apiVersion: apps/v1 kind: StatefulSet metadata: name: synapse labels: app: synapse component: web app.kubernetes.io/name: synapse app.kubernetes.io/instance: synapse spec: serviceName: synapse selector: matchLabels: app: synapse component: web template: metadata: labels: app: synapse component: web app.kubernetes.io/name: synapse app.kubernetes.io/instance: synapse annotations: prometheus.io/port: "9000" prometheus.io/scrape: "true" prometheus.io/path: /_synapse/metrics spec: securityContext: fsGroup: 991 runAsUser: 991 runAsGroup: 991 containers: - image: matrixdotorg/synapse:latest imagePullPolicy: IfNotPresent name: synapse ports: - name: http protocol: TCP containerPort: 8008 env: - name: SYNAPSE_CONFIG_DIR value: /config volumeMounts: - mountPath: /tmp name: tmp - mountPath: /data name: data - mountPath: /config/homeserver.yaml subPath: homeserver.yaml name: config - mountPath: /config/signing.key subPath: signing.key name: config - mountPath: /config/log.config subPath: log.config name: config # TODO: validate resource limits # resources: # requests: # memory: "128Mi" # cpu: "500m" # limits: # memory: "512Mi" # cpu: "1000m" livenessProbe: httpGet: path: /health port: 8008 scheme: HTTP failureThreshold: 5 initialDelaySeconds: 60 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 5 volumes: - name: tmp emptyDir: {} - name: data persistentVolumeClaim: claimName: synapse-data - name: config secret: secretName: synapse-config defaultMode: 0600 volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi