Add matrix app.

matrix/configmap.yaml

@@ -0,0 +1,69 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: matrix-config
+data:
+  homeserver.yaml: |
+    server_name: "matrix.jpace121.net"
+    public_baseurl: "https://matrix.jpace121.net"
+    pid_file: /data/homeserver.pid
+    listeners:
+      - port: 8008
+        tls: false
+        type: http
+        x_forwarded: true
+        resources:
+          - names: [client]
+            compress: false
+    database:
+      name: sqlite3
+      args:
+        database: /data/homeserver.db
+    log_config: "/config/matrix.jpace121.net.log.config"
+    media_store_path: /data/media_store
+    report_stats: true
+    form_secret: "oO@GIH31OzNcJxK^R~Z4+p+WZi3y_iPBE:5W3I3ra^VmtD,sss"
+    signing_key_path: "/secret/matrix.jpace121.net.signing.key"
+    trusted_key_servers: []
+    password_config:
+      enabled: false
+    forget_rooms_on_leave: false
+    jwt_config:
+      enabled: true
+      secret: |
+        -----BEGIN PUBLIC KEY-----
+        MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAgVFoaoVGnED69y9B3PieGxrfZf5
+        zvqf0JW7HP/Y4dPwkq5nd3aktIm5fUSKc5QxaIOsTw9i2xE3/8VY71AVww==
+        -----END PUBLIC KEY-----
+      algorithm: "ES256"
+    oidc_providers:
+      - idp_id: keycloak
+        idp_name: "Keycloak"
+        issuer: "https://auth.jpace121.net/realms/jpace121-main"
+        client_id: "matrix"
+        client_secret: "DIwd6Sjn4l7nQP631uvAMjTWIp0eRBxr"
+        scopes: ["openid", "profile"]
+        user_mapping_provider:
+          config:
+            localpart_template: "{{ user.preferred_username }}"
+            display_name_template: "{{ user.name }}"
+        backchannel_logout_enabled: false
+  matrix.jpace121.net.log.config: |
+    version: 1
+    formatters:
+      precise:
+        format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+    handlers:
+      console:
+        class: logging.StreamHandler
+        formatter: precise
+    loggers:
+        _placeholder:
+            level: "INFO"
+        synapse.storage.SQL:
+            level: INFO
+    root:
+        level: INFO
+        handlers: [console]
+    disable_existing_loggers: false

matrix/deployment.yaml

@@ -0,0 +1,43 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: matrix-deployment
+  labels:
+    app: matrix-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: matrix-app
+  template:
+    metadata:
+      labels:
+        app: matrix-app
+    spec:
+      containers:
+      - name: synapse
+        image: docker.io/matrixdotorg/synapse:latest
+        env:
+          - name: SYNAPSE_CONFIG_DIR
+            value: /config
+        volumeMounts:
+          - mountPath: /config
+            name: matrix-config
+          - mountPath: /secret
+            name: matrix-secret
+          - mountPath: /data
+            name: matrix-data
+        ports:
+          - containerPort: 8008
+            name: matrix-port
+      volumes:
+      - name: matrix-config
+        configMap:
+          name: matrix-config
+      - name: matrix-secret
+        configMap:
+          name: matrix-secret
+      - name: matrix-data
+        persistentVolumeClaim:
+          claimName: matrix-pvc

matrix/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- configmap.yaml
+- deployment.yaml
+- pvc.yaml
+- service.yaml

matrix/pvc.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: matrix-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi

matrix/service.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: matrix-service
+spec:
+  selector:
+    app: matrix-app
+  type: LoadBalancer
+  ports:
+    - protocol: TCP
+      port: 8008
+      name: matrix-port