { |
| 74 | config: kube.SecretVolume(app.configSecret), |
| 75 | tempdir: kube.EmptyDirVolume(), |
| 76 | }, |
| 77 | containers_: { |
| 78 | repo: kube.Container("media-repo") { |
| 79 | image: cfg.image, |
| 80 | command: ["/usr/local/bin/media_repo"], |
| 81 | ports_: { |
| 82 | http: { containerPort: 8000 }, |
| 83 | }, |
| 84 | env_: { |
| 85 | REPO_CONFIG: "/config", |
| 86 | }, |
| 87 | volumeMounts_: { |
| 88 | config: { mountPath: "/config" }, |
| 89 | tempdir: { mountPath: "/tmp/mediarepo_s3_upload" }, |
| 90 | }, |
| Piotr Dobrowolski | 77af94d | 2021-09-16 22:17:58 +0200 | [diff] [blame^] | 91 | readinessProbe: { |
| 92 | httpGet: { |
| 93 | path: "/healthz", |
| 94 | port: "http", |
| 95 | }, |
| 96 | initialDelaySeconds: 5, |
| 97 | periodSeconds: 10, |
| 98 | }, |
| 99 | livenessProbe: { |
| 100 | httpGet: { |
| 101 | path: "/healthz", |
| 102 | port: "http", |
| 103 | }, |
| 104 | initialDelaySeconds: 60, |
| 105 | periodSeconds: 30, |
| 106 | }, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 107 | }, |
| 108 | }, |
| 109 | }, |
| 110 | }, |
| 111 | }, |
| 112 | }, |
| 113 | |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame] | 114 | // Run //app/matrix/media-repo-proxy, if needed. This rewrites Host headers |
| 115 | // from the homeserver's serving Host to the MXID hostname (which |
| 116 | // matrix-media-repo expects). |
| 117 | // |
| 118 | // Currently we only are able to run one proxy for one homeserver config - |
| 119 | // but we don't expect to have multiple homeservers per matrix-media-repo |
| 120 | // any time soon. |
| 121 | local needProxying = [ |
| 122 | h |
| 123 | for h in cfg.homeservers |
| 124 | if "https://%s" % [h.name] != h.csApi |
| 125 | ], |
| 126 | proxies: if std.length(needProxying) > 1 then error "can only proxy one homeserver" else |
| 127 | if std.length(needProxying) == 1 then { |
| 128 | local homeserver = needProxying[0], |
| 129 | |
| 130 | local upstreamHost = homeserver.name, |
| 131 | local prefix = "https://", |
| 132 | local downstreamHost = std.substr(homeserver.csApi, std.length(prefix), std.length(homeserver.csApi)-std.length(prefix)), |
| 133 | |
| 134 | deployment: app.ns.Contain(kube.Deployment("media-repo-proxy")) { |
| 135 | spec+: { |
| 136 | template+: { |
| 137 | spec+: { |
| 138 | containers_: { |
| 139 | default: kube.Container("default") { |
| 140 | image: "registry.k0.hswaw.net/q3k/media-repo-proxy:1631791816-18609443fffde38a055f504e80f95e44f49d2481", |
| 141 | command: [ |
| 142 | "/app/matrix/media-repo-proxy", |
| 143 | "-downstream_host", downstreamHost, |
| 144 | "-upstream_host", upstreamHost, |
| 145 | "-upstream", app.internalSvc.host_colon_port, |
| 146 | "-listen", ":8080", |
| 147 | ], |
| 148 | ports_: { |
| 149 | http: { containerPort: 8080 }, |
| 150 | }, |
| 151 | }, |
| 152 | }, |
| 153 | }, |
| 154 | }, |
| 155 | }, |
| 156 | }, |
| 157 | } else {}, |
| 158 | |
| 159 | internalSvc: app.ns.Contain(kube.Service("media-repo-internal")) { |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 160 | target_pod:: app.deployment.spec.template, |
| 161 | }, |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame] | 162 | |
| 163 | svc: if std.length(needProxying) > 0 then app.ns.Contain(kube.Service("media-repo")) { |
| 164 | target_pod:: app.proxies.deployment.spec.template, |
| 165 | } else app.internalSvc, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 166 | } |