apiVersion: apps/v1 kind: Deployment metadata: name: tuwunel namespace: matrix spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: tuwunel template: metadata: labels: app: tuwunel spec: enableServiceLinks: false containers: - name: tuwunel image: tuwunel ports: - name: http containerPort: 6167 protocol: TCP env: - name: TUWUNEL_CONFIG value: /etc/tuwunel/tuwunel.toml - name: TUWUNEL_TURN_SECRET valueFrom: secretKeyRef: name: tuwunel-secrets key: TUWUNEL_TURN_SECRET - name: TUWUNEL_REGISTRATION_TOKEN valueFrom: secretKeyRef: name: tuwunel-secrets key: TUWUNEL_REGISTRATION_TOKEN - name: TUWUNEL_SEARCH_OPENSEARCH_MODEL_ID valueFrom: configMapKeyRef: name: opensearch-ml-config key: model_id optional: true - name: TUWUNEL_IDENTITY_PROVIDER__0__BRAND value: "Sunbeam" - name: TUWUNEL_IDENTITY_PROVIDER__0__ISSUER_URL value: "https://auth.DOMAIN_SUFFIX/" - name: TUWUNEL_IDENTITY_PROVIDER__0__DEFAULT value: "true" - name: TUWUNEL_IDENTITY_PROVIDER__0__CLIENT_ID valueFrom: secretKeyRef: name: oidc-tuwunel key: CLIENT_ID - name: TUWUNEL_IDENTITY_PROVIDER__0__CLIENT_SECRET valueFrom: secretKeyRef: name: oidc-tuwunel key: CLIENT_SECRET volumeMounts: - name: tuwunel-data mountPath: /data - name: tuwunel-config mountPath: /etc/tuwunel/tuwunel.toml subPath: tuwunel.toml livenessProbe: httpGet: path: /_matrix/client/versions port: 6167 initialDelaySeconds: 15 periodSeconds: 30 readinessProbe: httpGet: path: /_matrix/client/versions port: 6167 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: memory: 1Gi requests: memory: 512Mi cpu: 250m volumes: - name: tuwunel-data persistentVolumeClaim: claimName: tuwunel-data - name: tuwunel-config configMap: name: tuwunel-config