2.19.12

element-hq · Aug 28, 2024 · a743b35 · a743b35
1 parent 165ffc6
commit a743b35
Show file tree

Hide file tree

Showing 49 changed files with 4,174 additions and 4,258 deletions.
diff --git a/config/samples/matrix_v1alpha1_synapse.yaml b/config/samples/matrix_v1alpha1_synapse.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 New Vector Ltd
+# Copyright 2023-2024 New Vector Ltd
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -10,6 +10,8 @@ metadata:
 spec:
   image:
     tag: latest
+    haproxyTag: latest
+    redisTag: latest
   ingress:
     domainName: matrix.fqdn.tld
     annotations:

diff --git a/config/samples/matrix_v1alpha1_wellknowndelegation.yaml b/config/samples/matrix_v1alpha1_wellknowndelegation.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 New Vector Ltd
+# Copyright 2023-2024 New Vector Ltd
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -8,6 +8,8 @@ kind: WellKnownDelegation
 metadata:
   name: sample
 spec:
+  image:
+    tag: stable-alpine
   ingress:
     domainName: fdqn.tld
     annotations:

diff --git a/helm/easy-setup/ess-meta/Chart.yaml b/helm/easy-setup/ess-meta/Chart.yaml
@@ -7,15 +7,15 @@ apiVersion: v2
 name: ess-meta
 description: A Helm chart to deploy ESS easily
 type: application
-version: 2.19.11
-appVersion: "2.19.11"
+version: 2.19.12
+appVersion: "2.19.12"
 dependencies:
   - name: ess-stack
     repository: https://element-hq.github.io/ess-starter-edition-core
-    version: 2.19.11
+    version: 2.19.12
   - name: ess-system
     repository: https://element-hq.github.io/ess-starter-edition-core
-    version: 2.19.11
+    version: 2.19.12
   - name: postgresql
     version: 13.2.24
     repository: https://charts.bitnami.com/bitnami

diff --git a/helm/easy-setup/ess-meta/templates/_helpers.tpl b/helm/easy-setup/ess-meta/templates/_helpers.tpl
@@ -7,9 +7,12 @@
 Template the configuration of the self signed ca
 */}}
 {{- define "ess.secrets.self-signed-ca" }}
+{{- $essStackCA := lookup "v1" "Secret" "cert-manager" "ess-stack-ca" }}
+{{- if $essStackCA -}}
 {{ index (lookup "v1" "Secret" "cert-manager" "ess-stack-ca").data "tls.crt" | b64dec }}
 {{ index (lookup "v1" "Secret" "cert-manager" "ess-stack-ca").data "ca.crt" | b64dec }}
 {{- end }}
+{{- end }}
 
 
 {{/*

diff --git a/helm/easy-setup/ess-meta/values.yaml b/helm/easy-setup/ess-meta/values.yaml
@@ -28,18 +28,18 @@ ess-stack:
     global:
       content:
         genericSharedSecret: >-
-          {{ include "ess.secrets.passwords.manage" (dict "secret" (printf "%s-stack-global" (include "ess-stack.fullname" $)) "key" "genericSharedSecret" "skipQuote" true "context" $) }}
+          {{ include "ess.secrets.passwords.manage" (dict "secret" (printf "%s-stack-global" (include "ess-stack.fullname" $)) "key" "genericSharedSecret" "skipQuote" true "skipB64enc" true "context" $) }}
         ca.pem: |
           {{ include "ess.secrets.self-signed-ca" . }}
 
     synapse:
       content:
         macaroon: >-
-          {{ include "ess.secrets.passwords.manage" (dict "secret" (printf "%s-stack-synapse" (include "ess-stack.fullname" $)) "key" "macaroon" "skipQuote" true "context" $) }}
+          {{ include "ess.secrets.passwords.manage" (dict "secret" (printf "%s-stack-synapse" (include "ess-stack.fullname" $)) "key" "macaroon" "skipQuote" true "skipB64enc" true "context" $) }}
         postgresPassword: >-
           {{ include "ess.secrets.passwords.manage-with-default" (dict "secret" (printf "%s-stack-synapse" (include "ess-stack.fullname" $)) "key" "postgresPassword" "defaultPasswordValue" (include "ess.secrets.password.shared-password" (dict "sharedPasswordId" "synapse-pg-password" "context" $)) "context" $) }}
         registrationSharedSecret: >-
-          {{ include "ess.secrets.passwords.manage" (dict "secret" (printf "%s-stack-synapse" (include "ess-stack.fullname" $)) "failOnNew" false "key" "registrationSharedSecret" "skipQuote" true "context" $) }}
+          {{ include "ess.secrets.passwords.manage" (dict "secret" (printf "%s-stack-synapse" (include "ess-stack.fullname" $)) "failOnNew" false "key" "registrationSharedSecret" "skipQuote" true "skipB64enc" true "context" $) }}
 
   globalOptions:
     config:
@@ -54,7 +54,7 @@ ess-stack:
         replicas: 1
         hostAliases:
         - ip: >-
-            {{ (lookup "v1" "Service" "ingress-nginx" "ingress-nginx-controller").spec.clusterIP }}
+            {{ ( (lookup "v1" "Service" "ingress-nginx" "ingress-nginx-controller") | default (dict "spec" (dict "clusterIP" "127.0.0.1")) ).spec.clusterIP }}
           hostnames:
           - "{{ .Values.global.baseUrl }}"
           - "synapse.{{ .Values.global.baseUrl }}"

diff --git a/helm/easy-setup/helm-diff.sh b/helm/easy-setup/helm-diff.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Copyright 2024 New Vector Ltd
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+
+values_files_args=""
+for arg in "$@"
+do
+  values_files_args+=" -f values/values.${arg}.yaml"
+done
+
+helm --kube-context kind-easy-setup diff upgrade --detailed-exitcode --dry-run=server --namespace ess -f values.ess-stack.yaml $values_files_args ess ./ess-meta
diff --git a/helm/easy-setup/helm-template.sh b/helm/easy-setup/helm-template.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Copyright 2024 New Vector Ltd
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+
+values_files_args=""
+for arg in "$@"
+do
+  values_files_args+=" -f values/values.${arg}.yaml"
+done
+
+helm --kube-context kind-easy-setup template --namespace ess -f values.ess-stack.yaml $values_files_args ess ./ess-meta --debug
diff --git a/helm/ess-stack/Chart.yaml b/helm/ess-stack/Chart.yaml
@@ -7,5 +7,5 @@ apiVersion: v2
 name: ess-stack
 description: A Helm chart to deploy ESS stack
 type: application
-version: 2.19.11
-appVersion: 2.19.11
+version: 2.19.12
+appVersion: 2.19.12
diff --git a/helm/ess-stack/templates/elementdeployment.yaml b/helm/ess-stack/templates/elementdeployment.yaml
@@ -2,16 +2,18 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
-
+---
 apiVersion: matrix.element.io/v1alpha2
 kind: ElementDeployment
 metadata:
   name: {{ include "ess-stack.fullname" $ }}
   annotations:
-    k8s.element.io/secretshash: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+    k8s.element.io/secretshash: {{ $.Values.secrets | toJson | sha256sum }}
 spec:
   components:
-{{ range $component, $properties := $.Values.components }}
+{{- $sortedComponents := sortAlpha (keys $.Values.components) -}}
+{{- range $component := $sortedComponents }}
+{{- $properties := index $.Values.components $component }}
     {{ $component }}:
       secretName: {{ (index $.Values.secrets $component).existingSecret | default (printf "%s-stack-%s" (include "ess-stack.fullname" $) ($component | lower) )  }}
       {{ tpl (toYaml $properties) $ | nindent 6 }}

diff --git a/helm/ess-stack/templates/secrets.yaml b/helm/ess-stack/templates/secrets.yaml
@@ -2,16 +2,20 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+---
 
-{{ range $component, $secret := $.Values.secrets }}
+{{- $sortedSecrets := sortAlpha (keys $.Values.secrets) -}}
+{{- range $secretEntry := $sortedSecrets }}
+{{- $secret := (index $.Values.secrets $secretEntry) -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "ess-stack.fullname" $ }}-stack-{{ $component | lower  }}
+  name: {{ include "ess-stack.fullname" $ }}-stack-{{ $secretEntry | lower  }}
 type: Opaque
 data:
-{{ range $key, $value := $secret.content }}
-  {{ $key }}: {{ (tpl $value $) | b64enc }}
+{{- $sortedKeys := sortAlpha (keys $secret.content) -}}
+{{- range $sortedKeys }}
+  {{ . }}: {{ (tpl (index $secret.content .) $) | b64enc }}
 {{ end }}
 ---
 {{ end }}
diff --git a/helm/ess-stack/values.schema.json b/helm/ess-stack/values.schema.json
@@ -3362,7 +3362,7 @@
       },
       "type": "object"
     },
-    "global": {
+    "globalOptions": {
       "default": {},
       "properties": {
         "config": {

diff --git a/helm/ess-system/Chart.yaml b/helm/ess-system/Chart.yaml
@@ -7,12 +7,12 @@ apiVersion: v2
 name: ess-system
 description: A Helm chart to deploy ESS System prerequisites (operators & crds)
 type: application
-version: 2.19.11
-appVersion: 2.19.11
+version: 2.19.12
+appVersion: 2.19.12
 dependencies:
   - name: element-operator
     repository: https://element-hq.github.io/ess-starter-edition-core
-    version: 2.19.11
+    version: 2.19.12
   - name: element-updater
     repository: https://element-hq.github.io/ess-starter-edition-core
-    version: 2.19.11
+    version: 2.19.12
diff --git a/helm/ess-system/templates/webhook-certificate.yaml b/helm/ess-system/templates/webhook-certificate.yaml
@@ -2,6 +2,7 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+---
 
 {{ if or (eq (index .Values "element-operator").deployCrds true) (eq (index .Values "element-updater").deployCrds true) }}
 apiVersion: cert-manager.io/v1

diff --git a/helm/ess-system/templates/webhook-issuer.yaml b/helm/ess-system/templates/webhook-issuer.yaml
@@ -2,6 +2,7 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+---
 
 {{ if or (eq (index .Values "element-operator").deployCrds true) (eq (index .Values "element-updater").deployCrds true) }}
 apiVersion: cert-manager.io/v1

diff --git a/helm/operator/Chart.yaml b/helm/operator/Chart.yaml
@@ -20,9 +20,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.19.11
+version: 2.19.12
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 2.19.11
+appVersion: 2.19.12
diff --git a/helm/operator/source-values.yaml b/helm/operator/source-values.yaml
@@ -34,7 +34,7 @@ crds:
     imagePullPolicy: Always
     image:
       repository: docker.io/vectorim/ess-core-operator-conversion-webhook
-      tag: 2.19.11
+      tag: 2.19.12
 operator:
   extraPodSpec:
     securityContext:
@@ -70,7 +70,7 @@ operator:
     imagePullPolicy: Always
     image:
       repository: docker.io/vectorim/ess-core-operator
-      tag: 2.19.11
+      tag: 2.19.12
   rbacProxy:
     resources:
       limits:

diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml
@@ -34,7 +34,7 @@ crds:
     imagePullPolicy: Always
     image:
       repository: docker.io/vectorim/ess-core-operator-conversion-webhook
-      tag: 2.19.11
+      tag: 2.19.12
 operator:
   extraPodSpec:
     securityContext:
@@ -70,7 +70,7 @@ operator:
     imagePullPolicy: Always
     image:
       repository: docker.io/vectorim/ess-core-operator
-      tag: 2.19.11
+      tag: 2.19.12
   rbacProxy:
     resources:
       limits:

diff --git a/helm/updater/Chart.yaml b/helm/updater/Chart.yaml
@@ -20,9 +20,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.19.11
+version: 2.19.12
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 2.19.11
+appVersion: 2.19.12
diff --git a/helm/updater/source-values.yaml b/helm/updater/source-values.yaml
@@ -34,7 +34,7 @@ crds:
     imagePullPolicy: Always
     image:
       repository: docker.io/vectorim/ess-core-updater-conversion-webhook
-      tag: 2.19.11
+      tag: 2.19.12
 updater:
   extraPodSpec:
     securityContext:
@@ -70,7 +70,7 @@ updater:
             - ALL
     image:
       repository: docker.io/vectorim/ess-core-updater
-      tag: 2.19.11
+      tag: 2.19.12
   rbacProxy:
     resources:
       limits:

diff --git a/helm/updater/values.yaml b/helm/updater/values.yaml
@@ -34,7 +34,7 @@ crds:
     imagePullPolicy: Always
     image:
       repository: docker.io/vectorim/ess-core-updater-conversion-webhook
-      tag: 2.19.11
+      tag: 2.19.12
 updater:
   extraPodSpec:
     securityContext:
@@ -70,7 +70,7 @@ updater:
             - ALL
     image:
       repository: docker.io/vectorim/ess-core-updater
-      tag: 2.19.11
+      tag: 2.19.12
   rbacProxy:
     resources:
       limits:

diff --git a/roles/elementdeployment/defaults/main/images.yml b/roles/elementdeployment/defaults/main/images.yml
@@ -35,11 +35,11 @@ default_images_digests:
     haproxy:
       image_repository_server: docker.io
       image_repository_path: library/haproxy
-      image_tag: '2.8-alpine'
+      image_tag: '3.0-alpine'
     redis:
       image_repository_server: docker.io
       image_repository_path: library/redis
-      image_tag: 7.2-alpine
+      image_tag: 7.4-alpine
     synapse:
       image_repository_server: docker.io
       image_repository_path: matrixdotorg/synapse
@@ -48,4 +48,4 @@ default_images_digests:
     well_known_delegation:
       image_repository_server: docker.io
       image_repository_path: library/nginx
-      image_tag: '1.24-alpine-slim'
+      image_tag: 1.26-alpine-slim
diff --git a/roles/synapse/defaults/main/main.yml b/roles/synapse/defaults/main/main.yml
@@ -25,11 +25,9 @@ env: "{{ {} | combine([env_underrides, env_user, env_overrides] | map('items2dic
             | dict2items(key_name='name') }}"
 
 redis_image_repository: "redis"
-redis_image_tag: "6.2"
-redis_loglevel: "warning"
+redis_loglevel: "notice"
 
 haproxy_image_repository: "haproxy"
-haproxy_image_tag: "2.4"
 haproxy_replicas: 2
 
 secrets_hash: "{{ _fetched_synapse_secrets | hash('sha1') }}"

diff --git a/roles/synapse/templates/manifests/haproxy_configmap.yaml.j2 b/roles/synapse/templates/manifests/haproxy_configmap.yaml.j2
@@ -13,7 +13,7 @@ metadata:
     app.kubernetes.io/instance: "{{ ansible_operator_meta.name }}-synapse-haproxy"
     app.kubernetes.io/part-of: matrix-stack
     app.kubernetes.io/component: matrix-server-ingress
-    app.kubernetes.io/version: "{{ image.haproxy_tag | default(haproxy_image_tag) }}"
+    app.kubernetes.io/version: "{{ image.haproxy_tag }}"
   name: "{{ ansible_operator_meta.name }}-synapse-haproxy"
   namespace: "{{ ansible_operator_meta.namespace }}"
 data:

diff --git a/roles/synapse/templates/manifests/haproxy_deployment.yaml.j2 b/roles/synapse/templates/manifests/haproxy_deployment.yaml.j2
@@ -13,7 +13,7 @@ metadata:
     app.kubernetes.io/instance: "{{ ansible_operator_meta.name }}-synapse-haproxy"
     app.kubernetes.io/part-of: matrix-stack
     app.kubernetes.io/component: matrix-server-ingress
-    app.kubernetes.io/version: "{{ image.haproxy_tag | default(haproxy_image_tag) }}"
+    app.kubernetes.io/version: "{{ image.haproxy_tag }}"
     k8s.element.io/confighash: "{{ lookup('template', 'manifests/haproxy_configmap.yaml.j2') | hash('sha1') }}"
 {% if workloads.haproxy.annotations | default({}) %}
   annotations:
@@ -38,7 +38,7 @@ spec:
         app.kubernetes.io/instance: "{{ ansible_operator_meta.name }}-synapse-haproxy"
         app.kubernetes.io/part-of: matrix-stack
         app.kubernetes.io/component: matrix-server-ingress
-        app.kubernetes.io/version: "{{ image.haproxy_tag | default(haproxy_image_tag) }}"
+        app.kubernetes.io/version: "{{ image.haproxy_tag }}"
         k8s.element.io/confighash: "{{ lookup('template', 'manifests/haproxy_configmap.yaml.j2') | hash('sha1') }}"
 {% if workloads.haproxy.annotations | default({}) %}
       annotations:
@@ -67,7 +67,7 @@ spec:
 {% if image_haproxy_has_digest %}
         image: "{{ image.haproxy_repository | default(haproxy_image_repository) }}@{{ image.haproxy_digest }}"
 {% else %}
-        image: "{{ image.haproxy_repository | default(haproxy_image_repository) }}:{{ image.haproxy_tag | default(haproxy_image_tag) }}"
+        image: "{{ image.haproxy_repository | default(haproxy_image_repository) }}:{{ image.haproxy_tag }}"
 {% endif %}
         imagePullPolicy: "{{ image.haproxyPullPolicy | default(image_haproxy_pull_policy) }}"
 {% if (_matrix_element_io_synapse_spec.config.haproxyContainersSecurityContext | default({})) | length > 0 %}

diff --git a/roles/synapse/templates/manifests/redis_configmap.yaml.j2 b/roles/synapse/templates/manifests/redis_configmap.yaml.j2
@@ -13,7 +13,7 @@ metadata:
     app.kubernetes.io/instance: "{{ ansible_operator_meta.name }}-synapse-redis"
     app.kubernetes.io/part-of: matrix-stack
     app.kubernetes.io/component: matrix-server-pubsub
-    app.kubernetes.io/version: "{{ image.redis_tag | default(redis_image_tag) }}"
+    app.kubernetes.io/version: "{{ image.redis_tag }}"
   name: "{{ ansible_operator_meta.name }}-synapse-redis"
   namespace: "{{ ansible_operator_meta.namespace }}"
 data: