infra/k8s/matrix/janky.bot-homeserver.yaml
Finn 01ffa3e40c
All checks were successful
/ build-keycloak (push) Successful in 48s
Pin a bunch of things that were on :latest
2024-10-01 16:05:20 -07:00

108 lines
2.5 KiB
YAML

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: homeserver-janky-bot
spec:
selector:
matchLabels:
app: synapse
instance: janky.bot
serviceName: homeserver-janky-bot
replicas: 1
template:
metadata:
labels:
app: synapse
instance: janky.bot
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8000"
prometheus.io/path: /_synapse/metrics
spec:
securityContext:
fsGroup: 991
fsGroupChangePolicy: "OnRootMismatch"
initContainers:
- name: initialize-secrets
image: library/python
command: ["python", "/init/initialize-secrets.py", "homeserver.yaml"]
volumeMounts:
- name: init
mountPath: /init
- name: data
mountPath: /data
- name: config
mountPath: /config
envFrom:
- secretRef:
name: synapse-janky-bot
containers:
- image: matrixdotorg/synapse:v1.116.0
name: synapse
resources: {}
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
- name: secrets
mountPath: /secrets
env:
- name: SYNAPSE_SERVER_NAME
value: matrix.janky.bot
- name: SYNAPSE_REPORT_STATS
value: "no"
- name: TZ
value: America/Los_Angeles
volumes:
- name: config
configMap:
name: synapse-janky-bot
- name: init
configMap:
name: secrets-init
- name: secrets
secret:
secretName: synapse-janky-bot
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: homeserver-janky-bot
spec:
ports:
- name: http
port: 8008
selector:
app: synapse
instance: janky.bot
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: homeserver-janky-bot
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts: [matrix.janky.bot]
secretName: matrix.janky.bot
rules:
- host: matrix.janky.bot
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: homeserver-janky-bot
port:
name: http