diff --git a/matrix/backupSchedule.yaml b/matrix/backupSchedule.yaml deleted file mode 100644 index 82bbe88..0000000 --- a/matrix/backupSchedule.yaml +++ /dev/null @@ -1,140 +0,0 @@ -apiVersion: velero.io/v1 -kind: Schedule -metadata: - name: matrix-backup-csi-hourly - namespace: velero - labels: - velero.io/storage-location: ceph-bucket -spec: - # Schedule is a Cron expression defining when to run the Backup - schedule: 0 15-22 * * * # every hour - # Specifies whether to use OwnerReferences on backups created by this Schedule. - # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional. - useOwnerReferencesInBackup: true - template: - csiSnapshotTimeout: 10m0s - defaultVolumesToFsBackup: false - hooks: {} - includedNamespaces: - - matrix - metadata: {} - storageLocation: ceph-bucket - ttl: 8h0m0s ---- -apiVersion: velero.io/v1 -kind: Schedule -metadata: - name: matrix-backup-csi-daily - namespace: velero - labels: - velero.io/storage-location: ceph-bucket -spec: - # Schedule is a Cron expression defining when to run the Backup - schedule: 0 0 * * * # every hour - # Specifies whether to use OwnerReferences on backups created by this Schedule. - # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional. - useOwnerReferencesInBackup: true - template: - csiSnapshotTimeout: 10m0s - defaultVolumesToFsBackup: false - hooks: {} - includedNamespaces: - - matrix - metadata: {} - storageLocation: ceph-bucket - ttl: 168h0m0s ---- -apiVersion: velero.io/v1 -kind: Schedule -metadata: - name: matrix-backup-csi-weekly - namespace: velero - labels: - velero.io/storage-location: ceph-bucket -spec: - # Schedule is a Cron expression defining when to run the Backup - schedule: 0 0 * * 1 # every hour - # Specifies whether to use OwnerReferences on backups created by this Schedule. - # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional. - useOwnerReferencesInBackup: true - template: - csiSnapshotTimeout: 10m0s - defaultVolumesToFsBackup: false - hooks: {} - includedNamespaces: - - matrix - metadata: {} - storageLocation: ceph-bucket - ttl: 730h0m0s ---- -apiVersion: velero.io/v1 -kind: Schedule -metadata: - name: matrix-backup-restic-daily - namespace: velero - labels: - velero.io/storage-location: aux-balancer-minio -spec: - # Schedule is a Cron expression defining when to run the Backup - schedule: 0 0 * * * # every hour - # Specifies whether to use OwnerReferences on backups created by this Schedule. - # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional. - useOwnerReferencesInBackup: true - template: - csiSnapshotTimeout: 10m0s - snapshotVolumes: false - defaultVolumesToFsBackup: true - hooks: {} - includedNamespaces: - - matrix - metadata: {} - storageLocation: aux-balancer-minio - ttl: 168h0m0s ---- -apiVersion: velero.io/v1 -kind: Schedule -metadata: - name: matrix-backup-restic-weekly - namespace: velero - labels: - velero.io/storage-location: aux-balancer-minio -spec: - # Schedule is a Cron expression defining when to run the Backup - schedule: 0 0 * * 1 # every hour - # Specifies whether to use OwnerReferences on backups created by this Schedule. - # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional. - useOwnerReferencesInBackup: true - template: - csiSnapshotTimeout: 10m0s - snapshotVolumes: false - defaultVolumesToFsBackup: true - hooks: {} - includedNamespaces: - - matrix - metadata: {} - storageLocation: aux-balancer-minio - ttl: 730h0m0s ---- -apiVersion: velero.io/v1 -kind: Schedule -metadata: - name: matrix-backup-restic-monthly - namespace: velero - labels: - velero.io/storage-location: aux-balancer-minio -spec: - # Schedule is a Cron expression defining when to run the Backup - schedule: 0 0 1 * * # every hour - # Specifies whether to use OwnerReferences on backups created by this Schedule. - # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional. - useOwnerReferencesInBackup: true - template: - csiSnapshotTimeout: 10m0s - snapshotVolumes: false - defaultVolumesToFsBackup: true - hooks: {} - includedNamespaces: - - matrix - metadata: {} - storageLocation: aux-balancer-minio - ttl: 4380h0m0s \ No newline at end of file diff --git a/matrix/db.yaml b/matrix/db.yaml index 8a5d2f7..8745ffa 100644 --- a/matrix/db.yaml +++ b/matrix/db.yaml @@ -1,31 +1,3 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: matrix-db -# Change "rook-ceph" provisioner prefix to match the operator namespace if needed -provisioner: rook-ceph.cephfs.csi.ceph.com -parameters: - # clusterID is the namespace where the rook cluster is running - # If you change this namespace, also change the namespace below where the secret namespaces are defined - clusterID: rook-ceph - - # CephFS filesystem name into which the volume shall be created - fsName: matrix - - # Ceph pool into which the volume shall be created - # Required for provisionVolume: "true" - pool: matrix-replicated - - # The secrets contain Ceph admin credentials. These are generated automatically by the operator - # in the same namespace as the cluster. - csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner - csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph - csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner - csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph - csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node - csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph - -reclaimPolicy: Delete --- apiVersion: v1 kind: PersistentVolumeClaim @@ -38,7 +10,7 @@ spec: resources: requests: storage: 4Gi - storageClassName: matrix-db + storageClassName: cephfs-hyper --- apiVersion: apps/v1 kind: Deployment @@ -131,35 +103,6 @@ spec: sessionAffinity: None type: ClusterIP --- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: matrix-db-backup -# Change "rook-ceph" provisioner prefix to match the operator namespace if needed -provisioner: rook-ceph.cephfs.csi.ceph.com -parameters: - # clusterID is the namespace where the rook cluster is running - # If you change this namespace, also change the namespace below where the secret namespaces are defined - clusterID: rook-ceph - - # CephFS filesystem name into which the volume shall be created - fsName: matrix - - # Ceph pool into which the volume shall be created - # Required for provisionVolume: "true" - pool: matrix-replicated - - # The secrets contain Ceph admin credentials. These are generated automatically by the operator - # in the same namespace as the cluster. - csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner - csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph - csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner - csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph - csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node - csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph - -reclaimPolicy: Delete ---- apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -171,7 +114,7 @@ spec: resources: requests: storage: 4Gi - storageClassName: matrix-db-backup + storageClassName: cephfs-hyper --- apiVersion: apps/v1 kind: Deployment diff --git a/matrix/element.yaml b/matrix/element.yaml index df16511..d4cc6c1 100644 --- a/matrix/element.yaml +++ b/matrix/element.yaml @@ -8,8 +8,8 @@ data: { "default_server_config": { "m.homeserver": { - "base_url": "https://matrix.undercloud.cf:443", - "server_name": "matrix.undercloud.cf" + "base_url": "https://matrix.apps.undercloud.dev:443", + "server_name": "matrix.apps.undercloud.dev" }, "m.identity_server": { "base_url": "https://vector.im" @@ -37,18 +37,18 @@ data: "default_federate": true, "default_theme": "dark", "room_directory": { - "servers": ["matrix.org","matrix.undercloud.cf"] + "servers": ["matrix.org","matrix.apps.undercloud.dev"] }, "enable_presence_by_hs_url": { "https://matrix.org": false, "https://matrix-client.matrix.org": false, - "https://matrix.undercloud.cf": true + "https://matrix.apps.undercloud.dev": true }, "setting_defaults": { "breadcrumbs": true }, "jitsi": { - "preferred_domain": "jitsi.undercloud.cf" + "preferred_domain": "jitsi.apps.undercloud.dev" }, "element_call": { "url": "https://call.element.io", @@ -77,7 +77,7 @@ spec: spec: containers: - name: element - image: vectorim/element-web:v1.11.20 + image: vectorim/element-web:v1.11.71 imagePullPolicy: IfNotPresent readinessProbe: httpGet: diff --git a/matrix/filesystem.yaml b/matrix/filesystem.yaml deleted file mode 100644 index 62be72e..0000000 --- a/matrix/filesystem.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: ceph.rook.io/v1 -kind: CephFilesystem -metadata: - name: matrix - namespace: rook-ceph -spec: - metadataPool: - failureDomain: host - replicated: - size: 3 - dataPools: - - name: replicated - failureDomain: host - replicated: - size: 3 - preserveFilesystemOnDelete: false - metadataServer: - activeCount: 1 - activeStandby: true - placement: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: role - # operator: In - # values: - # - mds-node - tolerations: - - key: node-role.kubernetes.io/storage-node - operator: Exists - effect: NoSchedule - # podAffinity: - # podAntiAffinity: - # topologySpreadConstraints: - #resources: - # limits: - # cpu: "80m" - # memory: "1024Mi" - # requests: - # cpu: "500m" - # memory: "1024Mi" \ No newline at end of file diff --git a/matrix/ingress.yaml b/matrix/ingress.yaml index 05d3d5c..16adba1 100644 --- a/matrix/ingress.yaml +++ b/matrix/ingress.yaml @@ -10,10 +10,10 @@ metadata: spec: tls: - hosts: - - matrix.undercloud.cf + - matrix.apps.undercloud.dev secretName: matrix-tls rules: - - host: matrix.undercloud.cf + - host: matrix.apps.undercloud.dev http: paths: - path: / @@ -36,10 +36,10 @@ metadata: spec: tls: - hosts: - - element.undercloud.cf + - element.apps.undercloud.dev secretName: element-tls rules: - - host: element.undercloud.cf + - host: element.apps.undercloud.dev http: paths: - path: / diff --git a/matrix/synapse.yaml b/matrix/synapse.yaml index 143bacd..dfc8663 100644 --- a/matrix/synapse.yaml +++ b/matrix/synapse.yaml @@ -5,46 +5,16 @@ metadata: namespace: matrix data: homeserver.yaml: | - # Configuration file for Synapse. - # - # This is a YAML file: see [1] for a quick introduction. Note in particular - # that *indentation is important*: all the elements of a list or dictionary - # should have the same indentation. - # - # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html - # - # For more information on how to configure Synapse, including a complete accounting of - # each option, go to docs/usage/configuration/config_documentation.md or - # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html - server_name: "undercloud.cf" + server_name: "matrix.apps.undercloud.dev" + public_baseurl: "https://matrix.apps.undercloud.dev/" pid_file: /data/homeserver.pid - public_baseurl: "https://undercloud.cf" - #allow_public_rooms_without_auth: true - #allow_public_rooms_over_federation: true + serve_server_wellknown: true + enable_registration: true enable_registration_without_verification: true - #allow_guest_access: true enable_metrics: true - - - modules: - - module: "ldap_auth_provider.LdapAuthProviderModule" - config: - enabled: true - #mode: "search" - uri: "ldap://ldap.undercloud.cf:389" - start_tls: true - base: "ou=users,dc=undercloud,dc=cf" - attributes: - uid: "cn" - mail: "mail" - name: "displayName" - bind_dn: cn=synapse,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf - bind_password: aPasswordForTheSynapseUser5 - filter: "(objectClass=inetOrgPerson)" - tls_options: - validate: false + report_stats: true listeners: - port: 8008 @@ -54,10 +24,7 @@ data: resources: - names: [client, federation] compress: false - #database: - # name: sqlite3 - # args: - # database: /data/homeserver.db + database: name: psycopg2 args: @@ -67,45 +34,18 @@ data: host: db cp_min: 5 cp_max: 10 - log_config: "/data/matrix.undercloud.cf.log.config" + media_store_path: /data/media_store + log_config: "/data/matrix.apps.undercloud.dev.log.config" + registration_shared_secret: ",=UrbCS67WrW1&&3Xi&*Q17AE@QZ1ni0@BFHviDD+sE=aFfc;Y" - report_stats: true macaroon_secret_key: "QbLPh;thU&X_mZ~Cf+BqBLEzfDN9yMc-Kf.bB6HA5yTiH_7@:-" form_secret: "u5EhY4vAm1-qLOVQJPzsu7zwGeBkC:=PSJizLERyv#G.5R,2L@" - signing_key_path: "/data/matrix.undercloud.cf.signing.key" + signing_key_path: "/data/matrix.apps.undercloud.dev.signing.key" + trusted_key_servers: - server_name: "matrix.org" --- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: synapse -# Change "rook-ceph" provisioner prefix to match the operator namespace if needed -provisioner: rook-ceph.cephfs.csi.ceph.com -parameters: - # clusterID is the namespace where the rook cluster is running - # If you change this namespace, also change the namespace below where the secret namespaces are defined - clusterID: rook-ceph - - # CephFS filesystem name into which the volume shall be created - fsName: matrix - - # Ceph pool into which the volume shall be created - # Required for provisionVolume: "true" - pool: matrix-replicated - - # The secrets contain Ceph admin credentials. These are generated automatically by the operator - # in the same namespace as the cluster. - csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner - csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph - csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner - csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph - csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node - csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph - -reclaimPolicy: Delete ---- apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -113,11 +53,11 @@ metadata: namespace: matrix spec: accessModes: - - ReadWriteMany + - ReadWriteMany resources: requests: storage: 4Gi - storageClassName: synapse + storageClassName: cephfs-hyper --- apiVersion: apps/v1 kind: Deployment @@ -136,69 +76,47 @@ spec: labels: app: synapse spec: - initContainers: - - name: gen-config - image: matrixdotorg/synapse:v1.83.0 - args: ["generate"] - ports: - - containerPort: 8008 - env: - - name: SYNAPSE_SERVER_NAME - value: "matrix.undercloud.cf" - - name: SYNAPSE_REPORT_STATS - value: "yes" - volumeMounts: - - mountPath: "/data" - name: data - - mountPath: "/data/homeserver.yaml" - name: homeserver - subPath: homeserver.yaml containers: - - name: synapse - image: matrixdotorg/synapse - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8008 - #lifecycle: - # postStart: - # exec: - # command: - # - "/bin/startup.sh" - livenessProbe: - httpGet: - path: /_matrix/client/versions - port: 8008 - scheme: HTTP - initialDelaySeconds: 120 - name: matrix-synapse - readinessProbe: - httpGet: - path: /_matrix/client/versions - port: 8008 - scheme: HTTP - initialDelaySeconds: 10 - volumeMounts: - - mountPath: "/data" - name: data - - mountPath: "/data/homeserver.yaml" - name: homeserver - subPath: homeserver.yaml - readinessProbe: - httpGet: - path: /_matrix/client/versions - port: 8008 - scheme: HTTP - initialDelaySeconds: 10 + - name: synapse + image: matrixdotorg/synapse:v1.150.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8008 + name: http + + readinessProbe: + httpGet: + path: /_matrix/client/versions + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + + livenessProbe: + httpGet: + path: /_matrix/client/versions + port: 8008 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 20 + + volumeMounts: + - mountPath: /data + name: data + - mountPath: /data/homeserver.yaml + name: homeserver + subPath: homeserver.yaml + volumes: - - name: data - persistentVolumeClaim: - claimName: data - - name: homeserver - configMap: - name: config - items: - - key: "homeserver.yaml" - path: "homeserver.yaml" + - name: data + persistentVolumeClaim: + claimName: data + - name: homeserver + configMap: + name: config + items: + - key: homeserver.yaml + path: homeserver.yaml --- apiVersion: v1 kind: Service @@ -208,17 +126,16 @@ metadata: labels: app: synapse spec: + type: ClusterIP internalTrafficPolicy: Cluster ipFamilies: - - IPv6 - - IPv4 + - IPv6 + - IPv4 ipFamilyPolicy: PreferDualStack - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8008 selector: app: synapse - sessionAffinity: None - type: ClusterIP + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8008 \ No newline at end of file