redis: move redis to a shared instance #972

gaelgatelement · 2026-01-16T08:51:49Z

We are going to re-use the same redis with no persistence for multiple components in the near future (hookshot, synapse)

github-actions · 2026-01-16T08:53:10Z

dyff of changes in rendered templates of CI manifests

Full contents of manifests and dyffs are available in https://github.com/element-hq/ess-helm/actions/runs/21064955919/artifacts/5153198960

pytest-synapse-values.yaml

@@ ConfigMap/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_configmap.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ data:
+   redis.conf: |
+     # Do not require a password
+     protected-mode no
+     port 6379
+ 
+     tcp-backlog 511
+     tcp-keepalive 300
+ 
+     # Never close the connection
+     timeout 0
+ 
+     # We run the redis in a container so disable both of these
+     daemonize no
+     supervised no
+ 
+     loglevel notice
+     logfile ''
+ 
+     databases 16
+     always-show-logo no
+     stop-writes-on-bgsave-error yes
+ 
+     # We never save to the disk
+     save ''
+ 
+     replica-serve-stale-data yes
+     replica-read-only yes
+     repl-diskless-sync no
+     repl-diskless-sync-delay 5
+     repl-diskless-load disabled
+     repl-disable-tcp-nodelay no
+     replica-priority 100
+     acllog-max-len 128
+ 
+     lazyfree-lazy-eviction no
+     lazyfree-lazy-expire no
+     lazyfree-lazy-server-del no
+     replica-lazy-flush no
+ 
+     lazyfree-lazy-user-del no
+ 
+     lazyfree-lazy-user-flush no
+     oom-score-adj no
+     oom-score-adj-values 0 200 800
+ 
+     disable-thp yes
+ 
+     appendonly no
+     appendfilename 'appendonly.aof'
+     appendfsync everysec
+ 
+     no-appendfsync-on-rewrite no
+ 
+     auto-aof-rewrite-percentage 100
+     auto-aof-rewrite-min-size 64mb
+     aof-load-truncated yes
+     aof-use-rdb-preamble yes
+     lua-time-limit 5000
+     slowlog-log-slower-than 10000
+     slowlog-max-len 128
+     latency-monitor-threshold 0
+     notify-keyspace-events ""
+     hash-max-ziplist-entries 512
+     hash-max-ziplist-value 64
+     list-max-ziplist-size -2
+     list-compress-depth 0
+     set-max-intset-entries 512
+     zset-max-ziplist-entries 128
+     zset-max-ziplist-value 64
+     hll-sparse-max-bytes 3000
+     stream-node-max-bytes 4096
+     stream-node-max-entries 100
+     activerehashing yes
+     client-output-buffer-limit normal 0 0 0
+     client-output-buffer-limit replica 256mb 64mb 60
+     client-output-buffer-limit pubsub 32mb 8mb 60
+ 
+     # Hz is the freuqency at which background tasks are performed, we keep this low to save CPU
+     hz 1
+ 
+     # The hz value is increased to scale with the number of clients connected.
+     dynamic-hz yes
+ 
+     aof-rewrite-incremental-fsync yes
+     rdb-save-incremental-fsync yes
+     jemalloc-bg-thread yes
+ 
+     maxmemory 40mb
+     maxmemory-policy allkeys-lru



@@ ConfigMap/ess-ci/release-name-synapse-hook - data.04-homeserver-overrides.yaml @@
  public_baseurl: https://synapse.ess.localhost/
  server_name: ess.localhost
  signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
  enable_metrics: true
  
  [58 lines unchanged)]
  
      port: 9093
  
  redis:
    enabled: true
-   host: "release-name-synapse-redis.ess-ci.svc.cluster.local."
+   host: "release-name-redis.ess-ci.svc.cluster.local."
  
  stream_writers:
    events:
    - release-name-synapse-event-persist-0


@@ ConfigMap/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_configmap.yaml
- apiVersion: v1
- kind: ConfigMap
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- data:
-   redis.conf: |
-     # Copyright 2025 New Vector Ltd
-     # Copyright 2025 Element Creations Ltd
-     # SPDX-License-Identifier: AGPL-3.0-only
- 
-     # This file is based upon https://raw.githubusercontent.com/redis/redis/6.2/redis.conf
- 
-     # Do not require a password
-     protected-mode no
-     port 6379
- 
-     tcp-backlog 511
-     tcp-keepalive 300
- 
-     # Never close the connection
-     timeout 0
- 
-     # We run the redis in a container so disable both of these
-     daemonize no
-     supervised no
- 
-     loglevel notice
-     logfile ''
- 
-     databases 16
-     always-show-logo no
-     stop-writes-on-bgsave-error yes
- 
-     # We never save to the disk
-     save ''
- 
-     replica-serve-stale-data yes
-     replica-read-only yes
-     repl-diskless-sync no
-     repl-diskless-sync-delay 5
-     repl-diskless-load disabled
-     repl-disable-tcp-nodelay no
-     replica-priority 100
-     acllog-max-len 128
- 
-     lazyfree-lazy-eviction no
-     lazyfree-lazy-expire no
-     lazyfree-lazy-server-del no
-     replica-lazy-flush no
- 
-     lazyfree-lazy-user-del no
- 
-     lazyfree-lazy-user-flush no
-     oom-score-adj no
-     oom-score-adj-values 0 200 800
- 
-     disable-thp yes
- 
-     appendonly no
-     appendfilename 'appendonly.aof'
-     appendfsync everysec
- 
-     no-appendfsync-on-rewrite no
- 
-     auto-aof-rewrite-percentage 100
-     auto-aof-rewrite-min-size 64mb
-     aof-load-truncated yes
-     aof-use-rdb-preamble yes
-     lua-time-limit 5000
-     slowlog-log-slower-than 10000
-     slowlog-max-len 128
-     latency-monitor-threshold 0
-     notify-keyspace-events ""
-     hash-max-ziplist-entries 512
-     hash-max-ziplist-value 64
-     list-max-ziplist-size -2
-     list-compress-depth 0
-     set-max-intset-entries 512
-     zset-max-ziplist-entries 128
-     zset-max-ziplist-value 64
-     hll-sparse-max-bytes 3000
-     stream-node-max-bytes 4096
-     stream-node-max-entries 100
-     activerehashing yes
-     client-output-buffer-limit normal 0 0 0
-     client-output-buffer-limit replica 256mb 64mb 60
-     client-output-buffer-limit pubsub 32mb 8mb 60
- 
-     # Hz is the freuqency at which background tasks are performed, we keep this low to save CPU
-     hz 1
- 
-     # The hz value is increased to scale with the number of clients connected.
-     dynamic-hz yes
- 
-     aof-rewrite-incremental-fsync yes
-     rdb-save-incremental-fsync yes
-     jemalloc-bg-thread yes



@@ ConfigMap/ess-ci/release-name-synapse - data.04-homeserver-overrides.yaml @@
  public_baseurl: https://synapse.ess.localhost/
  server_name: ess.localhost
  signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
  enable_metrics: true
  
  [58 lines unchanged)]
  
      port: 9093
  
  redis:
    enabled: true
-   host: "release-name-synapse-redis.ess-ci.svc.cluster.local."
+   host: "release-name-redis.ess-ci.svc.cluster.local."
  
  stream_writers:
    events:
    - release-name-synapse-event-persist-0


@@ Deployment/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   annotations:
+     has-no-service-monitor: "true"
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+     k8s.element.io/redis-config-hash: "3034b3cfe78419348e36bb348fad98b46a736334"
+   name: release-name-redis
+   namespace: ess-ci
+ spec:
+   replicas: 1
+   selector:
+     matchLabels:
+       app.kubernetes.io/instance: release-name-redis
+   strategy:
+     type: RollingUpdate
+     rollingUpdate:
+       maxSurge: 2
+       maxUnavailable: 0
+   template:
+     metadata:
+       labels:
+         app.kubernetes.io/managed-by: Helm
+         app.kubernetes.io/part-of: matrix-stack
+         app.kubernetes.io/component: matrix-pubsub-small-cache
+         app.kubernetes.io/name: redis
+         app.kubernetes.io/instance: release-name-redis
+         app.kubernetes.io/version: "7.4-alpine"
+         k8s.element.io/redis-config-hash: "3034b3cfe78419348e36bb348fad98b46a736334"
+       annotations:
+         has-no-service-monitor: "true"
+     spec:
+       automountServiceAccountToken: false
+       serviceAccountName: release-name-redis
+       securityContext:
+         fsGroup: 10002
+         runAsGroup: 0
+         runAsNonRoot: true
+         runAsUser: 10002
+         seccompProfile:
+           type: RuntimeDefault
+         supplementalGroups: []
+       topologySpreadConstraints:
+         - labelSelector:
+             matchLabels:
+               app.kubernetes.io/instance: release-name-redis
+           matchLabelKeys:
+             - pod-template-hash
+           maxSkew: 1
+           topologyKey: kubernetes.io/hostname
+           whenUnsatisfiable: ScheduleAnyway
+       containers:
+         - name: redis
+           args:
+             - "/config/redis.conf"
+           image: "docker.io/library/redis:7.4-alpine"
+           imagePullPolicy: Always
+           securityContext:
+             allowPrivilegeEscalation: false
+             capabilities:
+               drop:
+                 - ALL
+             readOnlyRootFilesystem: true
+           ports:
+             - containerPort: 6379
+               name: redis
+               protocol: TCP
+           startupProbe:
+             failureThreshold: 5
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             tcpSocket:
+               port: redis
+           livenessProbe:
+             failureThreshold: 3
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             tcpSocket:
+               port: redis
+           readinessProbe:
+             failureThreshold: 3
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             exec:
+               command:
+                 - redis-cli
+                 - ping
+           resources:
+             limits:
+               memory: 50Mi
+             requests:
+               cpu: 50m
+               memory: 50Mi
+           volumeMounts:
+             - mountPath: /config/redis.conf
+               name: config
+               readOnly: true
+               subPath: redis.conf
+       restartPolicy: Always
+       volumes:
+         - configMap:
+             name: "release-name-redis"
+             defaultMode: 420
+           name: config


@@ Deployment/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_deployment.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
-   annotations:
-     has-no-service-monitor: "true"
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-     k8s.element.io/redis-config-hash: "8188ad8e9a531f4667e5b2d53136dbc20499eacd"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- spec:
-   replicas: 1
-   selector:
-     matchLabels:
-       app.kubernetes.io/instance: release-name-synapse-redis
-   strategy:
-     type: RollingUpdate
-     rollingUpdate:
-       maxSurge: 2
-       maxUnavailable: 0
-   template:
-     metadata:
-       labels:
-         app.kubernetes.io/managed-by: Helm
-         app.kubernetes.io/part-of: matrix-stack
-         app.kubernetes.io/component: matrix-server-pubsub
-         app.kubernetes.io/name: synapse-redis
-         app.kubernetes.io/instance: release-name-synapse-redis
-         app.kubernetes.io/version: "7.4-alpine"
-         k8s.element.io/redis-config-hash: "8188ad8e9a531f4667e5b2d53136dbc20499eacd"
-       annotations:
-         has-no-service-monitor: "true"
-     spec:
-       automountServiceAccountToken: false
-       serviceAccountName: release-name-synapse-redis
-       securityContext:
-         fsGroup: 10002
-         runAsGroup: 0
-         runAsNonRoot: true
-         runAsUser: 10002
-         seccompProfile:
-           type: RuntimeDefault
-         supplementalGroups: []
-       topologySpreadConstraints:
-         - labelSelector:
-             matchLabels:
-               app.kubernetes.io/instance: release-name-synapse-redis
-           matchLabelKeys:
-             - pod-template-hash
-           maxSkew: 1
-           topologyKey: kubernetes.io/hostname
-           whenUnsatisfiable: ScheduleAnyway
-       containers:
-         - name: redis
-           args:
-             - "/config/redis.conf"
-           image: "docker.io/library/redis:7.4-alpine"
-           imagePullPolicy: Always
-           securityContext:
-             allowPrivilegeEscalation: false
-             capabilities:
-               drop:
-                 - ALL
-             readOnlyRootFilesystem: true
-           ports:
-             - containerPort: 6379
-               name: redis
-               protocol: TCP
-           startupProbe:
-             failureThreshold: 5
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             tcpSocket:
-               port: redis
-           livenessProbe:
-             failureThreshold: 3
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             tcpSocket:
-               port: redis
-           readinessProbe:
-             failureThreshold: 3
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             exec:
-               command:
-                 - redis-cli
-                 - ping
-           resources:
-             limits:
-               memory: 50Mi
-             requests:
-               cpu: 50m
-               memory: 50Mi
-           volumeMounts:
-             - mountPath: /config/redis.conf
-               name: config
-               readOnly: true
-               subPath: redis.conf
-       restartPolicy: Always
-       volumes:
-         - configMap:
-             name: "release-name-synapse-redis"
-             defaultMode: 420
-           name: config


@@ Service/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ spec:
+   ipFamilyPolicy: PreferDualStack
+   ports:
+     - port: 6379
+       targetPort: redis
+       name: redis
+   selector:
+     app.kubernetes.io/instance: "release-name-redis"


@@ Service/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_service.yaml
- apiVersion: v1
- kind: Service
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- spec:
-   ipFamilyPolicy: PreferDualStack
-   ports:
-     - port: 6379
-       targetPort: redis
-       name: redis
-   selector:
-     app.kubernetes.io/instance: "release-name-synapse-redis"


@@ ServiceAccount/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_service_account.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ automountServiceAccountToken: false


@@ ServiceAccount/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_serviceaccount.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- automountServiceAccountToken: false

synapse-checkov-with-workers-values.yaml

@@ ConfigMap/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_configmap.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ data:
+   redis.conf: |
+     # Do not require a password
+     protected-mode no
+     port 6379
+ 
+     tcp-backlog 511
+     tcp-keepalive 300
+ 
+     # Never close the connection
+     timeout 0
+ 
+     # We run the redis in a container so disable both of these
+     daemonize no
+     supervised no
+ 
+     loglevel notice
+     logfile ''
+ 
+     databases 16
+     always-show-logo no
+     stop-writes-on-bgsave-error yes
+ 
+     # We never save to the disk
+     save ''
+ 
+     replica-serve-stale-data yes
+     replica-read-only yes
+     repl-diskless-sync no
+     repl-diskless-sync-delay 5
+     repl-diskless-load disabled
+     repl-disable-tcp-nodelay no
+     replica-priority 100
+     acllog-max-len 128
+ 
+     lazyfree-lazy-eviction no
+     lazyfree-lazy-expire no
+     lazyfree-lazy-server-del no
+     replica-lazy-flush no
+ 
+     lazyfree-lazy-user-del no
+ 
+     lazyfree-lazy-user-flush no
+     oom-score-adj no
+     oom-score-adj-values 0 200 800
+ 
+     disable-thp yes
+ 
+     appendonly no
+     appendfilename 'appendonly.aof'
+     appendfsync everysec
+ 
+     no-appendfsync-on-rewrite no
+ 
+     auto-aof-rewrite-percentage 100
+     auto-aof-rewrite-min-size 64mb
+     aof-load-truncated yes
+     aof-use-rdb-preamble yes
+     lua-time-limit 5000
+     slowlog-log-slower-than 10000
+     slowlog-max-len 128
+     latency-monitor-threshold 0
+     notify-keyspace-events ""
+     hash-max-ziplist-entries 512
+     hash-max-ziplist-value 64
+     list-max-ziplist-size -2
+     list-compress-depth 0
+     set-max-intset-entries 512
+     zset-max-ziplist-entries 128
+     zset-max-ziplist-value 64
+     hll-sparse-max-bytes 3000
+     stream-node-max-bytes 4096
+     stream-node-max-entries 100
+     activerehashing yes
+     client-output-buffer-limit normal 0 0 0
+     client-output-buffer-limit replica 256mb 64mb 60
+     client-output-buffer-limit pubsub 32mb 8mb 60
+ 
+     # Hz is the freuqency at which background tasks are performed, we keep this low to save CPU
+     hz 1
+ 
+     # The hz value is increased to scale with the number of clients connected.
+     dynamic-hz yes
+ 
+     aof-rewrite-incremental-fsync yes
+     rdb-save-incremental-fsync yes
+     jemalloc-bg-thread yes
+ 
+     maxmemory 40mb
+     maxmemory-policy allkeys-lru



@@ ConfigMap/ess-ci/release-name-synapse-hook - data.04-homeserver-overrides.yaml @@
  public_baseurl: https://synapse.ess.localhost/
  server_name: ess.localhost
  signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
  enable_metrics: true
  
  [59 lines unchanged)]
  
      port: 9093
  
  redis:
    enabled: true
-   host: "release-name-synapse-redis.ess-ci.svc.cluster.local."
+   host: "release-name-redis.ess-ci.svc.cluster.local."
  
  stream_writers:
    events:
    - release-name-synapse-event-persist-0


@@ ConfigMap/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_configmap.yaml
- apiVersion: v1
- kind: ConfigMap
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- data:
-   redis.conf: |
-     # Copyright 2025 New Vector Ltd
-     # Copyright 2025 Element Creations Ltd
-     # SPDX-License-Identifier: AGPL-3.0-only
- 
-     # This file is based upon https://raw.githubusercontent.com/redis/redis/6.2/redis.conf
- 
-     # Do not require a password
-     protected-mode no
-     port 6379
- 
-     tcp-backlog 511
-     tcp-keepalive 300
- 
-     # Never close the connection
-     timeout 0
- 
-     # We run the redis in a container so disable both of these
-     daemonize no
-     supervised no
- 
-     loglevel notice
-     logfile ''
- 
-     databases 16
-     always-show-logo no
-     stop-writes-on-bgsave-error yes
- 
-     # We never save to the disk
-     save ''
- 
-     replica-serve-stale-data yes
-     replica-read-only yes
-     repl-diskless-sync no
-     repl-diskless-sync-delay 5
-     repl-diskless-load disabled
-     repl-disable-tcp-nodelay no
-     replica-priority 100
-     acllog-max-len 128
- 
-     lazyfree-lazy-eviction no
-     lazyfree-lazy-expire no
-     lazyfree-lazy-server-del no
-     replica-lazy-flush no
- 
-     lazyfree-lazy-user-del no
- 
-     lazyfree-lazy-user-flush no
-     oom-score-adj no
-     oom-score-adj-values 0 200 800
- 
-     disable-thp yes
- 
-     appendonly no
-     appendfilename 'appendonly.aof'
-     appendfsync everysec
- 
-     no-appendfsync-on-rewrite no
- 
-     auto-aof-rewrite-percentage 100
-     auto-aof-rewrite-min-size 64mb
-     aof-load-truncated yes
-     aof-use-rdb-preamble yes
-     lua-time-limit 5000
-     slowlog-log-slower-than 10000
-     slowlog-max-len 128
-     latency-monitor-threshold 0
-     notify-keyspace-events ""
-     hash-max-ziplist-entries 512
-     hash-max-ziplist-value 64
-     list-max-ziplist-size -2
-     list-compress-depth 0
-     set-max-intset-entries 512
-     zset-max-ziplist-entries 128
-     zset-max-ziplist-value 64
-     hll-sparse-max-bytes 3000
-     stream-node-max-bytes 4096
-     stream-node-max-entries 100
-     activerehashing yes
-     client-output-buffer-limit normal 0 0 0
-     client-output-buffer-limit replica 256mb 64mb 60
-     client-output-buffer-limit pubsub 32mb 8mb 60
- 
-     # Hz is the freuqency at which background tasks are performed, we keep this low to save CPU
-     hz 1
- 
-     # The hz value is increased to scale with the number of clients connected.
-     dynamic-hz yes
- 
-     aof-rewrite-incremental-fsync yes
-     rdb-save-incremental-fsync yes
-     jemalloc-bg-thread yes



@@ ConfigMap/ess-ci/release-name-synapse - data.04-homeserver-overrides.yaml @@
  public_baseurl: https://synapse.ess.localhost/
  server_name: ess.localhost
  signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
  enable_metrics: true
  
  [59 lines unchanged)]
  
      port: 9093
  
  redis:
    enabled: true
-   host: "release-name-synapse-redis.ess-ci.svc.cluster.local."
+   host: "release-name-redis.ess-ci.svc.cluster.local."
  
  stream_writers:
    events:
    - release-name-synapse-event-persist-0


@@ Deployment/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   annotations:
+     checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
+     checkov.io/skip2: CKV_K8S_43=No digests
+     checkov.io/skip3: CKV2_K8S_6=No network policy yet
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+     k8s.element.io/redis-config-hash: "3034b3cfe78419348e36bb348fad98b46a736334"
+   name: release-name-redis
+   namespace: ess-ci
+ spec:
+   replicas: 1
+   selector:
+     matchLabels:
+       app.kubernetes.io/instance: release-name-redis
+   strategy:
+     type: RollingUpdate
+     rollingUpdate:
+       maxSurge: 2
+       maxUnavailable: 0
+   template:
+     metadata:
+       labels:
+         app.kubernetes.io/managed-by: Helm
+         app.kubernetes.io/part-of: matrix-stack
+         app.kubernetes.io/component: matrix-pubsub-small-cache
+         app.kubernetes.io/name: redis
+         app.kubernetes.io/instance: release-name-redis
+         app.kubernetes.io/version: "7.4-alpine"
+         k8s.element.io/redis-config-hash: "3034b3cfe78419348e36bb348fad98b46a736334"
+       annotations:
+         checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
+         checkov.io/skip2: CKV_K8S_43=No digests
+         checkov.io/skip3: CKV2_K8S_6=No network policy yet
+     spec:
+       automountServiceAccountToken: false
+       serviceAccountName: release-name-redis
+       securityContext:
+         fsGroup: 10002
+         runAsGroup: 10002
+         runAsNonRoot: true
+         runAsUser: 10002
+         seccompProfile:
+           type: RuntimeDefault
+         supplementalGroups: []
+       topologySpreadConstraints:
+         - labelSelector:
+             matchLabels:
+               app.kubernetes.io/instance: release-name-redis
+           matchLabelKeys:
+             - pod-template-hash
+           maxSkew: 1
+           topologyKey: kubernetes.io/hostname
+           whenUnsatisfiable: ScheduleAnyway
+       containers:
+         - name: redis
+           args:
+             - "/config/redis.conf"
+           image: "docker.io/library/redis:7.4-alpine"
+           imagePullPolicy: Always
+           securityContext:
+             allowPrivilegeEscalation: false
+             capabilities:
+               drop:
+                 - ALL
+             readOnlyRootFilesystem: true
+           ports:
+             - containerPort: 6379
+               name: redis
+               protocol: TCP
+           startupProbe:
+             failureThreshold: 5
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             tcpSocket:
+               port: redis
+           livenessProbe:
+             failureThreshold: 3
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             tcpSocket:
+               port: redis
+           readinessProbe:
+             failureThreshold: 3
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             exec:
+               command:
+                 - redis-cli
+                 - ping
+           resources:
+             limits:
+               memory: 50Mi
+             requests:
+               cpu: 50m
+               memory: 50Mi
+           volumeMounts:
+             - mountPath: /config/redis.conf
+               name: config
+               readOnly: true
+               subPath: redis.conf
+       restartPolicy: Always
+       volumes:
+         - configMap:
+             name: "release-name-redis"
+             defaultMode: 420
+           name: config


@@ Deployment/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_deployment.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
-   annotations:
-     checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
-     checkov.io/skip2: CKV_K8S_43=No digests
-     checkov.io/skip3: CKV2_K8S_6=No network policy yet
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-     k8s.element.io/redis-config-hash: "8188ad8e9a531f4667e5b2d53136dbc20499eacd"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- spec:
-   replicas: 1
-   selector:
-     matchLabels:
-       app.kubernetes.io/instance: release-name-synapse-redis
-   strategy:
-     type: RollingUpdate
-     rollingUpdate:
-       maxSurge: 2
-       maxUnavailable: 0
-   template:
-     metadata:
-       labels:
-         app.kubernetes.io/managed-by: Helm
-         app.kubernetes.io/part-of: matrix-stack
-         app.kubernetes.io/component: matrix-server-pubsub
-         app.kubernetes.io/name: synapse-redis
-         app.kubernetes.io/instance: release-name-synapse-redis
-         app.kubernetes.io/version: "7.4-alpine"
-         k8s.element.io/redis-config-hash: "8188ad8e9a531f4667e5b2d53136dbc20499eacd"
-       annotations:
-         checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
-         checkov.io/skip2: CKV_K8S_43=No digests
-         checkov.io/skip3: CKV2_K8S_6=No network policy yet
-     spec:
-       automountServiceAccountToken: false
-       serviceAccountName: release-name-synapse-redis
-       securityContext:
-         fsGroup: 10002
-         runAsGroup: 10002
-         runAsNonRoot: true
-         runAsUser: 10002
-         seccompProfile:
-           type: RuntimeDefault
-         supplementalGroups: []
-       topologySpreadConstraints:
-         - labelSelector:
-             matchLabels:
-               app.kubernetes.io/instance: release-name-synapse-redis
-           matchLabelKeys:
-             - pod-template-hash
-           maxSkew: 1
-           topologyKey: kubernetes.io/hostname
-           whenUnsatisfiable: ScheduleAnyway
-       containers:
-         - name: redis
-           args:
-             - "/config/redis.conf"
-           image: "docker.io/library/redis:7.4-alpine"
-           imagePullPolicy: Always
-           securityContext:
-             allowPrivilegeEscalation: false
-             capabilities:
-               drop:
-                 - ALL
-             readOnlyRootFilesystem: true
-           ports:
-             - containerPort: 6379
-               name: redis
-               protocol: TCP
-           startupProbe:
-             failureThreshold: 5
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             tcpSocket:
-               port: redis
-           livenessProbe:
-             failureThreshold: 3
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             tcpSocket:
-               port: redis
-           readinessProbe:
-             failureThreshold: 3
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             exec:
-               command:
-                 - redis-cli
-                 - ping
-           resources:
-             limits:
-               memory: 50Mi
-             requests:
-               cpu: 50m
-               memory: 50Mi
-           volumeMounts:
-             - mountPath: /config/redis.conf
-               name: config
-               readOnly: true
-               subPath: redis.conf
-       restartPolicy: Always
-       volumes:
-         - configMap:
-             name: "release-name-synapse-redis"
-             defaultMode: 420
-           name: config


@@ Service/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ spec:
+   ipFamilyPolicy: PreferDualStack
+   ports:
+     - port: 6379
+       targetPort: redis
+       name: redis
+   selector:
+     app.kubernetes.io/instance: "release-name-redis"


@@ Service/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_service.yaml
- apiVersion: v1
- kind: Service
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- spec:
-   ipFamilyPolicy: PreferDualStack
-   ports:
-     - port: 6379
-       targetPort: redis
-       name: redis
-   selector:
-     app.kubernetes.io/instance: "release-name-synapse-redis"


@@ ServiceAccount/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_service_account.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ automountServiceAccountToken: false


@@ ServiceAccount/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_serviceaccount.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- automountServiceAccountToken: false

synapse-worker-example-values.yaml

@@ ConfigMap/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_configmap.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ data:
+   redis.conf: |
+     # Do not require a password
+     protected-mode no
+     port 6379
+ 
+     tcp-backlog 511
+     tcp-keepalive 300
+ 
+     # Never close the connection
+     timeout 0
+ 
+     # We run the redis in a container so disable both of these
+     daemonize no
+     supervised no
+ 
+     loglevel notice
+     logfile ''
+ 
+     databases 16
+     always-show-logo no
+     stop-writes-on-bgsave-error yes
+ 
+     # We never save to the disk
+     save ''
+ 
+     replica-serve-stale-data yes
+     replica-read-only yes
+     repl-diskless-sync no
+     repl-diskless-sync-delay 5
+     repl-diskless-load disabled
+     repl-disable-tcp-nodelay no
+     replica-priority 100
+     acllog-max-len 128
+ 
+     lazyfree-lazy-eviction no
+     lazyfree-lazy-expire no
+     lazyfree-lazy-server-del no
+     replica-lazy-flush no
+ 
+     lazyfree-lazy-user-del no
+ 
+     lazyfree-lazy-user-flush no
+     oom-score-adj no
+     oom-score-adj-values 0 200 800
+ 
+     disable-thp yes
+ 
+     appendonly no
+     appendfilename 'appendonly.aof'
+     appendfsync everysec
+ 
+     no-appendfsync-on-rewrite no
+ 
+     auto-aof-rewrite-percentage 100
+     auto-aof-rewrite-min-size 64mb
+     aof-load-truncated yes
+     aof-use-rdb-preamble yes
+     lua-time-limit 5000
+     slowlog-log-slower-than 10000
+     slowlog-max-len 128
+     latency-monitor-threshold 0
+     notify-keyspace-events ""
+     hash-max-ziplist-entries 512
+     hash-max-ziplist-value 64
+     list-max-ziplist-size -2
+     list-compress-depth 0
+     set-max-intset-entries 512
+     zset-max-ziplist-entries 128
+     zset-max-ziplist-value 64
+     hll-sparse-max-bytes 3000
+     stream-node-max-bytes 4096
+     stream-node-max-entries 100
+     activerehashing yes
+     client-output-buffer-limit normal 0 0 0
+     client-output-buffer-limit replica 256mb 64mb 60
+     client-output-buffer-limit pubsub 32mb 8mb 60
+ 
+     # Hz is the freuqency at which background tasks are performed, we keep this low to save CPU
+     hz 1
+ 
+     # The hz value is increased to scale with the number of clients connected.
+     dynamic-hz yes
+ 
+     aof-rewrite-incremental-fsync yes
+     rdb-save-incremental-fsync yes
+     jemalloc-bg-thread yes
+ 
+     maxmemory 40mb
+     maxmemory-policy allkeys-lru



@@ ConfigMap/ess-ci/release-name-synapse-hook - data.04-homeserver-overrides.yaml @@
  public_baseurl: https://synapse.ess.localhost/
  server_name: ess.localhost
  signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
  enable_metrics: true
  
  [93 lines unchanged)]
  
      port: 9093
  
  redis:
    enabled: true
-   host: "release-name-synapse-redis.ess-ci.svc.cluster.local."
+   host: "release-name-redis.ess-ci.svc.cluster.local."
  
  stream_writers:
    account_data:
    - release-name-synapse-account-data-0
  
  [eleven lines unchanged)]
  
    receipts:
    - release-name-synapse-receipts-0
    typing:
    - release-name-synapse-typing-0


@@ ConfigMap/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_configmap.yaml
- apiVersion: v1
- kind: ConfigMap
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- data:
-   redis.conf: |
-     # Copyright 2025 New Vector Ltd
-     # Copyright 2025 Element Creations Ltd
-     # SPDX-License-Identifier: AGPL-3.0-only
- 
-     # This file is based upon https://raw.githubusercontent.com/redis/redis/6.2/redis.conf
- 
-     # Do not require a password
-     protected-mode no
-     port 6379
- 
-     tcp-backlog 511
-     tcp-keepalive 300
- 
-     # Never close the connection
-     timeout 0
- 
-     # We run the redis in a container so disable both of these
-     daemonize no
-     supervised no
- 
-     loglevel notice
-     logfile ''
- 
-     databases 16
-     always-show-logo no
-     stop-writes-on-bgsave-error yes
- 
-     # We never save to the disk
-     save ''
- 
-     replica-serve-stale-data yes
-     replica-read-only yes
-     repl-diskless-sync no
-     repl-diskless-sync-delay 5
-     repl-diskless-load disabled
-     repl-disable-tcp-nodelay no
-     replica-priority 100
-     acllog-max-len 128
- 
-     lazyfree-lazy-eviction no
-     lazyfree-lazy-expire no
-     lazyfree-lazy-server-del no
-     replica-lazy-flush no
- 
-     lazyfree-lazy-user-del no
- 
-     lazyfree-lazy-user-flush no
-     oom-score-adj no
-     oom-score-adj-values 0 200 800
- 
-     disable-thp yes
- 
-     appendonly no
-     appendfilename 'appendonly.aof'
-     appendfsync everysec
- 
-     no-appendfsync-on-rewrite no
- 
-     auto-aof-rewrite-percentage 100
-     auto-aof-rewrite-min-size 64mb
-     aof-load-truncated yes
-     aof-use-rdb-preamble yes
-     lua-time-limit 5000
-     slowlog-log-slower-than 10000
-     slowlog-max-len 128
-     latency-monitor-threshold 0
-     notify-keyspace-events ""
-     hash-max-ziplist-entries 512
-     hash-max-ziplist-value 64
-     list-max-ziplist-size -2
-     list-compress-depth 0
-     set-max-intset-entries 512
-     zset-max-ziplist-entries 128
-     zset-max-ziplist-value 64
-     hll-sparse-max-bytes 3000
-     stream-node-max-bytes 4096
-     stream-node-max-entries 100
-     activerehashing yes
-     client-output-buffer-limit normal 0 0 0
-     client-output-buffer-limit replica 256mb 64mb 60
-     client-output-buffer-limit pubsub 32mb 8mb 60
- 
-     # Hz is the freuqency at which background tasks are performed, we keep this low to save CPU
-     hz 1
- 
-     # The hz value is increased to scale with the number of clients connected.
-     dynamic-hz yes
- 
-     aof-rewrite-incremental-fsync yes
-     rdb-save-incremental-fsync yes
-     jemalloc-bg-thread yes



@@ ConfigMap/ess-ci/release-name-synapse - data.04-homeserver-overrides.yaml @@
  public_baseurl: https://synapse.ess.localhost/
  server_name: ess.localhost
  signing_key_path: /secrets/release-name-generated/SYNAPSE_SIGNING_KEY
  enable_metrics: true
  
  [93 lines unchanged)]
  
      port: 9093
  
  redis:
    enabled: true
-   host: "release-name-synapse-redis.ess-ci.svc.cluster.local."
+   host: "release-name-redis.ess-ci.svc.cluster.local."
  
  stream_writers:
    account_data:
    - release-name-synapse-account-data-0
  
  [eleven lines unchanged)]
  
    receipts:
    - release-name-synapse-receipts-0
    typing:
    - release-name-synapse-typing-0


@@ Deployment/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+     k8s.element.io/redis-config-hash: "3034b3cfe78419348e36bb348fad98b46a736334"
+   name: release-name-redis
+   namespace: ess-ci
+ spec:
+   replicas: 1
+   selector:
+     matchLabels:
+       app.kubernetes.io/instance: release-name-redis
+   strategy:
+     type: RollingUpdate
+     rollingUpdate:
+       maxSurge: 2
+       maxUnavailable: 0
+   template:
+     metadata:
+       labels:
+         app.kubernetes.io/managed-by: Helm
+         app.kubernetes.io/part-of: matrix-stack
+         app.kubernetes.io/component: matrix-pubsub-small-cache
+         app.kubernetes.io/name: redis
+         app.kubernetes.io/instance: release-name-redis
+         app.kubernetes.io/version: "7.4-alpine"
+         k8s.element.io/redis-config-hash: "3034b3cfe78419348e36bb348fad98b46a736334"
+     spec:
+       automountServiceAccountToken: false
+       serviceAccountName: release-name-redis
+       securityContext:
+         fsGroup: 10002
+         runAsGroup: 10002
+         runAsNonRoot: true
+         runAsUser: 10002
+         seccompProfile:
+           type: RuntimeDefault
+         supplementalGroups: []
+       topologySpreadConstraints:
+         - labelSelector:
+             matchLabels:
+               app.kubernetes.io/instance: release-name-redis
+           matchLabelKeys:
+             - pod-template-hash
+           maxSkew: 1
+           topologyKey: kubernetes.io/hostname
+           whenUnsatisfiable: ScheduleAnyway
+       containers:
+         - name: redis
+           args:
+             - "/config/redis.conf"
+           image: "docker.io/library/redis:7.4-alpine"
+           imagePullPolicy: Always
+           securityContext:
+             allowPrivilegeEscalation: false
+             capabilities:
+               drop:
+                 - ALL
+             readOnlyRootFilesystem: true
+           ports:
+             - containerPort: 6379
+               name: redis
+               protocol: TCP
+           startupProbe:
+             failureThreshold: 5
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             tcpSocket:
+               port: redis
+           livenessProbe:
+             failureThreshold: 3
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             tcpSocket:
+               port: redis
+           readinessProbe:
+             failureThreshold: 3
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+             exec:
+               command:
+                 - redis-cli
+                 - ping
+           resources:
+             limits:
+               memory: 50Mi
+             requests:
+               cpu: 50m
+               memory: 50Mi
+           volumeMounts:
+             - mountPath: /config/redis.conf
+               name: config
+               readOnly: true
+               subPath: redis.conf
+       restartPolicy: Always
+       volumes:
+         - configMap:
+             name: "release-name-redis"
+             defaultMode: 420
+           name: config


@@ Deployment/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_deployment.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-     k8s.element.io/redis-config-hash: "8188ad8e9a531f4667e5b2d53136dbc20499eacd"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- spec:
-   replicas: 1
-   selector:
-     matchLabels:
-       app.kubernetes.io/instance: release-name-synapse-redis
-   strategy:
-     type: RollingUpdate
-     rollingUpdate:
-       maxSurge: 2
-       maxUnavailable: 0
-   template:
-     metadata:
-       labels:
-         app.kubernetes.io/managed-by: Helm
-         app.kubernetes.io/part-of: matrix-stack
-         app.kubernetes.io/component: matrix-server-pubsub
-         app.kubernetes.io/name: synapse-redis
-         app.kubernetes.io/instance: release-name-synapse-redis
-         app.kubernetes.io/version: "7.4-alpine"
-         k8s.element.io/redis-config-hash: "8188ad8e9a531f4667e5b2d53136dbc20499eacd"
-     spec:
-       automountServiceAccountToken: false
-       serviceAccountName: release-name-synapse-redis
-       securityContext:
-         fsGroup: 10002
-         runAsGroup: 10002
-         runAsNonRoot: true
-         runAsUser: 10002
-         seccompProfile:
-           type: RuntimeDefault
-         supplementalGroups: []
-       topologySpreadConstraints:
-         - labelSelector:
-             matchLabels:
-               app.kubernetes.io/instance: release-name-synapse-redis
-           matchLabelKeys:
-             - pod-template-hash
-           maxSkew: 1
-           topologyKey: kubernetes.io/hostname
-           whenUnsatisfiable: ScheduleAnyway
-       containers:
-         - name: redis
-           args:
-             - "/config/redis.conf"
-           image: "docker.io/library/redis:7.4-alpine"
-           imagePullPolicy: Always
-           securityContext:
-             allowPrivilegeEscalation: false
-             capabilities:
-               drop:
-                 - ALL
-             readOnlyRootFilesystem: true
-           ports:
-             - containerPort: 6379
-               name: redis
-               protocol: TCP
-           startupProbe:
-             failureThreshold: 5
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             tcpSocket:
-               port: redis
-           livenessProbe:
-             failureThreshold: 3
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             tcpSocket:
-               port: redis
-           readinessProbe:
-             failureThreshold: 3
-             periodSeconds: 10
-             successThreshold: 1
-             timeoutSeconds: 1
-             exec:
-               command:
-                 - redis-cli
-                 - ping
-           resources:
-             limits:
-               memory: 50Mi
-             requests:
-               cpu: 50m
-               memory: 50Mi
-           volumeMounts:
-             - mountPath: /config/redis.conf
-               name: config
-               readOnly: true
-               subPath: redis.conf
-       restartPolicy: Always
-       volumes:
-         - configMap:
-             name: "release-name-synapse-redis"
-             defaultMode: 420
-           name: config


@@ Service/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ spec:
+   ipFamilyPolicy: PreferDualStack
+   ports:
+     - port: 6379
+       targetPort: redis
+       name: redis
+   selector:
+     app.kubernetes.io/instance: "release-name-redis"


@@ Service/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_service.yaml
- apiVersion: v1
- kind: Service
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- spec:
-   ipFamilyPolicy: PreferDualStack
-   ports:
-     - port: 6379
-       targetPort: redis
-       name: redis
-   selector:
-     app.kubernetes.io/instance: "release-name-synapse-redis"


@@ ServiceAccount/ess-ci/release-name-redis @@
+ ---
+ # Source: matrix-stack/templates/redis/redis_service_account.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   labels:
+     helm.sh/chart: "matrix-stack-26.1.1-dev"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/part-of: matrix-stack
+     app.kubernetes.io/component: matrix-pubsub-small-cache
+     app.kubernetes.io/name: redis
+     app.kubernetes.io/instance: release-name-redis
+     app.kubernetes.io/version: "7.4-alpine"
+   name: release-name-redis
+   namespace: ess-ci
+ automountServiceAccountToken: false


@@ ServiceAccount/ess-ci/release-name-synapse-redis @@
- ---
- # Source: matrix-stack/templates/synapse/redis_serviceaccount.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   labels:
-     helm.sh/chart: "matrix-stack-26.1.1-dev"
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/part-of: matrix-stack
-     app.kubernetes.io/component: matrix-server-pubsub
-     app.kubernetes.io/name: synapse-redis
-     app.kubernetes.io/instance: release-name-synapse-redis
-     app.kubernetes.io/version: "7.4-alpine"
-   name: release-name-synapse-redis
-   namespace: ess-ci
- automountServiceAccountToken: false

charts/matrix-stack/ci/pytest-matrix-authentication-service-syn2mas-values.yaml

newsfragments/972.changed.md

charts/matrix-stack/templates/redis/_helpers.tpl

charts/matrix-stack/configs/redis/redis.conf.tpl

newsfragments/972.removed.md

- We are going to re-use the same redis with no persistence for multiple components in the near future (hookshot, synapse)

charts/matrix-stack/templates/redis/_helpers.tpl

charts/matrix-stack/source/redis.yaml.j2

- Also changes redis label to present the small-cache feature - Make redis.conf a helm template

- highlight that redis is top-level now - Move values change to a subparagraph Co-authored-by: Ben Banfield-Zanin <[email protected]>

gaelgatelement requested a review from a team as a code owner January 16, 2026 08:51

gaelgatelement force-pushed the gaelg/redis-shared-component branch from a6b4848 to 3e56335 Compare January 16, 2026 08:52

benbz reviewed Jan 16, 2026

View reviewed changes

charts/matrix-stack/ci/pytest-matrix-authentication-service-syn2mas-values.yaml Show resolved Hide resolved

newsfragments/972.changed.md Outdated Show resolved Hide resolved

charts/matrix-stack/templates/redis/_helpers.tpl Outdated Show resolved Hide resolved

gaelgatelement force-pushed the gaelg/redis-shared-component branch 2 times, most recently from 31e813b to 052f5c7 Compare January 16, 2026 10:31

benbz reviewed Jan 16, 2026

View reviewed changes

charts/matrix-stack/configs/redis/redis.conf.tpl Show resolved Hide resolved

benbz reviewed Jan 16, 2026

View reviewed changes

newsfragments/972.removed.md Outdated Show resolved Hide resolved

redis: move redis to a shared instance

ab5f556

- We are going to re-use the same redis with no persistence for multiple components in the near future (hookshot, synapse)

gaelgatelement force-pushed the gaelg/redis-shared-component branch from 63f3331 to 86189fe Compare January 16, 2026 11:13

benbz reviewed Jan 16, 2026

View reviewed changes

charts/matrix-stack/templates/redis/_helpers.tpl Outdated Show resolved Hide resolved

charts/matrix-stack/source/redis.yaml.j2 Show resolved Hide resolved

gaelgatelement force-pushed the gaelg/redis-shared-component branch 2 times, most recently from 8558668 to 74c6c90 Compare January 16, 2026 11:17

gaelgatelement and others added 2 commits January 16, 2026 12:20

redis: make cache maxmemory configurable

204f707

- Also changes redis label to present the small-cache feature - Make redis.conf a helm template

Enhance redis change newsfragments

dd53605

- highlight that redis is top-level now - Move values change to a subparagraph Co-authored-by: Ben Banfield-Zanin <[email protected]>

gaelgatelement force-pushed the gaelg/redis-shared-component branch from 74c6c90 to dd53605 Compare January 16, 2026 11:20

benbz approved these changes Jan 16, 2026

View reviewed changes

gaelgatelement merged commit 3a260e6 into main Jan 16, 2026
74 checks passed

gaelgatelement deleted the gaelg/redis-shared-component branch January 16, 2026 11:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

redis: move redis to a shared instance #972

redis: move redis to a shared instance #972

Uh oh!

gaelgatelement commented Jan 16, 2026

Uh oh!

github-actions bot commented Jan 16, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

redis: move redis to a shared instance #972

redis: move redis to a shared instance #972

Uh oh!

Conversation

gaelgatelement commented Jan 16, 2026

Uh oh!

github-actions bot commented Jan 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

dyff of changes in rendered templates of CI manifests

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

github-actions bot commented Jan 16, 2026 •

edited

Loading