kubernetes/matrix-media-repo: initial commit

2024-01-21 22:03:55 -08:00 · 2024-01-21 22:03:55 -08:00 · 90937430f4
parent 43bb6b8810
commit 90937430f4
5 changed files with 194 additions and 0 deletions
--- a/kustomizations/matrix/matrix-media-repo/config-secrets.enc.yaml
+++ b/kustomizations/matrix/matrix-media-repo/config-secrets.enc.yaml
--- a/kustomizations/matrix/matrix-media-repo/deployment.yaml
+++ b/kustomizations/matrix/matrix-media-repo/deployment.yaml
@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: matrix-media-repo
+spec:
+  template:
+    spec:
+      # This does not currently work as there are some weird expectations on
+      # run scripts as running as non-root
+      securityContext:
+        fsGroup: 1000
+      containers:
+        - name: media-repo
+          image: drgrove/matrix-media-repo
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+            - name: metrics
+              containerPort: 9000
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /home/user/media/
+              name: ephemeral
+            - mountPath: /home/user/config/media-repo.yaml
+              name: config
+              subPath: config.yaml
+              readOnly: true
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+            allowPrivilegeEscalation: false
+            # Right now setting this to true is not possible
+            readOnlyRootFilesystem: false
+      volumes:
+        - name: config
+          secret:
+            secretName: mmr-config
+        - name: ephemeral
+          emptyDir: {}
--- a/kustomizations/matrix/matrix-media-repo/kustomization.yaml
+++ b/kustomizations/matrix/matrix-media-repo/kustomization.yaml
@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/name: media-repo
+    app.kubernetes.io/part-of: matrix
+resources:
+- deployment.yaml
+- service.yaml
+generators:
+- secret-generator.yaml
+images:
+  - name: turt2live/matrix-media-repo
+    newTag: v1.3.3@sha256:59cf338753598af400919caf332c92dd0e8e6c6e6e5d18270e52552c7c1e3c4b
--- a/kustomizations/matrix/matrix-media-repo/secret-generator.yaml
+++ b/kustomizations/matrix/matrix-media-repo/secret-generator.yaml
@ -0,0 +1,6 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: telegram-ksops-secrets
+files:
+  - config-secrets.enc.yaml
--- a/kustomizations/matrix/matrix-media-repo/service.yaml
+++ b/kustomizations/matrix/matrix-media-repo/service.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: media-repo
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8000
+      targetPort: http
+    - name: metrics
+      protocol: TCP
+      port: 9000
+      targetPort: metrics