Add Synapse
This commit is contained in:
Rob Watson
parent
ba9d22fb6f
commit
f06b69974f
|
|
@ -0,0 +1,78 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: synapse
|
||||
labels:
|
||||
app: synapse
|
||||
component: web
|
||||
app.kubernetes.io/name: synapse
|
||||
app.kubernetes.io/instance: synapse
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: synapse
|
||||
component: web
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: synapse
|
||||
component: web
|
||||
app.kubernetes.io/name: synapse
|
||||
app.kubernetes.io/instance: synapse
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 991
|
||||
runAsUser: 991
|
||||
runAsGroup: 991
|
||||
containers:
|
||||
- image: matrixdotorg/synapse:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: synapse
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
containerPort: 8008
|
||||
env:
|
||||
- name: SYNAPSE_CONFIG_DIR
|
||||
value: /config
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /data
|
||||
name: data
|
||||
- mountPath: /config/homeserver.yaml
|
||||
subPath: homeserver.yaml
|
||||
name: config
|
||||
- mountPath: /config/signing.key
|
||||
subPath: signing.key
|
||||
name: config
|
||||
- mountPath: /config/log.config
|
||||
subPath: log.config
|
||||
name: config
|
||||
resources:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "250m"
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8008
|
||||
scheme: HTTP
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 10
|
||||
volumes:
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: synapse-data
|
||||
- name: config
|
||||
secret:
|
||||
secretName: synapse-config
|
||||
defaultMode: 0600
|
||||
|
|
@ -64,3 +64,13 @@ spec:
|
|||
name: drone
|
||||
port:
|
||||
name: http
|
||||
- host: synapse.internal
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: synapse
|
||||
port:
|
||||
name: http
|
||||
|
|
|
|||
|
|
@ -87,6 +87,10 @@ resources:
|
|||
- role-drone-runner.yaml
|
||||
- rolebinding-drone-runner.yaml
|
||||
|
||||
- pvc-synapse.yaml
|
||||
- deploy-synapse.yaml
|
||||
- svc-synapse.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: gitea-scripts
|
||||
files:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: synapse-data
|
||||
namespace: default
|
||||
labels:
|
||||
app: synapse
|
||||
component: storage
|
||||
app.kubernetes.io/name: synapse
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: synapse
|
||||
app.kubernetes.io/instance: synapse
|
||||
app.kubernetes.io/name: synapse
|
||||
name: synapse
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 8008
|
||||
selector:
|
||||
app: synapse
|
||||
component: web
|
||||
type: ClusterIP
|
||||
|
|
@ -71,6 +71,11 @@ secretGenerator:
|
|||
- gitea-client-id=55847c4a-c80e-4e77-ab36-c6d102273115
|
||||
- gitea-client-secret=IU4cb59RNNLuI9PRkUbldcEQ5wYPEZMBK5s6p7vTdVfe
|
||||
- rpc-secret=f5ec349109bb9bbdf00e4394afd28754
|
||||
- name: synapse-config
|
||||
files:
|
||||
- homeserver.yaml=synapse-homeserver.yaml
|
||||
- signing.key=synapse-signing.key
|
||||
- log.config=synapse-log.config
|
||||
|
||||
patches:
|
||||
# Patch the metrics-server to not require TLS in dev cluster.
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,24 @@
|
|||
version: 1
|
||||
|
||||
formatters:
|
||||
precise:
|
||||
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||
|
||||
handlers:
|
||||
|
||||
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
|
||||
loggers:
|
||||
synapse.storage.SQL:
|
||||
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||
# information such as access tokens.
|
||||
level: INFO
|
||||
|
||||
root:
|
||||
level: INFO
|
||||
|
||||
|
||||
handlers: [console]
|
||||
|
|
@ -0,0 +1 @@
|
|||
ed25519 a_nWgQ g9Vz5k4z+y2X5XQXVuYSWMnqxLQabth1WL8B1E5EErM
|
||||
|
|
@ -14,6 +14,7 @@
|
|||
- element.netflux.io
|
||||
- git.netflux.io
|
||||
- drone.netflux.io
|
||||
- synapse.netflux.io
|
||||
secretName: prod-ingress-tls
|
||||
- op: replace
|
||||
path: /spec/rules/0/host
|
||||
|
|
@ -30,3 +31,6 @@
|
|||
- op: replace
|
||||
path: /spec/rules/4/host
|
||||
value: drone.netflux.io
|
||||
- op: replace
|
||||
path: /spec/rules/5/host
|
||||
value: synapse.netflux.io
|
||||
|
|
|
|||
|
|
@ -60,6 +60,11 @@ secretGenerator:
|
|||
- gitea-client-id=secrets/drone-gitea-client-id
|
||||
- gitea-client-secret=secrets/drone-gitea-client-secret
|
||||
- rpc-secret=secrets/drone-rpc-secret
|
||||
- name: synapse-config
|
||||
files:
|
||||
- homeserver.yaml=secrets/synapse-homeserver.yaml
|
||||
- signing.key=secrets/synapse-signing.key
|
||||
- log.config=secrets/synapse-log.config
|
||||
|
||||
patches:
|
||||
# Patch the ingress-nginx deployment to allow it to use a service with a
|
||||
|
|
|
|||
|
|
@ -6,3 +6,4 @@ GRANT ALL PRIVILEGES ON DATABASE invidious TO kemal;
|
|||
CREATE DATABASE grafana;
|
||||
CREATE DATABASE drone;
|
||||
CREATE DATABASE gitea;
|
||||
CREATE DATABASE synapse ENCODING UTF8 LC_COLLATE 'C' LC_CTYPE 'C' TEMPLATE template0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue