2020-11-03 18:17:25 +00:00
|
|
|
local kube = import "../../../kube/kube.libsonnet";
|
2020-08-24 19:11:10 +00:00
|
|
|
|
|
|
|
{
|
|
|
|
AppServiceIrc(name):: {
|
|
|
|
local bridge = self,
|
|
|
|
local cfg = bridge.cfg,
|
|
|
|
cfg:: {
|
|
|
|
metadata: {},
|
2021-02-13 19:17:33 +00:00
|
|
|
config: std.native("parseYaml")(importstr "appservice/appservice-irc.yaml")[0] {
|
|
|
|
ircService+: {
|
|
|
|
[if cfg.passwordEncryptionKeySecret != null then "passwordEncryptionKeyPath"]: "/key/key.pem"
|
|
|
|
},
|
|
|
|
},
|
2020-08-24 19:11:10 +00:00
|
|
|
image: error "image must be set",
|
|
|
|
storageClassName: error "storageClassName must be set",
|
2021-02-13 19:17:33 +00:00
|
|
|
|
|
|
|
# RSA encryption private key secret name containing "key.pem" key
|
|
|
|
# Create using:
|
|
|
|
# kubectl -n matrix create secret generic appservice-irc-password-encryption-key --from-file=key.pem=<(openssl genpkey -out - -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048)
|
|
|
|
passwordEncryptionKeySecret: null,
|
2020-08-24 19:11:10 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
config: kube.ConfigMap("appservice-irc-%s" % [name]) {
|
|
|
|
metadata+: cfg.metadata,
|
|
|
|
data: {
|
|
|
|
"config.yaml": std.manifestJsonEx(cfg.config, ""),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
dataVolume: kube.PersistentVolumeClaim("appservice-irc-%s" % [name]) {
|
|
|
|
metadata+: cfg.metadata,
|
|
|
|
spec+: {
|
|
|
|
storageClassName: cfg.storageClassName,
|
|
|
|
accessModes: [ "ReadWriteOnce" ],
|
|
|
|
resources: {
|
|
|
|
requests: {
|
|
|
|
storage: "10Gi",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
bootstrapJob: kube.Job("appservice-irc-%s-bootstrap" % [name]) {
|
|
|
|
metadata+: cfg.metadata {
|
|
|
|
labels: {
|
|
|
|
"job-name": "appservice-irc-%s-bootstrap" % [name],
|
|
|
|
},
|
|
|
|
},
|
|
|
|
spec+: {
|
|
|
|
template+: {
|
|
|
|
spec+: {
|
|
|
|
volumes_: {
|
|
|
|
config: kube.ConfigMapVolume(bridge.config),
|
|
|
|
},
|
|
|
|
containers_: {
|
|
|
|
bootstrap: kube.Container("appservice-irc-%s-bootstrap" % [name]) {
|
|
|
|
image: cfg.image,
|
|
|
|
command: ["sh", "-c", "node app.js -r -u http://appservice-irc-%s:9999 -c /config/config.yaml -f /tmp/registration.yaml && cat /tmp/registration.yaml" % [name]],
|
|
|
|
volumeMounts_: {
|
|
|
|
config: { mountPath: "/config" },
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
deployment: kube.Deployment("appservice-irc-%s" % [name]) {
|
|
|
|
metadata+: cfg.metadata,
|
|
|
|
spec+: {
|
|
|
|
replicas: 1,
|
|
|
|
template+: {
|
|
|
|
spec+: {
|
|
|
|
volumes_: {
|
|
|
|
config: kube.ConfigMapVolume(bridge.config),
|
|
|
|
data: kube.PersistentVolumeClaimVolume(bridge.dataVolume),
|
|
|
|
registration: { secret: { secretName: "appservice-irc-%s-registration" % [name] } },
|
2021-02-13 19:17:33 +00:00
|
|
|
} + (if cfg.passwordEncryptionKeySecret != null then {
|
|
|
|
key: { secret: { secretName: cfg.passwordEncryptionKeySecret } },
|
|
|
|
} else {}),
|
2020-08-24 19:11:10 +00:00
|
|
|
nodeSelector: cfg.nodeSelector,
|
|
|
|
containers_: {
|
|
|
|
appserviceIrc: kube.Container("appservice-irc-%s" % [name]) {
|
|
|
|
image: cfg.image,
|
|
|
|
command: ["node", "app.js", "-c", "/config/config.yaml", "-f", "/registration/registration.yaml", "-p", "9999"],
|
|
|
|
ports_: {
|
|
|
|
http: { containerPort: 9999 },
|
|
|
|
},
|
|
|
|
volumeMounts_: {
|
|
|
|
registration: { mountPath: "/registration", },
|
|
|
|
config: { mountPath: "/config", },
|
|
|
|
data: { mountPath: "/data" },
|
2021-02-13 19:17:33 +00:00
|
|
|
} + (if cfg.passwordEncryptionKeySecret != null then {
|
|
|
|
key: { mountPath: "/key" },
|
|
|
|
} else {}),
|
2020-08-24 19:11:10 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
svc: kube.Service("appservice-irc-%s" % [name]) {
|
|
|
|
metadata+: cfg.metadata,
|
|
|
|
target_pod:: bridge.deployment.spec.template,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|