Skip to content

V1.155.0 #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shcherbak wants to merge 4 commits into
base: main
Choose a base branch
from
Open

V1.155.0 #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
374de65
1.155.1 (quarantined media stream writer)
shcherbak Jun 18, 2026
49087f0
synapse-quarantined-media-changes-headless
shcherbak Jun 18, 2026
257eef3
envoy-1.37
shcherbak Jun 18, 2026
ced8f99
1.155.0
shcherbak Jun 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
VERSION=v1.151.0
VERSION=v1.155.0

.PHONY: all build-main push-main build-e2e push-e2e test-lua

Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ Worker reference table
| receipts | stream writer | yes | round-robin | yes |
| device_lists | stream writer | yes | round-robin | yes |
| thread_subscriptions | stream writer | yes | round-robin | yes |
| quarantined_media | stream writer | yes | round-robin | yes |
| quarantined_media_changes | stream writer | yes | round-robin (?) | yes |
| events (persister) | stream writer | yes | shard by room_id | yes |
| media_repository | app | yes | least_conn | yes |
| media_instance_running_background_jobs | app | no | - | no |
Expand Down
2 changes: 1 addition & 1 deletion build/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG SYNAPSE_PKG_VER="v1.151.0"
ARG SYNAPSE_PKG_VER="v1.155.0"
ARG PYTHON_PKG_VER="3.13"

# stage 1 : build pip
Expand Down
2 changes: 1 addition & 1 deletion charts/synapse/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ apiVersion: v2
appVersion: 1.151.0
description: matrix synapse kubernetes deployment
name: synapse
version: 2.7.0
version: 2.8.0
8 changes: 8 additions & 0 deletions charts/synapse/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,14 @@ app: synapse
component: synapse-federation-reader
{{- end }}

{{/*
Selector labels
*/}}
{{- define "synapse-quarantined-media-changes.selectorLabels" -}}
app: synapse
component: synapse-quarantined-media-changes
{{- end }}

{{/*
Selector labels
*/}}
Expand Down
37 changes: 37 additions & 0 deletions charts/synapse/templates/envoy-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,16 @@ data:
cluster: httpd-media-repository
{{- end }}

{{- range $route := .Values.ingress.quarantineMediaChangesRoutes }}
- match:
safe_regex:
regex: {{ printf "^%s" $route | squote }}
route:
timeout: 300s
auto_host_rewrite: true
cluster: httpd-quarantined-media-changes
{{- end }}

{{- range $route := .Values.ingress.toDeviceRoutes }}
- match:
safe_regex:
Expand Down Expand Up @@ -921,6 +931,33 @@ data:
socket_address:
address: synapse-media-repository
port_value: 8008
- name: httpd-quarantined-media-changes
connect_timeout: 1.00s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
ignore_health_on_host_removal: true
lb_policy: LEAST_REQUEST
least_request_lb_config:
choice_count: 2
circuit_breakers:
thresholds:
- priority: DEFAULT
max_connections: 30000
max_requests: 8192
max_retries: 3
- priority: HIGH
max_connections: 30000
max_requests: 8192
max_retries: 3
load_assignment:
cluster_name: httpd-quarantined-media-changes
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: synapse-quarantined-media-changes-headless
port_value: 8008

synapse.lua: |
{{- .Files.Get "scripts/synapse.lua" | nindent 4 }}
15 changes: 12 additions & 3 deletions charts/synapse/templates/synapse-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
{{- $clientFedWorkers := list "master" "room" }}
{{- $noHttpWorkers := list "background_worker" "pusher" }}
{{- $streamWritersLocks := list "account_data"}}
{{- $streamWriters := list "master" "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media" "event_persister" }}
{{- $replicationWorkers := list "master" "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media" "event_persister" "federation_sender" }}
{{- $clientOnlyWorkers := list "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media" "event_persister" "sync" "client_reader" "client_keys" "user_dir" }}
{{- $streamWriters := list "master" "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media_changes" "event_persister" }}
{{- $replicationWorkers := list "master" "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media_changes" "event_persister" "federation_sender" }}
{{- $clientOnlyWorkers := list "typing" "to_device" "account_data" "presence" "push_rules" "receipts" "device_lists" "thread_subscriptions" "quarantined_media_changes" "event_persister" "sync" "client_reader" "client_keys" "user_dir" }}

{{- $registration_shared_secret := .Values.registration_shared_secret }}
{{- $form_secret := .Values.form_secret }}
Expand Down Expand Up @@ -196,6 +196,11 @@ stringData:
host: synapse-federation-sender-{{ . }}.synapse-federation-sender
port: 9093
{{- end }}
{{- range until ( $workers.quarantined_media_changes.replicas | int) }}
synapse-quarantined-media-changes-{{ . }}:
host: synapse-quarantined-media-changes-{{ . }}.synapse-quarantined-media-changes
port: 9093
{{- end }}
stream_writers:
typing:
- synapse-typing-0
Expand Down Expand Up @@ -225,6 +230,10 @@ stringData:
{{- range until ( $workers.event_persister.replicas | int) }}
- synapse-event-persister-{{ . }}
{{- end }}
quarantined_media_changes:
{{- range until ( $workers.quarantined_media_changes.replicas | int) }}
- synapse-quarantined-media-changes-{{ . }}
{{- end }}
start_pushers: false
pusher_instances:
{{- range until ( $workers.pusher.replicas | int) }}
Expand Down
20 changes: 20 additions & 0 deletions charts/synapse/templates/synapse-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,3 +122,23 @@ spec:
targetPort: 8008
selector:
{{- include "synapse-federation-reader.selectorLabels" . | nindent 6 }}
---
apiVersion: v1
kind: Service
metadata:
name: synapse-quarantined-media-changes-headless
{{- with $.Values.synapse.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "synapse-quarantined-media-changes.selectorLabels" . | nindent 4 }}
spec:
clusterIP: None
type: ClusterIP
ports:
- name: http
port: 8008
targetPort: 8008
selector:
{{- include "synapse-quarantined-media-changes.selectorLabels" . | nindent 6 }}
33 changes: 30 additions & 3 deletions charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -274,18 +274,18 @@ data:
cluster: httpd-media-repository
- match:
safe_regex:
regex: '^/_synapse/admin/v1/quarantine_media/.*'
regex: '^/_synapse/admin/v1/users/.*/media'
route:
timeout: 300s
auto_host_rewrite: true
cluster: httpd-media-repository
- match:
safe_regex:
regex: '^/_synapse/admin/v1/users/.*/media'
regex: '^/_synapse/admin/v1/quarantine_media/.*'
route:
timeout: 300s
auto_host_rewrite: true
cluster: httpd-media-repository
cluster: httpd-quarantined-media-changes
- match:
safe_regex:
regex: '^/_matrix/client/(r0|v3|unstable)/sendToDevice/.*'
Expand Down Expand Up @@ -1535,6 +1535,33 @@ data:
socket_address:
address: synapse-media-repository
port_value: 8008
- name: httpd-quarantined-media-changes
connect_timeout: 1.00s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
ignore_health_on_host_removal: true
lb_policy: LEAST_REQUEST
least_request_lb_config:
choice_count: 2
circuit_breakers:
thresholds:
- priority: DEFAULT
max_connections: 30000
max_requests: 8192
max_retries: 3
- priority: HIGH
max_connections: 30000
max_requests: 8192
max_retries: 3
load_assignment:
cluster_name: httpd-quarantined-media-changes
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: synapse-quarantined-media-changes-headless
port_value: 8008

synapse.lua: |
local room_id_pattern = "(![A-Za-z0-9._=%%%-/]+:[A-Za-z0-9.%-]+)"
Expand Down
33 changes: 30 additions & 3 deletions charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -295,18 +295,18 @@ data:
cluster: httpd-media-repository
- match:
safe_regex:
regex: '^/_synapse/admin/v1/quarantine_media/.*'
regex: '^/_synapse/admin/v1/users/.*/media'
route:
timeout: 300s
auto_host_rewrite: true
cluster: httpd-media-repository
- match:
safe_regex:
regex: '^/_synapse/admin/v1/users/.*/media'
regex: '^/_synapse/admin/v1/quarantine_media/.*'
route:
timeout: 300s
auto_host_rewrite: true
cluster: httpd-media-repository
cluster: httpd-quarantined-media-changes
- match:
safe_regex:
regex: '^/_matrix/client/(r0|v3|unstable)/sendToDevice/.*'
Expand Down Expand Up @@ -1495,6 +1495,33 @@ data:
socket_address:
address: synapse-media-repository
port_value: 8008
- name: httpd-quarantined-media-changes
connect_timeout: 1.00s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
ignore_health_on_host_removal: true
lb_policy: LEAST_REQUEST
least_request_lb_config:
choice_count: 2
circuit_breakers:
thresholds:
- priority: DEFAULT
max_connections: 30000
max_requests: 8192
max_retries: 3
- priority: HIGH
max_connections: 30000
max_requests: 8192
max_retries: 3
load_assignment:
cluster_name: httpd-quarantined-media-changes
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: synapse-quarantined-media-changes-headless
port_value: 8008

synapse.lua: |
local room_id_pattern = "(![A-Za-z0-9._=%%%-/]+:[A-Za-z0-9.%-]+)"
Expand Down
33 changes: 30 additions & 3 deletions charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,18 +260,18 @@ data:
cluster: httpd-media-repository
- match:
safe_regex:
regex: '^/_synapse/admin/v1/quarantine_media/.*'
regex: '^/_synapse/admin/v1/users/.*/media'
route:
timeout: 300s
auto_host_rewrite: true
cluster: httpd-media-repository
- match:
safe_regex:
regex: '^/_synapse/admin/v1/users/.*/media'
regex: '^/_synapse/admin/v1/quarantine_media/.*'
route:
timeout: 300s
auto_host_rewrite: true
cluster: httpd-media-repository
cluster: httpd-quarantined-media-changes
- match:
safe_regex:
regex: '^/_matrix/client/(r0|v3|unstable)/sendToDevice/.*'
Expand Down Expand Up @@ -1494,6 +1494,33 @@ data:
socket_address:
address: synapse-media-repository
port_value: 8008
- name: httpd-quarantined-media-changes
connect_timeout: 1.00s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
ignore_health_on_host_removal: true
lb_policy: LEAST_REQUEST
least_request_lb_config:
choice_count: 2
circuit_breakers:
thresholds:
- priority: DEFAULT
max_connections: 30000
max_requests: 8192
max_retries: 3
- priority: HIGH
max_connections: 30000
max_requests: 8192
max_retries: 3
load_assignment:
cluster_name: httpd-quarantined-media-changes
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: synapse-quarantined-media-changes-headless
port_value: 8008

synapse.lua: |
local room_id_pattern = "(![A-Za-z0-9._=%%%-/]+:[A-Za-z0-9.%-]+)"
Expand Down
4 changes: 2 additions & 2 deletions charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,12 @@ spec:
app: synapse
component: synapse-client-reader-envoy
annotations:
checksum/config: 869b2ce1fd7683ee515f7d6d20ed26cda2dff095448a9425f73627c0768c4f40
checksum/config: 9d638ffa8fe8adfd5d59a0178fdb455821ac57f2f3e1f217d20d4dd78cafd53f
spec:
terminationGracePeriodSeconds: 60
containers:
- name: envoy
image: envoyproxy/envoy:v1.36.6
image: envoyproxy/envoy:v1.37.4
imagePullPolicy: IfNotPresent
args:
- -c
Expand Down
2 changes: 1 addition & 1 deletion charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ spec:
terminationGracePeriodSeconds: 60
containers:
- name: main
image: ghcr.io/element-hq/matrix-authentication-service:1.15.0
image: ghcr.io/element-hq/matrix-authentication-service:1.18.0
imagePullPolicy: IfNotPresent
env:
- name: "MAS_CONFIG"
Expand Down
2 changes: 1 addition & 1 deletion charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
restartPolicy: Never
containers:
- name: config-sync
image: ghcr.io/element-hq/matrix-authentication-service:1.15.0
image: ghcr.io/element-hq/matrix-authentication-service:1.18.0
imagePullPolicy: IfNotPresent
env:
- name: "MAS_CONFIG"
Expand Down
2 changes: 1 addition & 1 deletion charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
restartPolicy: Never
containers:
- name: config-sync
image: ghcr.io/element-hq/matrix-authentication-service:1.15.0
image: ghcr.io/element-hq/matrix-authentication-service:1.18.0
imagePullPolicy: IfNotPresent
env:
- name: "MAS_CONFIG"
Expand Down
2 changes: 1 addition & 1 deletion charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
restartPolicy: Never
containers:
- name: config-sync
image: ghcr.io/element-hq/matrix-authentication-service:1.15.0
image: ghcr.io/element-hq/matrix-authentication-service:1.18.0
imagePullPolicy: IfNotPresent
env:
- name: "MAS_CONFIG"
Expand Down
2 changes: 1 addition & 1 deletion charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
restartPolicy: Never
containers:
- name: db-migration
image: ghcr.io/element-hq/matrix-authentication-service:1.15.0
image: ghcr.io/element-hq/matrix-authentication-service:1.18.0
imagePullPolicy: IfNotPresent
env:
- name: "MAS_CONFIG"
Expand Down
2 changes: 1 addition & 1 deletion charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
restartPolicy: Never
containers:
- name: db-migration
image: ghcr.io/element-hq/matrix-authentication-service:1.15.0
image: ghcr.io/element-hq/matrix-authentication-service:1.18.0
imagePullPolicy: IfNotPresent
env:
- name: "MAS_CONFIG"
Expand Down
Loading