ungleich-k8s/apps/matrix/templates/synapse.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}-matrix-synapse
spec:
  selector:
    matchLabels:
      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: matrix-synapse
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: {{ .Release.Name }}
        app.kubernetes.io/component: matrix-synapse
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/synapse-proxy.yaml") . | sha256sum }}
        checksum/config: {{ include (print $.Template.BasePath "/synapse-conf.yaml") . | sha256sum }}
    spec:
      initContainers:
        - name: generate-matrix-signing-key
          image: matrixdotorg/synapse:{{ .Values.synapseVersion }}
          command:
            - "python"
            - "-m"
            - "synapse.app.homeserver"
            - "--config-path"
            - "/config-ro"
            - "--keys-directory"
            - "/data"
            - "--generate-keys"
          volumeMounts:
            - name: data
              mountPath: "/data"
            - name: synapse-conf
              mountPath: "/config-ro"
      containers:
        - name: nginx
          image: ungleich/ungleich-certbot:1.1.1
          ports:
            - containerPort: 443
              name: https
            - containerPort: 80
              name: http
          env:
            - name: DOMAIN
              value: "{{ tpl .Values.synapseFQDN . }}"
            - name: EMAIL
              value: "{{ .Values.email }}"
            {{ if eq .Values.letsencryptStaging "no" }}
            - name: STAGING
              value: "no"
            {{ end }}
          volumeMounts:
            - name: nginx-config
              mountPath: "/nginx-configs"
            - name: etcletsencrypt
              mountPath: "/etc/letsencrypt"
        - name: synapse
          image: matrixdotorg/synapse:{{ .Values.synapseVersion }}
          command:
            - sh
            - -c
            - "mkdir -p /config; sed \"s,SECRETPOSTGRESPASSWORD,$POSTGRES_PW,\" /config-ro/homeserver.yaml > /config/homeserver.yaml && /start.py run"
          ports:
            - containerPort: 8008
          env:
            - name: SYNAPSE_CONFIG_PATH
              value: "/config/homeserver.yaml"
            - name: SYNAPSE_CONFIG_DIR
              value: "/config"
            - name: POSTGRES_PW
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-postgres-config
                  key: POSTGRES_PASSWORD
          volumeMounts:
            - name: data
              mountPath: "/data"
            - name: synapse-conf
              mountPath: "/config-ro"
      volumes:
        - name: etcletsencrypt
          persistentVolumeClaim:
            claimName: {{ .Release.Name }}-synapse-letsencrypt-certs
        - name: data
          persistentVolumeClaim:
            claimName: {{ .Release.Name }}-data
        - name: nginx-config
          configMap:
            name: {{ .Release.Name }}-synapse-nginx-proxy
        - name: synapse-conf
          configMap:
            name: {{ .Release.Name }}-synapse-conf
---
apiVersion: v1
kind: Service
metadata:
  name: {{ .Release.Name }}
  labels:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: matrix-synapse
spec:
  type: ClusterIP
  ports:
   - port: 80
     name: http
   - port: 443
     name: https
  selector:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: matrix-synapse