-
Notifications
You must be signed in to change notification settings - Fork 18
/
ingress.yaml
117 lines (108 loc) · 3.65 KB
/
ingress.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# The ingress configuration comes with both nginx and traefik values, one of which might be removed depending on which ingress is deployed
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 500m
nginx.ingress.kubernetes.io/upstream-vhost: example.com
traefik.ingress.kubernetes.io/custom-request-headers: X-Forwarded-Host:example.com
traefik.ingress.kubernetes.io/proxy-body-size: 500m
name: matrix-synapse
namespace: matrix
spec:
rules:
- host: example.com
http:
paths:
# Federation-facing paths
# V These paths are only for the federation-reader worker, must be removed if it's not used
- backend:
serviceName: federation-reader
servicePort: 8083
path: /_matrix/federation/v1/((event|state|state_ids|backfill|get_missing_events|query|make_join|make_leave|send_join|send_leave|invite|query_auth|event_auth|exchange_third_party_invite|send)/|publicRooms)
- backend:
serviceName: federation-reader
servicePort: 8083
path: /_matrix/federation/v2/(send_join|send_leave|invite)
- backend:
serviceName: federation-reader
servicePort: 8083
path: /_matrix/federation/v1/{path:((event|state|state_ids|backfill|get_missing_events|query|make_join|make_leave|send_join|send_leave|invite|query_auth|event_auth|exchange_third_party_invite|send)/|publicRooms)}
- backend:
serviceName: federation-reader
servicePort: 8083
path: /_matrix/federation/v2/{path:(send_join|send_leave|invite)}
- backend:
serviceName: federation-reader
servicePort: 8083
path: /_matrix/key/v2/query
# ^
# V If the ma1sd identity server is being used, can be removed otherwise
- backend:
serviceName: ma1sd
servicePort: 8090
path: /_matrix/client/r0/user_directory
- backend:
serviceName: ma1sd
servicePort: 8090
path: /_matrix/identity
# ^
# V If the media-repo is being used, can be removed otherwise
- backend:
serviceName: matrix-media-repo
servicePort: 8000
path: /_matrix/media
# ^
- backend:
serviceName: matrix-synapse
servicePort: 8008
path: /.well-known/matrix
- backend:
serviceName: matrix-synapse
servicePort: 8008
path: /_matrix
- host: matrix.example.com
http:
paths:
# Client-facing paths, don't need federation-only paths here
# V If the ma1sd identity server is being used, can be removed otherwise
- backend:
serviceName: ma1sd
servicePort: 8090
path: /_matrix/client/r0/user_directory
- backend:
serviceName: ma1sd
servicePort: 8090
path: /_matrix/identity
# ^
# V If the media-repo is being used, can be removed otherwise
- backend:
serviceName: matrix-media-repo
servicePort: 8000
path: /_matrix/media
# ^
- backend:
serviceName: matrix-synapse
servicePort: 8008
path: /_matrix
# If Riot's being ran in K8s as well
- host: riot.example.com
http:
paths:
- backend:
serviceName: riot
servicePort: 80
path: /
tls:
# The main domain rules might want to be moved elsewhere if needed
- hosts:
- example.com
secretName: top-level-tls
- hosts:
- matrix.example.com
secretName: matrix-synapse-tls
- hosts:
- riot.example.com
secretName: riot-tls