A Helm chart for deploying a Matrix homeserver stack in Kubernetes.
Some documentation is available in values.yaml, and a complete configuration guide is coming soon.
Choose one of the two options below to install the chart.
This chart is published to my Helm chart repository at https://dacruz21.github.io/helm-charts. To install this chart:
Create an empty chart to hold your configuration
helm create mychart
cd mychart
Add this chart to your chart's dependencies by editing Chart.yaml
and adding the following lines:
dependencies:
- name: matrix
version: 2.8.0
repository: https://dacruz21.github.io/helm-charts
Run helm dependency update
to download the chart into the charts/
directory.
Configure the chart by editing values.yaml
, adding a matrix:
object, and adding any config overrides under this object.
Deploy your customized chart with helm install mychart .
You can also clone this repo directly and override the values.yaml provided. To do so, run the following commands:
git clone https://github.com/dacruz21/matrix-chart.git
cd matrix-chart
helm dependency update
helm install matrix .
Helm currently does not officially support chart signatures created by GPG keys stored on smartcards. This may change in the future, in which case I will start packaging this chart with the standard .prov
signatures, but until then signatures must be verified manually.
GPG signatures are available within the chart repo and can be found by appending .gpg
to the end of the package URL. For example, the signature for v2.8.0 is available at https://dacruz21.github.io/helm-charts/matrix-2.8.0.tgz.gpg.
These GPG signatures are signed with the same PGP key that is used to sign commits in this Git repository. The key is available by searching for david@typokign.com on a public keyserver, or by downloading it from my website at https://typokign.com/key.gpg.
If you find any security vulnerabilities in this Helm chart, please contact me by sending a PGP-encrypted email (encrypted to F13C346C0DE56944
) to david@typokign.com. Vulnerabilities in upstream services should be reported to that service's developers.