feat(conduit): add wellknown (nginx for configmap)

conduit/Chart.yaml

@@ -4,5 +4,5 @@ description: Conduit is a simple, fast and reliable chat server powered by Matri
 
 type: application
 
-version: 0.1.0
+version: 0.2.0
 appVersion: "0.6.0"

conduit/templates/deployment.yaml

@@ -8,9 +8,12 @@ spec:
   {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
   {{- end }}
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       {{- include "conduit.selectorLabels" . | nindent 6 }}
+      type: conduit
   template:
     metadata:
       {{- with .Values.podAnnotations }}
@@ -19,6 +22,7 @@ spec:
       {{- end }}
       labels:
         {{- include "conduit.selectorLabels" . | nindent 8 }}
+        type: conduit
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -58,14 +62,20 @@ spec:
               value: "/var/lib/matrix-conduit"
             - name: "CONDUIT_DATABASE_BACKEND"
               value: "rocksdb"
-            - name: "CONDUIT_ALLOW_REGISTRATION"
-              value: {{ .Values.conduit.allowRegistration | quote }}
-            - name: "CONDUIT_ALLOW_FEDERATION"
-              value: {{ .Values.conduit.allowFederation | quote }}
             - name: "CONDUIT_ALLOW_CHECK_FOR_UPDATE"
               value: "false"
+            - name: "CONDUIT_ALLOW_REGISTRATION"
+              value: {{ .Values.conduit.allowRegistration | quote }}
+            - name: "CONDUIT_ALLOW_ENCRYPTION"
+              value: {{ .Values.conduit.allowEncryption | quote }}
+            - name: "CONDUIT_ALLOW_FEDERATION"
+              value: {{ .Values.conduit.allowFederation | quote }}
+            - name: "CONDUIT_ALLOW_ROOM_CREATION"
+              value: {{ .Values.conduit.allowRoomCreation | quote }}
+            - name: "CONDUIT_ALLOW_UNSTABLE_ROOM_VERSIONS"
+              value: {{ .Values.conduit.allowUnstableRoomVersions | quote }}
             - name: "CONDUIT_TRUSTED_SERVERS"
-              value: {{ toJSON .Values.conduit.trustedServers | quote }}
+              value: {{ toJson .Values.conduit.trustedServers | quote }}
             - name: "CONDUIT_MAX_REQUEST_SIZE"
               value: {{ .Values.conduit.maxRequestSize | quote }}
             {{- with .Values.conduit.maxConcurrentRequests }}
@@ -76,6 +86,14 @@ spec:
             - name: "CONDUIT_LOG"
               value: {{ . | quote }}
             {{- end }}
+            {{- with .Values.conduit.registrationToken }}
+            - name: "CONDUIT_REGISTRATION_TOKEN"
+              value: {{ . | quote }}
+            {{- end }}
+            {{- with .Values.conduit.wellKnownClient }}
+            - name: "CONDUIT_WELL_KNOWN_CLIENT"
+              value: {{ . | quote }}
+            {{- end }}
           volumeMounts:
             - name: "data"
               mountPath: "/var/lib/matrix-conduit"

conduit/templates/ingress.yaml

@@ -58,4 +58,23 @@ spec:
               {{- end }}
           {{- end }}
     {{- end }}
+    {{- if and .Values.wellknown.enabled }}
+    - host: {{ .Values.conduit.server_name }}
+      http:
+       paths:
+         - path: /.well-known/matrix/server
+           pathType: Prefix
+           backend:
+             service:
+               name: {{ include "conduit.fullname" . }}-wellknown
+               port:
+                 name: http
+         - path: /.well-known/matrix/client
+           pathType: Prefix
+           backend:
+             service:
+               name: {{ include "conduit.fullname" . }}-wellknown
+               port:
+                 name: http
+    {{- end }}
 {{- end }}

conduit/templates/service.yaml

@@ -13,3 +13,4 @@ spec:
       name: http
   selector:
     {{- include "conduit.selectorLabels" . | nindent 4 }}
+    type: conduit

conduit/templates/wellknown/configmap.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.wellknown.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "conduit.fullname" . }}-wellknown
+  labels:
+    {{- include "conduit.labels" . | nindent 4 }}
+data:
+  server: {{ toJson .Values.wellknown.server | quote }}
+  client: {{ toJson .Values.wellknown.client | quote }}
+{{- end }}

conduit/templates/wellknown/deployment.yaml

@@ -0,0 +1,72 @@
+{{- if .Values.wellknown.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "conduit.fullname" . }}-wellknown
+  labels:
+    {{- include "conduit.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "conduit.selectorLabels" . | nindent 6 }}
+      type: wellknown
+  template:
+    metadata:
+      {{- with .Values.wellknown.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "conduit.selectorLabels" . | nindent 8 }}
+        type: wellknown
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "conduit.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.wellknown.podSecurityContext | nindent 8 }}
+      containers:
+        - name: wellknown
+          securityContext:
+            {{- toYaml .Values.wellknown.securityContext | nindent 12 }}
+          image: "{{ .Values.wellknown.image.repository }}:{{ .Values.wellknown.image.tag }}"
+          imagePullPolicy: {{ .Values.wellknown.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.wellknown.containerPort }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: "data"
+              mountPath: "/usr/share/nginx/html/.well-known/matrix/"
+      {{- with .Values.wellknown.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.wellknown.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.wellknown.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: "data"
+          configMap:
+            name: {{ include "conduit.fullname" . }}-wellknown
+{{- end }}

conduit/templates/wellknown/service.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.wellknown.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "conduit.fullname" . }}-wellknown
+  labels:
+    {{- include "conduit.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.wellknown.service.type }}
+  ports:
+    - port: {{ .Values.wellknown.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "conduit.selectorLabels" . | nindent 4 }}
+    type: wellknown
+{{- end }}

conduit/values.yaml

@@ -26,14 +26,51 @@ serviceAccount:
 conduit:
   server_name: "your.server.name"
   allowRegistration: false
+  allowEncryption: true
   allowFederation: true
+  allowRoomCreation: true
+  allowUnstableRoomVersions: true
   trustedServers:
     - "matrix.org"
-  maxRequestSize: "20_000_000" # in bytes, ~20 MB
+  maxRequestSize: "20000000" # in bytes, ~20 MB
   # maxConcurrentRequests: 100
   maxConcurrentRequests:
   # log: "warn,rocket=off,_=off,sled=off"
   log:
+  registrationToken:
+  wellKnownClient: "your.server.name"
+
+wellknown:
+  enabled: true
+  image:
+    repository: nginx
+    pullPolicy: IfNotPresent
+    tag: "1.25"
+
+  replicaCount: 1
+  podAnnotations: []
+  podSecurityContext: {}
+  securityContext: {}
+  containerPort: 80
+  env: []
+  resources: {}
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
+  service:
+    type: ClusterIP
+    port: 8080
+    annotations: {}
+
+  # TO EDIT:
+  server:
+    "m.server": "your.server.name:443"
+  client:  
+    "m.homeserver":
+      "base_url": "https://your.server.name/" 
+    "org.matrix.msc3575.proxy":
+      "url": "https://your.server.name/" 
 
 podAnnotations: {}
 
@@ -50,7 +87,7 @@ securityContext: {}
 
 service:
   type: ClusterIP
-  port: 80
+  port: 6167
 
 ingress:
   enabled: false