Update example-default-enabled-components-values.yaml to include MatrixRTC as it is enabled by default.
#516
+16
−4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dyff of changes in rendered templates of CI manifestsFull contents of manifests and dyffs are available in https://github.com/element-hq/ess-helm/actions/runs/16679570858/artifacts/3668710140 example-default-enabled-components-checkov-values.yaml@@ ConfigMap/ess-ci/release-name-element-web - data.config.json @@
{
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"default_server_config": {
"m.homeserver": {
"base_url": "https://synapse.ess.localhost",
"server_name": "ess.localhost"
}
},
+ "element_call": {
+ "use_exclusively": true
+ },
"embedded_pages": {
"login_for_welcome": true
},
+ "features": {
+ "feature_element_call_video_rooms": true,
+ "feature_group_calls": true,
+ "feature_new_room_decoration_ui": true,
+ "feature_video_rooms": true
+ },
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx",
"mobile_guide_app_variant": "element",
"setting_defaults": {
"UIFeature.deactivate": false,
"UIFeature.passwordReset": false,
- "UIFeature.registration": false
+ "UIFeature.registration": false,
+ "feature_group_calls": true
},
"sso_redirect_options": {
"immediate": false
}
}
@@ ConfigMap/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_configmap.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ data:
+ config-underrides.yaml: |
+ rtc:
+ use_external_ip: true
+
+ # turn server
+ turn:
+ enabled: false
+ config-overrides.yaml: |
+ port: 7880
+
+ prometheus:
+ port: 6789
+
+ # Logging config
+ logging:
+ # log level, valid values: debug, info, warn, error
+ level: info
+ # log level for pion, default error
+ pion_level: error
+ # when set to true, emit json fields
+ json: false
+
+ # WebRTC configuration
+ rtc:
+ tcp_port: 30881
+ udp_port: 30882
+
+ key_file: /conf/keys.yaml
+
+ room:
+ auto_create: false
+ keys-template.yaml: |
+ ${LIVEKIT_KEY}: ${LIVEKIT_SECRET}
@@ ConfigMap/ess-ci/release-name-synapse-hook - data.01-homeserver-underrides.yaml @@
report_stats: false
require_auth_for_profile_requests: true
federation_client_minimum_tls_version: '1.2'
+ # The maximum allowed duration by which sent events can be delayed, as
+ # per MSC4140.
+ max_event_delay_duration: 24h
+
+ rc_message:
+ # This needs to match at least e2ee key sharing frequency plus a bit of headroom
+ # Note key sharing events are bursty
+ per_second: 0.5
+ burst_count: 30
+
+ rc_delayed_event_mgmt:
+ # This needs to match at least the heart-beat frequency plus a bit of headroom
+ # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
+ per_second: 1
+ burst_count: 20
@@ ConfigMap/ess-ci/release-name-synapse-hook - data.04-homeserver-overrides.yaml @@
public_baseurl: https://synapse.ess.localhost/
server_name: ess.localhost
signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
enable_metrics: true
[39 lines unchanged)]
- '2001:db8::/32'
- 'ff00::/8'
- 'fec0::/10'
experimental_features:
+ # MSC3266: Room summary API. Used for knocking over federation
+ msc3266_enabled: true
+ # MSC4222 needed for syncv2 state_after. This allow clients to
+ # correctly track the state of the room.
+ msc4222_enabled: true
msc3861:
enabled: true
issuer: http://release-name-matrix-authentication-service.ess-ci.svc.cluster.local:8080/
[22 lines unchanged)]
instance_map:
main:
host: release-name-synapse-main.ess-ci.svc.cluster.local.
port: 9093
@@ ConfigMap/ess-ci/release-name-synapse - data.01-homeserver-underrides.yaml @@
report_stats: false
require_auth_for_profile_requests: true
federation_client_minimum_tls_version: '1.2'
+ # The maximum allowed duration by which sent events can be delayed, as
+ # per MSC4140.
+ max_event_delay_duration: 24h
+
+ rc_message:
+ # This needs to match at least e2ee key sharing frequency plus a bit of headroom
+ # Note key sharing events are bursty
+ per_second: 0.5
+ burst_count: 30
+
+ rc_delayed_event_mgmt:
+ # This needs to match at least the heart-beat frequency plus a bit of headroom
+ # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
+ per_second: 1
+ burst_count: 20
@@ ConfigMap/ess-ci/release-name-synapse - data.04-homeserver-overrides.yaml @@
public_baseurl: https://synapse.ess.localhost/
server_name: ess.localhost
signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
enable_metrics: true
[39 lines unchanged)]
- '2001:db8::/32'
- 'ff00::/8'
- 'fec0::/10'
experimental_features:
+ # MSC3266: Room summary API. Used for knocking over federation
+ msc3266_enabled: true
+ # MSC4222 needed for syncv2 state_after. This allow clients to
+ # correctly track the state of the room.
+ msc4222_enabled: true
msc3861:
enabled: true
issuer: http://release-name-matrix-authentication-service.ess-ci.svc.cluster.local:8080/
[22 lines unchanged)]
instance_map:
main:
host: release-name-synapse-main.ess-ci.svc.cluster.local.
port: 9093
@@ ConfigMap/ess-ci/release-name-well-known-haproxy - data.client @@
{
"m.homeserver": {
"base_url": "https://synapse.ess.localhost"
},
"org.matrix.msc2965.authentication": {
"account": "https://mas.ess.localhost/account",
"issuer": "https://mas.ess.localhost/"
- }
+ },
+ "org.matrix.msc4143.rtc_foci": [
+ {
+ "livekit_service_url": "https://mrtc.ess.localhost",
+ "type": "livekit"
+ }
+ ]
}
@@ Deployment/ess-ci/release-name-element-web - metadata.labels.k8s.element.io/element-web-config-hash @@
- 765f224be6ca9cbe0061e5cc5e146cb24584f166
+ 87cfbfc99d57651a9ca1ae27eb76a6b4023b2864
@@ Deployment/ess-ci/release-name-element-web - spec.template.metadata.labels.k8s.element.io/element-web-config-hash @@
- 765f224be6ca9cbe0061e5cc5e146cb24584f166
+ 87cfbfc99d57651a9ca1ae27eb76a6b4023b2864
@@ Deployment/ess-ci/release-name-haproxy - metadata.labels.k8s.element.io/wellknowndelegation-haproxy-config-hash @@
- 9438107f375d3bac2aea0c0de68417772ac1be7a
+ 99f85dfc324cf39fdb3cfda599e3a7cc1dd1c775
@@ Deployment/ess-ci/release-name-haproxy - spec.template.metadata.labels.k8s.element.io/wellknowndelegation-haproxy-config-hash @@
- 9438107f375d3bac2aea0c0de68417772ac1be7a
+ 99f85dfc324cf39fdb3cfda599e3a7cc1dd1c775
@@ Deployment/ess-ci/release-name-matrix-rtc-authorisation-service @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/authorisation_deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ annotations:
+ checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
+ checkov.io/skip2: CKV_K8S_43=No digests
+ checkov.io/skip3: CKV2_K8S_6=No network policy yet
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ k8s.element.io/matrix-rtc-authorisation-service-secret-hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
+ name: release-name-matrix-rtc-authorisation-service
+ namespace: ess-ci
+ spec:
+ replicas: 1
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 0
+ maxSurge: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ k8s.element.io/matrix-rtc-authorisation-service-secret-hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
+ annotations:
+ checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
+ checkov.io/skip2: CKV_K8S_43=No digests
+ checkov.io/skip3: CKV2_K8S_6=No network policy yet
+ spec:
+ automountServiceAccountToken: false
+ serviceAccountName: release-name-matrix-rtc-authorisation-service
+ securityContext:
+ fsGroup: 10033
+ runAsGroup: 10033
+ runAsNonRoot: true
+ runAsUser: 10033
+ seccompProfile:
+ type: RuntimeDefault
+ supplementalGroups: []
+ containers:
+ - name: matrix-rtc-authorisation-service
+ image: "ghcr.io/element-hq/lk-jwt-service:0.3.0"
+ imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ env:
+ - name: LIVEKIT_FULL_ACCESS_HOMESERVERS
+ value: '*'
+ - name: LIVEKIT_KEY
+ value: matrix-rtc
+ - name: LIVEKIT_SECRET_FROM_FILE
+ value: /secrets/release-name-generated/ELEMENT_CALL_LIVEKIT_SECRET
+ - name: LIVEKIT_URL
+ value: wss://mrtc.ess.localhost
+ ports:
+ - containerPort: 8080
+ name: http
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /healthz
+ port: http
+ readinessProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /healthz
+ port: http
+ startupProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /healthz
+ port: http
+ resources:
+ limits:
+ memory: 20Mi
+ requests:
+ cpu: 50m
+ memory: 20Mi
+ volumeMounts:
+ - mountPath: /secrets/release-name-generated
+ name: "secret-f20f994b9a6a"
+ readOnly: true
+ volumes:
+ - secret:
+ secretName: release-name-generated
+ name: "secret-f20f994b9a6a"
@@ Deployment/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ annotations:
+ checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
+ checkov.io/skip2: CKV_K8S_43=No digests
+ checkov.io/skip3: CKV2_K8S_6=No network policy yet
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ k8s.element.io/matrix-rtc-sfu-config-hash: c5dd5c7156e0cd5b06a371f9ae6bddae07e70b99
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ spec:
+ replicas: 1
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 0
+ maxSurge: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ k8s.element.io/matrix-rtc-sfu-config-hash: c5dd5c7156e0cd5b06a371f9ae6bddae07e70b99
+ annotations:
+ checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
+ checkov.io/skip2: CKV_K8S_43=No digests
+ checkov.io/skip3: CKV2_K8S_6=No network policy yet
+ spec:
+ automountServiceAccountToken: false
+ serviceAccountName: release-name-matrix-rtc-sfu
+ securityContext:
+ fsGroup: 10030
+ runAsGroup: 10030
+ runAsNonRoot: true
+ runAsUser: 10030
+ seccompProfile:
+ type: RuntimeDefault
+ supplementalGroups: []
+ initContainers:
+ - name: render-config-keys-yaml
+ image: "ghcr.io/element-hq/ess-helm/matrix-tools:0.5.4"
+ imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ command:
+ - "/matrix-tools"
+ - render-config
+ - -output
+ - /conf/keys.yaml
+ - /config-templates/keys-template.yaml
+ env:
+ - name: LIVEKIT_KEY
+ value: matrix-rtc
+ - name: LIVEKIT_SECRET
+ value: '{{ readfile "/secrets/release-name-generated/ELEMENT_CALL_LIVEKIT_SECRET" }}'
+ resources:
+ limits:
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ volumeMounts:
+ - mountPath: /config-templates
+ name: plain-config
+ readOnly: true
+ - mountPath: /secrets/release-name-matrix-rtc-sfu
+ name: "secret-b14f983740a1"
+ readOnly: true
+ - mountPath: /secrets/release-name-generated
+ name: "secret-f20f994b9a6a"
+ readOnly: true
+ - mountPath: /conf
+ name: rendered-config
+ readOnly: false
+ - name: render-config-sfu
+ image: "ghcr.io/element-hq/ess-helm/matrix-tools:0.5.4"
+ imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ command:
+ - "/matrix-tools"
+ - render-config
+ - -output
+ - /conf/config.yaml
+ - /config-templates/config-underrides.yaml
+ - /config-templates/config-overrides.yaml
+ env:
+ - name: LIVEKIT_KEY
+ value: matrix-rtc
+ - name: LIVEKIT_SECRET
+ value: '{{ readfile "/secrets/release-name-generated/ELEMENT_CALL_LIVEKIT_SECRET" }}'
+ resources:
+ limits:
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ volumeMounts:
+ - mountPath: /config-templates
+ name: plain-config
+ readOnly: true
+ - mountPath: /secrets/release-name-matrix-rtc-sfu
+ name: "secret-b14f983740a1"
+ readOnly: true
+ - mountPath: /secrets/release-name-generated
+ name: "secret-f20f994b9a6a"
+ readOnly: true
+ - mountPath: /conf
+ name: rendered-config
+ readOnly: false
+ hostNetwork: false
+ containers:
+ - name: sfu
+ args:
+ - --config
+ - /conf/config.yaml
+ image: "docker.io/livekit/livekit-server:v1.9.0"
+ imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ ports:
+ - containerPort: 6789
+ name: metrics
+ protocol: TCP
+ - containerPort: 7880
+ name: http
+ protocol: TCP
+ - containerPort: 30881
+ name: rtc-tcp
+ protocol: TCP
+ - containerPort: 30882
+ name: rtc-muxed-udp
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: http
+ readinessProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: http
+ startupProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: http
+ resources:
+ limits:
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ volumeMounts:
+ - mountPath: "/conf/config.yaml"
+ name: rendered-config
+ subPath: config.yaml
+ readOnly: true
+ - mountPath: /secrets/release-name-matrix-rtc-sfu
+ name: "secret-b14f983740a1"
+ readOnly: true
+ - mountPath: /secrets/release-name-generated
+ name: "secret-f20f994b9a6a"
+ readOnly: true
+ - mountPath: /conf/keys.yaml
+ name: rendered-config
+ subPath: keys.yaml
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: release-name-matrix-rtc-sfu
+ name: plain-config
+ - secret:
+ secretName: release-name-matrix-rtc-sfu
+ name: secret-b14f983740a1
+ - secret:
+ secretName: release-name-generated
+ name: secret-f20f994b9a6a
+ - emptyDir:
+ medium: Memory
+ name: "rendered-config"
@@ Ingress/ess-ci/release-name-matrix-rtc @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/ingress.yaml
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc
+ app.kubernetes.io/name: matrix-rtc
+ app.kubernetes.io/instance: release-name-matrix-rtc
+ app.kubernetes.io/version: "0.3.0"
+ name: release-name-matrix-rtc
+ namespace: ess-ci
+ spec:
+ tls:
+ - hosts:
+ - "mrtc.ess.localhost"
+ rules:
+ - host: "mrtc.ess.localhost"
+ http:
+ paths:
+ - path: /sfu/get
+ pathType: Prefix
+ backend:
+ service:
+ name: "release-name-matrix-rtc-authorisation-service"
+ port:
+ name: http
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: "release-name-matrix-rtc-sfu"
+ port:
+ number: 7880
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.command @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_SYNAPSE_OIDC_CLIENT_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+ - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_SYNAPSE_OIDC_CLIENT_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
@@ Job/ess-ci/release-name-synapse-check-config - metadata.labels.k8s.element.io/synapse-config-hash @@
- c071ffe8d3b1a6d42c470138a21141cf7b966f0e
+ d72de8ba2f00abd9ab438f9889f9af0ed2822720
@@ Job/ess-ci/release-name-synapse-check-config - spec.template.metadata.labels.k8s.element.io/synapse-config-hash @@
- c071ffe8d3b1a6d42c470138a21141cf7b966f0e
+ d72de8ba2f00abd9ab438f9889f9af0ed2822720
@@ Secret/ess-ci/release-name-matrix-rtc-authorisation-service @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/authorisation_secret.yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: release-name-matrix-rtc-authorisation-service
+ namespace: ess-ci
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ type: Opaque
+ data:
@@ Secret/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_secret.yaml
+ apiVersion: v1
+ kind: Secret
+ type: Opaque
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ data:
@@ Service/ess-ci/release-name-matrix-rtc-authorisation-service @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/authorisation_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ name: release-name-matrix-rtc-authorisation-service
+ namespace: ess-ci
+ spec:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 8080
+ targetPort: http
+ selector:
+ app.kubernetes.io/instance: "release-name-matrix-rtc-authorisation-service"
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_rtc_udp_muxer_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu-rtc
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu-rtc
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu-muxed-udp
+ namespace: ess-ci
+ spec:
+ type: NodePort
+ externalTrafficPolicy: Local
+ ports:
+ - name: "rtc-muxed-udp"
+ protocol: "UDP"
+ port: 30882
+ targetPort: 30882
+ nodePort: 30882
+ selector:
+ app.kubernetes.io/instance: "release-name-matrix-rtc-sfu"
@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_rtc_tcp_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu-rtc
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu-rtc
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu-tcp
+ namespace: ess-ci
+ spec:
+ type: NodePort
+ externalTrafficPolicy: Local
+ ports:
+ - name: "rtc-tcp"
+ protocol: "TCP"
+ port: 30881
+ targetPort: 30881
+ nodePort: 30881
+ selector:
+ app.kubernetes.io/instance: "release-name-matrix-rtc-sfu"
@@ Service/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ spec:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 7880
+ targetPort: http
+ - name: metrics
+ port: 6789
+ targetPort: metrics
+ selector:
+ app.kubernetes.io/instance: "release-name-matrix-rtc-sfu"
@@ ServiceAccount/ess-ci/release-name-matrix-rtc-authorisation-service @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/authorisation_serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ name: release-name-matrix-rtc-authorisation-service
+ namespace: ess-ci
+ automountServiceAccountToken: false
@@ ServiceAccount/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ automountServiceAccountToken: false
@@ ServiceMonitor/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_service_monitor.yaml
+ apiVersion: monitoring.coreos.com/v1
+ kind: ServiceMonitor
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ spec:
+ endpoints:
+ - interval: 30s
+ port: metrics
+ selector:
+ matchLabels:
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
@@ StatefulSet/ess-ci/release-name-synapse-main - metadata.labels.k8s.element.io/synapse-config-hash @@
- c071ffe8d3b1a6d42c470138a21141cf7b966f0e
+ d72de8ba2f00abd9ab438f9889f9af0ed2822720
@@ StatefulSet/ess-ci/release-name-synapse-main - spec.template.metadata.labels.k8s.element.io/synapse-config-hash @@
- c071ffe8d3b1a6d42c470138a21141cf7b966f0e
+ d72de8ba2f00abd9ab438f9889f9af0ed2822720
example-default-enabled-components-values.yaml@@ ConfigMap/ess-ci/release-name-element-web - data.config.json @@
{
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"default_server_config": {
"m.homeserver": {
"base_url": "https://synapse.ess.localhost",
"server_name": "ess.localhost"
}
},
+ "element_call": {
+ "use_exclusively": true
+ },
"embedded_pages": {
"login_for_welcome": true
},
+ "features": {
+ "feature_element_call_video_rooms": true,
+ "feature_group_calls": true,
+ "feature_new_room_decoration_ui": true,
+ "feature_video_rooms": true
+ },
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx",
"mobile_guide_app_variant": "element",
"setting_defaults": {
"UIFeature.deactivate": false,
"UIFeature.passwordReset": false,
- "UIFeature.registration": false
+ "UIFeature.registration": false,
+ "feature_group_calls": true
},
"sso_redirect_options": {
"immediate": false
}
}
@@ ConfigMap/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_configmap.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ data:
+ config-underrides.yaml: |
+ rtc:
+ use_external_ip: true
+
+ # turn server
+ turn:
+ enabled: false
+ config-overrides.yaml: |
+ port: 7880
+
+ prometheus:
+ port: 6789
+
+ # Logging config
+ logging:
+ # log level, valid values: debug, info, warn, error
+ level: info
+ # log level for pion, default error
+ pion_level: error
+ # when set to true, emit json fields
+ json: false
+
+ # WebRTC configuration
+ rtc:
+ tcp_port: 30881
+ udp_port: 30882
+
+ key_file: /conf/keys.yaml
+
+ room:
+ auto_create: false
+ keys-template.yaml: |
+ ${LIVEKIT_KEY}: ${LIVEKIT_SECRET}
@@ ConfigMap/ess-ci/release-name-synapse-hook - data.01-homeserver-underrides.yaml @@
report_stats: false
require_auth_for_profile_requests: true
federation_client_minimum_tls_version: '1.2'
+ # The maximum allowed duration by which sent events can be delayed, as
+ # per MSC4140.
+ max_event_delay_duration: 24h
+
+ rc_message:
+ # This needs to match at least e2ee key sharing frequency plus a bit of headroom
+ # Note key sharing events are bursty
+ per_second: 0.5
+ burst_count: 30
+
+ rc_delayed_event_mgmt:
+ # This needs to match at least the heart-beat frequency plus a bit of headroom
+ # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
+ per_second: 1
+ burst_count: 20
@@ ConfigMap/ess-ci/release-name-synapse-hook - data.04-homeserver-overrides.yaml @@
public_baseurl: https://synapse.ess.localhost/
server_name: ess.localhost
signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
enable_metrics: true
[39 lines unchanged)]
- '2001:db8::/32'
- 'ff00::/8'
- 'fec0::/10'
experimental_features:
+ # MSC3266: Room summary API. Used for knocking over federation
+ msc3266_enabled: true
+ # MSC4222 needed for syncv2 state_after. This allow clients to
+ # correctly track the state of the room.
+ msc4222_enabled: true
msc3861:
enabled: true
issuer: http://release-name-matrix-authentication-service.ess-ci.svc.cluster.local:8080/
[22 lines unchanged)]
instance_map:
main:
host: release-name-synapse-main.ess-ci.svc.cluster.local.
port: 9093
@@ ConfigMap/ess-ci/release-name-synapse - data.01-homeserver-underrides.yaml @@
report_stats: false
require_auth_for_profile_requests: true
federation_client_minimum_tls_version: '1.2'
+ # The maximum allowed duration by which sent events can be delayed, as
+ # per MSC4140.
+ max_event_delay_duration: 24h
+
+ rc_message:
+ # This needs to match at least e2ee key sharing frequency plus a bit of headroom
+ # Note key sharing events are bursty
+ per_second: 0.5
+ burst_count: 30
+
+ rc_delayed_event_mgmt:
+ # This needs to match at least the heart-beat frequency plus a bit of headroom
+ # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
+ per_second: 1
+ burst_count: 20
@@ ConfigMap/ess-ci/release-name-synapse - data.04-homeserver-overrides.yaml @@
public_baseurl: https://synapse.ess.localhost/
server_name: ess.localhost
signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
enable_metrics: true
[39 lines unchanged)]
- '2001:db8::/32'
- 'ff00::/8'
- 'fec0::/10'
experimental_features:
+ # MSC3266: Room summary API. Used for knocking over federation
+ msc3266_enabled: true
+ # MSC4222 needed for syncv2 state_after. This allow clients to
+ # correctly track the state of the room.
+ msc4222_enabled: true
msc3861:
enabled: true
issuer: http://release-name-matrix-authentication-service.ess-ci.svc.cluster.local:8080/
[22 lines unchanged)]
instance_map:
main:
host: release-name-synapse-main.ess-ci.svc.cluster.local.
port: 9093
@@ ConfigMap/ess-ci/release-name-well-known-haproxy - data.client @@
{
"m.homeserver": {
"base_url": "https://synapse.ess.localhost"
},
"org.matrix.msc2965.authentication": {
"account": "https://mas.ess.localhost/account",
"issuer": "https://mas.ess.localhost/"
- }
+ },
+ "org.matrix.msc4143.rtc_foci": [
+ {
+ "livekit_service_url": "https://mrtc.ess.localhost",
+ "type": "livekit"
+ }
+ ]
}
@@ Deployment/ess-ci/release-name-element-web - metadata.labels.k8s.element.io/element-web-config-hash @@
- 765f224be6ca9cbe0061e5cc5e146cb24584f166
+ 87cfbfc99d57651a9ca1ae27eb76a6b4023b2864
@@ Deployment/ess-ci/release-name-element-web - spec.template.metadata.labels.k8s.element.io/element-web-config-hash @@
- 765f224be6ca9cbe0061e5cc5e146cb24584f166
+ 87cfbfc99d57651a9ca1ae27eb76a6b4023b2864
@@ Deployment/ess-ci/release-name-haproxy - metadata.labels.k8s.element.io/wellknowndelegation-haproxy-config-hash @@
- 9438107f375d3bac2aea0c0de68417772ac1be7a
+ 99f85dfc324cf39fdb3cfda599e3a7cc1dd1c775
@@ Deployment/ess-ci/release-name-haproxy - spec.template.metadata.labels.k8s.element.io/wellknowndelegation-haproxy-config-hash @@
- 9438107f375d3bac2aea0c0de68417772ac1be7a
+ 99f85dfc324cf39fdb3cfda599e3a7cc1dd1c775
@@ Deployment/ess-ci/release-name-matrix-rtc-authorisation-service @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/authorisation_deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ k8s.element.io/matrix-rtc-authorisation-service-secret-hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
+ name: release-name-matrix-rtc-authorisation-service
+ namespace: ess-ci
+ spec:
+ replicas: 1
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 0
+ maxSurge: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ k8s.element.io/matrix-rtc-authorisation-service-secret-hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
+ spec:
+ automountServiceAccountToken: false
+ serviceAccountName: release-name-matrix-rtc-authorisation-service
+ securityContext:
+ fsGroup: 10033
+ runAsGroup: 10033
+ runAsNonRoot: true
+ runAsUser: 10033
+ seccompProfile:
+ type: RuntimeDefault
+ supplementalGroups: []
+ containers:
+ - name: matrix-rtc-authorisation-service
+ image: "ghcr.io/element-hq/lk-jwt-service:0.3.0"
+ imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ env:
+ - name: LIVEKIT_FULL_ACCESS_HOMESERVERS
+ value: '*'
+ - name: LIVEKIT_KEY
+ value: matrix-rtc
+ - name: LIVEKIT_SECRET_FROM_FILE
+ value: /secrets/release-name-generated/ELEMENT_CALL_LIVEKIT_SECRET
+ - name: LIVEKIT_URL
+ value: wss://mrtc.ess.localhost
+ ports:
+ - containerPort: 8080
+ name: http
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /healthz
+ port: http
+ readinessProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /healthz
+ port: http
+ startupProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /healthz
+ port: http
+ resources:
+ limits:
+ memory: 20Mi
+ requests:
+ cpu: 50m
+ memory: 20Mi
+ volumeMounts:
+ - mountPath: /secrets/release-name-generated
+ name: "secret-f20f994b9a6a"
+ readOnly: true
+ volumes:
+ - secret:
+ secretName: release-name-generated
+ name: "secret-f20f994b9a6a"
@@ Deployment/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ k8s.element.io/matrix-rtc-sfu-config-hash: c5dd5c7156e0cd5b06a371f9ae6bddae07e70b99
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ spec:
+ replicas: 1
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 0
+ maxSurge: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ k8s.element.io/matrix-rtc-sfu-config-hash: c5dd5c7156e0cd5b06a371f9ae6bddae07e70b99
+ spec:
+ automountServiceAccountToken: false
+ serviceAccountName: release-name-matrix-rtc-sfu
+ securityContext:
+ fsGroup: 10030
+ runAsGroup: 10030
+ runAsNonRoot: true
+ runAsUser: 10030
+ seccompProfile:
+ type: RuntimeDefault
+ supplementalGroups: []
+ initContainers:
+ - name: render-config-keys-yaml
+ image: "ghcr.io/element-hq/ess-helm/matrix-tools:0.5.4"
+ imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ command:
+ - "/matrix-tools"
+ - render-config
+ - -output
+ - /conf/keys.yaml
+ - /config-templates/keys-template.yaml
+ env:
+ - name: LIVEKIT_KEY
+ value: matrix-rtc
+ - name: LIVEKIT_SECRET
+ value: '{{ readfile "/secrets/release-name-generated/ELEMENT_CALL_LIVEKIT_SECRET" }}'
+ resources:
+ limits:
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ volumeMounts:
+ - mountPath: /config-templates
+ name: plain-config
+ readOnly: true
+ - mountPath: /secrets/release-name-matrix-rtc-sfu
+ name: "secret-b14f983740a1"
+ readOnly: true
+ - mountPath: /secrets/release-name-generated
+ name: "secret-f20f994b9a6a"
+ readOnly: true
+ - mountPath: /conf
+ name: rendered-config
+ readOnly: false
+ - name: render-config-sfu
+ image: "ghcr.io/element-hq/ess-helm/matrix-tools:0.5.4"
+ imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ command:
+ - "/matrix-tools"
+ - render-config
+ - -output
+ - /conf/config.yaml
+ - /config-templates/config-underrides.yaml
+ - /config-templates/config-overrides.yaml
+ env:
+ - name: LIVEKIT_KEY
+ value: matrix-rtc
+ - name: LIVEKIT_SECRET
+ value: '{{ readfile "/secrets/release-name-generated/ELEMENT_CALL_LIVEKIT_SECRET" }}'
+ resources:
+ limits:
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ volumeMounts:
+ - mountPath: /config-templates
+ name: plain-config
+ readOnly: true
+ - mountPath: /secrets/release-name-matrix-rtc-sfu
+ name: "secret-b14f983740a1"
+ readOnly: true
+ - mountPath: /secrets/release-name-generated
+ name: "secret-f20f994b9a6a"
+ readOnly: true
+ - mountPath: /conf
+ name: rendered-config
+ readOnly: false
+ hostNetwork: false
+ containers:
+ - name: sfu
+ args:
+ - --config
+ - /conf/config.yaml
+ image: "docker.io/livekit/livekit-server:v1.9.0"
+ imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ ports:
+ - containerPort: 6789
+ name: metrics
+ protocol: TCP
+ - containerPort: 7880
+ name: http
+ protocol: TCP
+ - containerPort: 30881
+ name: rtc-tcp
+ protocol: TCP
+ - containerPort: 30882
+ name: rtc-muxed-udp
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: http
+ readinessProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: http
+ startupProbe:
+ failureThreshold: 3
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ httpGet:
+ path: /
+ port: http
+ resources:
+ limits:
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ volumeMounts:
+ - mountPath: "/conf/config.yaml"
+ name: rendered-config
+ subPath: config.yaml
+ readOnly: true
+ - mountPath: /secrets/release-name-matrix-rtc-sfu
+ name: "secret-b14f983740a1"
+ readOnly: true
+ - mountPath: /secrets/release-name-generated
+ name: "secret-f20f994b9a6a"
+ readOnly: true
+ - mountPath: /conf/keys.yaml
+ name: rendered-config
+ subPath: keys.yaml
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: release-name-matrix-rtc-sfu
+ name: plain-config
+ - secret:
+ secretName: release-name-matrix-rtc-sfu
+ name: secret-b14f983740a1
+ - secret:
+ secretName: release-name-generated
+ name: secret-f20f994b9a6a
+ - emptyDir:
+ medium: Memory
+ name: "rendered-config"
@@ Ingress/ess-ci/release-name-matrix-rtc @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/ingress.yaml
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc
+ app.kubernetes.io/name: matrix-rtc
+ app.kubernetes.io/instance: release-name-matrix-rtc
+ app.kubernetes.io/version: "0.3.0"
+ name: release-name-matrix-rtc
+ namespace: ess-ci
+ spec:
+ tls:
+ - hosts:
+ - "mrtc.ess.localhost"
+ rules:
+ - host: "mrtc.ess.localhost"
+ http:
+ paths:
+ - path: /sfu/get
+ pathType: Prefix
+ backend:
+ service:
+ name: "release-name-matrix-rtc-authorisation-service"
+ port:
+ name: http
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: "release-name-matrix-rtc-sfu"
+ port:
+ number: 7880
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.command @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_SYNAPSE_OIDC_CLIENT_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+ - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_SYNAPSE_OIDC_CLIENT_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
@@ Job/ess-ci/release-name-synapse-check-config - metadata.labels.k8s.element.io/synapse-config-hash @@
- c071ffe8d3b1a6d42c470138a21141cf7b966f0e
+ d72de8ba2f00abd9ab438f9889f9af0ed2822720
@@ Job/ess-ci/release-name-synapse-check-config - spec.template.metadata.labels.k8s.element.io/synapse-config-hash @@
- c071ffe8d3b1a6d42c470138a21141cf7b966f0e
+ d72de8ba2f00abd9ab438f9889f9af0ed2822720
@@ Secret/ess-ci/release-name-matrix-rtc-authorisation-service @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/authorisation_secret.yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: release-name-matrix-rtc-authorisation-service
+ namespace: ess-ci
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ type: Opaque
+ data:
@@ Secret/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_secret.yaml
+ apiVersion: v1
+ kind: Secret
+ type: Opaque
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ data:
@@ Service/ess-ci/release-name-matrix-rtc-authorisation-service @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/authorisation_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ name: release-name-matrix-rtc-authorisation-service
+ namespace: ess-ci
+ spec:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 8080
+ targetPort: http
+ selector:
+ app.kubernetes.io/instance: "release-name-matrix-rtc-authorisation-service"
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_rtc_udp_muxer_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu-rtc
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu-rtc
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu-muxed-udp
+ namespace: ess-ci
+ spec:
+ type: NodePort
+ externalTrafficPolicy: Local
+ ports:
+ - name: "rtc-muxed-udp"
+ protocol: "UDP"
+ port: 30882
+ targetPort: 30882
+ nodePort: 30882
+ selector:
+ app.kubernetes.io/instance: "release-name-matrix-rtc-sfu"
@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_rtc_tcp_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu-rtc
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu-rtc
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu-tcp
+ namespace: ess-ci
+ spec:
+ type: NodePort
+ externalTrafficPolicy: Local
+ ports:
+ - name: "rtc-tcp"
+ protocol: "TCP"
+ port: 30881
+ targetPort: 30881
+ nodePort: 30881
+ selector:
+ app.kubernetes.io/instance: "release-name-matrix-rtc-sfu"
@@ Service/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ spec:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 7880
+ targetPort: http
+ - name: metrics
+ port: 6789
+ targetPort: metrics
+ selector:
+ app.kubernetes.io/instance: "release-name-matrix-rtc-sfu"
@@ ServiceAccount/ess-ci/release-name-matrix-rtc-authorisation-service @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/authorisation_serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-authorisation-service
+ app.kubernetes.io/name: matrix-rtc-authorisation-service
+ app.kubernetes.io/instance: release-name-matrix-rtc-authorisation-service
+ app.kubernetes.io/version: "0.3.0"
+ name: release-name-matrix-rtc-authorisation-service
+ namespace: ess-ci
+ automountServiceAccountToken: false
@@ ServiceAccount/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ automountServiceAccountToken: false
@@ ServiceMonitor/ess-ci/release-name-matrix-rtc-sfu @@
+ ---
+ # Source: matrix-stack/templates/matrix-rtc/sfu_service_monitor.yaml
+ apiVersion: monitoring.coreos.com/v1
+ kind: ServiceMonitor
+ metadata:
+ labels:
+ helm.sh/chart: "matrix-stack-25.7.1-dev"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/name: matrix-rtc-sfu
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
+ app.kubernetes.io/version: "v1.9.0"
+ name: release-name-matrix-rtc-sfu
+ namespace: ess-ci
+ spec:
+ endpoints:
+ - interval: 30s
+ port: metrics
+ selector:
+ matchLabels:
+ app.kubernetes.io/part-of: matrix-stack
+ app.kubernetes.io/component: matrix-rtc-voip-server
+ app.kubernetes.io/instance: release-name-matrix-rtc-sfu
@@ StatefulSet/ess-ci/release-name-synapse-main - metadata.labels.k8s.element.io/synapse-config-hash @@
- c071ffe8d3b1a6d42c470138a21141cf7b966f0e
+ d72de8ba2f00abd9ab438f9889f9af0ed2822720
@@ StatefulSet/ess-ci/release-name-synapse-main - spec.template.metadata.labels.k8s.element.io/synapse-config-hash @@
- c071ffe8d3b1a6d42c470138a21141cf7b966f0e
+ d72de8ba2f00abd9ab438f9889f9af0ed2822720
|
Merged
… include MatrixRTC as it is enabled by default.
benbz
force-pushed
the
bbz/fix-example-default-enabled-components
branch
from
b4259ef to
b3a1f66
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://github.com/element-hq/ess-helm/blob/main/charts/matrix-stack/source/matrix-rtc.yaml.j2#L8