apiVersion: v1 data: homeserver.yaml: "# NOTE:\n# Secrets are stored in separate configs to better fit K8s concepts\n\n## Server ##\n\nserver_name: \"borninpain.de\"\npublic_baseurl: \"https://borninpain.de\"\npid_file: /homeserver.pid\nweb_client: False\nsoft_file_limit: 0\nlog_config: \"/synapse/config/log.yaml\"\nreport_stats: false\n\ninstance_map:\n \ main:\n host: synapse-replication\n port: 9093\n\n## Ports ##\n\nlisteners:\n \ - port: 8008\n tls: false\n bind_addresses: [\"::\"]\n type: http\n \ x_forwarded: true\n\n resources:\n - names: \n - client\n \ - federation\n compress: false\n\n - port: 9090\n tls: false\n \ bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [metrics]\n compress: false\n\n - port: 9093\n tls: false\n bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names: [replication]\n compress: false\n\n## Files ##\n\nmedia_store_path: \"/synapse/data/media\"\nuploads_path: \"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: false\n\n## Metrics ###\n\nenable_metrics: true\n\n## Signing Keys ##\n\nsigning_key_path: \"/synapse/keys/signing.key\"\n\n# The trusted servers to download signing keys from.\ntrusted_key_servers:\n - server_name: matrix.org\n\n## Workers ##\n\n## Extra config ##\n\noidc_providers:\n- client_id: synapse\n client_secret: DOXPkkV2TUvgBBoQL4gng9e1pUvZeIFo\n \ idp_id: keycloak\n idp_name: Born In Pain\n issuer: https://iam.borninpain.de/realms/home\n \ scopes:\n - openid\n - profile\n user_mapping_provider:\n config:\n display_name_template: '{{ user.name }}'\n localpart_template: '{{ user.preferred_username }}'\n" log.yaml: | version: 1 formatters: precise: format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' filters: context: (): synapse.util.logcontext.LoggingContextFilter request: "" handlers: console: class: logging.StreamHandler formatter: precise filters: [context] level: INFO loggers: synapse: level: INFO root: level: INFO handlers: [console] kind: ConfigMap metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse --- apiVersion: v1 kind: Secret metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse stringData: config.yaml: "## Registration ##\n\nregistration_shared_secret: \"aHNxHx0IQTCRWW5iVeNSFyWC\"\n\n## API Configuration ##\n\n## Database configuration ##\n\ndatabase:\n name: \"psycopg2\"\n \ args:\n user: \"synapse\"\n password: \"@@POSTGRES_PASSWORD@@\"\n database: \"synapse\"\n host: \"synapse-postgresql\"\n port: 5432\n sslmode: \"prefer\"\n \ cp_min: 5\n cp_max: 10\n \n\n## Redis configuration ##\n\nredis:\n enabled: true\n host: \"redis-master.redis.svc.cluster.local\"\n port: 6379\n password: \"@@REDIS_PASSWORD@@\"\n dbid: 2\n" --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 15.4.0 helm.sh/chart: postgresql-12.12.10 name: synapse-postgresql namespace: synapse spec: ports: - name: tcp-postgresql nodePort: null port: 5432 targetPort: tcp-postgresql selector: app.kubernetes.io/component: primary app.kubernetes.io/instance: synapse app.kubernetes.io/name: postgresql sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: Service metadata: annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 15.4.0 helm.sh/chart: postgresql-12.12.10 name: synapse-postgresql-hl namespace: synapse spec: clusterIP: None ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql publishNotReadyAddresses: true selector: app.kubernetes.io/component: primary app.kubernetes.io/instance: synapse app.kubernetes.io/name: postgresql type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse spec: ports: - name: http port: 8008 protocol: TCP targetPort: http selector: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/name: matrix-synapse type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-replication spec: ports: - name: replication port: 9093 protocol: TCP targetPort: replication selector: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/name: matrix-synapse type: ClusterIP --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: openebs-3-replicas --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/name: matrix-synapse strategy: type: RollingUpdate template: metadata: annotations: checksum/config: 4532ad07e37ea10fdf685b08c09b67d69ea31d2aa64ed8b5ad55a00a8b535bbc checksum/secrets: 98604a3eb5b6211fd2cd32bc7ddae9474cf2733234c827d96cc6957b4b2ab3d3 labels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: synapse app.kubernetes.io/name: matrix-synapse spec: containers: - command: - sh - -c - | export POSTGRES_PASSWORD=$(echo "${POSTGRES_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \ export REDIS_PASSWORD=$(echo "${REDIS_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \ cat /synapse/secrets/*.yaml | \ sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \ -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ > /synapse/config/conf.d/secrets.yaml exec python -B -m synapse.app.homeserver \ -c /synapse/config/homeserver.yaml \ -c /synapse/config/conf.d/ env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: key: password name: synapse - name: REDIS_PASSWORD valueFrom: secretKeyRef: key: redis-pass name: synapse image: ghcr.io/element-hq/synapse:v1.137.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /health port: http name: synapse ports: - containerPort: 8008 name: http protocol: TCP - containerPort: 9093 name: replication protocol: TCP - containerPort: 9090 name: metrics protocol: TCP readinessProbe: httpGet: path: /health port: http resources: {} securityContext: {} startupProbe: failureThreshold: 12 httpGet: path: /health port: http volumeMounts: - mountPath: /synapse/config name: config - mountPath: /synapse/config/conf.d name: tmpconf - mountPath: /synapse/secrets name: secrets - mountPath: /synapse/keys name: signingkey - mountPath: /synapse/data name: media - mountPath: /tmp name: tmpdir securityContext: {} serviceAccountName: default volumes: - configMap: name: synapse-matrix-synapse name: config - name: secrets secret: secretName: synapse-matrix-synapse - name: signingkey secret: items: - key: signing-key path: signing.key secretName: synapse - emptyDir: {} name: tmpconf - emptyDir: {} name: tmpdir - name: media persistentVolumeClaim: claimName: synapse-matrix-synapse --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 15.4.0 helm.sh/chart: postgresql-12.12.10 name: synapse-postgresql namespace: synapse spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: primary app.kubernetes.io/instance: synapse app.kubernetes.io/name: postgresql serviceName: synapse-postgresql-hl template: metadata: labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 15.4.0 helm.sh/chart: postgresql-12.12.10 name: synapse-postgresql spec: affinity: nodeAffinity: null podAffinity: null podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/component: primary app.kubernetes.io/instance: synapse app.kubernetes.io/name: postgresql topologyKey: kubernetes.io/hostname weight: 1 containers: - env: - name: BITNAMI_DEBUG value: "false" - name: POSTGRESQL_PORT_NUMBER value: "5432" - name: POSTGRESQL_VOLUME_DIR value: /bitnami/postgresql - name: PGDATA value: /bitnami/postgresql/data - name: POSTGRES_USER value: synapse - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: key: password name: synapse - name: POSTGRES_POSTGRES_PASSWORD valueFrom: secretKeyRef: key: postgres-password name: synapse - name: POSTGRES_DATABASE value: synapse - name: POSTGRES_INITDB_ARGS value: --lc-collate=C --lc-ctype=C - name: POSTGRESQL_ENABLE_LDAP value: "no" - name: POSTGRESQL_ENABLE_TLS value: "no" - name: POSTGRESQL_LOG_HOSTNAME value: "false" - name: POSTGRESQL_LOG_CONNECTIONS value: "false" - name: POSTGRESQL_LOG_DISCONNECTIONS value: "false" - name: POSTGRESQL_PGAUDIT_LOG_CATALOG value: "off" - name: POSTGRESQL_CLIENT_MIN_MESSAGES value: error - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES value: pgaudit image: docker.io/bitnami/postgresql:15.4.0-debian-11-r45 imagePullPolicy: IfNotPresent livenessProbe: exec: command: - /bin/sh - -c - exec pg_isready -U "synapse" -d "dbname=synapse" -h 127.0.0.1 -p 5432 failureThreshold: 6 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: postgresql ports: - containerPort: 5432 name: tcp-postgresql readinessProbe: exec: command: - /bin/sh - -c - -e - | exec pg_isready -U "synapse" -d "dbname=synapse" -h 127.0.0.1 -p 5432 [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: limits: {} requests: cpu: 250m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1001 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /dev/shm name: dshm - mountPath: /bitnami/postgresql name: data hostIPC: false hostNetwork: false securityContext: fsGroup: 1001 serviceAccountName: default volumes: - emptyDir: medium: Memory name: dshm updateStrategy: rollingUpdate: {} type: RollingUpdate volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 16Gi storageClassName: openebs-3-replicas --- apiVersion: v1 kind: Pod metadata: annotations: helm.sh/hook: test-success labels: app.kubernetes.io/instance: synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.137.0 helm.sh/chart: matrix-synapse-3.12.7 name: synapse-matrix-synapse-test-connection spec: containers: - args: - synapse-matrix-synapse:8008/_matrix/client/versions command: - wget image: busybox name: wget restartPolicy: Never