From a714d65fff109c39b099d09aa7fd26716f2675cf Mon Sep 17 00:00:00 2001 From: Grant <5445379+grantdhunter@users.noreply.github.com> Date: Mon, 19 May 2025 13:51:07 -0600 Subject: [PATCH] Add k8up-backup and matrix-registration charts --- charts/k8up-backup/Chart.yaml | 6 +++ charts/k8up-backup/templates/backup.yaml | 23 ++++++++ charts/k8up-backup/templates/schedule.yaml | 35 +++++++++++++ charts/k8up-backup/templates/secrets.yaml | 14 +++++ charts/k8up-backup/values.yaml | 8 +++ charts/matrix-registration/Chart.yaml | 8 +++ .../matrix-registration/templates/config.yaml | 52 +++++++++++++++++++ .../templates/deployment.yaml | 44 ++++++++++++++++ charts/matrix-registration/templates/pvc.yaml | 10 ++++ .../matrix-registration/templates/route.yaml | 16 ++++++ .../templates/service.yaml | 11 ++++ charts/matrix-registration/values.yaml | 5 ++ 12 files changed, 232 insertions(+) create mode 100644 charts/k8up-backup/Chart.yaml create mode 100644 charts/k8up-backup/templates/backup.yaml create mode 100644 charts/k8up-backup/templates/schedule.yaml create mode 100644 charts/k8up-backup/templates/secrets.yaml create mode 100644 charts/k8up-backup/values.yaml create mode 100644 charts/matrix-registration/Chart.yaml create mode 100644 charts/matrix-registration/templates/config.yaml create mode 100644 charts/matrix-registration/templates/deployment.yaml create mode 100644 charts/matrix-registration/templates/pvc.yaml create mode 100644 charts/matrix-registration/templates/route.yaml create mode 100644 charts/matrix-registration/templates/service.yaml create mode 100644 charts/matrix-registration/values.yaml diff --git a/charts/k8up-backup/Chart.yaml b/charts/k8up-backup/Chart.yaml new file mode 100644 index 0000000..2b2ccad --- /dev/null +++ b/charts/k8up-backup/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: k8up-backup +description: A Helm chart for a k8up backup + +type: application +version: 0.0.3 diff --git a/charts/k8up-backup/templates/backup.yaml b/charts/k8up-backup/templates/backup.yaml new file mode 100644 index 0000000..e1d81e3 --- /dev/null +++ b/charts/k8up-backup/templates/backup.yaml @@ -0,0 +1,23 @@ +# {{- if .Values.oneTimeBackup }} + +apiVersion: k8up.io/v1 +kind: Backup +metadata: + name: {{ .Release.Name }} +spec: + failedJobsHistoryLimit: 2 + successfulJobsHistoryLimit: 2 + backend: + repoPasswordSecretRef: + name: "{{ .Release.Name }}-repopassword" + key: password + s3: + endpoint: "{{ .Values.endpoint }}" + bucket: "{{ .Values.bucket }}" + accessKeyIDSecretRef: + name: "{{ .Release.Name }}-credentials" + key: id + secretAccessKeySecretRef: + name: "{{ .Release.Name }}-credentials" + key: key +# {{- end }} diff --git a/charts/k8up-backup/templates/schedule.yaml b/charts/k8up-backup/templates/schedule.yaml new file mode 100644 index 0000000..702ad48 --- /dev/null +++ b/charts/k8up-backup/templates/schedule.yaml @@ -0,0 +1,35 @@ +# {{- if not .Values.oneTimeBackup }} +apiVersion: k8up.io/v1 +kind: Schedule +metadata: + name: "{{ .Release.Name }}-schedule" +spec: + backend: + repoPasswordSecretRef: + name: "{{ .Release.Name }}-repopassword" + key: password + s3: + endpoint: "{{ .Values.endpoint }}" + bucket: "{{ .Values.bucket }}" + accessKeyIDSecretRef: + name: "{{ .Release.Name }}-credentials" + key: id + secretAccessKeySecretRef: + name: "{{ .Release.Name }}-credentials" + key: key + backup: + schedule: '@hourly-random' + failedJobsHistoryLimit: 2 + successfulJobsHistoryLimit: 1 + check: + schedule: '@daily-random' + failedJobsHistoryLimit: 2 + successfulJobsHistoryLimit: 1 + prune: + schedule: '@weekly-random' + failedJobsHistoryLimit: 2 + successfulJobsHistoryLimit: 1 + retention: + keepLast: 5 + keep Daily: 14 +# {{- end }} diff --git a/charts/k8up-backup/templates/secrets.yaml b/charts/k8up-backup/templates/secrets.yaml new file mode 100644 index 0000000..6216ce4 --- /dev/null +++ b/charts/k8up-backup/templates/secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Release.Name }}-credentials" +data: + id: "{{ .Values.credentials.id | b64enc}}" + key: "{{ .Values.credentials.key | b64enc}}" +--- +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Release.Name }}-repopassword" +data: + password: "{{ .Values.repoPassword | b64enc}}" diff --git a/charts/k8up-backup/values.yaml b/charts/k8up-backup/values.yaml new file mode 100644 index 0000000..eb60222 --- /dev/null +++ b/charts/k8up-backup/values.yaml @@ -0,0 +1,8 @@ +# endpoint: +# bucket +# repoPassword: +# credentials: +# id: +# key: + +oneTimeBackup: false diff --git a/charts/matrix-registration/Chart.yaml b/charts/matrix-registration/Chart.yaml new file mode 100644 index 0000000..1bb8d82 --- /dev/null +++ b/charts/matrix-registration/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: matrix-registration +description: A Helm chart for Kubernetes + +type: application +version: 0.1.0 + +appVersion: "0.9.1" diff --git a/charts/matrix-registration/templates/config.yaml b/charts/matrix-registration/templates/config.yaml new file mode 100644 index 0000000..0b21d80 --- /dev/null +++ b/charts/matrix-registration/templates/config.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-matrix-registration" .Release.Name }} +data: + config.yaml: | + server_location: {{ .Values.serverLocation }} + server_name: {{ .Values.serverName }} + registration_shared_secret: {{ .Values.registrationSharedSecret }} + admin_api_shared_secret: {{ .Values.adminApiSharedSecret }} + base_url: {{ .Values.serverBaseUrl }} + client_redirect: 'https://app.element.io/#/login' + client_logo: 'static/images/element-logo.png' # use '{cwd}' for current working directory + db: 'sqlite:///{cwd}db.sqlite3' + host: '0.0.0.0' + port: 5000 + rate_limit: ["100 per day", "10 per minute"] + allow_cors: false + ip_logging: false + logging: + disable_existing_loggers: false + version: 1 + root: + level: DEBUG + handlers: [console] + formatters: + brief: + format: '%(name)s - %(levelname)s - %(message)s' + precise: + format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s' + handlers: + console: + class: logging.StreamHandler + level: INFO + formatter: brief + stream: ext://sys.stdout + file: + class: logging.handlers.RotatingFileHandler + formatter: precise + level: INFO + filename: m_reg.log + maxBytes: 10485760 # 10MB + backupCount: 3 + encoding: utf8 + # password requirements + password: + min_length: 8 + # username requirements + username: + validation_regex: [] #list of regexes that the selected username must match. Example: '[a-zA-Z]\.[a-zA-Z]' + invalidation_regex: ['(admin|support|password)'] #list of regexes that the selected username must NOT match. Example: '(admin|support)' + diff --git a/charts/matrix-registration/templates/deployment.yaml b/charts/matrix-registration/templates/deployment.yaml new file mode 100644 index 0000000..c43feb2 --- /dev/null +++ b/charts/matrix-registration/templates/deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ printf "%s-matrix-registration" .Release.Name }} +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + name: matrix-registration + app: matrix-registration + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + name: matrix-registration + app: matrix-registration + spec: + securityContext: {} + containers: + - image: zeratax/matrix-registration:{{ printf "v%s" .Chart.AppVersion }} + imagePullPolicy: IfNotPresent + name: matrix-registration + args: ["serve"] + ports: + - containerPort: 5000 + name: web + protocol: TCP + volumeMounts: + - mountPath: /data/config + name: matrix-registration + restartPolicy: Always + volumes: + - name: matrix-registration + configMap: + name: {{ printf "%s-matrix-registration" .Release.Name }} + - name: data + persistentVolumeClaim: + claimName: {{ printf "%s-matrix-registration" .Release.Name }} diff --git a/charts/matrix-registration/templates/pvc.yaml b/charts/matrix-registration/templates/pvc.yaml new file mode 100644 index 0000000..82ed09e --- /dev/null +++ b/charts/matrix-registration/templates/pvc.yaml @@ -0,0 +1,10 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "%s-matrix-registration" .Release.Name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100M diff --git a/charts/matrix-registration/templates/route.yaml b/charts/matrix-registration/templates/route.yaml new file mode 100644 index 0000000..0326bec --- /dev/null +++ b/charts/matrix-registration/templates/route.yaml @@ -0,0 +1,16 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: {{ printf "%s-matrix-registration" .Release.Name }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`goatchat.ca`) && PathPrefix(`/gate/`) + kind: Rule + services: + - kind: Service + name: {{ printf "%s-matrix-registration" .Release.Name }} + port: 5000 + tls: + certResolver: letsencrypt diff --git a/charts/matrix-registration/templates/service.yaml b/charts/matrix-registration/templates/service.yaml new file mode 100644 index 0000000..3dc3019 --- /dev/null +++ b/charts/matrix-registration/templates/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-matrix-registration" .Release.Name }} +spec: + selector: + app: matrix-registration + ports: + - name: web + protocol: TCP + port: 5000 diff --git a/charts/matrix-registration/values.yaml b/charts/matrix-registration/values.yaml new file mode 100644 index 0000000..c1c8a67 --- /dev/null +++ b/charts/matrix-registration/values.yaml @@ -0,0 +1,5 @@ +# serverLocation: +# serverName: +# serverBaseUrl: +# registrationSharedSecret: +# adminApiSharedSecret: