apiVersion: apps/v1 kind: Deployment metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse app.kubernetes.io/version: 1.152.0 helm.sh/chart: matrix-synapse-3.12.26 name: matrix-synapse namespace: matrix spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/name: matrix-synapse strategy: type: Recreate template: metadata: annotations: checksum/config: 3b44c54503e7886c0326cd9d205e0141776ccac38a2d64656d25d0c9b285ff22 checksum/secrets: 54091df516cd7bf15484597ec0c9613cd969341f977e3228b5416997dc9b8c95 labels: app.kubernetes.io/component: synapse app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/name: matrix-synapse spec: containers: - command: - sh - -c - | export POSTGRES_PASSWORD=$(echo "${POSTGRES_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \ export REDIS_PASSWORD=$(echo "${REDIS_PASSWORD:-}" | sed 's/\//\\\//g' | sed 's/\&/\\\&/g') && \ cat /synapse/secrets/*.yaml | \ sed -e "s/@@POSTGRES_PASSWORD@@/${POSTGRES_PASSWORD:-}/" \ -e "s/@@REDIS_PASSWORD@@/${REDIS_PASSWORD:-}/" \ > /synapse/config/conf.d/secrets.yaml i=0; while [ ! -s /synapse/extra-secrets/registration_shared_secret ] && [ $i -lt 60 ]; do echo "waiting for synapse-secrets"; sleep 2; i=$((i+1)); done printf 'registration_shared_secret: "%s"\nmacaroon_secret_key: "%s"\nform_secret: "%s"\n' "$(cat /synapse/extra-secrets/registration_shared_secret)" "$(cat /synapse/extra-secrets/macaroon_secret_key)" "$(cat /synapse/extra-secrets/form_secret)" > /synapse/config/conf.d/zz-overrides.yaml exec python -B -m synapse.app.homeserver \ -c /synapse/config/homeserver.yaml \ -c /synapse/config/conf.d/ env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: key: password name: synapse-cnpg-app image: ghcr.io/element-hq/synapse:v1.152.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /health port: http name: synapse ports: - containerPort: 8008 name: http protocol: TCP - containerPort: 9093 name: replication protocol: TCP - containerPort: 9090 name: metrics protocol: TCP readinessProbe: httpGet: path: /health port: http resources: limits: memory: 512Mi requests: cpu: 100m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL startupProbe: failureThreshold: 12 httpGet: path: /health port: http volumeMounts: - mountPath: /synapse/config name: config - mountPath: /synapse/config/conf.d name: tmpconf - mountPath: /synapse/secrets name: secrets - mountPath: /synapse/keys name: signingkey - mountPath: /synapse/data name: media - mountPath: /tmp name: tmpdir - mountPath: /synapse/extra-secrets name: synapse-secrets readOnly: true securityContext: fsGroup: 991 runAsGroup: 991 runAsNonRoot: true runAsUser: 991 seccompProfile: type: RuntimeDefault serviceAccountName: matrix-synapse volumes: - configMap: name: matrix-synapse name: config - name: secrets secret: secretName: matrix-synapse - name: signingkey secret: items: - key: signing.key path: signing.key secretName: synapse-signing-key - emptyDir: {} name: tmpconf - emptyDir: {} name: tmpdir - name: media persistentVolumeClaim: claimName: matrix-synapse - name: synapse-secrets secret: secretName: synapse-secrets