diff --git a/TEST.md b/TEST.md index 7a4f1fa8..20e8dfa5 100644 --- a/TEST.md +++ b/TEST.md @@ -23,7 +23,7 @@ helm plugin install https://github.com/helm-unittest/helm-unittest Once the plugin is installed, you can run the unit tests using the following: ```bash -helm unittest --helm3 ./charts/sourcegraph/. +helm unittest ./charts/sourcegraph ``` We currently do not have testing best practices or require unit tests for new changes, so add test cases at your best judgement if possible. @@ -59,7 +59,7 @@ Make sure you test both enabled and disabled toggles. For example, if you added You have two options to target specificy Sourcegraph version. Add the below to your `override.yaml`: ```yaml -sourcegraph: +sourcegraph: image: defaultTag: "6.10.0" useGlobalTagAsDefault: true diff --git a/charts/sourcegraph-executor/dind/Chart.yaml b/charts/sourcegraph-executor/dind/Chart.yaml index 537f5b5d..488fa026 100644 --- a/charts/sourcegraph-executor/dind/Chart.yaml +++ b/charts/sourcegraph-executor/dind/Chart.yaml @@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico type: application # Chart version, separate from Sourcegraph -version: "5.11.0" +version: "6.11.1446" # Version of Sourcegraph release -appVersion: "5.11.0" +appVersion: "6.11.1446" diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md index 71555791..2148c0e2 100644 --- a/charts/sourcegraph-executor/dind/README.md +++ b/charts/sourcegraph-executor/dind/README.md @@ -60,7 +60,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.env.EXECUTOR_FRONTEND_URL | object | `{"value":""}` | The external URL of the Sourcegraph instance. Required. | | executor.env.EXECUTOR_QUEUE_NAME | object | `{"value":""}` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAMES is required.** | | executor.env.EXECUTOR_QUEUE_NAMES | object | `{"value":""}` | The comma-separated list of names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAME is required.** | -| executor.image.defaultTag | string | `"6.0.0@sha256:0be94a7c91f8273db10fdf46718c6596340ab2acc570e7b85353806e67a27508"` | | +| executor.image.defaultTag | string | `"6.11.1446@sha256:db752a634601a4dac2ac19bc0a520720f29e7460aeb84d66e69b976e6cbd8baa"` | | | executor.image.name | string | `"executor"` | | | executor.replicaCount | int | `1` | | | privateDockerRegistry.enabled | bool | `true` | Whether to deploy the private registry. Only one registry is needed when deploying multiple executors. More information: https://docs.sourcegraph.com/admin/executors/deploy_executors#using-private-registries | @@ -71,7 +71,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"us-docker.pkg.dev/sourcegraph-images/internal"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | @@ -79,6 +79,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.nodeSelector | object | `{}` | NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | | sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods | | sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods | +| sourcegraph.priorityClassName | string | `""` | Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) | | sourcegraph.tolerations | list | `[]` | Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | storageClass.allowedTopologies | object | `{}` | Persistent volumes topology configuration, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#allowed-topologies) | | storageClass.create | bool | `false` | Enable creation of storageClass. Defaults to Google Cloud Platform. Disable if you have your own existing storage class | diff --git a/charts/sourcegraph-executor/dind/templates/_helpers/_priorityClassName.tpl b/charts/sourcegraph-executor/dind/templates/_helpers/_priorityClassName.tpl new file mode 100644 index 00000000..edff6746 --- /dev/null +++ b/charts/sourcegraph-executor/dind/templates/_helpers/_priorityClassName.tpl @@ -0,0 +1,20 @@ +{{/* + +Allow customers to assign a priorityClassName to all resources which create pods (ex. DaemonSets, Deployments, StatefulSets) + +Customers can configure an instance-wide default priorty class name at .Values.sourcegraph.priorityClassName, +and can override it for individual services, if needed, at .Values..priorityClassName + +*/}} + +{{- define "sourcegraph.priorityClassName" -}} +{{- $top := index . 0 }} +{{- $service := index . 1 }} +{{- $globalPriorityClassName := (index $top.Values "sourcegraph" "priorityClassName") }} +{{- $servicePriorityClassName := (index $top.Values $service "priorityClassName") }} +{{- if $servicePriorityClassName }} +priorityClassName: {{ $servicePriorityClassName | toYaml | trim }} +{{- else if $globalPriorityClassName }} +priorityClassName: {{ $globalPriorityClassName | toYaml | trim }} +{{- end }} +{{- end }} diff --git a/charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml b/charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml index 9570283d..06948149 100644 --- a/charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml +++ b/charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml @@ -130,6 +130,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with include "sourcegraph.priorityClassName" (list . "executor") | trim }}{{ . | nindent 6 }}{{- end }} {{- with .Values.sourcegraph.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml b/charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml index 257dae57..32554be6 100644 --- a/charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml +++ b/charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml @@ -74,6 +74,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with include "sourcegraph.priorityClassName" (list . "privateDockerRegistry") | trim }}{{ . | nindent 6 }}{{- end }} {{- with .Values.sourcegraph.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml index bd2c345d..814e9c62 100644 --- a/charts/sourcegraph-executor/dind/values.yaml +++ b/charts/sourcegraph-executor/dind/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: index.docker.io/sourcegraph + repository: us-docker.pkg.dev/sourcegraph-images/internal # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -30,6 +30,8 @@ sourcegraph: podAnnotations: {} # -- Add extra labels to attach to all pods podLabels: {} + # -- Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) + priorityClassName: "" storageClass: @@ -55,7 +57,7 @@ storageClass: executor: enabled: true image: - defaultTag: 6.0.0@sha256:0be94a7c91f8273db10fdf46718c6596340ab2acc570e7b85353806e67a27508 + defaultTag: 6.11.1446@sha256:db752a634601a4dac2ac19bc0a520720f29e7460aeb84d66e69b976e6cbd8baa name: "executor" replicaCount: 1 env: diff --git a/charts/sourcegraph-executor/k8s/Chart.yaml b/charts/sourcegraph-executor/k8s/Chart.yaml index 9dae46f9..292da1a9 100644 --- a/charts/sourcegraph-executor/k8s/Chart.yaml +++ b/charts/sourcegraph-executor/k8s/Chart.yaml @@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico type: application # Chart version, separate from Sourcegraph -version: "5.11.0" +version: "6.11.1446" # Version of Sourcegraph release -appVersion: "5.11.0" +appVersion: "6.11.1446" diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md index 4258c745..c808f31b 100644 --- a/charts/sourcegraph-executor/k8s/README.md +++ b/charts/sourcegraph-executor/k8s/README.md @@ -60,16 +60,16 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.extraEnv | string | `nil` | Sets extra environment variables on the executor deployment. See `values.yaml` for the format. | | executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. | | executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. | -| executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. | -| executor.image.defaultTag | string | `"6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65"` | | +| executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. | +| executor.image.defaultTag | string | `"6.11.1446@sha256:bfbdeec143589c84fa4470d34d732c0d0018dc3274d34ab97aef3d7e6443f1fb"` | | | executor.image.name | string | `"executor-kubernetes"` | | | executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. | | executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. | -| executor.kubernetesJob.fsGroup | string | `"1000"` | The group ID which is set on the job PVC file system. | -| executor.kubernetesJob.node.name | string | `""` | The name of the Kubernetes Node to create job pods on. If not specified, the pods are created on the first available node. | +| executor.kubernetesJob.fsGroup | string | `"1000"` | The group ID which is set on the job PVC file system. | +| executor.kubernetesJob.node.name | string | `""` | The name of the Kubernetes Node to create job pods on. If not specified, the pods are created on the first available node. | | executor.kubernetesJob.node.requiredAffinityMatchExpressions | string | `""` | The JSON encoded required affinity match expressions for Kubernetes Jobs. e.g. '[{\"key\":\"foo\",\"operator\":\"In\",\"values\":[\"bar\"]}]' | | executor.kubernetesJob.node.requiredAffinityMatchFields | string | `""` | The JSON encoded required affinity match fields for Kubernetes Jobs. e.g. '[{\"key\":\"foo\",\"operator\":\"In\",\"values\":[\"bar\"]}]' | -| executor.kubernetesJob.node.selector | string | `""` | A comma separated list of values to use as a node selector for Kubernetes Jobs. e.g. `foo=bar,app=my-app` | +| executor.kubernetesJob.node.selector | string | `""` | A comma separated list of values to use as a node selector for Kubernetes Jobs. e.g. `foo=bar,app=my-app` | | executor.kubernetesJob.node.tolerations | string | `""` | The JSON encoded tolerations for Kubernetes Jobs. e.g. '[{\"key\":\"foo\",\"operator\":\"Equal\",\"value\":\"bar\",\"effect\":\"NoSchedule\"}]' | | executor.kubernetesJob.pod.affinity | string | `""` | The JSON encoded pod affinity for Kubernetes Jobs. e.g. '[{\"labelSelector\": {\"matchExpressions\": [{\"key\": \"foo\",\"operator\": \"In\",\"values\": [\"bar\"]}]},\"topologyKey\": \"kubernetes.io/hostname\"}]' | | executor.kubernetesJob.pod.antiAffinity | string | `""` | The JSON encoded pod anti-affinity for Kubernetes Jobs. e.g. '[{\"labelSelector\": {\"matchExpressions\": [{\"key\": \"foo\",\"operator\": \"In\",\"values\": [\"bar\"]}]},\"topologyKey\": \"kubernetes.io/hostname\"}]' | @@ -99,7 +99,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"us-docker.pkg.dev/sourcegraph-images/internal"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | @@ -108,6 +108,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.nodeSelector | object | `{}` | NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | | sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods | | sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods | +| sourcegraph.priorityClassName | string | `""` | Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) | | sourcegraph.tolerations | list | `[]` | Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | storageClass.allowedTopologies | object | `{}` | Persistent volumes topology configuration, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#allowed-topologies) | | storageClass.create | bool | `false` | Enable creation of storageClass. Defaults to Google Cloud Platform. Disable if you have your own existing storage class | diff --git a/charts/sourcegraph-executor/k8s/templates/_helpers/_priorityClassName.tpl b/charts/sourcegraph-executor/k8s/templates/_helpers/_priorityClassName.tpl new file mode 100644 index 00000000..edff6746 --- /dev/null +++ b/charts/sourcegraph-executor/k8s/templates/_helpers/_priorityClassName.tpl @@ -0,0 +1,20 @@ +{{/* + +Allow customers to assign a priorityClassName to all resources which create pods (ex. DaemonSets, Deployments, StatefulSets) + +Customers can configure an instance-wide default priorty class name at .Values.sourcegraph.priorityClassName, +and can override it for individual services, if needed, at .Values..priorityClassName + +*/}} + +{{- define "sourcegraph.priorityClassName" -}} +{{- $top := index . 0 }} +{{- $service := index . 1 }} +{{- $globalPriorityClassName := (index $top.Values "sourcegraph" "priorityClassName") }} +{{- $servicePriorityClassName := (index $top.Values $service "priorityClassName") }} +{{- if $servicePriorityClassName }} +priorityClassName: {{ $servicePriorityClassName | toYaml | trim }} +{{- else if $globalPriorityClassName }} +priorityClassName: {{ $globalPriorityClassName | toYaml | trim }} +{{- end }} +{{- end }} diff --git a/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml b/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml index dd33bdf9..4fa52c64 100644 --- a/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml +++ b/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml @@ -99,6 +99,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with include "sourcegraph.priorityClassName" (list . "executor") | trim }}{{ . | nindent 6 }}{{- end }} {{- with .Values.executor.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml index 11af2cb4..07cd90a0 100644 --- a/charts/sourcegraph-executor/k8s/values.yaml +++ b/charts/sourcegraph-executor/k8s/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: index.docker.io/sourcegraph + repository: us-docker.pkg.dev/sourcegraph-images/internal # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -32,6 +32,8 @@ sourcegraph: podAnnotations: { } # -- Add extra labels to attach to all pods podLabels: { } + # -- Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) + priorityClassName: "" storageClass: @@ -59,7 +61,7 @@ executor: configureRbac: true replicas: 1 image: - defaultTag: 6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65 + defaultTag: 6.11.1446@sha256:bfbdeec143589c84fa4470d34d732c0d0018dc3274d34ab97aef3d7e6443f1fb name: "executor-kubernetes" resources: limits: @@ -68,7 +70,7 @@ executor: requests: cpu: 500m memory: 200Mi - # -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). + # -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). # This will avoid unnecessary network charges as traffic will stay within the local network. frontendUrl: "" # -- Name of existing k8s Secret to use for frontend password @@ -86,13 +88,13 @@ executor: maximumNumJobs: 10 # - The maximum wall time that can be spent on a single job. maximumRuntimePerJob: "30m" - + log: # -- Possible values are `dbug`, `info`, `warn`, `eror`, `crit`. level: "warn" format: "condensed" trace: "false" - + # -- The storage size of the PVC attached to the executor deployment. storageSize: 10Gi # -- The namespace in which jobs are generated by the executor. @@ -102,24 +104,24 @@ executor: # -- The containerSecurityContext for the executor image securityContext: # @default -- nil; accepts [0, 2147483647] - runAsUser: + runAsUser: # @default -- nil; accepts [0, 2147483647] - runAsGroup: + runAsGroup: # @default -- nil; accepts [0, 2147483647] fsGroup: # @default -- false; accepts [true, false] privileged: false - + kubernetesJob: # -- The number of seconds after which a Kubernetes job will be terminated. deadline: "1200" # -- (int) The user ID to run Kubernetes jobs as. # @default -- `nil`; accepts [0, 2147483647] - runAsUser: + runAsUser: # -- (int) The group ID to run Kubernetes jobs as. # @default -- `nil`; accepts [0, 2147483647] - runAsGroup: - # -- The group ID which is set on the job PVC file system. + runAsGroup: + # -- The group ID which is set on the job PVC file system. fsGroup: "1000" resources: requests: @@ -132,11 +134,11 @@ executor: cpu: "" # -- The maximum memory for a job. memory: "12Gi" - + node: - # -- The name of the Kubernetes Node to create job pods on. If not specified, the pods are created on the first available node. + # -- The name of the Kubernetes Node to create job pods on. If not specified, the pods are created on the first available node. name: "" - # -- A comma separated list of values to use as a node selector for Kubernetes Jobs. e.g. `foo=bar,app=my-app` + # -- A comma separated list of values to use as a node selector for Kubernetes Jobs. e.g. `foo=bar,app=my-app` selector: "" # -- The JSON encoded tolerations for Kubernetes Jobs. e.g. '[{\"key\":\"foo\",\"operator\":\"Equal\",\"value\":\"bar\",\"effect\":\"NoSchedule\"}]' tolerations: "" @@ -150,28 +152,28 @@ executor: affinity: "" # -- The JSON encoded pod anti-affinity for Kubernetes Jobs. e.g. '[{\"labelSelector\": {\"matchExpressions\": [{\"key\": \"foo\",\"operator\": \"In\",\"values\": [\"bar\"]}]},\"topologyKey\": \"kubernetes.io/hostname\"}]' antiAffinity: "" - + debug: # -- If true, Kubernetes jobs will not be deleted after they complete. Not recommended for production use as it can hit cluster limits. keepJobs: "false" keepWorkspaces: "false" - + # -- Affinity, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) affinity: { } - + # -- NodeSelector, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) nodeSelector: { } - + # -- Tolerations, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) tolerations: [ ] - + # -- Sets extra environment variables on the executor deployment. See `values.yaml` for the format. extraEnv: # - name: MY_ENV # value: my_value - + # -- For local deployments the host is 'host.docker.internal' and this needs to be true dockerAddHostGateway: "false" diff --git a/charts/sourcegraph-migrator/Chart.yaml b/charts/sourcegraph-migrator/Chart.yaml index 9ad6613d..c9769c17 100644 --- a/charts/sourcegraph-migrator/Chart.yaml +++ b/charts/sourcegraph-migrator/Chart.yaml @@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico type: application # Chart version, separate from Sourcegraph -version: "5.11.0" +version: "6.11.1446" # Version of Sourcegraph release -appVersion: "5.11.0" +appVersion: "6.11.1446" diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md index cad56823..46204ddf 100644 --- a/charts/sourcegraph-migrator/README.md +++ b/charts/sourcegraph-migrator/README.md @@ -42,7 +42,7 @@ You should consult the list of available [migrator commands]. Below is some exam - Perform initial migrations against external PostgreSQL databases prior to the Sourcegraph deployment ```sh -helm upgrade --install -f --version 5.11.0 sg-migrator sourcegraph/sourcegraph-migrator +helm upgrade --install -f --version 6.11.1446 sg-migrator sourcegraph/sourcegraph-migrator ``` ### Add a migration log entry @@ -52,7 +52,7 @@ helm upgrade --install -f --version 5.11.0 sg-migrator Add an entry to the migration log after a site administrator has explicitly applied the contents of a migration file, learn more about troubleshooting a [dirty database]. ```sh -helm upgrade --install -f --set "migrator.args={add-log,-db=frontend,-version=1528395834}" --version 5.11.0 sg-migrator sourcegraph/sourcegraph-migrator +helm upgrade --install -f --set "migrator.args={add-log,-db=frontend,-version=1528395834}" --version 6.11.1446 sg-migrator sourcegraph/sourcegraph-migrator ``` ## Rendering manifests for kubectl deployment @@ -80,7 +80,7 @@ In addition to the documented values, the `migrator` service also supports the f | migrator.args | list | `["up","-db=all"]` | Override default `migrator` container args Available commands can be found at https://docs.sourcegraph.com/admin/how-to/manual_database_migrations | | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"6.11.1446@sha256:bc34a2b099cfa36e930f37a20356f51a52c0c2c6cc0dffd0e47539722bd5fa9f"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | pgsql.auth.existingSecret | string | `""` | Name of existing secret to use for pgsql credentials This should match the setting in the sourcegraph chart values | @@ -88,7 +88,7 @@ In addition to the documented values, the `migrator` service also supports the f | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"us-docker.pkg.dev/sourcegraph-images/internal"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | @@ -96,6 +96,7 @@ In addition to the documented values, the `migrator` service also supports the f | sourcegraph.nodeSelector | object | `{}` | NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | | sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods | | sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods | +| sourcegraph.priorityClassName | string | `""` | Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) | | sourcegraph.tolerations | list | `[]` | Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ## Troubleshooting diff --git a/charts/sourcegraph-migrator/templates/_helpers/_priorityClassName.tpl b/charts/sourcegraph-migrator/templates/_helpers/_priorityClassName.tpl new file mode 100644 index 00000000..edff6746 --- /dev/null +++ b/charts/sourcegraph-migrator/templates/_helpers/_priorityClassName.tpl @@ -0,0 +1,20 @@ +{{/* + +Allow customers to assign a priorityClassName to all resources which create pods (ex. DaemonSets, Deployments, StatefulSets) + +Customers can configure an instance-wide default priorty class name at .Values.sourcegraph.priorityClassName, +and can override it for individual services, if needed, at .Values..priorityClassName + +*/}} + +{{- define "sourcegraph.priorityClassName" -}} +{{- $top := index . 0 }} +{{- $service := index . 1 }} +{{- $globalPriorityClassName := (index $top.Values "sourcegraph" "priorityClassName") }} +{{- $servicePriorityClassName := (index $top.Values $service "priorityClassName") }} +{{- if $servicePriorityClassName }} +priorityClassName: {{ $servicePriorityClassName | toYaml | trim }} +{{- else if $globalPriorityClassName }} +priorityClassName: {{ $globalPriorityClassName | toYaml | trim }} +{{- end }} +{{- end }} diff --git a/charts/sourcegraph-migrator/templates/migrator/sourcegraph-migrator.Job.yaml b/charts/sourcegraph-migrator/templates/migrator/sourcegraph-migrator.Job.yaml index 9c06be82..c77ec3b3 100644 --- a/charts/sourcegraph-migrator/templates/migrator/sourcegraph-migrator.Job.yaml +++ b/charts/sourcegraph-migrator/templates/migrator/sourcegraph-migrator.Job.yaml @@ -68,6 +68,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with include "sourcegraph.priorityClassName" (list . "migrator") | trim }}{{ . | nindent 6 }}{{- end }} {{- with .Values.sourcegraph.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml index 20f30df7..198ea257 100644 --- a/charts/sourcegraph-migrator/values.yaml +++ b/charts/sourcegraph-migrator/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: index.docker.io/sourcegraph + repository: us-docker.pkg.dev/sourcegraph-images/internal # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -30,6 +30,8 @@ sourcegraph: podAnnotations: {} # -- Add extra labels to attach to all pods podLabels: {} + # -- Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) + priorityClassName: "" # Generic application configuration options, used by most applications below @@ -102,7 +104,7 @@ pgsql: migrator: image: # -- Docker image tag for the `migrator` image - defaultTag: 6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc + defaultTag: 6.11.1446@sha256:bc34a2b099cfa36e930f37a20356f51a52c0c2c6cc0dffd0e47539722bd5fa9f # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container diff --git a/charts/sourcegraph/Chart.yaml b/charts/sourcegraph/Chart.yaml index 898e9e67..e314b98d 100644 --- a/charts/sourcegraph/Chart.yaml +++ b/charts/sourcegraph/Chart.yaml @@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico type: application # Chart version, separate from Sourcegraph -version: "5.11.0" +version: "6.11.1446" # Version of Sourcegraph release -appVersion: "5.11.0" +appVersion: "6.11.1446" diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index b30d4d0d..5f234acb 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -28,12 +28,12 @@ In addition to the documented values, all services also support the following va | Key | Type | Default | Description | |-----|------|---------|-------------| | alpine.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| alpine.image.defaultTag | string | `"6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df"` | Docker image tag for the `alpine` image | +| alpine.image.defaultTag | string | `"6.11.1446@sha256:be22c5fbfdccbd2446118593d509da6d396d3616c6f3d70955608db360c6734b"` | Docker image tag for the `alpine` image | | alpine.image.name | string | `"alpine-3.14"` | Docker image name for the `alpine` image | | alpine.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | blobstore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | blobstore.enabled | bool | `true` | Enable `blobstore` (S3 compatible storage) | -| blobstore.image.defaultTag | string | `"6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5"` | Docker image tag for the `blobstore` image | +| blobstore.image.defaultTag | string | `"6.11.1446@sha256:7b859351e148787c0833eac547fb243819f112c3223438f5a148f51dcd06e76a"` | Docker image tag for the `blobstore` image | | blobstore.image.name | string | `"blobstore"` | Docker image name for the `blobstore` image | | blobstore.name | string | `"blobstore"` | Name used by resources. Does not affect service names or PVCs. | | blobstore.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -43,7 +43,7 @@ In addition to the documented values, all services also support the following va | blobstore.storageSize | string | `"100Gi"` | PVC Storage Request for `blobstore` data volume | | cadvisor.containerSecurityContext | object | `{"privileged":true}` | Security context for the `cadvisor` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | cadvisor.enabled | bool | `true` | Enable `cadvisor` | -| cadvisor.image.defaultTag | string | `"6.0.0@sha256:48082a2822a727e22c556ae2c3bae5f5bf4528c7b462efc3c085271ee5145be8"` | Docker image tag for the `cadvisor` image | +| cadvisor.image.defaultTag | string | `"6.11.1446@sha256:3f31878c8e57c9b5caa56ec10c130f912a54bf3f5d876fc0c0c057963acee88e"` | Docker image tag for the `cadvisor` image | | cadvisor.image.name | string | `"cadvisor"` | Docker image name for the `cadvisor` image | | cadvisor.name | string | `"cadvisor"` | Name used by resources. Does not affect service names or PVCs. | | cadvisor.podSecurityPolicy.enabled | bool | `false` | Enable [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for `cadvisor` pods | @@ -62,7 +62,7 @@ In addition to the documented values, all services also support the following va | codeInsightsDB.enabled | bool | `true` | Enable `codeinsights-db` PostgreSQL server | | codeInsightsDB.env | object | `{}` | Environment variables for the `codeinsights-db` container | | codeInsightsDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeinsights-db`. It must contain a `postgresql.conf` key. | -| codeInsightsDB.image.defaultTag | string | `"6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9"` | Docker image tag for the `codeinsights-db` image | +| codeInsightsDB.image.defaultTag | string | `"6.11.1446@sha256:2197700dfafb0584ce03d5f2451b1ce12b1d85b4315a5b1cc734a9e26cc1e6e1"` | Docker image tag for the `codeinsights-db` image | | codeInsightsDB.image.name | string | `"postgresql-16-codeinsights"` | Docker image name for the `codeinsights-db` image | | codeInsightsDB.init.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeInsightsDB.name | string | `"codeinsights-db"` | Name used by resources. Does not affect service names or PVCs. | @@ -83,7 +83,7 @@ In addition to the documented values, all services also support the following va | codeIntelDB.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `codeintel-db` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeIntelDB.enabled | bool | `true` | Enable `codeintel-db` PostgreSQL server | | codeIntelDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeintel-db`. It must contain a `postgresql.conf` key | -| codeIntelDB.image.defaultTag | string | `"6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb"` | Docker image tag for the `codeintel-db` image | +| codeIntelDB.image.defaultTag | string | `"6.11.1446@sha256:15bc1ce9506f971dda99d0d2b7ddedfd6fcd91740acba10b8302b1bf48040fb7"` | Docker image tag for the `codeintel-db` image | | codeIntelDB.image.name | string | `"postgresql-16"` | Docker image name for the `codeintel-db` image | | codeIntelDB.name | string | `"codeintel-db"` | Name used by resources. Does not affect service names or PVCs. | | codeIntelDB.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999}` | Security context for the `codeintel-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -96,7 +96,7 @@ In addition to the documented values, all services also support the following va | frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | frontend.createRoleBinding | bool | `true` | Disable the roleBinding resource for deployment environments blocking RBAC, ex. OpenShift's default "secure" SCC | | frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container | -| frontend.image.defaultTag | string | `"6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a"` | Docker image tag for the `frontend` image | +| frontend.image.defaultTag | string | `"6.11.1446@sha256:7294074e1bbb80d69e983112c543cecc2c404b217027c6990592750af1651e72"` | Docker image tag for the `frontend` image | | frontend.image.name | string | `"frontend"` | Docker image name for the `frontend` image | | frontend.ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"}` | Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by [cert-manager](https://cert-manager.io/docs/usage/ingress/) | | frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | [Deprecated annotation](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use `ingressClassName` instead and set an override value of `null` for this annotation. | @@ -112,7 +112,7 @@ In addition to the documented values, all services also support the following va | frontend.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for `frontend` | | frontend.serviceAccount.name | string | `"sourcegraph-frontend"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | gitserver.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| gitserver.image.defaultTag | string | `"6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35"` | Docker image tag for the `gitserver` image | +| gitserver.image.defaultTag | string | `"6.11.1446@sha256:c7eabaefe4144d125e0f46f729352338cd0ef658d57a2f622f80d035d010f187"` | Docker image tag for the `gitserver` image | | gitserver.image.name | string | `"gitserver"` | Docker image name for the `gitserver` image | | gitserver.name | string | `"gitserver"` | Name used by resources. Does not affect service names or PVCs. | | gitserver.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -133,7 +133,7 @@ In addition to the documented values, all services also support the following va | grafana.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | grafana.enabled | bool | `true` | Enable `grafana` dashboard (recommended) | | grafana.existingConfig | string | `""` | Name of existing ConfigMap for `grafana`. It must contain a `datasources.yml` key. | -| grafana.image.defaultTag | string | `"6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8"` | Docker image tag for the `grafana` image | +| grafana.image.defaultTag | string | `"6.11.1446@sha256:05d4edd859220e408afc150afe936d484e5c9e6513c9d67514989d566a1ed7d3"` | Docker image tag for the `grafana` image | | grafana.image.name | string | `"grafana"` | Docker image name for the `grafana` image | | grafana.name | string | `"grafana"` | Name used by resources. Does not affect service names or PVCs. | | grafana.podSecurityContext | object | `{"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -142,7 +142,7 @@ In addition to the documented values, all services also support the following va | grafana.serviceAccount.name | string | `"grafana"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | grafana.storageSize | string | `"2Gi"` | PVC Storage Request for `grafana` data volume | | indexedSearch.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-webserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearch.image.defaultTag | string | `"6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323"` | Docker image tag for the `zoekt-webserver` image | +| indexedSearch.image.defaultTag | string | `"6.11.1446@sha256:bf6998fe2d9ecb57dec849ad0fe5e7129741fa62c737aeaedaf5b8fea345bd83"` | Docker image tag for the `zoekt-webserver` image | | indexedSearch.image.name | string | `"indexed-searcher"` | Docker image name for the `zoekt-webserver` image | | indexedSearch.name | string | `"indexed-search"` | Name used by resources. Does not affect service names or PVCs. | | indexedSearch.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `indexed-search` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -152,7 +152,7 @@ In addition to the documented values, all services also support the following va | indexedSearch.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | indexedSearch.storageSize | string | `"200Gi"` | PVC Storage Request for `indexed-search` data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. | | indexedSearchIndexer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearchIndexer.image.defaultTag | string | `"6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91"` | Docker image tag for the `zoekt-indexserver` image | +| indexedSearchIndexer.image.defaultTag | string | `"6.11.1446@sha256:54b3e549b7cf62bd58e2d9b0608b64391f86ae0b2cccd1917b4c751d051f478d"` | Docker image tag for the `zoekt-indexserver` image | | indexedSearchIndexer.image.name | string | `"search-indexer"` | Docker image name for the `zoekt-indexserver` image | | indexedSearchIndexer.resources | object | `{"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}}` | Resource requests & limits for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. | | jaeger.args | list | `["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"]` | Default args passed to the `jaeger` binary | @@ -162,7 +162,7 @@ In addition to the documented values, all services also support the following va | jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger `collector` service, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | | jaeger.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `jaeger` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | jaeger.enabled | bool | `false` | Enable `jaeger` | -| jaeger.image.defaultTag | string | `"6.0.0@sha256:79548aa11d7e2e6bf3e2012fb9e046df12ba5c5410bc24ec8f4d7cbb880336b9"` | Docker image tag for the `jaeger` image | +| jaeger.image.defaultTag | string | `"6.11.1446@sha256:bb25a7008d31a90abaf5c6af5e77c7ad97909f8266e0746df344de13c7d9c134"` | Docker image tag for the `jaeger` image | | jaeger.image.name | string | `"jaeger-all-in-one"` | Docker image name for the `jaeger` image | | jaeger.name | string | `"jaeger"` | Name used by resources. Does not affect service names or PVCs. | | jaeger.podSecurityContext | object | `{}` | Security context for the `jaeger` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -177,14 +177,14 @@ In addition to the documented values, all services also support the following va | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.enabled | bool | `true` | Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in `frontend` deployment to perform database migration | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"6.11.1446@sha256:bc34a2b099cfa36e930f37a20356f51a52c0c2c6cc0dffd0e47539722bd5fa9f"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | nodeExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534}` | Security context for the `node-exporter` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | nodeExporter.enabled | bool | `true` | Enable `node-exporter` | | nodeExporter.extraArgs | list | `[]` | | | nodeExporter.hostPID | bool | `true` | | -| nodeExporter.image.defaultTag | string | `"6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06"` | Docker image tag for the `node-exporter` image | +| nodeExporter.image.defaultTag | string | `"6.11.1446@sha256:1bdd78265f22fe81318e80d7c7ab203c7b7def7c1154b01489293ea556d45f41"` | Docker image tag for the `node-exporter` image | | nodeExporter.image.name | string | `"node-exporter"` | Docker image name for the `node-exporter` image | | nodeExporter.name | string | `"node-exporter"` | Name used by resources. Does not affect service names or PVCs. | | nodeExporter.podSecurityContext | object | `{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}` | Security context for the `node-exporter` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -214,7 +214,7 @@ In addition to the documented values, all services also support the following va | openTelemetry.gateway.resources | object | `{"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}}` | Resource requests & limits for the `otel-collector` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | openTelemetry.gateway.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `otel-collector` | | openTelemetry.gateway.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| openTelemetry.image.defaultTag | string | `"6.0.0@sha256:ef3e61a4f0a624523ecdee57d8b7757436c2389e0cf12401b4764d19c826ff8a"` | Docker image tag for the `otel-collector` image | +| openTelemetry.image.defaultTag | string | `"6.11.1446@sha256:0bb822438ffede9db87184bfbd5bf24f439141bc0181ad4b350d9501c0580c06"` | Docker image tag for the `otel-collector` image | | openTelemetry.image.name | string | `"opentelemetry-collector"` | Docker image name for the `otel-collector` image | | pgsql.additionalConfig | string | `""` | Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our [recommended PostgreSQL configuration](https://docs.sourcegraph.com/admin/config/postgres-conf) and [PostgreSQL documentation](https://www.postgresql.org/docs/12/config-setting.html) | | pgsql.auth.database | string | `"sg"` | Sets postgres database name | @@ -227,7 +227,7 @@ In addition to the documented values, all services also support the following va | pgsql.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | pgsql.enabled | bool | `true` | Enable `pgsql` PostgreSQL server | | pgsql.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `postgresql.conf` key | -| pgsql.image.defaultTag | string | `"6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb"` | Docker image tag for the `pgsql` image | +| pgsql.image.defaultTag | string | `"6.11.1446@sha256:15bc1ce9506f971dda99d0d2b7ddedfd6fcd91740acba10b8302b1bf48040fb7"` | Docker image tag for the `pgsql` image | | pgsql.image.name | string | `"postgresql-16"` | Docker image name for the `pgsql` image | | pgsql.name | string | `"pgsql"` | Name used by resources. Does not affect service names or PVCs. | | pgsql.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -236,12 +236,12 @@ In addition to the documented values, all services also support the following va | pgsql.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `pgsql` | | pgsql.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | pgsql.storageSize | string | `"200Gi"` | PVC Storage Request for `pgsql` data volume | -| postgresExporter.image.defaultTag | string | `"6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27"` | Docker image tag for the `pgsql-exporter` image | +| postgresExporter.image.defaultTag | string | `"6.11.1446@sha256:3fd1e80b41e6113d329b09be4cdd588947f75fadf33ea2bbe995cfbd28f1a506"` | Docker image tag for the `pgsql-exporter` image | | postgresExporter.image.name | string | `"postgres_exporter"` | Docker image name for the `pgsql-exporter` image | | postgresExporter.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `pgsql-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | preciseCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | preciseCodeIntel.env | object | `{"NUM_WORKERS":{"value":"4"}}` | Environment variables for the `precise-code-intel-worker` container | -| preciseCodeIntel.image.defaultTag | string | `"6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37"` | Docker image tag for the `precise-code-intel-worker` image | +| preciseCodeIntel.image.defaultTag | string | `"6.11.1446@sha256:b42638630265da0e5d453c9e8dee99ff14bf28d39f973e86b408673ca190caaa"` | Docker image tag for the `precise-code-intel-worker` image | | preciseCodeIntel.image.name | string | `"precise-code-intel-worker"` | Docker image name for the `precise-code-intel-worker` image | | preciseCodeIntel.name | string | `"precise-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | preciseCodeIntel.podSecurityContext | object | `{}` | Security context for the `precise-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -254,7 +254,7 @@ In addition to the documented values, all services also support the following va | prometheus.createRoleBinding | bool | `true` | Disable the creation of a RoleBinding object, for customers who block all RBAC resource creation | | prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) | | prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key | -| prometheus.image.defaultTag | string | `"6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f"` | Docker image tag for the `prometheus` image | +| prometheus.image.defaultTag | string | `"6.11.1446@sha256:77195edbf32fa5ada92141cb145e74e068f1ca0545db1c4d36383cdaf2147259"` | Docker image tag for the `prometheus` image | | prometheus.image.name | string | `"prometheus"` | Docker image name for the `prometheus` image | | prometheus.name | string | `"prometheus"` | Name used by resources. Does not affect service names or PVCs. | | prometheus.podSecurityContext | object | `{"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `prometheus` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -267,7 +267,7 @@ In addition to the documented values, all services also support the following va | redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisCache.enabled | bool | `true` | Enable `redis-cache` Redis server | -| redisCache.image.defaultTag | string | `"6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78"` | Docker image tag for the `redis-cache` image | +| redisCache.image.defaultTag | string | `"6.11.1446@sha256:edfeadb79ea195fa85b2a1e06af54841677c3004d34e9f76b5cc1866a2f2ab68"` | Docker image tag for the `redis-cache` image | | redisCache.image.name | string | `"redis-cache"` | Docker image name for the `redis-cache` image | | redisCache.name | string | `"redis-cache"` | Name used by resources. Does not affect service names or PVCs. | | redisCache.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-cache` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -276,14 +276,14 @@ In addition to the documented values, all services also support the following va | redisCache.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisCache.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-cache` data volume | | redisExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| redisExporter.image.defaultTag | string | `"6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af"` | Docker image tag for the `redis-exporter` image | +| redisExporter.image.defaultTag | string | `"6.11.1446@sha256:79c8e837fa117e0878fd5a047452839e7e4200ff517715231ee0b2794bbcc0a1"` | Docker image tag for the `redis-exporter` image | | redisExporter.image.name | string | `"redis_exporter"` | Docker image name for the `redis-exporter` image | | redisExporter.resources | object | `{"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}}` | Resource requests & limits for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | redisStore.connection.endpoint | string | `"redis-store:6379"` | Endpoint to use for redis-store. Supports either host:port or IANA specification | | redisStore.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisStore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-store` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisStore.enabled | bool | `true` | Enable `redis-store` Redis server | -| redisStore.image.defaultTag | string | `"6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be"` | Docker image tag for the `redis-store` image | +| redisStore.image.defaultTag | string | `"6.11.1446@sha256:94ece028c3d29bb6ffe2f31d43805c0b136f913a5aaecce3554a3908e6efea3b"` | Docker image tag for the `redis-store` image | | redisStore.image.name | string | `"redis-store"` | Docker image name for the `redis-store` image | | redisStore.name | string | `"redis-store"` | Name used by resources. Does not affect service names or PVCs. | | redisStore.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-store` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -292,7 +292,7 @@ In addition to the documented values, all services also support the following va | redisStore.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisStore.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-store` data volume | | searcher.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| searcher.image.defaultTag | string | `"6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336"` | Docker image tag for the `searcher` image | +| searcher.image.defaultTag | string | `"6.11.1446@sha256:a5f36470b5c9a0603563eb0a6c18c3e1e2f132a5c58a048dce22e1adfcae27ba"` | Docker image tag for the `searcher` image | | searcher.image.name | string | `"searcher"` | Docker image name for the `searcher` image | | searcher.name | string | `"searcher"` | Name used by resources. Does not affect service names or PVCs. | | searcher.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `searcher` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -306,7 +306,7 @@ In addition to the documented values, all services also support the following va | sourcegraph.disableKubernetesSecrets | bool | `false` | Disable the creation of Kubernetes secrets objects | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"us-docker.pkg.dev/sourcegraph-images/internal"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add extra labels to all resources | @@ -315,6 +315,7 @@ In addition to the documented values, all services also support the following va | sourcegraph.nodeSelector | object | `{}` | Global NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | | sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods | | sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods | +| sourcegraph.priorityClassName | string | `""` | Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) | | sourcegraph.revisionHistoryLimit | int | `10` | Global deployment clean up policy, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) | | sourcegraph.serviceLabels | object | `{}` | Add extra labels to all services | | sourcegraph.tolerations | list | `[]` | Global Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | @@ -326,7 +327,7 @@ In addition to the documented values, all services also support the following va | storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation | | syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | syntacticCodeIntel.enabled | bool | `false` | | -| syntacticCodeIntel.image.defaultTag | string | `"6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c"` | Docker image tag for the `syntactic-code-intel-worker` image | +| syntacticCodeIntel.image.defaultTag | string | `"6.11.1446@sha256:5c26b3ced1560c960c6107678e08e5237cdb8c1b829b6d2955e9f6ea1cdbf275"` | Docker image tag for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.image.name | string | `"syntactic-code-intel-worker"` | Docker image name for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.name | string | `"syntactic-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | syntacticCodeIntel.podSecurityContext | object | `{}` | Security context for the `syntactic-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -336,7 +337,7 @@ In addition to the documented values, all services also support the following va | syntacticCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntactic-code-intel-worker` | | syntacticCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | syntectServer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntect-server` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| syntectServer.image.defaultTag | string | `"6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60"` | Docker image tag for the `syntect-server` image | +| syntectServer.image.defaultTag | string | `"6.11.1446@sha256:2f1026ba76c351f8e7aba681ebcfa8629a065e83621b9e880ad810186280067b"` | Docker image tag for the `syntect-server` image | | syntectServer.image.name | string | `"syntax-highlighter"` | Docker image name for the `syntect-server` image | | syntectServer.name | string | `"syntect-server"` | Name used by resources. Does not affect service names or PVCs. | | syntectServer.podSecurityContext | object | `{}` | Security context for the `syntect-server` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -347,7 +348,7 @@ In addition to the documented values, all services also support the following va | worker.blocklist | list | `[]` | List of jobs to block globally If replicas are configured, use this values to block jobs instead of manually setting WORKER_JOB_BLOCKLIST | | worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | worker.env | object | `{}` | Environment variables for the `worker` container | -| worker.image.defaultTag | string | `"6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a"` | Docker image tag for the `worker` image | +| worker.image.defaultTag | string | `"6.11.1446@sha256:76257f19515d998f3307dbd3cafe74292366bc6c1dc7a93f3e5453b715887ac2"` | Docker image tag for the `worker` image | | worker.image.name | string | `"worker"` | Docker image name for the `worker` image | | worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. | | worker.podSecurityContext | object | `{}` | Security context for the `worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | diff --git a/charts/sourcegraph/examples/subchart/Chart.yaml b/charts/sourcegraph/examples/subchart/Chart.yaml index 437f9b00..c18375ac 100644 --- a/charts/sourcegraph/examples/subchart/Chart.yaml +++ b/charts/sourcegraph/examples/subchart/Chart.yaml @@ -2,10 +2,10 @@ apiVersion: v2 name: sourcegraph-subchart description: Customer-owned chart that inherits from Sourcegraph type: application -version: "5.11.0" +version: "6.11.1446" dependencies: - name: sourcegraph alias: sg # Optional, allows a custom name to be used - version: "5.11.0" + version: "6.11.1446" repository: "https://sourcegraph.github.io/deploy-sourcegraph-helm" diff --git a/charts/sourcegraph/templates/_helpers.tpl b/charts/sourcegraph/templates/_helpers.tpl index c1671edd..13d0ed52 100644 --- a/charts/sourcegraph/templates/_helpers.tpl +++ b/charts/sourcegraph/templates/_helpers.tpl @@ -249,23 +249,35 @@ app.kubernetes.io/name: jaeger {{- end }} {{/* -Set redisCache and redisStore endpoints -So that customers can configure them any of these ways: -1. Create a new Kubernetes secret, with default values (default, no override config required) -2. Use an existing Kubernetes secret, by configuring .Values.redisCache.connection.existingSecret -3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true -4. Do not create or use Kubernetes secrets, but pass custom values (ex. external Redis) directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true, .Values.redisCache.connection.endpoint = "", .Values.redisStore.connection.endpoint = "", and defining the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods +Set redisCache and redisStore endpoints, +so that customers can configure them any of these ways: + +1. Create new Kubernetes secrets, with default values (default, no override config required) + +2. Use existing Kubernetes secrets, managed externally, by configuring: +.Values.redisCache.connection.existingSecret: +.Values.redisStore.connection.existingSecret: + +3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring: +.Values.sourcegraph.disableKubernetesSecrets: true + +4. Do not create or use Kubernetes secrets, but provide custom values (ex. external Redis) to have this function pass them into the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods, by configuring: +.Values.sourcegraph.disableKubernetesSecrets: true +.Values.redisCache.connection.endpoint: +.Values.redisStore.connection.endpoint: + */}} {{- define "sourcegraph.redisConnection" -}} {{- if .Values.sourcegraph.disableKubernetesSecrets -}} -{{- if .Values.redisCache.connection.endpoint -}} -- name: REDIS_CACHE_ENDPOINT - value: {{ .Values.redisCache.connection.endpoint }} +{{- $cacheEndpoint := dig "connection" "endpoint" "" .Values.redisCache -}} +{{- $storeEndpoint := dig "connection" "endpoint" "" .Values.redisStore -}} +{{- if not (and $cacheEndpoint $storeEndpoint) -}} +{{- fail ".Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint must be set when disableKubernetesSecrets is true!" -}} {{- end -}} -{{- if .Values.redisStore.connection.endpoint -}} +- name: REDIS_CACHE_ENDPOINT + value: {{ $cacheEndpoint }} - name: REDIS_STORE_ENDPOINT - value: {{ .Values.redisStore.connection.endpoint }} -{{- end -}} + value: {{ $storeEndpoint }} {{- else -}} - name: REDIS_CACHE_ENDPOINT valueFrom: diff --git a/charts/sourcegraph/templates/_helpers/_priorityClassName.tpl b/charts/sourcegraph/templates/_helpers/_priorityClassName.tpl new file mode 100644 index 00000000..edff6746 --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_priorityClassName.tpl @@ -0,0 +1,20 @@ +{{/* + +Allow customers to assign a priorityClassName to all resources which create pods (ex. DaemonSets, Deployments, StatefulSets) + +Customers can configure an instance-wide default priorty class name at .Values.sourcegraph.priorityClassName, +and can override it for individual services, if needed, at .Values..priorityClassName + +*/}} + +{{- define "sourcegraph.priorityClassName" -}} +{{- $top := index . 0 }} +{{- $service := index . 1 }} +{{- $globalPriorityClassName := (index $top.Values "sourcegraph" "priorityClassName") }} +{{- $servicePriorityClassName := (index $top.Values $service "priorityClassName") }} +{{- if $servicePriorityClassName }} +priorityClassName: {{ $servicePriorityClassName | toYaml | trim }} +{{- else if $globalPriorityClassName }} +priorityClassName: {{ $globalPriorityClassName | toYaml | trim }} +{{- end }} +{{- end }} diff --git a/charts/sourcegraph/templates/_worker.tpl b/charts/sourcegraph/templates/_worker.tpl index 73c4b64a..899bf03b 100644 --- a/charts/sourcegraph/templates/_worker.tpl +++ b/charts/sourcegraph/templates/_worker.tpl @@ -135,6 +135,7 @@ spec: {{- toYaml $top.Values.worker.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list $top "worker" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list $top "worker" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list $top "worker") | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list $top "worker" ) | trim | nindent 6 }} {{- with $top.Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml b/charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml index 08c87d9d..8f02c7d4 100644 --- a/charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml +++ b/charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml @@ -92,6 +92,7 @@ spec: {{- toYaml .Values.blobstore.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "blobstore" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "blobstore" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "blobstore") | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "blobstore" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/cadvisor/cadvisor.ClusterRoleBinding.yaml b/charts/sourcegraph/templates/cadvisor/cadvisor.ClusterRoleBinding.yaml index bc88231c..f10abe8b 100644 --- a/charts/sourcegraph/templates/cadvisor/cadvisor.ClusterRoleBinding.yaml +++ b/charts/sourcegraph/templates/cadvisor/cadvisor.ClusterRoleBinding.yaml @@ -13,7 +13,7 @@ roleRef: kind: ClusterRole name: {{ .Values.cadvisor.name }} subjects: -- kind: ServiceAccount - name: {{ include "sourcegraph.serviceAccountName" (list . "cadvisor") }} +- name: {{ include "sourcegraph.serviceAccountName" (list . "cadvisor") }} + kind: ServiceAccount namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml b/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml index 40508fc6..e9814a4e 100644 --- a/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml +++ b/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml @@ -94,15 +94,16 @@ spec: - name: http containerPort: 48080 protocol: TCP - automountServiceAccountToken: false - terminationGracePeriodSeconds: 30 {{- if .Values.cadvisor.extraContainers }} {{- toYaml .Values.cadvisor.extraContainers | nindent 6 }} {{- end }} + automountServiceAccountToken: false + terminationGracePeriodSeconds: 30 securityContext: {{- toYaml .Values.cadvisor.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "cadvisor" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "cadvisor" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "cadvisor" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "cadvisor" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.StatefulSet.yaml b/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.StatefulSet.yaml index d56a02a8..99c78fd3 100644 --- a/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.StatefulSet.yaml +++ b/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.StatefulSet.yaml @@ -124,6 +124,7 @@ spec: {{- toYaml .Values.codeInsightsDB.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "codeInsightsDB" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "codeInsightsDB" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "codeInsightsDB" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "codeInsightsDB" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml b/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml index accb0b3f..d95649a3 100644 --- a/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml +++ b/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml @@ -58,7 +58,7 @@ spec: {{- toYaml .Values.alpine.resources | nindent 10 }} {{- end }} containers: - - name: pgsql + - name: pgsql # TODO: Evaluate renaming container to codeintel image: {{ include "sourcegraph.image" (list . "codeIntelDB") }} imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} {{- with .Values.codeIntelDB.args }} @@ -108,9 +108,6 @@ spec: {{- if .Values.codeIntelDB.extraVolumeMounts }} {{- toYaml .Values.codeIntelDB.extraVolumeMounts | nindent 8 }} {{- end }} - {{- if .Values.codeIntelDB.extraContainers }} - {{- toYaml .Values.codeIntelDB.extraContainers | nindent 6 }} - {{- end }} - name: pgsql-exporter env: {{- include "sourcegraph.dataSource" (list . "codeIntelDB" ) | nindent 8 }} @@ -131,11 +128,15 @@ spec: securityContext: {{- toYaml .Values.postgresExporter.containerSecurityContext | nindent 10 }} terminationMessagePolicy: FallbackToLogsOnError + {{- if .Values.codeIntelDB.extraContainers }} + {{- toYaml .Values.codeIntelDB.extraContainers | nindent 6 }} + {{- end }} terminationGracePeriodSeconds: 120 securityContext: {{- toYaml .Values.codeIntelDB.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "codeIntelDB" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "codeIntelDB" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "codeIntelDB" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "codeIntelDB" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml index dd8f31a7..1696644e 100644 --- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml +++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml @@ -144,6 +144,7 @@ spec: {{- toYaml .Values.frontend.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "frontend" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "frontend" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "frontend" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "frontend" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: @@ -151,8 +152,8 @@ spec: {{- end }} {{- include "sourcegraph.renderServiceAccountName" (list . "frontend") | trim | nindent 6 }} volumes: - - emptyDir: {} - name: home-dir + - name: home-dir + emptyDir: {} {{- if .Values.frontend.extraVolumes }} {{- toYaml .Values.frontend.extraVolumes | nindent 6 }} {{- end }} diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.RoleBinding.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.RoleBinding.yaml index 02075fcc..4bdbc1c2 100644 --- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.RoleBinding.yaml +++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.RoleBinding.yaml @@ -19,7 +19,7 @@ roleRef: name: view {{- end }} subjects: -- kind: ServiceAccount - name: {{ include "sourcegraph.serviceAccountName" (list . "frontend") }} +- name: {{ include "sourcegraph.serviceAccountName" (list . "frontend") }} + kind: ServiceAccount namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/sourcegraph/templates/gitserver/gitserver.StatefulSet.yaml b/charts/sourcegraph/templates/gitserver/gitserver.StatefulSet.yaml index 9620df24..833b9799 100644 --- a/charts/sourcegraph/templates/gitserver/gitserver.StatefulSet.yaml +++ b/charts/sourcegraph/templates/gitserver/gitserver.StatefulSet.yaml @@ -99,6 +99,7 @@ spec: {{- toYaml .Values.gitserver.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "gitserver" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "gitserver" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "gitserver" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "gitserver" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: @@ -118,9 +119,6 @@ spec: {{- if .Values.gitserver.extraVolumes }} {{- toYaml .Values.gitserver.extraVolumes | nindent 6 }} {{- end }} - {{- if .Values.gitserver.priorityClassName }} - priorityClassName: {{ .Values.gitserver.priorityClassName }} - {{- end }} updateStrategy: type: RollingUpdate volumeClaimTemplates: diff --git a/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml b/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml index da569d02..66e56943 100644 --- a/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml +++ b/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml @@ -88,6 +88,7 @@ spec: {{- toYaml .Values.grafana.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "grafana" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "grafana" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "grafana" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "grafana" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml b/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml index a96fcb44..ddefc592 100644 --- a/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml +++ b/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Values.grafana.name }}-auth labels: app: grafana deploy: sourcegraph app.kubernetes.io/component: grafana + name: {{ .Values.grafana.name }}-auth type: Opaque data: database: {{ .Values.grafana.auth.database | toString | b64enc | quote }} diff --git a/charts/sourcegraph/templates/indexed-search/indexed-search.StatefulSet.yaml b/charts/sourcegraph/templates/indexed-search/indexed-search.StatefulSet.yaml index cd2df9c9..b96e1ea8 100644 --- a/charts/sourcegraph/templates/indexed-search/indexed-search.StatefulSet.yaml +++ b/charts/sourcegraph/templates/indexed-search/indexed-search.StatefulSet.yaml @@ -119,6 +119,7 @@ spec: {{- toYaml .Values.indexedSearch.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "indexedSearch" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "indexedSearch" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "indexedSearch" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "indexedSearch" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: @@ -130,9 +131,6 @@ spec: {{- if .Values.indexedSearch.extraVolumes }} {{- toYaml .Values.indexedSearch.extraVolumes | nindent 6 }} {{- end }} - {{- if .Values.indexedSearch.priorityClassName }} - priorityClassName: {{ .Values.indexedSearch.priorityClassName }} - {{- end }} updateStrategy: type: RollingUpdate volumeClaimTemplates: diff --git a/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml b/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml index 39a766da..34eb8381 100644 --- a/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml +++ b/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml @@ -5,7 +5,6 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.jaeger.name }} labels: {{- include "sourcegraph.jaeger.labels" . | nindent 4 }} {{- if .Values.jaeger.labels }} @@ -14,6 +13,7 @@ metadata: deploy: sourcegraph app.kubernetes.io/component: all-in-one app: jaeger + name: {{ .Values.jaeger.name }} spec: replicas: {{ .Values.jaeger.replicaCount }} revisionHistoryLimit: {{ .Values.sourcegraph.revisionHistoryLimit }} @@ -101,6 +101,7 @@ spec: {{- toYaml .Values.jaeger.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "jaeger" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "jaeger" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "jaeger" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "jaeger" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/node-exporter/node-exporter.ClusterRoleBinding.yaml b/charts/sourcegraph/templates/node-exporter/node-exporter.ClusterRoleBinding.yaml index abb55e11..698e98a4 100644 --- a/charts/sourcegraph/templates/node-exporter/node-exporter.ClusterRoleBinding.yaml +++ b/charts/sourcegraph/templates/node-exporter/node-exporter.ClusterRoleBinding.yaml @@ -13,7 +13,7 @@ roleRef: kind: ClusterRole name: {{ .Values.nodeExporter.name }} subjects: -- kind: ServiceAccount - name: {{ include "sourcegraph.serviceAccountName" (list . "nodeExporter") }} +- name: {{ include "sourcegraph.serviceAccountName" (list . "nodeExporter") }} + kind: ServiceAccount namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml b/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml index 078f1bdf..db0bc0c3 100644 --- a/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml +++ b/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml @@ -58,9 +58,9 @@ spec: - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*)$ - --collector.netdev.device-exclude=^(veth.*)$ -{{- if .Values.nodeExporter.extraArgs }} -{{ toYaml .Values.nodeExporter.extraArgs | indent 10 }} -{{- end }} + {{- if .Values.nodeExporter.extraArgs }} + {{ toYaml .Values.nodeExporter.extraArgs }} + {{- end }} env: {{- range $name, $item := .Values.nodeExporter.env}} - name: {{ $name }} @@ -111,15 +111,16 @@ spec: successThreshold: 1 timeoutSeconds: 1 terminationMessagePolicy: FallbackToLogsOnError - automountServiceAccountToken: false - terminationGracePeriodSeconds: 30 {{- if .Values.nodeExporter.extraContainers }} {{- toYaml .Values.nodeExporter.extraContainers | nindent 6 }} {{- end }} + automountServiceAccountToken: false + terminationGracePeriodSeconds: 30 securityContext: {{- toYaml .Values.nodeExporter.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "nodeExporter" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "nodeExporter" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "nodeExporter" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "nodeExporter" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/otel-collector/otel-agent.ConfigMap.yaml b/charts/sourcegraph/templates/otel-collector/otel-agent.ConfigMap.yaml index 496e54c0..089bb4e3 100644 --- a/charts/sourcegraph/templates/otel-collector/otel-agent.ConfigMap.yaml +++ b/charts/sourcegraph/templates/otel-collector/otel-agent.ConfigMap.yaml @@ -1,5 +1,5 @@ -# Config for the agent pods running as a DaemonSet, which forward data to the gateway pod {{ if .Values.openTelemetry.enabled -}} +# Config for the agent pods running as a DaemonSet, which forward data to the gateway pod apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/sourcegraph/templates/otel-collector/otel-agent.DaemonSet.yaml b/charts/sourcegraph/templates/otel-collector/otel-agent.DaemonSet.yaml index 3efd5b1c..b2771396 100644 --- a/charts/sourcegraph/templates/otel-collector/otel-agent.DaemonSet.yaml +++ b/charts/sourcegraph/templates/otel-collector/otel-agent.DaemonSet.yaml @@ -84,6 +84,7 @@ spec: terminationGracePeriodSeconds: 120 {{- include "sourcegraph.nodeSelector" (list . "openTelemetry" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "openTelemetry" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "openTelemetry" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "openTelemetry" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/otel-collector/otel-collector.Deployment.yaml b/charts/sourcegraph/templates/otel-collector/otel-collector.Deployment.yaml index 47896c1b..d1d428a4 100644 --- a/charts/sourcegraph/templates/otel-collector/otel-collector.Deployment.yaml +++ b/charts/sourcegraph/templates/otel-collector/otel-collector.Deployment.yaml @@ -105,6 +105,7 @@ spec: terminationGracePeriodSeconds: 120 {{- include "sourcegraph.nodeSelector" (list . "openTelemetry" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "openTelemetry" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "openTelemetry" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "openTelemetry" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/otel-collector/otel-collector.Service.yaml b/charts/sourcegraph/templates/otel-collector/otel-collector.Service.yaml index bed2bd0f..3615de7a 100644 --- a/charts/sourcegraph/templates/otel-collector/otel-collector.Service.yaml +++ b/charts/sourcegraph/templates/otel-collector/otel-collector.Service.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Service metadata: - name: otel-collector annotations: prometheus.io/port: "8888" sourcegraph.prometheus/scrape: "true" @@ -16,6 +15,7 @@ metadata: {{- end }} deploy: sourcegraph app.kubernetes.io/component: otel-collector + name: otel-collector spec: ports: - name: grpc-otlp diff --git a/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml b/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml index 73280504..63ec30eb 100644 --- a/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml +++ b/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Values.pgsql.name }}-auth labels: app: pgsql deploy: sourcegraph app.kubernetes.io/component: pgsql + name: {{ .Values.pgsql.name }}-auth type: Opaque data: database: {{ .Values.pgsql.auth.database | toString | b64enc | quote }} diff --git a/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml b/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml index 2e6727af..26047eaf 100644 --- a/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml +++ b/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml @@ -58,7 +58,8 @@ spec: {{- toYaml .Values.alpine.resources | nindent 10 }} {{- end }} containers: - - image: {{ include "sourcegraph.image" (list . "pgsql") }} + - name: pgsql + image: {{ include "sourcegraph.image" (list . "pgsql") }} imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} {{- with .Values.pgsql.args }} args: @@ -80,7 +81,6 @@ spec: - /liveness.sh failureThreshold: 360 periodSeconds: 10 - name: pgsql env: {{- include "sourcegraph.databaseAuth" (list . "pgsql" "POSTGRES_") | nindent 8 }} - name: POSTGRES_DB @@ -110,9 +110,6 @@ spec: {{- if .Values.pgsql.extraVolumeMounts }} {{- toYaml .Values.pgsql.extraVolumeMounts | nindent 8 }} {{- end }} - {{- if .Values.pgsql.extraContainers }} - {{- toYaml .Values.pgsql.extraContainers | nindent 6 }} - {{- end }} - name: pgsql-exporter env: {{- include "sourcegraph.dataSource" (list . "pgsql" ) | nindent 8 }} @@ -133,11 +130,15 @@ spec: securityContext: {{- toYaml .Values.postgresExporter.containerSecurityContext | nindent 10 }} terminationMessagePolicy: FallbackToLogsOnError + {{- if .Values.pgsql.extraContainers }} + {{- toYaml .Values.pgsql.extraContainers | nindent 6 }} + {{- end }} terminationGracePeriodSeconds: 120 securityContext: {{- toYaml .Values.pgsql.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "pgsql" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "pgsql" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "pgsql" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "pgsql" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml b/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml index 18cba342..bb15fbf7 100644 --- a/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml +++ b/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml @@ -108,6 +108,7 @@ spec: {{- toYaml .Values.preciseCodeIntel.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "preciseCodeIntel" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "preciseCodeIntel" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "preciseCodeIntel" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "preciseCodeIntel" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: @@ -115,8 +116,8 @@ spec: {{- end }} {{- include "sourcegraph.renderServiceAccountName" (list . "preciseCodeIntel") | trim | nindent 6 }} volumes: - - emptyDir: {} - name: tmpdir + - name: tmpdir + emptyDir: {} {{- if .Values.preciseCodeIntel.extraVolumes }} {{- toYaml .Values.preciseCodeIntel.extraVolumes | nindent 6 }} {{- end }} diff --git a/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml b/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml index d6ab69ab..67017b7c 100644 --- a/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml +++ b/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml @@ -12,7 +12,7 @@ roleRef: kind: ClusterRole name: {{ .Values.prometheus.name }} subjects: -- kind: ServiceAccount - name: {{ include "sourcegraph.serviceAccountName" (list . "prometheus") }} +- name: {{ include "sourcegraph.serviceAccountName" (list . "prometheus") }} + kind: ServiceAccount namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/sourcegraph/templates/prometheus/prometheus.ConfigMap.yaml b/charts/sourcegraph/templates/prometheus/prometheus.ConfigMap.yaml index 94803858..c5bc3b9a 100644 --- a/charts/sourcegraph/templates/prometheus/prometheus.ConfigMap.yaml +++ b/charts/sourcegraph/templates/prometheus/prometheus.ConfigMap.yaml @@ -1,5 +1,11 @@ {{- if and .Values.prometheus.enabled (not .Values.prometheus.existingConfig) -}} apiVersion: v1 +kind: ConfigMap +metadata: + labels: + deploy: sourcegraph + app.kubernetes.io/component: prometheus + name: {{ .Values.prometheus.name }} data: prometheus.yml: | global: @@ -112,7 +118,9 @@ data: regex: (.+) target_label: __metrics_path__ replacement: /api/v1/nodes/${1}/proxy/metrics - {{- end }} # End of privileged config + + # End of privileged config + {{- end }} # Scrape config for service endpoints. # @@ -171,7 +179,7 @@ data: - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: instance - # Sourcegraph specific customization. We want to add a label to every + # Sourcegraph specific customization. We want to add a label to every # metric that indicates the node it came from. - source_labels: [__meta_kubernetes_endpoint_node_name] action: replace @@ -252,7 +260,7 @@ data: - source_labels: [__meta_kubernetes_namespace] action: replace target_label: ns - # Sourcegraph specific customization. We want to add a label to every + # Sourcegraph specific customization. We want to add a label to every # metric that indicates the node it came from. - source_labels: [__meta_kubernetes_pod_node_name] action: replace @@ -295,10 +303,4 @@ data: labels: app: alertmanager extra_rules.yml: "" -kind: ConfigMap -metadata: - labels: - deploy: sourcegraph - app.kubernetes.io/component: prometheus - name: {{ .Values.prometheus.name }} {{- end }} diff --git a/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml b/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml index c35fa2d2..cee8cc9e 100644 --- a/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml +++ b/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml @@ -81,14 +81,15 @@ spec: {{- end }} securityContext: {{- toYaml .Values.prometheus.containerSecurityContext | nindent 10 }} - terminationGracePeriodSeconds: 120 {{- if .Values.prometheus.extraContainers }} {{- toYaml .Values.prometheus.extraContainers | nindent 6 }} {{- end }} + terminationGracePeriodSeconds: 120 securityContext: {{- toYaml .Values.prometheus.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "prometheus" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "prometheus" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "prometheus" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "prometheus" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: @@ -99,10 +100,10 @@ spec: - name: data persistentVolumeClaim: claimName: prometheus - - configMap: + - name: config + configMap: defaultMode: 0777 name: {{ default .Values.prometheus.name .Values.prometheus.existingConfig }} - name: config {{- if .Values.prometheus.extraVolumes }} {{- toYaml .Values.prometheus.extraVolumes | nindent 6 }} {{- end }} diff --git a/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml b/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml index 4fa1376d..e28e94ce 100644 --- a/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml +++ b/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml @@ -12,7 +12,7 @@ roleRef: kind: ClusterRole name: view subjects: -- kind: ServiceAccount - name: {{ include "sourcegraph.serviceAccountName" (list . "prometheus") }} +- name: {{ include "sourcegraph.serviceAccountName" (list . "prometheus") }} + kind: ServiceAccount namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml b/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml index fc00f487..41eb3042 100644 --- a/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml +++ b/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml @@ -125,15 +125,13 @@ spec: {{- toYaml .Values.redisCache.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "redisCache" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "redisCache" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "redisCache" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "redisCache" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- include "sourcegraph.renderServiceAccountName" (list . "redisCache") | trim | nindent 6 }} - {{- if .Values.redisCache.priorityClassName }} - priorityClassName: {{ .Values.redisCache.priorityClassName }} - {{- end }} volumes: - name: redis-data persistentVolumeClaim: diff --git a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml b/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml index ac24267c..3e2129d2 100644 --- a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml +++ b/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Values.redisCache.name }} labels: app: redis-cache deploy: sourcegraph app.kubernetes.io/component: redis-cache + name: {{ .Values.redisCache.name }} type: Opaque data: endpoint: {{ .Values.redisCache.connection.endpoint | toString | b64enc | quote }} diff --git a/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml b/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml index d1697741..64c2710c 100644 --- a/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml +++ b/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml @@ -124,15 +124,13 @@ spec: {{- toYaml .Values.redisStore.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "redisStore" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "redisStore" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "redisStore" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "redisStore" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- include "sourcegraph.renderServiceAccountName" (list . "redisStore") | trim | nindent 6 }} - {{- if .Values.redisStore.priorityClassName }} - priorityClassName: {{ .Values.redisStore.priorityClassName }} - {{- end }} volumes: - name: redis-data persistentVolumeClaim: diff --git a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml b/charts/sourcegraph/templates/redis/redis-store.Secret.yaml index ab3124ee..534fc377 100644 --- a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml +++ b/charts/sourcegraph/templates/redis/redis-store.Secret.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Values.redisStore.name }} labels: app: redis-store deploy: sourcegraph app.kubernetes.io/component: redis-store + name: {{ .Values.redisStore.name }} type: Opaque data: endpoint: {{ .Values.redisStore.connection.endpoint | toString | b64enc | quote }} diff --git a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml index 6770c804..7c73b48b 100644 --- a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml +++ b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml @@ -117,6 +117,7 @@ spec: {{- toYaml .Values.searcher.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "searcher" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "searcher" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "searcher" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "searcher" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: @@ -124,16 +125,13 @@ spec: {{- end }} {{- include "sourcegraph.renderServiceAccountName" (list . "searcher") | trim | nindent 6 }} volumes: - - emptyDir: {} - name: cache - - emptyDir: {} - name: tmpdir + - name: cache + emptyDir: {} + - name: tmpdir + emptyDir: {} {{- if .Values.searcher.extraVolumes }} {{- toYaml .Values.searcher.extraVolumes | nindent 6 }} {{- end }} - {{- if .Values.searcher.priorityClassName }} - priorityClassName: {{ .Values.searcher.priorityClassName }} - {{- end }} volumeClaimTemplates: - metadata: name: cache diff --git a/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml b/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml index a32afdaf..d7a63f37 100644 --- a/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml +++ b/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml @@ -111,6 +111,7 @@ spec: {{- toYaml .Values.syntacticCodeIntel.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "syntacticCodeIntel" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "syntacticCodeIntel" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "syntacticCodeIntel" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "syntacticCodeIntel" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: @@ -118,8 +119,8 @@ spec: {{- end }} {{- include "sourcegraph.renderServiceAccountName" (list . "syntacticCodeIntel") | trim | nindent 6 }} volumes: - - emptyDir: {} - name: tmpdir + - name: tmpdir + emptyDir: {} {{- if .Values.syntacticCodeIntel.extraVolumes }} {{- toYaml .Values.syntacticCodeIntel.extraVolumes | nindent 6 }} {{- end }} diff --git a/charts/sourcegraph/templates/syntect-server/syntect-server.Deployment.yaml b/charts/sourcegraph/templates/syntect-server/syntect-server.Deployment.yaml index 7d6e0712..9a66ae5f 100644 --- a/charts/sourcegraph/templates/syntect-server/syntect-server.Deployment.yaml +++ b/charts/sourcegraph/templates/syntect-server/syntect-server.Deployment.yaml @@ -91,6 +91,7 @@ spec: {{- toYaml .Values.syntectServer.podSecurityContext | nindent 8 }} {{- include "sourcegraph.nodeSelector" (list . "syntectServer" ) | trim | nindent 6 }} {{- include "sourcegraph.affinity" (list . "syntectServer" ) | trim | nindent 6 }} + {{- with include "sourcegraph.priorityClassName" (list . "syntectServer" ) | trim }}{{ . | nindent 6 }}{{- end }} {{- include "sourcegraph.tolerations" (list . "syntectServer" ) | trim | nindent 6 }} {{- with .Values.sourcegraph.imagePullSecrets }} imagePullSecrets: diff --git a/charts/sourcegraph/templates/tests/test-connection.yaml b/charts/sourcegraph/templates/tests/test-connection.yaml index 1fdec25a..3aafe14f 100644 --- a/charts/sourcegraph/templates/tests/test-connection.yaml +++ b/charts/sourcegraph/templates/tests/test-connection.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: Pod metadata: - name: "sg-test-connection" - labels: - {{- include "sourcegraph.labels" . | nindent 4 }} annotations: "helm.sh/hook": test + labels: + {{- include "sourcegraph.labels" . | nindent 4 }} + name: "sg-test-connection" spec: containers: - name: wget diff --git a/charts/sourcegraph/tests/redisConnection_test.yaml b/charts/sourcegraph/tests/redisConnection_test.yaml new file mode 100644 index 00000000..c387b8e6 --- /dev/null +++ b/charts/sourcegraph/tests/redisConnection_test.yaml @@ -0,0 +1,57 @@ +--- +suite: redisConnection +templates: +- frontend/sourcegraph-frontend.Deployment.yaml +tests: +- it: should reference the default secret + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store +- it: should not reference secret when .sourcegraph.disableKubernetesSecrets is true + set: + sourcegraph: + disableKubernetesSecrets: true + redisCache: + connection: + endpoint: redis-cache-svc + redisStore: + connection: + endpoint: redis-store-svc + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_CACHE_ENDPOINT + value: redis-cache-svc + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_STORE_ENDPOINT + value: redis-store-svc +- it: should fail when .sourcegraph.disableKubernetesSecrets is true but .Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint are not set + set: + sourcegraph: + disableKubernetesSecrets: true + redisCache: + connection: + endpoint: "" + redisStore: + connection: + endpoint: "" + asserts: + - failedTemplate: + errorMessage: .Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint must be set when disableKubernetesSecrets is true! diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index f11ca539..e97a41d5 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -9,7 +9,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: index.docker.io/sourcegraph + repository: us-docker.pkg.dev/sourcegraph-images/internal # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -33,6 +33,8 @@ sourcegraph: podAnnotations: {} # -- Add extra labels to attach to all pods podLabels: {} + # -- Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) + priorityClassName: "" # -- Global deployment clean up policy, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) revisionHistoryLimit: 10 @@ -89,7 +91,7 @@ alpine: # Used in init containers image: # -- Docker image tag for the `alpine` image - defaultTag: 6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + defaultTag: 6.11.1446@sha256:be22c5fbfdccbd2446118593d509da6d396d3616c6f3d70955608db360c6734b # -- Docker image name for the `alpine` image name: "alpine-3.14" # -- Security context for the `alpine` initContainer, @@ -114,7 +116,7 @@ cadvisor: enabled: true image: # -- Docker image tag for the `cadvisor` image - defaultTag: 6.0.0@sha256:48082a2822a727e22c556ae2c3bae5f5bf4528c7b462efc3c085271ee5145be8 + defaultTag: 6.11.1446@sha256:3f31878c8e57c9b5caa56ec10c130f912a54bf3f5d876fc0c0c057963acee88e # -- Docker image name for the `cadvisor` image name: "cadvisor" # -- Name used by resources. Does not affect service names or PVCs. @@ -179,7 +181,7 @@ codeInsightsDB: additionalConfig: "" image: # -- Docker image tag for the `codeinsights-db` image - defaultTag: 6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9 + defaultTag: 6.11.1446@sha256:2197700dfafb0584ce03d5f2451b1ce12b1d85b4315a5b1cc734a9e26cc1e6e1 # -- Docker image name for the `codeinsights-db` image name: "postgresql-16-codeinsights" # -- Security context for the `codeinsights-db` container, @@ -252,7 +254,7 @@ codeIntelDB: additionalConfig: "" image: # -- Docker image tag for the `codeintel-db` image - defaultTag: 6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb + defaultTag: 6.11.1446@sha256:15bc1ce9506f971dda99d0d2b7ddedfd6fcd91740acba10b8302b1bf48040fb7 # -- Docker image name for the `codeintel-db` image name: "postgresql-16" # -- Security context for the `codeintel-db` container, @@ -303,7 +305,7 @@ frontend: value: http://prometheus:30090 image: # -- Docker image tag for the `frontend` image - defaultTag: 6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a + defaultTag: 6.11.1446@sha256:7294074e1bbb80d69e983112c543cecc2c404b217027c6990592750af1651e72 # -- Docker image name for the `frontend` image name: "frontend" ingress: @@ -363,7 +365,7 @@ migrator: enabled: true image: # -- Docker image tag for the `migrator` image - defaultTag: 6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc + defaultTag: 6.11.1446@sha256:bc34a2b099cfa36e930f37a20356f51a52c0c2c6cc0dffd0e47539722bd5fa9f # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container @@ -388,7 +390,7 @@ migrator: gitserver: image: # -- Docker image tag for the `gitserver` image - defaultTag: 6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35 + defaultTag: 6.11.1446@sha256:c7eabaefe4144d125e0f46f729352338cd0ef658d57a2f622f80d035d010f187 # -- Docker image name for the `gitserver` image name: "gitserver" # -- Name of existing Secret that contains SSH credentials to clone repositories. @@ -456,7 +458,7 @@ grafana: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `grafana` image - defaultTag: 6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8 + defaultTag: 6.11.1446@sha256:05d4edd859220e408afc150afe936d484e5c9e6513c9d67514989d566a1ed7d3 # -- Docker image name for the `grafana` image name: "grafana" # -- Security context for the `grafana` container, @@ -495,7 +497,7 @@ grafana: indexedSearch: image: # -- Docker image tag for the `zoekt-webserver` image - defaultTag: 6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323 + defaultTag: 6.11.1446@sha256:bf6998fe2d9ecb57dec849ad0fe5e7129741fa62c737aeaedaf5b8fea345bd83 # -- Docker image name for the `zoekt-webserver` image name: "indexed-searcher" # -- Security context for the `zoekt-webserver` container, @@ -536,7 +538,7 @@ indexedSearch: indexedSearchIndexer: image: # -- Docker image tag for the `zoekt-indexserver` image - defaultTag: 6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91 + defaultTag: 6.11.1446@sha256:54b3e549b7cf62bd58e2d9b0608b64391f86ae0b2cccd1917b4c751d051f478d # -- Docker image name for the `zoekt-indexserver` image name: "search-indexer" # -- Security context for the `zoekt-indexserver` container, @@ -563,7 +565,7 @@ blobstore: enabled: true image: # -- Docker image tag for the `blobstore` image - defaultTag: 6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5 + defaultTag: 6.11.1446@sha256:7b859351e148787c0833eac547fb243819f112c3223438f5a148f51dcd06e76a # -- Docker image name for the `blobstore` image name: "blobstore" # -- Security context for the `blobstore` container, @@ -602,7 +604,7 @@ openTelemetry: enabled: true image: # -- Docker image tag for the `otel-collector` image - defaultTag: 6.0.0@sha256:ef3e61a4f0a624523ecdee57d8b7757436c2389e0cf12401b4764d19c826ff8a + defaultTag: 6.11.1446@sha256:0bb822438ffede9db87184bfbd5bf24f439141bc0181ad4b350d9501c0580c06 # -- Docker image name for the `otel-collector` image name: "opentelemetry-collector" gateway: @@ -669,7 +671,7 @@ nodeExporter: enabled: true image: # -- Docker image tag for the `node-exporter` image - defaultTag: 6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06 + defaultTag: 6.11.1446@sha256:1bdd78265f22fe81318e80d7c7ab203c7b7def7c1154b01489293ea556d45f41 # -- Docker image name for the `node-exporter` image name: "node-exporter" # -- Name used by resources. Does not affect service names or PVCs. @@ -740,7 +742,7 @@ pgsql: additionalConfig: "" image: # -- Docker image tag for the `pgsql` image - defaultTag: 6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb + defaultTag: 6.11.1446@sha256:15bc1ce9506f971dda99d0d2b7ddedfd6fcd91740acba10b8302b1bf48040fb7 # -- Docker image name for the `pgsql` image name: "postgresql-16" # -- Security context for the `pgsql` container, @@ -782,7 +784,7 @@ pgsql: postgresExporter: image: # -- Docker image tag for the `pgsql-exporter` image - defaultTag: 6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + defaultTag: 6.11.1446@sha256:3fd1e80b41e6113d329b09be4cdd588947f75fadf33ea2bbe995cfbd28f1a506 # -- Docker image name for the `pgsql-exporter` image name: "postgres_exporter" # -- Resource requests & limits for the `pgsql-exporter` sidecar container, @@ -802,7 +804,7 @@ syntacticCodeIntel: workerPort: 3188 image: # -- Docker image tag for the `syntactic-code-intel-worker` image - defaultTag: 6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c + defaultTag: 6.11.1446@sha256:5c26b3ced1560c960c6107678e08e5237cdb8c1b829b6d2955e9f6ea1cdbf275 # -- Docker image name for the `syntactic-code-intel-worker` image name: "syntactic-code-intel-worker" # -- Security context for the `syntactic-code-intel-worker` container, @@ -841,7 +843,7 @@ preciseCodeIntel: value: "4" image: # -- Docker image tag for the `precise-code-intel-worker` image - defaultTag: 6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37 + defaultTag: 6.11.1446@sha256:b42638630265da0e5d453c9e8dee99ff14bf28d39f973e86b408673ca190caaa # -- Docker image name for the `precise-code-intel-worker` image name: "precise-code-intel-worker" # -- Security context for the `precise-code-intel-worker` container, @@ -880,7 +882,7 @@ prometheus: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `prometheus` image - defaultTag: 6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f + defaultTag: 6.11.1446@sha256:77195edbf32fa5ada92141cb145e74e068f1ca0545db1c4d36383cdaf2147259 # -- Docker image name for the `prometheus` image name: "prometheus" # -- Security context for the `prometheus` container, @@ -932,7 +934,7 @@ redisCache: enabled: true image: # -- Docker image tag for the `redis-cache` image - defaultTag: 6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78 + defaultTag: 6.11.1446@sha256:edfeadb79ea195fa85b2a1e06af54841677c3004d34e9f76b5cc1866a2f2ab68 # -- Docker image name for the `redis-cache` image name: "redis-cache" connection: @@ -976,7 +978,7 @@ redisCache: redisExporter: image: # -- Docker image tag for the `redis-exporter` image - defaultTag: 6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af + defaultTag: 6.11.1446@sha256:79c8e837fa117e0878fd5a047452839e7e4200ff517715231ee0b2794bbcc0a1 # -- Docker image name for the `redis-exporter` image name: "redis_exporter" # -- Security context for the `redis-exporter` sidecar container, @@ -1008,7 +1010,7 @@ redisStore: endpoint: "redis-store:6379" image: # -- Docker image tag for the `redis-store` image - defaultTag: 6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be + defaultTag: 6.11.1446@sha256:94ece028c3d29bb6ffe2f31d43805c0b136f913a5aaecce3554a3908e6efea3b # -- Docker image name for the `redis-store` image name: "redis-store" # -- Security context for the `redis-store` container, @@ -1045,7 +1047,7 @@ redisStore: searcher: image: # -- Docker image tag for the `searcher` image - defaultTag: 6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336 + defaultTag: 6.11.1446@sha256:a5f36470b5c9a0603563eb0a6c18c3e1e2f132a5c58a048dce22e1adfcae27ba # -- Docker image name for the `searcher` image name: "searcher" # -- Security context for the `searcher` container, @@ -1106,7 +1108,7 @@ storageClass: syntectServer: image: # -- Docker image tag for the `syntect-server` image - defaultTag: 6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60 + defaultTag: 6.11.1446@sha256:2f1026ba76c351f8e7aba681ebcfa8629a065e83621b9e880ad810186280067b # -- Docker image name for the `syntect-server` image name: "syntax-highlighter" # -- Security context for the `syntect-server` container, @@ -1154,7 +1156,7 @@ jaeger: enabled: false image: # -- Docker image tag for the `jaeger` image - defaultTag: 6.0.0@sha256:79548aa11d7e2e6bf3e2012fb9e046df12ba5c5410bc24ec8f4d7cbb880336b9 + defaultTag: 6.11.1446@sha256:bb25a7008d31a90abaf5c6af5e77c7ad97909f8266e0746df344de13c7d9c134 # -- Docker image name for the `jaeger` image name: "jaeger-all-in-one" # -- Name used by resources. Does not affect service names or PVCs. @@ -1209,7 +1211,7 @@ jaeger: worker: image: # -- Docker image tag for the `worker` image - defaultTag: 6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a + defaultTag: 6.11.1446@sha256:76257f19515d998f3307dbd3cafe74292366bc6c1dc7a93f3e5453b715887ac2 # -- Docker image name for the `worker` image name: "worker" # -- Security context for the `worker` container, diff --git a/scripts/ci/helm-unittest.sh b/scripts/ci/helm-unittest.sh index c199e77a..32d544f0 100755 --- a/scripts/ci/helm-unittest.sh +++ b/scripts/ci/helm-unittest.sh @@ -2,8 +2,12 @@ set -euf -o pipefail +# 1.0.3 is broken now +# https://github.com/helm-unittest/helm-unittest/issues/790 +HELM_UNITTEST_VERSION="v1.0.2" + ### Install the helm-unittest plugin -helm plugin install https://github.com/helm-unittest/helm-unittest +helm plugin install https://github.com/helm-unittest/helm-unittest --version "$HELM_UNITTEST_VERSION" ### Run the helm tests helm unittest -q charts/sourcegraph