apiVersion: v1 data: homeserver.yaml: "# NOTE:\n# Secrets are stored in separate configs to better fit K8s concepts\n\n## Server ##\n\nserver_name: \"borninpain.de\"\npublic_baseurl: \"https://synapse.borninpain.de\"\npid_file: /homeserver.pid\nweb_client: False\nsoft_file_limit: 0\nlog_config: \"/synapse/config/log.yaml\"\nreport_stats: false\n\ninstance_map:\n \ main:\n host: synapse-replication\n port: 9093\n\n## Ports ##\n\nlisteners:\n \ - port: 8008\n tls: false\n bind_addresses: [\"::\"]\n type: http\n \ x_forwarded: true\n\n resources:\n - names: \n - client\n \ - federation\n compress: false\n\n - port: 9090\n tls: false\n \ bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [metrics]\n compress: false\n\n - port: 9093\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [replication]\n compress: false\n\n## Files ##\n\nmedia_store_path: \"/synapse/data/media\"\nuploads_path: \"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: false\n\n## Metrics ###\n\nenable_metrics: true\n\n## Signing Keys ##\n\nsigning_key_path: \"/synapse/keys/signing.key\"\n\n# The trusted servers to download signing keys from.\ntrusted_key_servers:\n - server_name: matrix.org\n\n## Workers ##\n\n## Extra config ##\n\nadditional_headers:\n Access-Control-Allow-Origin:\n - https://element.borninpain.de\noidc_providers:\n- client_id: synapse\n client_secret: DOXPkkV2TUvgBBoQL4gng9e1pUvZeIFo\n idp_id: keycloak\n idp_name: Born In Pain\n issuer: https://iam.borninpain.de/realms/home\n \ scopes:\n - openid\n - profile\n user_mapping_provider:\n config:\n display_name_template: '{{ user.name }}'\n localpart_template: '{{ user.preferred_username }}'\n" log.yaml: | version: 1 formatters: precise: format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' filters: context: (): synapse.util.logcontext.LoggingContextFilter request: "" handlers: console: class: logging.StreamHandler formatter: precise filters: [context] level: INFO loggers: synapse: level: INFO root: level: INFO handlers: [console] kind: ConfigMap metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse --- apiVersion: v1 kind: Secret metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse stringData: config.yaml: "## Registration ##\n\nregistration_shared_secret: \"fqt6gDvDHnPriW5ICWu1DYYV\"\n\n## API Configuration ##\n\n## Database configuration ##\n\ndatabase:\n name: \"psycopg2\"\n \ args:\n user: \"synapse\"\n password: \"@@POSTGRES_PASSWORD@@\"\n database: \"synapse\"\n host: \"cnpg-synapse-cluster-rw\"\n port: 5432\n sslmode: \"prefer\"\n cp_min: 5\n cp_max: 10\n \n\n## Redis configuration ##\n\nredis:\n \ enabled: true\n host: \"redis-master.redis.svc.cluster.local\"\n port: 6379\n \ password: \"@@REDIS_PASSWORD@@\"\n dbid: 2\n" --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse spec: ports: - name: http port: 8008 protocol: TCP targetPort: http selector: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/name: matrix-synapse type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-replication spec: ports: - name: replication port: 9093 protocol: TCP targetPort: replication selector: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/name: matrix-synapse type: ClusterIP --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: openebs-3-replicas --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/name: matrix-synapse strategy: type: RollingUpdate template: metadata: annotations: checksum/config: 9c61c9bf443470644e1b27aa0b359e5985870a59151799de3b979ced6d1da6a3 checksum/secrets: c7392b4d6459b8ec3724069fe468971e9983663e284c1d1d2bb70c997be2600f labels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/name: matrix-synapse spec: containers: - command: - sh - -c - | export POSTGRES_PASSWORD=$(echo "${POSTGRES_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \ export REDIS_PASSWORD=$(echo "${REDIS_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \ cat /synapse/secrets/*.yaml | \ sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \ -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ > /synapse/config/conf.d/secrets.yaml exec python -B -m synapse.app.homeserver \ -c /synapse/config/homeserver.yaml \ -c /synapse/config/conf.d/ env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: key: password name: cnpg-synapse-cluster-app - name: REDIS_PASSWORD valueFrom: secretKeyRef: key: redis-pass name: synapse image: ghcr.io/element-hq/synapse:v1.137.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /health port: http name: synapse ports: - containerPort: 8008 name: http protocol: TCP - containerPort: 9093 name: replication protocol: TCP - containerPort: 9090 name: metrics protocol: TCP readinessProbe: httpGet: path: /health port: http resources: {} securityContext: {} startupProbe: failureThreshold: 12 httpGet: path: /health port: http volumeMounts: - mountPath: /synapse/config name: config - mountPath: /synapse/config/conf.d name: tmpconf - mountPath: /synapse/secrets name: secrets - mountPath: /synapse/keys name: signingkey - mountPath: /synapse/data name: media - mountPath: /tmp name: tmpdir securityContext: {} serviceAccountName: default volumes: - configMap: name: synapse-matrix-synapse name: config - name: secrets secret: secretName: synapse-matrix-synapse - name: signingkey secret: items: - key: signing-key path: signing.key secretName: synapse - emptyDir: {} name: tmpconf - emptyDir: {} name: tmpdir - name: media persistentVolumeClaim: claimName: synapse-matrix-synapse --- apiVersion: batch/v1 kind: Job metadata: annotations: helm.sh/hook: test helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: database-ping-test name: cnpg-synapse-cluster-ping-test namespace: synapse spec: template: metadata: labels: app.kubernetes.io/component: database-ping-test name: cnpg-synapse-cluster-ping-test spec: containers: - args: - -c - apk add postgresql-client && psql "postgresql://$PGUSER:$PGPASS@cnpg-synapse-cluster-rw.synapse.svc.cluster.local:5432/${PGDBNAME:-$PGUSER}" -c 'SELECT 1' command: - sh env: - name: PGUSER valueFrom: secretKeyRef: key: username name: cnpg-synapse-cluster-app - name: PGPASS valueFrom: secretKeyRef: key: password name: cnpg-synapse-cluster-app - name: PGDBNAME valueFrom: secretKeyRef: key: dbname name: cnpg-synapse-cluster-app optional: true image: alpine:3.17 name: alpine restartPolicy: Never --- apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: labels: app.kubernetes.io/instance: cnpg-synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cluster app.kubernetes.io/part-of: cloudnative-pg helm.sh/chart: cluster-0.3.1 name: cnpg-synapse-cluster namespace: synapse spec: affinity: topologyKey: kubernetes.io/hostname bootstrap: initdb: database: synapse owner: synapse enablePDB: true enableSuperuserAccess: true imageName: ghcr.io/cloudnative-pg/postgresql:17 imagePullPolicy: IfNotPresent instances: 3 logLevel: info monitoring: disableDefaultQueries: false enablePodMonitor: false postgresGID: 26 postgresUID: 26 postgresql: null primaryUpdateMethod: switchover primaryUpdateStrategy: unsupervised storage: size: 10Gi storageClass: openebs-hostpath walStorage: size: 1Gi storageClass: openebs-hostpath --- apiVersion: v1 kind: Pod metadata: annotations: helm.sh/hook: test-success labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse-test-connection spec: containers: - args: - synapse-matrix-synapse:8008/_matrix/client/versions command: - wget image: busybox name: wget restartPolicy: Never