pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions
charts/charts-wip/matrix-synapse/values.yaml
Alexander Olofsson 18be04438f
Clean up WIP synapse chart
2020-08-09 11:16:36 +02:00

617 lines
17 KiB
YAML
Raw Blame History

---
## Docker image configuration, used for Synapse and workers.
##
image:
repository: ananace/matrix-synapse
## Tag to override with, will default to the application version.
##
# tag: ''
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Override part of the installed name, will still keep release name.
##
# nameOverride: ""
## Override the full name of the installed chart.
##
# fullnameOverride: ""
## The source of the signing key used by Synapse in federation.
##
signingkey:
## Enable a Kubernetes job to generate and store a signing key if one does not
## exist.
##
job:
enabled: true
## Specify an existing signing key secret, will need to be created in advance.
##
# existingSecret:
# existingSecretKey: signing.key
## Common Matrix configuration values, for any value not handled by this block,
## you will want to instead set it in extraConfig.
##
config:
## The Matrix domain name, this is what will be used for the domain part in
## your MXIDs.
##
# serverName: 'example.com'
## The publicly accessible URL for the Synapse instance, will default to
## https://<serverName>.
##
# publicBaseurl: 'https://example.com'
## The size of the event cache.
##
# eventCacheSize: 10K
## The maximum allowed size of uploaded media.
##
# maxUploadSize: 10M
## The log level for Synapse and all modules.
##
# logLevel: INFO
## The recaptcha configuration for registering. (optional)
##
# recaptcha:
# publicKey:
# privateKey:
## URIs and secret key for TURN servers to use to help establish 1:1 WebRTC
## calls.
##
# turnUris: []
# turnSecret: ''
## Registration configuration, note that registration with the
## container-internal register_new_matrix_user tool is always possible.
##
# enableRegistration: false
## Note; this value will default to a random string if not specified.
# registrationSharedSecret: ''
# allowGuests: false
## Should the Synapse instance report stats.
##
# reportStats: false
## Servers to contact when doing 3PID lookups - for example when searching for
## Matrix users by email/phone number.
##
thirdPartyIDServers:
- matrix.org
- vector.im
## A set of fallback servers - and their key fingerprint - to contact if a
## server doesn't respond to a signing key request.
##
perspectiveServers:
matrix.org:
verify_keys:
ed25519:auto:
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
## Extra listeners to configure.
##
extraListeners: []
# - port: 9000
# bind_addresses: ['::']
# type: manhole
## Specify arbitrary Synapse configuration here;
##
extraConfig: {}
# use_presence: false
# enable_search: false
# federation_domain_whitelist:
# - lon.example.com
# - nyc.example.com
# - syd.example.com
## Configuration to apply to the main Synapse pod.
##
synapse:
## Annotations to apply to the main Synapse pod.
##
annotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: 9090
## Labels to apply to the main Synapse pod.
##
labels: {}
## Additional environment variables to apply to the main Synapse pod
##
extraEnv: {}
# - name: USE_JEMALLOC
# value: "1"
# - name: SYNAPSE_CACHE_FACTOR
# value: "2"
## Configuration for the pod security policy, Synapse will by default run as its
## own user, even if not set.
## Note that changing this may also require you to use the volumePermission
## helper depending on your storage.
##
## NB; The synapse install is currently unable to run as anything but UID:GID
## 666:666.
##
podSecurityContext: {}
# fsGroup: 666
# runAsGroup: 666
# runAsUser: 666
## Configuration for the container security policy, refer to the above
## podSecurityContext for more relevant information.
##
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 666
## Resources to apply to the main Synapse pod.
##
resources: {}
# limits:
# cpu: 1000m
# memory: 2500Mi
# requests:
# cpu: 1000m
# memory: 2500Mi
## Node selectors to set for the main Synapse pod.
##
nodeSelector: {}
## Tolerations to set for the main Synapse pod.
##
tolerations: []
## Affinity to set for the main Synapse pod.
##
affinity: {}
## Configuration for handling Synapse workers, which are useful for handling
## high-load deployments.
##
## More information is available at;
## https://github.com/matrix-org/synapse/blob/master/docs/workers.md
##
workers:
## Default configuration, this is inherited into all workers, and can also be
## overriden on each worker type.
##
default:
## The number of worker replicas, note that some workers require special
## handling. Refer to the information URL above.
##
replicaCount: 1
## Annotations to apply to the worker.
##
annotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: 9090
## Additional environment variables to add to the worker.
##
extraEnv: {}
# - name: USE_JEMALLOC
# value: "1"
# - name: SYNAPSE_CACHE_FACTOR
# value: "2"
## Additional volume mounts to add to the worker.
## Useful for the media repo.
##
volumeMounts: {}
## Additional volumes to add to the worker.
## Useful for the media repo.
##
volumes: {}
## Security context information to set to the worker.
##
podSecurityContext: {}
# fsGroup: 666
# runAsGroup: 666
# runAsUser: 666
## Container security context information to set to the worker.
##
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 666
## Resources to apply to the worker.
##
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Node selector configuration to set on the worker.
##
nodeSelector: {}
## Toleration configuration to set on the worker.
##
tolerations: []
## Affinity configuration to set on the worker.
##
affinity: {}
## The generic worker can be used to handle most endpoints.
## Be careful when enabling the sync endpoints as they can eat large amounts of
## resources. Refer to the information URL above for more info.
## Proper load balancing with the K8s Ingress resource may not be possible.
##
generic_worker:
enabled: false
listeners: [client, federation]
csPaths:
# - "/_matrix/client/(v2_alpha|r0)/sync"
- "/_matrix/client/(api/v1|v2_alpha|r0)/events"
# - "/_matrix/client/(api/v1|r0)/initialSync"
# - "/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync"
- "/_matrix/client/(api/v1|r0|unstable)/publicRooms"
- "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members"
- "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*"
- "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members"
- "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state"
- "/_matrix/client/(api/v1|r0|unstable)/account/3pid"
- "/_matrix/client/(api/v1|r0|unstable)/keys/query"
- "/_matrix/client/(api/v1|r0|unstable)/keys/changes"
- "/_matrix/client/versions"
- "/_matrix/client/(api/v1|r0|unstable)/voip/turnServer"
- "/_matrix/client/(api/v1|r0|unstable)/joined_groups"
- "/_matrix/client/(api/v1|r0|unstable)/publicised_groups"
- "/_matrix/client/(api/v1|r0|unstable)/publicised_groups/"
- "/_matrix/client/(api/v1|r0|unstable)/login"
- "/_matrix/client/(r0|unstable)/register"
- "/_matrix/client/(r0|unstable)/auth/.*/fallback/web"
- "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send"
- "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/"
- "/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)"
- "/_matrix/client/(api/v1|r0|unstable)/join/"
- "/_matrix/client/(api/v1|r0|unstable)/profile/"
paths:
- "/_matrix/federation/v1/event/"
- "/_matrix/federation/v1/state/"
- "/_matrix/federation/v1/state_ids/"
- "/_matrix/federation/v1/backfill/"
- "/_matrix/federation/v1/get_missing_events/"
- "/_matrix/federation/v1/publicRooms"
- "/_matrix/federation/v1/query/"
- "/_matrix/federation/v1/make_join/"
- "/_matrix/federation/v1/make_leave/"
- "/_matrix/federation/v1/send_join/"
- "/_matrix/federation/v2/send_join/"
- "/_matrix/federation/v1/send_leave/"
- "/_matrix/federation/v2/send_leave/"
- "/_matrix/federation/v1/invite/"
- "/_matrix/federation/v2/invite/"
- "/_matrix/federation/v1/query_auth/"
- "/_matrix/federation/v1/event_auth/"
- "/_matrix/federation/v1/exchange_third_party_invite/"
- "/_matrix/federation/v1/user/devices/"
- "/_matrix/federation/v1/get_groups_publicised"
- "/_matrix/key/v2/query"
- "/_matrix/federation/v1/send/"
## This worker deals with pushing notifications.
## NB; Only one instance of this worker can be run at a time, refer to the
## information URL above.
##
pusher:
enabled: false
## This worker handles sending data to registered appservices.
## NB; Only one instance of this worker can be run at at time, refer to the
## information URL above.
##
appservice:
enabled: false
## This worker handles sending federation traffic to other Synapse servers.
##
federation_sender:
enabled: false
## This worker deals with serving and storing media.
## NB; Running multiple instances will conflict with background jobs.
##
media_repository:
enabled: false
listeners: [media]
csPaths:
- "/_matrix/media/"
- "/_synapse/admin/v1/purge_media_cache"
- "/_synapse/admin/v1/room/.*/media.*"
- "/_synapse/admin/v1/user/.*/media.*"
- "/_synapse/admin/v1/media/.*"
- "/_synapse/admin/v1/quarantine_media/.*"
paths:
- "/_matrix/media/"
## This worker deals with user directory searches.
##
user_dir:
enabled: false
listeners: [client]
csPaths:
- "/_matrix/client/(api/v1|r0|unstable)/user_directory/search"
## This worker handles key uploads, and may also stub out presence if that is
## disabled. If you set extraConfig.use_presence=false then you may want to
## uncomment the second path.
##
frontend_proxy:
enabled: false
listeners: [client]
csPaths:
- "/_matrix/client/(api/v1|r0|unstable)/keys/upload"
# - "/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status"
## This will set up a Lighttpd server to respond to any
## /.well-known/matrix/server requests, to make federation possible without
## adding SRV-records to DNS.
##
wellknown:
enabled: false
replicaCount: 1
## The host and port combo to serve on .well-known/matrix/server.
##
# host: matrix.example.com
# port: 443
## A custom htdocs path, useful when running another image.
##
htdocsPath: /var/www/localhost/htdocs
## The lighttpd image to run.
##
image:
repository: m4rcu5/lighttpd
tag: latest
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Configuration for the pod security policy.
##
podSecurityContext: {}
# fsGroup: 101
# runAsGroup: 101
# runAsUser: 100
## Configuration for the container security policy.
##
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 100
## Resource configuration to apply to the well-known server.
##
resources: {}
# limits:
# cpu: 5m
# memory: 15Mi
# requests:
# cpu: 5m
# memory: 15Mi
## Node selectors to set for the well-known server.
##
nodeSelector: {}
## Tolerations to set for the well-known server.
##
tolerations: []
## Affinity to set for the main well-known server.
##
affinity: {}
## This configuration is for setting up the internally provided Postgres server,
## if you instead want to use an existing server, then you may want to set
## enabled to false and configure the externalPostgresql block.
##
postgresql:
enabled: true
postgresqlUsername: synapse
postgresqlDatabase: synapse
postgresqlInitdbArgs: "--lc-collate=C --lc-ctype=C"
persistence:
size: 16G
## An externally configured Postgres server to use for Synapse's database, note
## that the database needs to have both COLLATE and CTYPE set to "C".
##
externalPostgresql:
# host: postgres
port: 5432
username: synapse
# password: synapse
database: synapse
# sslMode: require
## This configuration is for the internal Redis that's deployed for use with
## workers/sharding, for an external Redis server you want to set enabled to
## false and configure the externalRedis block.
##
redis:
enabled: true
# usePassword: false
# password: synapse
cluster:
enabled: false
master:
persistence:
## Note that Synapse only uses redis as a synchronization utility, so no
## data will ever need to be persisted.
##
enabled: false
statefulset:
updateStrategy: RollingUpdate
## An externally configured Redis server to use for workers/sharding.
##
externalRedis:
# host: redis
port: 6379
# password: synapse
## Persistence configuration for the media repository function.
## This PVC will be mounted in either Synapse or a media_repo worker.
##
## NB; If you want to be able to scale this, you will have to set the
## accessMode to RWX/ReadWriteMany.
##
persistence:
enabled: true
# existingClaim: synapse-data
# storageClass: "-"
accessMode: ReadWriteOnce
size: 10Gi
## Set up an init container to chown the mounted media if necessary.
##
volumePermissions:
enabled: false
image:
repository: alpine
tag: latest
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
resources: {}
# resources:
# requests:
# memory: 128Mi
# cpu: 100m
## The K8s ingress configuration, this will be quite heavily used in order to set
## up all routing necessary for use with a sharded Synapse instance.
## If you're not using a Ingress compatible K8s ingress, you will need to set up
## your own routing instead.
##
ingress:
enabled: true
## Generate traefik-compatible regex paths instead of nginx-compatible ones.
##
traefikPaths: false
## Annotations to apply to the created ingress resource.
##
annotations: {}
# nginx.ingress.kubernetes.io/use-regex: "true"
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
## Hosts to add to the ingress configuration for handling Client-to-Server
## API request paths.
##
## NB; config.serverName is included if includeServerName is set. (default)
##
csHosts: []
# - matrix.example.com
## Additional hosts to add to the ingress configuration for handling
## Server-to-Server API requests.
##
## NB; config.serverName is included if includeServerName is set. (default)
##
hosts: []
# - example.com
## Additional hosts to add to the ingress configuration for handling
## well-known requests.
##
## NB; config.serverName is included if includeServerName is set. (default)
##
wkHosts: []
# - example.com
## Additional paths to add to the Server-to-Server ingress blocks, will be
## inserted before the /_matrix catch-all path.
##
paths: []
# - path: /_matrix/media
# backend:
# serviceName: matrix-media-repo
# servicePort: 8000
## Additional paths to add to the Client-to-Server ingress blocks, will be
## inserted before the /_matrix and /_synapse catch-all paths.
##
csPaths: []
# - path: /_matrix/media
# backend:
# serviceName: matrix-media-repo
# servicePort: 8000
## Should the /_synapse path be included in the ingress, admin APIs are
## provided under this path.
##
includeUnderscoreSynapse: true
## Should config.serverName be included in the list of ingress paths, can be
## set to false if the main domain is managed in some external way.
##
includeServerName: true
## TLS configuration to include in the ingress configuration
##
tls: []
# - secretName: chart-example-tls
# hosts:
# - example.com
# - matrix.example.com
Reference in a new issue View git blame Copy permalink