AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test

Browse Source
This commit is contained in:
admin
2025-12-22 08:24:52 +01:00
parent 4b6f071349
commit d623200d5d
50 changed files with 3941 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lp/dnsutils/dnsutils.yaml Executable file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Namespace
metadata:
name: dnsutils
---
apiVersion: v1
kind: Pod
metadata:
name: dnsutils
namespace: dnsutils
spec:
containers:
- name: dnsutils
image: tutum/dnsutils:latest
command:
- sleep
- "infinity"
imagePullPolicy: IfNotPresent
restartPolicy: Always

24
lp/hookshot/hookshot/.helmignore Normal file
View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
*.tgz

7
lp/hookshot/hookshot/.yamllint Normal file
View File

@@ -0,0 +1,7 @@
---
extends: default
rules:
line-length:
level: warning
max: 120
braces: disable

6
lp/hookshot/hookshot/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v2
appVersion: 6.0.2
description: Deploy a Matrix Hookshot instance to Kubernetes
name: hookshot
type: application
version: 0.1.16

122
lp/hookshot/hookshot/README.md Normal file
View File

@@ -0,0 +1,122 @@
# hookshot
![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.2.0](https://img.shields.io/badge/AppVersion-3.2.0-informational?style=flat-square)
Deploy a Matrix Hookshot instance to Kubernetes
Status: Beta
## About
This chart creates a basic Hookshot deployment inside Kubernetes.
# Installation
You'll need to have the Helm repository added to your local environment:
``` bash
helm repo add hookshot https://matrix-org.github.io/matrix-hookshot
helm repo update
```
Which should allow you to see the Hookshot chart in the repo:
``` bash
helm search repo hookshot
NAME CHART VERSION APP VERSION DESCRIPTION
matrix-org/hookshot 0.1.13 1.16.0 A Helm chart for Kubernetes
```
Before you can install, however, you'll need to make sure to configure Hookshot properly.
# Configuration
You'll need to create a `values.yaml` for your deployment of this chart. You can use the [included defaults](./values.yaml) as a starting point.
## Helm Values
To configure Hookshot-specific parameters, the value `.Values.hookshot.config` accepts an arbitrary YAML map as configuration. This gets templated into the container by [templates/configmap.yaml](./templates/configmap.yaml) - thus anything you can set in the [Example Configuration](https://matrix-org.github.io/matrix-hookshot/latest/setup/sample-configuration.html) can be set here.
## Existing configuration
If you have an existing configuration file for Hookshot, you can create a configmap like so:
``` bash
kubectl create --namespace "your hookshot namespace" configmap hookshot-custom-config --from-file=config.yml --from-file=registration.yml --from-file=passkey.pem
```
Note that the filenames must remain as listed based on the templating done in [templates/configmap.yaml](./templates/configmap.yaml)
Once created, you can set `.Values.hookshot.existingConfigMap` to `custom-hookshot-config` (or whichever name you chose for your secret) and set `.Values.hookshot.config` to `{}` or null to prevent confusion with the default parameters.
# Installation
Once you have your `values.yaml` file ready you can install the chart like this:
``` bash
helm install hookshot --create-namespace --namespace hookshot matrix-org/hookshot -f values.yaml
```
And upgrades can be done via:
``` bash
helm upgrade hookshot --namespace hookshot matrix-org/hookshot -f values.yaml
```
# External access
You'll need to configure your Ingress connectivity according to your environment. This chart should be compatible with most Ingress controllers and has been tested successfully with [ingress-nginx](https://github.com/kubernetes/ingress-nginx) and EKS ALB. You should also ensure that you have a way to provision certificates i.e. [cert-manager](https://cert-manager.io/) as HTTPS is required for appservice traffic.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity settings for deployment |
| autoscaling.enabled | bool | `false` | |
| fullnameOverride | string | `""` | Full name override for helm chart |
| hookshot.config | object | `{"bridge":{"bindAddress":"0.0.0.0","domain":"example.com","port":9002,"url":"https://example.com"},"generic":{"allowJsTransformationFunctions":true,"enableHttpGet":false,"enabled":true,"urlPrefix":"https://example.com/","userIdPrefix":"_webhooks_","waitForComplete":false},"listeners":[{"bindAddress":"0.0.0.0","port":9000,"resources":["webhooks","widgets"]},{"bindAddress":"0.0.0.0","port":9001,"resources":["metrics"]}],"logging":{"colorize":false,"json":false,"level":"info","timestampFormat":"HH:mm:ss:SSS"},"metrics":{"enabled":true},"passFile":"/data/passkey.pem","widgets":{"addToAdminRooms":false,"branding":{"widgetTitle":"Hookshot Configuration"},"publicUrl":"https://webhook-hookshot.example.com/widgetapi/v1/static","roomSetupWidget":{"addOnInvite":false},"setRoomName":false}}` | Raw Hookshot configuration. Gets templated into a YAML file and then loaded unless an existingConfigMap is specified. |
| hookshot.existingConfigMap | string | `nil` | Name of existing ConfigMap with valid Hookshot configuration |
| hookshot.passkey | string | `""` | |
| hookshot.registration.as_token | string | `""` | |
| hookshot.registration.hs_token | string | `""` | |
| hookshot.registration.id | string | `"matrix-hookshot"` | |
| hookshot.registration.namespaces.rooms | list | `[]` | |
| hookshot.registration.namespaces.users | list | `[]` | |
| hookshot.registration.rate_limited | bool | `false` | |
| hookshot.registration.sender_localpart | string | `"hookshot"` | |
| hookshot.registration.url | string | `"http://example.com"` | |
| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for Hookshot image |
| image.repository | string | `"halfshot/matrix-hookshot"` | Repository to pull hookshot image from |
| image.tag | string | `nil` | Image tag to pull. Defaults to chart's appVersion value as set in Chart.yaml |
| imagePullSecrets | list | `[]` | List of names of k8s secrets to be used as ImagePullSecrets for the pod |
| ingress.appservice.annotations | object | `{}` | Annotations for appservice ingress |
| ingress.appservice.className | string | `""` | Ingress class name for appservice ingress |
| ingress.appservice.enabled | bool | `false` | Enable ingress for appservice |
| ingress.appservice.hosts | list | `[]` | Host configuration for appservice ingress |
| ingress.appservice.tls | list | `[]` | TLS configuration for appservice ingress |
| ingress.webhook.annotations | object | `{}` | Annotations for webhook ingress |
| ingress.webhook.className | string | `""` | Ingress class name for webhook ingress |
| ingress.webhook.enabled | bool | `false` | Enable ingress for webhook |
| ingress.webhook.hosts | list | `[]` | Host configuration for webhook ingress |
| ingress.webhook.tls | list | `[]` | TLS configuration for webhook ingress |
| nameOverride | string | `""` | Name override for helm chart |
| nodeSelector | object | `{}` | Node selector parameters |
| podAnnotations | object | `{}` | Extra annotations for Hookshot pod |
| podSecurityContext | object | `{}` | Pod security context settings |
| replicaCount | int | `1` | Number of replicas to deploy. Consequences of using multiple Hookshot replicas currently unknown. |
| resources | object | `{}` | Pod resource requests / limits |
| securityContext | object | `{}` | Security context settings |
| service.annotations | object | `{}` | Extra annotations for service |
| service.appservice.port | int | `9002` | Appservice port as configured in container |
| service.labels | object | `{}` | Extra labels for service |
| service.metrics.port | int | `9001` | Metrics port as configured in container |
| service.port | int | `80` | Port for Hookshot service |
| service.type | string | `"ClusterIP"` | Service type for Hookshot service |
| service.webhook.port | int | `9000` | Webhook port as configured in container |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | Tolerations for deployment |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

74
lp/hookshot/hookshot/README.md.gotmpl Normal file
View File

@@ -0,0 +1,74 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.badgesSection" . }}
{{ template "chart.description" . }}
Status: Beta
## About
This chart creates a basic Hookshot deployment inside Kubernetes.
# Installation
You'll need to have the Helm repository added to your local environment:
``` bash
helm repo add hookshot https://matrix-org.github.io/matrix-hookshot
helm repo update
```
Which should allow you to see the Hookshot chart in the repo:
``` bash
helm search repo hookshot
NAME CHART VERSION APP VERSION DESCRIPTION
matrix-org/hookshot 0.1.13 1.16.0 A Helm chart for Kubernetes
```
Before you can install, however, you'll need to make sure to configure Hookshot properly.
# Configuration
You'll need to create a `values.yaml` for your deployment of this chart. You can use the [included defaults](./values.yaml) as a starting point.
## Helm Values
To configure Hookshot-specific parameters, the value `.Values.hookshot.config` accepts an arbitrary YAML map as configuration. This gets templated into the container by [templates/configmap.yaml](./templates/configmap.yaml) - thus anything you can set in the [Example Configuration](https://matrix-org.github.io/matrix-hookshot/latest/setup/sample-configuration.html) can be set here.
## Existing configuration
If you have an existing configuration file for hookshot, you can create a configmap like so:
``` bash
kubectl create --namespace "your hookshot namespace" configmap hookshot-custom-config --from-file=config.yml --from-file=registration.yml --from-file=passkey.pem
```
Note that the filenames must remain as listed based on the templating done in [templates/configmap.yaml](./templates/configmap.yaml)
Once created, you can set `.Values.hookshot.existingConfigMap` to `custom-hookshot-config` (or whichever name you chose for your secret) and set `.Values.hookshot.config` to `{}` or null to prevent confusion with the default parameters.
# Installation
Once you have your `values.yaml` file ready you can install the chart like this:
``` bash
helm install hookshot --create-namespace --namespace hookshot matrix-org/hookshot -f values.yaml
```
And upgrades can be done via:
``` bash
helm upgrade hookshot --namespace hookshot matrix-org/hookshot -f values.yaml
```
# External access
You'll need to configure your Ingress connectivity according to your environment. This chart should be compatible with most Ingress controllers and has been tested successfully with [ingress-nginx](https://github.com/kubernetes/ingress-nginx) and EKS ALB. You should also ensure that you have a way to provision certificates i.e. [cert-manager](https://cert-manager.io/) as HTTPS is required for appservice traffic.
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

22
lp/hookshot/hookshot/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "hookshot.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "hookshot.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "hookshot.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "hookshot.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

85
lp/hookshot/hookshot/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,85 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "hookshot.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "hookshot.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Helper for configmap name
*/}}
{{- define "hookshot.configMapName" -}}
{{- if .Values.hookshot.existingConfigMap }}
{{- printf "%s" .Values.hookshot.existingConfigMap -}}
{{- else }}
{{- printf "%s-config" (include "hookshot.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "hookshot.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "hookshot.labels" -}}
helm.sh/chart: {{ include "hookshot.chart" . }}
{{ include "hookshot.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "hookshot.selectorLabels" -}}
app.kubernetes.io/name: {{ include "hookshot.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "hookshot.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "hookshot.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "hookshot.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}

160
lp/hookshot/hookshot/templates/_pod.tpl Normal file
View File

@@ -0,0 +1,160 @@
{{- define "hookshot.pod" -}}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "hookshot.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }}
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 2 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 2 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
initContainers:
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- $root := . }}
{{- range .Values.image.pullSecrets }}
- name: {{ tpl . $root }}
{{- end}}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if .Values.image.sha }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}"
{{- else }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.command }}
command:
{{- range .Values.command }}
- {{ . }}
{{- end }}
{{- end}}
{{- if .Values.containerSecurityContext }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 6 }}
{{- end }}
volumeMounts:
{{- if or (and (not .Values.hookshot.existingConfigMap) (.Values.hookshot.config)) (.Values.hookshot.existingConfigMap) }}
- name: config
mountPath: "/data"
{{- end }}
ports:
- name: webhook
containerPort: 9000
protocol: TCP
- name: metrics
containerPort: 9001
protocol: TCP
- name: appservice
containerPort: 9002
protocol: TCP
env:
envFrom:
{{- if .Values.envFromSecret }}
- secretRef:
name: {{ tpl .Values.envFromSecret . }}
{{- end }}
{{- if .Values.envRenderSecret }}
- secretRef:
name: {{ template "hookshot.fullname" . }}-env
{{- end }}
{{- range .Values.envFromSecrets }}
- secretRef:
name: {{ tpl .name $ }}
optional: {{ .optional | default false }}
{{- end }}
{{- range .Values.envFromConfigMaps }}
- configMapRef:
name: {{ tpl .name $ }}
optional: {{ .optional | default false }}
{{- end }}
livenessProbe:
{{ toYaml .Values.livenessProbe | indent 6 }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 6 }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{ tpl (.Values.lifecycleHooks | toYaml) . | nindent 6 }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 6 }}
{{- with .Values.extraContainers }}
{{ tpl . $ | indent 2 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 2 }}
{{- end }}
{{- $root := . }}
{{- with .Values.affinity }}
affinity:
{{ tpl (toYaml .) $root | indent 2 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml . | indent 2 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 2 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ template "hookshot.configMapName" . }}
{{- $root := . }}
{{- range .Values.extraConfigmapMounts }}
- name: {{ tpl .name $root }}
configMap:
name: {{ tpl .configMap $root }}
{{- if .items }}
items: {{ toYaml .items | nindent 6 }}
{{- end }}
{{- end }}
{{- range .Values.extraSecretMounts }}
{{- if .secretName }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
defaultMode: {{ .defaultMode }}
{{- if .items }}
items: {{ toYaml .items | nindent 6 }}
{{- end }}
{{- else if .projected }}
- name: {{ .name }}
projected: {{- toYaml .projected | nindent 6 }}
{{- else if .csi }}
- name: {{ .name }}
csi: {{- toYaml .csi | nindent 6 }}
{{- end }}
{{- end }}
{{- range .Values.extraVolumeMounts }}
- name: {{ .name }}
{{- if .existingClaim }}
persistentVolumeClaim:
claimName: {{ .existingClaim }}
{{- else if .hostPath }}
hostPath:
path: {{ .hostPath }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- range .Values.extraEmptyDirMounts }}
- name: {{ .name }}
emptyDir: {}
{{- end -}}
{{- if .Values.extraContainerVolumes }}
{{ tpl (toYaml .Values.extraContainerVolumes) . | indent 2 }}
{{- end }}
{{- end }}

21
lp/hookshot/hookshot/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
{{- if not .Values.hookshot.existingConfigMap }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "hookshot.configMapName" . }}
namespace: {{ template "hookshot.namespace" . }}
labels:
{{- include "hookshot.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
data:
config.yml: |
{{ toYaml .Values.hookshot.config | indent 4 }}
registration.yml: |
{{ toYaml .Values.hookshot.registration | indent 4 }}
passkey.pem: |
{{ .Values.hookshot.passkey | indent 4 }}
{{- end }}

25
lp/hookshot/hookshot/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "hookshot.fullname" . }}
namespace: {{ template "hookshot.namespace" . }}
labels:
{{- include "hookshot.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "hookshot.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "hookshot.selectorLabels" . | nindent 8 }}
spec:
{{- include "hookshot.pod" . | nindent 6 }}

30
lp/hookshot/hookshot/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,30 @@
---
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "hookshot.fullname" . }}
namespace: {{ template "hookshot.namespace" . }}
labels:
{{- include "hookshot.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "hookshot.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

63
lp/hookshot/hookshot/templates/ingress-appservice.yaml Normal file
View File

@@ -0,0 +1,63 @@
---
{{- if .Values.ingress.appservice.enabled -}}
{{- $fullName := include "hookshot.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.appservice.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.appservice.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.appservice.annotations "kubernetes.io/ingress.class" .Values.ingress.appservice.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}-appservice
namespace: {{ template "hookshot.namespace" . }}
labels:
{{- include "hookshot.labels" . | nindent 4 }}
{{- with .Values.ingress.appservice.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.appservice.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.appservice.className }}
{{- end }}
{{- if .Values.ingress.appservice.tls }}
tls:
{{- range .Values.ingress.appservice.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.appservice.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ .port }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ .port }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

63
lp/hookshot/hookshot/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,63 @@
---
{{- if .Values.ingress.webhook.enabled -}}
{{- $fullName := include "hookshot.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.webhook.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.webhook.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.webhook.annotations "kubernetes.io/ingress.class" .Values.ingress.webhook.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ template "hookshot.namespace" . }}
labels:
{{- include "hookshot.labels" . | nindent 4 }}
{{- with .Values.ingress.webhook.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.webhook.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.webhook.className }}
{{- end }}
{{- if .Values.ingress.webhook.tls }}
tls:
{{- range .Values.ingress.webhook.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.webhook.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ .port }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ .port }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

32
lp/hookshot/hookshot/templates/service.yaml Normal file
View File

@@ -0,0 +1,32 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "hookshot.fullname" . }}
namespace: {{ template "hookshot.namespace" . }}
{{- with .Values.service.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
labels:
{{- include "hookshot.labels" . | nindent 4 }}
{{- with .Values.service.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.webhook.port }}
targetPort: webhook
protocol: TCP
name: webhook
- port: {{ .Values.service.metrics.port }}
targetPort: metrics
protocol: TCP
name: metrics
- port: {{ .Values.service.appservice.port }}
targetPort: appservice
protocol: TCP
name: appservice
selector:
{{- include "hookshot.selectorLabels" . | nindent 4 }}

13
lp/hookshot/hookshot/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "hookshot.serviceAccountName" . }}
namespace: {{ template "hookshot.namespace" . }}
labels:
{{- include "hookshot.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

16
lp/hookshot/hookshot/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "hookshot.fullname" . }}-test-connection"
labels:
{{- include "hookshot.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "hookshot.fullname" . }}:{{ .Values.service.webhook.port }}']
restartPolicy: Never

454
lp/hookshot/hookshot/values.yaml Normal file
View File

@@ -0,0 +1,454 @@
---
# Note: This chart is released using the config.sample.yml file
#
# -- Number of replicas to deploy. Consequences of using multiple Hookshot replicas currently unknown.
replicaCount: 1
image:
# -- Repository to pull hookshot image from
repository: halfshot/matrix-hookshot
# -- Pull policy for Hookshot image
pullPolicy: IfNotPresent
# -- Image tag to pull. Defaults to chart's appVersion value as set in Chart.yaml
tag:
# -- List of names of k8s secrets to be used as ImagePullSecrets for the pod
imagePullSecrets: []
# -- Name override for helm chart
nameOverride: ""
# -- Full name override for helm chart
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template
name: ""
# -- Extra annotations for Hookshot pod
podAnnotations: {}
# -- Pod security context settings
podSecurityContext: {}
# fsGroup: 2000
# -- Security context settings
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
# -- Service type for Hookshot service
type: ClusterIP
# -- Port for Hookshot service
port: 80
# -- Extra annotations for service
annotations: {}
# -- Extra labels for service
labels: {}
webhook:
# -- Webhook port as configured in container
port: 9000
metrics:
# -- Metrics port as configured in container
port: 9001
appservice:
# -- Appservice port as configured in container
port: 9002
ingress:
webhook:
# -- Enable ingress for webhook
enabled: false
# -- Ingress class name for webhook ingress
className: ""
# -- Annotations for webhook ingress
annotations: {}
# -- Host configuration for webhook ingress
hosts: []
# -- TLS configuration for webhook ingress
tls: []
appservice:
# -- Enable ingress for appservice
enabled: false
# -- Ingress class name for appservice ingress
className: ""
# -- Annotations for appservice ingress
annotations: {}
# -- Host configuration for appservice ingress
hosts: []
# -- TLS configuration for appservice ingress
tls: []
# -- Pod resource requests / limits
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
# -- Node selector parameters
nodeSelector: {}
# -- Tolerations for deployment
tolerations: []
# -- Affinity settings for deployment
affinity: {}
hookshot:
# -- Name of existing ConfigMap with valid Hookshot configuration
existingConfigMap:
# -- Raw Hookshot configuration. Gets templated into a YAML file and then loaded unless an existingConfigMap is specified.
config:
# This is an example configuration file
bridge:
# Basic homeserver configuration
domain: example.com
url: http://localhost:8008
mediaUrl: https://example.com
port: 9993
bindAddress: 127.0.0.1
logging:
# Logging settings. You can have a severity debug,info,warn,error
level: info
colorize: true
json: false
timestampFormat: HH:mm:ss:SSS
passFile: ./passkey.pem
# A passkey used to encrypt tokens stored inside the bridge.
# Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
listeners:
# HTTP Listener configuration.
# Bind resource endpoints to ports and addresses.
# 'port' must be specified. Each listener must listen on a unique port.
# 'bindAddress' will default to '127.0.0.1' if not specified, which may not be suited to Docker environments.
# 'resources' may be any of webhooks, widgets, metrics, provisioning
- port: 9000
bindAddress: 0.0.0.0
resources:
- webhooks
- port: 9001
bindAddress: 127.0.0.1
resources:
- metrics
- provisioning
- port: 9002
bindAddress: 0.0.0.0
resources:
- widgets
registration:
#cache:
# # (Optional) Cache options for large scale deployments.
# # For encryption to work, this must be configured.
# redisUri: redis://localhost:6379
#encryption:
# # (Optional) Configuration for encryption support in the bridge.
# # If omitted, encryption support will be disabled.
# storagePath:
# # Path to the directory used to store encryption files. These files must be persist between restarts of the service.
# ./cryptostore
#permissions:
# # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
# - actor: example.com
# services:
# - service: "*"
# level: admin
#github:
# # (Optional) Configure this to enable GitHub support
# auth:
# # Authentication for the GitHub App.
# id: 123
# privateKeyFile: github-key.pem
# webhook:
# # Webhook settings for the GitHub app.
# secret: secrettoken
# oauth:
# # (Optional) Settings for allowing users to sign in via OAuth.
# client_id: foo
# client_secret: bar
# redirect_uri: https://example.com/oauth/
# defaultOptions:
# # (Optional) Default options for GitHub connections.
# showIssueRoomLink: false
# hotlinkIssues:
# prefix: "#"
# userIdPrefix:
# # (Optional) Prefix used when creating ghost users for GitHub accounts.
# _github_
#gitlab:
# # (Optional) Configure this to enable GitLab support
# instances:
# gitlab.com:
# url: https://gitlab.com
# webhook:
# secret: secrettoken
# publicUrl: https://example.com/hookshot/
# userIdPrefix:
# # (Optional) Prefix used when creating ghost users for GitLab accounts.
# _gitlab_
# commentDebounceMs:
# # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds)
# 5000
#jira:
# # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
# webhook:
# # Webhook settings for JIRA
# secret: secrettoken
# oauth:
# # (Optional) OAuth settings for connecting users to JIRA. See documentation for more information
# client_id: foo
# client_secret: bar
# redirect_uri: https://example.com/oauth/
#generic:
# # (Optional) Support for generic webhook events.
# #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
# enabled: false
# outbound: false
# urlPrefix: https://example.com/webhook/
# userIdPrefix: _webhooks_
# allowJsTransformationFunctions: false
# waitForComplete: false
# enableHttpGet: false
# sendExpiryNotice: false
# requireExpiryTime: false
# maxExpiryTime: 30d
#figma:
# # (Optional) Configure this to enable Figma support
# publicUrl: https://example.com/hookshot/
# instances:
# your-instance:
# teamId: your-team-id
# accessToken: your-personal-access-token
# passcode: your-webhook-passcode
#feeds:
# # (Optional) Configure this to enable RSS/Atom feed support
# enabled: false
# pollIntervalSeconds: 600
# pollTimeoutSeconds: 30
# pollConcurrency: 4
#bot:
# # (Optional) Define profile information for the bot user
# displayname: Hookshot Bot
# avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
#serviceBots:
# # (Optional) Define additional bot users for specific services
# - localpart: feeds
# displayname: Feeds
# avatar: ./assets/feeds_avatar.png
# prefix: "!feeds"
# service: feeds
#widgets:
# # (Optional) EXPERIMENTAL support for complimentary widgets
# addToAdminRooms: false
# publicUrl: https://example.com/widgetapi/v1/static/
# roomSetupWidget:
# addOnInvite: false
# disallowedIpRanges:
# - 127.0.0.0/8
# - 10.0.0.0/8
# - 172.16.0.0/12
# - 192.168.0.0/16
# - 100.64.0.0/10
# - 192.0.0.0/24
# - 169.254.0.0/16
# - 192.88.99.0/24
# - 198.18.0.0/15
# - 192.0.2.0/24
# - 198.51.100.0/24
# - 203.0.113.0/24
# - 224.0.0.0/4
# - ::1/128
# - fe80::/10
# - fc00::/7
# - 2001:db8::/32
# - ff00::/8
# - fec0::/10
# branding:
# widgetTitle: Hookshot Configuration
#provisioning:
# # (Optional) Provisioning API for integration managers
# secret: "!secretToken"
#metrics:
# # (Optional) Prometheus metrics support
# enabled: true
#sentry:
# # (Optional) Configure Sentry error reporting
# dsn: https://examplePublicKey@o0.ingest.sentry.io/0
# environment: production
#github:
# # (Optional) Configure this to enable GitHub support
# auth:
# # Authentication for the GitHub App.
# id: 123
# privateKeyFile: github-key.pem
# webhook:
# # Webhook settings for the GitHub app.
# secret: secrettoken
# oauth:
# # (Optional) Settings for allowing users to sign in via OAuth.
# client_id: foo
# client_secret: bar
# redirect_uri: https://example.com/oauth/
# defaultOptions:
# # (Optional) Default options for GitHub connections.
# showIssueRoomLink: false
# hotlinkIssues:
# prefix: "#"
# userIdPrefix:
# # (Optional) Prefix used when creating ghost users for GitHub accounts.
# _github_
#gitlab:
# # (Optional) Configure this to enable GitLab support
# instances:
# gitlab.com:
# url: https://gitlab.com
# webhook:
# secret: secrettoken
# publicUrl: https://example.com/hookshot/
# userIdPrefix:
# # (Optional) Prefix used when creating ghost users for GitLab accounts.
# _gitlab_
# commentDebounceMs:
# # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds)
# 5000
#figma:
# # (Optional) Configure this to enable Figma support
# publicUrl: https://example.com/hookshot/
# instances:
# your-instance:
# teamId: your-team-id
# accessToken: your-personal-access-token
# passcode: your-webhook-passcode
#jira:
# # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
# webhook:
# # Webhook settings for JIRA
# secret: secrettoken
# oauth:
# # (Optional) OAuth settings for connecting users to JIRA. See documentation for more information
# client_id: foo
# client_secret: bar
# redirect_uri: https://example.com/oauth/
#generic:
# # (Optional) Support for generic webhook events.
# #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
# enabled: false
# enableHttpGet: false
# urlPrefix: https://example.com/webhook/
# userIdPrefix: _webhooks_
# allowJsTransformationFunctions: false
# waitForComplete: false
#feeds:
# # (Optional) Configure this to enable RSS/Atom feed support
# enabled: false
# pollConcurrency: 4
# pollIntervalSeconds: 600
# pollTimeoutSeconds: 30
#provisioning:
# # (Optional) Provisioning API for integration managers
# secret: "!secretToken"
#bot:
# # (Optional) Define profile information for the bot user
# displayname: Hookshot Bot
# avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
#serviceBots:
# # (Optional) Define additional bot users for specific services
# - localpart: feeds
# displayname: Feeds
# avatar: ./assets/feeds_avatar.png
# prefix: "!feeds"
# service: feeds
#metrics:
# # (Optional) Prometheus metrics support
# enabled: true
#cache:
# # (Optional) Cache options for large scale deployments.
# # For encryption to work, this must be configured.
# redisUri: redis://localhost:6379
#queue:
# # (Optional) Message queue configuration options for large scale deployments.
# # For encryption to work, this must not be configured.
# redisUri: redis://localhost:6379
#widgets:
# # (Optional) EXPERIMENTAL support for complimentary widgets
# addToAdminRooms: false
# disallowedIpRanges:
# - 127.0.0.0/8
# - 10.0.0.0/8
# - 172.16.0.0/12
# - 192.168.0.0/16
# - 100.64.0.0/10
# - 192.0.0.0/24
# - 169.254.0.0/16
# - 192.88.99.0/24
# - 198.18.0.0/15
# - 192.0.2.0/24
# - 198.51.100.0/24
# - 203.0.113.0/24
# - 224.0.0.0/4
# - ::1/128
# - fe80::/10
# - fc00::/7
# - 2001:db8::/32
# - ff00::/8
# - fec0::/10
# roomSetupWidget:
# addOnInvite: false
# publicUrl: https://example.com/widgetapi/v1/static/
# branding:
# widgetTitle: Hookshot Configuration
#sentry:
# # (Optional) Configure Sentry error reporting
# dsn: https://examplePublicKey@o0.ingest.sentry.io/0
# environment: production
#permissions:
# # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
# - actor: example.com
# services:
# - service: "*"
# level: admin
id: matrix-hookshot
as_token: ""
hs_token: ""
namespaces:
rooms: []
users: []
sender_localpart: hookshot
url: "http://example.com"
rate_limited: false
passkey: ""

172
lp/hookshot/output.yaml Normal file
View File

@@ -0,0 +1,172 @@
---
# Source: hookshot/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: hookshot
namespace: matrix
labels:
helm.sh/chart: hookshot-0.1.16
app.kubernetes.io/name: hookshot
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "6.0.2"
app.kubernetes.io/managed-by: Helm
---
# Source: hookshot/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: hookshot-config
namespace: matrix
labels:
helm.sh/chart: hookshot-0.1.16
app.kubernetes.io/name: hookshot
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "6.0.2"
app.kubernetes.io/managed-by: Helm
data:
config.yml: |
bridge:
bindAddress: 127.0.0.1
domain: matrix-lp.allarddcs.nl
mediaUrl: https://matrix-lp.allarddcs.nl
port: 9993
url: http://matrix-lp:8008
listeners:
- bindAddress: 0.0.0.0
port: 9000
resources:
- webhooks
- bindAddress: 127.0.0.1
port: 9001
resources:
- metrics
- provisioning
- bindAddress: 0.0.0.0
port: 9002
resources:
- widgets
logging:
colorize: true
json: false
level: info
timestampFormat: HH:mm:ss:SSS
passFile: passkey.pem
registration.yml: |
as_token: ""
generic:
enabled: true
urlPrefix: https://hookshot-lp.allarddcs.nl
hs_token: ""
id: matrix-hookshot
namespaces:
rooms: []
users: []
rate_limited: false
sender_localpart: hookshot
url: http://example.com
passkey.pem: |
---
apiVersion: v1
kind: Service
metadata:
name: hookshot
namespace: matrix
labels:
helm.sh/chart: hookshot-0.1.16
app.kubernetes.io/name: hookshot
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "6.0.2"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 9000
targetPort: webhook
protocol: TCP
name: webhook
- port: 9001
targetPort: metrics
protocol: TCP
name: metrics
- port: 9002
targetPort: appservice
protocol: TCP
name: appservice
selector:
app.kubernetes.io/name: hookshot
app.kubernetes.io/instance: release-name
---
# Source: hookshot/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hookshot
namespace: matrix
labels:
helm.sh/chart: hookshot-0.1.16
app.kubernetes.io/name: hookshot
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "6.0.2"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: hookshot
app.kubernetes.io/instance: release-name
template:
metadata:
labels:
app.kubernetes.io/name: hookshot
app.kubernetes.io/instance: release-name
spec:
containers:
- name: hookshot
image: "halfshot/matrix-hookshot:6.0.2"
imagePullPolicy: IfNotPresent
volumeMounts:
- name: config
mountPath: "/data"
ports:
- name: webhook
containerPort: 9000
protocol: TCP
- name: metrics
containerPort: 9001
protocol: TCP
- name: appservice
containerPort: 9002
protocol: TCP
env:
envFrom:
livenessProbe:
null
readinessProbe:
null
resources:
{}
volumes:
- name: config
configMap:
name: release-name-hookshot-config
---
apiVersion: v1
kind: Pod
metadata:
name: "hookshot-test-connection"
labels:
helm.sh/chart: hookshot-0.1.16
app.kubernetes.io/name: hookshot
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "6.0.2"
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['hookshot:9000']
restartPolicy: Never

244
lp/hookshot/values.yaml Normal file
View File

@@ -0,0 +1,244 @@
---
# Note: This chart is released using the config.sample.yml file
#
# -- Number of replicas to deploy. Consequences of using multiple Hookshot replicas currently unknown.
replicaCount: 1
image:
# -- Repository to pull hookshot image from
repository: halfshot/matrix-hookshot
# -- Pull policy for Hookshot image
pullPolicy: IfNotPresent
# -- Image tag to pull. Defaults to chart's appVersion value as set in Chart.yaml
tag:
# -- List of names of k8s secrets to be used as ImagePullSecrets for the pod
imagePullSecrets: []
# -- Name override for helm chart
nameOverride: ""
# -- Full name override for helm chart
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template
name: ""
# -- Extra annotations for Hookshot pod
podAnnotations: {}
# -- Pod security context settings
podSecurityContext: {}
# fsGroup: 2000
# -- Security context settings
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
# -- Service type for Hookshot service
type: ClusterIP
# -- Port for Hookshot service
port: 80
# -- Extra annotations for service
annotations: {}
# -- Extra labels for service
labels: {}
webhook:
# -- Webhook port as configured in container
port: 9000
metrics:
# -- Metrics port as configured in container
port: 9001
appservice:
# -- Appservice port as configured in container
port: 9002
ingress:
webhook:
# -- Enable ingress for webhook
enabled: false
# -- Ingress class name for webhook ingress
className: ""
# -- Annotations for webhook ingress
annotations: {}
# -- Host configuration for webhook ingress
hosts: []
# -- TLS configuration for webhook ingress
tls: []
appservice:
# -- Enable ingress for appservice
enabled: false
# -- Ingress class name for appservice ingress
className: ""
# -- Annotations for appservice ingress
annotations: {}
# -- Host configuration for appservice ingress
hosts: []
# -- TLS configuration for appservice ingress
tls: []
# -- Pod resource requests / limits
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
# -- Node selector parameters
nodeSelector: {}
# -- Tolerations for deployment
tolerations: []
# -- Affinity settings for deployment
affinity: {}
hookshot:
# -- Name of existing ConfigMap with valid Hookshot configuration
existingConfigMap:
# -- Raw Hookshot configuration. Gets templated into a YAML file and then loaded unless an existingConfigMap is specified.
config:
# This is an example configuration file
bridge:
# Basic homeserver configuration
domain: matrix-lp.allarddcs.nl
url: http://matrix-lp:8008
mediaUrl: https://matrix-lp.allarddcs.nl
port: 9993
bindAddress: 127.0.0.1
passFile: passkey.pem
# A passkey used to encrypt tokens stored inside the bridge.
# Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
logging:
# Logging settings. You can have a severity debug,info,warn,error
level: info
colorize: true
json: false
timestampFormat: HH:mm:ss:SSS
listeners:
# HTTP Listener configuration.
# Bind resource endpoints to ports and addresses.
# 'port' must be specified. Each listener must listen on a unique port.
# 'bindAddress' will default to '127.0.0.1' if not specified, which may not be suited to Docker environments.
# 'resources' may be any of webhooks, widgets, metrics, provisioning
- port: 9000
bindAddress: 0.0.0.0
resources:
- webhooks
- port: 9001
bindAddress: 127.0.0.1
resources:
- metrics
- provisioning
- port: 9002
bindAddress: 0.0.0.0
resources:
- widgets
registration:
generic:
# # (Optional) Support for generic webhook events.
# #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
enabled: true
# enableHttpGet: false
urlPrefix: https://hookshot-lp.allarddcs.nl
# userIdPrefix: _webhooks_
# allowJsTransformationFunctions: false
# waitForComplete: false
#feeds:
# # (Optional) Configure this to enable RSS/Atom feed support
# enabled: false
# pollConcurrency: 4
# pollIntervalSeconds: 600
# pollTimeoutSeconds: 30
#provisioning:
# # (Optional) Provisioning API for integration managers
# secret: "!secretToken"
#bot:
# # (Optional) Define profile information for the bot user
# displayname: Hookshot Bot
# avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
#serviceBots:
# # (Optional) Define additional bot users for specific services
# - localpart: feeds
# displayname: Feeds
# avatar: ./assets/feeds_avatar.png
# prefix: "!feeds"
# service: feeds
#metrics:
# # (Optional) Prometheus metrics support
# enabled: true
#cache:
# # (Optional) Cache options for large scale deployments.
# # For encryption to work, this must be configured.
# redisUri: redis://localhost:6379
#queue:
# # (Optional) Message queue configuration options for large scale deployments.
# # For encryption to work, this must not be configured.
# redisUri: redis://localhost:6379
#widgets:
# # (Optional) EXPERIMENTAL support for complimentary widgets
# addToAdminRooms: false
# disallowedIpRanges:
# - 127.0.0.0/8
# - 10.0.0.0/8
# - 172.16.0.0/12
# - 192.168.0.0/16
# - 100.64.0.0/10
# - 192.0.0.0/24
# - 169.254.0.0/16
# - 192.88.99.0/24
# - 198.18.0.0/15
# - 192.0.2.0/24
# - 198.51.100.0/24
# - 203.0.113.0/24
# - 224.0.0.0/4
# - ::1/128
# - fe80::/10
# - fc00::/7
# - 2001:db8::/32
# - ff00::/8
# - fec0::/10
# roomSetupWidget:
# addOnInvite: false
# publicUrl: https://example.com/widgetapi/v1/static/
# branding:
# widgetTitle: Hookshot Configuration
#sentry:
# # (Optional) Configure Sentry error reporting
# dsn: https://examplePublicKey@o0.ingest.sentry.io/0
# environment: production
#permissions:
# # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
# - actor: example.com
# services:
# - service: "*"
# level: admin
id: matrix-hookshot
as_token: ""
hs_token: ""
namespaces:
rooms: []
users: []
sender_localpart: hookshot
url: "http://example.com"
rate_limited: false
passkey: ""

1
lp/matrix/-d Normal file
View File

@@ -0,0 +1 @@
{"errcode":"M_FORBIDDEN","error":"You are not a server admin"}

56
lp/matrix/README.md
View File

@@ -70,3 +70,59 @@ nc -zv coturn-lp.allarddcs.nl 5349
#checken certificaat:
kubectl describe secret coturn-cert -n matrix
#HOOKSHOT
#passkey genereren en in secret zetten. Passkey wordt gebruikt om andere sleutels versleuteld op te slaan.
openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096
kubectl -n matrix create secret generic hookshot-passkey --from-file=passkey.pem
#opvragen access token:
curl -X POST "https://matrix-lp.allarddcs.nl/_matrix/client/v3/login" -H "Content-Type: application/json" -d '{
"type": "m.login.password",
"user": "admin",
"password": "Matrix01@"
}'
syt_YWRtaW4_laSGClQJFMQNKKjqyfVj_1XLp4x
#room aanmaken:
curl -k -X POST \
-H "Authorization: Bearer syt_YWRtaW4_bUqQKyFkonSgjkghnuxY_4IsleV" \
-H "Content-Type: application/json" \
-d '{"name":"harbor","preset":"private_chat"}' \
"https://matrix-lp.allarddcs.nl/_matrix/client/v3/createRoom"
{"room_id":"!AmeLKsUWrKBIkosFbY:matrix-lp.allarddcs.nl"}
#toevoegen hookshot bot aan room:
curl -X POST \
-H "Authorization: Bearer syt_YWRtaW4_bUqQKyFkonSgjkghnuxY_4IsleV" \
-H "Content-Type: application/json" \
"https://matrix-lp.allarddcs.nl/_synapse/admin/v1/join/AmeLKsUWrKBIkosFbY:matrix-lp.allarddcs.nl" \
-d '{
"user_id": "@hookshot:matrix-lp.allarddcs.nl"
}'
Opmerking: doordat de bot is toegevoegd wordt de status van de room veranderd in: gemanaged door de appservice.
Daardoor kun je de room niet publiceren en ook geen leden uitnodigen.
#toevoegen allardhook aan room:
curl -k -X POST -H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
"https://matrix-lp.allarddcs.nl/_synapse/admin/v1/join/!BPcyrRUfYdBJrFVdlV:matrix-lp.allarddcs.nl" \
-d '{
"user_id": "@allard:matrix-lp.allarddcs.nl"
}'
#herstarten hookshot
#transformationFunction in state-event schrijven:
curl -k -X PUT -H "Authorization: Bearer $ACCESS_TOKEN" -H "Content-Type: application/json" "https://matrix-lp.allarddcs.nl/_matrix/client/r0/rooms/!BPcyrRUfYdBJrFVdlV:matrix-lp.allarddcs.nl/state/uk.half-shot.matrix-hookshot.generic.hook/generic-1" -d @harbor-webhook.json

1
lp/matrix/as-token.txt Normal file
View File

@@ -0,0 +1 @@
d3c8fccbe082aa2a59da362b3805abe4c4cebcd7e822cdbd700d84e7c55c485f

1
lp/matrix/create-passkey-secret.sh Normal file
View File

@@ -0,0 +1 @@
microk8s kubectl -n matrix create secret generic hookshot-passkey --from-file=passkey.pem

5
lp/matrix/harbor-webhook.bak Normal file
View File

@@ -0,0 +1,5 @@
{
"name": "Harbor Webhook",
"webhookId": "harbor",
"transformationFunction": "try { const repo=data.repository||{}; const resources=(data.event_data && data.event_data.resources)||[]; let msg=`📦 Repository: ${repo.namespace||''}/${repo.name||''}\n📝 Type: ${data.type||''}\n👤 Operator: ${data.operator||''}\n`; if(resources.length>0){ msg+=`\n💠 Resources:\n`; resources.forEach((r,idx)=>{ msg+=`\n🔹 Resource ${idx+1}:\n`; msg+=` 🏷 Tag: ${r.tag||''}\n`; msg+=` 🆔 Digest: ${r.digest||''}\n`; msg+=` 🌐 URL: ${r.resource_url||''}\n`; }); } result={plain:msg, version:'v2'}; } catch(e){ result={plain:`Error processing webhook: ${e.message}`, version:'v2'}; }"
}

5
lp/matrix/harbor-webhook.json Normal file
View File

@@ -0,0 +1,5 @@
{
"name": "Harbor Webhook",
"webhookId": "harbor",
"transformationFunction": "const repo = data.repository || {}; const resources = (data.event_data && data.event_data.resources) || []; let msg = ''; msg += '📦 Repository: ' + (repo.namespace || '') + '/' + (repo.name || '') + '\\n'; msg += '📝 Type: ' + (data.type || '') + '\\n'; msg += '👤 Operator: ' + (data.operator || '') + '\\n'; msg += '\\n'; msg += '💠 Resources:\\n'; resources.forEach((r, i) => { msg += '\\n'; msg += '🔹 Resource ' + (i + 1) + '\\n'; msg += '🏷 Tag: ' + (r.tag || '') + '\\n'; msg += '🆔 Digest: ' + (r.digest || '') + '\\n'; msg += '🌐 URL: ' + (r.resource_url || '') + '\\n'; }); result = { plain: msg, version: 'v2' };"
}

133
lp/matrix/hookshot.yaml Normal file
View File

@@ -0,0 +1,133 @@
# ===========================
# Hookshot Deployment
# ===========================
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-hookshot
namespace: matrix
spec:
replicas: 1
selector:
matchLabels:
app: matrix-hookshot
template:
metadata:
labels:
app: matrix-hookshot
spec:
containers:
- name: hookshot
image: halfshot/matrix-hookshot:latest
imagePullPolicy: Always
ports:
- containerPort: 9000 # webhooks
- containerPort: 9001 # metrics
- containerPort: 9002 # widgets
- containerPort: 9003 # appservice
env:
# tell hookshot where to find files
- name: CONFIG_PATH
value: /data/config.yml
- name: REGISTRATION_PATH
value: /data/registration.yml
- name: TRANSFORM_PATH
value: /data/transformationFunction.js
volumeMounts:
- name: hookshot-data
mountPath: /data
- name: hookshot-registration
mountPath: /data/registration.yml
subPath: registration.yml
volumes:
- name: hookshot-data
persistentVolumeClaim:
claimName: hookshot-pvc
- name: hookshot-registration
secret:
secretName: matrix-hookshot-registration
---
# ===========================
# Hookshot Service
# ===========================
apiVersion: v1
kind: Service
metadata:
name: matrix-hookshot
namespace: matrix
spec:
selector:
app: matrix-hookshot
ports:
- name: webhooks
port: 9000
targetPort: 9000
- name: metrics
port: 9001
targetPort: 9000
- name: widgets
port: 9002
targetPort: 9000
- name: appservice
port: 9003
targetPort: 9003
- name: matrix
port: 9993
targetPort: 9993
---
# ===========================
# Hookshot IngressRoute
# ===========================
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: matrix-hookshot
namespace: matrix
spec:
entryPoints:
- websecure
routes:
- match: Host(`hookshot-lp.allarddcs.nl`) && PathPrefix(`/webhook`)
kind: Rule
services:
- name: matrix-hookshot
port: 9000
tls:
certResolver: default
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: hookshot-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/hookshot
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hookshot-pvc
namespace: matrix
spec:
storageClassName: ""
volumeName: hookshot-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

1
lp/matrix/hs-token.txt Normal file
View File

@@ -0,0 +1 @@
c31f7a18d3d2d79bd7a03e2794d966317155c409699cb6fd0922023cf45f9c3b

8
lp/matrix/matrix.yaml
View File

@@ -28,10 +28,16 @@ spec:
volumeMounts:
- mountPath: /data
name: matrix
- name: hookshot-registration
mountPath: /appservices/hookshot-registration.yml
subPath: registration.yml
volumes:
- name: matrix
persistentVolumeClaim:
claimName: matrix-pvc
- name: hookshot-registration
secret:
secretName: matrix-hookshot-registration
---
apiVersion: v1
kind: Service
@@ -45,7 +51,7 @@ spec:
port: 8008
selector:
app: matrix
type: NodePort
type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute

52
lp/matrix/passkey.pem Normal file
View File

@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCzd15wg6AJEMPP
Yvx8C/68ypBQMzprQvMNgwB53ZPzJidKwrMUIwT/hyjvyFRo8scx4mNb66ASYmfi
53P7apReX/yIibrcmDaVXxk4FdxVJ2xoK+OKV1zBbHsfFsyPVOqOOobiMbOuLxJK
c8Pj3Z1kmD62+Oq/dr6hVHF5gpocie2RK5gJY6DVCc4/Eh2K/Gzhm3plDbYr82h/
RMz6nRzDKxtEO/yvekOmL5BBC88seBnd2RZf9Dgts1qDslb5jIvgWwrZEsruAxcj
BLlSGZ/yHTYdytTwX0nqCzqWKxjGTCwAvPDbmy4Y4D8zmaaTYHpvWPHbAkDb5vAo
eJuI5+j48bTSJhw5s1kOtJ5OdRY6n7W20YtqP1HAg3zt2kVesHOhXLB8sQSlvHQL
P5iF//i0qMw/CWbGERkzz1DPRuJNsXytBt6Gc+9yZ31Z3xbJTALG47V/ylNgAlnt
qCqCUfrtJD/Pq0xG0tSpv5uYcRfadkWd0wIdYsIb9m8/7jaa7FVKshzzGIXmT/aY
4AiVgP8RpkH3gIzoHYXwd3UD8D0RMeWCz94vwz0Ls6zCd5OX8kXo5dtvhUMW4XCQ
glmlx6BXvWbR8H0VS7aT7KjI23/Pef2VzWo94G7tC8wNaXhvni1bjB8ZyFA6Y4qB
JreQfo0tD/h3Z+XZmQXHPKpVEahHNQIDAQABAoICAE+ASa2+IV7itltglki9Z5Nq
iJN+nhp2BgWuSr+xkKDd/fn4VixNdyFbVp8iN4JmSienCizmLHr4bNzve0mc5S0J
iG1T1htysntpLVrTFFAErtlW1+2o1cY5sDENgIDeNSncc3QwYFCBObERp22B9v9h
EicsDZHToI8HQV16pZqO31a34RoHsG+vcFYwSDYRrIokvguWD2VY5qm6aLN8dglf
RyzrBf0WRHGSEG1ANf6VFaBZUrgfD+Pu1+IPVsglorE4o42V7Z+SbuVsakwcXeZ7
WkXIXJw/Ghc78jAj103A4J1TFb+y9rC+ZkENh+UxkAtTc5B5ZxIDM9A53WzAj0s6
FPSWUI6ttsj8sAN6zu/McQmW/ysBZclFP8V54lfCCT+02lz/bA5LYwPEIClMAtRP
nmFuS/fRSP+J2I8hKALhVtufdFT1H7cVcHXsKNMWn8rBZTvMVs1VDfeUPz3EYgd8
eORSSY/nD6ObY2Y++fpP8ARiR+W+DJR2c4SNqwCdEN7I0pa7I/RJNozu6LHPJZjb
UOhUxySXUAPUR3WWG+Gfu9o2X2O8uRtw5Q7GokoZkeH+N1O6hCGZNUQqfj/l5qIu
iqQtxyU7Bf6RQ3vbFdwAp3G1zgtmzN8wxRgPT6G1CezOsi6AJDXQcfA+AoAdhRfa
W6j34JxNf9WiFWUueoDhAoIBAQDnLAB1vo+ZC6aVE+t60Lr8DVyWFpE/pm2pbC5R
mlkBQY/qRfM0q78UGeJVNxmUXPOdtidD3BKl+wHDsN60k3Z99gN8XKTYvB1YA3hw
C0mKnZi/4LoOtPt0zc+ZHgl4jkVsQayS6g2zkZAN+djOwIiPGo1+u3sJAOjT6ko9
nWimHlQUSSHoLqlzw1At6Se+bbp6M08egsr8EXlLSnoY/zkAIu4SqwhyhsI47DBh
ZR2y7rV8EPcIaUP8V2GvGj43U8LojjavzUkxxWGpfeF3DlNKS5ULR0tkXmbJNW2W
znltrfB5T54HFhTxxVZ6wz9+6MRwC+mUY1oPSpbK70UkeNl3AoIBAQDGvbzrpaUJ
9XOFQSljyEMVb5U0rXnU1736ycIPDcSI4cZn9SMuz7cd3XKR4pw2K8y7WWGoyINV
GfSl5q+EEN5QbuqGoL15uNUw/Oto/UGKoOr5AwCxXfjw6cHpCVm1PN0P9NGFCdBK
Ogwfec6ReriYtDtFADtyWomqCEi1VCZsJ1bkf832wQ6b6SjnQzAJU9O+Is0D3pOo
ApTnW56sIIBEH5wgXnLChocv1NHBGPSa8M/OTYWpt6UQxj9npgX3YAzrlsQX4jV5
JYZtMWtR8inOLLoHMztiGjTf3HRUZRpWNMSELoeD1LlC3IKjmyqxk25X8HmeqMQf
UOyQrB0Vd8+zAoIBAQC5vyZjdYnGbJEeShI07dDAxC+3vUxaO2zz7CPPl9iaZMax
dCE2GiX/jcjJtetMxd9NwtYL9aHaUjSZu91GdRKJpYope/tM1uIxHSDBzp/5zCW3
T2fQd2Vw9govuu3bO13W3XI/3ebCeVypji7B+fwAGFLHGPeERYHO/PtIRNmYWNgw
MI8ZE50+khozuZsgrORgWifhmTBml9fBQoeW3EQ9stNelqTD+TnIKSe6qlfRtXKH
zM3hqUtiUAgCfXCuXhRHbjXMzoNYhYOyf54RXqZYFSEeHdwbOqsWU2LKAP+avF9z
6iBNC1Yq6ehR3d6AJ6HncfruK2Jq1QES8Gy7IIuDAoIBAQDCBo8gSBE+DcGAQMOV
xPepP8ydJxegMhgpdTvd0oUjVbiL2YlFtEiEAaROxLvZLx2rcnGjhE6jkLmGFhcY
ihdg00hnsxoIcejA8MsrLsUEAGImRUYx4xqcqLpFNnm8NPVlFJBQn+oX7V/Uguim
ovcBLkQG81kWJUntFDVXwhXY1PdCEXwVARmwIQtr6+5DzPEV2Yfp1Sy2g/63eH0K
cpiG6Y1VFKBZRVlJ2y4EpMZ5VcyrDogFz2J5Y/KW0EFW5xD2F7TN1Gx8H6SDihHK
aO9jd8sOKHg7KHaibumrUyFJNC7/FSX8EHvlyL5J17zwrIy3kfBKc101bZ3nCAFE
6jl9AoIBAQDTDryGqb5NCG4O6LaV+coCYpvbcKnD7jss497XI9Fsg4cucypZvNX6
zl9P4TFPLTWdBrgYxFr/rVS9Aks9sL+9bBMo9f1tVipfDiJ7NmmwYSdzew1ANxnH
Sh2zfQcQVQsE3Y79bKY/5quJpUMxVJ+fgdSm4js+4ubQvDDGkpy24rpSgghD3IAd
TJVY7t34aXLrp7L0i57OkxCa0gDCpVIkW2KrG4O2N7Aumk3XFmPttRBuAnZZV+22
SiovNua1o1B9RYWx2Q/F1oJJMfZV1qDyHe4UxO+6GKO9Z2ETBjIimFc/s/zqLDSx
BixkpeaGIwGU11xCAxH+NzqpvaqqAZ0P
-----END PRIVATE KEY-----

42
lp/matrix/redis.yaml Executable file
View File

@@ -0,0 +1,42 @@
# ===========================
# Redis Deployment
# ===========================
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: matrix
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7-alpine
ports:
- containerPort: 6379
---
# ===========================
# Redis Service
# ===========================
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: matrix
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379

22
lp/matrix/registration-secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
# ===========================
# Hookshot Registration Secret
# ===========================
apiVersion: v1
kind: Secret
metadata:
name: matrix-hookshot-registration
namespace: matrix
type: Opaque
stringData:
registration.yml: |
id: hookshot
url: http://matrix-hookshot.matrix.svc.cluster.local:9993
as_token: d3c8fccbe082aa2a59da362b3805abe4c4cebcd7e822cdbd700d84e7c55c485f
hs_token: c31f7a18d3d2d79bd7a03e2794d966317155c409699cb6fd0922023cf45f9c3b
sender_localpart: hookshot
namespaces:
users:
- exclusive: false
regex: "^@(hookshot|_webhooks_.*):matrix-lp.allarddcs.nl$"
rooms: []
aliases: []

68
lp/matrix/synapse-admin.yaml Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: synapse-admin
namespace: matrix
spec:
replicas: 1
selector:
matchLabels:
app: synapse-admin
template:
metadata:
labels:
app: synapse-admin
spec:
containers:
- name: synapse-admin
image: awesometechnologies/synapse-admin:latest
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
timeoutSeconds: 3
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 15
timeoutSeconds: 3
---
apiVersion: v1
kind: Service
metadata:
name: synapse-admin
namespace: matrix
spec:
selector:
app: synapse-admin
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: synapse-admin
namespace: matrix
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- synapse-admin.matrix-lp.allarddcs.nl
rules:
- host: synapse-admin.matrix-lp.allarddcs.nl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: synapse-admin
port:
number: 80

221
lp/matrix/werkt/hookshot.yaml Normal file
View File

@@ -0,0 +1,221 @@
# ===========================
# Hookshot ConfigMap
# ===========================
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-hookshot-config
namespace: matrix
data:
config.yml: |
bridge:
domain: matrix-lp.allarddcs.nl
url: http://matrix.matrix.svc.cluster.local:8008
port: 9993
bindAddress: 0.0.0.0
homeserver:
url: http://matrix.matrix.svc.cluster.local:8008
domain: matrix-lp.allarddcs.nl
appservice:
id: hookshot
as_token: d3c8fccbe082aa2a59da362b3805abe4c4cebcd7e822cdbd700d84e7c55c485f
hs_token: c31f7a18d3d2d79bd7a03e2794d966317155c409699cb6fd0922023cf45f9c3b
bot:
username: hookshot
displayname: Hookshot
logging:
level: debug
listeners:
- port: 9000
bindAddress: 0.0.0.0
resources:
- webhooks
- port: 9001
bindAddress: 0.0.0.0
resources:
- metrics
- port: 9002
bindAddress: 0.0.0.0
resources:
- widgets
- port: 9003
bindAddress: 0.0.0.0
resources:
- appservice
# Redis for persistent token storage
cache:
redisUri: redis://redis:6379
generic:
enabled: true
urlPrefix: https://hookshot-lp.allarddcs.nl/webhook/
userIdPrefix: _webhooks_
includeHookBody: true
allowJsTransformationFunctions: true
passFile: /data/passkey.pem
connections:
- connectionType: uk.half-shot.matrix-hookshot.generic.hook
stateKey: generic-1
roomId: "!BPcyrRUfYdBJrFVdlV:matrix-lp.allarddcs.nl"
state:
name: "Harbor Webhook"
webhookId: harbor
}
---
# ===========================
# Hookshot Deployment
# ===========================
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-hookshot
namespace: matrix
spec:
replicas: 1
selector:
matchLabels:
app: matrix-hookshot
template:
metadata:
labels:
app: matrix-hookshot
spec:
containers:
- name: hookshot
image: halfshot/matrix-hookshot:latest
ports:
- name: webhooks
containerPort: 9000
- name: metrics
containerPort: 9001
- name: widgets
containerPort: 9002
- name: appservice
containerPort: 9003
- name: matrix
containerPort: 9993
volumeMounts:
- name: config
mountPath: /data/config.yml
subPath: config.yml
- name: registration
mountPath: /data/registration.yml
subPath: registration.yml
- name: hookshot-passkey
mountPath: /data/passkey.pem
subPath: passkey.pem
env:
- name: CONFIG_FILE
value: /data/config.yml
- name: REGISTRATION_FILE
value: /data/registration.yml
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: "0"
- name: NODE_OPTIONS
value: "--dns-result-order=ipv4first"
volumes:
- name: config
configMap:
name: matrix-hookshot-config
- name: registration
secret:
secretName: matrix-hookshot-registration
- name: hookshot-passkey
secret:
secretName: hookshot-passkey
---
# ===========================
# Hookshot Service
# ===========================
apiVersion: v1
kind: Service
metadata:
name: matrix-hookshot
namespace: matrix
spec:
selector:
app: matrix-hookshot
ports:
- name: webhooks
port: 9000
targetPort: 9000
- name: metrics
port: 9001
targetPort: 9000
- name: widgets
port: 9002
targetPort: 9000
- name: appservice
port: 9003
targetPort: 9003
- name: matrix
port: 9993
targetPort: 9993
---
# ===========================
# Hookshot IngressRoute
# ===========================
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: matrix-hookshot
namespace: matrix
spec:
entryPoints:
- websecure
routes:
- match: Host(`hookshot-lp.allarddcs.nl`) && PathPrefix(`/webhook`)
kind: Rule
services:
- name: matrix-hookshot
port: 9000
tls:
certResolver: default
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: hookshot-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/hookshot/lp
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hookshot-pvc
namespace: matrix
spec:
storageClassName: ""
volumeName: hookshot-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

122
lp/matrix/werkt/matrix.yaml Executable file
View File

@@ -0,0 +1,122 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix
namespace: matrix
labels:
app: matrix
spec:
replicas: 1
selector:
matchLabels:
app: matrix
template:
metadata:
labels:
app: matrix
spec:
containers:
- name: matrix
image: matrixdotorg/synapse:latest
# args:
# - generate
env:
- name: SYNAPSE_SERVER_NAME
value: "matrix-lp.allarddcs.nl"
# - name: SYNAPSE_REPORT_STATS
# value: "yes"
volumeMounts:
- mountPath: /data
name: matrix
- name: hookshot-registration
mountPath: /appservices/hookshot-registration.yml
subPath: registration.yml
volumes:
- name: matrix
persistentVolumeClaim:
claimName: matrix-pvc
- name: hookshot-registration
secret:
secretName: matrix-hookshot-registration
---
apiVersion: v1
kind: Service
metadata:
name: matrix
namespace: matrix
spec:
ports:
- name: http
targetPort: 8008
port: 8008
selector:
app: matrix
type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: matrix-http
namespace: matrix
spec:
entryPoints:
- web
routes:
- match: Host(`matrix-lp.allarddcs.nl`)
kind: Rule
services:
- name: matrix
port: 8008
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: matrix-tls
namespace: matrix
spec:
entryPoints:
- websecure
routes:
- match: Host(`matrix-lp.allarddcs.nl`)
kind: Rule
services:
- name: matrix
port: 8008
tls:
secretName: matrix-lp.allarddcs.nl-tls
# certResolver: letsencrypt
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: matrix-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/matrix/lp
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: matrix-pvc
namespace: matrix
spec:
storageClassName: ""
volumeName: matrix-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

22
lp/matrix/werkt/registration-secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
# ===========================
# Hookshot Registration Secret
# ===========================
apiVersion: v1
kind: Secret
metadata:
name: matrix-hookshot-registration
namespace: matrix
type: Opaque
stringData:
registration.yml: |
id: hookshot
url: http://matrix-hookshot.matrix.svc.cluster.local:9993
as_token: d3c8fccbe082aa2a59da362b3805abe4c4cebcd7e822cdbd700d84e7c55c485f
hs_token: c31f7a18d3d2d79bd7a03e2794d966317155c409699cb6fd0922023cf45f9c3b
sender_localpart: hookshot
namespaces:
users:
- exclusive: true
regex: "^@(hookshot|_webhooks_.*):matrix-lp.allarddcs.nl$"
rooms: []
aliases: []

84
lp/postgres15/postgres15.yaml Executable file
View File

@@ -0,0 +1,84 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres15-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/lp/postgres15
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres15-pvc
namespace: postgres
spec:
storageClassName: ""
volumeName: postgres15-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres15
namespace: postgres
spec:
serviceName: postgres15
replicas: 1
selector:
matchLabels:
app: postgres15
template:
metadata:
labels:
app: postgres15
spec:
containers:
- name: postgres15
image: postgres:15
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: postgres
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
value: postgres
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres
volumes:
- name: postgres
persistentVolumeClaim:
claimName: postgres15-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgres15
namespace: postgres
labels:
name: postgres15
spec:
type: ClusterIP
ports:
- port: 5432
name: postgres
selector:
app: postgres15