diff --git a/README.md b/README.md index 2c5d6df..a20eeca 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,8 @@ kubectl get secrets -n datastore postgres-pguser-synapse -o json | jq 'del(.meta ### Mariadb ```sh -helm install --create-namespace --namespace datastore mariadb oci://registry-1.docker.io/bitnamicharts/mariadb --values mariadb/values.yaml +helm repo add bitnami https://charts.bitnami.com/bitnami +helm install --create-namespace --namespace datastore mariadb bitnami/mariadb --values mariadb/values.yaml ``` ## Goatchat (matrix) @@ -136,6 +137,13 @@ helm upgrade --create-namespace \ TODO: make this a helm app or replace with something better ```sh kubeclt apply -k matrix-registration +helm upgrade --create-namespace \ + --namespace goatchat \ + gate ./matrix-registration \ + --set registrationSharedSecret=$GOATCHAT_REGISTRATION_SHARED_SECRET \ + --set adminApiSharedSecret=$GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET \ + --values matrix-registration/values-overrides.yaml \ + --install ``` ## Ghost Blogs @@ -195,7 +203,7 @@ kubectl create secret generic ghost-kgnot-db-secret --from-literal=mysql-passwor kubectl create secret generic kgnot-smtp-password --from-literal=smtp-password=$KNGOT_SMTP_PASSWORD helm upgrade --create-namespace \ --namespace ghost \ - kgnot-ghost oci://registry-1.docker.io/bitnamicharts/ghost \ + kgnot-ghost bitnami/ghost \ --set ghostUsername=$KGNOT_GHOST_USER_NAME \ --values kgnot/values.yaml \ --install @@ -214,7 +222,7 @@ kubectl create secret generic ghost-53ll-db-secret --from-literal=mysql-password kubectl create secret generic 53ll-smtp-password --from-literal=smtp-password=$GHOST_53LL_SMTP_PASSWORD helm upgrade --create-namespace \ --namespace ghost \ - 53ll-ghost oci://registry-1.docker.io/bitnamicharts/ghost \ + 53ll-ghost bitnami/ghost \ --set ghostUsername=$GHOST_53LL_USER_NAME \ --values 53ll/values.yaml \ --install diff --git a/matrix-registration/Chart.yaml b/matrix-registration/Chart.yaml new file mode 100644 index 0000000..1bb8d82 --- /dev/null +++ b/matrix-registration/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: matrix-registration +description: A Helm chart for Kubernetes + +type: application +version: 0.1.0 + +appVersion: "0.9.1" diff --git a/matrix-registration/config.yaml b/matrix-registration/config.yaml deleted file mode 100644 index 15bf9bd..0000000 --- a/matrix-registration/config.yaml +++ /dev/null @@ -1,47 +0,0 @@ -server_location: 'http://goatchat-matrix-synapse:8008' -server_name: 'goatchat.ca' -registration_shared_secret: #replace with shared registration secret -admin_api_shared_secret: # replace with admin api shared secret -base_url: '/gate' # e.g. '/element' for https://example.tld/element/register -client_redirect: 'https://app.element.io/#/login' -client_logo: 'static/images/element-logo.png' # use '{cwd}' for current working directory -db: 'sqlite:///{cwd}db.sqlite3' -host: '0.0.0.0' -port: 5000 -rate_limit: ["100 per day", "10 per minute"] -allow_cors: false -ip_logging: false -logging: - disable_existing_loggers: false - version: 1 - root: - level: DEBUG - handlers: [console] - formatters: - brief: - format: '%(name)s - %(levelname)s - %(message)s' - precise: - format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s' - handlers: - console: - class: logging.StreamHandler - level: INFO - formatter: brief - stream: ext://sys.stdout - file: - class: logging.handlers.RotatingFileHandler - formatter: precise - level: INFO - filename: m_reg.log - maxBytes: 10485760 # 10MB - backupCount: 3 - encoding: utf8 -# password requirements -password: - min_length: 8 -# username requirements -username: - validation_regex: [] #list of regexes that the selected username must match. Example: '[a-zA-Z]\.[a-zA-Z]' - invalidation_regex: ['(admin|support|password)'] #list of regexes that the selected username must NOT match. Example: '(admin|support)' - - diff --git a/matrix-registration/kustomization.yaml b/matrix-registration/kustomization.yaml deleted file mode 100644 index e53b0b2..0000000 --- a/matrix-registration/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -namespace: goatchat -namePrefix: goatchat- - -resources: - - service.yaml - - deployment.yaml - - route.yaml - -configMapGenerator: - - name: matrix-registration - files: - - config.yaml diff --git a/matrix-registration/templates/config.yaml b/matrix-registration/templates/config.yaml new file mode 100644 index 0000000..0b21d80 --- /dev/null +++ b/matrix-registration/templates/config.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-matrix-registration" .Release.Name }} +data: + config.yaml: | + server_location: {{ .Values.serverLocation }} + server_name: {{ .Values.serverName }} + registration_shared_secret: {{ .Values.registrationSharedSecret }} + admin_api_shared_secret: {{ .Values.adminApiSharedSecret }} + base_url: {{ .Values.serverBaseUrl }} + client_redirect: 'https://app.element.io/#/login' + client_logo: 'static/images/element-logo.png' # use '{cwd}' for current working directory + db: 'sqlite:///{cwd}db.sqlite3' + host: '0.0.0.0' + port: 5000 + rate_limit: ["100 per day", "10 per minute"] + allow_cors: false + ip_logging: false + logging: + disable_existing_loggers: false + version: 1 + root: + level: DEBUG + handlers: [console] + formatters: + brief: + format: '%(name)s - %(levelname)s - %(message)s' + precise: + format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s' + handlers: + console: + class: logging.StreamHandler + level: INFO + formatter: brief + stream: ext://sys.stdout + file: + class: logging.handlers.RotatingFileHandler + formatter: precise + level: INFO + filename: m_reg.log + maxBytes: 10485760 # 10MB + backupCount: 3 + encoding: utf8 + # password requirements + password: + min_length: 8 + # username requirements + username: + validation_regex: [] #list of regexes that the selected username must match. Example: '[a-zA-Z]\.[a-zA-Z]' + invalidation_regex: ['(admin|support|password)'] #list of regexes that the selected username must NOT match. Example: '(admin|support)' + diff --git a/matrix-registration/deployment.yaml b/matrix-registration/templates/deployment.yaml similarity index 71% rename from matrix-registration/deployment.yaml rename to matrix-registration/templates/deployment.yaml index 4b0910f..c43feb2 100644 --- a/matrix-registration/deployment.yaml +++ b/matrix-registration/templates/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: matrix-registration + name: {{ printf "%s-matrix-registration" .Release.Name }} spec: progressDeadlineSeconds: 600 replicas: 1 @@ -23,7 +23,7 @@ spec: spec: securityContext: {} containers: - - image: zeratax/matrix-registration:v0.9.1 + - image: zeratax/matrix-registration:{{ printf "v%s" .Chart.AppVersion }} imagePullPolicy: IfNotPresent name: matrix-registration args: ["serve"] @@ -38,4 +38,7 @@ spec: volumes: - name: matrix-registration configMap: - name: matrix-registration + name: {{ printf "%s-matrix-registration" .Release.Name }} + - name: data + persistentVolumeClaim: + claimName: {{ printf "%s-matrix-registration" .Release.Name }} diff --git a/matrix-registration/templates/pvc.yaml b/matrix-registration/templates/pvc.yaml new file mode 100644 index 0000000..82ed09e --- /dev/null +++ b/matrix-registration/templates/pvc.yaml @@ -0,0 +1,10 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "%s-matrix-registration" .Release.Name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100M diff --git a/matrix-registration/route.yaml b/matrix-registration/templates/route.yaml similarity index 68% rename from matrix-registration/route.yaml rename to matrix-registration/templates/route.yaml index b49465f..0326bec 100644 --- a/matrix-registration/route.yaml +++ b/matrix-registration/templates/route.yaml @@ -1,7 +1,7 @@ apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: matrix-registration + name: {{ printf "%s-matrix-registration" .Release.Name }} spec: entryPoints: - websecure @@ -10,7 +10,7 @@ spec: kind: Rule services: - kind: Service - name: goatchat-matrix-registration + name: {{ printf "%s-matrix-registration" .Release.Name }} port: 5000 tls: certResolver: letsencrypt diff --git a/matrix-registration/service.yaml b/matrix-registration/templates/service.yaml similarity index 71% rename from matrix-registration/service.yaml rename to matrix-registration/templates/service.yaml index ede800f..3dc3019 100644 --- a/matrix-registration/service.yaml +++ b/matrix-registration/templates/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: matrix-registration + name: {{ printf "%s-matrix-registration" .Release.Name }} spec: selector: app: matrix-registration diff --git a/matrix-registration/values-overrides.yaml b/matrix-registration/values-overrides.yaml new file mode 100644 index 0000000..302e072 --- /dev/null +++ b/matrix-registration/values-overrides.yaml @@ -0,0 +1,5 @@ +serverLocation: http://goatchat-matrix-synapse:8008 +serverName: goatchat.ca +serverBaseUrl: /gate +registrationSharedSecret: # set through cli +adminApiSharedSecret: # set through cli diff --git a/matrix-registration/values.yaml b/matrix-registration/values.yaml new file mode 100644 index 0000000..c1c8a67 --- /dev/null +++ b/matrix-registration/values.yaml @@ -0,0 +1,5 @@ +# serverLocation: +# serverName: +# serverBaseUrl: +# registrationSharedSecret: +# adminApiSharedSecret: diff --git a/metallb/Chart.lock b/metallb/Chart.lock new file mode 100644 index 0000000..99261cb --- /dev/null +++ b/metallb/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: metallb + repository: https://metallb.github.io/metallb + version: 0.14.9 +digest: sha256:8708bfe866bbe248217dd96712591b7ffcfc939b46295ecd6dabeadbdd01185a +generated: "2025-02-09T19:05:53.128925288-07:00" diff --git a/metallb/Chart.yaml b/metallb/Chart.yaml new file mode 100644 index 0000000..a5ee1e4 --- /dev/null +++ b/metallb/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: metallb +description: A Helm chart for Kubernetes + +type: application +version: 0.1.0 + +appVersion: "0.14.9" + +dependencies: +- name: metallb + version: 0.14.9 + repository: https://metallb.github.io/metallb diff --git a/metallb/ipaddresspool.yaml b/metallb/templates/ipaddresspool.yaml similarity index 100% rename from metallb/ipaddresspool.yaml rename to metallb/templates/ipaddresspool.yaml diff --git a/metallb/l2advertisement.yaml b/metallb/templates/l2advertisement.yaml similarity index 100% rename from metallb/l2advertisement.yaml rename to metallb/templates/l2advertisement.yaml diff --git a/metallb/templates/namespace.yaml b/metallb/templates/namespace.yaml new file mode 100644 index 0000000..32174d9 --- /dev/null +++ b/metallb/templates/namespace.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} + labels: + - pod-security.kubernetes.io/enforce: privileged + - pod-security.kubernetes.io/audit: privileged + - pod-security.kubernetes.io/warn: privileged + diff --git a/metallb/values.yaml b/metallb/values.yaml new file mode 100644 index 0000000..e69de29