-
Notifications
You must be signed in to change notification settings - Fork 18
/
synapse.yaml
151 lines (151 loc) · 3.79 KB
/
synapse.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
---
kind: Service
apiVersion: v1
metadata:
name: matrix-synapse-replication
namespace: matrix
spec:
ports:
# Needs listeners added to the Synapse config as well, according to the
# workers documentation, if workers are to be used
- name: replication
protocol: TCP
port: 9092
targetPort: 9092
- name: http_replication
protocol: TCP
port: 9093
targetPort: 9093
selector:
app: matrix-synapse
type: ClusterIP
---
kind: Service
apiVersion: v1
metadata:
name: matrix-synapse
namespace: matrix
spec:
ports:
- name: http
protocol: TCP
port: 8008
targetPort: 8008
- name: https
protocol: TCP
port: 8448
targetPort: 8448
selector:
app: matrix-synapse
type: ClusterIP
---
# This secret might be better left to cert-manager or the like to create and fill
kind: Secret
apiVersion: v1
metadata:
name: matrix-synapse-tls
namespace: matrix
data:
tls.crt:
tls.key:
type: kubernetes.io/tls
---
# This secret must contain a valid Matrix Synapse signing key, one can be generated
# with the generate_signing_key.py script that's provided with the software
kind: Secret
apiVersion: v1
metadata:
name: matrix-synapse-keys
namespace: matrix
data:
signing.key:
type: Opaque
---
apiVersion: v1
data:
homeserver.yaml: |
## Generate a homeserver.yaml file and configure + insert it here
#
# ...
#
kind: ConfigMap
metadata:
name: matrix-synapse
namespace: matrix
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: matrix-synapse
name: matrix-synapse
namespace: matrix
spec:
replicas: 1
selector:
matchLabels:
app: matrix-synapse
template:
metadata:
annotations:
prometheus.io/path: /_synapse/metrics
prometheus.io/port: "9090"
prometheus.io/scrape: "true"
labels:
app: matrix-synapse
spec:
containers:
- command: # As an example of how to add rest_auth to the container without requiring a separate image
- sh
- -c
- |
wget https://github.com/kamax-io/matrix-synapse-rest-auth/raw/master/rest_auth_provider.py -O /usr/local/lib/python2.7/site-packages/rest_auth_provider.py
/matrix-synapse
env:
- name: SYNAPSE_CACHE_FACTOR
value: "5.00"
image: ananace/matrix-synapse:1.7.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /_matrix/client/versions
port: 8008
scheme: HTTP
initialDelaySeconds: 120
name: matrix-synapse
readinessProbe:
httpGet:
path: /_matrix/client/versions
port: 8008
scheme: HTTP
initialDelaySeconds: 10
resources:
# These are just some arbitrary values, will have to be tuned or removed per-deployment
requests:
memory: 250Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 1
volumeMounts:
- mountPath: /synapse/data
name: matrix-synapse-data
- mountPath: /synapse/keys
name: matrix-synapse-keys
- mountPath: /synapse/config
name: matrix-synapse-config
restartPolicy: Always
securityContext:
fsGroup: 666
runAsGroup: 666
runAsUser: 666
volumes:
# Will need to be a persistant volume of some kind to support media uploads, unless using matrix-media-repo
- name: matrix-synapse-data
emptyDir: {}
- name: matrix-synapse-keys
secret:
secretName: matrix-synapse-keys
- configMap:
name: matrix-synapse
name: matrix-synapse-config