add matrix hookshot

charts/matrix-hookshot/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/*
+Helper for secret name
+*/}}
+{{- define "hookshot.secretName" -}}
+{{- if .Values.hookshot.existingSecret }}
+{{- printf "%s" .Values.hookshot.existingSecret -}}
+{{- else }}
+{{- printf "matrix-hookshot-config-secret" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Helper for registration secret name
+*/}}
+{{- define "hookshot.registrationSecretName" -}}
+{{- if .Values.hookshot.existingRegistrationSecret }}
+{{- printf "%s" .Values.hookshot.existingRegistrationSecret -}}
+{{- else }}
+{{- printf "matrix-hookshot-registration-secret" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Helper for passkey secret name
+*/}}
+{{- define "hookshot.passkeySecretName" -}}
+{{- if .Values.hookshot.existingPasskeySecret }}
+{{- printf "%s" .Values.hookshot.existingPasskeySecret -}}
+{{- else }}
+{{- printf "matrix-hookshot-passkey-secret" }}
+{{- end }}
+{{- end }}

charts/matrix-hookshot/templates/deployment.yaml

@@ -0,0 +1,76 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: matrix-hookshot
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.deployment.replicas }}
+  strategy:
+    type: {{ .Values.deployment.strategy }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: matrix-hookshot
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: matrix-hookshot
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ .Release.Name }}
+      automountServiceAccountToken: true
+      containers:
+        - name: {{ .Release.Name }}
+          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
+          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
+          ports:
+            - name: webhook
+              containerPort: {{ .Values.service.webhook.port }}
+              protocol: TCP
+            - name: metrics
+              containerPort: {{ .Values.service.metrics.port }}
+              protocol: TCP
+            - name: appservice
+              containerPort: {{ .Values.service.appservice.port }}
+              protocol: TCP
+          env:
+          {{- range $k,$v := .Values.deployment.env }}
+            - name: {{ $k }}
+              value: {{ $v | quote }}
+          {{- end }}
+          {{- with .Values.deployment.envFrom }}
+          envFrom:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.deployment.resources | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: /data/config.yml
+              subPath: config.yml
+              readOnly: true
+            - name: registration
+              mountPath: /data/registration.yml
+              subPath: registration.yml
+              readOnly: true
+            - name: passkey
+              mountPath: "/data/{{ .Values.hookshot.config.passFile }}"
+              subPath: "{{ .Values.hookshot.config.passFile }}"
+              readOnly: true
+      volumes:
+        - name: config
+          secret:
+            name: {{ template "hookshot.secretName" . }}
+        - name: registration
+          secret:
+            secretName: {{ template "hookshot.registrationSecretName" . }}
+        - name: passkey
+          secret:
+            secretName: {{ template "hookshot.passkeySecretName" . }}

charts/matrix-hookshot/templates/ingress.yaml

@@ -0,0 +1,66 @@
+{{- if .Values.ingress.webhook.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: "{{ .Release.Name }}-webhook"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: "{{ .Release.Name }}-webhook"
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    {{- toYaml .Values.ingress.webhook.annotations | nindent 4 }}
+spec:
+  ingressClassName: {{ .Values.ingress.webhook.className }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.webhook.host }}
+      secretName: {{ .Release.Name }}-webhook-secret-tls
+  rules:
+    - host: {{ .Values.ingress.webhook.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}
+                port:
+                  name: webhook
+{{- end }}
+
+---
+{{- if .Values.ingress.appservice.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: "{{ .Release.Name }}-appservice"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: "{{ .Release.Name }}-appservice"
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    {{- toYaml .Values.ingress.appservice.annotations | nindent 4 }}
+spec:
+  ingressClassName: {{ .Values.ingress.appservice.className }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.appservice.host }}
+      secretName: {{ .Release.Name }}-appservice-secret-tls
+  rules:
+    - host: {{ .Values.ingress.appservice.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}
+                port:
+                  name: appservice
+{{- end }}

charts/matrix-hookshot/templates/pod.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-test-connection"
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  restartPolicy: Never
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ .Release.Name }}:{{ .Values.service.webhook.port }}']
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 256Mi

charts/matrix-hookshot/templates/secret.yaml

@@ -0,0 +1,52 @@
+{{- if not .Values.hookshot.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: matrix-hookshot-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-hookshot-config
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+data:
+  config.yml: |
+{{ toYaml .Values.hookshot.config | indent 4 }}
+{{- end }}
+
+---
+{{- if not .Values.hookshot.existingRegistrationSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: matrix-hookshot-registration-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-hookshot-registration
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+data:
+  registration.yml: |
+{{ toYaml .Values.hookshot.registration | indent 4 }}
+{{- end }}
+
+---
+{{- if not .Values.hookshot.existingPasskeySecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: matrix-hookshot-passkey-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-hookshot-passkey
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+data:
+  {{ .Values.hookshot.config.passFile }}: |
+{{ toYaml .Values.hookshot.passkey | indent 4 }}
+{{- end }}

charts/matrix-hookshot/templates/service-account.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/matrix-hookshot/templates/service.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.webhook.port }}
+      targetPort: webhook
+      protocol: TCP
+      name: webhook
+    - port: {{ .Values.service.metrics.port }}
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+    - port: {{ .Values.service.appservice.port }}
+      targetPort: appservice
+      protocol: TCP
+      name: appservice
+  selector:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}