Spec defines the desired state of ElementDeployment
This is the user interface used by desktops to access Matrix rooms.
Element web additional configuration.
You can override Kubernetes configuration for each component of Element Web
Settings dedicated to k8s
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Settings dedicated to k8s ingresses
Defines the annotations to add
Each additional property must conform to the following schema
Type: stringFully qualified domain name of the ingress
An optional IngressClass name to be used for this ingress. Optional if you are managing ingress / loadbalancer externally.
Default service type
certmanager certfile existing external Certificate file
ElementWeb Certificate
ElementWeb Private Key
The cert-manager properties, if enabled
The name of cert-manager ClusterIssuer to use
The TLS mode of this component ingress. Use external if TLS is managed externaly to the cluster, certmanager if you want to use cert manager to issue certificate automatically, or certfile if you want to upload certificate files to kubernetes tls secrets manually.
The name of a secret in the cluster that contains TLS certificates
Must match regular expression:^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringThe number of Element Web replicas
Value must be greater or equal to 1
Kubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
The secret data associated to synapse config If ingress is tls mode is using certificate, key matching k8s.ingress.certificate.certFileSecretKey and k8s.ingress.certificate.privateKeySecretKey must be present
^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
A web service for scanning media hosted on a Matrix media repository.
Configures caching of scan results.
Maximum number of results that can be stored in the cache. If more files are scanned before existing items reach their TTL, the least-recently accessed will be evicted.
The maximum cachable file size. If a file is bigger than this size, a copy of it will be not be cached even if the scan succeeds. If the file is requested again, it is downloaded again from the homeserver, but is not written to disk or scanned.
Must match regular expression:[0-9]+[KMGT]B The maximum amount of time an entry will stay in the cache before being evicted.
Must match regular expression:[0-9]+[dwmy]+ Scanning configuration
List of allowed MIME types. If a file has a MIME type that's not in this list, its scan is considered failed. Allow every MIME types by default.
No Additional ItemsA MIME type.
Settings dedicated to monitoring
Service monitor settings
Enable or disable monitoring using ServiceMonitor resources
Settings dedicated to k8s storage
The persistent volume claim name to use to store the media
The volume size to use to store the media
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[MGTPE])?$ The storage class name to use
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringThe number of ClamAV replicas
Value must be greater or equal to 1
Kubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
Settings dedicated to k8s
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringKubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
Settings dedicated to monitoring
Service monitor settings
Enable or disable monitoring using ServiceMonitor resources
Settings dedicated to k8s storage as a PVC Template
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed.
An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions is a list of label selector requirements. The requirements are ANDed.
No Additional ItemsA label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
key is the label key that the selector applies to.
operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions,
whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.
Each additional property must conform to the following schema
Type: stringThe volume size to use to store the media
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[MGTPE])?$ The storage class name to use
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringThe number of Matrix Content Scanner replicas
Value must be greater or equal to 1
Kubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
The secret data associated to MatrixContentScanner config
Must match regular expression:^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
Sliding Sync is a backend component required by the Element X client beta. It provides a mechanism for the fast synchronisation of Matrix rooms. It is not recommended for production use and is only provide to enable the usage of the Element X client. The current version does not support SSO (OIDC/SAML/CAS). If you wish to try out the Element X client, then you need to be using password-based auth to allow Sliding Sync to work. SSO support (OIDC/SAML/CAS) will be added with a later version of the Sliding Sync tooling.
Logging settings
The maximum level of log output
Configuration of the PostgreSQL database
PostgreSQL database name
PostgreSQL database host
The PostgreSQL password
PostgreSQL port
Value must be greater or equal to 0 and lesser or equal to 65535
TLS settings to use for the PostgreSQL connection
PostgreSQL username
The key of the k8s secret containing Sliding Sync Sync Secret
TLS Verification
Settings dedicated to monitoring
Service monitor settings
Enable or disable monitoring using ServiceMonitor resources
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringKubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
Settings dedicated to k8s
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Settings dedicated to k8s ingresses
Defines the annotations to add
Each additional property must conform to the following schema
Type: stringFully qualified domain name of the ingress
An optional IngressClass name to be used for this ingress. Optional if you are managing ingress / loadbalancer externally.
Default service type
certmanager certfile existing external Certificate file
SlidingSync Certificate
SlidingSync Private Key
The cert-manager properties, if enabled
The name of cert-manager ClusterIssuer to use
The TLS mode of this component ingress. Use external if TLS is managed externaly to the cluster, certmanager if you want to use cert manager to issue certificate automatically, or certfile if you want to upload certificate files to kubernetes tls secrets manually.
The name of a secret in the cluster that contains TLS certificates
Must match regular expression:^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
The secret data associated to SlidingSync config
Must match regular expression:^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
This is a matrix homeserver.
Additional config to inject
External application services to configure
Array of ConfigMaps containing a registration.yaml to mount in synapse
No Additional ItemsA configmap name
Map of appservice registration files to inject
Each additional property must conform to the following schema
Type: stringContent of an appservice registration file
Synapse Logging settings
Logging level overrides for specific Synapse loggers
Each additional property must conform to the following schema
Type: enum (of string)The maximum level of Synapse log output for this specific logger
The maximum level of Synapse log output before any overrides
The key of the k8s secret containing Synapse Macaroon
The volume holding media
The volume name to use to store the media
The volume size to use to store the media
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[MGTPE])?$ Configuration of the PostgreSQL database
PostgreSQL database name
PostgreSQL database host
The PostgreSQL password
PostgreSQL port
Value must be greater or equal to 0 and lesser or equal to 65535
TLS settings to use for the PostgreSQL connection
PostgreSQL username
The key of the k8s secret containing Synapse signing key
Workers configuration
No Additional ItemsArbitrary extra config to inject into the Synapse worker configuration as a YAML string
Number of instances of this worker type
Kubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Type of worker being configured
You can override Kubernetes configuration for each component of Synapse
The annotations to add to every workloads, volume claims and service monitors deployed
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
k8s properties of the haproxy workloads inside synapse component
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringThe number of Synapse HAProxy replicas
Value must be greater or equal to 1
Kubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
Settings dedicated to k8s ingresses
Defines the annotations to add
Each additional property must conform to the following schema
Type: stringFully qualified domain name of the ingress
An optional IngressClass name to be used for this ingress. Optional if you are managing ingress / loadbalancer externally.
Default service type
certmanager certfile existing external Certificate file
Synapse Server Certificate
Synapse Server Private Key
The cert-manager properties, if enabled
The name of cert-manager ClusterIssuer to use
The TLS mode of this component ingress. Use external if TLS is managed externaly to the cluster, certmanager if you want to use cert manager to issue certificate automatically, or certfile if you want to upload certificate files to kubernetes tls secrets manually.
The name of a secret in the cluster that contains TLS certificates
Must match regular expression:^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
k8s properties of the redis workloads inside synapse component
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringKubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
k8s properties of the synapse workloads inside synapse component
Settings dedicated to k8s
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Settings dedicated to monitoring
Service monitor settings
Enable or disable monitoring using ServiceMonitor resources
Settings dedicated to k8s storage
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringKubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
The secret data associated to synapse config Key matching config.macaroonSecretKey, config.registrationSharedSecretSecretKey, config.signingKeySecretKey, config.adminPasswordSecretKey, config.telemetry.password and config.postgres.passwordSecretKey must be present. If ingress is tls mode is using certificate, key matching k8s.ingress.certificate.certFileSecretKey and k8s.ingress.certificate.privateKeySecretKey must be present If stun is enabled, key matching config.stun.sharedSecretSecretKey must be present. To override synapse default trust store for federation, every keys of config.federation.certificateAutoritiesSecretKeys should be present.
^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
This is a well known delegation file hosted as a static site.
WellKnownDelegation additional client configuration.
WellKnownDelegation additional element configuration.
WellKnownDelegation additional server configuration.
You can override Kubernetes configuration for each component of WellKnownDelegation
Settings dedicated to k8s
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Settings dedicated to k8s ingresses
Defines the annotations to add
Each additional property must conform to the following schema
Type: stringAn optional IngressClass name to be used for this ingress. Optional if you are managing ingress / loadbalancer externally.
Default service type
certmanager certfile existing external Certificate file
WellKnownDelegation Certificate
WellKnownDelegation Private Key
The cert-manager properties, if enabled
The name of cert-manager ClusterIssuer to use
The TLS mode of this component ingress. Use external if TLS is managed externaly to the cluster, certmanager if you want to use cert manager to issue certificate automatically, or certfile if you want to upload certificate files to kubernetes tls secrets manually.
The name of a secret in the cluster that contains TLS certificates
Must match regular expression:^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringThe number of Well-Known Delegation replicas
Value must be greater or equal to 1
Kubernetes resources to allocate to each instance.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Requests describes the minimum amount of compute resources required. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Each additional property must conform to the following schema
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
The fsGroup GID to use if securityContextForceUidGid is enabled
The runAsUser UID to use if securityContextForceUidGid is enabled
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
The secret data associated to wellKnownDelegation config If ingress is tls mode is using certificate, key matching k8s.ingress.certificate.certFileSecretKey and k8s.ingress.certificate.privateKeySecretKey must be present
^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
The domain name of this deployment. It will be used for the <localpart> of the users MXIDs, and cannot be changed afterwards
A configmap containing images digests metadata to override
TLS verification
Settings dedicated to k8s
The annotations to add to every workloads and ingresses deployed
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Settings dedicated to k8s ingresses
Defines the annotations to add
Each additional property must conform to the following schema
Type: stringAn optional IngressClass name to be used for this ingress. Optional if you are managing ingress / loadbalancer externally.
Default service type
certmanager certfile existing external The default certificate for every ingresses can be configured here. It can be used for example if you plan to use a wildcard certificate, or a certificate containing all components fqdns as SAN.
The cert-manager properties, if enabled
The name of cert-manager ClusterIssuer to use
The default TLS mode of deployed ingresses. Use external if TLS is managed externaly to the cluster, certmanager if you want to use cert manager to issue certificate automatically, or certfile if you want to upload certificate files to kubernetes tls secrets manually.
The name of a secret in the cluster that contains TLS certificates
Must match regular expression:^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long
Settings dedicated to monitoring
Service monitor settings
Enable or disable monitoring using ServiceMonitor resources
Global storage configuration
The storage class name to use
Settings dedicated to k8s workloads
The annotations to add to the workload
Each additional property must conform to the following schema
Type: stringDefines the annotations to add
Docker secret to use for ems image store
The docker registry url for this secret
The list of hosts aliases to configure on the pod spec. It is advised to instead use a DNS entry to resolve your hostnames, instead of this feature. This feature can be used as a workaround when entries cannot be resolved using DNS, for example in our automated testing routines.
No Additional ItemsAn hostname of the associated ip to add to /etc/hosts
Must match regular expression:^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ An IP resolution to add to /etc/hosts
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Each additional property must conform to the following schema
Type: stringThe number of replicas for workloads supporting it
Value must be greater or equal to 1
Enable pod runAsUser and fsGroup in security context. Disable if it should not be used.
Level is SELinux level label that applies to all the workload containers.
Role is SELinux level label that applies to all the workload containers.
Type is SELinux level label that applies to all the workload containers.
User is SELinux level label that applies to all the workload containers.
Enable RuntimeDefault pod seccomp. disable if it should not be used.
Workload tolerations
No Additional ItemsThe pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
The secret holding the global data
Must match regular expression:^[a-z0-9]([\-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([\-a-z0-9]*[a-z0-9])?)*$ Must be at most 253 characters long