forked from hswaw/hscloud
radex
0776a79df3
Change-Id: Iec3505b2f4a1647e67cf47cf189c77534b5be6ac Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1696 Reviewed-by: q3k <q3k@hackerspace.pl>
209 lines
8.9 KiB
Text
209 lines
8.9 KiB
Text
local kube = import "../../kube/kube.libsonnet";
|
|
|
|
{
|
|
local top = self,
|
|
env(ns, name):: {
|
|
local env = self,
|
|
local cfg = env.cfg,
|
|
cfg:: {
|
|
name: name,
|
|
displayName: name,
|
|
image: "mbround18/valheim:latest",
|
|
password: error "password must be set",
|
|
storageClassName: "waw-hdd-redundant-3",
|
|
port: 2456,
|
|
},
|
|
|
|
local named = function(component) "%s-%s" % [name, component],
|
|
|
|
game: {
|
|
local game = self,
|
|
pvcs: {
|
|
backups: ns.Contain(kube.PersistentVolumeClaim(named("backups"))) {
|
|
spec+: {
|
|
storageClassName: cfg.storageClassName,
|
|
accessModes: ["ReadWriteOnce"],
|
|
resources: {
|
|
requests: { storage: "10Gi" },
|
|
},
|
|
},
|
|
},
|
|
saves: ns.Contain(kube.PersistentVolumeClaim(named("saves"))) {
|
|
spec+: {
|
|
storageClassName: cfg.storageClassName,
|
|
accessModes: ["ReadWriteOnce"],
|
|
resources: {
|
|
requests: { storage: "10Gi" },
|
|
},
|
|
},
|
|
},
|
|
server: ns.Contain(kube.PersistentVolumeClaim(named("server"))) {
|
|
spec+: {
|
|
storageClassName: cfg.storageClassName,
|
|
accessModes: ["ReadWriteOnce"],
|
|
resources: {
|
|
requests: { storage: "10Gi" },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
svc: ns.Contain(kube.Service(named("external"))) {
|
|
target_pod:: game.deployment.spec.template,
|
|
spec+: {
|
|
ports: kube.mapToNamedList({
|
|
zero: { port: cfg.port, targetPort: cfg.port, protocol: "UDP" },
|
|
one: { port: cfg.port+1, targetPort: cfg.port+1, protocol: "UDP" },
|
|
two: { port: cfg.port+2, targetPort: cfg.port+2, protocol: "UDP" },
|
|
}),
|
|
type: "LoadBalancer",
|
|
},
|
|
},
|
|
|
|
// Given to some external users/systems which manage a given valheim server in a namespace.
|
|
// TODO(q3k): only grant privileges to the same server
|
|
controlAccount: {
|
|
svcAccount: ns.Contain(kube.ServiceAccount(named("control"))),
|
|
role: ns.Contain(kube.Role("control")) {
|
|
rules: [
|
|
{
|
|
apiGroups: [""],
|
|
resources: ["pods"],
|
|
verbs: ["get", "list", "watch", "delete"],
|
|
},
|
|
{
|
|
apiGroups: [""],
|
|
resources: ["pods/log"],
|
|
verbs: ["get"],
|
|
},
|
|
{
|
|
apiGroups: ["apps"],
|
|
resources: ["deployments"],
|
|
verbs: ["get", "list", "watch"],
|
|
},
|
|
],
|
|
},
|
|
roleBinding: ns.Contain(kube.RoleBinding(named("control"))) {
|
|
subjects_: [
|
|
game.controlAccount.svcAccount,
|
|
],
|
|
roleRef_: game.controlAccount.role,
|
|
},
|
|
},
|
|
|
|
scripts: ns.Contain(kube.ConfigMap(named("scripts"))) {
|
|
data: {
|
|
# Based on https://github.com/mbround18/valheim-docker ,
|
|
# removed all reliance on running as root (thus removed
|
|
# autoupdater/autobackups).
|
|
"entrypoint.sh": |||
|
|
#!/usr/bin/env bash
|
|
log() {
|
|
PREFIX="[entrypoint]"
|
|
printf "%-16s: %s\n" "${PREFIX}" "$1"
|
|
}
|
|
line() {
|
|
log "==========================================================================="
|
|
}
|
|
setup_filesystem() {
|
|
log "Setting up file systems"
|
|
mkdir -p /home/steam/valheim
|
|
mkdir -p /home/steam/valheim/logs
|
|
mkdir -p /home/steam/backups
|
|
mkdir -p /home/steam/scripts
|
|
mkdir -p /home/steam/valheim
|
|
cp /home/steam/steamcmd/linux64/steamclient.so /home/steam/valheim
|
|
}
|
|
line
|
|
log "Valheim Server - $(date)"
|
|
log "Initializing your container..."
|
|
line
|
|
setup_filesystem
|
|
log "Launching the rest of the fucking owl"
|
|
export HOME=/home/steam
|
|
cd /home/steam/valheim || exit 1
|
|
exec "$@"
|
|
|||
|
|
},
|
|
},
|
|
secret: ns.Contain(kube.Secret(named("game"))) {
|
|
data_: {
|
|
# public game password
|
|
public: cfg.password,
|
|
},
|
|
},
|
|
deployment: ns.Contain(kube.Deployment(named("game"))) {
|
|
spec+: {
|
|
template+: {
|
|
spec+: {
|
|
containers_: {
|
|
default: kube.Container("default") {
|
|
image: cfg.image,
|
|
command: [
|
|
"/bin/bash", "/scripts/entrypoint.sh", "/home/steam/scripts/start_valheim.sh",
|
|
],
|
|
volumeMounts_: {
|
|
backups: { mountPath: "/home/steam/backups" },
|
|
saves: { mountPath: "/home/steam/.config/unity3d/IronGate/Valheim" },
|
|
server: { mountPath: "/home/steam/valheim" },
|
|
scripts: { mountPath: "/scripts" },
|
|
},
|
|
ports_: {
|
|
zero: { containerPort: cfg.port },
|
|
one: { containerPort: cfg.port + 1 },
|
|
two: { containerPort: cfg.port + 2 },
|
|
},
|
|
env_: {
|
|
PUBLIC: "1",
|
|
PASSWORD: kube.SecretKeyRef(game.secret, "public"),
|
|
NAME: cfg.displayName,
|
|
# Always attempt to update valheim on startup.
|
|
FORCE_INSTALL: "1",
|
|
},
|
|
resources: {
|
|
requests: {
|
|
cpu: "500m",
|
|
memory: "2Gi",
|
|
},
|
|
limits: {
|
|
cpu: "1000m",
|
|
memory: "4Gi",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
securityContext: {
|
|
runAsUser: 1000,
|
|
runAsGroup: 1000,
|
|
fsGroup: 1000,
|
|
},
|
|
volumes_: {
|
|
backups: kube.PersistentVolumeClaimVolume(game.pvcs.backups),
|
|
saves: kube.PersistentVolumeClaimVolume(game.pvcs.saves),
|
|
server: kube.PersistentVolumeClaimVolume(game.pvcs.server),
|
|
scripts: kube.ConfigMapVolume(game.scripts),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
# Make namespace for valheim.
|
|
ns: kube.Namespace("valheim"),
|
|
|
|
q3k: top.env(top.ns, "q3k") {
|
|
cfg+: {
|
|
ns: "valheim",
|
|
password: (std.split(importstr "secrets/plain/q3k-public", "\n"))[0],
|
|
displayName: "wypierdol z polski xD",
|
|
},
|
|
},
|
|
q3k2: top.env(top.ns, "q3k2") {
|
|
cfg+: {
|
|
ns: "valheim",
|
|
password: (std.split(importstr "secrets/plain/q3k2-public", "\n"))[0],
|
|
displayName: "walhajm",
|
|
},
|
|
},
|
|
}
|