k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6552a81336964302d54f8cbbc738b0eec5e820ce
apps/synapse/main.yaml
Philip Haupt 4c0ce11829 synapse update
2025-10-13 19:34:55 +02:00

361 lines
11 KiB
YAML
Raw Blame History

apiVersion: v1
data:
homeserver.yaml: "# NOTE:\n# Secrets are stored in separate configs to better fit
K8s concepts\n\n## Server ##\n\nserver_name: \"borninpain.de\"\npublic_baseurl:
\"https://synapse.borninpain.de\"\npid_file: /homeserver.pid\nweb_client: False\nsoft_file_limit:
0\nlog_config: \"/synapse/config/log.yaml\"\nreport_stats: false\n\ninstance_map:\n
\ main:\n host: synapse-replication\n port: 9093\n\n## Ports ##\n\nlisteners:\n
\ - port: 8008\n tls: false\n bind_addresses: [\"::\"]\n type: http\n
\ x_forwarded: true\n\n resources:\n - names: \n - client\n
\ - federation\n compress: false\n\n - port: 9090\n tls: false\n
\ bind_addresses: [\"::\"]\n type: http\n\n resources:\n - names:
[metrics]\n compress: false\n\n - port: 9093\n tls: false\n bind_addresses:
[\"::\"]\n type: http\n\n resources:\n - names: [replication]\n compress:
false\n\n## Files ##\n\nmedia_store_path: \"/synapse/data/media\"\nuploads_path:
\"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: false\n\n##
Metrics ###\n\nenable_metrics: true\n\n## Signing Keys ##\n\nsigning_key_path:
\"/synapse/keys/signing.key\"\n\n# The trusted servers to download signing keys
from.\ntrusted_key_servers:\n - server_name: matrix.org\n\n## Workers ##\n\n##
Extra config ##\n\nadditional_headers:\n Access-Control-Allow-Origin:\n - https://element.borninpain.de\noidc_providers:\n-
client_id: synapse\n client_secret: DOXPkkV2TUvgBBoQL4gng9e1pUvZeIFo\n idp_id:
keycloak\n idp_name: Born In Pain\n issuer: https://iam.borninpain.de/realms/home\n
\ scopes:\n - openid\n - profile\n user_mapping_provider:\n config:\n display_name_template:
'{{ user.name }}'\n localpart_template: '{{ user.preferred_username }}'\n"
log.yaml: |
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
level: INFO
loggers:
synapse:
level: INFO
root:
level: INFO
handlers: [console]
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: synapse
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/version: 1.139.1
helm.sh/chart: matrix-synapse-3.12.11
name: synapse-matrix-synapse
---
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: synapse
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/version: 1.139.1
helm.sh/chart: matrix-synapse-3.12.11
name: synapse-matrix-synapse
stringData:
config.yaml: "## Registration ##\n\nregistration_shared_secret: \"yXtsmp0NDtrMLsI4NZg8TYCe\"\n\n##
API Configuration ##\n\n## Database configuration ##\n\ndatabase:\n name: \"psycopg2\"\n
\ args:\n user: \"synapse\"\n password: \"@@POSTGRES_PASSWORD@@\"\n database:
\"synapse\"\n host: \"cnpg-synapse-cluster-rw\"\n port: 5432\n sslmode:
\"prefer\"\n cp_min: 5\n cp_max: 10\n \n\n## Redis configuration ##\n\nredis:\n
\ enabled: true\n host: \"redis-master.redis.svc.cluster.local\"\n port: 6379\n
\ password: \"@@REDIS_PASSWORD@@\"\n dbid: 2\n"
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: synapse
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/version: 1.139.1
helm.sh/chart: matrix-synapse-3.12.11
name: synapse-matrix-synapse
spec:
ports:
- name: http
port: 8008
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/component: synapse
app.kubernetes.io/instance: synapse
app.kubernetes.io/name: matrix-synapse
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: synapse
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/version: 1.139.1
helm.sh/chart: matrix-synapse-3.12.11
name: synapse-replication
spec:
ports:
- name: replication
port: 9093
protocol: TCP
targetPort: replication
selector:
app.kubernetes.io/component: synapse
app.kubernetes.io/instance: synapse
app.kubernetes.io/name: matrix-synapse
type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: synapse
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/version: 1.139.1
helm.sh/chart: matrix-synapse-3.12.11
name: synapse-matrix-synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: openebs-3-replicas
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: synapse
app.kubernetes.io/instance: synapse
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/version: 1.139.1
helm.sh/chart: matrix-synapse-3.12.11
name: synapse-matrix-synapse
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: synapse
app.kubernetes.io/instance: synapse
app.kubernetes.io/name: matrix-synapse
strategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 2c9eb12795a1331af460179b4ca37b5a37a30d9a8a2f0dcb8fb49c1ca574203d
checksum/secrets: fa4a9c846ebd8ed426c5cc3c3ee52b0ec5b8c002b8e3392430f8adfc4a310dc0
labels:
app.kubernetes.io/component: synapse
app.kubernetes.io/instance: synapse
app.kubernetes.io/name: matrix-synapse
spec:
containers:
- command:
- sh
- -c
- |
export POSTGRES_PASSWORD=$(echo "${POSTGRES_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \
export REDIS_PASSWORD=$(echo "${REDIS_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \
cat /synapse/secrets/*.yaml | \
sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \
-e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \
> /synapse/config/conf.d/secrets.yaml
exec python -B -m synapse.app.homeserver \
-c /synapse/config/homeserver.yaml \
-c /synapse/config/conf.d/
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: cnpg-synapse-cluster-app
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-pass
name: synapse
image: ghcr.io/element-hq/synapse:v1.139.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /health
port: http
name: synapse
ports:
- containerPort: 8008
name: http
protocol: TCP
- containerPort: 9093
name: replication
protocol: TCP
- containerPort: 9090
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: http
resources: {}
securityContext: {}
startupProbe:
failureThreshold: 12
httpGet:
path: /health
port: http
volumeMounts:
- mountPath: /synapse/config
name: config
- mountPath: /synapse/config/conf.d
name: tmpconf
- mountPath: /synapse/secrets
name: secrets
- mountPath: /synapse/keys
name: signingkey
- mountPath: /synapse/data
name: media
- mountPath: /tmp
name: tmpdir
securityContext: {}
serviceAccountName: default
volumes:
- configMap:
name: synapse-matrix-synapse
name: config
- name: secrets
secret:
secretName: synapse-matrix-synapse
- name: signingkey
secret:
items:
- key: signing-key
path: signing.key
secretName: synapse
- emptyDir: {}
name: tmpconf
- emptyDir: {}
name: tmpdir
- name: media
persistentVolumeClaim:
claimName: synapse-matrix-synapse
---
apiVersion: batch/v1
kind: Job
metadata:
annotations:
helm.sh/hook: test
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
app.kubernetes.io/component: database-ping-test
name: cnpg-synapse-cluster-ping-test
namespace: synapse
spec:
template:
metadata:
labels:
app.kubernetes.io/component: database-ping-test
name: cnpg-synapse-cluster-ping-test
spec:
containers:
- args:
- -c
- apk add postgresql-client && psql "postgresql://$PGUSER:$PGPASS@cnpg-synapse-cluster-rw.synapse.svc.cluster.local:5432/${PGDBNAME:-$PGUSER}"
-c 'SELECT 1'
command:
- sh
env:
- name: PGUSER
valueFrom:
secretKeyRef:
key: username
name: cnpg-synapse-cluster-app
- name: PGPASS
valueFrom:
secretKeyRef:
key: password
name: cnpg-synapse-cluster-app
- name: PGDBNAME
valueFrom:
secretKeyRef:
key: dbname
name: cnpg-synapse-cluster-app
optional: true
image: alpine:3.17
name: alpine
restartPolicy: Never
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
labels:
app.kubernetes.io/instance: cnpg-synapse
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cluster
app.kubernetes.io/part-of: cloudnative-pg
helm.sh/chart: cluster-0.3.1
name: cnpg-synapse-cluster
namespace: synapse
spec:
affinity:
topologyKey: kubernetes.io/hostname
bootstrap:
initdb:
database: synapse
owner: synapse
enablePDB: true
enableSuperuserAccess: true
imageName: ghcr.io/cloudnative-pg/postgresql:17
imagePullPolicy: IfNotPresent
instances: 3
logLevel: info
monitoring:
disableDefaultQueries: false
enablePodMonitor: false
postgresGID: 26
postgresUID: 26
postgresql: null
primaryUpdateMethod: switchover
primaryUpdateStrategy: unsupervised
storage:
size: 10Gi
storageClass: openebs-hostpath
walStorage:
size: 1Gi
storageClass: openebs-hostpath
---
apiVersion: v1
kind: Pod
metadata:
annotations:
helm.sh/hook: test-success
labels:
app.kubernetes.io/instance: synapse
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: matrix-synapse
app.kubernetes.io/version: 1.139.1
helm.sh/chart: matrix-synapse-3.12.11
name: synapse-matrix-synapse-test-connection
spec:
containers:
- args:
- synapse-matrix-synapse:8008/_matrix/client/versions
command:
- wget
image: busybox
name: wget
restartPolicy: Never
Reference in New Issue View Git Blame Copy Permalink