apiVersion: v1 kind: ConfigMap metadata: name: element-web-nginx labels: helm.sh/chart: element-web-1.4.32 app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web app.kubernetes.io/version: "1.12.12" app.kubernetes.io/managed-by: Helm data: default.conf: | server { listen 8080; listen [::]:8080; server_name localhost; root /usr/share/nginx/html; index index.html; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Content-Security-Policy "frame-ancestors 'self'"; # Set no-cache for the index.html only so that browsers always check for a new copy of Element Web. location = /index.html { add_header Cache-Control "no-cache"; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; } --- apiVersion: v1 kind: ConfigMap metadata: name: element-web labels: helm.sh/chart: element-web-1.4.32 app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web app.kubernetes.io/version: "1.12.12" app.kubernetes.io/managed-by: Helm data: config.json: | {"brand":"Alex Lebens","branding":{"auth_header_logo_url":"https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png","welcome_background_url":"https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg"},"default_country_code":"US","default_server_config":{"m.homeserver":{"base_url":"https://matrix.alexlebens.dev","server_name":"alexlebens.dev"},"m.identity_server":{"base_url":"https://alexlebens.dev"}},"default_theme":"dark","disable_3pid_login":true,"sso_redirect_options":{"immediate":true}} --- apiVersion: apps/v1 kind: Deployment metadata: name: element-web-cloudflared labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: element-web app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 helm.sh/chart: cloudflared-2.4.0 namespace: element-web spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: cloudflared app.kubernetes.io/instance: element-web template: metadata: labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: element-web app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - args: - tunnel - --protocol - http2 - --no-autoupdate - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) env: - name: CF_MANAGED_TUNNEL_TOKEN valueFrom: secretKeyRef: key: cf-tunnel-token name: element-web-cloudflared-secret image: cloudflare/cloudflared:2026.3.0 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 128Mi --- apiVersion: apps/v1 kind: Deployment metadata: name: element-web labels: helm.sh/chart: element-web-1.4.32 app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web app.kubernetes.io/version: "1.12.12" app.kubernetes.io/managed-by: Helm spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web template: metadata: annotations: checksum/config: 04eb2301648950300927dec1a0b242c7c5d41b5733c5487f8dfca9a7ac6195fd checksum/config-nginx: 19beb0ffa0670317e09b9c7b8a183b846283d3939cebfe2bfe296ddf0f00a052 labels: app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web spec: serviceAccountName: element-web securityContext: {} containers: - name: element-web securityContext: {} image: "vectorim/element-web:v1.12.12" imagePullPolicy: IfNotPresent env: - name: ELEMENT_WEB_PORT value: '8080' ports: - name: http containerPort: 8080 protocol: TCP livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http resources: requests: cpu: 10m memory: 128Mi volumeMounts: - mountPath: /app/config.json name: config subPath: config.json - mountPath: /etc/nginx/conf.d/config.json name: config-nginx subPath: config.json volumes: - name: config configMap: name: element-web - name: config-nginx configMap: name: element-web-nginx --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: element-web-cloudflared-secret namespace: element-web labels: helm.sh/chart: cloudflared-2.4.0 app.kubernetes.io/instance: element-web app.kubernetes.io/part-of: element-web app.kubernetes.io/version: "2.4.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: element-web-cloudflared-secret spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: cf-tunnel-token remoteRef: conversionStrategy: Default decodingStrategy: None key: /cloudflare/tunnels/element-web metadataPolicy: None property: token --- apiVersion: v1 kind: Pod metadata: name: "element-web-test-connection" labels: helm.sh/chart: element-web-1.4.32 app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web app.kubernetes.io/version: "1.12.12" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": test-success spec: containers: - name: wget image: busybox command: ['wget'] args: ['element-web:80'] restartPolicy: Never --- apiVersion: v1 kind: Service metadata: name: element-web labels: helm.sh/chart: element-web-1.4.32 app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web app.kubernetes.io/version: "1.12.12" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web --- apiVersion: v1 kind: ServiceAccount metadata: name: element-web labels: helm.sh/chart: element-web-1.4.32 app.kubernetes.io/name: element-web app.kubernetes.io/instance: element-web app.kubernetes.io/version: "1.12.12" app.kubernetes.io/managed-by: Helm