feat: namespace and draupnir deployment for moderation #482

earl-warren · 2025-05-29T20:26:37Z

earl-warren commented

2025-05-29 20:26:37 +00:00

First-time contributor

Refs infrastructure/k8s-cluster#415

create PVC directory ../k3s-host/setup.sh setup_k8s_pvc moderation-draupnir 1000

create namespace

debian@hetzner06:~$ kubectl apply --server-side -f moderation/namespace.yaml 
namespace/moderation serverside-applied
debian@hetzner06:~$ cat moderation/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: moderation

create secrets debian@hetzner06:~/moderation$ kubectl apply --server-side -f moderation-draupnir.yaml (using the token provided by @Beowulf )

k8s-cluster/flux/apps$ kustomize build --load-restrictor LoadRestrictionsNone moderation

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: draupnir
  namespace: moderation
spec:
  chart:
    spec:
      chart: draupnir
      interval: 5m
      sourceRef:
        kind: HelmRepository
        name: draupnir
        namespace: flux-system
      version: 0.1.0
  interval: 30m
  values:
    config:
      admin:
        enableMakeRoomAdminCommand: false
      autojoinOnlyIfManager: true
      automaticallyRedactForReasons:
      - spam
      - advertising
      backgroundDelayMS: 500
      commands:
        additionalPrefixes:
        - draupnir
        allowNoPrefix: true
        ban:
          defaultReasons:
          - spam
          - advertising
      dataPath: /data/storage
      disableServerACL: false
      displayReports: true
      experimentalRustCrypto: false
      health:
        healthz:
          address: 0.0.0.0
          enabled: true
          endpoint: /healthz
          healthyStatus: 200
          port: 8080
          unhealthyStatus: 418
      homeserverUrl: https://matrix-client.matrix.org
      logLevel: INFO
      managementRoom: '!QAufPzkBelflNHeFko:matrix.org'
      noop: false
      pantalaimon:
        use: false
      pollReports: false
      protectAllJoinedRooms: false
      protections:
        wordlist:
          minutesBeforeTrusting: 20
          words:
          - https://t.me/
      rawHomeserverUrl: https://matrix-client.matrix.org
      recordIgnoredInvites: false
      roomStateBackingStore:
        enabled: true
      verifyPermissionsOnStartup: true
      web:
        abuseReporting:
          enabled: false
        enabled: false
        synapseHTTPAntispam:
          enabled: false
    volumeMounts:
    - mountPath: /data/storage
      name: moderation-draupnir
    volumes:
    - name: moderation-draupnir
      persistentVolumeClaim:
        claimName: moderation-draupnir-pvc
  valuesFrom:
  - kind: Secret
    name: draupnir-token
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: moderation-draupnir-pvc
  namespace: moderation
spec:
  chart:
    spec:
      chart: ./flux/apps/charts/pvc
      interval: 12h
      sourceRef:
        kind: GitRepository
        name: flux-system
        namespace: flux-system
  driftDetection:
    mode: enabled
  interval: 30m
  values:
    capacity: 10Gi
    name: draupnir

Refs infrastructure/k8s-cluster#415 --- - [x] create PVC directory `../k3s-host/setup.sh setup_k8s_pvc moderation-draupnir 1000` - [x] create namespace ```shell debian@hetzner06:~$ kubectl apply --server-side -f moderation/namespace.yaml namespace/moderation serverside-applied debian@hetzner06:~$ cat moderation/namespace.yaml apiVersion: v1 kind: Namespace metadata: name: moderation ``` - [x] create secrets `debian@hetzner06:~/moderation$ kubectl apply --server-side -f moderation-draupnir.yaml` (using the token provided by @Beowulf ) --- `k8s-cluster/flux/apps$ kustomize build --load-restrictor LoadRestrictionsNone moderation ` ```yaml apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: draupnir namespace: moderation spec: chart: spec: chart: draupnir interval: 5m sourceRef: kind: HelmRepository name: draupnir namespace: flux-system version: 0.1.0 interval: 30m values: config: admin: enableMakeRoomAdminCommand: false autojoinOnlyIfManager: true automaticallyRedactForReasons: - spam - advertising backgroundDelayMS: 500 commands: additionalPrefixes: - draupnir allowNoPrefix: true ban: defaultReasons: - spam - advertising dataPath: /data/storage disableServerACL: false displayReports: true experimentalRustCrypto: false health: healthz: address: 0.0.0.0 enabled: true endpoint: /healthz healthyStatus: 200 port: 8080 unhealthyStatus: 418 homeserverUrl: https://matrix-client.matrix.org logLevel: INFO managementRoom: '!QAufPzkBelflNHeFko:matrix.org' noop: false pantalaimon: use: false pollReports: false protectAllJoinedRooms: false protections: wordlist: minutesBeforeTrusting: 20 words: - https://t.me/ rawHomeserverUrl: https://matrix-client.matrix.org recordIgnoredInvites: false roomStateBackingStore: enabled: true verifyPermissionsOnStartup: true web: abuseReporting: enabled: false enabled: false synapseHTTPAntispam: enabled: false volumeMounts: - mountPath: /data/storage name: moderation-draupnir volumes: - name: moderation-draupnir persistentVolumeClaim: claimName: moderation-draupnir-pvc valuesFrom: - kind: Secret name: draupnir-token --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: moderation-draupnir-pvc namespace: moderation spec: chart: spec: chart: ./flux/apps/charts/pvc interval: 12h sourceRef: kind: GitRepository name: flux-system namespace: flux-system driftDetection: mode: enabled interval: 30m values: capacity: 10Gi name: draupnir ```

earl-warren added 1 commit 2025-05-29 20:26:37 +00:00

feat: namespace and draupnir deployment for moderation

build / lint (push) Has been cancelled

build / lint (pull_request) Has been cancelled

/ test (pull_request) Has been cancelled

4a921e66a0

Refs infrastructure/k8s-cluster#415

viceice commented

2025-05-29 20:26:38 +00:00

First-time contributor

add the depends on pvc to the draupnir chart

viceice requested changes 2025-05-29 20:26:38 +00:00

Dismissed

viceice left a comment

First-time contributor

added by F3

flux/apps/moderation/draupnir.yaml

					
				@ -0,0 +180,4 @@

				        # before saying "Now monitoring rooms" and flagging itself healthy.

				        #

				        # Health is flagged through HTTP status codes, defined below.

				        healthz:

viceice commented

2025-05-29 20:26:38 +00:00

First-time contributor

should be enabled

earl-warren commented

2025-05-29 20:26:39 +00:00

First-time contributor

8dc68ee70a..ac9f92fd84

https://invisible.forgejo.org/infrastructure/k8s-cluster/compare/8dc68ee70af2d33771ec0839bad7e67b3a7af588..ac9f92fd84164b58bfdea1a4eb7f40dc05277066

flux/apps/moderation/kustomization.yaml

					
				@ -0,0 +1,8 @@

				apiVersion: kustomize.config.k8s.io/v1beta1

viceice commented

2025-05-29 20:26:38 +00:00

First-time contributor

needs a flux customization

a4cadd5258/flux/clusters/monitoring.yaml (L2)

needs a flux customization https://invisible.forgejo.org/infrastructure/k8s-cluster/src/commit/a4cadd52584a8f867db4292a732cf437997ebd7d/flux/clusters/monitoring.yaml#L2

earl-warren commented

2025-05-29 20:26:39 +00:00

First-time contributor

01f57b32df..8dc68ee70a

https://invisible.forgejo.org/infrastructure/k8s-cluster/compare/01f57b32df27df1ff81d2ed3866e1c28fa71679c..8dc68ee70af2d33771ec0839bad7e67b3a7af588

flux/infrastructure/namespaces/moderation.yaml

					
				@ -0,0 +1,4 @@

				apiVersion: v1

viceice commented

2025-05-29 20:26:38 +00:00

First-time contributor

needs to be added to the kustomization yaml

a4cadd5258/flux/infrastructure/namespaces/kustomization.yaml (L8)

needs to be added to the kustomization yaml https://invisible.forgejo.org/infrastructure/k8s-cluster/src/commit/a4cadd52584a8f867db4292a732cf437997ebd7d/flux/infrastructure/namespaces/kustomization.yaml#L8

earl-warren commented

2025-05-29 20:26:39 +00:00

First-time contributor

4fe7c05d5a..01f57b32df

https://invisible.forgejo.org/infrastructure/k8s-cluster/compare/4fe7c05d5a916a5c843ad40ca2c93da63237f02d..01f57b32df27df1ff81d2ed3866e1c28fa71679c

root closed this pull request

2025-05-29 20:26:39 +00:00

viceice requested changes 2025-05-29 20:26:39 +00:00

Dismissed

viceice left a comment

First-time contributor

maybe it's better to publish the chart to forgejo-code as oci, like we do with forgejo chart until official releases exist.

flux/apps/moderation/draupnir.yaml

					
				@ -0,0 +9,4 @@

				    spec:

				      chart: draupnir

				      version: '0.1.0'

				      sourceRef:

viceice commented

2025-05-29 20:26:39 +00:00

First-time contributor

you probably also need a helm chart resource to link helm release to git repository. see other comment.

https://fluxcd.io/flux/components/source/helmcharts/#source-reference

you probably also need a helm chart resource to link helm release to git repository. see other comment. https://fluxcd.io/flux/components/source/helmcharts/#source-reference

flux/infrastructure/repos/draupnir-charts.yaml

viceice commented

2025-05-29 20:26:39 +00:00

First-time contributor

this doesn't work. helm repo doesn't support git branches. you need a gitrepository

this doesn't work. helm repo doesn't support git branches. you need a gitrepository - https://fluxcd.io/flux/components/source/helmrepositories/ - https://fluxcd.io/flux/components/source/gitrepositories/

earl-warren commented

2025-05-29 20:26:39 +00:00

First-time contributor

Something like that 7f07ca62de ?

Something like that https://invisible.forgejo.org/infrastructure/k8s-cluster/commit/7f07ca62de9fbf2b8a236d366af77df877368218 ?

earl-warren commented

2025-05-29 20:26:39 +00:00

First-time contributor

7f07ca62de..a6037772b6

relies on https://code.forgejo.org/forgejo-contrib/draupnir-helm-charts

https://invisible.forgejo.org/infrastructure/k8s-cluster/compare/7f07ca62de9fbf2b8a236d366af77df877368218..a6037772b659ff625abe0de348d782a585792f90 relies on https://code.forgejo.org/forgejo-contrib/draupnir-helm-charts