From 228611f358a11eabb3a95e5c93d122dfbec5501e Mon Sep 17 00:00:00 2001 From: shcherbak Date: Wed, 27 May 2026 08:57:35 +0300 Subject: [PATCH] snapshot-test --- charts/synapse/tests/go.mod | 129 + charts/synapse/tests/go.sum | 353 ++ .../test-admin-deployment.golden.yaml | 30 + .../test-admin-ingress-disabled.golden.yaml | 0 .../test-admin-ingress-tls.golden.yaml | 27 + .../fixtures/test-admin-ingress.golden.yaml | 26 + .../fixtures/test-admin-service.golden.yaml | 15 + .../fixtures/test-envoy-configmap.golden.yaml | 753 +++ .../test-envoy-deployment.golden.yaml | 66 + ...test-envoy-pdb-max-unavailable.golden.yaml | 12 + .../fixtures/test-envoy-pdb.golden.yaml | 12 + .../fixtures/test-envoy-service.golden.yaml | 23 + ...-envoy-servicemonitor-disabled.golden.yaml | 0 .../test-envoy-servicemonitor.golden.yaml | 19 + .../fixtures/test-ingress-default.golden.yaml | 366 ++ .../fixtures/test-ingress-msc4306.golden.yaml | 380 ++ .../fixtures/test-ingress-no-mas.golden.yaml | 373 ++ ...atrix-auth-deployment-disabled.golden.yaml | 0 .../test-matrix-auth-deployment.golden.yaml | 70 + .../test-matrix-auth-hpa-disabled.golden.yaml | 0 .../test-matrix-auth-hpa-enabled.golden.yaml | 23 + .../test-matrix-auth-ingress-tls.golden.yaml | 27 + .../test-matrix-auth-ingress.golden.yaml | 26 + ...trix-auth-job-config-sync-helm.golden.yaml | 38 + ...rix-auth-job-config-sync-prune.golden.yaml | 39 + ...st-matrix-auth-job-config-sync.golden.yaml | 38 + ...rix-auth-job-db-migration-helm.golden.yaml | 38 + ...t-matrix-auth-job-db-migration.golden.yaml | 38 + ...atrix-auth-pdb-max-unavailable.golden.yaml | 12 + .../fixtures/test-matrix-auth-pdb.golden.yaml | 12 + .../test-matrix-auth-secret.golden.yaml | 102 + .../test-matrix-auth-service.golden.yaml | 19 + .../test-pgbouncer-configmap.golden.yaml | 25 + .../test-pgbouncer-deployment.golden.yaml | 61 + .../test-pgbouncer-pdb-disabled.golden.yaml | 0 ...-pgbouncer-pdb-max-unavailable.golden.yaml | 11 + .../fixtures/test-pgbouncer-pdb.golden.yaml | 11 + .../test-pgbouncer-secret.golden.yaml | 12 + ...uncer-service-session-affinity.golden.yaml | 19 + .../test-pgbouncer-service.golden.yaml | 15 + .../fixtures/test-synapse-hpa.golden.yaml | 165 + ...st-synapse-podmonitor-disabled.golden.yaml | 0 ...est-synapse-podmonitor-enabled.golden.yaml | 13 + ...ynapse-resource-quota-disabled.golden.yaml | 0 .../test-synapse-resource-quota.golden.yaml | 18 + ...et-no-pgbouncer-stream-writers.golden.yaml | 5224 +++++++++++++++++ .../fixtures/test-synapse-secret.golden.yaml | 5224 +++++++++++++++++ .../fixtures/test-synapse-service.golden.yaml | 484 ++ ...est-synapse-workers-deployment.golden.yaml | 385 ++ ...t-synapse-workers-pdb-disabled.golden.yaml | 0 .../test-synapse-workers-pdb.golden.yaml | 180 + ...st-synapse-workers-statefulset.golden.yaml | 1041 ++++ .../test-well-known-default.golden.yaml | 52 + ...ell-known-deployment-no-openid.golden.yaml | 47 + .../test-well-known-deployment.golden.yaml | 50 + ...est-well-known-identity-server.golden.yaml | 55 + .../test-well-known-ingress-tls.golden.yaml | 26 + .../test-well-known-ingress.golden.yaml | 25 + .../test-well-known-msc3266.golden.yaml | 58 + .../test-well-known-service.golden.yaml | 15 + charts/synapse/tests/golden/goldenfiles.go | 74 + .../synapse/tests/golden/unit/admin_test.go | 91 + .../synapse/tests/golden/unit/envoy_test.go | 126 + .../synapse/tests/golden/unit/ingress_test.go | 66 + .../golden/unit/matrix_auth_resources_test.go | 217 + .../tests/golden/unit/matrix_auth_test.go | 64 + .../tests/golden/unit/pgbouncer_test.go | 86 + .../golden/unit/synapse_resources_test.go | 133 + .../tests/golden/unit/synapse_workers_test.go | 146 + .../golden/unit/well_known_resources_test.go | 92 + .../tests/golden/unit/well_known_test.go | 67 + 71 files changed, 17444 insertions(+) create mode 100644 charts/synapse/tests/go.mod create mode 100644 charts/synapse/tests/go.sum create mode 100644 charts/synapse/tests/golden/fixtures/test-admin-deployment.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-admin-ingress-disabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-admin-ingress-tls.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-admin-ingress.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-admin-service.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-envoy-pdb-max-unavailable.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-envoy-pdb.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-envoy-service.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-envoy-servicemonitor-disabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-envoy-servicemonitor.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-ingress-default.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-ingress-msc4306.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-ingress-no-mas.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment-disabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-hpa-disabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-hpa-enabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-ingress-tls.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-ingress.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-pdb-max-unavailable.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-pdb.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-secret.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-matrix-auth-service.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-pgbouncer-configmap.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-pgbouncer-deployment.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb-disabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb-max-unavailable.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-pgbouncer-secret.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-pgbouncer-service-session-affinity.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-pgbouncer-service.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-hpa.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-podmonitor-disabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-podmonitor-enabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-resource-quota-disabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-resource-quota.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-secret-no-pgbouncer-stream-writers.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-secret.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-workers-deployment.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb-disabled.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-synapse-workers-statefulset.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-well-known-default.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-well-known-deployment-no-openid.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-well-known-deployment.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-well-known-identity-server.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-well-known-ingress-tls.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-well-known-ingress.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-well-known-msc3266.golden.yaml create mode 100644 charts/synapse/tests/golden/fixtures/test-well-known-service.golden.yaml create mode 100644 charts/synapse/tests/golden/goldenfiles.go create mode 100644 charts/synapse/tests/golden/unit/admin_test.go create mode 100644 charts/synapse/tests/golden/unit/envoy_test.go create mode 100644 charts/synapse/tests/golden/unit/ingress_test.go create mode 100644 charts/synapse/tests/golden/unit/matrix_auth_resources_test.go create mode 100644 charts/synapse/tests/golden/unit/matrix_auth_test.go create mode 100644 charts/synapse/tests/golden/unit/pgbouncer_test.go create mode 100644 charts/synapse/tests/golden/unit/synapse_resources_test.go create mode 100644 charts/synapse/tests/golden/unit/synapse_workers_test.go create mode 100644 charts/synapse/tests/golden/unit/well_known_resources_test.go create mode 100644 charts/synapse/tests/golden/unit/well_known_test.go diff --git a/charts/synapse/tests/go.mod b/charts/synapse/tests/go.mod new file mode 100644 index 0000000..73fd12f --- /dev/null +++ b/charts/synapse/tests/go.mod @@ -0,0 +1,129 @@ +module tests + +go 1.25 + +require ( + github.com/gruntwork-io/terratest v0.54.0 + github.com/stretchr/testify v1.11.1 +) + +require ( + filippo.io/edwards25519 v1.1.0 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.32.5 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.5 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.46 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 // indirect + github.com/aws/aws-sdk-go-v2/service/acm v1.30.6 // indirect + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.0 // indirect + github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.44.0 // indirect + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.37.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.193.0 // indirect + github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ecs v1.52.0 // indirect + github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.37.6 // indirect + github.com/aws/aws-sdk-go-v2/service/lambda v1.69.0 // indirect + github.com/aws/aws-sdk-go-v2/service/rds v1.91.0 // indirect + github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0 // indirect + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sns v1.33.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sqs v1.37.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect + github.com/aws/smithy-go v1.22.1 // indirect + github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/emicklei/go-restful/v3 v3.12.2 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-sql-driver/mysql v1.8.1 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/gonvenience/bunt v1.3.5 // indirect + github.com/gonvenience/neat v1.3.12 // indirect + github.com/gonvenience/term v1.0.2 // indirect + github.com/gonvenience/text v1.0.7 // indirect + github.com/gonvenience/wrap v1.1.2 // indirect + github.com/gonvenience/ytbx v1.4.4 // indirect + github.com/google/gnostic-models v0.7.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect + github.com/gruntwork-io/go-commons v0.8.0 // indirect + github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/homeport/dyff v1.6.0 // indirect + github.com/jackc/pgpassfile v1.0.0 // indirect + github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect + github.com/jackc/pgx/v5 v5.7.1 // indirect + github.com/jackc/puddle/v2 v2.2.2 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-ps v1.0.0 // indirect + github.com/mitchellh/hashstructure v1.1.0 // indirect + github.com/moby/spdystream v0.5.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pquerna/otp v1.4.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect + github.com/spf13/pflag v1.0.6 // indirect + github.com/texttheater/golang-levenshtein v1.0.1 // indirect + github.com/urfave/cli v1.22.16 // indirect + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect + github.com/x448/float16 v0.8.4 // indirect + go.yaml.in/yaml/v2 v2.4.2 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect + golang.org/x/crypto v0.45.0 // indirect + golang.org/x/net v0.47.0 // indirect + golang.org/x/oauth2 v0.27.0 // indirect + golang.org/x/sync v0.18.0 // indirect + golang.org/x/sys v0.38.0 // indirect + golang.org/x/term v0.37.0 // indirect + golang.org/x/text v0.31.0 // indirect + golang.org/x/time v0.9.0 // indirect + google.golang.org/protobuf v1.36.5 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.34.0 // indirect + k8s.io/apimachinery v0.34.0 // indirect + k8s.io/client-go v0.34.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect + k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect + sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect + sigs.k8s.io/yaml v1.6.0 // indirect +) diff --git a/charts/synapse/tests/go.sum b/charts/synapse/tests/go.sum new file mode 100644 index 0000000..543e70a --- /dev/null +++ b/charts/synapse/tests/go.sum @@ -0,0 +1,353 @@ +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo= +github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc= +github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0= +github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o= +github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41 h1:hqcxMc2g/MwwnRMod9n6Bd+t+9Nf7d5qRg7RaXKPd6o= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41/go.mod h1:d1eH0VrttvPmrCraU68LOyNdu26zFxQFjrVSb5vdhog= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 h1:JX70yGKLj25+lMC5Yyh8wBtvB01GDilyRuJvXJ4piD0= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24/go.mod h1:+Ln60j9SUTD0LEwnhEB0Xhg61DHqplBrbZpLgyjoEHg= +github.com/aws/aws-sdk-go-v2/service/acm v1.30.6 h1:fDg0RlN30Xf/yYzEUL/WXqhmgFsjVb/I3230oCfyI5w= +github.com/aws/aws-sdk-go-v2/service/acm v1.30.6/go.mod h1:zRR6jE3v/TcbfO8C2P+H0Z+kShiKKVaVyoIl8NQRjyg= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.0 h1:1KzQVZi7OTixxaVJ8fWaJAUBjme+iQ3zBOCZhE4RgxQ= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.0/go.mod h1:I1+/2m+IhnK5qEbhS3CrzjeiVloo9sItE/2K+so0fkU= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.44.0 h1:OREVd94+oXW5a+3SSUAo4K0L5ci8cucCLu+PSiek8OU= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.44.0/go.mod h1:Qbr4yfpNqVNl69l/GEDK+8wxLf/vHi0ChoiSDzD7thU= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.37.1 h1:vucMirlM6D+RDU8ncKaSZ/5dGrXNajozVwpmWNPn2gQ= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.37.1/go.mod h1:fceORfs010mNxZbQhfqUjUeHlTwANmIT4mvHamuUaUg= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.193.0 h1:RhSoBFT5/8tTmIseJUXM6INTXTQDF8+0oyxWBnozIms= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.193.0/go.mod h1:mzj8EEjIHSN2oZRXiw1Dd+uB4HZTl7hC8nBzX9IZMWw= +github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6 h1:zg+3FGHA0PBs0KM25qE/rOf2o5zsjNa1g/Qq83+SDI0= +github.com/aws/aws-sdk-go-v2/service/ecr v1.36.6/go.mod h1:ZSq54Z9SIsOTf1Efwgw1msilSs4XVEfVQiP9nYVnKpM= +github.com/aws/aws-sdk-go-v2/service/ecs v1.52.0 h1:7/vgFWplkusJN/m+3QOa+W9FNRqa8ujMPNmdufRaJpg= +github.com/aws/aws-sdk-go-v2/service/ecs v1.52.0/go.mod h1:dPTOvmjJQ1T7Q+2+Xs2KSPrMvx+p0rpyV+HsQVnUK4o= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 h1:hfkzDZHBp9jAT4zcd5mtqckpU4E3Ax0LQaEWWk1VgN8= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.1/go.mod h1:u36ahDtZcQHGmVm/r+0L1sfKX4fzLEMdCqiKRKkUMVM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 h1:gvZOjQKPxFXy1ft3QnEyXmT+IqneM9QAUWlM3r0mfqw= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5/go.mod h1:DLWnfvIcm9IET/mmjdxeXbBKmTCm0ZB8p1za9BVteM8= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.5 h1:3Y457U2eGukmjYjeHG6kanZpDzJADa2m0ADqnuePYVQ= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.5/go.mod h1:CfwEHGkTjYZpkQ/5PvcbEtT7AJlG68KkEvmtwU8z3/U= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 h1:P1doBzv5VEg1ONxnJss1Kh5ZG/ewoIE4MQtKKc6Crgg= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5/go.mod h1:NOP+euMW7W3Ukt28tAxPuoWao4rhhqJD3QEBk7oCg7w= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.6 h1:CZImQdb1QbU9sGgJ9IswhVkxAcjkkD1eQTMA1KHWk+E= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.6/go.mod h1:YJDdlK0zsyxVBxGU48AR/Mi8DMrGdc1E3Yij4fNrONA= +github.com/aws/aws-sdk-go-v2/service/lambda v1.69.0 h1:BXt75frE/FYtAmEDBJRBa2HexOw+oAZWZl6QknZEFgg= +github.com/aws/aws-sdk-go-v2/service/lambda v1.69.0/go.mod h1:guz2K3x4FKSdDaoeB+TPVgJNU9oj2gftbp5cR8ela1A= +github.com/aws/aws-sdk-go-v2/service/rds v1.91.0 h1:eqHz3Uih+gb0vLE5Cc4Xf733vOxsxDp6GFUUVQU4d7w= +github.com/aws/aws-sdk-go-v2/service/rds v1.91.0/go.mod h1:h2jc7IleH3xHY7y+h8FH7WAZcz3IVLOB6/jXotIQ/qU= +github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2 h1:wmt05tPp/CaRZpPV5B4SaJ5TwkHKom07/BzHoLdkY1o= +github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2/go.mod h1:d+K9HESMpGb1EU9/UmmpInbGIUcAkwmcY6ZO/A3zZsw= +github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0 h1:Q2ax8S21clKOnHhhr933xm3JxdJebql+R7aNo7p7GBQ= +github.com/aws/aws-sdk-go-v2/service/s3 v1.69.0/go.mod h1:ralv4XawHjEMaHOWnTFushl0WRqim/gQWesAMF6hTow= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6 h1:1KDMKvOKNrpD667ORbZ/+4OgvUoaok1gg/MLzrHF9fw= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6/go.mod h1:DmtyfCfONhOyVAJ6ZMTrDSFIeyCBlEO93Qkfhxwbxu0= +github.com/aws/aws-sdk-go-v2/service/sns v1.33.6 h1:lEUtRHICiXsd7VRwRjXaY7MApT2X4Ue0Mrwe6XbyBro= +github.com/aws/aws-sdk-go-v2/service/sns v1.33.6/go.mod h1:SODr0Lu3lFdT0SGsGX1TzFTapwveBrT5wztVoYtppm8= +github.com/aws/aws-sdk-go-v2/service/sqs v1.37.1 h1:39WvSrVq9DD6UHkD+fx5x19P5KpRQfNdtgReDVNbelc= +github.com/aws/aws-sdk-go-v2/service/sqs v1.37.1/go.mod h1:3gwPzC9LER/BTQdQZ3r6dUktb1rSjABF1D3Sr6nS7VU= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0 h1:mADKqoZaodipGgiZfuAjtlcr4IVBtXPZKVjkzUZCCYM= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0/go.mod h1:l9qF25TzH95FhcIak6e4vt79KE4I7M2Nf59eMUVjj6c= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= +github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= +github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= +github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= +github.com/gonvenience/neat v1.3.12 h1:xwIyRbJcG9LgcDYys+HHLH9DqqHeQsUpS5CfBUeskbs= +github.com/gonvenience/neat v1.3.12/go.mod h1:8OljAIgPelN0uPPO94VBqxK+Kz98d6ZFwHDg5o/PfkE= +github.com/gonvenience/term v1.0.2 h1:qKa2RydbWIrabGjR/fegJwpW5m+JvUwFL8mLhHzDXn0= +github.com/gonvenience/term v1.0.2/go.mod h1:wThTR+3MzWtWn7XGVW6qQ65uaVf8GHED98KmwpuEQeo= +github.com/gonvenience/text v1.0.7 h1:YmIqmgTwxnACYCG59DykgMbomwteYyNhAmEUEJtPl14= +github.com/gonvenience/text v1.0.7/go.mod h1:OAjH+mohRszffLY6OjgQcUXiSkbrIavooFpfIt1ZwAs= +github.com/gonvenience/wrap v1.1.2 h1:xPKxNwL1HCguwyM+HlP/1CIuc9LRd7k8RodLwe9YTZA= +github.com/gonvenience/wrap v1.1.2/go.mod h1:GiryBSXoI3BAAhbWD1cZVj7RZmtiu0ERi/6R6eJfslI= +github.com/gonvenience/ytbx v1.4.4 h1:jQopwyaLsVGuwdxSiN4WkXjsEaFNPJ3V4lUj7eyEpzo= +github.com/gonvenience/ytbx v1.4.4/go.mod h1:w37+MKCPcCMY/jpPNmEklD4xKqrOAVBO6kIWW2+uI6M= +github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= +github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= +github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= +github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= +github.com/gruntwork-io/terratest v0.54.0 h1:JOVATYDpU0NAPbEkgYUP50BR2m45UGiR4dbs20sKzck= +github.com/gruntwork-io/terratest v0.54.0/go.mod h1:QvwQWZMTJmJB4E0d1Uc18quQm7+X53liKKp+fJSuaKA= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/homeport/dyff v1.6.0 h1:AN+ikld0Fy+qx34YE7655b/bpWuxS6cL9k852pE2GUc= +github.com/homeport/dyff v1.6.0/go.mod h1:FlAOFYzeKvxmU5nTrnG+qrlJVWpsFew7pt8L99p5q8k= +github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= +github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= +github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= +github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= +github.com/jackc/pgx/v5 v5.7.1 h1:x7SYsPBYDkHDksogeSmZZ5xzThcTgRz++I5E+ePFUcs= +github.com/jackc/pgx/v5 v5.7.1/go.mod h1:e7O26IywZZ+naJtWWos6i6fvWK+29etgITqrqHLfoZA= +github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= +github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= +github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= +github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= +github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= +github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= +github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg= +github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= +github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= +github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= +github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ= +github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= +go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= +golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= +golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= +google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.34.0 h1:L+JtP2wDbEYPUeNGbeSa/5GwFtIA662EmT2YSLOkAVE= +k8s.io/api v0.34.0/go.mod h1:YzgkIzOOlhl9uwWCZNqpw6RJy9L2FK4dlJeayUoydug= +k8s.io/apimachinery v0.34.0 h1:eR1WO5fo0HyoQZt1wdISpFDffnWOvFLOOeJ7MgIv4z0= +k8s.io/apimachinery v0.34.0/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= +k8s.io/client-go v0.34.0 h1:YoWv5r7bsBfb0Hs2jh8SOvFbKzzxyNo0nSb0zC19KZo= +k8s.io/client-go v0.34.0/go.mod h1:ozgMnEKXkRjeMvBZdV1AijMHLTh3pbACPvK7zFR+QQY= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= +k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= +k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= +k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= +sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/charts/synapse/tests/golden/fixtures/test-admin-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-admin-deployment.golden.yaml new file mode 100644 index 0000000..7cb19fc --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-admin-deployment.golden.yaml @@ -0,0 +1,30 @@ +--- +# Source: synapse/templates/admin-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: admin + labels: + app: admin +spec: + replicas: 1 + selector: + matchLabels: + app: admin + template: + metadata: + labels: + app: admin + spec: + containers: + - name: admin + image: ghcr.io/etkecc/ketesa:v1.2.1 + imagePullPolicy: IfNotPresent + resources: + + {} + ports: + - containerPort: 8080 + name: admin + protocol: TCP + terminationGracePeriodSeconds: 10 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-admin-ingress-disabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-admin-ingress-disabled.golden.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/synapse/tests/golden/fixtures/test-admin-ingress-tls.golden.yaml b/charts/synapse/tests/golden/fixtures/test-admin-ingress-tls.golden.yaml new file mode 100644 index 0000000..845edd8 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-admin-ingress-tls.golden.yaml @@ -0,0 +1,27 @@ +--- +# Source: synapse/templates/admin-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: synapse-admin + + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + secretName: admin-tls + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: admin + port: + number: 80 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-admin-ingress.golden.yaml b/charts/synapse/tests/golden/fixtures/test-admin-ingress.golden.yaml new file mode 100644 index 0000000..55b6015 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-admin-ingress.golden.yaml @@ -0,0 +1,26 @@ +--- +# Source: synapse/templates/admin-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: synapse-admin + + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: admin + port: + number: 80 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-admin-service.golden.yaml b/charts/synapse/tests/golden/fixtures/test-admin-service.golden.yaml new file mode 100644 index 0000000..802b68f --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-admin-service.golden.yaml @@ -0,0 +1,15 @@ +--- +# Source: synapse/templates/admin-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: admin + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + selector: + app: admin + ports: + - name: admin + port: 80 + targetPort: 8080 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml new file mode 100644 index 0000000..b8ee1db --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-envoy-configmap.golden.yaml @@ -0,0 +1,753 @@ +--- +# Source: synapse/templates/envoy-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: synapse-client-reader-envoy + labels: + app: synapse + component: synapse-client-reader +data: + envoy.yaml: | + admin: + address: + socket_address: + address: 0.0.0.0 + port_value: 9901 + + overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.fixed_heap" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.fixed_heap.v3.FixedHeapConfig + max_heap_size_bytes: 2147483648 + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 + actions: + - name: "envoy.overload_actions.shrink_heap" + triggers: + - name: "envoy.resource_monitors.fixed_heap" + threshold: + value: 0.95 + - name: "envoy.overload_actions.stop_accepting_requests" + triggers: + - name: "envoy.resource_monitors.fixed_heap" + threshold: + value: 0.98 + + layered_runtime: + layers: + - name: static_layer_0 + static_layer: + envoy: + resource_limits: + listener: + httpd: + connection_limit: 49000 + + static_resources: + listeners: + - name: listener_0 + address: + socket_address: + protocol: TCP + address: 0.0.0.0 + port_value: 10000 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: local_service + domains: ["*"] + routes: + # CORS preflight — intercept all OPTIONS requests, no upstream proxy + - match: + prefix: "/" + headers: + - name: ":method" + string_match: + exact: "OPTIONS" + direct_response: + status: 204 + response_headers_to_add: + - header: + key: "access-control-allow-origin" + value: "*" + - header: + key: "access-control-allow-methods" + value: "GET, HEAD, POST, PUT, DELETE, OPTIONS" + - header: + key: "access-control-allow-headers" + value: "X-Requested-With, Content-Type, Authorization, Date" + - header: + key: "access-control-expose-headers" + value: "Synapse-Trace-Id, Server" + - header: + key: "content-length" + value: "0" + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/(sync|events|initialSync|rooms/[^/]+/initialSync)(?:\?.*)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-user-hash + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash + - match: + safe_regex: + regex: '^/_matrix/client/unstable/org\.matrix\.simplified_msc3575/sync(?:\?.*)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-user-hash + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: whoami_hash + - match: + safe_regex: + regex: '^/_matrix/client/.*(?:%21|!)[A-Za-z0-9._=/-]+(?::|%3[Aa])[A-Za-z0-9.-]+.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-room-hash + hash_policy: + - header: + header_name: X-Hash-Key + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: room_hash + # Generic client discovery and lookup APIs + # versions has no API version prefix: source versions.py:42 + - match: + safe_regex: + regex: '^/_matrix/client/versions$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + # notifications + # source: notifications.py:46 client_patterns("/notifications$") -> (r0|v3|unstable) + - match: + safe_regex: + regex: '^/_matrix/client/(r0|v3|unstable)/notifications$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + # Encryption and room-key APIs + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/room_keys/.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/keys/(query|changes|claim|room_keys/).*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + # MSC3814 dehydrated-device APIs + - match: + safe_regex: + regex: '^/_matrix/client/unstable/org\.matrix\.msc3814\.v1/dehydrated_device(?:\?.*)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/unstable/org\.matrix\.msc3814\.v1/dehydrated_device/[^/]*/events(?:\?.*)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + # Login, registration, account, and profile APIs + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/login.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/register(/available|/m\.login\.registration_token/validity)?(?:\?.*)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/password_policy.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/profile.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/account/(3pid|whoami|deactivate).*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + # Room-scoped client APIs handled by client readers + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/hierarchy.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/aliases.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/timestamp_to_event.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(relations/|event/).*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(redact|send|state/).*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick).*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + # Generic client discovery and lookup APIs + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/(createRoom|publicRooms|versions|joined_rooms|search|capabilities).*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + - match: + safe_regex: + regex: '^/_matrix/client/(api/v1|r0|v3|unstable)/user/.*/filter(/|$).*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + # MatrixRTC transport discovery + - match: + safe_regex: + regex: '^/_matrix/client/unstable/org\.matrix\.msc4143/rtc/transports(?:\?.*)?$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-client-reader + # Federation and server-key APIs + - match: + safe_regex: + regex: '^/_matrix/(federation/(v1|v2)|key/v2)/.*$' + route: + timeout: 300s + auto_host_rewrite: true + cluster: httpd-federation-ip-hash + hash_policy: + - connection_properties: + source_ip: true + - match: + prefix: "/" + direct_response: + status: 404 + body: + inline_string: "not found\n" + typed_per_filter_config: + envoy.filters.http.lua: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute + name: unmatched_route_log + http_filters: + - name: envoy.filters.http.lua + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua + default_source_code: + inline_string: | + function envoy_on_request(request_handle) + return + end + source_codes: + whoami_hash: + inline_string: | + package.path = package.path .. ";/usr/lib/?.lua" + local synapse = require("synapse") + + function envoy_on_request(request_handle) + local hash_key = synapse.get_user_identifier_from_request(request_handle, { + whoami_cluster = "httpd-client-reader", + whoami_path = "/_matrix/client/v3/account/whoami", + cache_ttl_seconds = 300, + timeout_ms = 5000, + logging_enabled = false, + logging_token_length = 8 + }) + + local headers = request_handle:headers() + if hash_key ~= nil then + headers:add("X-Hash-Key", hash_key) + return + end + + synapse.set_request_id_hash_key_with_fallback_log(request_handle, headers, "user") + end + room_hash: + inline_string: | + package.path = package.path .. ";/usr/lib/?.lua" + local synapse = require("synapse") + + function envoy_on_request(request_handle) + local headers = request_handle:headers() + local hash_key = synapse.get_room_id_from_request(headers) + + if hash_key ~= nil then + headers:add("X-Hash-Key", hash_key) + return + end + + synapse.set_request_id_hash_key_with_fallback_log(request_handle, headers, "room") + end + unmatched_route_log: + inline_string: | + function envoy_on_request(request_handle) + local headers = request_handle:headers() + request_handle:logWarn( + "synapse_envoy_unmatched_route: method=" + .. tostring(headers:get(":method")) + .. " path=" + .. tostring(headers:get(":path")) + .. " authority=" + .. tostring(headers:get(":authority")) + ) + end + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: httpd-client-reader + connect_timeout: 0.02s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + lb_policy: LEAST_REQUEST + least_request_lb_config: + choice_count: 2 + outlier_detection: + consecutive_5xx: 5 + consecutive_gateway_failure: 5 + interval: 10s + base_ejection_time: 30s + max_ejection_percent: 50 + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + - priority: HIGH + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + load_assignment: + cluster_name: httpd-client-reader + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: synapse-client-reader-headless + port_value: 8008 + - name: httpd-federation-ip-hash + connect_timeout: 0.02s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + lb_policy: RING_HASH + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + - priority: HIGH + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + load_assignment: + cluster_name: httpd-federation-ip-hash + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: synapse-federation-reader-headless + port_value: 8008 + - name: httpd-room-hash + connect_timeout: 0.02s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + lb_policy: RING_HASH + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + - priority: HIGH + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + load_assignment: + cluster_name: httpd-room-hash + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: synapse-room-headless + port_value: 8008 + - name: httpd-user-hash + connect_timeout: 0.02s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + lb_policy: RING_HASH + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + - priority: HIGH + max_connections: 30000 + max_requests: 8192 + max_retries: 3 + load_assignment: + cluster_name: httpd-user-hash + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: synapse-sync-headless + port_value: 8008 + + synapse.lua: | + local room_id_pattern = "(![A-Za-z0-9._=%%%-/]+:[A-Za-z0-9.%-]+)" + local whoami_cache = {} + + local function normalize_matrix_room_separators(path) + return path:gsub("%%21", "!"):gsub("%%3[Aa]", ":") + end + + local function get_room_id_from_namespace_path(path, namespace) + local _, _, room_id = string.find(path, "^/_matrix/" .. namespace .. "/.-" .. room_id_pattern) + + return room_id + end + + local function get_room_id_from_path(path) + local normalized_path = normalize_matrix_room_separators(path) + + local key = get_room_id_from_namespace_path(normalized_path, "client") + if key ~= nil then + return key + end + + key = get_room_id_from_namespace_path(normalized_path, "federation") + if key ~= nil then + return key + end + + local _, _, key = string.find(path, "/_matrix/client/v3/rooms/([^/]+)/messages") + + return key + end + + local function get_room_id_from_request(headers) + local path = headers:get(":path") + + return get_room_id_from_path(path) + end + + local function get_access_token(auth_header, path) + if auth_header ~= nil and string.len(auth_header) > 0 then + local _, _, bearer_token = string.find(auth_header, "^[Bb]earer%s+(.+)$") + if bearer_token ~= nil then + return bearer_token + end + + return auth_header + end + + local _, _, token_param = string.find(path, "access_token=([^&]+)") + if token_param ~= nil then + return token_param + end + + return auth_header + end + + local function get_access_token_from_request(headers) + local path = headers:get(":path") + + return get_access_token(headers:get("authorization"), path) + end + + local function log_hash_fallback(request_handle, headers, fallback_type, request_id) + request_handle:logWarn( + "synapse_envoy_" .. fallback_type .. "_hash_fallback: method=" + .. tostring(headers:get(":method")) + .. " path=" + .. tostring(headers:get(":path")) + .. " authority=" + .. tostring(headers:get(":authority")) + .. " request_id=" + .. tostring(request_id) + ) + end + + local function set_request_id_hash_key_with_fallback_log(request_handle, headers, fallback_type) + local request_id = headers:get("x-request-id") + + log_hash_fallback(request_handle, headers, fallback_type, request_id) + headers:add("X-Hash-Key", request_id) + end + + local function get_option(options, key, default) + if options ~= nil and options[key] ~= nil then + return options[key] + end + + return default + end + + local function log(request_handle, options, level, message) + if not get_option(options, "logging_enabled", false) then + return + end + + local prefixed_message = "whoami_sync_worker_router: " .. message + if level == "error" then + request_handle:logErr(prefixed_message) + return + end + + request_handle:logWarn(prefixed_message) + end + + local function truncate_token(token, options) + local token_length = get_option(options, "logging_token_length", 8) + if token == nil or string.len(token) <= token_length then + return token + end + + return string.sub(token, 1, token_length) .. "..." + end + + local function extract_localpart(user_id) + if user_id == nil or string.sub(user_id, 1, 1) ~= "@" then + return nil + end + + local colon_index = string.find(user_id, ":", 2, true) + if colon_index == nil then + return nil + end + + return string.sub(user_id, 2, colon_index - 1) + end + + local function extract_user_id_from_whoami_body(body) + local _, _, user_id = string.find(body, '"user_id"%s*:%s*"([^"]+)"') + + return user_id + end + + local function get_cached_username(token, options) + local entry = whoami_cache[token] + if entry == nil then + return nil + end + + if entry.expires_at > os.time() then + return entry.username + end + + whoami_cache[token] = nil + return nil + end + + local function cache_username(token, username, options) + local ttl_seconds = get_option(options, "cache_ttl_seconds", 300) + whoami_cache[token] = { + username = username, + expires_at = os.time() + ttl_seconds + } + end + + local function lookup_whoami(request_handle, token, options) + local headers = request_handle:headers() + local authority = headers:get(":authority") + if authority == nil then + authority = "synapse-client-reader-headless" + end + + log(request_handle, options, "warn", "performing whoami lookup for token " .. truncate_token(token, options)) + + local ok, response_headers, response_body = pcall(function() + return request_handle:httpCall( + get_option(options, "whoami_cluster", "httpd"), + { + [":method"] = "GET", + [":path"] = get_option(options, "whoami_path", "/_matrix/client/v3/account/whoami"), + [":authority"] = authority, + ["authorization"] = "Bearer " .. token, + ["x-forwarded-proto"] = "https" + }, + "", + get_option(options, "timeout_ms", 5000) + ) + end) + + if not ok then + log(request_handle, options, "error", "whoami lookup failed: " .. tostring(response_headers)) + return nil + end + + local status = response_headers[":status"] + if status ~= "200" then + if status == "401" then + log(request_handle, options, "warn", "whoami lookup returned 401 for token " .. truncate_token(token, options)) + else + log(request_handle, options, "error", "whoami lookup returned status " .. tostring(status)) + end + return nil + end + + local user_id = extract_user_id_from_whoami_body(response_body) + local username = extract_localpart(user_id) + if username ~= nil then + log(request_handle, options, "warn", "whoami lookup success: " .. user_id .. " -> " .. username) + end + + return username + end + + local function get_user_identifier_from_request(request_handle, options) + local headers = request_handle:headers() + local token = get_access_token_from_request(headers) + if token == nil or string.len(token) == 0 then + log(request_handle, options, "warn", "no token found in request") + return nil + end + + local cached_username = get_cached_username(token, options) + if cached_username ~= nil then + log(request_handle, options, "warn", "cache hit for token " .. truncate_token(token, options) .. " -> " .. cached_username) + return cached_username + end + + local username = lookup_whoami(request_handle, token, options) + if username ~= nil then + cache_username(token, username, options) + return username + end + + log(request_handle, options, "warn", "whoami lookup failed, falling back to token-based routing") + return token + end + + return { + get_access_token_from_request = get_access_token_from_request, + get_room_id_from_request = get_room_id_from_request, + set_request_id_hash_key_with_fallback_log = set_request_id_hash_key_with_fallback_log, + get_user_identifier_from_request = get_user_identifier_from_request + } \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml new file mode 100644 index 0000000..7f5ee7d --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-envoy-deployment.golden.yaml @@ -0,0 +1,66 @@ +--- +# Source: synapse/templates/envoy-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: synapse-client-reader-envoy + labels: + app: synapse + component: synapse-client-reader-envoy +spec: + replicas: 2 + selector: + matchLabels: + app: synapse + component: synapse-client-reader-envoy + strategy: + + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: synapse + component: synapse-client-reader-envoy + annotations: + checksum/config: f733a52fec21fc387d787eeaf3eafdbd238ea86d79d2b4d64ba9373eff9c6b59 + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: envoy + image: envoyproxy/envoy:v1.36.6 + imagePullPolicy: IfNotPresent + args: + - -c + - /config/envoy.yaml + ports: + - name: http + containerPort: 10000 + protocol: TCP + - name: http-admin + containerPort: 9901 + protocol: TCP + livenessProbe: + httpGet: + path: /ready + port: http-admin + readinessProbe: + httpGet: + path: /ready + port: http-admin + resources: + + {} + volumeMounts: + - name: config + mountPath: /config/envoy.yaml + subPath: envoy.yaml + - name: config + mountPath: /usr/lib/synapse.lua + subPath: synapse.lua + volumes: + - name: config + configMap: + name: synapse-client-reader-envoy \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-pdb-max-unavailable.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-pdb-max-unavailable.golden.yaml new file mode 100644 index 0000000..dcf57cc --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-envoy-pdb-max-unavailable.golden.yaml @@ -0,0 +1,12 @@ +--- +# Source: synapse/templates/envoy-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-client-reader-envoy +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-client-reader-envoy \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-pdb.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-pdb.golden.yaml new file mode 100644 index 0000000..68d81dd --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-envoy-pdb.golden.yaml @@ -0,0 +1,12 @@ +--- +# Source: synapse/templates/envoy-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-client-reader-envoy +spec: + minAvailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-client-reader-envoy \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-service.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-service.golden.yaml new file mode 100644 index 0000000..53ad095 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-envoy-service.golden.yaml @@ -0,0 +1,23 @@ +--- +# Source: synapse/templates/envoy-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-client-reader-envoy + labels: + app: synapse + component: synapse-client-reader-envoy +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + - port: 9901 + targetPort: http-admin + protocol: TCP + name: http-admin + selector: + app: synapse + component: synapse-client-reader-envoy \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-servicemonitor-disabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-servicemonitor-disabled.golden.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/synapse/tests/golden/fixtures/test-envoy-servicemonitor.golden.yaml b/charts/synapse/tests/golden/fixtures/test-envoy-servicemonitor.golden.yaml new file mode 100644 index 0000000..91e82e2 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-envoy-servicemonitor.golden.yaml @@ -0,0 +1,19 @@ +--- +# Source: synapse/templates/envoy-servicemonitor.yaml +kind: ServiceMonitor +apiVersion: monitoring.coreos.com/v1 +metadata: + name: envoy-service + labels: + app: synapse + component: synapse-client-reader-envoy +spec: + endpoints: + - interval: 60s + path: /stats/prometheus + port: http-admin + jobLabel: envoy-service + selector: + matchLabels: + app: synapse + component: synapse-client-reader-envoy \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-ingress-default.golden.yaml b/charts/synapse/tests/golden/fixtures/test-ingress-default.golden.yaml new file mode 100644 index 0000000..d43f8f6 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-ingress-default.golden.yaml @@ -0,0 +1,366 @@ +--- +# Source: synapse/templates/synapse-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: synapse + + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/proxy-read-timeout: "320" + nginx.org/client-max-body-size: 50m +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|rooms/[^/]+/(forget|upgrade|report)|register) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_matrix/client/(unstable|v1)/org.matrix.msc4108/rendezvous$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_synapse/client/rendezvous$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_matrix/federation/v[12]/(?:state_ids|get_missing_events)/(?:%21|!)(?[A-Za-z0-9._=\-\/]+)(:|%3A)[A-Za-z0-9.\-]+ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/typing + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-typing + - path: /_matrix/client/(r0|v3|unstable)/sendToDevice/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-to-device + - path: /_matrix/client/(r0|v3|unstable)/.*/tags + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-account-data + - path: /_matrix/client/(r0|v3|unstable)/.*/account_data + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-account-data + - path: /_matrix/client/(r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/receipt + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-receipts + - path: /_matrix/client/(r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/read_markers + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-receipts + - path: /_matrix/client/(api/v1|r0|v3|unstable)/presence/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-presence + - path: /_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-push-rules + - path: /_matrix/client/(r0|v3|unstable)/delete_devices$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(r0|v3|unstable)/keys/upload(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/.*(?:%21|!)[A-Za-z0-9._=/-]+(?::|%3[Aa])[A-Za-z0-9.-]+.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(sync|events|initialSync|rooms/[^/]+/initialSync)$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.simplified_msc3575/sync$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/versions$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/notifications$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/room_keys/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/keys/(query|changes|claim) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device/[^/]*/events$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(joined_members|context/.*|members|state|hierarchy|relations/|event/|aliases|timestamp_to_event|redact|send|state/|(join|invite|leave|ban|unban|kick)) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(createRoom|publicRooms|voip/turnServer|joined_rooms|search|directory/room/.*|capabilities) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/user/.*/filter(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc4143/rtc/transports$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/profile/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/account/(3pid|whoami|deactivate) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/(federation/(v1|v2)(?!/(media|openid))|key/v2)/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication + - path: /_matrix/client/(api/v1|r0|v3|unstable)/login$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication + - path: /_matrix/client/(api/v1|r0|v3|unstable)/logout(/all)?$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication + - path: /_matrix/client/(r0|v3|unstable)/refresh$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication + - path: /_matrix/client/(r0|v3|unstable)/user_directory/search$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-user-dir + - path: /_matrix/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/client/v1/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/federation/v1/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/purge_media_cache$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/room/.*/media.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/user/.*/media.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/media/.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/quarantine_media/.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/users/.*/media$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_synapse/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-ingress-msc4306.golden.yaml b/charts/synapse/tests/golden/fixtures/test-ingress-msc4306.golden.yaml new file mode 100644 index 0000000..6d708fd --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-ingress-msc4306.golden.yaml @@ -0,0 +1,380 @@ +--- +# Source: synapse/templates/synapse-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: synapse + + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/proxy-read-timeout: "320" + nginx.org/client-max-body-size: 50m +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|rooms/[^/]+/(forget|upgrade|report)|register) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_matrix/client/(unstable|v1)/org.matrix.msc4108/rendezvous$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_synapse/client/rendezvous$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_matrix/federation/v[12]/(?:state_ids|get_missing_events)/(?:%21|!)(?[A-Za-z0-9._=\-\/]+)(:|%3A)[A-Za-z0-9.\-]+ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/typing + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-typing + - path: /_matrix/client/(r0|v3|unstable)/sendToDevice/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-to-device + - path: /_matrix/client/(r0|v3|unstable)/.*/tags + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-account-data + - path: /_matrix/client/(r0|v3|unstable)/.*/account_data + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-account-data + - path: /_matrix/client/(r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/receipt + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-receipts + - path: /_matrix/client/(r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/read_markers + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-receipts + - path: /_matrix/client/(api/v1|r0|v3|unstable)/presence/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-presence + - path: /_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-push-rules + - path: /_matrix/client/(r0|v3|unstable)/delete_devices$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(r0|v3|unstable)/keys/upload(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/unstable/io.element.msc4306/rooms/.*/thread/.*/subscription$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-thread-subscriptions + - path: /_matrix/client/unstable/io.element.msc4308/thread_subscriptions$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-thread-subscriptions + - path: /_matrix/client/.*(?:%21|!)[A-Za-z0-9._=/-]+(?::|%3[Aa])[A-Za-z0-9.-]+.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(sync|events|initialSync|rooms/[^/]+/initialSync)$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.simplified_msc3575/sync$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/versions$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/notifications$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/room_keys/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/keys/(query|changes|claim) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device/[^/]*/events$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(joined_members|context/.*|members|state|hierarchy|relations/|event/|aliases|timestamp_to_event|redact|send|state/|(join|invite|leave|ban|unban|kick)) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(createRoom|publicRooms|voip/turnServer|joined_rooms|search|directory/room/.*|capabilities) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/user/.*/filter(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc4143/rtc/transports$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/profile/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/account/(3pid|whoami|deactivate) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/(federation/(v1|v2)(?!/(media|openid))|key/v2)/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication + - path: /_matrix/client/(api/v1|r0|v3|unstable)/login$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication + - path: /_matrix/client/(api/v1|r0|v3|unstable)/logout(/all)?$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication + - path: /_matrix/client/(r0|v3|unstable)/refresh$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication + - path: /_matrix/client/(r0|v3|unstable)/user_directory/search$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-user-dir + - path: /_matrix/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/client/v1/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/federation/v1/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/purge_media_cache$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/room/.*/media.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/user/.*/media.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/media/.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/quarantine_media/.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/users/.*/media$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_synapse/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-ingress-no-mas.golden.yaml b/charts/synapse/tests/golden/fixtures/test-ingress-no-mas.golden.yaml new file mode 100644 index 0000000..27f146a --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-ingress-no-mas.golden.yaml @@ -0,0 +1,373 @@ +--- +# Source: synapse/templates/synapse-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: synapse + + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/proxy-read-timeout: "320" + nginx.org/client-max-body-size: 50m +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(account/3pid/|directory/list/room/|rooms/[^/]+/(forget|upgrade|report)|register) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_matrix/client/(unstable|v1)/org.matrix.msc4108/rendezvous$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_synapse/client/rendezvous$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_matrix/federation/v[12]/(?:state_ids|get_missing_events)/(?:%21|!)(?[A-Za-z0-9._=\-\/]+)(:|%3A)[A-Za-z0-9.\-]+ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/typing + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-typing + - path: /_matrix/client/(r0|v3|unstable)/sendToDevice/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-to-device + - path: /_matrix/client/(r0|v3|unstable)/.*/tags + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-account-data + - path: /_matrix/client/(r0|v3|unstable)/.*/account_data + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-account-data + - path: /_matrix/client/(r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/receipt + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-receipts + - path: /_matrix/client/(r0|v3|unstable)/rooms/(?:%21|!)[A-Za-z0-9._=\-]+(?::|%3[Aa])[A-Za-z0-9.\-]+/read_markers + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-receipts + - path: /_matrix/client/(api/v1|r0|v3|unstable)/presence/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-presence + - path: /_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-push-rules + - path: /_matrix/client/(r0|v3|unstable)/delete_devices$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(r0|v3|unstable)/keys/upload(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-device-lists + - path: /_matrix/client/.*(?:%21|!)[A-Za-z0-9._=/-]+(?::|%3[Aa])[A-Za-z0-9.-]+.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(sync|events|initialSync|rooms/[^/]+/initialSync)$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.simplified_msc3575/sync$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + # ! + name: synapse-client-reader-envoy + - path: /_matrix/client/versions$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/notifications$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/room_keys/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/keys/(query|changes|claim) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device/[^/]*/events$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(joined_members|context/.*|members|state|hierarchy|relations/|event/|aliases|timestamp_to_event|redact|send|state/|(join|invite|leave|ban|unban|kick)) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/(createRoom|publicRooms|voip/turnServer|joined_rooms|search|directory/room/.*|capabilities) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/user/.*/filter(/|$) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/unstable/org.matrix.msc4143/rtc/transports$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/profile/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/account/(3pid|whoami|deactivate) + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(api/v1|r0|v3|unstable)/login$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/register$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/register/available$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/v1/register/m.login.registration_token/validity$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/password_policy$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/(federation/(v1|v2)(?!/(media|openid))|key/v2)/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-client-reader-envoy + - path: /_matrix/client/(r0|v3|unstable)/user_directory/search$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-user-dir + - path: /_matrix/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/client/v1/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/federation/v1/media/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/purge_media_cache$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/room/.*/media.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/user/.*/media.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/media/.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/quarantine_media/.*$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_synapse/admin/v1/users/.*/media$ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-media-repository + - path: /_matrix/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master + - path: /_synapse/ + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: synapse-master \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment-disabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment-disabled.golden.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml new file mode 100644 index 0000000..9bb7926 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-deployment.golden.yaml @@ -0,0 +1,70 @@ +--- +# Source: synapse/templates/matrix-authentication-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: matrix-authentication + labels: + app: synapse + component: matrix-authentication +spec: + replicas: 2 + selector: + matchLabels: + app: synapse + component: matrix-authentication + strategy: + + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: synapse + component: matrix-authentication + annotations: + checksum/config: a5a6b03d26e1be82388abd221457458a5a63dd8bf9433311aa9285394517bc27 + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: main + image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + imagePullPolicy: IfNotPresent + env: + - name: "MAS_CONFIG" + value: "/etc/mas-config.yaml" + ports: + - name: http + containerPort: 8080 + protocol: TCP + - name: internal + containerPort: 8081 + protocol: TCP + - name: metrics + containerPort: 9100 + protocol: TCP + livenessProbe: + httpGet: + port: internal + path: /health + readinessProbe: + httpGet: + port: internal + path: /health + resources: + + {} + volumeMounts: + - name: config + mountPath: "/etc/mas-config.yaml" + subPath: "mas-config.yaml" + readOnly: true + volumes: + - name: config + secret: + secretName: matrix-authentication + items: + - key: mas-config.yaml + path: mas-config.yaml \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-hpa-disabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-hpa-disabled.golden.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-hpa-enabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-hpa-enabled.golden.yaml new file mode 100644 index 0000000..43091c3 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-hpa-enabled.golden.yaml @@ -0,0 +1,23 @@ +--- +# Source: synapse/templates/matrix-authentication-hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: matrix-authentication + labels: + app: synapse + component: matrix-authentication +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: matrix-authentication + minReplicas: 2 + maxReplicas: 5 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-ingress-tls.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-ingress-tls.golden.yaml new file mode 100644 index 0000000..b92645d --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-ingress-tls.golden.yaml @@ -0,0 +1,27 @@ +--- +# Source: synapse/templates/matrix-authentication-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: matrix-authentication + + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.org/client-max-body-size: 50m +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + secretName: mas-tls + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: "/" + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-ingress.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-ingress.golden.yaml new file mode 100644 index 0000000..1365c4d --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-ingress.golden.yaml @@ -0,0 +1,26 @@ +--- +# Source: synapse/templates/matrix-authentication-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: matrix-authentication + + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.org/client-max-body-size: 50m +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: "/" + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: matrix-authentication \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml new file mode 100644 index 0000000..7500e78 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-helm.golden.yaml @@ -0,0 +1,38 @@ +--- +# Source: synapse/templates/matrix-authentication-job-config-sync.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: matrix-authentication-config-sync + annotations: + helm.sh/hook: "pre-install,pre-upgrade" + helm.sh/hook-weight: "-10" +spec: + parallelism: 1 + completions: 1 + template: + spec: + restartPolicy: Never + containers: + - name: config-sync + image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + imagePullPolicy: IfNotPresent + env: + - name: "MAS_CONFIG" + value: "/etc/mas-config.yaml" + command: + - /usr/local/bin/mas-cli + - config + - sync + volumeMounts: + - name: config + mountPath: "/etc/mas-config.yaml" + subPath: "mas-config.yaml" + readOnly: true + volumes: + - name: config + secret: + secretName: matrix-authentication + items: + - key: mas-config.yaml + path: mas-config.yaml \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml new file mode 100644 index 0000000..f2c92e6 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync-prune.golden.yaml @@ -0,0 +1,39 @@ +--- +# Source: synapse/templates/matrix-authentication-job-config-sync.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: matrix-authentication-config-sync + annotations: + argocd.argoproj.io/sync-wave: "-10" + argocd.argoproj.io/hook: "Sync" +spec: + parallelism: 1 + completions: 1 + template: + spec: + restartPolicy: Never + containers: + - name: config-sync + image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + imagePullPolicy: IfNotPresent + env: + - name: "MAS_CONFIG" + value: "/etc/mas-config.yaml" + command: + - /usr/local/bin/mas-cli + - config + - sync + - --prune + volumeMounts: + - name: config + mountPath: "/etc/mas-config.yaml" + subPath: "mas-config.yaml" + readOnly: true + volumes: + - name: config + secret: + secretName: matrix-authentication + items: + - key: mas-config.yaml + path: mas-config.yaml \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml new file mode 100644 index 0000000..68df52a --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-config-sync.golden.yaml @@ -0,0 +1,38 @@ +--- +# Source: synapse/templates/matrix-authentication-job-config-sync.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: matrix-authentication-config-sync + annotations: + argocd.argoproj.io/sync-wave: "-10" + argocd.argoproj.io/hook: "Sync" +spec: + parallelism: 1 + completions: 1 + template: + spec: + restartPolicy: Never + containers: + - name: config-sync + image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + imagePullPolicy: IfNotPresent + env: + - name: "MAS_CONFIG" + value: "/etc/mas-config.yaml" + command: + - /usr/local/bin/mas-cli + - config + - sync + volumeMounts: + - name: config + mountPath: "/etc/mas-config.yaml" + subPath: "mas-config.yaml" + readOnly: true + volumes: + - name: config + secret: + secretName: matrix-authentication + items: + - key: mas-config.yaml + path: mas-config.yaml \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml new file mode 100644 index 0000000..5fac790 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration-helm.golden.yaml @@ -0,0 +1,38 @@ +--- +# Source: synapse/templates/matrix-authentication-job-db-migration.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: matrix-authentication-db-migration + annotations: + helm.sh/hook: "pre-install,pre-upgrade" + helm.sh/hook-weight: "-20" +spec: + parallelism: 1 + completions: 1 + template: + spec: + restartPolicy: Never + containers: + - name: db-migration + image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + imagePullPolicy: IfNotPresent + env: + - name: "MAS_CONFIG" + value: "/etc/mas-config.yaml" + command: + - /usr/local/bin/mas-cli + - database + - migrate + volumeMounts: + - name: config + mountPath: "/etc/mas-config.yaml" + subPath: "mas-config.yaml" + readOnly: true + volumes: + - name: config + secret: + secretName: matrix-authentication + items: + - key: mas-config.yaml + path: mas-config.yaml \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml new file mode 100644 index 0000000..a6a511f --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-job-db-migration.golden.yaml @@ -0,0 +1,38 @@ +--- +# Source: synapse/templates/matrix-authentication-job-db-migration.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: matrix-authentication-db-migration + annotations: + argocd.argoproj.io/sync-wave: "-20" + argocd.argoproj.io/hook: "Sync" +spec: + parallelism: 1 + completions: 1 + template: + spec: + restartPolicy: Never + containers: + - name: db-migration + image: ghcr.io/element-hq/matrix-authentication-service:1.15.0 + imagePullPolicy: IfNotPresent + env: + - name: "MAS_CONFIG" + value: "/etc/mas-config.yaml" + command: + - /usr/local/bin/mas-cli + - database + - migrate + volumeMounts: + - name: config + mountPath: "/etc/mas-config.yaml" + subPath: "mas-config.yaml" + readOnly: true + volumes: + - name: config + secret: + secretName: matrix-authentication + items: + - key: mas-config.yaml + path: mas-config.yaml \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-pdb-max-unavailable.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-pdb-max-unavailable.golden.yaml new file mode 100644 index 0000000..cc7f0b1 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-pdb-max-unavailable.golden.yaml @@ -0,0 +1,12 @@ +--- +# Source: synapse/templates/matrix-authentication-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: matrix-authentication +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: matrix-authentication \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-pdb.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-pdb.golden.yaml new file mode 100644 index 0000000..2f80e55 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-pdb.golden.yaml @@ -0,0 +1,12 @@ +--- +# Source: synapse/templates/matrix-authentication-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: matrix-authentication +spec: + minAvailable: 1 + selector: + matchLabels: + app: synapse + component: matrix-authentication \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-secret.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-secret.golden.yaml new file mode 100644 index 0000000..e0bc5a9 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-secret.golden.yaml @@ -0,0 +1,102 @@ +--- +# Source: synapse/templates/matrix-authentication-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: matrix-authentication + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: matrix-authentication +type: Opaque +stringData: + mas-config.yaml: |- + clients: + + - client_auth_method: client_secret_basic + client_id: NOT-CONFIGURED + client_secret: NOT-CONFIGURED + http: + listeners: + - name: http + resources: + - name: discovery + - name: human + - name: oauth + - name: compat + - name: graphql + playground: false + - name: assets + path: /usr/local/share/mas-cli/assets/ + binds: + - address: '[::]:8080' + proxy_protocol: false + - name: internal + resources: + - name: health + binds: + - address: '[::]:8081' + - name: metrics + resources: + - name: prometheus + binds: + - address: '[::]:9100' + trusted_proxies: [] + public_base: https://NOT-CONFIGURED/ + issuer: https://NOT-CONFIGURED/ + database: + + connect_timeout: 30 + database: mas + host: NOT-CONFIGURED + idle_timeout: 600 + max_connections: 10 + max_lifetime: 1800 + min_connections: 0 + password: NOT-CONFIGURED + port: 5432 + username: mas_user + secrets: + + encryption: NOT-CONFIGURED + keys: [] + matrix: + homeserver: NOT-CONFIGURED + secret: NOT-CONFIGURED + endpoint: https://NOT-CONFIGURED/ + + telemetry: + tracing: + exporter: none + propagators: [] + metrics: + exporter: prometheus + sentry: + dsn: null + templates: + path: /usr/local/share/mas-cli/templates/ + assets_manifest: /usr/local/share/mas-cli/manifest.json + translations_path: /usr/local/share/mas-cli/translations/ + email: + from: '"Authentication Service" ' + reply_to: '"Authentication Service" ' + transport: blackhole + policy: + wasm_module: /usr/local/share/mas-cli/policy.wasm + client_registration_entrypoint: client_registration/violation + register_entrypoint: register/violation + authorization_grant_entrypoint: authorization_grant/violation + password_entrypoint: password/violation + email_entrypoint: email/violation + data: null + branding: + service_name: null + policy_uri: null + tos_uri: null + imprint: null + logo_uri: null + experimental: + access_token_ttl: 300 + compat_token_ttl: 300 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-matrix-auth-service.golden.yaml b/charts/synapse/tests/golden/fixtures/test-matrix-auth-service.golden.yaml new file mode 100644 index 0000000..00577b8 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-matrix-auth-service.golden.yaml @@ -0,0 +1,19 @@ +--- +# Source: synapse/templates/matrix-authentication-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: matrix-authentication + labels: + app: synapse + component: matrix-authentication +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app: synapse + component: matrix-authentication \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-pgbouncer-configmap.golden.yaml b/charts/synapse/tests/golden/fixtures/test-pgbouncer-configmap.golden.yaml new file mode 100644 index 0000000..d8f420b --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-pgbouncer-configmap.golden.yaml @@ -0,0 +1,25 @@ +--- +# Source: synapse/templates/pgbouncer-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: synapse-pgbouncer + labels: + app: synapse-pgbouncer +data: + pgbouncer.ini: | + [databases] + synapse=host=NOT-CONFIGURED4 port=5432 dbname=synapse + [pgbouncer] + listen_port=5432 + listen_addr=0.0.0.0 + unix_socket_dir=/tmp/ + unix_socket_mode=0777 + auth_file = /etc/userlist/userlist.txt + server_reset_query = SELECT pg_advisory_unlock_all() + server_reset_query_always = 1 + admin_users=synapse + pool_mode=transaction + auth_type=md5 + default_pool_size=20 + max_client_conn=8192 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-pgbouncer-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-pgbouncer-deployment.golden.yaml new file mode 100644 index 0000000..2ede38b --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-pgbouncer-deployment.golden.yaml @@ -0,0 +1,61 @@ +--- +# Source: synapse/templates/pgbouncer-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: synapse-pgbouncer + labels: + app: synapse-pgbouncer +spec: + replicas: 2 + selector: + matchLabels: + app: synapse-pgbouncer + strategy: + + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 4b70facc53fa97e364187132ccb3ba8b3778453d83a3fd675e0e7a4f4232e3cf + checksum/secret: 251d899dfbca051b8c55e05538e5c9862a8db817c3177c5746beb367f25a24e5 + labels: + app: synapse-pgbouncer + spec: + containers: + - name: pgbouncer + image: ghcr.io/icoretech/pgbouncer-docker:1.24.1 + imagePullPolicy: IfNotPresent + resources: + + {} + ports: + - containerPort: 5432 + name: pgbouncer + protocol: TCP + readinessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 10 + periodSeconds: 5 + livenessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 60 + periodSeconds: 10 + volumeMounts: + - name: config + mountPath: /etc/pgbouncer/ + - name: userlist + mountPath: /etc/userlist/ + terminationGracePeriodSeconds: 10 + volumes: + - name: config + configMap: + name: synapse-pgbouncer + - name: userlist + secret: + secretName: synapse-pgbouncer \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb-disabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb-disabled.golden.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb-max-unavailable.golden.yaml b/charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb-max-unavailable.golden.yaml new file mode 100644 index 0000000..5d5fe8a --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb-max-unavailable.golden.yaml @@ -0,0 +1,11 @@ +--- +# Source: synapse/templates/pgbouncer-deployment-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-pgbouncer +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse-pgbouncer \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb.golden.yaml b/charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb.golden.yaml new file mode 100644 index 0000000..d01ef00 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-pgbouncer-pdb.golden.yaml @@ -0,0 +1,11 @@ +--- +# Source: synapse/templates/pgbouncer-deployment-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-pgbouncer +spec: + minAvailable: 1 + selector: + matchLabels: + app: synapse-pgbouncer \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-pgbouncer-secret.golden.yaml b/charts/synapse/tests/golden/fixtures/test-pgbouncer-secret.golden.yaml new file mode 100644 index 0000000..489002c --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-pgbouncer-secret.golden.yaml @@ -0,0 +1,12 @@ +--- +# Source: synapse/templates/pgbouncer-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-pgbouncer + labels: + app: synapse-pgbouncer +data: + userlist.txt: | + InN5bmFwc2UiICJOT1QtQ09ORklHVVJFRCI= +type: Opaque \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-pgbouncer-service-session-affinity.golden.yaml b/charts/synapse/tests/golden/fixtures/test-pgbouncer-service-session-affinity.golden.yaml new file mode 100644 index 0000000..da24ede --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-pgbouncer-service-session-affinity.golden.yaml @@ -0,0 +1,19 @@ +--- +# Source: synapse/templates/pgbouncer-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-pgbouncer + labels: + app: synapse-pgbouncer +spec: + selector: + app: synapse-pgbouncer + ports: + - name: pgbouncer + port: 5432 + targetPort: 5432 + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 3600 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-pgbouncer-service.golden.yaml b/charts/synapse/tests/golden/fixtures/test-pgbouncer-service.golden.yaml new file mode 100644 index 0000000..ae9acb5 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-pgbouncer-service.golden.yaml @@ -0,0 +1,15 @@ +--- +# Source: synapse/templates/pgbouncer-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-pgbouncer + labels: + app: synapse-pgbouncer +spec: + selector: + app: synapse-pgbouncer + ports: + - name: pgbouncer + port: 5432 + targetPort: 5432 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-hpa.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-hpa.golden.yaml new file mode 100644 index 0000000..044f590 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-hpa.golden.yaml @@ -0,0 +1,165 @@ +--- +# Source: synapse/templates/synapse-hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: synapse-client-reader-cpu +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: synapse-client-reader + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 65 + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Pods + value: 1 + periodSeconds: 120 + scaleUp: + stabilizationWindowSeconds: 60 + policies: + - type: Pods + value: 2 + periodSeconds: 15 +--- +# Source: synapse/templates/synapse-hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: synapse-federation-reader-cpu +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: synapse-federation-reader + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 65 + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Pods + value: 1 + periodSeconds: 120 + scaleUp: + stabilizationWindowSeconds: 60 + policies: + - type: Pods + value: 2 + periodSeconds: 15 +--- +# Source: synapse/templates/synapse-hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: synapse-media-repository-cpu +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: synapse-media-repository + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 65 + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Pods + value: 1 + periodSeconds: 120 + scaleUp: + stabilizationWindowSeconds: 60 + policies: + - type: Pods + value: 2 + periodSeconds: 15 +--- +# Source: synapse/templates/synapse-hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: synapse-room-cpu +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: synapse-room + minReplicas: 2 + maxReplicas: 20 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 65 + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Pods + value: 1 + periodSeconds: 120 + scaleUp: + stabilizationWindowSeconds: 60 + policies: + - type: Pods + value: 2 + periodSeconds: 15 +--- +# Source: synapse/templates/synapse-hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: synapse-sync-cpu +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: synapse-sync + minReplicas: 2 + maxReplicas: 20 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 65 + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Pods + value: 1 + periodSeconds: 120 + scaleUp: + stabilizationWindowSeconds: 60 + policies: + - type: Pods + value: 2 + periodSeconds: 15 \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-podmonitor-disabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-podmonitor-disabled.golden.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-podmonitor-enabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-podmonitor-enabled.golden.yaml new file mode 100644 index 0000000..6794f10 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-podmonitor-enabled.golden.yaml @@ -0,0 +1,13 @@ +--- +# Source: synapse/templates/synapse-podmonitor.yaml +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: synapse-metrics +spec: + selector: + matchLabels: + scrapeMetrics9092: 'true' + podMetricsEndpoints: + - port: metrics + path: "/_synapse/metrics" \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-resource-quota-disabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-resource-quota-disabled.golden.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-resource-quota.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-resource-quota.golden.yaml new file mode 100644 index 0000000..b23d38d --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-resource-quota.golden.yaml @@ -0,0 +1,18 @@ +--- +# Source: synapse/templates/synapse-resource-quota.yaml +apiVersion: v1 +kind: ResourceQuota +metadata: + labels: + addonmanager.kubernetes.io/mode: Reconcile + name: synapse-critical-pods +spec: + hard: + pods: 10 + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical + - system-cluster-critical \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-secret-no-pgbouncer-stream-writers.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-secret-no-pgbouncer-stream-writers.golden.yaml new file mode 100644 index 0000000..d8d6de3 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-secret-no-pgbouncer-stream-writers.golden.yaml @@ -0,0 +1,5224 @@ +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-account-data-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-account-data +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-background-worker-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-background-worker +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-client-reader-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-client-reader +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-device-lists-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-device-lists +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-event-persister-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-event-persister +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-federation-reader-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-federation-reader +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [federation] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-federation-sender-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-federation-sender +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [federation] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-master-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-master +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client, federation] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-media-repository-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-media-repository +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.media_repository + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [media] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: true + media_storage_providers: + [] + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-media-repository-background-jobs-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-media-repository-background-jobs +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.media_repository + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [media] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: true + media_storage_providers: + [] + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-presence-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-presence +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-push-rules-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-push-rules +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-pusher-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-pusher +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-receipts-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-receipts +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-room-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-room +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client, federation] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-sync-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-sync +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-thread-subscriptions-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-thread-subscriptions +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-to-device-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-to-device +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-typing-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-typing +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: NOT-CONFIGURED4 + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-user-dir-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-user-dir +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-secret.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-secret.golden.yaml new file mode 100644 index 0000000..7432b5c --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-secret.golden.yaml @@ -0,0 +1,5224 @@ +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-account-data-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-account-data +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-background-worker-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-background-worker +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-client-reader-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-client-reader +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-device-lists-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-device-lists +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-event-persister-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-event-persister +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-federation-reader-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-federation-reader +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [federation] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-federation-sender-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-federation-sender +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [federation] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-master-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-master +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client, federation] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-media-repository-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-media-repository +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.media_repository + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [media] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: true + media_storage_providers: + [] + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-media-repository-background-jobs-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-media-repository-background-jobs +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.media_repository + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [media] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: true + media_storage_providers: + [] + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-presence-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-presence +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-push-rules-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-push-rules +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-pusher-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-pusher +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-receipts-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-receipts +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-room-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-room +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client, federation] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-sync-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-sync +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-thread-subscriptions-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-thread-subscriptions +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-to-device-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-to-device +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-typing-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-typing +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + - port: 9093 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [replication] + compress: false + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | +--- +# Source: synapse/templates/synapse-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: synapse-user-dir-secret + annotations: + argocd.argoproj.io/sync-wave: "-30" + argocd.argoproj.io/hook: "Sync" + labels: + app: synapse + component: synapse-user-dir +type: Opaque +stringData: + homeserver.yaml: | + --- + server_name: NOT-CONFIGURED + worker_app: synapse.app.generic_worker + account_threepid_delegates: ~ + account_validity: ~ + alias_creation_rules: + - action: allow + alias: "*" + room_id: "*" + user_id: "*" + allow_guest_access: false + allow_per_room_profiles: false + allow_public_rooms_over_federation: false + allow_public_rooms_without_auth: false + auto_join_rooms: + - "#general:NOT-CONFIGURED" + auto_join_rooms_for_guests: false + autocreate_auto_join_room_preset: public_chat + autocreate_auto_join_rooms: true + autocreate_auto_join_rooms_federated: false + block_non_admin_invites: false + event_cache_size: 10K + database: + txn_limit: 10000 + args: + cp_max: 50 + cp_min: 5 + database: synapse + host: synapse-pgbouncer + password: NOT-CONFIGURED + user: synapse + name: psycopg2 + rc_message: + burst_count: 300 + per_second: 100 + disable_msisdn_registration: true + dynamic_thumbnails: false + max_upload_size: 100M + email: ~ + enable_3pid_changes: false + enable_group_creation: false + enable_registration: false + enable_room_list_search: true + enable_search: true + enable_set_avatar_url: true + enable_set_displayname: false + encryption_enabled_by_default_for_room_type: off + form_secret: "NOT-CONFIGURED" + limit_profile_requests_to_users_who_share_rooms: false + limit_remote_rooms: ~ + worker_listeners: + - port: 9092 + tls: false + type: http + bind_addresses: ['0.0.0.0'] + resources: + - names: [metrics] + compress: false + - port: 8008 + tls: false + type: http + x_forwarded: true + bind_addresses: ['0.0.0.0'] + resources: + - names: [client] + compress: true + enable_metrics: true + federation_domain_whitelist: + [] + federation_metrics_domains: + [] + allow_profile_lookup_over_federation: false + allow_device_name_lookup_over_federation: false + update_user_directory_from_worker: synapse-user-dir-0 + instance_map: + main: + host: synapse-master-0.synapse-master + port: 9093 + synapse-typing-0: + host: synapse-typing-0.synapse-typing + port: 9093 + synapse-to-device-0: + host: synapse-to-device-0.synapse-to-device + port: 9093 + synapse-account-data-0: + host: synapse-account-data-0.synapse-account-data + port: 9093 + synapse-presence-0: + host: synapse-presence-0.synapse-presence + port: 9093 + synapse-push-rules-0: + host: synapse-push-rules-0.synapse-push-rules + port: 9093 + synapse-receipts-0: + host: synapse-receipts-0.synapse-receipts + port: 9093 + synapse-device-lists-0: + host: synapse-device-lists-0.synapse-device-lists + port: 9093 + synapse-event-persister-0: + host: synapse-event-persister-0.synapse-event-persister + port: 9093 + synapse-event-persister-1: + host: synapse-event-persister-1.synapse-event-persister + port: 9093 + synapse-federation-sender-0: + host: synapse-federation-sender-0.synapse-federation-sender + port: 9093 + stream_writers: + typing: + - synapse-typing-0 + to_device: + - synapse-to-device-0 + account_data: + - synapse-account-data-0 + presence: + - synapse-presence-0 + push_rules: + - synapse-push-rules-0 + receipts: + - synapse-receipts-0 + device_lists: + - synapse-device-lists-0 + events: + - synapse-event-persister-0 + - synapse-event-persister-1 + pusher_instances: + - synapse-pusher-0 + federation_sender_instances: + - synapse-federation-sender-0 + run_background_tasks_on: synapse-background-worker-0 + log_config: /data/log.config + macaroon_secret_key: "NOT-CONFIGURED" + enable_media_repo: false + media_instance_running_background_jobs: synapse-media-repository-background-jobs-0 + media_store_path: /tmp/media_store + enable_local_media_storage: true + metrics_flags: ~ + oidc_providers: + [] + old_signing_keys: ~ + password_config: + enabled: false + password_providers: + [] + pid_file: /tmp/homeserver.pid + push: ~ + start_pushers: False + retention: ~ + redaction_retention_period: ~ + forgotten_room_retention_period: 7d + user_ips_max_age: 1y + redis: + enabled: true + host: "redis" + port: 6379 + registration_shared_secret: "NOT-CONFIGURED" + report_stats: false + require_auth_for_profile_requests: true + require_membership_for_aliases: true + signing_key_path: /data/signing.key + soft_file_limit: 0 + spam_checker: ~ + sso: ~ + thumbnail_sizes: + - height: 32 + method: crop + width: 32 + - height: 96 + method: crop + width: 96 + - height: 240 + method: scale + width: 320 + trusted_key_servers: + - server_name: NOT-CONFIGURED + turn_allow_guests: false + turn_shared_secret: + turn_uris: + [] + turn_user_lifetime: 86400000 + ui_auth: ~ + url_preview_accept_language: ~ + url_preview_enabled: false + use_presence: true + user_directory: + enabled: true + search_all_users: false + prefer_local_users: true + web_client_location: "https://NOT-CONFIGURED/" + # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service + matrix_authentication_service: + # Enable the MAS integration + enabled: true + # The base URL where Synapse will contact MAS + endpoint: http://matrix-authentication.test-namespace.svc:80 + # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration + # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix + secret: NOT-CONFIGURED + experimental_features: + msc3967_enabled: true + caches: + expire_caches: true + global_factor: 1 + cache_entry_ttl: 30m + sync_response_cache_duration: 2m + cache_autotuning: + max_cache_memory_usage: 1024M + target_cache_memory_usage: 512M + min_cache_ttl: 5m + opentracing: ~ + + log.config: | + --- + disable_existing_loggers: false + formatters: + precise: + format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.handlers.pagination: + level: INFO + synapse.config.retention: + level: INFO + synapse.metrics.background_process_metrics: + level: INFO + synapse.storage.SQL: + level: WARNING + twisted: + handlers: + - console + propagate: false + root: + handlers: + - console + level: WARNING + version: 1 + signing.key: | + NOT-CONFIGURED + idp.xml: | \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml new file mode 100644 index 0000000..0eff4be --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-service.golden.yaml @@ -0,0 +1,484 @@ +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-account-data + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-account-data + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-background-worker + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-background-worker + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-client-reader + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-client-reader + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-device-lists + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-device-lists + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-event-persister + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-event-persister + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-federation-reader + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-federation-reader + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-federation-sender + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-federation-sender + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-master + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-master + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-media-repository + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-media-repository + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-media-repository-background-jobs + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-media-repository-background-jobs + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-presence + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-presence + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-push-rules + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-push-rules + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-pusher + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-pusher + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-receipts + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-receipts + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-room + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-room + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-sync + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-sync + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-thread-subscriptions + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-thread-subscriptions + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-to-device + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-to-device + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-typing + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-typing + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-user-dir + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + clusterIP: None + selector: + app: synapse + component: synapse-user-dir + ports: + - name: client + port: 80 + targetPort: 8008 + - name: http + port: 8008 + targetPort: 8008 +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-client-reader-headless + annotations: + cloud.google.com/neg: '{"ingress":false}' + labels: + app: synapse + component: synapse-client-reader +spec: + clusterIP: None + type: ClusterIP + ports: + - name: http + port: 8008 + targetPort: 8008 + selector: + app: synapse + component: synapse-client-reader +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-room-headless + annotations: + cloud.google.com/neg: '{"ingress":false}' + labels: + app: synapse + component: synapse-room +spec: + clusterIP: None + type: ClusterIP + ports: + - name: http + port: 8008 + targetPort: 8008 + selector: + app: synapse + component: synapse-room +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-sync-headless + annotations: + cloud.google.com/neg: '{"ingress":false}' + labels: + app: synapse + component: synapse-sync +spec: + clusterIP: None + type: ClusterIP + ports: + - name: http + port: 8008 + targetPort: 8008 + selector: + app: synapse + component: synapse-sync +--- +# Source: synapse/templates/synapse-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: synapse-federation-reader-headless + annotations: + cloud.google.com/neg: '{"ingress":false}' + labels: + app: synapse + component: synapse-federation-reader +spec: + clusterIP: None + type: ClusterIP + ports: + - name: http + port: 8008 + targetPort: 8008 + selector: + app: synapse + component: synapse-federation-reader \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-workers-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-workers-deployment.golden.yaml new file mode 100644 index 0000000..eba4e2e --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-workers-deployment.golden.yaml @@ -0,0 +1,385 @@ +--- +# Source: synapse/templates/synapse-workers-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: synapse-client-reader + labels: + app: synapse + component: synapse-client-reader +spec: + strategy: + + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: synapse + component: synapse-client-reader + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-client-reader + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-client-reader-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-client-reader-secret + secret: + secretName: synapse-client-reader-secret +--- +# Source: synapse/templates/synapse-workers-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: synapse-federation-reader + labels: + app: synapse + component: synapse-federation-reader +spec: + strategy: + + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: synapse + component: synapse-federation-reader + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-federation-reader + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-federation-reader-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-federation-reader-secret + secret: + secretName: synapse-federation-reader-secret +--- +# Source: synapse/templates/synapse-workers-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: synapse-media-repository + labels: + app: synapse + component: synapse-media-repository +spec: + strategy: + + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: synapse + component: synapse-media-repository + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-media-repository + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.media_repository" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-media-repository-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-media-repository-secret + secret: + secretName: synapse-media-repository-secret +--- +# Source: synapse/templates/synapse-workers-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: synapse-room + labels: + app: synapse + component: synapse-room +spec: + strategy: + + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: synapse + component: synapse-room + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-room + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-room-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-room-secret + secret: + secretName: synapse-room-secret +--- +# Source: synapse/templates/synapse-workers-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: synapse-sync + labels: + app: synapse + component: synapse-sync +spec: + strategy: + + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: synapse + component: synapse-sync + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-sync + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-sync-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-sync-secret + secret: + secretName: synapse-sync-secret \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb-disabled.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb-disabled.golden.yaml new file mode 100644 index 0000000..e69de29 diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb.golden.yaml new file mode 100644 index 0000000..77a2958 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-workers-pdb.golden.yaml @@ -0,0 +1,180 @@ +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-device-lists +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-device-lists +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-event-persister +spec: + minAvailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-event-persister +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-federation-sender +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-federation-sender +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-pusher +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-pusher +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-receipts +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-receipts +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-thread-subscriptions +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-thread-subscriptions +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-account-data +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-account-data +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-background-worker +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-background-worker +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-master +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-master +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-media-repository-background-jobs +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-media-repository-background-jobs +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-presence +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-presence +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-push-rules +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-push-rules +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-to-device +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-to-device +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-typing +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-typing +--- +# Source: synapse/templates/synapse-workers-pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: synapse-user-dir +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: synapse + component: synapse-user-dir \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-synapse-workers-statefulset.golden.yaml b/charts/synapse/tests/golden/fixtures/test-synapse-workers-statefulset.golden.yaml new file mode 100644 index 0000000..ed84225 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-synapse-workers-statefulset.golden.yaml @@ -0,0 +1,1041 @@ +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-account-data + labels: + app: synapse + component: synapse-account-data +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-account-data + serviceName: synapse-account-data + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-account-data + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-account-data-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-account-data-secret + secret: + secretName: synapse-account-data-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-background-worker + labels: + app: synapse + component: synapse-background-worker +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-background-worker + serviceName: synapse-background-worker + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-background-worker + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + volumeMounts: + - name: synapse-background-worker-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-background-worker-secret + secret: + secretName: synapse-background-worker-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-device-lists + labels: + app: synapse + component: synapse-device-lists +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-device-lists + serviceName: synapse-device-lists + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-device-lists + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-device-lists-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-device-lists-secret + secret: + secretName: synapse-device-lists-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-event-persister + labels: + app: synapse + component: synapse-event-persister +spec: + replicas: 2 + selector: + matchLabels: + app: synapse + component: synapse-event-persister + serviceName: synapse-event-persister + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-event-persister + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + volumeMounts: + - name: synapse-event-persister-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-event-persister-secret + secret: + secretName: synapse-event-persister-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-federation-sender + labels: + app: synapse + component: synapse-federation-sender +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-federation-sender + serviceName: synapse-federation-sender + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-federation-sender + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-federation-sender-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-federation-sender-secret + secret: + secretName: synapse-federation-sender-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-master + labels: + app: synapse + component: synapse-master +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-master + serviceName: synapse-master + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-master + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-master-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-master-secret + secret: + secretName: synapse-master-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-media-repository-background-jobs + labels: + app: synapse + component: synapse-media-repository-background-jobs +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-media-repository-background-jobs + serviceName: synapse-media-repository-background-jobs + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-media-repository-background-jobs + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.media_repository" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-media-repository-background-jobs-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-media-repository-background-jobs-secret + secret: + secretName: synapse-media-repository-background-jobs-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-presence + labels: + app: synapse + component: synapse-presence +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-presence + serviceName: synapse-presence + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-presence + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-presence-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-presence-secret + secret: + secretName: synapse-presence-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-push-rules + labels: + app: synapse + component: synapse-push-rules +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-push-rules + serviceName: synapse-push-rules + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-push-rules + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-push-rules-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-push-rules-secret + secret: + secretName: synapse-push-rules-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-pusher + labels: + app: synapse + component: synapse-pusher +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-pusher + serviceName: synapse-pusher + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-pusher + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + volumeMounts: + - name: synapse-pusher-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-pusher-secret + secret: + secretName: synapse-pusher-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-receipts + labels: + app: synapse + component: synapse-receipts +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-receipts + serviceName: synapse-receipts + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-receipts + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-receipts-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-receipts-secret + secret: + secretName: synapse-receipts-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-thread-subscriptions + labels: + app: synapse + component: synapse-thread-subscriptions +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-thread-subscriptions + serviceName: synapse-thread-subscriptions + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-thread-subscriptions + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-thread-subscriptions-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-thread-subscriptions-secret + secret: + secretName: synapse-thread-subscriptions-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-to-device + labels: + app: synapse + component: synapse-to-device +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-to-device + serviceName: synapse-to-device + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-to-device + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-to-device-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-to-device-secret + secret: + secretName: synapse-to-device-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-typing + labels: + app: synapse + component: synapse-typing +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-typing + serviceName: synapse-typing + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-typing + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-typing-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-typing-secret + secret: + secretName: synapse-typing-secret +--- +# Source: synapse/templates/synapse-workers-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: synapse-user-dir + labels: + app: synapse + component: synapse-user-dir +spec: + replicas: 1 + selector: + matchLabels: + app: synapse + component: synapse-user-dir + serviceName: synapse-user-dir + template: + metadata: + annotations: + prometheus.io/port: "9092" + prometheus.io/scrape: "true" + prometheus.io/path: "/_synapse/metrics" + checksum/secret: 55eaa481070eecc9b744e9e2a271713877f974d548a1ad903478d45358d367a7 + labels: + app: synapse + component: synapse-user-dir + spec: + + containers: + - name: synapse + image: ghcr.io/code-tool/matrix-stack/synapse:v1.151.0 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 2Gi + requests: + cpu: 50m + memory: 128Mi + env: + - name: "SYNAPSE_WORKER" + value: "synapse.app.generic_worker" + ports: + - containerPort: 8008 + name: http + protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + failureThreshold: 180 + periodSeconds: 15 + livenessProbe: + httpGet: + path: /health + port: http + failureThreshold: 5 + periodSeconds: 15 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + volumeMounts: + - name: synapse-user-dir-secret + mountPath: /data + terminationGracePeriodSeconds: 30 + volumes: + - name: synapse-user-dir-secret + secret: + secretName: synapse-user-dir-secret \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-well-known-default.golden.yaml b/charts/synapse/tests/golden/fixtures/test-well-known-default.golden.yaml new file mode 100644 index 0000000..1945080 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-well-known-default.golden.yaml @@ -0,0 +1,52 @@ +--- +# Source: synapse/templates/well-known-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: well-known-config + labels: + app: well-known +data: + default.conf: | + server { + listen 80; + server_name localhost; + default_type application/json; + add_header Access-Control-Allow-Origin *; + location / { + root /usr/share/nginx/html; + } + } + + client: | + { + "m.homeserver": { + "base_url": "https://NOT-CONFIGURED" + }, + "org.matrix.msc2965.authentication": { + "issuer": "https://NOT-CONFIGURED/", + "account": "https://NOT-CONFIGURED/account" + }, + "jitsi": { + "preferredDomain": "meet.jit.si" + }, + "im.vector.riot.jitsi": { + "preferredDomain": "meet.jit.si" + }, + "io.element.e2ee": { + "default":true + } + } + + server: | + { + "m.server": "NOT-CONFIGURED:443" + } + openid-configuration: | + { + "issuer": "https://NOT-CONFIGURED", + "authorization_endpoint": "https://NOT-CONFIGURED/authorize", + "token_endpoint": "https://NOT-CONFIGURED/oauth2/token", + "jwks_uri": "https://NOT-CONFIGURED/oauth2/keys.json", + "registration_endpoint": "https://NOT-CONFIGURED/oauth2/registration" + } \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-well-known-deployment-no-openid.golden.yaml b/charts/synapse/tests/golden/fixtures/test-well-known-deployment-no-openid.golden.yaml new file mode 100644 index 0000000..5e1732c --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-well-known-deployment-no-openid.golden.yaml @@ -0,0 +1,47 @@ +--- +# Source: synapse/templates/well-known-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: well-known + labels: + app: well-known +spec: + replicas: 1 + selector: + matchLabels: + app: well-known + template: + metadata: + annotations: + checksum/config: 327c96f11d3f0e8c5a093e86f3e112c6e9a2f0995d4054b3da2eef27da29dde9 + labels: + app: well-known + spec: + containers: + - name: well-known + image: nginx:1.28.3 + imagePullPolicy: Always + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: + requests: + cpu: 20m + memory: 64Mi + volumeMounts: + - name: well-known-config + subPath: default.conf + mountPath: /etc/nginx/conf.d/default.conf + - name: well-known-config + subPath: client + mountPath: /usr/share/nginx/html/.well-known/matrix/client + - name: well-known-config + subPath: server + mountPath: /usr/share/nginx/html/.well-known/matrix/server + terminationGracePeriodSeconds: 10 + volumes: + - name: well-known-config + configMap: + name: well-known-config \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-well-known-deployment.golden.yaml b/charts/synapse/tests/golden/fixtures/test-well-known-deployment.golden.yaml new file mode 100644 index 0000000..7aa0dc9 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-well-known-deployment.golden.yaml @@ -0,0 +1,50 @@ +--- +# Source: synapse/templates/well-known-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: well-known + labels: + app: well-known +spec: + replicas: 1 + selector: + matchLabels: + app: well-known + template: + metadata: + annotations: + checksum/config: 6f9c415ebc849e3573206c2523a167830361c6f2d526d0916114836ffd636fd7 + labels: + app: well-known + spec: + containers: + - name: well-known + image: nginx:1.28.3 + imagePullPolicy: Always + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: + requests: + cpu: 20m + memory: 64Mi + volumeMounts: + - name: well-known-config + subPath: default.conf + mountPath: /etc/nginx/conf.d/default.conf + - name: well-known-config + subPath: client + mountPath: /usr/share/nginx/html/.well-known/matrix/client + - name: well-known-config + subPath: server + mountPath: /usr/share/nginx/html/.well-known/matrix/server + - name: well-known-config + subPath: openid-configuration + mountPath: /usr/share/nginx/html/.well-known/matrix/openid-configuration + terminationGracePeriodSeconds: 10 + volumes: + - name: well-known-config + configMap: + name: well-known-config \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-well-known-identity-server.golden.yaml b/charts/synapse/tests/golden/fixtures/test-well-known-identity-server.golden.yaml new file mode 100644 index 0000000..c891313 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-well-known-identity-server.golden.yaml @@ -0,0 +1,55 @@ +--- +# Source: synapse/templates/well-known-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: well-known-config + labels: + app: well-known +data: + default.conf: | + server { + listen 80; + server_name localhost; + default_type application/json; + add_header Access-Control-Allow-Origin *; + location / { + root /usr/share/nginx/html; + } + } + + client: | + { + "m.homeserver": { + "base_url": "https://NOT-CONFIGURED" + }, + "org.matrix.msc2965.authentication": { + "issuer": "https://NOT-CONFIGURED/", + "account": "https://NOT-CONFIGURED/account" + }, + "m.identity_server": { + "base_url":"https://vector.im" + }, + "jitsi": { + "preferredDomain": "meet.jit.si" + }, + "im.vector.riot.jitsi": { + "preferredDomain": "meet.jit.si" + }, + "io.element.e2ee": { + "default":true + } + } + + server: | + { + "m.server": "NOT-CONFIGURED:443" + } + openid-configuration: | + { + "issuer": "https://NOT-CONFIGURED", + "authorization_endpoint": "https://NOT-CONFIGURED/authorize", + "token_endpoint": "https://NOT-CONFIGURED/oauth2/token", + "jwks_uri": "https://NOT-CONFIGURED/oauth2/keys.json", + "registration_endpoint": "https://NOT-CONFIGURED/oauth2/registration" + } \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-well-known-ingress-tls.golden.yaml b/charts/synapse/tests/golden/fixtures/test-well-known-ingress-tls.golden.yaml new file mode 100644 index 0000000..674e5dd --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-well-known-ingress-tls.golden.yaml @@ -0,0 +1,26 @@ +--- +# Source: synapse/templates/well-known-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: well-known + + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + secretName: synapse-tls + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: /\.well-known/matrix + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: well-known \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-well-known-ingress.golden.yaml b/charts/synapse/tests/golden/fixtures/test-well-known-ingress.golden.yaml new file mode 100644 index 0000000..c54bda0 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-well-known-ingress.golden.yaml @@ -0,0 +1,25 @@ +--- +# Source: synapse/templates/well-known-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: well-known + + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - NOT-CONFIGURED + rules: + - host: NOT-CONFIGURED + http: + paths: + - path: /\.well-known/matrix + pathType: ImplementationSpecific + backend: + service: + port: + number: 80 + name: well-known \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-well-known-msc3266.golden.yaml b/charts/synapse/tests/golden/fixtures/test-well-known-msc3266.golden.yaml new file mode 100644 index 0000000..3ba6db9 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-well-known-msc3266.golden.yaml @@ -0,0 +1,58 @@ +--- +# Source: synapse/templates/well-known-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: well-known-config + labels: + app: well-known +data: + default.conf: | + server { + listen 80; + server_name localhost; + default_type application/json; + add_header Access-Control-Allow-Origin *; + location / { + root /usr/share/nginx/html; + } + } + + client: | + { + "m.homeserver": { + "base_url": "https://NOT-CONFIGURED" + }, + "org.matrix.msc2965.authentication": { + "issuer": "https://NOT-CONFIGURED/", + "account": "https://NOT-CONFIGURED/account" + }, + "org.matrix.msc4143.rtc_foci": [ + { + "type": "livekit", + "livekit_service_url": "https://livekit.example.com" + } + ], + "jitsi": { + "preferredDomain": "meet.jit.si" + }, + "im.vector.riot.jitsi": { + "preferredDomain": "meet.jit.si" + }, + "io.element.e2ee": { + "default":true + } + } + + server: | + { + "m.server": "NOT-CONFIGURED:443" + } + openid-configuration: | + { + "issuer": "https://NOT-CONFIGURED", + "authorization_endpoint": "https://NOT-CONFIGURED/authorize", + "token_endpoint": "https://NOT-CONFIGURED/oauth2/token", + "jwks_uri": "https://NOT-CONFIGURED/oauth2/keys.json", + "registration_endpoint": "https://NOT-CONFIGURED/oauth2/registration" + } \ No newline at end of file diff --git a/charts/synapse/tests/golden/fixtures/test-well-known-service.golden.yaml b/charts/synapse/tests/golden/fixtures/test-well-known-service.golden.yaml new file mode 100644 index 0000000..6de53b7 --- /dev/null +++ b/charts/synapse/tests/golden/fixtures/test-well-known-service.golden.yaml @@ -0,0 +1,15 @@ +--- +# Source: synapse/templates/well-known-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: well-known + annotations: + cloud.google.com/neg: '{"ingress":false}' +spec: + selector: + app: well-known + ports: + - name: http + port: 80 + targetPort: 80 \ No newline at end of file diff --git a/charts/synapse/tests/golden/goldenfiles.go b/charts/synapse/tests/golden/goldenfiles.go new file mode 100644 index 0000000..0453d33 --- /dev/null +++ b/charts/synapse/tests/golden/goldenfiles.go @@ -0,0 +1,74 @@ +package golden + +import ( + "flag" + "os" + "regexp" + "strings" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/gruntwork-io/terratest/modules/k8s" + "github.com/stretchr/testify/suite" +) + +var update = flag.Bool("update-golden", false, "update golden test output files") + +type TemplateGoldenTest struct { + suite.Suite + ChartPath string + Release string + Namespace string + GoldenFileName string + Templates []string + IgnoredLines []string + ValuesFiles []string + SetValues map[string]string + // AllowEmpty allows templates guarded by an `{{- if }}` block to render + // nothing. Helm returns "could not find template" in that case, which is + // treated as an empty string so the golden file captures the disabled state. + AllowEmpty bool +} + +func (s *TemplateGoldenTest) TestContainerGoldenTestDefaults() { + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", s.Namespace), + SetValues: s.SetValues, + ValuesFiles: s.ValuesFiles, + } + + var output string + if s.AllowEmpty { + var err error + output, err = helm.RenderTemplateE(s.T(), options, s.ChartPath, s.Release, s.Templates) + if err != nil { + s.Require().True( + strings.Contains(err.Error(), "could not find template"), + "unexpected helm error: %v", err, + ) + output = "" + } + } else { + output = helm.RenderTemplate(s.T(), options, s.ChartPath, s.Release, s.Templates) + } + + s.IgnoredLines = append(s.IgnoredLines, `\s+helm.sh/chart:\s+.*`) + bytes := []byte(output) + for _, ignoredLine := range s.IgnoredLines { + regex := regexp.MustCompile(ignoredLine) + bytes = regex.ReplaceAll(bytes, []byte("")) + } + output = string(bytes) + + goldenFile := "../fixtures/" + s.GoldenFileName + ".golden.yaml" + + if *update { + err := os.WriteFile(goldenFile, bytes, 0644) + s.Require().NoError(err, "Golden file was not writable") + } + + expected, err := os.ReadFile(goldenFile) + + // then + s.Require().NoError(err, "Golden file doesn't exist or was not readable") + s.Require().Equal(string(expected), output) +} diff --git a/charts/synapse/tests/golden/unit/admin_test.go b/charts/synapse/tests/golden/unit/admin_test.go new file mode 100644 index 0000000..b2ae9cb --- /dev/null +++ b/charts/synapse/tests/golden/unit/admin_test.go @@ -0,0 +1,91 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +func TestGoldenAdminDeployment(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-admin-deployment", + Templates: []string{"templates/admin-deployment.yaml"}, + }) +} + +func TestGoldenAdminService(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-admin-service", + Templates: []string{"templates/admin-service.yaml"}, + }) +} + +// TestGoldenAdminIngress covers the default ingress (enabled, no TLS secret). +func TestGoldenAdminIngress(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-admin-ingress", + Templates: []string{"templates/admin-ingress.yaml"}, + }) +} + +// TestGoldenAdminIngressWithTLS verifies secretName is rendered in the TLS block. +func TestGoldenAdminIngressWithTLS(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-admin-ingress-tls", + Templates: []string{"templates/admin-ingress.yaml"}, + SetValues: map[string]string{"admin.ingress.secretName": "admin-tls"}, + }) +} + +// TestGoldenAdminIngressDisabled verifies nothing is rendered when ingress is disabled. +func TestGoldenAdminIngressDisabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-admin-ingress-disabled", + Templates: []string{"templates/admin-ingress.yaml"}, + SetValues: map[string]string{"admin.ingress.enabled": "false"}, + AllowEmpty: true, + }) +} diff --git a/charts/synapse/tests/golden/unit/envoy_test.go b/charts/synapse/tests/golden/unit/envoy_test.go new file mode 100644 index 0000000..f0c73ab --- /dev/null +++ b/charts/synapse/tests/golden/unit/envoy_test.go @@ -0,0 +1,126 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +// TestGoldenEnvoyConfigmap covers the envoy configmap that embeds +// scripts/envoy.yaml and scripts/synapse.lua from chart files. +func TestGoldenEnvoyConfigmap(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-envoy-configmap", + Templates: []string{"templates/envoy-configmap.yaml"}, + }) +} + +func TestGoldenEnvoyDeployment(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-envoy-deployment", + Templates: []string{"templates/envoy-deployment.yaml"}, + }) +} + +func TestGoldenEnvoyService(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-envoy-service", + Templates: []string{"templates/envoy-service.yaml"}, + }) +} + +// TestGoldenEnvoyPDB covers the default PDB (minAvailable: 1). +func TestGoldenEnvoyPDB(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-envoy-pdb", + Templates: []string{"templates/envoy-pdb.yaml"}, + }) +} + +// TestGoldenEnvoyPDBMaxUnavailable verifies that maxUnavailable is rendered +// instead of minAvailable when explicitly set. +func TestGoldenEnvoyPDBMaxUnavailable(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-envoy-pdb-max-unavailable", + Templates: []string{"templates/envoy-pdb.yaml"}, + SetValues: map[string]string{"envoyProxy.podDisruptionBudget.maxUnavailable": "1"}, + }) +} + +// TestGoldenEnvoyServiceMonitor covers the default ServiceMonitor (metrics enabled). +func TestGoldenEnvoyServiceMonitor(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-envoy-servicemonitor", + Templates: []string{"templates/envoy-servicemonitor.yaml"}, + }) +} + +// TestGoldenEnvoyServiceMonitorDisabled verifies nothing is rendered +// when envoyProxy.metrics is false. +func TestGoldenEnvoyServiceMonitorDisabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-envoy-servicemonitor-disabled", + Templates: []string{"templates/envoy-servicemonitor.yaml"}, + SetValues: map[string]string{"envoyProxy.metrics": "false"}, + AllowEmpty: true, + }) +} diff --git a/charts/synapse/tests/golden/unit/ingress_test.go b/charts/synapse/tests/golden/unit/ingress_test.go new file mode 100644 index 0000000..6c3f71a --- /dev/null +++ b/charts/synapse/tests/golden/unit/ingress_test.go @@ -0,0 +1,66 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +// TestGoldenIngressDefault covers the default routing configuration: +// matrixAuthentication enabled, msc4306 disabled. +// Verifies that MAS login/logout routes point to matrix-authentication service +// and threadSubscriptions routes are absent. +func TestGoldenIngressDefault(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-ingress-default", + Templates: []string{"templates/synapse-ingress.yaml"}, + }) +} + +// TestGoldenIngressWithoutMAS covers routing when matrixAuthentication is disabled: +// clientReaderRegister routes (login, register) must appear and point to +// synapse-client-reader-envoy instead of matrix-authentication. +func TestGoldenIngressWithoutMAS(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-ingress-no-mas", + Templates: []string{"templates/synapse-ingress.yaml"}, + SetValues: map[string]string{"matrixAuthentication.enabled": "false"}, + }) +} + +// TestGoldenIngressWithMsc4306 covers routing when thread_subscriptions MSC is enabled: +// threadSubscriptionsRoutes must appear and point to synapse-thread-subscriptions service. +func TestGoldenIngressWithMsc4306(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-ingress-msc4306", + Templates: []string{"templates/synapse-ingress.yaml"}, + SetValues: map[string]string{"experimentalFeatures.msc4306.enabled": "true"}, + }) +} diff --git a/charts/synapse/tests/golden/unit/matrix_auth_resources_test.go b/charts/synapse/tests/golden/unit/matrix_auth_resources_test.go new file mode 100644 index 0000000..fdb7c95 --- /dev/null +++ b/charts/synapse/tests/golden/unit/matrix_auth_resources_test.go @@ -0,0 +1,217 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +func TestGoldenMatrixAuthService(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-service", + Templates: []string{"templates/matrix-authentication-service.yaml"}, + }) +} + +// TestGoldenMatrixAuthPDB covers the default PDB (minAvailable: 1). +func TestGoldenMatrixAuthPDB(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-pdb", + Templates: []string{"templates/matrix-authentication-pdb.yaml"}, + }) +} + +// TestGoldenMatrixAuthPDBMaxUnavailable verifies that maxUnavailable is rendered +// instead of minAvailable when explicitly set. +func TestGoldenMatrixAuthPDBMaxUnavailable(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-pdb-max-unavailable", + Templates: []string{"templates/matrix-authentication-pdb.yaml"}, + SetValues: map[string]string{"matrixAuthentication.podDisruptionBudget.maxUnavailable": "1"}, + }) +} + +// TestGoldenMatrixAuthHPA covers the default state: autoscaling disabled → no HPA rendered. +func TestGoldenMatrixAuthHPA(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-hpa-disabled", + Templates: []string{"templates/matrix-authentication-hpa.yaml"}, + AllowEmpty: true, + }) +} + +// TestGoldenMatrixAuthHPAEnabled verifies HPA is rendered with CPU and memory targets. +func TestGoldenMatrixAuthHPAEnabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-hpa-enabled", + Templates: []string{"templates/matrix-authentication-hpa.yaml"}, + SetValues: map[string]string{ + "matrixAuthentication.autoscaling.enabled": "true", + "matrixAuthentication.autoscaling.minReplicas": "2", + "matrixAuthentication.autoscaling.maxReplicas": "5", + "matrixAuthentication.autoscaling.targetCPUUtilizationPercentage": "80", + }, + }) +} + +// TestGoldenMatrixAuthIngress covers the default ingress (no TLS secret). +func TestGoldenMatrixAuthIngress(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-ingress", + Templates: []string{"templates/matrix-authentication-ingress.yaml"}, + }) +} + +// TestGoldenMatrixAuthIngressWithTLS verifies secretName is rendered in the TLS block. +func TestGoldenMatrixAuthIngressWithTLS(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-ingress-tls", + Templates: []string{"templates/matrix-authentication-ingress.yaml"}, + SetValues: map[string]string{"matrixAuthentication.ingress.secretName": "mas-tls"}, + }) +} + +// TestGoldenMatrixAuthJobConfigSync covers the default job with ArgoCD annotations. +func TestGoldenMatrixAuthJobConfigSync(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-job-config-sync", + Templates: []string{"templates/matrix-authentication-job-config-sync.yaml"}, + }) +} + +// TestGoldenMatrixAuthJobConfigSyncHelm verifies helm.sh/hook annotations are used +// when argocd mode is disabled. +func TestGoldenMatrixAuthJobConfigSyncHelm(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-job-config-sync-helm", + Templates: []string{"templates/matrix-authentication-job-config-sync.yaml"}, + SetValues: map[string]string{"argocd": "false"}, + }) +} + +// TestGoldenMatrixAuthJobConfigSyncWithPrune verifies the --prune flag is added +// to the config sync command when configSyncPrune is enabled. +func TestGoldenMatrixAuthJobConfigSyncWithPrune(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-job-config-sync-prune", + Templates: []string{"templates/matrix-authentication-job-config-sync.yaml"}, + SetValues: map[string]string{"matrixAuthentication.configSyncPrune": "true"}, + }) +} + +// TestGoldenMatrixAuthJobDbMigration covers the DB migration job with ArgoCD annotations. +func TestGoldenMatrixAuthJobDbMigration(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-job-db-migration", + Templates: []string{"templates/matrix-authentication-job-db-migration.yaml"}, + }) +} + +// TestGoldenMatrixAuthJobDbMigrationHelm verifies helm.sh/hook annotations when +// argocd mode is disabled. +func TestGoldenMatrixAuthJobDbMigrationHelm(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-job-db-migration-helm", + Templates: []string{"templates/matrix-authentication-job-db-migration.yaml"}, + SetValues: map[string]string{"argocd": "false"}, + }) +} diff --git a/charts/synapse/tests/golden/unit/matrix_auth_test.go b/charts/synapse/tests/golden/unit/matrix_auth_test.go new file mode 100644 index 0000000..775e719 --- /dev/null +++ b/charts/synapse/tests/golden/unit/matrix_auth_test.go @@ -0,0 +1,64 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +// TestGoldenMatrixAuthDeployment covers the MAS deployment with default values: +// correct image, probes on internal port, config checksum annotation, volume mount. +func TestGoldenMatrixAuthDeployment(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-deployment", + Templates: []string{"templates/matrix-authentication-deployment.yaml"}, + }) +} + +// TestGoldenMatrixAuthDeploymentDisabled verifies that the deployment renders +// nothing when matrixAuthentication is disabled (template is fully guarded by +// {{- if .Values.matrixAuthentication.enabled }}). +func TestGoldenMatrixAuthDeploymentDisabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-deployment-disabled", + Templates: []string{"templates/matrix-authentication-deployment.yaml"}, + SetValues: map[string]string{"matrixAuthentication.enabled": "false"}, + AllowEmpty: true, + }) +} + +// TestGoldenMatrixAuthSecret covers the MAS config secret with default values: +// HTTP listeners, database config, matrix homeserver block, configYaml merged in. +func TestGoldenMatrixAuthSecret(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-matrix-auth-secret", + Templates: []string{"templates/matrix-authentication-secret.yaml"}, + }) +} diff --git a/charts/synapse/tests/golden/unit/pgbouncer_test.go b/charts/synapse/tests/golden/unit/pgbouncer_test.go new file mode 100644 index 0000000..a9f8343 --- /dev/null +++ b/charts/synapse/tests/golden/unit/pgbouncer_test.go @@ -0,0 +1,86 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +func TestGoldenPgbouncerDeployment(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-pgbouncer-deployment", + Templates: []string{"templates/pgbouncer-deployment.yaml"}, + }) +} + +func TestGoldenPgbouncerSecret(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-pgbouncer-secret", + Templates: []string{"templates/pgbouncer-secret.yaml"}, + }) +} + +func TestGoldenPgbouncerService(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-pgbouncer-service", + Templates: []string{"templates/pgbouncer-service.yaml"}, + }) +} + +func TestGoldenPgbouncerServiceSessionAffinity(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-pgbouncer-service-session-affinity", + Templates: []string{"templates/pgbouncer-service.yaml"}, + SetValues: map[string]string{"synapse.pgbouncer.sessionAffinityTimeoutSeconds": "3600"}, + }) +} + +func TestGoldenPgbouncerConfigmap(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-configmap-namespace", + GoldenFileName: "test-pgbouncer-configmap", + Templates: []string{"templates/pgbouncer-configmap.yaml"}, + }) +} diff --git a/charts/synapse/tests/golden/unit/synapse_resources_test.go b/charts/synapse/tests/golden/unit/synapse_resources_test.go new file mode 100644 index 0000000..b80ce08 --- /dev/null +++ b/charts/synapse/tests/golden/unit/synapse_resources_test.go @@ -0,0 +1,133 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +// TestGoldenSynapsePodMonitorDisabled covers the default state: podMonitor disabled. +func TestGoldenSynapsePodMonitorDisabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-podmonitor-disabled", + Templates: []string{"templates/synapse-podmonitor.yaml"}, + AllowEmpty: true, + }) +} + +// TestGoldenSynapsePodMonitorEnabled verifies the PodMonitor is rendered +// when synapse.podMonitor.enabled is true. +func TestGoldenSynapsePodMonitorEnabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-podmonitor-enabled", + Templates: []string{"templates/synapse-podmonitor.yaml"}, + SetValues: map[string]string{"synapse.podMonitor.enabled": "true"}, + }) +} + +// TestGoldenSynapseResourceQuota covers the default ResourceQuota (enabled: true). +func TestGoldenSynapseResourceQuota(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-resource-quota", + Templates: []string{"templates/synapse-resource-quota.yaml"}, + }) +} + +// TestGoldenSynapseResourceQuotaDisabled verifies nothing is rendered +// when resourceQuota.enabled is false. +func TestGoldenSynapseResourceQuotaDisabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-resource-quota-disabled", + Templates: []string{"templates/synapse-resource-quota.yaml"}, + SetValues: map[string]string{"resourceQuota.enabled": "false"}, + AllowEmpty: true, + }) +} + +// TestGoldenPgbouncerPDB covers the default PDB (minAvailable: 1). +func TestGoldenPgbouncerPDB(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-pgbouncer-pdb", + Templates: []string{"templates/pgbouncer-deployment-pdb.yaml"}, + }) +} + +// TestGoldenPgbouncerPDBMaxUnavailable verifies that maxUnavailable is rendered +// instead of minAvailable when explicitly set. +func TestGoldenPgbouncerPDBMaxUnavailable(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-pgbouncer-pdb-max-unavailable", + Templates: []string{"templates/pgbouncer-deployment-pdb.yaml"}, + SetValues: map[string]string{"synapse.pgbouncer.podDisruptionBudget.maxUnavailable": "1"}, + }) +} + +// TestGoldenPgbouncerPDBDisabled verifies nothing is rendered +// when the pgbouncer PDB is disabled. +func TestGoldenPgbouncerPDBDisabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-pgbouncer-pdb-disabled", + Templates: []string{"templates/pgbouncer-deployment-pdb.yaml"}, + SetValues: map[string]string{"synapse.pgbouncer.podDisruptionBudget.enabled": "false"}, + AllowEmpty: true, + }) +} diff --git a/charts/synapse/tests/golden/unit/synapse_workers_test.go b/charts/synapse/tests/golden/unit/synapse_workers_test.go new file mode 100644 index 0000000..2b6d209 --- /dev/null +++ b/charts/synapse/tests/golden/unit/synapse_workers_test.go @@ -0,0 +1,146 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +// TestGoldenSynapseHPA covers all autoscalingWorkers HPAs with default values +// (HPA enabled, KEDA disabled for all workers). +func TestGoldenSynapseHPA(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-hpa", + Templates: []string{"templates/synapse-hpa.yaml"}, + }) +} + +// TestGoldenSynapseSecret covers the full homeserver.yaml config secret for all workers. +func TestGoldenSynapseSecret(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-secret", + Templates: []string{"templates/synapse-secret.yaml"}, + }) +} + +// TestGoldenSynapseSecretDisablePgBouncerForStreamWriters verifies that stream writer +// workers connect directly to postgres (not pgbouncer) when the flag is enabled. +func TestGoldenSynapseSecretDisablePgBouncerForStreamWriters(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-secret-no-pgbouncer-stream-writers", + Templates: []string{"templates/synapse-secret.yaml"}, + SetValues: map[string]string{"synapse.disablePgBouncerForStreamWriters": "true"}, + }) +} + +// TestGoldenSynapseService covers all worker services with default values. +func TestGoldenSynapseService(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-service", + Templates: []string{"templates/synapse-service.yaml"}, + }) +} + +// TestGoldenSynapseWorkersDeployment covers all autoscalingWorkers deployments. +func TestGoldenSynapseWorkersDeployment(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-workers-deployment", + Templates: []string{"templates/synapse-workers-deployment.yaml"}, + }) +} + +// TestGoldenSynapseWorkersPDB covers PDBs for deployScalingWorkers and singletonWorkers. +// deployScalingWorkers with replicas>1 get minAvailable, replicas=1 get maxUnavailable:1. +// singletonWorkers always get maxUnavailable:1. +func TestGoldenSynapseWorkersPDB(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-workers-pdb", + Templates: []string{"templates/synapse-workers-pdb.yaml"}, + }) +} + +// TestGoldenSynapseWorkersPDBDisabled verifies nothing is rendered when the PDB is disabled. +func TestGoldenSynapseWorkersPDBDisabled(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-workers-pdb-disabled", + Templates: []string{"templates/synapse-workers-pdb.yaml"}, + SetValues: map[string]string{"synapse.deployScalingWorkersPdb.enabled": "false"}, + AllowEmpty: true, + }) +} + +// TestGoldenSynapseWorkersStatefulset covers all deployScalingWorkers and singletonWorkers +// StatefulSets with default values. +func TestGoldenSynapseWorkersStatefulset(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-synapse-workers-statefulset", + Templates: []string{"templates/synapse-workers-statefulset.yaml"}, + }) +} diff --git a/charts/synapse/tests/golden/unit/well_known_resources_test.go b/charts/synapse/tests/golden/unit/well_known_resources_test.go new file mode 100644 index 0000000..baafc28 --- /dev/null +++ b/charts/synapse/tests/golden/unit/well_known_resources_test.go @@ -0,0 +1,92 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +func TestGoldenWellKnownService(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-well-known-service", + Templates: []string{"templates/well-known-service.yaml"}, + }) +} + +func TestGoldenWellKnownIngress(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-well-known-ingress", + Templates: []string{"templates/well-known-ingress.yaml"}, + }) +} + +// TestGoldenWellKnownIngressWithTLS verifies secretName is rendered in the TLS block. +func TestGoldenWellKnownIngressWithTLS(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-well-known-ingress-tls", + Templates: []string{"templates/well-known-ingress.yaml"}, + SetValues: map[string]string{"ingress.secretName": "synapse-tls"}, + }) +} + +// TestGoldenWellKnownDeployment covers the default deployment with openid-configuration +// volume mount (openid_configuration: true by default). +func TestGoldenWellKnownDeployment(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-well-known-deployment", + Templates: []string{"templates/well-known-deployment.yaml"}, + }) +} + +// TestGoldenWellKnownDeploymentNoOpenID verifies that the openid-configuration +// volume mount is absent when openid_configuration is disabled. +func TestGoldenWellKnownDeploymentNoOpenID(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-well-known-deployment-no-openid", + Templates: []string{"templates/well-known-deployment.yaml"}, + SetValues: map[string]string{"openid_configuration": "false"}, + }) +} diff --git a/charts/synapse/tests/golden/unit/well_known_test.go b/charts/synapse/tests/golden/unit/well_known_test.go new file mode 100644 index 0000000..222e33d --- /dev/null +++ b/charts/synapse/tests/golden/unit/well_known_test.go @@ -0,0 +1,67 @@ +package golden + +import ( + "path/filepath" + "testing" + "tests/golden" + + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" +) + +// TestGoldenWellKnownDefault covers the default well-known config: +// MAS authentication block present (msc2965 enabled by default), +// no identity_server, no RTC foci block. +func TestGoldenWellKnownDefault(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-well-known-default", + Templates: []string{"templates/well-known-configmap.yaml"}, + }) +} + +// TestGoldenWellKnownIdentityServer verifies that identity_server block +// is rendered when identity_server_vector is enabled. +func TestGoldenWellKnownIdentityServer(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-well-known-identity-server", + Templates: []string{"templates/well-known-configmap.yaml"}, + SetValues: map[string]string{"identity_server_vector": "true"}, + }) +} + +// TestGoldenWellKnownMsc3266 verifies that RTC foci block (for Element Call via LiveKit) +// is rendered when msc3266 is enabled. Also tests the livekit ingress host substitution. +func TestGoldenWellKnownMsc3266(t *testing.T) { + t.Parallel() + + chartPath, err := filepath.Abs("../../..") + require.NoError(t, err) + + suite.Run(t, &golden.TemplateGoldenTest{ + ChartPath: chartPath, + Release: "golden-file-test", + Namespace: "test-namespace", + GoldenFileName: "test-well-known-msc3266", + Templates: []string{"templates/well-known-configmap.yaml"}, + SetValues: map[string]string{ + "experimentalFeatures.msc3266.enabled": "true", + "livekitServer.ingress.host": "livekit.example.com", + }, + }) +}