From 374de65fafdb9873e5d050bd24f358cd04b8283b Mon Sep 17 00:00:00 2001 From: shcherbak Date: Thu, 18 Jun 2026 23:19:54 +0300 Subject: [PATCH 1/4] 1.155.1 (quarantined media stream writer) --- README.md | 2 +- charts/synapse/templates/_helpers.tpl | 8 + charts/synapse/templates/envoy-configmap.yaml | 37 ++ charts/synapse/templates/synapse-secret.yaml | 15 +- charts/synapse/templates/synapse-service.yaml | 20 + .../test-envoy-configmap-msc4306.golden.yaml | 33 +- .../test-envoy-configmap-no-mas.golden.yaml | 33 +- .../fixtures/test-envoy-configmap.golden.yaml | 33 +- .../test-envoy-deployment.golden.yaml | 4 +- .../test-matrix-auth-deployment.golden.yaml | 2 +- ...trix-auth-job-config-sync-helm.golden.yaml | 2 +- ...rix-auth-job-config-sync-prune.golden.yaml | 2 +- ...st-matrix-auth-job-config-sync.golden.yaml | 2 +- ...rix-auth-job-db-migration-helm.golden.yaml | 2 +- ...t-matrix-auth-job-db-migration.golden.yaml | 2 +- ...et-no-pgbouncer-stream-writers.golden.yaml | 383 ++++++++++++++++++ .../fixtures/test-synapse-secret.golden.yaml | 383 ++++++++++++++++++ .../fixtures/test-synapse-service.golden.yaml | 43 +- ...est-synapse-workers-deployment.golden.yaml | 24 +- .../test-synapse-workers-pdb.golden.yaml | 12 + ...st-synapse-workers-statefulset.golden.yaml | 136 +++++-- charts/synapse/values.yaml | 14 +- 22 files changed, 1124 insertions(+), 68 deletions(-) diff --git a/README.md b/README.md index c67013d..2a57189 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ Worker reference table | receipts | stream writer | yes | round-robin | yes | | device_lists | stream writer | yes | round-robin | yes | | thread_subscriptions | stream writer | yes | round-robin | yes | -| quarantined_media | stream writer | yes | round-robin | yes | +| quarantined_media_changes | stream writer | yes | round-robin (?) | yes | | events (persister) | stream writer | yes | shard by room_id | yes | | media_repository | app | yes | least_conn | yes | | media_instance_running_background_jobs | app | no | - | no | diff --git a/charts/synapse/templates/_helpers.tpl b/charts/synapse/templates/_helpers.tpl index 2d19fa7..66e70f7 100644 --- a/charts/synapse/templates/_helpers.tpl +++ b/charts/synapse/templates/_helpers.tpl @@ -38,6 +38,14 @@ app: synapse component: synapse-federation-reader {{- end }} +{{/* +Selector labels +*/}} +{{- define "synapse-quarantined-media-changes.selectorLabels" -}} +app: synapse +component: synapse-quarantined-media-changes +{{- end }} + {{/* Selector labels */}} diff --git a/charts/synapse/templates/envoy-configmap.yaml b/charts/synapse/templates/envoy-configmap.yaml index d28ba4c..c400cb3 100644 --- a/charts/synapse/templates/envoy-configmap.yaml +++ b/charts/synapse/templates/envoy-configmap.yaml @@ -175,6 +175,16 @@ data: cluster: httpd-media-repository {{- end }} + {{- range $route := .Values.ingress.quarantineMediaChangesRoutes }} + - match: + safe_regex: + regex: {{ printf "^%s" $route | squote }} + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-quarantined-media-changes + {{- end }} + {{- range $route := .Values.ingress.toDeviceRoutes }} - match: safe_regex: @@ -921,6 +931,33 @@ data: socket_address: address: synapse-media-repository port_value: 8008 + - name: httpd-quarantined-media-changes + connect_timeout: 1.00s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + ignore_health_on_host_removal: true + lb_policy: LEAST_REQUEST + least_request_lb_config: + choice_count: 2 + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + - priority: HIGH + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + load_assignment: + cluster_name: httpd-quarantined-media-changes + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: httpd-quarantined-media-changes + port_value: 8008 synapse.lua: | {{- .Files.Get "scripts/synapse.lua" | nindent 4 }} diff --git a/charts/synapse/templates/synapse-secret.yaml b/charts/synapse/templates/synapse-secret.yaml index a95fd01..470e8a7 100644 --- a/charts/synapse/templates/synapse-secret.yaml +++ b/charts/synapse/templates/synapse-secret.yaml @@ -4,9 +4,9 @@ {{- $clientFedWorkers := list "master" "room" }} {{- $noHttpWorkers := list "background_worker" "pusher" }} {{- $streamWritersLocks := list "account_data"}} -{{- $streamWriters := list "master" "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media" "event_persister" }} -{{- $replicationWorkers := list "master" "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media" "event_persister" "federation_sender" }} -{{- $clientOnlyWorkers := list "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media" "event_persister" "sync" "client_reader" "client_keys" "user_dir" }} +{{- $streamWriters := list "master" "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media_changes" "event_persister" }} +{{- $replicationWorkers := list "master" "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media_changes" "event_persister" "federation_sender" }} +{{- $clientOnlyWorkers := list "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media_changes" "event_persister" "sync" "client_reader" "client_keys" "user_dir" }} {{- $registration_shared_secret := .Values.registration_shared_secret }} {{- $form_secret := .Values.form_secret }} @@ -196,6 +196,11 @@ stringData: host: synapse-federation-sender-{{ . }}.synapse-federation-sender port: 9093 {{- end }} + {{- range until ( $workers.quarantined_media_changes.replicas | int) }} + synapse-quarantined-media-changes-{{ . }}: + host: synapse-quarantined-media-changes-{{ . }}.synapse-quarantined-media-changes + port: 9093 + {{- end }} stream_writers: typing: - synapse-typing-0 @@ -225,6 +230,10 @@ stringData: {{- range until ( $workers.event_persister.replicas | int) }} - synapse-event-persister-{{ . }} {{- end }} + quarantined_media_changes: + {{- range until ( $workers.quarantined_media_changes.replicas | int) }} + - synapse-quarantined-media-changes-{{ . }} + {{- end }} start_pushers: false pusher_instances: {{- range until ( $workers.pusher.replicas | int) }} diff --git a/charts/synapse/templates/synapse-service.yaml b/charts/synapse/templates/synapse-service.yaml index 30d53f6..82bb426 100644 --- a/charts/synapse/templates/synapse-service.yaml +++ b/charts/synapse/templates/synapse-service.yaml @@ -122,3 +122,23 @@ spec: targetPort: 8008 selector: {{- include "synapse-federation-reader.selectorLabels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: synapse-quarantined-media-changes-headless + {{- with $.Values.synapse.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "synapse-quarantined-media-changes.selectorLabels" . | nindent 4 }} +spec: + clusterIP: None + type: ClusterIP + ports: + - name: http + port: 8008 + targetPort: 8008 + selector: + {{- include "synapse-quarantined-media-changes.selectorLabels" . | nindent 6 }} diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml index f4099ae..6777475 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml @@ -274,18 +274,18 @@ data: cluster: httpd-media-repository - match: safe_regex: - regex: '^/_synapse/admin/v1/quarantine_media/.*' + regex: '^/_synapse/admin/v1/users/.*/media' route: timeout: 300s auto_host_rewrite: true cluster: httpd-media-repository - match: safe_regex: - regex: '^/_synapse/admin/v1/users/.*/media' + regex: '^/_synapse/admin/v1/quarantine_media/.*' route: timeout: 300s auto_host_rewrite: true - cluster: httpd-media-repository + cluster: httpd-quarantined-media-changes - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/sendToDevice/.*' @@ -1535,6 +1535,33 @@ data: socket_address: address: synapse-media-repository port_value: 8008 + - name: httpd-quarantined-media-changes + connect_timeout: 1.00s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + ignore_health_on_host_removal: true + lb_policy: LEAST_REQUEST + least_request_lb_config: + choice_count: 2 + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + - priority: HIGH + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + load_assignment: + cluster_name: httpd-quarantined-media-changes + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: httpd-quarantined-media-changes + port_value: 8008 synapse.lua: | local room_id_pattern = "(![A-Za-z0-9._=%%%-/]+:[A-Za-z0-9.%-]+)" diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml index 74dff10..d131394 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml @@ -295,18 +295,18 @@ data: cluster: httpd-media-repository - match: safe_regex: - regex: '^/_synapse/admin/v1/quarantine_media/.*' + regex: '^/_synapse/admin/v1/users/.*/media' route: timeout: 300s auto_host_rewrite: true cluster: httpd-media-repository - match: safe_regex: - regex: '^/_synapse/admin/v1/users/.*/media' + regex: '^/_synapse/admin/v1/quarantine_media/.*' route: timeout: 300s auto_host_rewrite: true - cluster: httpd-media-repository + cluster: httpd-quarantined-media-changes - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/sendToDevice/.*' @@ -1495,6 +1495,33 @@ data: socket_address: address: synapse-media-repository port_value: 8008 + - name: httpd-quarantined-media-changes + connect_timeout: 1.00s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + ignore_health_on_host_removal: true + lb_policy: LEAST_REQUEST + least_request_lb_config: + choice_count: 2 + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + - priority: HIGH + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + load_assignment: + cluster_name: httpd-quarantined-media-changes + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: httpd-quarantined-media-changes + port_value: 8008 synapse.lua: | local room_id_pattern = "(![A-Za-z0-9._=%%%-/]+:[A-Za-z0-9.%-]+)" diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml index 2492bf5..3f8b97c 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml @@ -260,18 +260,18 @@ data: cluster: httpd-media-repository - match: safe_regex: - regex: '^/_synapse/admin/v1/quarantine_media/.*' + regex: '^/_synapse/admin/v1/users/.*/media' route: timeout: 300s auto_host_rewrite: true cluster: httpd-media-repository - match: safe_regex: - regex: '^/_synapse/admin/v1/users/.*/media' + regex: '^/_synapse/admin/v1/quarantine_media/.*' route: timeout: 300s auto_host_rewrite: true - cluster: httpd-media-repository + cluster: httpd-quarantined-media-changes - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/sendToDevice/.*' @@ -1494,6 +1494,33 @@ data: socket_address: address: synapse-media-repository port_value: 8008 + - name: httpd-quarantined-media-changes + connect_timeout: 1.00s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + ignore_health_on_host_removal: true + lb_policy: LEAST_REQUEST + least_request_lb_config: + choice_count: 2 + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + - priority: HIGH + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + load_assignment: + cluster_name: httpd-quarantined-media-changes + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: httpd-quarantined-media-changes + port_value: 8008 synapse.lua: | local room_id_pattern = "(![A-Za-z0-9._=%%%-/]+:[A-Za-z0-9.%-]+)" diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml index 88ac2b9..4828c63 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml @@ -24,12 +24,12 @@ spec: app: synapse component: synapse-client-reader-envoy annotations: - checksum/config: 869b2ce1fd7683ee515f7d6d20ed26cda2dff095448a9425f73627c0768c4f40 + checksum/config: d131be604d783955b18d21cb0729988c91d289028b43c0be34fedfd1f1e561b6 spec: terminationGracePeriodSeconds: 60 containers: - name: envoy - image: envoyproxy/envoy:v1.36.6 + image: envoyproxy/envoy:v1.36.8 imagePullPolicy: IfNotPresent args: - -c diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml index 052ab64..d7dcb15 100644 --- a/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: main - image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + image: ghcr.io/element-hq/matrix-authentication-service:1.18.0 imagePullPolicy: IfNotPresent env: - name: "MAS_CONFIG" diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml index 7500e78..6899ba4 100644 --- a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml @@ -15,7 +15,7 @@ spec: restartPolicy: Never containers: - name: config-sync - image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + image: ghcr.io/element-hq/matrix-authentication-service:1.18.0 imagePullPolicy: IfNotPresent env: - name: "MAS_CONFIG" diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml index f2c92e6..c84a501 100644 --- a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml @@ -15,7 +15,7 @@ spec: restartPolicy: Never containers: - name: config-sync - image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + image: ghcr.io/element-hq/matrix-authentication-service:1.18.0 imagePullPolicy: IfNotPresent env: - name: "MAS_CONFIG" diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml index 68df52a..40a3176 100644 --- a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml @@ -15,7 +15,7 @@ spec: restartPolicy: Never containers: - name: config-sync - image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + image: ghcr.io/element-hq/matrix-authentication-service:1.18.0 imagePullPolicy: IfNotPresent env: - name: "MAS_CONFIG" diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml index 5fac790..563d399 100644 --- a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml @@ -15,7 +15,7 @@ spec: restartPolicy: Never containers: - name: db-migration - image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + image: ghcr.io/element-hq/matrix-authentication-service:1.18.0 imagePullPolicy: IfNotPresent env: - name: "MAS_CONFIG" diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml index a6a511f..ef7dd94 100644 --- a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml @@ -15,7 +15,7 @@ spec: restartPolicy: Never containers: - name: db-migration - image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + image: ghcr.io/element-hq/matrix-authentication-service:1.18.0 imagePullPolicy: IfNotPresent env: - name: "MAS_CONFIG" diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-secret-no-pgbouncer-stream-writers.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-secret-no-pgbouncer-stream-writers.golden.yaml index fc3f4fe..bbbd0e6 100644 --- a/charts/synapse/tests/golden/fixtures/test-synapse-secret-no-pgbouncer-stream-writers.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-synapse-secret-no-pgbouncer-stream-writers.golden.yaml @@ -135,6 +135,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -153,6 +156,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -393,6 +398,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -411,6 +419,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -659,6 +669,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -677,6 +690,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -925,6 +940,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -943,6 +961,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -1198,6 +1218,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -1216,6 +1239,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -1471,6 +1496,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -1489,6 +1517,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -1737,6 +1767,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -1755,6 +1788,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -2010,6 +2045,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -2028,6 +2066,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -2282,6 +2322,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -2300,6 +2343,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -2548,6 +2593,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -2566,6 +2614,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -2816,6 +2866,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -2834,6 +2887,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -3091,6 +3146,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -3109,6 +3167,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -3364,6 +3424,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -3382,6 +3445,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -3622,6 +3687,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -3640,6 +3708,286 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 + start_pushers: false + pusher_instances: + - synapse-pusher-0 + send_federation: false + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: false + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 10m + sync_response_cache_duration: 1m + cache_autotuning: + max_cache_memory_usage: 1843M + target_cache_memory_usage: 1474M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-quarantined-media-changes-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-quarantined-media-changes +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + rc_key_requests: + burst_count: 100 + per_second: 20 + rc_presence: + per_user: + burst_count: 1 + per_second: 0.1 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -3895,6 +4243,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -3913,6 +4264,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -4161,6 +4514,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -4179,6 +4535,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -4427,6 +4785,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -4445,6 +4806,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -4700,6 +5063,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -4718,6 +5084,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -4973,6 +5341,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -4991,6 +5362,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -5246,6 +5619,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -5264,6 +5640,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -5512,6 +5890,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -5530,6 +5911,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-secret.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-secret.golden.yaml index fc5994f..aca6394 100644 --- a/charts/synapse/tests/golden/fixtures/test-synapse-secret.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-synapse-secret.golden.yaml @@ -135,6 +135,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -153,6 +156,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -393,6 +398,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -411,6 +419,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -659,6 +669,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -677,6 +690,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -925,6 +940,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -943,6 +961,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -1198,6 +1218,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -1216,6 +1239,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -1471,6 +1496,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -1489,6 +1517,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -1737,6 +1767,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -1755,6 +1788,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -2010,6 +2045,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -2028,6 +2066,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -2282,6 +2322,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -2300,6 +2343,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -2548,6 +2593,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -2566,6 +2614,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -2816,6 +2866,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -2834,6 +2887,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -3091,6 +3146,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -3109,6 +3167,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -3364,6 +3424,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -3382,6 +3445,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -3622,6 +3687,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -3640,6 +3708,286 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 + start_pushers: false + pusher_instances: + - synapse-pusher-0 + send_federation: false + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: false + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 10m + sync_response_cache_duration: 1m + cache_autotuning: + max_cache_memory_usage: 1843M + target_cache_memory_usage: 1474M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-quarantined-media-changes-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-quarantined-media-changes +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + rc_key_requests: + burst_count: 100 + per_second: 20 + rc_presence: + per_user: + burst_count: 1 + per_second: 0.1 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -3895,6 +4243,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -3913,6 +4264,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -4161,6 +4514,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -4179,6 +4535,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -4427,6 +4785,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -4445,6 +4806,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -4700,6 +5063,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -4718,6 +5084,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -4973,6 +5341,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -4991,6 +5362,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -5246,6 +5619,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -5264,6 +5640,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 @@ -5512,6 +5890,9 @@ stringData: synapse-federation-sender-0: host: synapse-federation-sender-0.synapse-federation-sender port: 9093 + synapse-quarantined-media-changes-0: + host: synapse-quarantined-media-changes-0.synapse-quarantined-media-changes + port: 9093 stream_writers: typing: - synapse-typing-0 @@ -5530,6 +5911,8 @@ stringData: events: - synapse-event-persister-0 - synapse-event-persister-1 + quarantined_media_changes: + - synapse-quarantined-media-changes-0 start_pushers: false pusher_instances: - synapse-pusher-0 diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml index a17646f..394cf56 100644 --- a/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml @@ -282,6 +282,26 @@ spec: # Source: synapse/templates/synapse-service.yaml apiVersion: v1 kind: Service +metadata: + name: synapse-quarantined-media-changes + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-quarantined-media-changes + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service metadata: name: synapse-receipts annotations: @@ -522,4 +542,25 @@ spec: targetPort: 8008 selector: app: synapse - component: synapse-federation-reader \ No newline at end of file + component: synapse-federation-reader +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-quarantined-media-changes-headless + annotations: + cloud.google.com/neg: '{"ingress":false}' + labels: + app: synapse + component: synapse-quarantined-media-changes +spec: + clusterIP: None + type: ClusterIP + ports: + - name: http + port: 8008 + targetPort: 8008 + selector: + app: synapse + component: synapse-quarantined-media-changes \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-workers-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-workers-deployment.golden.yaml index e1a0302..4868bf8 100644 --- a/charts/synapse/tests/golden/fixtures/test-synapse-workers-deployment.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-synapse-workers-deployment.golden.yaml @@ -24,14 +24,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-client-keys spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -103,14 +103,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-client-reader spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -182,14 +182,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-federation-reader spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -261,14 +261,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-media-repository spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -340,14 +340,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-room spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -419,14 +419,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-sync spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb.golden.yaml index 77a2958..88dcdce 100644 --- a/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb.golden.yaml @@ -50,6 +50,18 @@ spec: # Source: synapse/templates/synapse-workers-pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget +metadata: + name: synapse-quarantined-media-changes +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-quarantined-media-changes +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget metadata: name: synapse-receipts spec: diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-workers-statefulset.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-workers-statefulset.golden.yaml index 666da4d..e8a4caa 100644 --- a/charts/synapse/tests/golden/fixtures/test-synapse-workers-statefulset.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-synapse-workers-statefulset.golden.yaml @@ -20,14 +20,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-account-data spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -96,14 +96,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-background-worker spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -155,14 +155,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-device-lists spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -231,14 +231,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-event-persister spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -290,14 +290,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-federation-sender spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -366,14 +366,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-master spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -439,14 +439,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-media-repository-background-jobs spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -515,14 +515,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-presence spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -574,14 +574,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-push-rules spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -650,14 +650,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-pusher spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -691,6 +691,82 @@ spec: # Source: synapse/templates/synapse-workers-statefulset.yaml apiVersion: apps/v1 kind: StatefulSet +metadata: + name: synapse-quarantined-media-changes + labels: + app: synapse + component: synapse-quarantined-media-changes +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-quarantined-media-changes + serviceName: synapse-quarantined-media-changes + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 + labels: + app: synapse + component: synapse-quarantined-media-changes + spec: + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-quarantined-media-changes-secret + mountPath: /data + lifecycle: + preStop: + exec: + command: ["sleep", "15"] + terminationGracePeriodSeconds: 90 + volumes: + - name: synapse-quarantined-media-changes-secret + secret: + secretName: synapse-quarantined-media-changes-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet metadata: name: synapse-receipts labels: @@ -709,14 +785,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-receipts spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -785,14 +861,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-thread-subscriptions spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -861,14 +937,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-to-device spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -937,14 +1013,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-typing spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: @@ -1013,14 +1089,14 @@ spec: prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" - checksum/secret: aa0354af77014f59bb3fba5dc6297e20664745979a0e1bbb878efc216b32e868 + checksum/secret: d69581c60c34983d27d5000a4c1439d07d2d1bee3937d0d87862ea5425713326 labels: app: synapse component: synapse-user-dir spec: containers: - name: synapse - image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.5 + image: ghcr.io/code-tool/matrix-stack/synapse:v1.155.0 imagePullPolicy: IfNotPresent resources: limits: diff --git a/charts/synapse/values.yaml b/charts/synapse/values.yaml index 09dcec4..d799827 100644 --- a/charts/synapse/values.yaml +++ b/charts/synapse/values.yaml @@ -16,7 +16,7 @@ synapse: # this is patched version of mainstream synamse # please find patches by link: https://github.com/code-tool/matrix-stack/tree/main/build # also this ghcr contains synapse:v1.151.0-e2e-optimized with e2e_room_key query patches - tag: "v1.151.5" + tag: "v1.155.0" pullPolicy: IfNotPresent disablePgBouncerForStreamWriters: false nodeSelector: {} @@ -154,6 +154,9 @@ synapse: federation_sender: replicas: 1 resources: {} + quarantined_media_changes: + replicas: 1 + resources: {} # this workers will never scale, only vertical scaling is possible singletonWorkers: master: @@ -448,9 +451,12 @@ ingress: - '/_synapse/admin/v1/room/.*/media.*' - '/_synapse/admin/v1/user/.*/media.*' - '/_synapse/admin/v1/media/.*' - - '/_synapse/admin/v1/quarantine_media/.*' - '/_synapse/admin/v1/users/.*/media' + # to httpd-quarantined-media-changes envoy cluster + quarantineMediaChangesRoutes: + - '/_synapse/admin/v1/quarantine_media/.*' + # was clientReaderStickyRoutes # to httpd-sync-user-ring-hash envoy cluster syncRoutes: @@ -605,7 +611,7 @@ envoyProxy: # maxUnavailable: 1 image: repository: envoyproxy/envoy - tag: v1.36.6 + tag: v1.36.8 pullPolicy: IfNotPresent resources: {} # limits: @@ -650,7 +656,7 @@ matrixAuthentication: # maxUnavailable: 1 image: repository: ghcr.io/element-hq/matrix-authentication-service - tag: 1.15.0 + tag: 1.18.0 pullPolicy: IfNotPresent resources: {} # limits: From 49087f03b9216699922322b963ef8a82d1682701 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Thu, 18 Jun 2026 23:31:31 +0300 Subject: [PATCH 2/4] synapse-quarantined-media-changes-headless --- charts/synapse/templates/envoy-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/synapse/templates/envoy-configmap.yaml b/charts/synapse/templates/envoy-configmap.yaml index c400cb3..2978517 100644 --- a/charts/synapse/templates/envoy-configmap.yaml +++ b/charts/synapse/templates/envoy-configmap.yaml @@ -956,7 +956,7 @@ data: - endpoint: address: socket_address: - address: httpd-quarantined-media-changes + address: synapse-quarantined-media-changes-headless port_value: 8008 synapse.lua: | From 257eef3f06b0c2518a7fd84390d50568ed6830e8 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Fri, 19 Jun 2026 00:09:26 +0300 Subject: [PATCH 3/4] envoy-1.37 --- charts/synapse/Chart.yaml | 2 +- .../golden/fixtures/test-envoy-configmap-msc4306.golden.yaml | 2 +- .../golden/fixtures/test-envoy-configmap-no-mas.golden.yaml | 2 +- .../tests/golden/fixtures/test-envoy-configmap.golden.yaml | 2 +- .../tests/golden/fixtures/test-envoy-deployment.golden.yaml | 4 ++-- charts/synapse/values.yaml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/synapse/Chart.yaml b/charts/synapse/Chart.yaml index 7f44da7..e2bb9bb 100644 --- a/charts/synapse/Chart.yaml +++ b/charts/synapse/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v2 appVersion: 1.151.0 description: matrix synapse kubernetes deployment name: synapse -version: 2.7.0 +version: 2.8.0 diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml index 6777475..5293bb5 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml @@ -1560,7 +1560,7 @@ data: - endpoint: address: socket_address: - address: httpd-quarantined-media-changes + address: synapse-quarantined-media-changes-headless port_value: 8008 synapse.lua: | diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml index d131394..b1ed29a 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml @@ -1520,7 +1520,7 @@ data: - endpoint: address: socket_address: - address: httpd-quarantined-media-changes + address: synapse-quarantined-media-changes-headless port_value: 8008 synapse.lua: | diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml index 3f8b97c..144fc22 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml @@ -1519,7 +1519,7 @@ data: - endpoint: address: socket_address: - address: httpd-quarantined-media-changes + address: synapse-quarantined-media-changes-headless port_value: 8008 synapse.lua: | diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml index 4828c63..93d1a15 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml @@ -24,12 +24,12 @@ spec: app: synapse component: synapse-client-reader-envoy annotations: - checksum/config: d131be604d783955b18d21cb0729988c91d289028b43c0be34fedfd1f1e561b6 + checksum/config: 9d638ffa8fe8adfd5d59a0178fdb455821ac57f2f3e1f217d20d4dd78cafd53f spec: terminationGracePeriodSeconds: 60 containers: - name: envoy - image: envoyproxy/envoy:v1.36.8 + image: envoyproxy/envoy:v1.37.4 imagePullPolicy: IfNotPresent args: - -c diff --git a/charts/synapse/values.yaml b/charts/synapse/values.yaml index d799827..248dfca 100644 --- a/charts/synapse/values.yaml +++ b/charts/synapse/values.yaml @@ -611,7 +611,7 @@ envoyProxy: # maxUnavailable: 1 image: repository: envoyproxy/envoy - tag: v1.36.8 + tag: v1.37.4 pullPolicy: IfNotPresent resources: {} # limits: From ced8f996bf8b6cc7a973a1398a1b6e2dad370ebc Mon Sep 17 00:00:00 2001 From: shcherbak Date: Fri, 19 Jun 2026 00:13:01 +0300 Subject: [PATCH 4/4] 1.155.0 --- Makefile | 2 +- build/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 39e00aa..8f939f5 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION=v1.151.0 +VERSION=v1.155.0 .PHONY: all build-main push-main build-e2e push-e2e test-lua diff --git a/build/Dockerfile b/build/Dockerfile index f888efa..97a36ca 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,4 +1,4 @@ -ARG SYNAPSE_PKG_VER="v1.151.0" +ARG SYNAPSE_PKG_VER="v1.155.0" ARG PYTHON_PKG_VER="3.13" # stage 1 : build pip