diff --git a/charts/synapse/Chart.yaml b/charts/synapse/Chart.yaml index fd5530c..c1de13f 100644 --- a/charts/synapse/Chart.yaml +++ b/charts/synapse/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v2 appVersion: 1.151.0 description: matrix synapse kubernetes deployment name: synapse -version: 2.4.6 +version: 2.5.0 diff --git a/charts/synapse/templates/_helpers.tpl b/charts/synapse/templates/_helpers.tpl index b7ac32f..d7fb86e 100644 --- a/charts/synapse/templates/_helpers.tpl +++ b/charts/synapse/templates/_helpers.tpl @@ -30,6 +30,14 @@ app: synapse component: synapse-federation-reader {{- end }} +{{/* +Selector labels +*/}} +{{- define "synapse-device-lists.selectorLabels" -}} +app: synapse +component: synapse-device-lists +{{- end }} + {{/* Selector labels */}} diff --git a/charts/synapse/templates/envoy-configmap.yaml b/charts/synapse/templates/envoy-configmap.yaml index 141765d..181ffe3 100644 --- a/charts/synapse/templates/envoy-configmap.yaml +++ b/charts/synapse/templates/envoy-configmap.yaml @@ -219,6 +219,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash {{- end }} {{- range $route := .Values.ingress.pushRulesRoutes }} @@ -711,9 +718,7 @@ data: type: STRICT_DNS dns_lookup_family: V4_ONLY ignore_health_on_host_removal: true - lb_policy: LEAST_REQUEST - least_request_lb_config: - choice_count: 2 + lb_policy: RING_HASH circuit_breakers: thresholds: - priority: DEFAULT @@ -731,7 +736,7 @@ data: - endpoint: address: socket_address: - address: synapse-device-lists + address: synapse-device-lists-headless port_value: 8008 {{- if .Values.experimentalFeatures.msc4306.enabled }} - name: httpd-thread-subscriptions diff --git a/charts/synapse/templates/synapse-service.yaml b/charts/synapse/templates/synapse-service.yaml index 755771c..7fa8675 100644 --- a/charts/synapse/templates/synapse-service.yaml +++ b/charts/synapse/templates/synapse-service.yaml @@ -102,3 +102,23 @@ spec: targetPort: 8008 selector: {{- include "synapse-federation-reader.selectorLabels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: synapse-device-lists-headless + {{- with $.Values.synapse.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "synapse-device-lists.selectorLabels" . | nindent 4 }} +spec: + clusterIP: None + type: ClusterIP + ports: + - name: http + port: 8008 + targetPort: 8008 + selector: + {{- include "synapse-device-lists.selectorLabels" . | nindent 6 }} diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml index 5d4108c..9a39d9f 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-msc4306.golden.yaml @@ -326,6 +326,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/devices(/.*)?$' @@ -333,6 +340,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/keys/upload$' @@ -340,6 +354,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(v3|unstable)/keys/device_signing/upload$' @@ -347,6 +368,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/keys/signatures/upload$' @@ -354,6 +382,27 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash + - match: + safe_regex: + regex: '^/_matrix/client/(r0|v3|unstable)/keys/query$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/.*' @@ -602,16 +651,6 @@ data: hash_policy: - connection_properties: source_ip: true - - match: - safe_regex: - regex: '^/_matrix/client/unstable/org.matrix.msc4140/delayed_events(/.*/restart)?$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-federation-ip-hash - hash_policy: - - connection_properties: - source_ip: true - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/user_directory/search$' @@ -661,13 +700,6 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-client-reader - - match: - safe_regex: - regex: '^/_matrix/client/(r0|v3|unstable)/keys/query$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-client-reader - match: safe_regex: regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact/.*' @@ -885,6 +917,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/unstable/org\.matrix\.msc4140/delayed_events(/.*/restart)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader - match: safe_regex: regex: '^/_matrix/.*' @@ -1278,9 +1317,7 @@ data: type: STRICT_DNS dns_lookup_family: V4_ONLY ignore_health_on_host_removal: true - lb_policy: LEAST_REQUEST - least_request_lb_config: - choice_count: 2 + lb_policy: RING_HASH circuit_breakers: thresholds: - priority: DEFAULT @@ -1298,7 +1335,7 @@ data: - endpoint: address: socket_address: - address: synapse-device-lists + address: synapse-device-lists-headless port_value: 8008 - name: httpd-thread-subscriptions connect_timeout: 0.02s diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml index ae9be2c..4080b99 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap-no-mas.golden.yaml @@ -116,6 +116,41 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-master + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/login$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(r0|v3|unstable)/register$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(r0|v3|unstable)/register/available$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/v1/register/m.login.registration_token/validity$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(r0|v3|unstable)/password_policy$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt.*' @@ -312,6 +347,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/devices(/.*)?$' @@ -319,6 +361,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/keys/upload$' @@ -326,6 +375,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(v3|unstable)/keys/device_signing/upload$' @@ -333,6 +389,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/keys/signatures/upload$' @@ -340,6 +403,27 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash + - match: + safe_regex: + regex: '^/_matrix/client/(r0|v3|unstable)/keys/query$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/.*' @@ -588,16 +672,6 @@ data: hash_policy: - connection_properties: source_ip: true - - match: - safe_regex: - regex: '^/_matrix/client/unstable/org.matrix.msc4140/delayed_events(/.*/restart)?$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-federation-ip-hash - hash_policy: - - connection_properties: - source_ip: true - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/user_directory/search$' @@ -605,41 +679,6 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-user-dir - - match: - safe_regex: - regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/login$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-client-reader - - match: - safe_regex: - regex: '^/_matrix/client/(r0|v3|unstable)/register$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-client-reader - - match: - safe_regex: - regex: '^/_matrix/client/(r0|v3|unstable)/register/available$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-client-reader - - match: - safe_regex: - regex: '^/_matrix/client/v1/register/m.login.registration_token/validity$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-client-reader - - match: - safe_regex: - regex: '^/_matrix/client/(r0|v3|unstable)/password_policy$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-client-reader - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/keys/changes$' @@ -654,13 +693,6 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-client-reader - - match: - safe_regex: - regex: '^/_matrix/client/(r0|v3|unstable)/keys/query$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-client-reader - match: safe_regex: regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact/.*' @@ -878,6 +910,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/unstable/org\.matrix\.msc4140/delayed_events(/.*/restart)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader - match: safe_regex: regex: '^/_matrix/.*' @@ -1271,9 +1310,7 @@ data: type: STRICT_DNS dns_lookup_family: V4_ONLY ignore_health_on_host_removal: true - lb_policy: LEAST_REQUEST - least_request_lb_config: - choice_count: 2 + lb_policy: RING_HASH circuit_breakers: thresholds: - priority: DEFAULT @@ -1291,7 +1328,7 @@ data: - endpoint: address: socket_address: - address: synapse-device-lists + address: synapse-device-lists-headless port_value: 8008 - name: httpd-user-dir connect_timeout: 0.02s diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml index 8d67bfa..9c3d235 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml @@ -312,6 +312,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/devices(/.*)?$' @@ -319,6 +326,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/keys/upload$' @@ -326,6 +340,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(v3|unstable)/keys/device_signing/upload$' @@ -333,6 +354,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/keys/signatures/upload$' @@ -340,6 +368,27 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash + - match: + safe_regex: + regex: '^/_matrix/client/(r0|v3|unstable)/keys/query$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-device-lists + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash - match: safe_regex: regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/.*' @@ -588,16 +637,6 @@ data: hash_policy: - connection_properties: source_ip: true - - match: - safe_regex: - regex: '^/_matrix/client/unstable/org.matrix.msc4140/delayed_events(/.*/restart)?$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-federation-ip-hash - hash_policy: - - connection_properties: - source_ip: true - match: safe_regex: regex: '^/_matrix/client/(r0|v3|unstable)/user_directory/search$' @@ -647,13 +686,6 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-client-reader - - match: - safe_regex: - regex: '^/_matrix/client/(r0|v3|unstable)/keys/query$' - route: - timeout: 300s - auto_host_rewrite: true - cluster: httpd-client-reader - match: safe_regex: regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact/.*' @@ -871,6 +903,13 @@ data: timeout: 300s auto_host_rewrite: true cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/unstable/org\.matrix\.msc4140/delayed_events(/.*/restart)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader - match: safe_regex: regex: '^/_matrix/.*' @@ -1264,9 +1303,7 @@ data: type: STRICT_DNS dns_lookup_family: V4_ONLY ignore_health_on_host_removal: true - lb_policy: LEAST_REQUEST - least_request_lb_config: - choice_count: 2 + lb_policy: RING_HASH circuit_breakers: thresholds: - priority: DEFAULT @@ -1284,7 +1321,7 @@ data: - endpoint: address: socket_address: - address: synapse-device-lists + address: synapse-device-lists-headless port_value: 8008 - name: httpd-matrix-auth connect_timeout: 0.02s diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml index c3613b8..98d8693 100644 --- a/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml @@ -24,7 +24,7 @@ spec: app: synapse component: synapse-client-reader-envoy annotations: - checksum/config: 4e5e008b7f7d9a5463aff65090872424c71bfd2f62a244863c06c80082de0999 + checksum/config: b278834dc6d48957c9a01766b63b03ca7a284c349f5b25ed3794389c99df5525 spec: terminationGracePeriodSeconds: 60 containers: diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml index 0eff4be..4de22cf 100644 --- a/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml +++ b/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml @@ -481,4 +481,25 @@ spec: targetPort: 8008 selector: app: synapse - component: synapse-federation-reader \ No newline at end of file + component: synapse-federation-reader +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-device-lists-headless + annotations: + cloud.google.com/neg: '{"ingress":false}' + labels: + app: synapse + component: synapse-device-lists +spec: + clusterIP: None + type: ClusterIP + ports: + - name: http + port: 8008 + targetPort: 8008 + selector: + app: synapse + component: synapse-device-lists \ No newline at end of file