From aa8d10a62d485f02bc5ff2f5543121489dd8449e Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Wed, 18 Sep 2024 02:16:33 -0500 Subject: [PATCH 1/8] Pinecone test image - Explicitly select Alpine golang image (#3426) I've noticed when trying to build the Dendrite Pinecone test image, the build fails due to `apk` not being available: image Checking out the [Docker Hub](https://hub.docker.com/_/golang/) repo for the `golang` image it looks like this can resovle to `1.22-bookworm`, so this should ensure we get an Alpine-based image for this build. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` Signed-off-by: Rhea Danzey --- build/docker/Dockerfile.demo-pinecone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/docker/Dockerfile.demo-pinecone b/build/docker/Dockerfile.demo-pinecone index f295044fc..dc6b22d7d 100644 --- a/build/docker/Dockerfile.demo-pinecone +++ b/build/docker/Dockerfile.demo-pinecone @@ -1,4 +1,4 @@ -FROM docker.io/golang:1.22 AS base +FROM docker.io/golang:1.22-alpine AS base # # Needs to be separate from the main Dockerfile for OpenShift, From 3530d2997f9060ac713bc09738a97c32aca91712 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Wed, 18 Sep 2024 13:21:23 -0500 Subject: [PATCH 2/8] Ensure Helm packages generated end up in docs/ subpath that's hosted (#3427) I've noticed that Chart Releaser is behaving improperly, and not successfully putting the charts where gh-pages will hots them and generating invalid index. This change should ensure built charts end up in the `docs/` subpath, which should ensure that `gh-pages` branch isn't getting an invalid `index.yaml` and new charts should be automatically available. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --- helm/ct.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/helm/ct.yaml b/helm/ct.yaml index af706fa3d..8b5aaa875 100644 --- a/helm/ct.yaml +++ b/helm/ct.yaml @@ -4,4 +4,6 @@ chart-repos: - bitnami=https://charts.bitnami.com/bitnami chart-dirs: - helm -validate-maintainers: false \ No newline at end of file +validate-maintainers: false +# this should ensure the tarballs are in the appropriate location for GH pages, rather than repo root +package-path: docs/ \ No newline at end of file From 152626c87e419a9b345a91f390f999212f420ff2 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Wed, 18 Sep 2024 13:22:18 -0500 Subject: [PATCH 3/8] Helm chart - Add configuration for image pull secrets (#3428) This minor change should allow the use of private container images with this chart by specifying image pull secrets. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --------- Signed-off-by: Rhea Danzey --- helm/dendrite/Chart.yaml | 2 +- helm/dendrite/templates/deployment.yaml | 4 ++++ helm/dendrite/values.yaml | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index 80c618822..2ed0d17e0 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: dendrite -version: "0.14.2" +version: "0.14.3" appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application diff --git a/helm/dendrite/templates/deployment.yaml b/helm/dendrite/templates/deployment.yaml index e3f84cdae..6496b2692 100644 --- a/helm/dendrite/templates/deployment.yaml +++ b/helm/dendrite/templates/deployment.yaml @@ -110,3 +110,7 @@ spec: httpGet: path: /_dendrite/monitor/up port: http + imagePullSecrets: + {{- with .Values.imagePullSecrets }} + {{ . | toYaml | nindent 6 }} + {{- end }} \ No newline at end of file diff --git a/helm/dendrite/values.yaml b/helm/dendrite/values.yaml index 6c5abc90e..f9d82965a 100644 --- a/helm/dendrite/values.yaml +++ b/helm/dendrite/values.yaml @@ -6,6 +6,10 @@ image: # -- Overrides the image tag whose default is the chart appVersion. tag: "" +# -- Configure image pull secrets to use private container registry +# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +imagePullSecrets: [] +# - name: your-pull-secret-name # signing key to use signing_key: From 40dd2c0400cfc6534072ca7d9839539872b013ad Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Wed, 18 Sep 2024 14:41:22 -0500 Subject: [PATCH 4/8] Use chart-releaser-action tag v1.6.0 (#3429) Context: https://github.com/matrix-org/dendrite/pull/3427#issuecomment-2359139622 Try tagged version of chart-releaser-action now that mark_latest option is available ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index d4772e106..10eb7c020 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.0 - name: Run chart-releaser - uses: helm/chart-releaser-action@ed43eb303604cbc0eeec8390544f7748dc6c790d # specific commit, since `mark_as_latest` is not yet in a release + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" with: From f2db7cbcb80fa8f9f0e2757c39a9255da7da9985 Mon Sep 17 00:00:00 2001 From: Till Faelligen <2353100+S7evinK@users.noreply.github.com> Date: Wed, 18 Sep 2024 21:46:33 +0200 Subject: [PATCH 5/8] Bump version to trigger CI --- helm/dendrite/Chart.yaml | 2 +- helm/dendrite/README.md | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index 2ed0d17e0..915d8af54 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: dendrite -version: "0.14.3" +version: "0.14.4" appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application diff --git a/helm/dendrite/README.md b/helm/dendrite/README.md index 6595a11fc..a5b03aa85 100644 --- a/helm/dendrite/README.md +++ b/helm/dendrite/README.md @@ -1,7 +1,7 @@ # dendrite -![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.8](https://img.shields.io/badge/AppVersion-0.13.8-informational?style=flat-square) +![Version: 0.14.4](https://img.shields.io/badge/Version-0.14.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.8](https://img.shields.io/badge/AppVersion-0.13.8-informational?style=flat-square) Dendrite Matrix Homeserver Status: **NOT PRODUCTION READY** @@ -45,6 +45,7 @@ Create a folder `appservices` and place your configurations in there. The confi | image.repository | string | `"ghcr.io/matrix-org/dendrite-monolith"` | Docker repository/image to use | | image.pullPolicy | string | `"IfNotPresent"` | Kubernetes pullPolicy | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | Configure image pull secrets to use private container registry https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret | | signing_key.create | bool | `true` | Create a new signing key, if not exists | | signing_key.existingSecret | string | `""` | Use an existing secret | | resources | object | sets some sane default values | Default resource requests/limits. | @@ -189,3 +190,5 @@ grafana: ``` PS: The label `release=kube-prometheus-stack` is setup with the helmchart of the Prometheus Operator. For Grafana Dashboards it may be necessary to enable scanning in the correct namespaces (or ALL), enabled by `sidecar.dashboards.searchNamespace` in [Helmchart of grafana](https://artifacthub.io/packages/helm/grafana/grafana) (which is part of PrometheusOperator, so `grafana.sidecar.dashboards.searchNamespace`) +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file From c914f062e6ec9891a2a03d9ab54a28007bafa3a8 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Fri, 20 Sep 2024 00:44:50 -0500 Subject: [PATCH 6/8] Helm chart - Fix image pull secrets for signing-key job (#3430) Forgotten in https://github.com/matrix-org/dendrite/pull/3428 - Pull secrets need to be used for signing-key job since it uses Dendrite container as well ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --------- Signed-off-by: Rhea Danzey --- helm/dendrite/Chart.yaml | 2 +- helm/dendrite/templates/jobs.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index 915d8af54..7893f9bdc 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: dendrite -version: "0.14.4" +version: "0.14.5" appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application diff --git a/helm/dendrite/templates/jobs.yaml b/helm/dendrite/templates/jobs.yaml index c10f358b0..42582d749 100644 --- a/helm/dendrite/templates/jobs.yaml +++ b/helm/dendrite/templates/jobs.yaml @@ -54,6 +54,10 @@ metadata: spec: template: spec: + imagePullSecrets: + {{- with .Values.imagePullSecrets }} + {{ . | toYaml | nindent 6 }} + {{- end }} restartPolicy: "Never" serviceAccount: {{ $name }} containers: From 07e59d0ba908f02ca81a3cd4f08d56a816614c78 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Fri, 20 Sep 2024 13:56:27 -0500 Subject: [PATCH 7/8] =?UTF-8?q?Helm=20Chart=20-=20Add=20configuration=20fo?= =?UTF-8?q?r=20node=20selector=20/=20tolerations=20/=20affi=E2=80=A6=20(#3?= =?UTF-8?q?433)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For some experimentation I'm doing, I need to pin Dendrite to a specific node pool. This should be available configuration within the chart ideally, and this should do it in theory. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --------- Signed-off-by: Rhea Danzey --- helm/dendrite/Chart.yaml | 2 +- helm/dendrite/templates/deployment.yaml | 15 +++++++++++++++ helm/dendrite/templates/jobs.yaml | 12 ++++++++++++ helm/dendrite/values.yaml | 12 ++++++++++++ 4 files changed, 40 insertions(+), 1 deletion(-) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index 7893f9bdc..9613b5045 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: dendrite -version: "0.14.5" +version: "0.14.6" appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application diff --git a/helm/dendrite/templates/deployment.yaml b/helm/dendrite/templates/deployment.yaml index 6496b2692..3952f4a7c 100644 --- a/helm/dendrite/templates/deployment.yaml +++ b/helm/dendrite/templates/deployment.yaml @@ -56,6 +56,9 @@ spec: args: - '--config' - '/etc/dendrite/dendrite.yaml' + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} ports: - name: http containerPort: 8008 @@ -113,4 +116,16 @@ spec: imagePullSecrets: {{- with .Values.imagePullSecrets }} {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} {{- end }} \ No newline at end of file diff --git a/helm/dendrite/templates/jobs.yaml b/helm/dendrite/templates/jobs.yaml index 42582d749..7f96f2695 100644 --- a/helm/dendrite/templates/jobs.yaml +++ b/helm/dendrite/templates/jobs.yaml @@ -98,6 +98,18 @@ spec: volumes: - name: signing-key emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} parallelism: 1 completions: 1 backoffLimit: 1 diff --git a/helm/dendrite/values.yaml b/helm/dendrite/values.yaml index f9d82965a..02cd1aa13 100644 --- a/helm/dendrite/values.yaml +++ b/helm/dendrite/values.yaml @@ -77,6 +77,9 @@ persistence: # GKE, AWS & OpenStack) storageClass: +# -- Add additional arguments to the dendrite command +extraArgs: [] + # -- Add additional volumes to the Dendrite Pod extraVolumes: [] # ex. @@ -100,6 +103,15 @@ strategy: # -- Maximum number of pods that can be scheduled above the desired number of pods maxSurge: 25% +# -- Node selector configuration +nodeSelector: {} + +# -- Tolerations configuration +tolerations: {} + +# -- Affinity configuration +affinity: {} + dendrite_config: version: 2 global: From df770dae0aa823e2dcba7c6d8682da60c679dfde Mon Sep 17 00:00:00 2001 From: arenekosreal <17194552+arenekosreal@users.noreply.github.com> Date: Sun, 22 Sep 2024 16:33:54 +0800 Subject: [PATCH 8/8] Make OPTIONS method on MSC3916 endpoints available without auth (#3431) OPTIONS method is usually sent by browser in preflight requests, most of the time we cannot control preflight request to add auth header. Synapse will return a 204 response directly without authentication for those OPTIONS method. According to firefox's documentation, both 200 and 204 are acceptable so I think there is no need to change handler in dendrite. This closes https://github.com/matrix-org/dendrite/issues/3424 No need to add a test because this is just a fix and I have tested on my Cinny Web client personally. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `arenekosreal <17194552+arenekosreal@users.noreply.github.com>` Signed-off-by: arenekosreal <17194552+arenekosreal@users.noreply.github.com> --- internal/httputil/httpapi.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/internal/httputil/httpapi.go b/internal/httputil/httpapi.go index 0559fbb72..034f19f1f 100644 --- a/internal/httputil/httpapi.go +++ b/internal/httputil/httpapi.go @@ -210,6 +210,12 @@ func MakeExternalAPI(metricsName string, f func(*http.Request) util.JSONResponse // This is used to serve HTML alongside JSON error messages func MakeHTTPAPI(metricsName string, userAPI userapi.QueryAcccessTokenAPI, enableMetrics bool, f func(http.ResponseWriter, *http.Request), checks ...AuthAPIOption) http.Handler { withSpan := func(w http.ResponseWriter, req *http.Request) { + if req.Method == http.MethodOptions { + util.SetCORSHeaders(w) + w.WriteHeader(http.StatusOK) // Maybe http.StatusNoContent? + return + } + trace, ctx := internal.StartTask(req.Context(), metricsName) defer trace.EndTask() req = req.WithContext(ctx)