k8s-apps/matrix/synapse.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: config
  namespace: matrix
data:
  homeserver.yaml: |
    server_name: "matrix.apps.undercloud.dev"
    public_baseurl: "https://matrix.apps.undercloud.dev/"
    pid_file: /data/homeserver.pid

    serve_server_wellknown: true

    enable_registration: true
    enable_registration_without_verification: true
    enable_metrics: true
    report_stats: true

    listeners:
      - port: 8008
        tls: false
        type: http
        x_forwarded: true
        resources:
          - names: [client, federation]
            compress: false

    database:
      name: psycopg2
      args:
        user: matrix
        password: matrixUserPW
        database: synapse
        host: db
        cp_min: 5
        cp_max: 10

    media_store_path: /data/media_store
    #log_config: "/data/matrix.apps.undercloud.dev.log.config"

    registration_shared_secret: ",=UrbCS67WrW1&&3Xi&*Q17AE@QZ1ni0@BFHviDD+sE=aFfc;Y"
    macaroon_secret_key: "QbLPh;thU&X_mZ~Cf+BqBLEzfDN9yMc-Kf.bB6HA5yTiH_7@:-"
    form_secret: "u5EhY4vAm1-qLOVQJPzsu7zwGeBkC:=PSJizLERyv#G.5R,2L@"
    signing_key_path: "/data/matrix.apps.undercloud.dev.signing.key"

    trusted_key_servers:
      - server_name: "matrix.org"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data
  namespace: matrix
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 4Gi
  storageClassName: cephfs-hyper
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: synapse
  namespace: matrix
  labels:
    app: synapse
spec:
  replicas: 1
  selector:
    matchLabels:
      app: synapse
  template:
    metadata:
      labels:
        app: synapse
    spec:
      securityContext:
        fsGroup: 991
        fsGroupChangePolicy: OnRootMismatch

      initContainers:
      - name: fix-permissions
        image: busybox:1.36
        command:
          - sh
          - -c
          - |
            mkdir -p /data
            chown -R 991:991 /data
            chmod -R u+rwX,g+rwX /data
            ls -ld /data
            ls -l /data || true
        volumeMounts:
        - mountPath: /data
          name: data

      containers:
      - name: synapse
        image: matrixdotorg/synapse:v1.150.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8008
          name: http
        readinessProbe:
          httpGet:
            path: /_matrix/client/versions
            port: 8008
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
        livenessProbe:
          httpGet:
            path: /_matrix/client/versions
            port: 8008
            scheme: HTTP
          initialDelaySeconds: 120
          periodSeconds: 20
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /data/homeserver.yaml
          name: homeserver
          subPath: homeserver.yaml

      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: data
      - name: homeserver
        configMap:
          name: config
          items:
          - key: homeserver.yaml
            path: homeserver.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: synapse
  namespace: matrix
  labels:
    app: synapse
spec:
  type: ClusterIP
  internalTrafficPolicy: Cluster
  ipFamilies:
    - IPv6
    - IPv4
  ipFamilyPolicy: PreferDualStack
  selector:
    app: synapse
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 8008