Cluster Section
Settings specific to the cluster in which your Element Deployment runs on top of.
In the Cluster section you will find options to configure settings specific to the cluster in which Element Deployment will run on top of, initially only one option is presented, however some additional options are presented under 'Advanced'. By default, it is unlikely you should need to configure anything on this page.
The options configured via the UI in this section will be saved to your deployment.yml
and, if applicable secrets.yml
. By default, if you do not change any settings on this page, a number of defaults will be added to your deployment.yml
(see example below).
Config Example
metadata:
annotations:
ui.element.io/layer: |
global:
config:
adminAllowIps:
_value: defaulted
k8s:
ingresses:
tls:
certmanager:
_value: defaulted
spec:
components:
synapseAdmin:
config:
hostOrigin: >-
https://admin.example.com,https://admin.example.com:8443
global:
config:
adminAllowIps:
- 0.0.0.0/0
- '::/0'
k8s:
ingresses:
tls:
certmanager:
issuer: letsencrypt
mode: certmanager
Config
Certificate Authority
Config Example
-
secrets.yml
apiVersion: v1 kind: Secret metadata: name: global namespace: element-onprem data: # Added to the `global`, `element-onprem` secret as `ca.pem` under the `data` section. Other values may also be present here. ca.pem: >- base64encodedCAinPEMformatString
If you are using self-signed certificates, you will need to provide the certificate of the Certificate Authority in PEM encoded format. Just like with any certificate file uploaded to the Certificates section (and those yet to be uploaded for specific integrations), it is strongly advised to include the full certificate chain to reduce the liklihood of certificate-based issues post deployment.
Advanced
Secrets / Global
CA Pem
Config Example
secrets.ymlapiVersion: v1 kind: Secret metadata: name: global namespace: element-onprem data: # Added to the `global`, `element-onprem` secret as `ca.pem` under the `data` section. Other values may also be present here. ca.pem: >- base64encodedCAinPEMformatString
If you have uploaded a Certificate Authority certificate in the section above, you will find it listed in this section, if a certificate was uploaded in error, you can use the 'Delete' button next to the entry to remove it.
Generic Shared Secret
Config Example
secrets.ymlapiVersion: v1 kind: Secret metadata: name: global namespace: element-onprem data: # Added to the `global`, `element-onprem` secret as `genericSharedSecret` under the `data` section. Other values may also be present here. genericSharedSecret: QmdrWkVzRE5aVFJSOTNKWVJGNXROTG10UTFMVWF2
Like with the CA certificate option above, this will be present due to the Generic Shared Secret section below, this is auto-generated and will be replaced if you change it there (and click 'Save' / 'Continue'). It is not advised to edit this property here.
Config
Images Digests Config Map
Config Example
-
deployment.yml
metadata: annotations: ui.element.io/layer: | global: config: imagesDigestsConfigMap: {} # Remove if no longer defined in `spec`, `global`, `config` spec: global: config: imagesDigestsConfigMap: example # Remove if no longer required
DNS Delegation
Config Example
-
deployment.yml
metadata: annotations: ui.element.io/layer: | global: config: supportDnsFederationDelegation: {} # Remove if no longer defined in `spec`, `global`, `config` spec: global: config: # supportDnsFederationDelegation: false # Default value when not defined supportDnsFederationDelegation: true
TLS Verification
Config Example
-
deployment.yml
metadata: annotations: ui.element.io/layer: | global: config: verifyTls: {} # Remove if no longer defined in `spec`, `global`, `config` spec: global: config: # verifyTls: true # Default value when not defined verifyTls: false
Generic Shared Secret
Config Example
-
secrets.yml
apiVersion: v1 kind: Secret metadata: name: global namespace: element-onprem data: # Added to the `global`, `element-onprem` secret as `genericSharedSecret` under the `data` section. Other values may also be present here. genericSharedSecret: QmdrWkVzRE5aVFJSOTNKWVJGNXROTG10UTFMVWF2
Admin Allow IPs
Config Example
-
deployment.yml
metadata: annotations: ui.element.io/layer: | global: config: adminAllowIps: # _value: defaulted # Default value '0': {} '1': {} spec: global: config: # adminAllowIps: # Default values # - 0.0.0.0/0 # - '::/0' adminAllowIps: - 192.168.0.1/24 - 127.0.0.1/24