Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

matrix

Browse Source
This commit is contained in:
Gitea Root Administrator
2026-03-29 14:46:27 +00:00
parent 29c8564968
commit 88d3af81a5
6 changed files with 72 additions and 394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
matrix/backupSchedule.yaml
View File

@@ -1,140 +0,0 @@
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: matrix-backup-csi-hourly
namespace: velero
labels:
velero.io/storage-location: ceph-bucket
spec:
# Schedule is a Cron expression defining when to run the Backup
schedule: 0 15-22 * * * # every hour
# Specifies whether to use OwnerReferences on backups created by this Schedule.
# Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
useOwnerReferencesInBackup: true
template:
csiSnapshotTimeout: 10m0s
defaultVolumesToFsBackup: false
hooks: {}
includedNamespaces:
- matrix
metadata: {}
storageLocation: ceph-bucket
ttl: 8h0m0s
---
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: matrix-backup-csi-daily
namespace: velero
labels:
velero.io/storage-location: ceph-bucket
spec:
# Schedule is a Cron expression defining when to run the Backup
schedule: 0 0 * * * # every hour
# Specifies whether to use OwnerReferences on backups created by this Schedule.
# Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
useOwnerReferencesInBackup: true
template:
csiSnapshotTimeout: 10m0s
defaultVolumesToFsBackup: false
hooks: {}
includedNamespaces:
- matrix
metadata: {}
storageLocation: ceph-bucket
ttl: 168h0m0s
---
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: matrix-backup-csi-weekly
namespace: velero
labels:
velero.io/storage-location: ceph-bucket
spec:
# Schedule is a Cron expression defining when to run the Backup
schedule: 0 0 * * 1 # every hour
# Specifies whether to use OwnerReferences on backups created by this Schedule.
# Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
useOwnerReferencesInBackup: true
template:
csiSnapshotTimeout: 10m0s
defaultVolumesToFsBackup: false
hooks: {}
includedNamespaces:
- matrix
metadata: {}
storageLocation: ceph-bucket
ttl: 730h0m0s
---
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: matrix-backup-restic-daily
namespace: velero
labels:
velero.io/storage-location: aux-balancer-minio
spec:
# Schedule is a Cron expression defining when to run the Backup
schedule: 0 0 * * * # every hour
# Specifies whether to use OwnerReferences on backups created by this Schedule.
# Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
useOwnerReferencesInBackup: true
template:
csiSnapshotTimeout: 10m0s
snapshotVolumes: false
defaultVolumesToFsBackup: true
hooks: {}
includedNamespaces:
- matrix
metadata: {}
storageLocation: aux-balancer-minio
ttl: 168h0m0s
---
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: matrix-backup-restic-weekly
namespace: velero
labels:
velero.io/storage-location: aux-balancer-minio
spec:
# Schedule is a Cron expression defining when to run the Backup
schedule: 0 0 * * 1 # every hour
# Specifies whether to use OwnerReferences on backups created by this Schedule.
# Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
useOwnerReferencesInBackup: true
template:
csiSnapshotTimeout: 10m0s
snapshotVolumes: false
defaultVolumesToFsBackup: true
hooks: {}
includedNamespaces:
- matrix
metadata: {}
storageLocation: aux-balancer-minio
ttl: 730h0m0s
---
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: matrix-backup-restic-monthly
namespace: velero
labels:
velero.io/storage-location: aux-balancer-minio
spec:
# Schedule is a Cron expression defining when to run the Backup
schedule: 0 0 1 * * # every hour
# Specifies whether to use OwnerReferences on backups created by this Schedule.
# Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
useOwnerReferencesInBackup: true
template:
csiSnapshotTimeout: 10m0s
snapshotVolumes: false
defaultVolumesToFsBackup: true
hooks: {}
includedNamespaces:
- matrix
metadata: {}
storageLocation: aux-balancer-minio
ttl: 4380h0m0s

61
matrix/db.yaml
View File

@@ -1,31 +1,3 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: matrix-db
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.cephfs.csi.ceph.com
parameters:
# clusterID is the namespace where the rook cluster is running
# If you change this namespace, also change the namespace below where the secret namespaces are defined
clusterID: rook-ceph
# CephFS filesystem name into which the volume shall be created
fsName: matrix
# Ceph pool into which the volume shall be created
# Required for provisionVolume: "true"
pool: matrix-replicated
# The secrets contain Ceph admin credentials. These are generated automatically by the operator
# in the same namespace as the cluster.
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -38,7 +10,7 @@ spec:
resources:
requests:
storage: 4Gi
storageClassName: matrix-db
storageClassName: cephfs-hyper
---
apiVersion: apps/v1
kind: Deployment
@@ -131,35 +103,6 @@ spec:
sessionAffinity: None
type: ClusterIP
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: matrix-db-backup
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.cephfs.csi.ceph.com
parameters:
# clusterID is the namespace where the rook cluster is running
# If you change this namespace, also change the namespace below where the secret namespaces are defined
clusterID: rook-ceph
# CephFS filesystem name into which the volume shall be created
fsName: matrix
# Ceph pool into which the volume shall be created
# Required for provisionVolume: "true"
pool: matrix-replicated
# The secrets contain Ceph admin credentials. These are generated automatically by the operator
# in the same namespace as the cluster.
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@@ -171,7 +114,7 @@ spec:
resources:
requests:
storage: 4Gi
storageClassName: matrix-db-backup
storageClassName: cephfs-hyper
---
apiVersion: apps/v1
kind: Deployment

12
matrix/element.yaml
View File

@@ -8,8 +8,8 @@ data:
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.undercloud.cf:443",
"server_name": "matrix.undercloud.cf"
"base_url": "https://matrix.apps.undercloud.dev:443",
"server_name": "matrix.apps.undercloud.dev"
},
"m.identity_server": {
"base_url": "https://vector.im"
@@ -37,18 +37,18 @@ data:
"default_federate": true,
"default_theme": "dark",
"room_directory": {
"servers": ["matrix.org","matrix.undercloud.cf"]
"servers": ["matrix.org","matrix.apps.undercloud.dev"]
},
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false,
"https://matrix.undercloud.cf": true
"https://matrix.apps.undercloud.dev": true
},
"setting_defaults": {
"breadcrumbs": true
},
"jitsi": {
"preferred_domain": "jitsi.undercloud.cf"
"preferred_domain": "jitsi.apps.undercloud.dev"
},
"element_call": {
"url": "https://call.element.io",
@@ -77,7 +77,7 @@ spec:
spec:
containers:
- name: element
image: vectorim/element-web:v1.11.20
image: vectorim/element-web:v1.11.71
imagePullPolicy: IfNotPresent
readinessProbe:
httpGet:

42
matrix/filesystem.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: ceph.rook.io/v1
kind: CephFilesystem
metadata:
name: matrix
namespace: rook-ceph
spec:
metadataPool:
failureDomain: host
replicated:
size: 3
dataPools:
- name: replicated
failureDomain: host
replicated:
size: 3
preserveFilesystemOnDelete: false
metadataServer:
activeCount: 1
activeStandby: true
placement:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: role
# operator: In
# values:
# - mds-node
tolerations:
- key: node-role.kubernetes.io/storage-node
operator: Exists
effect: NoSchedule
# podAffinity:
# podAntiAffinity:
# topologySpreadConstraints:
#resources:
# limits:
# cpu: "80m"
# memory: "1024Mi"
# requests:
# cpu: "500m"
# memory: "1024Mi"

8
matrix/ingress.yaml
View File

@@ -10,10 +10,10 @@ metadata:
spec:
tls:
- hosts:
- matrix.undercloud.cf
- matrix.apps.undercloud.dev
secretName: matrix-tls
rules:
- host: matrix.undercloud.cf
- host: matrix.apps.undercloud.dev
http:
paths:
- path: /
@@ -36,10 +36,10 @@ metadata:
spec:
tls:
- hosts:
- element.undercloud.cf
- element.apps.undercloud.dev
secretName: element-tls
rules:
- host: element.undercloud.cf
- host: element.apps.undercloud.dev
http:
paths:
- path: /

203
matrix/synapse.yaml
View File

@@ -5,46 +5,16 @@ metadata:
namespace: matrix
data:
homeserver.yaml: |
# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "undercloud.cf"
server_name: "matrix.apps.undercloud.dev"
public_baseurl: "https://matrix.apps.undercloud.dev/"
pid_file: /data/homeserver.pid
public_baseurl: "https://undercloud.cf"
#allow_public_rooms_without_auth: true
#allow_public_rooms_over_federation: true
serve_server_wellknown: true
enable_registration: true
enable_registration_without_verification: true
#allow_guest_access: true
enable_metrics: true
modules:
- module: "ldap_auth_provider.LdapAuthProviderModule"
config:
enabled: true
#mode: "search"
uri: "ldap://ldap.undercloud.cf:389"
start_tls: true
base: "ou=users,dc=undercloud,dc=cf"
attributes:
uid: "cn"
mail: "mail"
name: "displayName"
bind_dn: cn=synapse,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf
bind_password: aPasswordForTheSynapseUser5
filter: "(objectClass=inetOrgPerson)"
tls_options:
validate: false
report_stats: true
listeners:
- port: 8008
@@ -54,10 +24,7 @@ data:
resources:
- names: [client, federation]
compress: false
#database:
# name: sqlite3
# args:
# database: /data/homeserver.db
database:
name: psycopg2
args:
@@ -67,45 +34,18 @@ data:
host: db
cp_min: 5
cp_max: 10
log_config: "/data/matrix.undercloud.cf.log.config"
media_store_path: /data/media_store
log_config: "/data/matrix.apps.undercloud.dev.log.config"
registration_shared_secret: ",=UrbCS67WrW1&&3Xi&*Q17AE@QZ1ni0@BFHviDD+sE=aFfc;Y"
report_stats: true
macaroon_secret_key: "QbLPh;thU&X_mZ~Cf+BqBLEzfDN9yMc-Kf.bB6HA5yTiH_7@:-"
form_secret: "u5EhY4vAm1-qLOVQJPzsu7zwGeBkC:=PSJizLERyv#G.5R,2L@"
signing_key_path: "/data/matrix.undercloud.cf.signing.key"
signing_key_path: "/data/matrix.apps.undercloud.dev.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: synapse
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.cephfs.csi.ceph.com
parameters:
# clusterID is the namespace where the rook cluster is running
# If you change this namespace, also change the namespace below where the secret namespaces are defined
clusterID: rook-ceph
# CephFS filesystem name into which the volume shall be created
fsName: matrix
# Ceph pool into which the volume shall be created
# Required for provisionVolume: "true"
pool: matrix-replicated
# The secrets contain Ceph admin credentials. These are generated automatically by the operator
# in the same namespace as the cluster.
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@@ -113,11 +53,11 @@ metadata:
namespace: matrix
spec:
accessModes:
- ReadWriteMany
- ReadWriteMany
resources:
requests:
storage: 4Gi
storageClassName: synapse
storageClassName: cephfs-hyper
---
apiVersion: apps/v1
kind: Deployment
@@ -136,69 +76,47 @@ spec:
labels:
app: synapse
spec:
initContainers:
- name: gen-config
image: matrixdotorg/synapse:v1.83.0
args: ["generate"]
ports:
- containerPort: 8008
env:
- name: SYNAPSE_SERVER_NAME
value: "matrix.undercloud.cf"
- name: SYNAPSE_REPORT_STATS
value: "yes"
volumeMounts:
- mountPath: "/data"
name: data
- mountPath: "/data/homeserver.yaml"
name: homeserver
subPath: homeserver.yaml
containers:
- name: synapse
image: matrixdotorg/synapse
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8008
#lifecycle:
# postStart:
# exec:
# command:
# - "/bin/startup.sh"
livenessProbe:
httpGet:
path: /_matrix/client/versions
port: 8008
scheme: HTTP
initialDelaySeconds: 120
name: matrix-synapse
readinessProbe:
httpGet:
path: /_matrix/client/versions
port: 8008
scheme: HTTP
initialDelaySeconds: 10
volumeMounts:
- mountPath: "/data"
name: data
- mountPath: "/data/homeserver.yaml"
name: homeserver
subPath: homeserver.yaml
readinessProbe:
httpGet:
path: /_matrix/client/versions
port: 8008
scheme: HTTP
initialDelaySeconds: 10
- name: synapse
image: matrixdotorg/synapse:v1.150.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8008
name: http
readinessProbe:
httpGet:
path: /_matrix/client/versions
port: 8008
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
httpGet:
path: /_matrix/client/versions
port: 8008
scheme: HTTP
initialDelaySeconds: 120
periodSeconds: 20
volumeMounts:
- mountPath: /data
name: data
- mountPath: /data/homeserver.yaml
name: homeserver
subPath: homeserver.yaml
volumes:
- name: data
persistentVolumeClaim:
claimName: data
- name: homeserver
configMap:
name: config
items:
- key: "homeserver.yaml"
path: "homeserver.yaml"
- name: data
persistentVolumeClaim:
claimName: data
- name: homeserver
configMap:
name: config
items:
- key: homeserver.yaml
path: homeserver.yaml
---
apiVersion: v1
kind: Service
@@ -208,17 +126,16 @@ metadata:
labels:
app: synapse
spec:
type: ClusterIP
internalTrafficPolicy: Cluster
ipFamilies:
- IPv6
- IPv4
- IPv6
- IPv4
ipFamilyPolicy: PreferDualStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8008
selector:
app: synapse
sessionAffinity: None
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8008