rob
/
netflux-kubernetes
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Add Synapse

This commit is contained in:
Rob Watson 2022-06-04 03:07:12 +02:00
parent ba9d22fb6f
commit f06b69974f
12 changed files with 3012 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
deploy/base/deploy-synapse.yaml Normal file
View File

@ -0,0 +1,78 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: synapse
labels:
app: synapse
component: web
app.kubernetes.io/name: synapse
app.kubernetes.io/instance: synapse
spec:
selector:
matchLabels:
app: synapse
component: web
template:
metadata:
labels:
app: synapse
component: web
app.kubernetes.io/name: synapse
app.kubernetes.io/instance: synapse
spec:
securityContext:
fsGroup: 991
runAsUser: 991
runAsGroup: 991
containers:
- image: matrixdotorg/synapse:latest
imagePullPolicy: IfNotPresent
name: synapse
ports:
- name: http
protocol: TCP
containerPort: 8008
env:
- name: SYNAPSE_CONFIG_DIR
value: /config
volumeMounts:
- mountPath: /tmp
name: tmp
- mountPath: /data
name: data
- mountPath: /config/homeserver.yaml
subPath: homeserver.yaml
name: config
- mountPath: /config/signing.key
subPath: signing.key
name: config
- mountPath: /config/log.config
subPath: log.config
name: config
resources:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8008
scheme: HTTP
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
volumes:
- name: tmp
emptyDir: {}
- name: data
persistentVolumeClaim:
claimName: synapse-data
- name: config
secret:
secretName: synapse-config
defaultMode: 0600

10
deploy/base/ingress.yaml
View File

@ -64,3 +64,13 @@ spec:
name: drone name: drone
port: port:
name: http name: http
- host: synapse.internal
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: synapse
port:
name: http

4
deploy/base/kustomization.yaml
View File

@ -87,6 +87,10 @@ resources:
- role-drone-runner.yaml - role-drone-runner.yaml
- rolebinding-drone-runner.yaml - rolebinding-drone-runner.yaml
- pvc-synapse.yaml
- deploy-synapse.yaml
- svc-synapse.yaml
configMapGenerator: configMapGenerator:
- name: gitea-scripts - name: gitea-scripts
files: files:

16
deploy/base/pvc-synapse.yaml Normal file
View File

@ -0,0 +1,16 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: synapse-data
namespace: default
labels:
app: synapse
component: storage
app.kubernetes.io/name: synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

19
deploy/base/svc-synapse.yaml Normal file
View File

@ -0,0 +1,19 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app: synapse
app.kubernetes.io/instance: synapse
app.kubernetes.io/name: synapse
name: synapse
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8008
selector:
app: synapse
component: web
type: ClusterIP

5
deploy/dev/kustomization.yaml
View File

@ -71,6 +71,11 @@ secretGenerator:
- gitea-client-id=55847c4a-c80e-4e77-ab36-c6d102273115 - gitea-client-id=55847c4a-c80e-4e77-ab36-c6d102273115
- gitea-client-secret=IU4cb59RNNLuI9PRkUbldcEQ5wYPEZMBK5s6p7vTdVfe - gitea-client-secret=IU4cb59RNNLuI9PRkUbldcEQ5wYPEZMBK5s6p7vTdVfe
- rpc-secret=f5ec349109bb9bbdf00e4394afd28754 - rpc-secret=f5ec349109bb9bbdf00e4394afd28754
- name: synapse-config
files:
- homeserver.yaml=synapse-homeserver.yaml
- signing.key=synapse-signing.key
- log.config=synapse-log.config
patches: patches:
# Patch the metrics-server to not require TLS in dev cluster. # Patch the metrics-server to not require TLS in dev cluster.

2845
deploy/dev/synapse-homeserver.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

24
deploy/dev/synapse-log.config Normal file
View File

@ -0,0 +1,24 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: INFO
handlers: [console]

1
deploy/dev/synapse-signing.key Normal file
View File

@ -0,0 +1 @@
ed25519 a_nWgQ g9Vz5k4z+y2X5XQXVuYSWMnqxLQabth1WL8B1E5EErM

4
deploy/prod/ingress.yaml
View File

@ -14,6 +14,7 @@
- element.netflux.io - element.netflux.io
- git.netflux.io - git.netflux.io
- drone.netflux.io - drone.netflux.io
- synapse.netflux.io
secretName: prod-ingress-tls secretName: prod-ingress-tls
- op: replace - op: replace
path: /spec/rules/0/host path: /spec/rules/0/host
@ -30,3 +31,6 @@
- op: replace - op: replace
path: /spec/rules/4/host path: /spec/rules/4/host
value: drone.netflux.io value: drone.netflux.io
- op: replace
path: /spec/rules/5/host
value: synapse.netflux.io

5
deploy/prod/kustomization.yaml
View File

@ -60,6 +60,11 @@ secretGenerator:
- gitea-client-id=secrets/drone-gitea-client-id - gitea-client-id=secrets/drone-gitea-client-id
- gitea-client-secret=secrets/drone-gitea-client-secret - gitea-client-secret=secrets/drone-gitea-client-secret
- rpc-secret=secrets/drone-rpc-secret - rpc-secret=secrets/drone-rpc-secret
- name: synapse-config
files:
- homeserver.yaml=secrets/synapse-homeserver.yaml
- signing.key=secrets/synapse-signing.key
- log.config=secrets/synapse-log.config
patches: patches:
# Patch the ingress-nginx deployment to allow it to use a service with a # Patch the ingress-nginx deployment to allow it to use a service with a

1
kind/bin/setup-dev-db.sql
View File

@ -6,3 +6,4 @@ GRANT ALL PRIVILEGES ON DATABASE invidious TO kemal;
CREATE DATABASE grafana; CREATE DATABASE grafana;
CREATE DATABASE drone; CREATE DATABASE drone;
CREATE DATABASE gitea; CREATE DATABASE gitea;
CREATE DATABASE synapse ENCODING UTF8 LC_COLLATE 'C' LC_CTYPE 'C' TEMPLATE template0;