225 lines
6.1 KiB
YAML
225 lines
6.1 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: config
|
|
namespace: matrix
|
|
data:
|
|
homeserver.yaml: |
|
|
# Configuration file for Synapse.
|
|
#
|
|
# This is a YAML file: see [1] for a quick introduction. Note in particular
|
|
# that *indentation is important*: all the elements of a list or dictionary
|
|
# should have the same indentation.
|
|
#
|
|
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
|
|
#
|
|
# For more information on how to configure Synapse, including a complete accounting of
|
|
# each option, go to docs/usage/configuration/config_documentation.md or
|
|
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
|
|
server_name: "undercloud.cf"
|
|
pid_file: /data/homeserver.pid
|
|
public_baseurl: "https://undercloud.cf"
|
|
|
|
#allow_public_rooms_without_auth: true
|
|
#allow_public_rooms_over_federation: true
|
|
enable_registration: true
|
|
enable_registration_without_verification: true
|
|
#allow_guest_access: true
|
|
enable_metrics: true
|
|
|
|
|
|
modules:
|
|
- module: "ldap_auth_provider.LdapAuthProviderModule"
|
|
config:
|
|
enabled: true
|
|
#mode: "search"
|
|
uri: "ldap://ldap.undercloud.cf:389"
|
|
start_tls: true
|
|
base: "ou=users,dc=undercloud,dc=cf"
|
|
attributes:
|
|
uid: "cn"
|
|
mail: "mail"
|
|
name: "displayName"
|
|
bind_dn: cn=synapse,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf
|
|
bind_password: aPasswordForTheSynapseUser5
|
|
filter: "(objectClass=inetOrgPerson)"
|
|
tls_options:
|
|
validate: false
|
|
|
|
listeners:
|
|
- port: 8008
|
|
tls: false
|
|
type: http
|
|
x_forwarded: true
|
|
resources:
|
|
- names: [client, federation]
|
|
compress: false
|
|
#database:
|
|
# name: sqlite3
|
|
# args:
|
|
# database: /data/homeserver.db
|
|
database:
|
|
name: psycopg2
|
|
args:
|
|
user: matrix
|
|
password: matrixUserPW
|
|
database: synapse
|
|
host: db
|
|
cp_min: 5
|
|
cp_max: 10
|
|
log_config: "/data/matrix.undercloud.cf.log.config"
|
|
media_store_path: /data/media_store
|
|
registration_shared_secret: ",=UrbCS67WrW1&&3Xi&*Q17AE@QZ1ni0@BFHviDD+sE=aFfc;Y"
|
|
report_stats: true
|
|
macaroon_secret_key: "QbLPh;thU&X_mZ~Cf+BqBLEzfDN9yMc-Kf.bB6HA5yTiH_7@:-"
|
|
form_secret: "u5EhY4vAm1-qLOVQJPzsu7zwGeBkC:=PSJizLERyv#G.5R,2L@"
|
|
signing_key_path: "/data/matrix.undercloud.cf.signing.key"
|
|
trusted_key_servers:
|
|
- server_name: "matrix.org"
|
|
---
|
|
apiVersion: storage.k8s.io/v1
|
|
kind: StorageClass
|
|
metadata:
|
|
name: synapse
|
|
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
|
|
provisioner: rook-ceph.cephfs.csi.ceph.com
|
|
parameters:
|
|
# clusterID is the namespace where the rook cluster is running
|
|
# If you change this namespace, also change the namespace below where the secret namespaces are defined
|
|
clusterID: rook-ceph
|
|
|
|
# CephFS filesystem name into which the volume shall be created
|
|
fsName: matrix
|
|
|
|
# Ceph pool into which the volume shall be created
|
|
# Required for provisionVolume: "true"
|
|
pool: matrix-replicated
|
|
|
|
# The secrets contain Ceph admin credentials. These are generated automatically by the operator
|
|
# in the same namespace as the cluster.
|
|
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
|
|
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
|
|
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
|
|
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
|
|
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
|
|
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
|
|
|
|
reclaimPolicy: Delete
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: data
|
|
namespace: matrix
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 4Gi
|
|
storageClassName: synapse
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: synapse
|
|
namespace: matrix
|
|
labels:
|
|
app: synapse
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: synapse
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: synapse
|
|
spec:
|
|
initContainers:
|
|
- name: gen-config
|
|
image: matrixdotorg/synapse:v1.83.0
|
|
args: ["generate"]
|
|
ports:
|
|
- containerPort: 8008
|
|
env:
|
|
- name: SYNAPSE_SERVER_NAME
|
|
value: "matrix.undercloud.cf"
|
|
- name: SYNAPSE_REPORT_STATS
|
|
value: "yes"
|
|
volumeMounts:
|
|
- mountPath: "/data"
|
|
name: data
|
|
- mountPath: "/data/homeserver.yaml"
|
|
name: homeserver
|
|
subPath: homeserver.yaml
|
|
containers:
|
|
- name: synapse
|
|
image: matrixdotorg/synapse
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 8008
|
|
#lifecycle:
|
|
# postStart:
|
|
# exec:
|
|
# command:
|
|
# - "/bin/startup.sh"
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /_matrix/client/versions
|
|
port: 8008
|
|
scheme: HTTP
|
|
initialDelaySeconds: 120
|
|
name: matrix-synapse
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /_matrix/client/versions
|
|
port: 8008
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
volumeMounts:
|
|
- mountPath: "/data"
|
|
name: data
|
|
- mountPath: "/data/homeserver.yaml"
|
|
name: homeserver
|
|
subPath: homeserver.yaml
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /_matrix/client/versions
|
|
port: 8008
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: data
|
|
- name: homeserver
|
|
configMap:
|
|
name: config
|
|
items:
|
|
- key: "homeserver.yaml"
|
|
path: "homeserver.yaml"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: synapse
|
|
namespace: matrix
|
|
labels:
|
|
app: synapse
|
|
spec:
|
|
internalTrafficPolicy: Cluster
|
|
ipFamilies:
|
|
- IPv6
|
|
- IPv4
|
|
ipFamilyPolicy: PreferDualStack
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: 8008
|
|
selector:
|
|
app: synapse
|
|
sessionAffinity: None
|
|
type: ClusterIP
|