apiVersion: apps/v1 kind: StatefulSet metadata: name: homeserver-janky-bot spec: selector: matchLabels: app: synapse instance: janky.bot serviceName: homeserver-janky-bot replicas: 1 template: metadata: labels: app: synapse instance: janky.bot annotations: prometheus.io/scrape: "true" prometheus.io/port: "8000" prometheus.io/path: /_synapse/metrics spec: securityContext: fsGroup: 991 fsGroupChangePolicy: "OnRootMismatch" initContainers: - name: initialize-secrets image: library/python command: ["python", "/init/initialize-secrets.py", "homeserver.yaml"] volumeMounts: - name: init mountPath: /init - name: data mountPath: /data - name: config mountPath: /config envFrom: - secretRef: name: synapse-janky-bot containers: - image: matrixdotorg/synapse:v1.120.2 name: synapse resources: {} volumeMounts: - name: data mountPath: /data - name: config mountPath: /config - name: secrets mountPath: /secrets env: - name: SYNAPSE_SERVER_NAME value: matrix.janky.bot - name: SYNAPSE_REPORT_STATS value: "no" - name: TZ value: America/Los_Angeles volumes: - name: config configMap: name: synapse-janky-bot - name: init configMap: name: secrets-init - name: secrets secret: secretName: synapse-janky-bot volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 10Gi --- apiVersion: v1 kind: Service metadata: name: homeserver-janky-bot spec: ports: - name: http port: 8008 selector: app: synapse instance: janky.bot --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: homeserver-janky-bot annotations: cert-manager.io/cluster-issuer: letsencrypt spec: tls: - hosts: [matrix.janky.bot] secretName: matrix.janky.bot rules: - host: matrix.janky.bot http: paths: - path: / pathType: Prefix backend: service: name: homeserver-janky-bot port: name: http