Skip to main content

Cluster Section

In the Cluster section you will find options to configure settings specific to the cluster in which Element Deployment will run on top of, initially only one option is presented, however some additional options are presented under 'Advanced'. By default, it is unlikely you should need to configure anything on this page.

The options configured via the UI in this section will be saved to your deployment.yml and, if applicable secrets.yml. By default, if you do not change any settings on this page, a number of defaults will be added to your deployment.yml (see example below).

Config Example 
metadata:
  annotations:
    ui.element.io/layer: |
      global:
        config:
          adminAllowIps:
            _value: defaulted
        k8s:
          ingresses:
            tls:
              certmanager:
                _value: defaulted
spec:
  components:
    synapseAdmin:
      config:
        hostOrigin: >-
          https://admin.example.com,https://admin.example.com:8443
  global:
    config:
      adminAllowIps:
        - 0.0.0.0/0
        - '::/0'
    k8s:
      ingresses:
        tls:
          certmanager:
            issuer: letsencrypt
          mode: certmanager

Config

Certificate Authority

Config Example
  • secrets.yml 
    apiVersion: v1
kind: Secret
metadata:
  name: global
  namespace: element-onprem
data: # Added to the `global`, `element-onprem` secret as `ca.pem` under the `data` section. Other values may also be present here.
  ca.pem: >-
    base64encodedCAinPEMformatString

If you are using self-signed certificates, you will need to provide the certificate of the Certificate Authority in PEM encoded format. Just like with any certificate file uploaded to the Certificates section (and those yet to be uploaded for specific integrations), it is strongly advised to include the full certificate chain to reduce the liklihood of certificate-based issues post deployment.

Advanced

Secrets / Global

CA Pem
Config Example
  • secrets.yml 
    apiVersion: v1
kind: Secret
metadata:
  name: global
  namespace: element-onprem
data: # Added to the `global`, `element-onprem` secret as `ca.pem` under the `data` section. Other values may also be present here.
  ca.pem: >-
    base64encodedCAinPEMformatString

If you have uploaded a Certificate Authority certificate in the section above, you will find it listed in this section, if a certificate was uploaded in error, you can use the 'Delete' button next to the entry to remove it.

Generic Shared Secret
Config Example
  • secrets.yml 
    apiVersion: v1
kind: Secret
metadata:
  name: global
  namespace: element-onprem
data: # Added to the `global`, `element-onprem` secret as `genericSharedSecret` under the `data` section. Other values may also be present here.
  genericSharedSecret: QmdrWkVzRE5aVFJSOTNKWVJGNXROTG10UTFMVWF2

Like with the CA certificate option above, this will be present due to the Generic Shared Secret section below, this is auto-generated and will be replaced if you change it there (and click 'Save' / 'Continue'). It is not advised to edit this property here.

Config

Images Digests Config Map

Config Example
  • deployment.yml 
    metadata:
  annotations:
    ui.element.io/layer: |
      global:
        config:
          imagesDigestsConfigMap: {} # Remove if no longer defined in `spec`, `global`, `config`
spec:
  global:
    config:
      imagesDigestsConfigMap: example # Remove if no longer required
DNS Delegation

Config Example
  • deployment.yml 
    metadata:
  annotations:
    ui.element.io/layer: |
      global:
        config:
          supportDnsFederationDelegation: {} # Remove if no longer defined in `spec`, `global`, `config`
spec:
  global:
    config:
      # supportDnsFederationDelegation: false # Default value when not defined
      supportDnsFederationDelegation: true
TLS Verification

Config Example
  • deployment.yml 
    metadata:
  annotations:
    ui.element.io/layer: |
      global:
        config:
          verifyTls: {} # Remove if no longer defined in `spec`, `global`, `config`
spec:
  global:
    config:
      # verifyTls: true # Default value when not defined
      verifyTls: false
Generic Shared Secret

Config Example
  • secrets.yml 
    apiVersion: v1
kind: Secret
metadata:
  name: global
  namespace: element-onprem
data: # Added to the `global`, `element-onprem` secret as `genericSharedSecret` under the `data` section. Other values may also be present here.
  genericSharedSecret: QmdrWkVzRE5aVFJSOTNKWVJGNXROTG10UTFMVWF2
Admin Allow IPs

Config Example
  • deployment.yml 
    metadata:
  annotations:
    ui.element.io/layer: |
      global:
        config:
          adminAllowIps:
            # _value: defaulted # Default value
            '0': {}
            '1': {}
spec:
  global:
    config:
      # adminAllowIps: # Default values
      #   - 0.0.0.0/0
      #   - '::/0'
      adminAllowIps:
        - 192.168.0.1/24
        - 127.0.0.1/24
Back to top