Blame - app/matrix/prod.jsonnet - hscloud

blob: 81b69f0edde7150f5e8eaaa0609fcc8bc183a9c9 [file] [log] [blame]

Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame^]	1	# matrix.hackerspace.pl, a matrix/synapse instance
				2	# This needs a secret provisioned, create with:
				3	# kubectl -n matrix create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1)
				4
				5	local kube = import "../../kube/kube.libsonnet";
				6	local postgres = import "../../kube/postgres.libsonnet";
				7
				8	{
				9	local app = self,
				10	local cfg = app.cfg,
				11	cfg:: {
				12	namespace: "matrix",
				13	image: "matrixdotorg/synapse:v0.99.3.2",
				14	riotImage: "bubuntux/riot-web:v1.1.0",
				15	domain: "matrix.hackerspace.pl",
				16	serverName: "hackerspace.pl",
				17	storageClassName: "waw-hdd-redundant-1",
				18	},
				19
				20	metadata(component):: {
				21	namespace: app.cfg.namespace,
				22	labels: {
				23	"app.kubernetes.io/name": "matrix",
				24	"app.kubernetes.io/managed-by": "kubecfg",
				25	"app.kubernetes.io/component": component,
				26	},
				27	},
				28
				29	namespace: kube.Namespace(app.cfg.namespace),
				30
				31	postgres: postgres {
				32	cfg+: {
				33	namespace: cfg.namespace,
				34	appName: "synapse",
				35	database: "synapse",
				36	username: "synapse",
				37	password: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
				38	},
				39	},
				40
				41	dataVolume: kube.PersistentVolumeClaim("synapse-data") {
				42	metadata+: app.metadata("synapse-data"),
				43	spec+: {
				44	storageClassName: cfg.storageClassName,
				45	accessModes: [ "ReadWriteOnce" ],
				46	resources: {
				47	requests: {
				48	storage: "50Gi",
				49	},
				50	},
				51	},
				52	},
				53	deployment: kube.Deployment("synapse") {
				54	metadata+: app.metadata("synapse"),
				55	spec+: {
				56	replicas: 1,
				57	template+: {
				58	spec+: {
				59	volumes_: {
				60	data: kube.PersistentVolumeClaimVolume(app.dataVolume),
				61	},
				62	containers_: {
				63	web: kube.Container("synapse") {
				64	image: cfg.image,
				65	ports_: {
				66	http: { containerPort: 8008 },
				67	},
				68	env_: {
				69	SYNAPSE_SERVER_NAME: app.cfg.serverName,
				70	SYNAPSE_REPORT_STATS: "no",
				71	SYNAPSE_NO_TLS: "1",
				72
				73	POSTGRES_HOST: "postgres",
				74	POSTGRES_USER: app.postgres.cfg.username,
				75	POSTGRES_PORT: "5432",
				76	POSTGRES_DB: app.postgres.cfg.database,
				77	POSTGRES_PASSWORD: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
				78	},
				79	volumeMounts_: {
				80	data: { mountPath: "/data" },
				81	},
				82	},
				83	},
				84	},
				85	},
				86	},
				87	},
				88
				89	riotConfig: kube.ConfigMap("riot-web-config") {
				90	metadata+: app.metadata("riot-web-config"),
				91	data: {
				92	"config.json": std.manifestJsonEx({
				93	"default_hs_url": "https://matrix.hackerspace.pl",
				94	"default_is_url": "https://vector.im",
				95	"disable_custom_urls": false,
				96	"disable_guests": false,
				97	"disable_login_language_selector": false,
				98	"disable_3pid_login": false,
				99	"brand": "Riot",
				100	"integrations_ui_url": "https://scalar.vector.im/",
				101	"integrations_rest_url": "https://scalar.vector.im/api",
				102	"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
				103	"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
				104	"features": {
				105	"feature_groups": "labs",
				106	"feature_pinning": "labs",
				107	"feature_reactions": "labs"
				108	},
				109	"default_federate": true,
				110	"default_theme": "light",
				111	"roomDirectory": {
				112	"servers": [
				113	"matrix.hackerspace.pl"
				114	]
				115	},
				116	"welcomeUserId": "@riot-bot:matrix.org",
				117	"piwik": {
				118	"url": "https://piwik.riot.im/",
				119	"whitelistedHSUrls": ["https://matrix.org"],
				120	"whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
				121	"siteId": 1
				122	},
				123	"enable_presence_by_hs_url": {
				124	"https://matrix.org": false
				125	}
				126	}, ""),
				127	},
				128	},
				129
				130	riotDeployment: kube.Deployment("riot-web") {
				131	metadata+: app.metadata("riot-web"),
				132	spec+: {
				133	replicas: 1,
				134	template+: {
				135	spec+: {
				136	volumes_: {
				137	config: kube.ConfigMapVolume(app.riotConfig),
				138	},
				139	containers_: {
				140	web: kube.Container("synapse") {
				141	image: cfg.riotImage,
				142	ports_: {
				143	http: { containerPort: 80 },
				144	},
				145	volumeMounts_: {
				146	config: {
				147	mountPath: "/etc/riot-web/config.json",
				148	subPath: "config.json",
				149	},
				150	},
				151	},
				152	},
				153	},
				154	},
				155	},
				156	},
				157
				158	svc: kube.Service("synapse") {
				159	metadata+: app.metadata("synapse"),
				160	target_pod:: app.deployment.spec.template,
				161	spec+: {
				162	ports: [
				163	{ name: "http", port: 8008, protocol: "TCP" },
				164	],
				165	type: "ClusterIP",
				166	},
				167	},
				168
				169	riotSvc: kube.Service("riot-web") {
				170	metadata+: app.metadata("riot-web"),
				171	target_pod:: app.riotDeployment.spec.template,
				172	spec+: {
				173	ports: [
				174	{ name: "http", port: 80, protocol: "TCP" },
				175	],
				176	type: "ClusterIP",
				177	},
				178	},
				179
				180	ingress: kube.Ingress("synapse") {
				181	metadata+: app.metadata("synapse") {
				182	annotations+: {
				183	"kubernetes.io/tls-acme": "true",
				184	"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
				185	"nginx.ingress.kubernetes.io/proxy-body-size": "0",
				186	},
				187	},
				188	spec+: {
				189	tls: [
				190	{
				191	hosts: [cfg.domain],
				192	secretName: "synapse-tls",
				193	},
				194	],
				195	rules: [
				196	{
				197	host: cfg.domain,
				198	http: {
				199	paths: [
				200	{ path: "/", backend: app.riotSvc.name_port },
				201	{ path: "/_matrix", backend: app.svc.name_port },
				202	]
				203	},
				204	}
				205	],
				206	},
				207	},
				208	}