| giolekva | 95340e8 | 2021-11-08 21:36:55 +0400 | [diff] [blame] | 1 | --- |
| 2 | apiVersion: rbac.authorization.k8s.io/v1 |
| 3 | kind: Role |
| 4 | metadata: |
| 5 | name: CreateConfigMaps |
| 6 | namespace: {{ .Release.Namespace }} |
| 7 | rules: |
| 8 | - apiGroups: |
| 9 | - "" |
| 10 | resources: |
| 11 | - configmaps |
| 12 | verbs: |
| 13 | - get |
| 14 | - create |
| 15 | --- |
| 16 | apiVersion: rbac.authorization.k8s.io/v1 |
| 17 | kind: RoleBinding |
| 18 | metadata: |
| 19 | name: default-CreateConfigMaps |
| 20 | namespace: {{ .Release.Namespace }} |
| 21 | roleRef: |
| 22 | apiGroup: rbac.authorization.k8s.io |
| 23 | kind: Role |
| 24 | name: CreateConfigMaps |
| 25 | subjects: |
| 26 | - kind: ServiceAccount |
| 27 | name: default |
| 28 | namespace: {{ .Release.Namespace }} |
| 29 | --- |
| 30 | apiVersion: v1 |
| 31 | kind: Service |
| 32 | metadata: |
| 33 | name: matrix |
| 34 | namespace: {{ .Release.Namespace }} |
| 35 | spec: |
| 36 | type: ClusterIP |
| 37 | selector: |
| 38 | app: matrix |
| 39 | ports: |
| 40 | - name: http |
| 41 | port: 80 |
| 42 | targetPort: http |
| 43 | protocol: TCP |
| 44 | --- |
| 45 | apiVersion: networking.k8s.io/v1 |
| 46 | kind: Ingress |
| 47 | metadata: |
| 48 | name: ingress |
| 49 | namespace: {{ .Release.Namespace }} |
| giolekva | 11881b5 | 2021-11-27 16:51:58 +0400 | [diff] [blame^] | 50 | annotations: |
| 51 | cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }} |
| 52 | acme.cert-manager.io/http01-edit-in-place: "true" |
| giolekva | 95340e8 | 2021-11-08 21:36:55 +0400 | [diff] [blame] | 53 | spec: |
| 54 | ingressClassName: {{ .Values.ingressClassName }} |
| 55 | tls: |
| 56 | - hosts: |
| 57 | - matrix.{{ .Values.domain }} |
| giolekva | 11881b5 | 2021-11-27 16:51:58 +0400 | [diff] [blame^] | 58 | secretName: cert-matrix.{{ .Values.domain }} |
| 59 | # secretName: cert-wildcard.{{ .Values.domain }} |
| giolekva | 95340e8 | 2021-11-08 21:36:55 +0400 | [diff] [blame] | 60 | rules: |
| 61 | - host: matrix.{{ .Values.domain }} |
| 62 | http: |
| 63 | paths: |
| 64 | - path: / |
| 65 | pathType: Prefix |
| 66 | backend: |
| 67 | service: |
| 68 | name: matrix |
| 69 | port: |
| 70 | name: http |
| 71 | --- |
| 72 | apiVersion: batch/v1 |
| 73 | kind: Job |
| 74 | metadata: |
| 75 | name: generate-config |
| 76 | namespace: {{ .Release.Namespace }} |
| 77 | spec: |
| 78 | template: |
| 79 | metadata: |
| 80 | labels: |
| 81 | app: generate-config |
| 82 | spec: |
| 83 | restartPolicy: OnFailure |
| 84 | volumes: |
| 85 | - name: data |
| 86 | persistentVolumeClaim: |
| 87 | claimName: data |
| 88 | initContainers: |
| 89 | - name: matrix |
| 90 | image: matrixdotorg/synapse:v1.43.0 |
| 91 | imagePullPolicy: IfNotPresent |
| 92 | ports: |
| 93 | - name: http |
| 94 | containerPort: 8008 |
| 95 | protocol: TCP |
| 96 | env: |
| 97 | - name: SYNAPSE_SERVER_NAME |
| 98 | value: "{{ .Values.domain }}" |
| 99 | - name: SYNAPSE_REPORT_STATS |
| 100 | value: "no" |
| 101 | - name: SYNAPSE_CONFIG_DIR |
| 102 | value: "/data" |
| 103 | - name: SYNAPSE_CONFIG_PATH |
| 104 | value: "/data/homeserver.yaml" |
| 105 | - name: SYNAPSE_DATA_DIR |
| 106 | value: "/data" |
| 107 | command: |
| 108 | - /start.py |
| 109 | - generate |
| 110 | volumeMounts: |
| 111 | - name: data |
| 112 | mountPath: /data |
| 113 | containers: |
| 114 | - name: capture-config |
| 115 | image: giolekva/capture-config:latest |
| 116 | imagePullPolicy: Always |
| 117 | command: |
| 118 | - capture-config |
| 119 | - --config=/data/homeserver.yaml |
| 120 | - --namespace={{ .Release.Namespace }} |
| 121 | - --config-map-name=config |
| 122 | - --config-to-merge={{ .Values.configMerge.configName }} |
| 123 | - --to-merge-filename={{ .Values.configMerge.fileName }} |
| 124 | volumeMounts: |
| 125 | - name: data |
| 126 | mountPath: /data |
| 127 | --- |
| 128 | apiVersion: apps/v1 |
| 129 | kind: Deployment |
| 130 | metadata: |
| 131 | name: matrix |
| 132 | namespace: {{ .Release.Namespace }} |
| 133 | spec: |
| 134 | selector: |
| 135 | matchLabels: |
| 136 | app: matrix |
| 137 | replicas: 1 |
| 138 | template: |
| 139 | metadata: |
| 140 | labels: |
| 141 | app: matrix |
| 142 | spec: |
| 143 | volumes: |
| 144 | - name: data |
| 145 | persistentVolumeClaim: |
| 146 | claimName: data |
| 147 | - name: homeserver-config |
| 148 | configMap: |
| 149 | name: config |
| 150 | containers: |
| 151 | - name: matrix |
| 152 | image: matrixdotorg/synapse:v1.43.0 |
| 153 | imagePullPolicy: IfNotPresent |
| 154 | ports: |
| 155 | - name: http |
| 156 | containerPort: 8008 |
| 157 | protocol: TCP |
| 158 | env: |
| 159 | - name: SYNAPSE_SERVER_NAME |
| 160 | value: "{{ .Values.domain }}" |
| 161 | - name: SYNAPSE_REPORT_STATS |
| 162 | value: "no" |
| 163 | - name: SYNAPSE_CONFIG_DIR |
| 164 | value: "/data" |
| 165 | - name: SYNAPSE_CONFIG_PATH |
| 166 | value: "/homeserver-config/homeserver.yaml" |
| 167 | - name: SYNAPSE_DATA_DIR |
| 168 | value: "/data" |
| 169 | command: ["/start.py"] |
| 170 | volumeMounts: |
| 171 | - name: data |
| 172 | mountPath: /data |
| 173 | - name: homeserver-config |
| 174 | mountPath: /homeserver-config |
| 175 | readOnly: true |
| 176 | --- |
| 177 | apiVersion: v1 |
| 178 | kind: PersistentVolumeClaim |
| 179 | metadata: |
| 180 | name: data |
| 181 | namespace: {{ .Release.Namespace }} |
| 182 | spec: |
| 183 | accessModes: |
| 184 | - ReadWriteOnce |
| 185 | resources: |
| 186 | requests: |
| 187 | storage: 10Gi |