-
Notifications
You must be signed in to change notification settings - Fork 1
/
values.yaml
286 lines (258 loc) · 10.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
# Default values for matrix-sliding-sync.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: ghcr.io/matrix-org/sliding-sync
# -- image pull policy. if image.tag is set to "latest", set to "Always"
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Automatically mount a ServiceAccount's API credentials?
automount: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
# -- annotations for your service
annotations: {}
# -- type of service
type: ClusterIP
# -- targetPort of service. should be the same as port for syncv3.bindaddr
targetPort: 8008
# -- Port of service
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
livenessProbe:
# -- enable a liveness probe on the deployment
enabled: false
httpGet:
path: /
port: http
readinessProbe:
# -- enable a readiness probe on the deployment
enabled: false
httpGet:
path: /
port: http
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
nodeSelector: {}
tolerations: []
affinity: {}
# PostgreSQL Database configuration for synapse, for more options:
# https://github.com/bitnami/charts/tree/main/bitnami/postgresql
postgresql:
# -- Whether to deploy the Bitnami Postgresql sub chart
# If postgresql.enabled is set to true, externalDatabase.enabled must be set to false
# else if externalDatabase.enabled is set to true, postgresql.enabled must be set to false
enabled: true
# persistence:
# enabled: false
volumePermissions:
# -- Enable init container that changes the owner and group of the PVC
enabled: true
tls:
# -- Enable TLS traffic support for postgresql, see [bitnami/charts/postgresql#securing-traffic-using-tls](https://github.com/bitnami/charts/tree/main/bitnami/postgresql#securing-traffic-using-tls)
enabled: false
# -- Generate automatically self-signed TLS certificates
autoGenerated: false
# -- Whether to use the server's TLS cipher preferences rather than the client's
preferServerCiphers: true
# -- Name of an existing secret that contains the certificates
certificatesSecret: ""
# -- Certificate filename
certFilename: ""
# -- Certificate key filename
certKeyFilename: ""
# -- CA Certificate filename
certCAFilename: ""
# -- File containing a Certificate Revocation List
crlFilename: ""
global:
postgresql:
# global.postgresql.auth overrides postgresql.auth
auth:
# database credentials to use if you don't use an existingSecret
# -- username of matrix-sliding-sync postgres user
username: syncv3
# -- password of matrix-sliding-sync postgres user - ignored using exsitingSecret
password: changeme
# -- which port to use to connect to your database server
port: 5432
# -- name of the database
database: syncv3
# -- Name of existing secret to use for PostgreSQL credentials
existingSecret: ""
# secretKeys to grab from existingSecret
# if postgresql.existingSecret is provided, the following are ignored
# postgresql.password/username/hostname/database
secretKeys:
# -- key in existingSecret with hostname of the database
databaseHostname: hostname
# -- key in existingSecret with name of the database
database: database
# -- key in existingSecret with username for matrix-sliding-sync to connect to db
databaseUsername: username
# -- key in existingSecret with password for matrix-sliding-sync to connect to db
userPasswordKey: password
# -- key in existingSecret with the admin postgresql password
adminPasswordKey: postgresPassword
# primary database node config
primary:
# -- If using an external Postgres server, make sure to configure the database
# ref: https://github.com/matrix-org/synapse/blob/master/docs/postgres.md
initdb:
# -- Map of initdb scripts. Specify dictionary of scripts to be run at first boot.
# If you're reading this in the README of the chart repo, please check out
# the values.yaml for info.
scripts: {}
# -- uncomment to provide a database setup schedule. Alternatively, you
# can also provide postgresql.primary.initdb.scriptsConfigMap or
# postgresql.primary.initdb.scriptsSecret Note: if you change
# postgresql.global.postgresql.auth.username, or
# postgresql.global.postgresql.auth.secretKeys.userPasswordKey, please
# also change it in the 3 lines of this script, if you're using this option.
# matrix_sliding_sync.sql: |
# CREATE DATABASE matrix ENCODING 'UTF8' LOCALE 'C' TEMPLATE template0 OWNER syncv3;
# GRANT ALL PRIVILEGES ON DATABASE matrix-sliding-sync TO syncv3;
# GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO syncv3;
podSecurityContext:
enabled: true
runAsUser: 1000
fsGroup: 1000
# Synapse Kubernetes resource settings
externalDatabase:
# -- enable using an external database *instead of* the Bitnami PostgreSQL sub-chart
# if externalDatabase.enabled is set to true, postgresql.enabled must be set to false
enabled: false
# optional SSL parameters for postgresql, if using your own db instead of the subchart
# ref: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
# -- sslmode to use, example: verify-full
sslmode: ""
# make sure any paths here are reflected in synapse.extraVolumes and synapse.extraVolumeMounts
# -- optional: tls/ssl root cert for postgresql connections
sslrootcert: ""
# -- optional: tls/ssl cert for postgresql connections
sslcert: ""
# -- optional: tls/ssl key for postgresql connections
sslkey: ""
# database credentials to use if you don't use an existingSecret
# -- username of matrix-sliding-sync postgres user
username: syncv3
# -- password of matrix-sliding-sync postgres user - ignored using exsitingSecret
password: changeme
# -- which port to use to connect to your database server
port: 5432
# -- hostname of db server. Can be left blank if using postgres subchart
hostname: ""
# -- name of the database to try and connect to
database: "syncv3"
# -- existing kubernetes secret for ALL syncv3 env vars listed below. if set,
# ignores all values under syncv3 including syncv3.db and syncv3.otlp.
existingEnvSecret: ""
syncv3:
# -- SYNCV3_DB - db connection string:
# https://www.postgresql.org/docs/current/libpq-connect.html
# if db is empty, you must either provide postgresql or externalDatabase
# parameters, OR set syncv3.existingDbSecret and syncv3.dbSecretKey
db: ""
# -- use an existing kubernetes secret for the db connection connection string.
# if set, ignores syncv3.db
existingDbSecret: ""
# -- db key in existing Db Secret for
dbSecretKey: "SYNCV3_DB"
# -- SYNCV3_SERVER - Required. The destination homeserver to talk to (CS API HTTPS URL) e.g 'https://matrix-client.matrix.org' (Supports unix socket: /path/to/socket)
server: ""
# -- SYNCV3_SECRET - Required. A secret to use to encrypt access tokens. Must remain the same for the lifetime of the database. If both syncv3.secret and syncv3.existingSecret are not set, we will autogenerate this value
secret: ""
# -- if set, we'll grab your SYNCV3_SECRET from an existing kubernetes secret and ignore syncv3.secret
existingSyncv3Secret: ""
# -- secret key to get synvcv3 secret from in existing kubernetes secret.
syncv3SecretKey: "SYNCV3_SECRET"
# -- SYNCV3_BINDADDR - The interface and port to listen on. (Supports unix socket: /path/to/socket)
bindaddr: "0.0.0.0:8008"
# -- SYNCV3_TLS_CERT - Default: unset. Path to a certificate file to serve to HTTPS clients. Specifying this enables TLS on the bound address.
tlsCert: ""
# -- SYNCV3_TLS_KEY - Default: unset. Path to a key file for the certificate. Must be provided along with the certificate file.
tlsKey: ""
# -- SYNCV3_PPROF - Default: unset. The bind addr for pprof debugging e.g ':6060'. If not set, does not listen.
pprof: ""
# -- SYNCV3_PROM - Default: unset. The bind addr for Prometheus metrics, which will be accessible at /metrics at this address.
prom: ""
otlp:
# -- SYNCV3_OTLP_URL - Default: unset. The OTLP HTTP URL to send spans to e.g https://localhost:4318 - if unset does not send OTLP traces.
url: ""
# -- SYNCV3_OTLP_USERNAME - Default: unset. The OTLP username for Basic auth. If unset, does not send an Authorization header.
username: ""
# -- SYNCV3_OTLP_PASSWORD - Default: unset. The OTLP password for Basic auth. If unset, does not send an Authorization header.
password: ""
existingSecret:
# -- SYNCV3_SENTRY_DSN - Default: unset. The Sentry DSN to report events to e.g https://[email protected]/123 - if unset does not send sentry events.
sentryDsn: ""
# -- SYNCV3_LOG_LEVEL - The level of verbosity for messages logged. Available values are trace, debug, info, warn, error and fatal
logLevel: "info"
# -- SYNCV3_MAX_DB_CONN - Default: unset. Max database connections to use when communicating with postgres. Unset or 0 means no limit.
maxDbConn: ""
networkPolicies:
# -- whether to enable kubernetes network policies or not
enabled: true