Convert metallb and matrix registraion to charts

README.md

@@ -94,7 +94,8 @@ kubectl get secrets -n datastore postgres-pguser-synapse -o json | jq 'del(.meta
 
 ### Mariadb
 ```sh
-helm install --create-namespace --namespace datastore mariadb  oci://registry-1.docker.io/bitnamicharts/mariadb --values mariadb/values.yaml
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm install --create-namespace --namespace datastore mariadb  bitnami/mariadb --values mariadb/values.yaml
 ```
 
 ## Goatchat (matrix)
@@ -136,6 +137,13 @@ helm upgrade --create-namespace \
 TODO: make this a helm app or replace with something better
 ```sh
 kubeclt apply -k matrix-registration
+helm upgrade --create-namespace \
+             --namespace goatchat \
+             gate ./matrix-registration \
+             --set registrationSharedSecret=$GOATCHAT_REGISTRATION_SHARED_SECRET \
+             --set adminApiSharedSecret=$GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET \
+             --values matrix-registration/values-overrides.yaml \
+             --install
 
 ```
 ## Ghost Blogs
@@ -195,7 +203,7 @@ kubectl create secret generic ghost-kgnot-db-secret --from-literal=mysql-passwor
 kubectl create secret generic kgnot-smtp-password --from-literal=smtp-password=$KNGOT_SMTP_PASSWORD
 helm upgrade --create-namespace \
              --namespace ghost \
-             kgnot-ghost oci://registry-1.docker.io/bitnamicharts/ghost \
+             kgnot-ghost bitnami/ghost \
              --set ghostUsername=$KGNOT_GHOST_USER_NAME \
              --values kgnot/values.yaml \
              --install
@@ -214,7 +222,7 @@ kubectl create secret generic ghost-53ll-db-secret --from-literal=mysql-password
 kubectl create secret generic 53ll-smtp-password --from-literal=smtp-password=$GHOST_53LL_SMTP_PASSWORD
 helm upgrade --create-namespace \
              --namespace ghost \
-             53ll-ghost oci://registry-1.docker.io/bitnamicharts/ghost \
+             53ll-ghost bitnami/ghost \
              --set ghostUsername=$GHOST_53LL_USER_NAME \
              --values 53ll/values.yaml \
              --install

matrix-registration/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v2
+name: matrix-registration
+description: A Helm chart for Kubernetes
+
+type: application
+version: 0.1.0
+
+appVersion: "0.9.1"

matrix-registration/config.yaml

@@ -1,47 +0,0 @@
-server_location: 'http://goatchat-matrix-synapse:8008'
-server_name: 'goatchat.ca'
-registration_shared_secret: #replace with shared registration secret
-admin_api_shared_secret: # replace with admin api shared secret
-base_url: '/gate' # e.g. '/element' for https://example.tld/element/register
-client_redirect: 'https://app.element.io/#/login'
-client_logo: 'static/images/element-logo.png' # use '{cwd}' for current working directory
-db: 'sqlite:///{cwd}db.sqlite3'
-host: '0.0.0.0'
-port: 5000
-rate_limit: ["100 per day", "10 per minute"]
-allow_cors: false
-ip_logging: false
-logging:
-  disable_existing_loggers: false
-  version: 1
-  root:
-    level: DEBUG
-    handlers: [console]
-  formatters:
-    brief:
-      format: '%(name)s - %(levelname)s - %(message)s'
-    precise:
-      format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
-  handlers:
-    console:
-      class: logging.StreamHandler
-      level: INFO
-      formatter: brief
-      stream: ext://sys.stdout
-    file:
-      class: logging.handlers.RotatingFileHandler
-      formatter: precise
-      level: INFO
-      filename: m_reg.log
-      maxBytes: 10485760 # 10MB
-      backupCount: 3
-      encoding: utf8
-# password requirements
-password:
-  min_length: 8
-# username requirements
-username:
-  validation_regex: [] #list of regexes that the selected username must match.        Example: '[a-zA-Z]\.[a-zA-Z]'
-  invalidation_regex: ['(admin|support|password)'] #list of regexes that the selected username must NOT match.  Example: '(admin|support)'
-
-

matrix-registration/kustomization.yaml

@@ -1,12 +0,0 @@
-namespace: goatchat
-namePrefix: goatchat-
-
-resources:
-  - service.yaml
-  - deployment.yaml
-  - route.yaml
-
-configMapGenerator:
-  - name: matrix-registration
-    files:
-      - config.yaml

matrix-registration/templates/config.yaml

@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
+data:
+  config.yaml: |
+    server_location: {{ .Values.serverLocation }}
+    server_name: {{ .Values.serverName }}
+    registration_shared_secret: {{ .Values.registrationSharedSecret }}
+    admin_api_shared_secret: {{ .Values.adminApiSharedSecret }}
+    base_url: {{ .Values.serverBaseUrl }}
+    client_redirect: 'https://app.element.io/#/login'
+    client_logo: 'static/images/element-logo.png' # use '{cwd}' for current working directory
+    db: 'sqlite:///{cwd}db.sqlite3'
+    host: '0.0.0.0'
+    port: 5000
+    rate_limit: ["100 per day", "10 per minute"]
+    allow_cors: false
+    ip_logging: false
+    logging:
+      disable_existing_loggers: false
+      version: 1
+      root:
+        level: DEBUG
+        handlers: [console]
+      formatters:
+        brief:
+          format: '%(name)s - %(levelname)s - %(message)s'
+        precise:
+          format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+      handlers:
+        console:
+          class: logging.StreamHandler
+          level: INFO
+          formatter: brief
+          stream: ext://sys.stdout
+        file:
+          class: logging.handlers.RotatingFileHandler
+          formatter: precise
+          level: INFO
+          filename: m_reg.log
+          maxBytes: 10485760 # 10MB
+          backupCount: 3
+          encoding: utf8
+    # password requirements
+    password:
+      min_length: 8
+    # username requirements
+    username:
+      validation_regex: [] #list of regexes that the selected username must match.        Example: '[a-zA-Z]\.[a-zA-Z]'
+      invalidation_regex: ['(admin|support|password)'] #list of regexes that the selected username must NOT match.  Example: '(admin|support)'
+

matrix-registration/templates/deployment.yaml

@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: matrix-registration
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
 spec:
   progressDeadlineSeconds: 600
   replicas: 1
@@ -23,7 +23,7 @@ spec:
     spec:
       securityContext: {}
       containers:
-      - image: zeratax/matrix-registration:v0.9.1
+      - image: zeratax/matrix-registration:{{ printf "v%s" .Chart.AppVersion }}
         imagePullPolicy: IfNotPresent
         name: matrix-registration
         args: ["serve"]
@@ -38,4 +38,7 @@ spec:
       volumes:
       - name: matrix-registration
         configMap:
-          name: matrix-registration
+          name: {{ printf "%s-matrix-registration" .Release.Name }}
+      - name: data
+        persistentVolumeClaim:
+          claimName: {{ printf "%s-matrix-registration" .Release.Name }}

matrix-registration/templates/pvc.yaml

@@ -0,0 +1,10 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage:  100M

matrix-registration/templates/route.yaml

@@ -1,7 +1,7 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: matrix-registration
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
 spec:
   entryPoints:
     - websecure
@@ -10,7 +10,7 @@ spec:
     kind: Rule
     services:
     - kind: Service
-      name: goatchat-matrix-registration
+      name: {{ printf "%s-matrix-registration" .Release.Name }}
       port: 5000
   tls:
     certResolver: letsencrypt

matrix-registration/templates/service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: matrix-registration
+  name: {{ printf "%s-matrix-registration" .Release.Name }}
 spec:
   selector:
     app: matrix-registration

matrix-registration/values-overrides.yaml

@@ -0,0 +1,5 @@
+serverLocation: http://goatchat-matrix-synapse:8008
+serverName: goatchat.ca
+serverBaseUrl: /gate
+registrationSharedSecret: # set through cli
+adminApiSharedSecret: # set through cli

matrix-registration/values.yaml

@@ -0,0 +1,5 @@
+# serverLocation:
+# serverName:
+# serverBaseUrl:
+# registrationSharedSecret:
+# adminApiSharedSecret:    

metallb/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: metallb
+  repository: https://metallb.github.io/metallb
+  version: 0.14.9
+digest: sha256:8708bfe866bbe248217dd96712591b7ffcfc939b46295ecd6dabeadbdd01185a
+generated: "2025-02-09T19:05:53.128925288-07:00"

metallb/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+name: metallb
+description: A Helm chart for Kubernetes
+
+type: application
+version: 0.1.0
+
+appVersion: "0.14.9"
+
+dependencies:
+- name: metallb
+  version: 0.14.9
+  repository: https://metallb.github.io/metallb

metallb/templates/namespace.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespace }}
+  labels:
+    - pod-security.kubernetes.io/enforce: privileged
+    - pod-security.kubernetes.io/audit: privileged
+    - pod-security.kubernetes.io/warn: privileged
+