forked from public/stack
102 lines
3.1 KiB
YAML
102 lines
3.1 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: synapse
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: synapse
|
|
args:
|
|
- run
|
|
- --config-path
|
|
- /config/homeserver.yaml
|
|
- --config-path
|
|
- /config/secrets.yaml
|
|
env:
|
|
- name: SYNAPSE_CACHE_FACTOR
|
|
value: "5.00"
|
|
ports:
|
|
- name: http
|
|
containerPort: 8008
|
|
protocol: TCP
|
|
- name: metrics
|
|
containerPort: 9002
|
|
protocol: TCP
|
|
image: matrixdotorg/synapse
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /_matrix/client/versions
|
|
port: 8008
|
|
scheme: HTTP
|
|
initialDelaySeconds: 120
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /_matrix/client/versions
|
|
port: 8008
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
resources:
|
|
# These are just some arbitrary values, will have to be tuned or removed per-deployment
|
|
requests:
|
|
memory: 1Gi
|
|
cpu: 1000m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 1
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
- name: keys
|
|
mountPath: /config/keys
|
|
- name: config
|
|
mountPath: /config/homeserver.yaml
|
|
subPath: homeserver.yaml
|
|
- name: config
|
|
mountPath: /usr/local/lib/python3.11/site-packages/shared_secret_authenticator.py
|
|
subPath: shared_secret_authenticator.py
|
|
- name: log-config
|
|
mountPath: /config/log.config
|
|
subPath: log.config
|
|
- name: config-secrets
|
|
mountPath: /config/secrets.yaml
|
|
subPath: homeserver.yaml
|
|
- name: config-secrets
|
|
mountPath: /bridges/mautrix-slack-bridge.yaml
|
|
subPath: mautrix-slack-bridge.yaml
|
|
- name: config-secrets
|
|
mountPath: /bridges/mautrix-telegram-bridge.yaml
|
|
subPath: mautrix-telegram-bridge.yaml
|
|
- name: config-secrets
|
|
mountPath: /bridges/appservice-matrix-bridge.yaml
|
|
subPath: appservice-matrix-bridge.yaml
|
|
- name: config-secrets
|
|
mountPath: /bridges/doublepuppet.yaml
|
|
subPath: doublepuppet.yaml
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
restartPolicy: Always
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
volumes:
|
|
# Will need to be a persistant volume of some kind to support media uploads, unless using matrix-media-repo
|
|
- name: data
|
|
emptyDir: {}
|
|
- name: tmp
|
|
emptyDir: {}
|
|
- name: keys
|
|
secret:
|
|
secretName: signing-key
|
|
- name: config-secrets
|
|
secret:
|
|
secretName: config
|
|
- configMap:
|
|
name: synapse
|
|
name: config
|
|
- configMap:
|
|
name: synapse-log
|
|
name: log-config
|