apiVersion: apps/v1 kind: StatefulSet metadata: name: synapse labels: app: synapse component: web app.kubernetes.io/name: synapse app.kubernetes.io/instance: synapse spec: serviceName: synapse selector: matchLabels: app: synapse component: web template: metadata: labels: app: synapse component: web app.kubernetes.io/name: synapse app.kubernetes.io/instance: synapse annotations: prometheus.io/port: "9000" prometheus.io/scrape: "true" prometheus.io/path: /_synapse/metrics spec: securityContext: fsGroup: 991 runAsUser: 991 runAsGroup: 991 containers: - image: matrixdotorg/synapse:latest imagePullPolicy: Always name: synapse ports: - name: http protocol: TCP containerPort: 8008 env: - name: SYNAPSE_CONFIG_DIR value: /config volumeMounts: - mountPath: /tmp name: tmp - mountPath: /data name: data - mountPath: /config/homeserver.yaml subPath: homeserver.yaml name: config - mountPath: /config/signing.key subPath: signing.key name: config - mountPath: /config/log.config subPath: log.config name: config resources: requests: memory: 256Mi cpu: 250m limits: memory: 768Mi cpu: 2000m securityContext: readOnlyRootFilesystem: true livenessProbe: httpGet: path: /health port: 8008 scheme: HTTP failureThreshold: 5 initialDelaySeconds: 60 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 5 volumes: - name: tmp emptyDir: {} - name: data persistentVolumeClaim: claimName: synapse-data - name: config secret: secretName: synapse-config defaultMode: 0600 volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi