diff --git a/charts/matrix-hookshot/Chart.yaml b/charts/matrix-hookshot/Chart.yaml new file mode 100644 index 0000000..46e5fb2 --- /dev/null +++ b/charts/matrix-hookshot/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: hookshot +version: 0.0.1 +description: Chart for Matrix Hookshot +keywords: + - matrix + - webhook +sources: + - https://github.com/matrix-org/matrix-hookshot +maintainers: + - name: alexlebens +icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4 +appVersion: "5.2.1" diff --git a/charts/matrix-hookshot/templates/_helpers.tpl b/charts/matrix-hookshot/templates/_helpers.tpl new file mode 100644 index 0000000..f1d3017 --- /dev/null +++ b/charts/matrix-hookshot/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* +Helper for secret name +*/}} +{{- define "hookshot.secretName" -}} +{{- if .Values.hookshot.existingSecret }} +{{- printf "%s" .Values.hookshot.existingSecret -}} +{{- else }} +{{- printf "matrix-hookshot-config-secret" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Helper for registration secret name +*/}} +{{- define "hookshot.registrationSecretName" -}} +{{- if .Values.hookshot.existingRegistrationSecret }} +{{- printf "%s" .Values.hookshot.existingRegistrationSecret -}} +{{- else }} +{{- printf "matrix-hookshot-registration-secret" }} +{{- end }} +{{- end }} + +{{/* +Helper for passkey secret name +*/}} +{{- define "hookshot.passkeySecretName" -}} +{{- if .Values.hookshot.existingPasskeySecret }} +{{- printf "%s" .Values.hookshot.existingPasskeySecret -}} +{{- else }} +{{- printf "matrix-hookshot-passkey-secret" }} +{{- end }} +{{- end }} diff --git a/charts/matrix-hookshot/templates/deployment.yaml b/charts/matrix-hookshot/templates/deployment.yaml new file mode 100644 index 0000000..932f110 --- /dev/null +++ b/charts/matrix-hookshot/templates/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: matrix-hookshot + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + revisionHistoryLimit: 3 + replicas: {{ .Values.deployment.replicas }} + strategy: + type: {{ .Values.deployment.strategy }} + selector: + matchLabels: + app.kubernetes.io/name: matrix-hookshot + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: matrix-hookshot + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ .Release.Name }} + automountServiceAccountToken: true + containers: + - name: {{ .Release.Name }} + image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" + imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }} + ports: + - name: webhook + containerPort: {{ .Values.service.webhook.port }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.service.metrics.port }} + protocol: TCP + - name: appservice + containerPort: {{ .Values.service.appservice.port }} + protocol: TCP + env: + {{- range $k,$v := .Values.deployment.env }} + - name: {{ $k }} + value: {{ $v | quote }} + {{- end }} + {{- with .Values.deployment.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.deployment.resources | nindent 12 }} + volumeMounts: + - name: config + mountPath: /data/config.yml + subPath: config.yml + readOnly: true + - name: registration + mountPath: /data/registration.yml + subPath: registration.yml + readOnly: true + - name: passkey + mountPath: "/data/{{ .Values.hookshot.config.passFile }}" + subPath: "{{ .Values.hookshot.config.passFile }}" + readOnly: true + volumes: + - name: config + secret: + name: {{ template "hookshot.secretName" . }} + - name: registration + secret: + secretName: {{ template "hookshot.registrationSecretName" . }} + - name: passkey + secret: + secretName: {{ template "hookshot.passkeySecretName" . }} diff --git a/charts/matrix-hookshot/templates/ingress.yaml b/charts/matrix-hookshot/templates/ingress.yaml new file mode 100644 index 0000000..7d7e6a9 --- /dev/null +++ b/charts/matrix-hookshot/templates/ingress.yaml @@ -0,0 +1,66 @@ +{{- if .Values.ingress.webhook.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: "{{ .Release.Name }}-webhook" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: "{{ .Release.Name }}-webhook" + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + annotations: + {{- toYaml .Values.ingress.webhook.annotations | nindent 4 }} +spec: + ingressClassName: {{ .Values.ingress.webhook.className }} + tls: + - hosts: + - {{ .Values.ingress.webhook.host }} + secretName: {{ .Release.Name }}-webhook-secret-tls + rules: + - host: {{ .Values.ingress.webhook.host }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }} + port: + name: webhook +{{- end }} + +--- +{{- if .Values.ingress.appservice.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: "{{ .Release.Name }}-appservice" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: "{{ .Release.Name }}-appservice" + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + annotations: + {{- toYaml .Values.ingress.appservice.annotations | nindent 4 }} +spec: + ingressClassName: {{ .Values.ingress.appservice.className }} + tls: + - hosts: + - {{ .Values.ingress.appservice.host }} + secretName: {{ .Release.Name }}-appservice-secret-tls + rules: + - host: {{ .Values.ingress.appservice.host }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }} + port: + name: appservice +{{- end }} diff --git a/charts/matrix-hookshot/templates/pod.yaml b/charts/matrix-hookshot/templates/pod.yaml new file mode 100644 index 0000000..0b49715 --- /dev/null +++ b/charts/matrix-hookshot/templates/pod.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-test-connection" + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + annotations: + "helm.sh/hook": test-success +spec: + restartPolicy: Never + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ .Release.Name }}:{{ .Values.service.webhook.port }}'] + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 50m + memory: 256Mi diff --git a/charts/matrix-hookshot/templates/secret.yaml b/charts/matrix-hookshot/templates/secret.yaml new file mode 100644 index 0000000..ccf009e --- /dev/null +++ b/charts/matrix-hookshot/templates/secret.yaml @@ -0,0 +1,52 @@ +{{- if not .Values.hookshot.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: matrix-hookshot-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-hookshot-config + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +data: + config.yml: | +{{ toYaml .Values.hookshot.config | indent 4 }} +{{- end }} + +--- +{{- if not .Values.hookshot.existingRegistrationSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: matrix-hookshot-registration-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-hookshot-registration + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +data: + registration.yml: | +{{ toYaml .Values.hookshot.registration | indent 4 }} +{{- end }} + +--- +{{- if not .Values.hookshot.existingPasskeySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: matrix-hookshot-passkey-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-hookshot-passkey + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +data: + {{ .Values.hookshot.config.passFile }}: | +{{ toYaml .Values.hookshot.passkey | indent 4 }} +{{- end }} diff --git a/charts/matrix-hookshot/templates/service-account.yaml b/charts/matrix-hookshot/templates/service-account.yaml new file mode 100644 index 0000000..a437092 --- /dev/null +++ b/charts/matrix-hookshot/templates/service-account.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} diff --git a/charts/matrix-hookshot/templates/service.yaml b/charts/matrix-hookshot/templates/service.yaml new file mode 100644 index 0000000..6913eee --- /dev/null +++ b/charts/matrix-hookshot/templates/service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.webhook.port }} + targetPort: webhook + protocol: TCP + name: webhook + - port: {{ .Values.service.metrics.port }} + targetPort: metrics + protocol: TCP + name: metrics + - port: {{ .Values.service.appservice.port }} + targetPort: appservice + protocol: TCP + name: appservice + selector: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/matrix-hookshot/values.yaml b/charts/matrix-hookshot/values.yaml new file mode 100644 index 0000000..f6e7d9d --- /dev/null +++ b/charts/matrix-hookshot/values.yaml @@ -0,0 +1,235 @@ +deployment: + replicas: 1 + strategy: Recreate + image: + repository: halfshot/matrix-hookshot + tag: "4.5.1" + imagePullPolicy: IfNotPresent + env: {} + envFrom: [] + resources: + limits: + memory: 512Mi + cpu: 100m + requests: + memory: 256Mi + cpu: 50m +service: + type: ClusterIP + webhook: + port: 9000 + metrics: + port: 9001 + appservice: + port: 9002 +ingress: + webhook: + enabled: false + className: "" + annotations: {} + host: "" + appservice: + enabled: false + className: "" + annotations: {} + host: "" + +# Reference the following for examples +# https://matrix-org.github.io/matrix-hookshot/latest/setup/sample-configuration.html +hookshot: + + # config.yml contents + existingSecret: "" + config: + bridge: + domain: example.com + url: http://localhost:8008 + mediaUrl: https://example.com + port: 9993 + bindAddress: 0.0.0.0 + passFile: passkey.pem + logging: + level: info + colorize: true + json: false + timestampFormat: HH:mm:ss:SSS + listeners: + - port: 9000 + bindAddress: 0.0.0.0 + resources: + - webhooks + - port: 9001 + bindAddress: 0.0.0.0 + resources: + - metrics + - provisioning + - port: 9002 + bindAddress: 0.0.0.0 + resources: + - widgets + + #github: + # # (Optional) Configure this to enable GitHub support + # auth: + # # Authentication for the GitHub App. + # id: 123 + # privateKeyFile: github-key.pem + # webhook: + # # Webhook settings for the GitHub app. + # secret: secrettoken + # oauth: + # # (Optional) Settings for allowing users to sign in via OAuth. + # client_id: foo + # client_secret: bar + # redirect_uri: https://example.com/oauth/ + # defaultOptions: + # # (Optional) Default options for GitHub connections. + # showIssueRoomLink: false + # hotlinkIssues: + # prefix: "#" + # userIdPrefix: + # # (Optional) Prefix used when creating ghost users for GitHub accounts. + # _github_ + + #gitlab: + # # (Optional) Configure this to enable GitLab support + # instances: + # gitlab.com: + # url: https://gitlab.com + # webhook: + # secret: secrettoken + # publicUrl: https://example.com/hookshot/ + # userIdPrefix: + # # (Optional) Prefix used when creating ghost users for GitLab accounts. + # _gitlab_ + # commentDebounceMs: + # # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds) + # 5000 + + #figma: + # # (Optional) Configure this to enable Figma support + # publicUrl: https://example.com/hookshot/ + # instances: + # your-instance: + # teamId: your-team-id + # accessToken: your-personal-access-token + # passcode: your-webhook-passcode + + #jira: + # # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com) + # webhook: + # # Webhook settings for JIRA + # secret: secrettoken + # oauth: + # # (Optional) OAuth settings for connecting users to JIRA. See documentation for more information + # client_id: foo + # client_secret: bar + # redirect_uri: https://example.com/oauth/ + + #generic: + # # (Optional) Support for generic webhook events. + # #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments + + # enabled: false + # enableHttpGet: false + # urlPrefix: https://example.com/webhook/ + # userIdPrefix: _webhooks_ + # allowJsTransformationFunctions: false + # waitForComplete: false + + #feeds: + # # (Optional) Configure this to enable RSS/Atom feed support + # enabled: false + # pollConcurrency: 4 + # pollIntervalSeconds: 600 + # pollTimeoutSeconds: 30 + + #provisioning: + # # (Optional) Provisioning API for integration managers + # secret: "!secretToken" + + #bot: + # # (Optional) Define profile information for the bot user + # displayname: Hookshot Bot + # avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d + + #serviceBots: + # # (Optional) Define additional bot users for specific services + # - localpart: feeds + # displayname: Feeds + # avatar: ./assets/feeds_avatar.png + # prefix: "!feeds" + # service: feeds + + #metrics: + # # (Optional) Prometheus metrics support + # enabled: true + + #cache: + # # (Optional) Cache options for large scale deployments. + # # For encryption to work, this must be configured. + # redisUri: redis://localhost:6379 + + #queue: + # # (Optional) Message queue configuration options for large scale deployments. + # # For encryption to work, this must not be configured. + # redisUri: redis://localhost:6379 + + #widgets: + # # (Optional) EXPERIMENTAL support for complimentary widgets + # addToAdminRooms: false + # disallowedIpRanges: + # - 127.0.0.0/8 + # - 10.0.0.0/8 + # - 172.16.0.0/12 + # - 192.168.0.0/16 + # - 100.64.0.0/10 + # - 192.0.0.0/24 + # - 169.254.0.0/16 + # - 192.88.99.0/24 + # - 198.18.0.0/15 + # - 192.0.2.0/24 + # - 198.51.100.0/24 + # - 203.0.113.0/24 + # - 224.0.0.0/4 + # - ::1/128 + # - fe80::/10 + # - fc00::/7 + # - 2001:db8::/32 + # - ff00::/8 + # - fec0::/10 + # roomSetupWidget: + # addOnInvite: false + # publicUrl: https://example.com/widgetapi/v1/static/ + # branding: + # widgetTitle: Hookshot Configuration + + #sentry: + # # (Optional) Configure Sentry error reporting + # dsn: https://examplePublicKey@o0.ingest.sentry.io/0 + # environment: production + + #permissions: + # # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help + # - actor: example.com + # services: + # - service: "*" + # level: admin + + # registration.yml contents + existingRegistrationSecret: "" + registration: + id: matrix-hookshot + as_token: "" + hs_token: "" + namespaces: + rooms: [] + users: [] + sender_localpart: hookshot + url: "http://example.com" + rate_limited: false + + # A passkey used to encrypt tokens stored inside the bridge. + # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate + existingPasskeySecret: "" + passkey: ""