Add chart for mautrix-signal.

2023-03-30 22:18:36 +01:00 · 2023-03-30 22:18:36 +01:00 · cde7bd9c09
parent cae3ab14fe
commit cde7bd9c09
8 changed files with 305 additions and 0 deletions
--- a/.woodpecker/mautrix-signal.yaml
+++ b/.woodpecker/mautrix-signal.yaml
@ -0,0 +1,13 @@
+---
+when:
+  path: "charts/mautrix-signal/**"
+branches:
+  - main
+pipeline:
+  package:
+    image: "docker.io/alpine/helm:latest"
+    secrets: [helm_user, helm_password, helm_repo]
+    commands:
+      - helm plugin install https://github.com/chartmuseum/helm-push
+      - helm repo add therepo $HELM_REPO --username $HELM_USER --password $HELM_PASSWORD
+      - helm cm-push charts/mautrix-signal therepo
--- a/charts/mautrix-signal/.helmignore
+++ b/charts/mautrix-signal/.helmignore
@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/charts/mautrix-signal/Chart.yaml
+++ b/charts/mautrix-signal/Chart.yaml
@ -0,0 +1,6 @@
+apiVersion: v2
+name: mautrix-signal
+description: A Helm chart for mautrix-signal
+type: application
+version: 0.1.0
+appVersion: "0.4.2"
--- a/charts/mautrix-signal/templates/_helpers.tpl
+++ b/charts/mautrix-signal/templates/_helpers.tpl
@ -0,0 +1,75 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mautrix-signal.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mautrix-signal.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mautrix-signal.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "mautrix-signal.labels" -}}
+helm.sh/chart: {{ include "mautrix-signal.chart" . }}
+{{ include "mautrix-signal.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "mautrix-signal.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "mautrix-signal.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "mautrix-signal.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "mautrix-signal.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{- define "recurseFlattenMap" -}}
+{{- $map := first . -}}
+{{- $label := last . -}}
+{{- range $key, $val := $map -}}
+  {{- $sublabel := list $label $key | join "_" | upper -}}
+  {{- if kindOf $val | eq "map" -}}
+    {{- list $val $sublabel | include "recurseFlattenMap" -}}
+  {{- else -}}
+{{ $sublabel }}: {{ $val | quote }}
+{{ end -}}
+{{- end -}}
+{{- end -}}
--- a/charts/mautrix-signal/templates/deployment.yaml
+++ b/charts/mautrix-signal/templates/deployment.yaml
@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mautrix-signal.fullname" . }}
+  labels:
+    {{- include "mautrix-signal.labels" . | nindent 4 }}
+spec:
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "mautrix-signal.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "mautrix-signal.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: appservice
+              containerPort: 29328
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: mainconfig
+              readOnly: true
+              mountPath: "/data"
+            - mountPath: /signald
+              name: signald-socket
+          command:
+            - python3
+            - -m
+            - mautrix_signal
+            - -c
+            - /data/config.yaml
+
+        - name: signald
+          securityContext:
+            {{- toYaml .Values.signald.securityContext | nindent 12 }}
+          image: "{{ .Values.signald.image.repository }}:{{ .Values.signald.image.tag }}"
+          imagePullPolicy: {{ .Values.signald.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.signald.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /signald
+              name: signald-socket
+          envFrom:
+            - secretRef:
+              name: {{ include "mautrix-signal.fullname" . }}-signald-config
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: mainconfig
+          secret:
+            secretName: {{ include "mautrix-facebook.fullname" . }}
+        - name: signald-socket
+          emptyDir: {}
--- a/charts/mautrix-signal/templates/secret.yaml
+++ b/charts/mautrix-signal/templates/secret.yaml
@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "mautrix-signal.fullname" . }}
+  labels:
+    {{- include "mautrix-signal.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  config.yaml: |
+    {{- fromYaml .Values.config | toYaml | nindent 4 }}
+  registration.yaml: ""
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "mautrix-signal.fullname" . }}-signald-config
+  labels:
+    {{- include "mautrix-signal.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+    {{- list .Values.signald.config "SIGNALD" | include "recurseFlattenMap" | nindent 4 }}
--- a/charts/mautrix-signal/templates/service.yaml
+++ b/charts/mautrix-signal/templates/service.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "mautrix-signal.fullname" . }}
+  labels:
+    {{- include "mautrix-signal.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: appservice
+      protocol: TCP
+      name: appservice
+  selector:
+    {{- include "mautrix-signal.selectorLabels" . | nindent 4 }}
--- a/charts/mautrix-signal/values.yaml
+++ b/charts/mautrix-signal/values.yaml
@ -0,0 +1,66 @@
+# Default values for mautrix-signal.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: dock.mau.dev/mautrix/signal
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+revisionHistoryLimit: 5
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+podAnnotations: {}
+
+podSecurityContext:
+  runAsNonRoot: true
+
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1337
+  runAsGroup: 1337
+
+service:
+  type: ClusterIP
+  port: 29328
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# Mautrix-signal configuration must be in the config key here:
+# however it is recomended to keep it in a different file and
+# use --set-file config=config.yaml when invoking helm.
+# This allows diffing with the example configuration to update it.
+config: {}
+
+signald:
+  image:
+    repository: registry.gitlab.com/signald/signald
+    pullPolicy: IfNotPresent
+    tag: "0.23.2"
+  config: {}
+#    database: ""