From 6dc73bf710b96c78aa1f52a733a7657e7fe8c67f Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Sun, 20 Oct 2019 22:38:34 +0300 Subject: [PATCH] Add somewhat functional helm chart --- .gitignore | 18 +-- helm/mautrix-telegram/.editorconfig | 2 + helm/mautrix-telegram/.helmignore | 22 +++ helm/mautrix-telegram/Chart.yaml | 14 ++ helm/mautrix-telegram/registration.yaml.txt | 19 +++ helm/mautrix-telegram/templates/NOTES.txt | 21 +++ helm/mautrix-telegram/templates/_helpers.tpl | 55 +++++++ .../mautrix-telegram/templates/configmap.yaml | 53 +++++++ .../templates/deployment.yaml | 65 ++++++++ helm/mautrix-telegram/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 8 + .../templates/tests/test-connection.yaml | 15 ++ helm/mautrix-telegram/values.yaml | 140 ++++++++++++++++++ 13 files changed, 439 insertions(+), 9 deletions(-) create mode 100644 helm/mautrix-telegram/.editorconfig create mode 100644 helm/mautrix-telegram/.helmignore create mode 100644 helm/mautrix-telegram/Chart.yaml create mode 100644 helm/mautrix-telegram/registration.yaml.txt create mode 100644 helm/mautrix-telegram/templates/NOTES.txt create mode 100644 helm/mautrix-telegram/templates/_helpers.tpl create mode 100644 helm/mautrix-telegram/templates/configmap.yaml create mode 100644 helm/mautrix-telegram/templates/deployment.yaml create mode 100644 helm/mautrix-telegram/templates/service.yaml create mode 100644 helm/mautrix-telegram/templates/serviceaccount.yaml create mode 100644 helm/mautrix-telegram/templates/tests/test-connection.yaml create mode 100644 helm/mautrix-telegram/values.yaml diff --git a/.gitignore b/.gitignore index ba51ba75..9ce117f4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,17 +1,17 @@ -.idea/ +/.idea/ -.venv -env/ +/.venv +/env/ pip-selfcheck.json *.pyc __pycache__ -build -dist -*.egg-info -.eggs +/build +/dist +/*.egg-info +/.eggs -config.yaml -registration.yaml +/config.yaml +/registration.yaml *.log* *.db *.bak diff --git a/helm/mautrix-telegram/.editorconfig b/helm/mautrix-telegram/.editorconfig new file mode 100644 index 00000000..d2097f29 --- /dev/null +++ b/helm/mautrix-telegram/.editorconfig @@ -0,0 +1,2 @@ +[*.{yaml,yml}] +indent_size = 2 diff --git a/helm/mautrix-telegram/.helmignore b/helm/mautrix-telegram/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/helm/mautrix-telegram/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/mautrix-telegram/Chart.yaml b/helm/mautrix-telegram/Chart.yaml new file mode 100644 index 00000000..54cf542b --- /dev/null +++ b/helm/mautrix-telegram/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +name: mautrix-telegram +version: 0.1.0 +appVersion: "0.7.0" +description: A Matrix-Telegram hybrid puppeting/relaybot bridge. +keywords: + - matrix + - bridge + - telegram +maintainers: + - name: Tulir Asokan + email: tulir@maunium.net +sources: + - https://github.com/tulir/mautrix-telegram diff --git a/helm/mautrix-telegram/registration.yaml.txt b/helm/mautrix-telegram/registration.yaml.txt new file mode 100644 index 00000000..b99ee744 --- /dev/null +++ b/helm/mautrix-telegram/registration.yaml.txt @@ -0,0 +1,19 @@ +id: {{ .Values.appservice.id }} +as_token: {{ .Values.appservice.asToken }} +hs_token: {{ .Values.appservice.hsToken }} +namespaces: + users: + - exclusive: true + regex: "@{{ .Values.bridge.username_template | replace "{userid}" ".+"}}:{{ .Values.homeserver.domain }}" + {{- if .Values.appservice.communityID }} + group_id: {{ .Values.appservice.communityID }} + {{- end }} + aliases: + - exclusive: true + regex: "@{{ .Values.bridge.alias_template | replace "{groupname}" ".+"}}:{{ .Values.homeserver.domain }}" + {{- if .Values.appservice.communityID }} + group_id: {{ .Values.appservice.communityID }} + {{- end }} +url: {{ .Values.appservice.address }} +sender_localpart: {{ .Values.appservice.botUsername }} +rate_limited: false diff --git a/helm/mautrix-telegram/templates/NOTES.txt b/helm/mautrix-telegram/templates/NOTES.txt new file mode 100644 index 00000000..a79dcc07 --- /dev/null +++ b/helm/mautrix-telegram/templates/NOTES.txt @@ -0,0 +1,21 @@ +Your registration file: + +id: {{ .Values.appservice.id }} +as_token: {{ .Values.appservice.asToken }} +hs_token: {{ .Values.appservice.hsToken }} +namespaces: + users: + - exclusive: true + regex: "@{{ .Values.bridge.username_template | replace "{userid}" ".+"}}:{{ .Values.homeserver.domain }}" + {{- if .Values.appservice.communityID }} + group_id: {{ .Values.appservice.communityID }} + {{- end }} + aliases: + - exclusive: true + regex: "@{{ .Values.bridge.alias_template | replace "{groupname}" ".+"}}:{{ .Values.homeserver.domain }}" + {{- if .Values.appservice.communityID }} + group_id: {{ .Values.appservice.communityID }} + {{- end }} +url: {{ .Values.appservice.address }} +sender_localpart: {{ .Values.appservice.botUsername }} +rate_limited: false diff --git a/helm/mautrix-telegram/templates/_helpers.tpl b/helm/mautrix-telegram/templates/_helpers.tpl new file mode 100644 index 00000000..616fb687 --- /dev/null +++ b/helm/mautrix-telegram/templates/_helpers.tpl @@ -0,0 +1,55 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "mautrix-telegram.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mautrix-telegram.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mautrix-telegram.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "mautrix-telegram.labels" -}} +app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }} +helm.sh/chart: {{ include "mautrix-telegram.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mautrix-telegram.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "mautrix-telegram.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/helm/mautrix-telegram/templates/configmap.yaml b/helm/mautrix-telegram/templates/configmap.yaml new file mode 100644 index 00000000..d7d9a0af --- /dev/null +++ b/helm/mautrix-telegram/templates/configmap.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mautrix-telegram.fullname" . }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/name: {{ template "mautrix-telegram.name" . }} +data: + config.yaml: | + homeserver: + address: {{ .Values.homeserver.address }} + domain: {{ .Values.homeserver.domain }} + verify_ssl: {{ .Values.homeserver.verifySSL }} + + appservice: + address: http://{{ include "mautrix-telegram.fullname" . }}:{{ .Values.service.port }} + + hostname: 0.0.0.0 + port: {{ .Values.service.port }} + max_body_size: {{ .Values.appservice.maxBodySize }} + + database: {{ .Values.appservice.database }} + + public: + {{- toYaml .Values.appservice.public | nindent 8 }} + + provisioning: + {{- toYaml .Values.appservice.provisioning | nindent 8 }} + + id: {{ .Values.appservice.id }} + bot_username: {{ .Values.appservice.botUsername }} + bot_displayname: {{ .Values.appservice.botDisplayname }} + bot_avatar: {{ .Values.appservice.botAvatar }} + + community_id: {{ .Values.appservice.communityID }} + + as_token: {{ .Values.appservice.asToken }} + hs_token: {{ .Values.appservice.hsToken }} + + metrics: + {{- toYaml .Values.metrics | nindent 6 }} + + bridge: + {{- toYaml .Values.bridge | nindent 6 }} + + telegram: + {{- toYaml .Values.telegram | nindent 6 }} + + logging: + {{- toYaml .Values.logging | nindent 6 }} + registration.yaml: "" diff --git a/helm/mautrix-telegram/templates/deployment.yaml b/helm/mautrix-telegram/templates/deployment.yaml new file mode 100644 index 00000000..ee41a1ea --- /dev/null +++ b/helm/mautrix-telegram/templates/deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mautrix-telegram.fullname" . }} + labels: + {{- include "mautrix-telegram.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + {{- if .Values.podAnnotations }} + annotations: + {{- toYaml .Values.podAnnotations | nindent 6 }} + {{- end }} + metadata: + labels: + app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "mautrix-telegram.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: /data + name: config-volume + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP +# livenessProbe: +# httpGet: +# path: / +# port: http +# readinessProbe: +# httpGet: +# path: / +# port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: config-volume + configMap: + name: {{ template "mautrix-telegram.fullname" . }} + + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/mautrix-telegram/templates/service.yaml b/helm/mautrix-telegram/templates/service.yaml new file mode 100644 index 00000000..9c5cf8bc --- /dev/null +++ b/helm/mautrix-telegram/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mautrix-telegram.fullname" . }} + labels: +{{ include "mautrix-telegram.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "mautrix-telegram.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/helm/mautrix-telegram/templates/serviceaccount.yaml b/helm/mautrix-telegram/templates/serviceaccount.yaml new file mode 100644 index 00000000..42715110 --- /dev/null +++ b/helm/mautrix-telegram/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "mautrix-telegram.serviceAccountName" . }} + labels: +{{ include "mautrix-telegram.labels" . | indent 4 }} +{{- end -}} diff --git a/helm/mautrix-telegram/templates/tests/test-connection.yaml b/helm/mautrix-telegram/templates/tests/test-connection.yaml new file mode 100644 index 00000000..d9937e0a --- /dev/null +++ b/helm/mautrix-telegram/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "mautrix-telegram.fullname" . }}-test-connection" + labels: +{{ include "mautrix-telegram.labels" . | indent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "mautrix-telegram.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/mautrix-telegram/values.yaml b/helm/mautrix-telegram/values.yaml new file mode 100644 index 00000000..9e4fde17 --- /dev/null +++ b/helm/mautrix-telegram/values.yaml @@ -0,0 +1,140 @@ +image: + repository: dock.mau.dev/tulir/mautrix-telegram + tag: latest + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +service: + type: ClusterIP + port: 29317 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# Homeserver details +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: https://example.com + # The domain of the homeserver (for MXIDs, etc). + domain: example.com + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verifySSL: true + +# Application service host/registration related details +# Changing these values requires regeneration of the registration. +appservice: + # The full URI to the database. SQLite and Postgres are fully supported. + # Other DBMSes supported by SQLAlchemy may or may not work. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: postgres://username:password@hostname/dbname + + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + maxBodySize: 1 + + # Public part of web server for out-of-Matrix interaction with the bridge. + # Used for things like login if the user wants to make sure the 2FA password isn't stored in + # the HS database. + public: + # Whether or not the public-facing endpoints should be enabled. + enabled: true + # The prefix to use in the public-facing endpoints. + prefix: /public + # The base URL where the public-facing endpoints are available. The prefix is not added + # implicitly. + external: https://example.com/public + + # Provisioning API part of the web server for automated portal creation and fetching information. + # Used by things like Dimension (https://dimension.t2bot.io/). + provisioning: + # Whether or not the provisioning API should be enabled. + enabled: true + # The prefix to use in the provisioning API endpoints. + prefix: /_matrix/provision/v1 + # The shared secret to authorize users of the API. + shared_secret: SET TO RANDOM STRING + + id: telegram + botUsername: telegrambot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + botDisplayname: Telegram bridge bot + botAvatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX + + # Community ID for bridged users (changes registration file) and rooms. + # Must be created manually. + communityID: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + asToken: SET TO RANDOM STRING + hsToken: SET TO RANDOM STRING + +# The keys below can be used to override the configs in the base config: +# https://github.com/tulir/mautrix-telegram/blob/master/example-config.yaml +# Note that the "appservice" and "homeserver" sections are above and slightly different than the base. + +# Bridge config +bridge: + # Localpart template of MXIDs for Telegram users. + # {userid} is replaced with the user ID of the Telegram user. + username_template: "telegram_{userid}" + # Localpart template of room aliases for Telegram portal rooms. + # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} ) + alias_template: "telegram_{groupname}" + + # Permissions for using the bridge. + # Permitted values: + # relaybot - Only use the bridge via the relaybot, no access to commands. + # user - Relaybot level + access to commands to create bridges. + # puppeting - User level + logging in with a Telegram account. + # full - Full access to use the bridge, i.e. previous levels + Matrix login. + # admin - Full access to use the bridge and some extra administration commands. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "*": "relaybot" + "public.example.com": "user" + "example.com": "full" + "@admin:example.com": "admin" + +# Prometheus telemetry config. +metrics: + enabled: false + listen_port: 8000 + +# Telegram config +telegram: + # Get your own API keys at https://my.telegram.org/apps + api_id: 12345 + api_hash: tjyd5yge35lbodk1xwzw2jstp90k55qz + # (Optional) Create your own bot at https://t.me/BotFather + # bot_token: 123456789: