| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 1 | local kube = import "../../../kube/kube.libsonnet"; |
| 2 | |
| 3 | { |
| 4 | local app = self, |
| 5 | local cfg = app.cfg, |
| 6 | cfg:: { |
| 7 | image: error "cfg.image needs to be set", |
| 8 | |
| 9 | homeservers: [], |
| 10 | admins: [], |
| 11 | |
| 12 | s3: { |
| 13 | endpoint: error "cfg.s3.endpoint needs to be set", |
| 14 | accessKey: error "cfg.s3.accessKey needs to be set", |
| 15 | secretKey: error "cfg.s3.secretKey needs to be set", |
| 16 | bucketName: error "cfg.s3.bucketName needs to be set", |
| 17 | region: error "cfg.s3.region needs to be set", |
| 18 | }, |
| 19 | |
| 20 | db: { |
| 21 | username: error "cfg.db.username needs to be set", |
| 22 | password: error "cfg.db.password needs to be set", |
| 23 | database: error "cfg.db.database needs to be set", |
| 24 | host: error "cfg.db.host needs to be set", |
| 25 | }, |
| 26 | }, |
| 27 | |
| 28 | ns:: error "ns needs to be a kube.Namespace object", |
| 29 | |
| 30 | config:: { |
| 31 | repo: { |
| 32 | bindAddress: "0.0.0.0", |
| 33 | port: 8000, |
| 34 | }, |
| 35 | database: { |
| 36 | postgres: "postgres://%s:%s@%s/%s?sslmode=disable" % [cfg.db.username, cfg.db.password, cfg.db.host, cfg.db.database], |
| 37 | }, |
| 38 | homeservers: cfg.homeservers, |
| 39 | admins: cfg.admins, |
| 40 | datastores: [ |
| 41 | { |
| 42 | type: "s3", |
| 43 | enabled: true, |
| 44 | forKinds: ["all"], |
| 45 | opts: { |
| 46 | tempPath: "/tmp/mediarepo_s3_upload", |
| 47 | endpoint: cfg.s3.endpoint, |
| 48 | accessKeyId: cfg.s3.accessKey, |
| 49 | accessSecret: cfg.s3.secretKey, |
| 50 | ssl: false, |
| 51 | bucketName: cfg.s3.bucketName, |
| 52 | region: cfg.s3.region, |
| 53 | }, |
| 54 | } |
| 55 | ], |
| 56 | }, |
| 57 | |
| 58 | configSecret: app.ns.Contain(kube.Secret("media-repo-config")) { |
| 59 | data_: { |
| 60 | "config.yaml": std.manifestJsonEx(app.config, ""), |
| 61 | }, |
| 62 | }, |
| 63 | |
| 64 | deployment: app.ns.Contain(kube.Deployment("media-repo")) { |
| 65 | spec+: { |
| 66 | replicas: 1, |
| 67 | template+: { |
| 68 | spec+: { |
| 69 | volumes_: { |
| 70 | config: kube.SecretVolume(app.configSecret), |
| 71 | tempdir: kube.EmptyDirVolume(), |
| 72 | }, |
| 73 | containers_: { |
| 74 | repo: kube.Container("media-repo") { |
| 75 | image: cfg.image, |
| 76 | command: ["/usr/local/bin/media_repo"], |
| 77 | ports_: { |
| 78 | http: { containerPort: 8000 }, |
| 79 | }, |
| 80 | env_: { |
| 81 | REPO_CONFIG: "/config", |
| 82 | }, |
| 83 | volumeMounts_: { |
| 84 | config: { mountPath: "/config" }, |
| 85 | tempdir: { mountPath: "/tmp/mediarepo_s3_upload" }, |
| 86 | }, |
| 87 | }, |
| 88 | }, |
| 89 | }, |
| 90 | }, |
| 91 | }, |
| 92 | }, |
| 93 | |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame^] | 94 | // Run //app/matrix/media-repo-proxy, if needed. This rewrites Host headers |
| 95 | // from the homeserver's serving Host to the MXID hostname (which |
| 96 | // matrix-media-repo expects). |
| 97 | // |
| 98 | // Currently we only are able to run one proxy for one homeserver config - |
| 99 | // but we don't expect to have multiple homeservers per matrix-media-repo |
| 100 | // any time soon. |
| 101 | local needProxying = [ |
| 102 | h |
| 103 | for h in cfg.homeservers |
| 104 | if "https://%s" % [h.name] != h.csApi |
| 105 | ], |
| 106 | proxies: if std.length(needProxying) > 1 then error "can only proxy one homeserver" else |
| 107 | if std.length(needProxying) == 1 then { |
| 108 | local homeserver = needProxying[0], |
| 109 | |
| 110 | local upstreamHost = homeserver.name, |
| 111 | local prefix = "https://", |
| 112 | local downstreamHost = std.substr(homeserver.csApi, std.length(prefix), std.length(homeserver.csApi)-std.length(prefix)), |
| 113 | |
| 114 | deployment: app.ns.Contain(kube.Deployment("media-repo-proxy")) { |
| 115 | spec+: { |
| 116 | template+: { |
| 117 | spec+: { |
| 118 | containers_: { |
| 119 | default: kube.Container("default") { |
| 120 | image: "registry.k0.hswaw.net/q3k/media-repo-proxy:1631791816-18609443fffde38a055f504e80f95e44f49d2481", |
| 121 | command: [ |
| 122 | "/app/matrix/media-repo-proxy", |
| 123 | "-downstream_host", downstreamHost, |
| 124 | "-upstream_host", upstreamHost, |
| 125 | "-upstream", app.internalSvc.host_colon_port, |
| 126 | "-listen", ":8080", |
| 127 | ], |
| 128 | ports_: { |
| 129 | http: { containerPort: 8080 }, |
| 130 | }, |
| 131 | }, |
| 132 | }, |
| 133 | }, |
| 134 | }, |
| 135 | }, |
| 136 | }, |
| 137 | } else {}, |
| 138 | |
| 139 | internalSvc: app.ns.Contain(kube.Service("media-repo-internal")) { |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 140 | target_pod:: app.deployment.spec.template, |
| 141 | }, |
| Serge Bazanski | ebe6075 | 2021-09-16 11:28:00 +0200 | [diff] [blame^] | 142 | |
| 143 | svc: if std.length(needProxying) > 0 then app.ns.Contain(kube.Service("media-repo")) { |
| 144 | target_pod:: app.proxies.deployment.spec.template, |
| 145 | } else app.internalSvc, |
| Piotr Dobrowolski | 122d5e5 | 2021-09-10 23:54:34 +0200 | [diff] [blame] | 146 | } |