distrust-stack/kustomizations/matrix/synapse/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: synapse
spec:
  template:
    spec:
      containers:
        - name: synapse
          args:
            - run
            - --config-path
            - /config/homeserver.yaml
            - --config-path
            - /config/secrets.yaml
          env:
            - name: SYNAPSE_CACHE_FACTOR
              value: "5.00"
          ports:
            - name: http
              containerPort: 8008
              protocol: TCP
            - name: metrics
              containerPort: 9002
              protocol: TCP
          image: matrixdotorg/synapse
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              path: /_matrix/client/versions
              port: 8008
              scheme: HTTP
            initialDelaySeconds: 120
          readinessProbe:
            httpGet:
              path: /_matrix/client/versions
              port: 8008
              scheme: HTTP
            initialDelaySeconds: 10
          resources:
            # These are just some arbitrary values, will have to be tuned or removed per-deployment
            requests:
              memory: 1Gi
              cpu: 1000m
            limits:
              memory: 1Gi
              cpu: 1
          volumeMounts:
            - name: data
              mountPath: /data
            - name: keys
              mountPath: /config/keys
            - name: config
              mountPath: /config/homeserver.yaml
              subPath: homeserver.yaml
            - name: config
              mountPath: /usr/local/lib/python3.11/site-packages/shared_secret_authenticator.py
              subPath: shared_secret_authenticator.py
            - name: log-config
              mountPath: /config/log.config
              subPath: log.config
            - name: config-secrets
              mountPath: /config/secrets.yaml
              subPath: homeserver.yaml
            - name: config-secrets
              mountPath: /bridges/mautrix-slack-bridge.yaml
              subPath: mautrix-slack-bridge.yaml
            - name: config-secrets
              mountPath: /bridges/mautrix-telegram-bridge.yaml
              subPath: mautrix-telegram-bridge.yaml
            - name: config-secrets
              mountPath: /bridges/appservice-matrix-bridge.yaml
              subPath: appservice-matrix-bridge.yaml 
            - name: tmp
              mountPath: /tmp
      restartPolicy: Always
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      volumes:
        # Will need to be a persistant volume of some kind to support media uploads, unless using matrix-media-repo
        - name: data
          emptyDir: {}
        - name: tmp
          emptyDir: {}
        - name: keys
          secret:
            secretName: signing-key
        - name: config-secrets
          secret:
            secretName: config
        - configMap:
            name: synapse
          name: config
        - configMap:
            name: synapse-log
          name: log-config
kustomize/synapse: initial commit 2024-01-22 05:55:00 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: synapse`
			`spec:`
			`template:`
			`spec:`
			`containers:`
			`- name: synapse`
			`args:`
			`- run`
			`- --config-path`
			`- /config/homeserver.yaml`
			`- --config-path`
			`- /config/secrets.yaml`
			`env:`
			`- name: SYNAPSE_CACHE_FACTOR`
			`value: "5.00"`
			`ports:`
			`- name: http`
			`containerPort: 8008`
			`protocol: TCP`
			`- name: metrics`
			`containerPort: 9002`
			`protocol: TCP`
			`image: matrixdotorg/synapse`
			`imagePullPolicy: IfNotPresent`
			`livenessProbe:`
			`httpGet:`
			`path: /_matrix/client/versions`
			`port: 8008`
			`scheme: HTTP`
			`initialDelaySeconds: 120`
			`readinessProbe:`
			`httpGet:`
			`path: /_matrix/client/versions`
			`port: 8008`
			`scheme: HTTP`
			`initialDelaySeconds: 10`
			`resources:`
			`# These are just some arbitrary values, will have to be tuned or removed per-deployment`
			`requests:`
			`memory: 1Gi`
			`cpu: 1000m`
			`limits:`
			`memory: 1Gi`
			`cpu: 1`
			`volumeMounts:`
			`- name: data`
			`mountPath: /data`
			`- name: keys`
			`mountPath: /config/keys`
			`- name: config`
			`mountPath: /config/homeserver.yaml`
			`subPath: homeserver.yaml`
			`- name: config`
			`mountPath: /usr/local/lib/python3.11/site-packages/shared_secret_authenticator.py`
			`subPath: shared_secret_authenticator.py`
			`- name: log-config`
			`mountPath: /config/log.config`
			`subPath: log.config`
			`- name: config-secrets`
			`mountPath: /config/secrets.yaml`
			`subPath: homeserver.yaml`
			`- name: config-secrets`
			`mountPath: /bridges/mautrix-slack-bridge.yaml`
			`subPath: mautrix-slack-bridge.yaml`
			`- name: config-secrets`
			`mountPath: /bridges/mautrix-telegram-bridge.yaml`
			`subPath: mautrix-telegram-bridge.yaml`
			`- name: config-secrets`
			`mountPath: /bridges/appservice-matrix-bridge.yaml`
			`subPath: appservice-matrix-bridge.yaml`
			`- name: tmp`
			`mountPath: /tmp`
			`restartPolicy: Always`
			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`fsGroup: 1000`
			`volumes:`
			`# Will need to be a persistant volume of some kind to support media uploads, unless using matrix-media-repo`
			`- name: data`
			`emptyDir: {}`
			`- name: tmp`
			`emptyDir: {}`
			`- name: keys`
			`secret:`
			`secretName: signing-key`
			`- name: config-secrets`
			`secret:`
			`secretName: config`
			`- configMap:`
			`name: synapse`
			`name: config`
			`- configMap:`
			`name: synapse-log`
			`name: log-config`