Merge branch 'master' of code.ungleich.ch:ungleich-public/ungleich-k8s

This commit is contained in:
Nico Schottelius 2021-07-17 17:24:49 +02:00
commit 12f299584a
6 changed files with 92 additions and 28 deletions

View File

@ -0,0 +1,36 @@
global
log stdout format raw local0
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
resolvers mydns
parse-resolv-conf
defaults
retries 3
log global
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
frontend f_https
bind ipv6@:6443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
tcp-request content reject unless { req_ssl_sni -i k8s.ooo }
tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
default_backend b_https
backend b_https
mode tcp
tcp-request content set-dst var(txn.myip)
server tcp_https ipv6@*

View File

@ -48,9 +48,9 @@ frontend f_https
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
tcp-request deny unless { req_ssl_sni -i k8s.ooo }
tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
default_backend b_https
backend b_https

View File

@ -1,15 +1,6 @@
apiVersion: v2
name: matrix
name: ungleich-matrix
description: ungleich managed matrix
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
@ -21,4 +12,4 @@ version: 0.1.0
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.37.1"
appVersion: "1.38.0"

View File

@ -48,7 +48,7 @@ spec:
mountPath: "/var/lib/postgresql/data"
subPath: postgres
- name: matrix
image: matrixdotorg/synapse:v1.37.1
image: matrixdotorg/synapse:v{{ .Values.synapseVersion }}
ports:
- containerPort: 8008
env:
@ -86,8 +86,6 @@ metadata:
spec:
type: ClusterIP
ports:
- port: 22
name: ssh
# Required for letsencrypt
- port: 80
name: http
@ -95,13 +93,6 @@ spec:
name: https
selector:
use-as-service: {{ .Release.Name }}
# ---
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: {{ tpl .Values.identifier . }}-matrixconfig
# data:
# {{ tpl (.Files.Glob "matrix/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -189,7 +180,7 @@ data:
ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem;
client_max_body_size 256m;
client_max_body_size {{ .Values.max_filesize_in_mb }}m;
location ~ /_matrix|/_synapse {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -234,7 +225,7 @@ data:
- '127.0.0.1'
resources:
- names: [federation,client,metrics]
- names: [federation,client]
compress: false
- port: 9093
bind_addresses:
@ -259,8 +250,8 @@ data:
enable_media_repo: true
media_store_path: "/data"
max_upload_size: "100M"
enable_registration: false
max_upload_size: "{{ .Values.max_filesize_in_mb }}M"
enable_registration: {{ .Values.enable_registration }}
log.yaml: |
version: 1

View File

@ -10,7 +10,22 @@ fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain
# This needs delegation / configuration on fn.nf
server_name: "fn.nf"
# Full URL
web_client_location: "https://TBD"
# Full URL -- for later, when external domains are supported
# web_client_location: "https://TBD"
enable_registration: false
# Maximum size of one particular file
max_filesize_in_mb: 100
elementVersion: "1.7.32"
synapseVersion: "1.38.0"
#synapse_config:
# ---
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: {{ tpl .Values.identifier . }}-matrixconfig
# data:
# {{ tpl (.Files.Glob "matrix/*").AsConfig . | indent 2 }}

View File

@ -0,0 +1,31 @@
apiVersion: v1
kind: Pod
metadata:
name: alpine-sleep
spec:
containers:
- name: busybox
image: alpine:3.14
args:
- sleep
- "1000000"
volumeMounts:
- mountPath: /data
name: alpine-data
volumes:
- name: alpine-data
persistentVolumeClaim:
claimName: alpine-data-rbd
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: alpine-data-rbd
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: rook-ceph-block