--- # Source: matrix-synapse/charts/matrix-synapse/templates/deployment.yaml # Server: alexlebens.dev apiVersion: apps/v1 kind: Deployment metadata: name: matrix-synapse labels: helm.sh/chart: matrix-synapse-3.12.16 app.kubernetes.io/name: matrix-synapse app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "1.143.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: synapse spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: matrix-synapse app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/component: synapse template: metadata: annotations: checksum/config: e77b3b25301ed2f4b5eac2f16ed5d058374ed1ffcd7e9ca4d8eef44867647feb checksum/secrets: ff32815d35f08a3b028dc050932b18b5f03b9bc3a9dd36ec8eca8dc2b51c5be3 labels: app.kubernetes.io/name: matrix-synapse app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/component: synapse spec: serviceAccountName: default securityContext: {} initContainers: - name: volume-permissions command: - sh - -c - | chown 666:666 -R /synapse/data image: "alpine:latest" imagePullPolicy: Always resources: {} securityContext: runAsNonRoot: false runAsUser: 0 volumeMounts: - name: media mountPath: /synapse/data containers: - name: synapse command: - sh - -c - | export POSTGRES_PASSWORD=$(echo "${POSTGRES_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \ export REDIS_PASSWORD=$(echo "${REDIS_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \ cat /synapse/secrets/*.yaml | \ sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \ -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ > /synapse/config/conf.d/secrets.yaml exec python -B -m synapse.app.homeserver \ -c /synapse/config/homeserver.yaml \ -c /synapse/config/conf.d/ env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: matrix-synapse-postgresql-17-cluster-app key: password - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: matrix-synapse-redis-secret key: password image: "ghcr.io/element-hq/synapse:v1.143.0" imagePullPolicy: IfNotPresent securityContext: {} ports: - name: http containerPort: 8008 protocol: TCP - name: replication containerPort: 9093 protocol: TCP - name: metrics containerPort: 9090 protocol: TCP livenessProbe: httpGet: path: /health port: http readinessProbe: httpGet: path: /health port: http startupProbe: failureThreshold: 12 httpGet: path: /health port: http volumeMounts: - name: config mountPath: /synapse/config - name: tmpconf mountPath: /synapse/config/conf.d - name: secrets mountPath: /synapse/secrets - name: signingkey mountPath: /synapse/keys - name: media mountPath: /synapse/data - name: tmpdir mountPath: /tmp - mountPath: /synapse/config/conf.d/oidc.yaml name: matrix-synapse-config-secret readOnly: true subPath: oidc.yaml - mountPath: /synapse/config/conf.d/config.yaml name: matrix-synapse-config-secret readOnly: true subPath: config.yaml - mountPath: /synapse/config/conf.d/hookshot-registration.yaml name: matrix-hookshot-config-secret readOnly: true subPath: hookshot-registration.yaml - mountPath: /synapse/config/conf.d/double-puppet-registration.yaml name: double-puppet-registration-secret readOnly: true subPath: double-puppet-registration.yaml resources: requests: cpu: 10m memory: 128Mi volumes: - name: config configMap: name: matrix-synapse - name: secrets secret: secretName: matrix-synapse - name: signingkey secret: secretName: "matrix-synapse-signingkey" items: - key: "signing.key" path: signing.key - name: tmpconf emptyDir: {} - name: tmpdir emptyDir: {} - name: media persistentVolumeClaim: claimName: matrix-synapse - name: matrix-synapse-config-secret secret: secretName: matrix-synapse-config-secret - name: matrix-hookshot-config-secret secret: secretName: matrix-hookshot-config-secret - name: double-puppet-registration-secret secret: secretName: double-puppet-registration-secret