Deploys an Adminbot which automatically joins rooms. Admins can manage rooms by impersonating the Adminbot.
Deprecated. Moved to bot property.
The adminbot configuration
The key of the k8s secret containing the adminbot backup passphrase
Never admin the Room IDs mentioned in this set.
No Additional ItemsEnable admin of Direct Messages
Admin only rooms local to the homeserver
Only admin the Room IDs mentioned in this set. Ignored if the list is empty.
No Additional ItemsList of remote federated homeservers
No Additional ItemsRemote federated homeserver
The admin user token secret key
Appservice tokens authentication
Automatically determine appservice tokens authentication. Only possible when using Element Enterprise Server Suite.
Manually configure appservice tokens authentication.
The remote federated homeserver as token secret key
The remote federated homeserver hs token secret key
The remote domain name
The remote matrix server url
Bot username.
Deprecated. Moved to bot property.
Allow access from a central adminbot
The URL of the appservice of the central adminbot
Manually configure appservice tokens. It should not be necessary if using Element Enterprise Server Suite.
The remote federated homeserver as token secret key
The remote federated homeserver hs token secret key
Local Adminbot security settings
IP ranges allowed to access adminbot UI
No Additional ItemsAn IPv4 or IPV6 range
TLS Verification
k8s properties of the access element web workloads inside adminbot component
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringThe number of access Element Web for Adminbot replicas
Value must be greater or equal to 1
Kubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
Enable pod runAsUser, runAsGroup and fsGroup in security context. Disable if it should not be used, in the case of openshift for example. Auto attemps to detect openshift automatically.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used, in the case of openshift for example. Auto attemps to detect openshift automatically.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
Settings dedicated to k8s
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
k8s properties of the haproxy workloads inside adminbot component
Settings dedicated to monitoring
Service monitor settings
Enable or disable monitoring using ServiceMonitor resources
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringKubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
Enable pod runAsUser, runAsGroup and fsGroup in security context. Disable if it should not be used, in the case of openshift for example. Auto attemps to detect openshift automatically.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used, in the case of openshift for example. Auto attemps to detect openshift automatically.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
Settings dedicated to k8s ingresses
Defines the annotations to add
Each additional property must conform to the following schema
Type: stringFully qualified domain name of the ingress
An optional IngressClass name to be used for this ingress. Optional if you are managing ingress / loadbalancer externally.
Default service type
certmanager
certfile
existing
external
Certificate file
Appservice Certificate
Appservice Private Key
The cert-manager properties, if enabled
The name of cert-manager ClusterIssuer to use
The TLS mode of this component ingress. Use external if TLS is managed externaly to the cluster, certmanager if you want to use cert manager to issue certificate automatically, or certfile if you want to upload certificate files to kubernetes tls secrets manually.
The name of a secret in the cluster that contains TLS certificates
Must be at most 253
characters long
Settings dedicated to k8s ingresses
Defines the annotations to add
Each additional property must conform to the following schema
Type: stringFully qualified domain name of the ingress
An optional IngressClass name to be used for this ingress. Optional if you are managing ingress / loadbalancer externally.
Default service type
certmanager
certfile
existing
external
Certificate file
UI Certificate
UI Private Key
The cert-manager properties, if enabled
The name of cert-manager ClusterIssuer to use
The TLS mode of this component ingress. Use external if TLS is managed externaly to the cluster, certmanager if you want to use cert manager to issue certificate automatically, or certfile if you want to upload certificate files to kubernetes tls secrets manually.
The name of a secret in the cluster that contains TLS certificates
Must be at most 253
characters long
k8s properties of the pipe workloads inside adminbot component
Settings dedicated to k8s
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Settings dedicated to monitoring
Service monitor settings
Enable or disable monitoring using ServiceMonitor resources
Settings dedicated to k8s storage
The persistent volume claim name to use to store the media
The volume size to use to store the media
The storage class name to use
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringKubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
Enable pod runAsUser, runAsGroup and fsGroup in security context. Disable if it should not be used, in the case of openshift for example. Auto attemps to detect openshift automatically.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used, in the case of openshift for example. Auto attemps to detect openshift automatically.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.