| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 1 | local kube = import "../../../kube/kube.libsonnet"; |
| 2 | |
| 3 | { |
| 4 | local app = self, |
| 5 | local cfg = app.cfg, |
| 6 | cfg:: { |
| 7 | image: error "cfg.image needs to be set", |
| 8 | |
| 9 | homeservers: [], |
| 10 | admins: [], |
| 11 | |
| 12 | s3: { |
| 13 | endpoint: error "cfg.s3.endpoint needs to be set", |
| 14 | accessKey: error "cfg.s3.accessKey needs to be set", |
| 15 | secretKey: error "cfg.s3.secretKey needs to be set", |
| 16 | bucketName: error "cfg.s3.bucketName needs to be set", |
| 17 | region: error "cfg.s3.region needs to be set", |
| 18 | }, |
| 19 | |
| 20 | db: { |
| 21 | username: error "cfg.db.username needs to be set", |
| 22 | password: error "cfg.db.password needs to be set", |
| 23 | database: error "cfg.db.database needs to be set", |
| 24 | host: error "cfg.db.host needs to be set", |
| Piotr Dobrowolski | ad3cb5c | 2023-03-28 22:39:08 +0200 | [diff] [blame] | 25 | port: error "cfg.db.port needs to be set", |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 26 | }, |
| 27 | }, |
| 28 | |
| 29 | ns:: error "ns needs to be a kube.Namespace object", |
| radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame^] | 30 | local ns = app.ns, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 31 | |
| 32 | config:: { |
| 33 | repo: { |
| 34 | bindAddress: "0.0.0.0", |
| 35 | port: 8000, |
| Piotr Dobrowolski | 21c8cd6 | 2021-09-16 13:07:54 +0200 | [diff] [blame] | 36 | useForwardedHost: false, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 37 | }, |
| 38 | database: { |
| Piotr Dobrowolski | ad3cb5c | 2023-03-28 22:39:08 +0200 | [diff] [blame] | 39 | postgres: "postgres://%s:%s@%s:%d/%s?sslmode=disable" % [cfg.db.username, cfg.db.password, cfg.db.host, cfg.db.port, cfg.db.database], |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 40 | }, |
| 41 | homeservers: cfg.homeservers, |
| 42 | admins: cfg.admins, |
| Piotr Dobrowolski | 21c8cd6 | 2021-09-16 13:07:54 +0200 | [diff] [blame] | 43 | thumbnails: { |
| 44 | maxSourceBytes: 10485760 * 3, |
| 45 | }, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 46 | datastores: [ |
| 47 | { |
| 48 | type: "s3", |
| 49 | enabled: true, |
| 50 | forKinds: ["all"], |
| 51 | opts: { |
| 52 | tempPath: "/tmp/mediarepo_s3_upload", |
| 53 | endpoint: cfg.s3.endpoint, |
| 54 | accessKeyId: cfg.s3.accessKey, |
| 55 | accessSecret: cfg.s3.secretKey, |
| 56 | ssl: false, |
| 57 | bucketName: cfg.s3.bucketName, |
| 58 | region: cfg.s3.region, |
| 59 | }, |
| 60 | } |
| 61 | ], |
| 62 | }, |
| 63 | |
| radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame^] | 64 | configSecret: ns.Contain(kube.Secret("media-repo-config")) { |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 65 | data_: { |
| 66 | "config.yaml": std.manifestJsonEx(app.config, ""), |
| 67 | }, |
| 68 | }, |
| 69 | |
| radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame^] | 70 | deployment: ns.Contain(kube.Deployment("media-repo")) { |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 71 | spec+: { |
| 72 | replicas: 1, |
| 73 | template+: { |
| 74 | spec+: { |
| 75 | volumes_: { |
| 76 | config: kube.SecretVolume(app.configSecret), |
| 77 | tempdir: kube.EmptyDirVolume(), |
| 78 | }, |
| 79 | containers_: { |
| 80 | repo: kube.Container("media-repo") { |
| 81 | image: cfg.image, |
| 82 | command: ["/usr/local/bin/media_repo"], |
| 83 | ports_: { |
| 84 | http: { containerPort: 8000 }, |
| 85 | }, |
| 86 | env_: { |
| 87 | REPO_CONFIG: "/config", |
| 88 | }, |
| 89 | volumeMounts_: { |
| 90 | config: { mountPath: "/config" }, |
| 91 | tempdir: { mountPath: "/tmp/mediarepo_s3_upload" }, |
| 92 | }, |
| Piotr Dobrowolski | 77af94d | 2021-09-16 22:17:58 +0200 | [diff] [blame] | 93 | readinessProbe: { |
| 94 | httpGet: { |
| 95 | path: "/healthz", |
| 96 | port: "http", |
| 97 | }, |
| 98 | initialDelaySeconds: 5, |
| 99 | periodSeconds: 10, |
| 100 | }, |
| 101 | livenessProbe: { |
| 102 | httpGet: { |
| 103 | path: "/healthz", |
| 104 | port: "http", |
| 105 | }, |
| 106 | initialDelaySeconds: 60, |
| 107 | periodSeconds: 30, |
| 108 | }, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 109 | }, |
| 110 | }, |
| 111 | }, |
| 112 | }, |
| 113 | }, |
| 114 | }, |
| 115 | |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame] | 116 | // Run //app/matrix/media-repo-proxy, if needed. This rewrites Host headers |
| 117 | // from the homeserver's serving Host to the MXID hostname (which |
| 118 | // matrix-media-repo expects). |
| radex | 8b8f387 | 2023-11-24 11:09:46 +0100 | [diff] [blame] | 119 | // |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame] | 120 | // Currently we only are able to run one proxy for one homeserver config - |
| 121 | // but we don't expect to have multiple homeservers per matrix-media-repo |
| 122 | // any time soon. |
| 123 | local needProxying = [ |
| 124 | h |
| 125 | for h in cfg.homeservers |
| 126 | if "https://%s" % [h.name] != h.csApi |
| 127 | ], |
| 128 | proxies: if std.length(needProxying) > 1 then error "can only proxy one homeserver" else |
| 129 | if std.length(needProxying) == 1 then { |
| 130 | local homeserver = needProxying[0], |
| 131 | |
| 132 | local upstreamHost = homeserver.name, |
| 133 | local prefix = "https://", |
| 134 | local downstreamHost = std.substr(homeserver.csApi, std.length(prefix), std.length(homeserver.csApi)-std.length(prefix)), |
| 135 | |
| radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame^] | 136 | deployment: ns.Contain(kube.Deployment("media-repo-proxy")) { |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame] | 137 | spec+: { |
| 138 | template+: { |
| 139 | spec+: { |
| 140 | containers_: { |
| 141 | default: kube.Container("default") { |
| 142 | image: "registry.k0.hswaw.net/q3k/media-repo-proxy:1631791816-18609443fffde38a055f504e80f95e44f49d2481", |
| 143 | command: [ |
| 144 | "/app/matrix/media-repo-proxy", |
| 145 | "-downstream_host", downstreamHost, |
| 146 | "-upstream_host", upstreamHost, |
| 147 | "-upstream", app.internalSvc.host_colon_port, |
| 148 | "-listen", ":8080", |
| 149 | ], |
| 150 | ports_: { |
| 151 | http: { containerPort: 8080 }, |
| 152 | }, |
| 153 | }, |
| 154 | }, |
| 155 | }, |
| 156 | }, |
| 157 | }, |
| 158 | }, |
| 159 | } else {}, |
| 160 | |
| radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame^] | 161 | internalSvc: ns.Contain(kube.Service("media-repo-internal")) { |
| radex | 8b8f387 | 2023-11-24 11:09:46 +0100 | [diff] [blame] | 162 | target:: app.deployment, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 163 | }, |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame] | 164 | |
| radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame^] | 165 | svc: if std.length(needProxying) > 0 then ns.Contain(kube.Service("media-repo")) { |
| radex | 8b8f387 | 2023-11-24 11:09:46 +0100 | [diff] [blame] | 166 | target:: app.proxies.deployment, |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame] | 167 | } else app.internalSvc, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 168 | } |