search

matrix-org / matrix-hookshot

A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA.
https://matrix-org.github.io/matrix-hookshot/
Apache License 2.0
282 stars 67 forks source link

Ingress Example for Helm Chart #780

Open rhizoet opened 1 year ago

rhizoet commented 1 year ago

Can you please create an example of a working ingress for the helm chart?

I tried to specify only the hosts. Unfortunately that did not work.

When I specify the following:

hosts:
  - host: example.com
    paths:
      - path: /webhook
        pathType: Prefix
        backend:
          port:
            number: 9000

I get the error: Upgrade "hookshot" failed: failed to create resource: Ingress.extensions "hookshot-appservice" is invalid: spec.rules[0].http.paths[0].backend: Required value: port name or number is required

So, could you please provide a working ingress example. I don't know how it should look like.

And how should I create and import a passkey.pem on a kubernetes cluster? Can this be done by the chart?

Thanks in advance.

rhizoet commented 1 year ago

@Arkaniad do you have any news on this?

Arkaniad commented 1 year ago

Nothing actioned yet - Some notes though:

A production ready ingress configuration with this chart looks like this:

ingress:
  webhook:
    enabled: true
    # className: "nginx-public"
    annotations: {}
    hosts:
      - host: webhook-hookshot.infra.test.dev
        paths:
          - path: /
            pathType: Prefix
            port: 9000
    tls:
    - secretName: monitoring-hookshot-webhook-tls
      hosts:
        - webhook-hookshot.infra.test.dev

  appservice:
    enabled: true
    # className: "nginx-public"
    annotations: {}
    hosts:
      - host: hookshot.infra.test.dev
        paths:
          - path: /
            pathType: Prefix
            port: 9002
    tls:
    - secretName: monitoring-hookshot-app-tls
      hosts:
        - hookshot.infra.test.dev

Ideally, the host port portion of the path should default to the configured service port but for now these just need to match manually.

For the AppService registration, the chart is configured to pass these through via values.yaml - we use sops w/ Helm so it's okay for us to have a separate encrypted values file with secrets in it. This is all here but I can see that I've overlooked adding a config for mounting externally managed secrets, so I'll get that added :)

mike-pisman commented 10 months ago

And how should I create and import a passkey.pem on a kubernetes cluster? Can this be done by the chart?

I also have this questions. The key is required at the start, though there is no way for adding it as a secret or setting up persistent storage through helm values.

nvm, figured it out. Enter the key into passkey field at the end of the values.yaml Then change passFile value from passkey.pem to /data/passkey.pem

I don't understand why this is not the default value, considering everything is mounted under /data folder