MarcusVRP pushed to branch main at Root / Kubernetes / FluxCD Commits: 929d0379 by marcusvrp at 2025-08-08T02:22:08-03:00 feat(matrix): Increase HA. Kinda closes #10. - - - - - 1 changed file: - apps/base/matrix/helmrelease.yaml Changes: ===================================== apps/base/matrix/helmrelease.yaml ===================================== @@ -22,6 +22,29 @@ spec: # do not use **internal** postgres db enabled: false synapse: + # TLDR; synapse has no HA support ;-; (yet) + # https://matrix.org/blog/2020/11/03/how-we-fixed-synapse-s-scalability/ + # Note: we don't have nearly as many users as Matrix.org, so + # fine-tuning the values for our use-case would be best + # workers: + # https://docs.element.io/latest/element-server-suite-classic/advanced-configu... + # client-reader: + # enabled: true + # replicas: 2 + # -> We could probably just enable everything, stress test bottenecks and + # increase replication for the bottleneck processes + # As far as we are concerned, our deployment is (very) small, sub 70 users + # as of right now, so configuring workers is pointless + # Synapse will use redis by default for pub/sub IPC when using workers, + # so we might as well enable it for caching + # redis: + # enabled: true + # Also note: workers are more of a scalability thing, not a HA thing + # We can't really have a "hot-spare/hot-replication" synapse server either, + # because of the way synapse streams deal with caching + # (matrix.org itself goes down if the server crashes, so we kinda gotta accept it) + # Best thing we can do for HA is making it come back faster, like our GitLab instance + # Another option is having a "cold-spare", but I have no idea how to do that. image: registry: harbor.c3sl.ufpr.br repository: root/synapse @@ -72,6 +95,7 @@ spec: database: allow_unsafe_locale: true matrixAuthenticationService: + replicas: 3 ingress: host: auth.matrix.c3sl.ufpr.br tlsSecret: mas-tls @@ -91,6 +115,7 @@ spec: configSecret: matrix configSecretKey: masOidcConfig matrixRTC: + replicas: 3 ingress: host: rtc.matrix.c3sl.ufpr.br tlsSecret: rtc-tls @@ -98,6 +123,7 @@ spec: ingress: tlsSecret: well-known-tls elementWeb: + replicas: 2 image: registry: docker.io repository: vectorim/element-web View it on GitLab: https://gitlab.c3sl.ufpr.br/root/k8s/fluxcd/-/commit/929d0379ae5c94ce038b2e2... -- View it on GitLab: https://gitlab.c3sl.ufpr.br/root/k8s/fluxcd/-/commit/929d0379ae5c94ce038b2e2... You're receiving this email because of your account on gitlab.c3sl.ufpr.br.