Skip to content

Instantly share code, notes, and snippets.

@sandhose

sandhose/synapse.yaml

Last active January 11, 2019 20:36
Show Gist options
  • Save sandhose/4a8e568c1f159134cebe6da20a2f18c1 to your computer and use it in GitHub Desktop.
Save sandhose/4a8e568c1f159134cebe6da20a2f18c1 to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes manifests of my Synapse deployment
Raw
synapse.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: synapse
labels:
app: synapse
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "10Gi"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-synapse
data:
SYNAPSE_SERVER_NAME: "sandhose.fr"
SYNAPSE_REPORT_STATS: "no"
SYNAPSE_NO_TLS: "True"
SYNAPSE_ENABLE_REGISTRATION: "False"
SYNAPSE_ALLOW_GUEST: "False"
old_signing_keys.yaml: >
old_signing_keys:
"ed25519:a_UUcb":
expired_ts: 15307901032812
key: "MWDxG/Yfmxsvf252FH/mOUA37D9ZpbMv9UCpAGc5dSU"
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: synapse
name: synapse
spec:
replicas: 1
selector:
matchLabels:
app: synapse
template:
metadata:
labels:
app: synapse
spec:
containers:
- image: sandhose/synapse:latest
imagePullPolicy: Always
name: synapse
resources:
requests:
cpu: 900m
envFrom:
- configMapRef:
name: matrix-synapse
env:
- name: SYNAPSE_REPORT_STATS
value: "no"
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql
key: postgres-password
- name: POSTGRES_DB
value: synapse
- name: POSTGRES_HOST
value: postgresql
- name: SYNAPSE_REGISTRATION_SHARED_SECRET
valueFrom:
secretKeyRef:
name: matrix-synapse
key: SYNAPSE_REGISTRATION_SHARED_SECRET
- name: SYNAPSE_MACAROON_SECRET_KEY
valueFrom:
secretKeyRef:
name: matrix-synapse
key: SYNAPSE_MACAROON_SECRET_KEY
ports:
- name: http
containerPort: 8008
protocol: TCP
volumeMounts:
- name: matrix-config
mountPath: /conf/homeserver.yaml.d/old_signing_keys.yaml
subPath: old_signing_keys.yaml
- name: tls-secrets
mountPath: /secrets/tls.key
subPath: tls.key
- name: tls-secrets
mountPath: /secrets/tls.crt
subPath: tls.crt
- name: matrix-secrets
mountPath: /secrets/tls.dh
subPath: tls.dh
- name: matrix-secrets
mountPath: /secrets/signing.key
subPath: signing.key
- name: synapse-data
mountPath: /data
volumes:
- name: tls-secrets
secret:
secretName: sandhose-fr-tls
- name: matrix-config
configMap:
name: matrix-synapse
- name: matrix-secrets
secret:
secretName: matrix-synapse
- name: synapse-data
persistentVolumeClaim:
claimName: synapse
---
apiVersion: v1
kind: Service
metadata:
name: synapse
labels:
app: synapse
spec:
selector:
app: synapse
ports:
- port: 80
targetPort: 8008
---
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: synapse
labels:
app: synapse
annotations:
kubernetes.io/ingress.class: "traefik"
spec:
tls:
- secretName: sandhose-fr-tls
rules:
- host: sandhose.fr
http:
paths:
- backend:
serviceName: synapse
servicePort: 80
path: /_matrix/
- host: matrix.sandhose.fr
http:
paths:
- backend:
serviceName: synapse
servicePort: 80
path: /_matrix/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment