Blame - app/matrix/prod.jsonnet - hscloud

blob: baa48e4cd5e2bb5cca870a64aced9fb1823b704a [file] [log] [blame]

Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	1	# matrix.hackerspace.pl, a matrix/synapse instance
				2	# This needs a secret provisioned, create with:
				3	# kubectl -n matrix create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1)
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	4	# kubectl -n matrix create secret generic appservice-irc-freenode-registration --from-file=registration.yaml=<(kubectl logs -n matrix $(kubectl get pods -n matrix --selector=job-name=appservice-irc-freenode-bootstrap --output=jsonpath='{.items[*].metadata.name}') \| tail -n +4)
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	5
				6	local kube = import "../../kube/kube.libsonnet";
				7	local postgres = import "../../kube/postgres.libsonnet";
				8
				9	{
				10	local app = self,
				11	local cfg = app.cfg,
				12	cfg:: {
				13	namespace: "matrix",
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	14	domain: "matrix.hackerspace.pl",
				15	serverName: "hackerspace.pl",
				16	storageClassName: "waw-hdd-redundant-1",
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	17
				18	synapseImage: "matrixdotorg/synapse:v0.99.4",
				19	riotImage: "bubuntux/riot-web:v1.1.0",
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	20	},
				21
				22	metadata(component):: {
Piotr Dobrowolski	4b4231d	2019-05-15 11:41:21 +0200	[diff] [blame]	23	namespace: cfg.namespace,
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	24	labels: {
				25	"app.kubernetes.io/name": "matrix",
				26	"app.kubernetes.io/managed-by": "kubecfg",
				27	"app.kubernetes.io/component": component,
				28	},
				29	},
				30
Piotr Dobrowolski	4b4231d	2019-05-15 11:41:21 +0200	[diff] [blame]	31	namespace: kube.Namespace(cfg.namespace),
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	32
				33	postgres: postgres {
				34	cfg+: {
				35	namespace: cfg.namespace,
				36	appName: "synapse",
				37	database: "synapse",
				38	username: "synapse",
				39	password: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
				40	},
				41	},
				42
				43	dataVolume: kube.PersistentVolumeClaim("synapse-data") {
				44	metadata+: app.metadata("synapse-data"),
				45	spec+: {
				46	storageClassName: cfg.storageClassName,
				47	accessModes: [ "ReadWriteOnce" ],
				48	resources: {
				49	requests: {
				50	storage: "50Gi",
				51	},
				52	},
				53	},
				54	},
Piotr Dobrowolski	ffbb47c	2019-05-16 12:18:39 +0200	[diff] [blame]	55
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	56	synapseDeployment: kube.Deployment("synapse") {
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	57	metadata+: app.metadata("synapse"),
				58	spec+: {
				59	replicas: 1,
				60	template+: {
				61	spec+: {
				62	volumes_: {
				63	data: kube.PersistentVolumeClaimVolume(app.dataVolume),
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	64	} + {
				65	[k]: { secret: { secretName: "appservice-%s-registration" % [k] } }
				66	for k in std.objectFields(app.appservices)
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	67	},
				68	containers_: {
				69	web: kube.Container("synapse") {
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	70	image: cfg.synapseImage,
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	71	ports_: {
				72	http: { containerPort: 8008 },
				73	},
				74	env_: {
Piotr Dobrowolski	4b4231d	2019-05-15 11:41:21 +0200	[diff] [blame]	75	SYNAPSE_SERVER_NAME: cfg.serverName,
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	76	SYNAPSE_REPORT_STATS: "no",
				77	SYNAPSE_NO_TLS: "1",
Piotr Dobrowolski	4b4231d	2019-05-15 11:41:21 +0200	[diff] [blame]	78	SYNAPSE_ALLOW_GUEST: "yes",
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	79
				80	POSTGRES_HOST: "postgres",
				81	POSTGRES_USER: app.postgres.cfg.username,
				82	POSTGRES_PORT: "5432",
				83	POSTGRES_DB: app.postgres.cfg.database,
				84	POSTGRES_PASSWORD: { secretKeyRef: { name: "synapse", key: "postgres_password" } },
				85	},
				86	volumeMounts_: {
				87	data: { mountPath: "/data" },
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	88	} + {
				89	[k]: { mountPath: "/appservices/%s" % [k] }
				90	for k in std.objectFields(app.appservices)
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	91	},
				92	},
				93	},
				94	},
				95	},
				96	},
				97	},
				98
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	99	synapseSvc: kube.Service("synapse") {
Piotr Dobrowolski	ffbb47c	2019-05-16 12:18:39 +0200	[diff] [blame]	100	metadata+: app.metadata("synapse"),
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	101	target_pod:: app.synapseDeployment.spec.template,
Piotr Dobrowolski	ffbb47c	2019-05-16 12:18:39 +0200	[diff] [blame]	102	},
				103
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	104	riotConfig: kube.ConfigMap("riot-web-config") {
				105	metadata+: app.metadata("riot-web-config"),
				106	data: {
				107	"config.json": std.manifestJsonEx({
Piotr Dobrowolski	4b4231d	2019-05-15 11:41:21 +0200	[diff] [blame]	108	"default_hs_url": "https://%s" % [cfg.domain],
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	109	"disable_custom_urls": false,
				110	"disable_guests": false,
				111	"disable_login_language_selector": false,
Piotr Dobrowolski	4b4231d	2019-05-15 11:41:21 +0200	[diff] [blame]	112	"disable_3pid_login": true,
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	113	"brand": "Riot",
				114	"integrations_ui_url": "https://scalar.vector.im/",
				115	"integrations_rest_url": "https://scalar.vector.im/api",
				116	"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
Piotr Dobrowolski	4b4231d	2019-05-15 11:41:21 +0200	[diff] [blame]	117
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	118	"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
				119	"features": {
				120	"feature_groups": "labs",
				121	"feature_pinning": "labs",
				122	"feature_reactions": "labs"
				123	},
				124	"default_federate": true,
				125	"default_theme": "light",
				126	"roomDirectory": {
				127	"servers": [
Piotr Dobrowolski	4b4231d	2019-05-15 11:41:21 +0200	[diff] [blame]	128	"hackerspace.pl"
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	129	]
				130	},
				131	"welcomeUserId": "@riot-bot:matrix.org",
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	132	"enable_presence_by_hs_url": {
				133	"https://matrix.org": false
				134	}
				135	}, ""),
				136	},
				137	},
				138
				139	riotDeployment: kube.Deployment("riot-web") {
				140	metadata+: app.metadata("riot-web"),
				141	spec+: {
				142	replicas: 1,
				143	template+: {
				144	spec+: {
				145	volumes_: {
				146	config: kube.ConfigMapVolume(app.riotConfig),
				147	},
				148	containers_: {
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	149	web: kube.Container("riot-web") {
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	150	image: cfg.riotImage,
				151	ports_: {
				152	http: { containerPort: 80 },
				153	},
				154	volumeMounts_: {
				155	config: {
				156	mountPath: "/etc/riot-web/config.json",
				157	subPath: "config.json",
				158	},
				159	},
				160	},
				161	},
				162	},
				163	},
				164	},
				165	},
				166
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	167	riotSvc: kube.Service("riot-web") {
				168	metadata+: app.metadata("riot-web"),
				169	target_pod:: app.riotDeployment.spec.template,
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	170	},
				171
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	172	appservices: {
				173	"irc-freenode": app.AppServiceIrc("freenode") {
				174	cfg+: {
				175	metadata: app.metadata("appservice-irc-freenode"),
				176	config+: {
				177	homeserver+: {
				178	url: "https://%s" % [cfg.domain],
				179	domain: "%s" % [cfg.serverName],
				180	},
				181	},
				182	},
				183	},
				184	},
				185
				186	ingress: kube.Ingress("matrix") {
				187	metadata+: app.metadata("matrix") {
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	188	annotations+: {
				189	"kubernetes.io/tls-acme": "true",
				190	"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
				191	"nginx.ingress.kubernetes.io/proxy-body-size": "0",
				192	},
				193	},
				194	spec+: {
				195	tls: [
				196	{
				197	hosts: [cfg.domain],
				198	secretName: "synapse-tls",
				199	},
				200	],
				201	rules: [
				202	{
				203	host: cfg.domain,
				204	http: {
				205	paths: [
				206	{ path: "/", backend: app.riotSvc.name_port },
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	207	{ path: "/_matrix", backend: app.synapseSvc.name_port },
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	208	]
				209	},
				210	}
				211	],
				212	},
				213	},
Piotr Dobrowolski	fef4c12	2019-05-16 21:05:02 +0200	[diff] [blame^]	214
				215	AppServiceIrc(name):: {
				216	local bridge = self,
				217	local cfg = bridge.cfg,
				218	cfg:: {
				219	image: "registry.k0.hswaw.net/informatic/matrix-appservice-irc:0.11.2",
				220	metadata: {},
				221	config: std.native("parseYaml")(importstr "appservice-irc.yaml")[0],
				222	storageClassName: "waw-hdd-redundant-1",
				223	},
				224
				225	config: kube.ConfigMap("appservice-irc-%s" % [name]) {
				226	metadata+: cfg.metadata,
				227	data: {
				228	"config.yaml": std.manifestJsonEx(cfg.config, ""),
				229	},
				230	},
				231
				232	dataVolume: kube.PersistentVolumeClaim("appservice-irc-%s" % [name]) {
				233	metadata+: cfg.metadata,
				234	spec+: {
				235	storageClassName: cfg.storageClassName,
				236	accessModes: [ "ReadWriteOnce" ],
				237	resources: {
				238	requests: {
				239	storage: "10Gi",
				240	},
				241	},
				242	},
				243	},
				244
				245	bootstrapJob: kube.Job("appservice-irc-%s-bootstrap" % [name]) {
				246	metadata+: cfg.metadata {
				247	labels: {
				248	"job-name": "appservice-irc-%s-bootstrap" % [name],
				249	},
				250	},
				251	spec+: {
				252	template+: {
				253	spec+: {
				254	volumes_: {
				255	config: kube.ConfigMapVolume(bridge.config),
				256	},
				257	containers_: {
				258	bootstrap: kube.Container("appservice-irc-%s-bootstrap" % [name]) {
				259	image: cfg.image,
				260	command: ["sh", "-c", "matrix-appservice-irc -r -u http://appservice-irc-%s:9999 -c /config/config.yaml -f /tmp/registration.yaml && cat /tmp/registration.yaml" % [name]],
				261	volumeMounts_: {
				262	config: { mountPath: "/config" },
				263	},
				264	},
				265	},
				266	},
				267	},
				268	},
				269	},
				270
				271	deployment: kube.Deployment("appservice-irc-%s" % [name]) {
				272	metadata+: cfg.metadata,
				273	spec+: {
				274	replicas: 1,
				275	template+: {
				276	spec+: {
				277	volumes_: {
				278	config: kube.ConfigMapVolume(bridge.config),
				279	data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
				280	registration: { secret: { secretName: "appservice-irc-%s-registration" % [name] } },
				281	},
				282	containers_: {
				283	appserviceIrc: kube.Container("appservice-irc-%s" % [name]) {
				284	image: cfg.image,
				285	command: ["matrix-appservice-irc", "-c", "/config/config.yaml", "-f", "/registration/registration.yaml", "-p", "9999"],
				286	ports_: {
				287	http: { containerPort: 9999 },
				288	},
				289	volumeMounts_: {
				290	registration: { mountPath: "/registration", },
				291	config: { mountPath: "/config", },
				292	data: { mountPath: "/data" },
				293	},
				294	},
				295	},
				296	},
				297	},
				298	},
				299	},
				300
				301	svc: kube.Service("appservice-irc-%s" % [name]) {
				302	metadata+: cfg.metadata,
				303	target_pod:: bridge.deployment.spec.template,
				304	},
				305	},
Piotr Dobrowolski	a222691	2019-05-14 18:49:29 +0200	[diff] [blame]	306	}