kubernetes/matrix-media-repo: initial commit

This commit is contained in:
Danny Grove 2024-01-21 22:03:55 -08:00
parent 43bb6b8810
commit 90937430f4
Signed by: drgrove
GPG Key ID: E1F4160251DB4C2E
5 changed files with 194 additions and 0 deletions

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-media-repo
spec:
template:
spec:
# This does not currently work as there are some weird expectations on
# run scripts as running as non-root
securityContext:
fsGroup: 1000
containers:
- name: media-repo
image: drgrove/matrix-media-repo
ports:
- name: http
containerPort: 8000
protocol: TCP
- name: metrics
containerPort: 9000
protocol: TCP
volumeMounts:
- mountPath: /home/user/media/
name: ephemeral
- mountPath: /home/user/config/media-repo.yaml
name: config
subPath: config.yaml
readOnly: true
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
# Right now setting this to true is not possible
readOnlyRootFilesystem: false
volumes:
- name: config
secret:
secretName: mmr-config
- name: ephemeral
emptyDir: {}

View File

@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/name: media-repo
app.kubernetes.io/part-of: matrix
resources:
- deployment.yaml
- service.yaml
generators:
- secret-generator.yaml
images:
- name: turt2live/matrix-media-repo
newTag: v1.3.3@sha256:59cf338753598af400919caf332c92dd0e8e6c6e6e5d18270e52552c7c1e3c4b

View File

@ -0,0 +1,6 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: telegram-ksops-secrets
files:
- config-secrets.enc.yaml

View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: media-repo
spec:
ports:
- name: http
protocol: TCP
port: 8000
targetPort: http
- name: metrics
protocol: TCP
port: 9000
targetPort: metrics