From 1539d4d6f831064b12c72fb9ddb758162b92c36d Mon Sep 17 00:00:00 2001
From: Release Bot <107104610+sourcegraph-release-bot@users.noreply.github.com>
Date: Mon, 8 Dec 2025 14:37:44 -0500
Subject: [PATCH 1/5] [Backport 6.11.x] Fix formatting of resource names (#779)
Minor fixes to the ordering of attributes in the generated template, to make them more consistent, thus easier to read
### Checklist
- [x] Follow the [manual testing
process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md)
- [ ] Update
[changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md)
- [ ] Update [Kubernetes update
doc](https://docs.sourcegraph.com/admin/updates/kubernetes)
### Test plan
Tested on branch
[marc-test-helm-fixes](https://github.com/sourcegraph/deploy-sourcegraph-helm/tree/marc-test-helm-fixes)
on my EKS test instance, works great, no errors
Backport 604350a909892b74094b6f0b60729e039892b727 from #773
Co-authored-by: Marc <7050295+marcleblanc2@users.noreply.github.com>
---
.../cadvisor/cadvisor.ClusterRoleBinding.yaml | 4 ++--
.../cadvisor/cadvisor.DaemonSet.yaml | 4 ++--
.../codeintel-db.StatefulSet.yaml | 8 ++++----
.../sourcegraph-frontend.Deployment.yaml | 6 +++---
.../sourcegraph-frontend.RoleBinding.yaml | 4 ++--
.../grafana/grafana.pgsql.Secret.yaml | 2 +-
.../templates/jaeger/jaeger.Deployment.yaml | 2 +-
.../node-exporter.ClusterRoleBinding.yaml | 4 ++--
.../node-exporter.DaemonSet.yaml | 10 +++++-----
.../otel-collector/otel-agent.ConfigMap.yaml | 2 +-
.../otel-collector.Service.yaml | 2 +-
.../templates/pgsql/pgsql.Secret.yaml | 2 +-
.../templates/pgsql/pgsql.StatefulSet.yaml | 10 +++++-----
.../precise-code-intel/worker.Deployment.yaml | 4 ++--
.../prometheus.ClusterRoleBinding.yaml | 4 ++--
.../prometheus/prometheus.ConfigMap.yaml | 20 ++++++++++---------
.../prometheus/prometheus.Deployment.yaml | 6 +++---
.../prometheus/prometheus.RoleBinding.yaml | 4 ++--
.../templates/redis/redis-cache.Secret.yaml | 2 +-
.../templates/redis/redis-store.Secret.yaml | 2 +-
.../searcher/searcher.StatefulSet.yaml | 8 ++++----
.../worker.Deployment.yaml | 4 ++--
.../templates/tests/test-connection.yaml | 6 +++---
23 files changed, 61 insertions(+), 59 deletions(-)
diff --git a/charts/sourcegraph/templates/cadvisor/cadvisor.ClusterRoleBinding.yaml b/charts/sourcegraph/templates/cadvisor/cadvisor.ClusterRoleBinding.yaml
index bc88231c..f10abe8b 100644
--- a/charts/sourcegraph/templates/cadvisor/cadvisor.ClusterRoleBinding.yaml
+++ b/charts/sourcegraph/templates/cadvisor/cadvisor.ClusterRoleBinding.yaml
@@ -13,7 +13,7 @@ roleRef:
kind: ClusterRole
name: {{ .Values.cadvisor.name }}
subjects:
-- kind: ServiceAccount
- name: {{ include "sourcegraph.serviceAccountName" (list . "cadvisor") }}
+- name: {{ include "sourcegraph.serviceAccountName" (list . "cadvisor") }}
+ kind: ServiceAccount
namespace: {{ .Release.Namespace }}
{{- end }}
diff --git a/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml b/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml
index 40508fc6..c0c325ad 100644
--- a/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml
+++ b/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml
@@ -94,11 +94,11 @@ spec:
- name: http
containerPort: 48080
protocol: TCP
- automountServiceAccountToken: false
- terminationGracePeriodSeconds: 30
{{- if .Values.cadvisor.extraContainers }}
{{- toYaml .Values.cadvisor.extraContainers | nindent 6 }}
{{- end }}
+ automountServiceAccountToken: false
+ terminationGracePeriodSeconds: 30
securityContext:
{{- toYaml .Values.cadvisor.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "cadvisor" ) | trim | nindent 6 }}
diff --git a/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml b/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml
index accb0b3f..7ea3c456 100644
--- a/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml
@@ -58,7 +58,7 @@ spec:
{{- toYaml .Values.alpine.resources | nindent 10 }}
{{- end }}
containers:
- - name: pgsql
+ - name: pgsql # TODO: Evaluate renaming container to codeintel
image: {{ include "sourcegraph.image" (list . "codeIntelDB") }}
imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }}
{{- with .Values.codeIntelDB.args }}
@@ -108,9 +108,6 @@ spec:
{{- if .Values.codeIntelDB.extraVolumeMounts }}
{{- toYaml .Values.codeIntelDB.extraVolumeMounts | nindent 8 }}
{{- end }}
- {{- if .Values.codeIntelDB.extraContainers }}
- {{- toYaml .Values.codeIntelDB.extraContainers | nindent 6 }}
- {{- end }}
- name: pgsql-exporter
env:
{{- include "sourcegraph.dataSource" (list . "codeIntelDB" ) | nindent 8 }}
@@ -131,6 +128,9 @@ spec:
securityContext:
{{- toYaml .Values.postgresExporter.containerSecurityContext | nindent 10 }}
terminationMessagePolicy: FallbackToLogsOnError
+ {{- if .Values.codeIntelDB.extraContainers }}
+ {{- toYaml .Values.codeIntelDB.extraContainers | nindent 6 }}
+ {{- end }}
terminationGracePeriodSeconds: 120
securityContext:
{{- toYaml .Values.codeIntelDB.podSecurityContext | nindent 8 }}
diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml
index dd8f31a7..e0f61903 100644
--- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml
+++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml
@@ -65,7 +65,7 @@ spec:
{{- range $name, $item := .Values.migrator.env }}
- name: {{ $name }}
{{- $item | toYaml | nindent 10 }}
- {{- end }}
+ {{- end }}
{{- if not .Values.sourcegraph.localDevMode}}
resources:
{{- toYaml .Values.migrator.resources | nindent 10 }}
@@ -151,8 +151,8 @@ spec:
{{- end }}
{{- include "sourcegraph.renderServiceAccountName" (list . "frontend") | trim | nindent 6 }}
volumes:
- - emptyDir: {}
- name: home-dir
+ - name: home-dir
+ emptyDir: {}
{{- if .Values.frontend.extraVolumes }}
{{- toYaml .Values.frontend.extraVolumes | nindent 6 }}
{{- end }}
diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.RoleBinding.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.RoleBinding.yaml
index 02075fcc..4bdbc1c2 100644
--- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.RoleBinding.yaml
+++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.RoleBinding.yaml
@@ -19,7 +19,7 @@ roleRef:
name: view
{{- end }}
subjects:
-- kind: ServiceAccount
- name: {{ include "sourcegraph.serviceAccountName" (list . "frontend") }}
+- name: {{ include "sourcegraph.serviceAccountName" (list . "frontend") }}
+ kind: ServiceAccount
namespace: {{ .Release.Namespace }}
{{- end }}
diff --git a/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml b/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml
index a96fcb44..ddefc592 100644
--- a/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml
+++ b/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml
@@ -2,11 +2,11 @@
apiVersion: v1
kind: Secret
metadata:
- name: {{ .Values.grafana.name }}-auth
labels:
app: grafana
deploy: sourcegraph
app.kubernetes.io/component: grafana
+ name: {{ .Values.grafana.name }}-auth
type: Opaque
data:
database: {{ .Values.grafana.auth.database | toString | b64enc | quote }}
diff --git a/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml b/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml
index 39a766da..38aa01d8 100644
--- a/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml
+++ b/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml
@@ -5,7 +5,6 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: {{ .Values.jaeger.name }}
labels:
{{- include "sourcegraph.jaeger.labels" . | nindent 4 }}
{{- if .Values.jaeger.labels }}
@@ -14,6 +13,7 @@ metadata:
deploy: sourcegraph
app.kubernetes.io/component: all-in-one
app: jaeger
+ name: {{ .Values.jaeger.name }}
spec:
replicas: {{ .Values.jaeger.replicaCount }}
revisionHistoryLimit: {{ .Values.sourcegraph.revisionHistoryLimit }}
diff --git a/charts/sourcegraph/templates/node-exporter/node-exporter.ClusterRoleBinding.yaml b/charts/sourcegraph/templates/node-exporter/node-exporter.ClusterRoleBinding.yaml
index abb55e11..698e98a4 100644
--- a/charts/sourcegraph/templates/node-exporter/node-exporter.ClusterRoleBinding.yaml
+++ b/charts/sourcegraph/templates/node-exporter/node-exporter.ClusterRoleBinding.yaml
@@ -13,7 +13,7 @@ roleRef:
kind: ClusterRole
name: {{ .Values.nodeExporter.name }}
subjects:
-- kind: ServiceAccount
- name: {{ include "sourcegraph.serviceAccountName" (list . "nodeExporter") }}
+- name: {{ include "sourcegraph.serviceAccountName" (list . "nodeExporter") }}
+ kind: ServiceAccount
namespace: {{ .Release.Namespace }}
{{- end }}
diff --git a/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml b/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml
index 078f1bdf..68693182 100644
--- a/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml
+++ b/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml
@@ -58,9 +58,9 @@ spec:
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
- --collector.netclass.ignored-devices=^(veth.*)$
- --collector.netdev.device-exclude=^(veth.*)$
-{{- if .Values.nodeExporter.extraArgs }}
-{{ toYaml .Values.nodeExporter.extraArgs | indent 10 }}
-{{- end }}
+ {{- if .Values.nodeExporter.extraArgs }}
+ {{ toYaml .Values.nodeExporter.extraArgs }}
+ {{- end }}
env:
{{- range $name, $item := .Values.nodeExporter.env}}
- name: {{ $name }}
@@ -111,11 +111,11 @@ spec:
successThreshold: 1
timeoutSeconds: 1
terminationMessagePolicy: FallbackToLogsOnError
- automountServiceAccountToken: false
- terminationGracePeriodSeconds: 30
{{- if .Values.nodeExporter.extraContainers }}
{{- toYaml .Values.nodeExporter.extraContainers | nindent 6 }}
{{- end }}
+ automountServiceAccountToken: false
+ terminationGracePeriodSeconds: 30
securityContext:
{{- toYaml .Values.nodeExporter.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "nodeExporter" ) | trim | nindent 6 }}
diff --git a/charts/sourcegraph/templates/otel-collector/otel-agent.ConfigMap.yaml b/charts/sourcegraph/templates/otel-collector/otel-agent.ConfigMap.yaml
index 496e54c0..089bb4e3 100644
--- a/charts/sourcegraph/templates/otel-collector/otel-agent.ConfigMap.yaml
+++ b/charts/sourcegraph/templates/otel-collector/otel-agent.ConfigMap.yaml
@@ -1,5 +1,5 @@
-# Config for the agent pods running as a DaemonSet, which forward data to the gateway pod
{{ if .Values.openTelemetry.enabled -}}
+# Config for the agent pods running as a DaemonSet, which forward data to the gateway pod
apiVersion: v1
kind: ConfigMap
metadata:
diff --git a/charts/sourcegraph/templates/otel-collector/otel-collector.Service.yaml b/charts/sourcegraph/templates/otel-collector/otel-collector.Service.yaml
index bed2bd0f..3615de7a 100644
--- a/charts/sourcegraph/templates/otel-collector/otel-collector.Service.yaml
+++ b/charts/sourcegraph/templates/otel-collector/otel-collector.Service.yaml
@@ -2,7 +2,6 @@
apiVersion: v1
kind: Service
metadata:
- name: otel-collector
annotations:
prometheus.io/port: "8888"
sourcegraph.prometheus/scrape: "true"
@@ -16,6 +15,7 @@ metadata:
{{- end }}
deploy: sourcegraph
app.kubernetes.io/component: otel-collector
+ name: otel-collector
spec:
ports:
- name: grpc-otlp
diff --git a/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml b/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml
index 73280504..63ec30eb 100644
--- a/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml
+++ b/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml
@@ -2,11 +2,11 @@
apiVersion: v1
kind: Secret
metadata:
- name: {{ .Values.pgsql.name }}-auth
labels:
app: pgsql
deploy: sourcegraph
app.kubernetes.io/component: pgsql
+ name: {{ .Values.pgsql.name }}-auth
type: Opaque
data:
database: {{ .Values.pgsql.auth.database | toString | b64enc | quote }}
diff --git a/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml b/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml
index 2e6727af..4155e037 100644
--- a/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml
@@ -58,7 +58,8 @@ spec:
{{- toYaml .Values.alpine.resources | nindent 10 }}
{{- end }}
containers:
- - image: {{ include "sourcegraph.image" (list . "pgsql") }}
+ - name: pgsql
+ image: {{ include "sourcegraph.image" (list . "pgsql") }}
imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }}
{{- with .Values.pgsql.args }}
args:
@@ -80,7 +81,6 @@ spec:
- /liveness.sh
failureThreshold: 360
periodSeconds: 10
- name: pgsql
env:
{{- include "sourcegraph.databaseAuth" (list . "pgsql" "POSTGRES_") | nindent 8 }}
- name: POSTGRES_DB
@@ -110,9 +110,6 @@ spec:
{{- if .Values.pgsql.extraVolumeMounts }}
{{- toYaml .Values.pgsql.extraVolumeMounts | nindent 8 }}
{{- end }}
- {{- if .Values.pgsql.extraContainers }}
- {{- toYaml .Values.pgsql.extraContainers | nindent 6 }}
- {{- end }}
- name: pgsql-exporter
env:
{{- include "sourcegraph.dataSource" (list . "pgsql" ) | nindent 8 }}
@@ -133,6 +130,9 @@ spec:
securityContext:
{{- toYaml .Values.postgresExporter.containerSecurityContext | nindent 10 }}
terminationMessagePolicy: FallbackToLogsOnError
+ {{- if .Values.pgsql.extraContainers }}
+ {{- toYaml .Values.pgsql.extraContainers | nindent 6 }}
+ {{- end }}
terminationGracePeriodSeconds: 120
securityContext:
{{- toYaml .Values.pgsql.podSecurityContext | nindent 8 }}
diff --git a/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml b/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml
index 18cba342..17b41e64 100644
--- a/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml
+++ b/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml
@@ -115,8 +115,8 @@ spec:
{{- end }}
{{- include "sourcegraph.renderServiceAccountName" (list . "preciseCodeIntel") | trim | nindent 6 }}
volumes:
- - emptyDir: {}
- name: tmpdir
+ - name: tmpdir
+ emptyDir: {}
{{- if .Values.preciseCodeIntel.extraVolumes }}
{{- toYaml .Values.preciseCodeIntel.extraVolumes | nindent 6 }}
{{- end }}
diff --git a/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml b/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml
index d6ab69ab..67017b7c 100644
--- a/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml
+++ b/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml
@@ -12,7 +12,7 @@ roleRef:
kind: ClusterRole
name: {{ .Values.prometheus.name }}
subjects:
-- kind: ServiceAccount
- name: {{ include "sourcegraph.serviceAccountName" (list . "prometheus") }}
+- name: {{ include "sourcegraph.serviceAccountName" (list . "prometheus") }}
+ kind: ServiceAccount
namespace: {{ .Release.Namespace }}
{{- end }}
diff --git a/charts/sourcegraph/templates/prometheus/prometheus.ConfigMap.yaml b/charts/sourcegraph/templates/prometheus/prometheus.ConfigMap.yaml
index 94803858..c5bc3b9a 100644
--- a/charts/sourcegraph/templates/prometheus/prometheus.ConfigMap.yaml
+++ b/charts/sourcegraph/templates/prometheus/prometheus.ConfigMap.yaml
@@ -1,5 +1,11 @@
{{- if and .Values.prometheus.enabled (not .Values.prometheus.existingConfig) -}}
apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ deploy: sourcegraph
+ app.kubernetes.io/component: prometheus
+ name: {{ .Values.prometheus.name }}
data:
prometheus.yml: |
global:
@@ -112,7 +118,9 @@ data:
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics
- {{- end }} # End of privileged config
+
+ # End of privileged config
+ {{- end }}
# Scrape config for service endpoints.
#
@@ -171,7 +179,7 @@ data:
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: instance
- # Sourcegraph specific customization. We want to add a label to every
+ # Sourcegraph specific customization. We want to add a label to every
# metric that indicates the node it came from.
- source_labels: [__meta_kubernetes_endpoint_node_name]
action: replace
@@ -252,7 +260,7 @@ data:
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: ns
- # Sourcegraph specific customization. We want to add a label to every
+ # Sourcegraph specific customization. We want to add a label to every
# metric that indicates the node it came from.
- source_labels: [__meta_kubernetes_pod_node_name]
action: replace
@@ -295,10 +303,4 @@ data:
labels:
app: alertmanager
extra_rules.yml: ""
-kind: ConfigMap
-metadata:
- labels:
- deploy: sourcegraph
- app.kubernetes.io/component: prometheus
- name: {{ .Values.prometheus.name }}
{{- end }}
diff --git a/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml b/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml
index c35fa2d2..9616c9de 100644
--- a/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml
+++ b/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml
@@ -81,10 +81,10 @@ spec:
{{- end }}
securityContext:
{{- toYaml .Values.prometheus.containerSecurityContext | nindent 10 }}
- terminationGracePeriodSeconds: 120
{{- if .Values.prometheus.extraContainers }}
{{- toYaml .Values.prometheus.extraContainers | nindent 6 }}
{{- end }}
+ terminationGracePeriodSeconds: 120
securityContext:
{{- toYaml .Values.prometheus.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "prometheus" ) | trim | nindent 6 }}
@@ -99,10 +99,10 @@ spec:
- name: data
persistentVolumeClaim:
claimName: prometheus
- - configMap:
+ - name: config
+ configMap:
defaultMode: 0777
name: {{ default .Values.prometheus.name .Values.prometheus.existingConfig }}
- name: config
{{- if .Values.prometheus.extraVolumes }}
{{- toYaml .Values.prometheus.extraVolumes | nindent 6 }}
{{- end }}
diff --git a/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml b/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml
index 4fa1376d..e28e94ce 100644
--- a/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml
+++ b/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml
@@ -12,7 +12,7 @@ roleRef:
kind: ClusterRole
name: view
subjects:
-- kind: ServiceAccount
- name: {{ include "sourcegraph.serviceAccountName" (list . "prometheus") }}
+- name: {{ include "sourcegraph.serviceAccountName" (list . "prometheus") }}
+ kind: ServiceAccount
namespace: {{ .Release.Namespace }}
{{- end }}
diff --git a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml b/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml
index ac24267c..3e2129d2 100644
--- a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml
+++ b/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml
@@ -2,11 +2,11 @@
apiVersion: v1
kind: Secret
metadata:
- name: {{ .Values.redisCache.name }}
labels:
app: redis-cache
deploy: sourcegraph
app.kubernetes.io/component: redis-cache
+ name: {{ .Values.redisCache.name }}
type: Opaque
data:
endpoint: {{ .Values.redisCache.connection.endpoint | toString | b64enc | quote }}
diff --git a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml b/charts/sourcegraph/templates/redis/redis-store.Secret.yaml
index ab3124ee..534fc377 100644
--- a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml
+++ b/charts/sourcegraph/templates/redis/redis-store.Secret.yaml
@@ -2,11 +2,11 @@
apiVersion: v1
kind: Secret
metadata:
- name: {{ .Values.redisStore.name }}
labels:
app: redis-store
deploy: sourcegraph
app.kubernetes.io/component: redis-store
+ name: {{ .Values.redisStore.name }}
type: Opaque
data:
endpoint: {{ .Values.redisStore.connection.endpoint | toString | b64enc | quote }}
diff --git a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml
index 6770c804..ab201aeb 100644
--- a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml
@@ -124,10 +124,10 @@ spec:
{{- end }}
{{- include "sourcegraph.renderServiceAccountName" (list . "searcher") | trim | nindent 6 }}
volumes:
- - emptyDir: {}
- name: cache
- - emptyDir: {}
- name: tmpdir
+ - name: cache
+ emptyDir: {}
+ - name: tmpdir
+ emptyDir: {}
{{- if .Values.searcher.extraVolumes }}
{{- toYaml .Values.searcher.extraVolumes | nindent 6 }}
{{- end }}
diff --git a/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml b/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml
index a32afdaf..96240603 100644
--- a/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml
+++ b/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml
@@ -118,8 +118,8 @@ spec:
{{- end }}
{{- include "sourcegraph.renderServiceAccountName" (list . "syntacticCodeIntel") | trim | nindent 6 }}
volumes:
- - emptyDir: {}
- name: tmpdir
+ - name: tmpdir
+ emptyDir: {}
{{- if .Values.syntacticCodeIntel.extraVolumes }}
{{- toYaml .Values.syntacticCodeIntel.extraVolumes | nindent 6 }}
{{- end }}
diff --git a/charts/sourcegraph/templates/tests/test-connection.yaml b/charts/sourcegraph/templates/tests/test-connection.yaml
index 1fdec25a..3aafe14f 100644
--- a/charts/sourcegraph/templates/tests/test-connection.yaml
+++ b/charts/sourcegraph/templates/tests/test-connection.yaml
@@ -2,11 +2,11 @@
apiVersion: v1
kind: Pod
metadata:
- name: "sg-test-connection"
- labels:
- {{- include "sourcegraph.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
+ labels:
+ {{- include "sourcegraph.labels" . | nindent 4 }}
+ name: "sg-test-connection"
spec:
containers:
- name: wget
From cc806969002edc84a6eed46032d0d4d7de011e77 Mon Sep 17 00:00:00 2001
From: Release Bot <107104610+sourcegraph-release-bot@users.noreply.github.com>
Date: Tue, 16 Dec 2025 04:32:55 -0500
Subject: [PATCH 2/5] [Backport 6.11.x] fix(ci): helm unittest is broken (#788)
see comments
### Test plan
CI pass now
Backport b9369b8009ff2a652c3e0a6530316b8591fbd679 from #787
Co-authored-by: Michael Lin
---
scripts/ci/helm-unittest.sh | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/scripts/ci/helm-unittest.sh b/scripts/ci/helm-unittest.sh
index c199e77a..32d544f0 100755
--- a/scripts/ci/helm-unittest.sh
+++ b/scripts/ci/helm-unittest.sh
@@ -2,8 +2,12 @@
set -euf -o pipefail
+# 1.0.3 is broken now
+# https://github.com/helm-unittest/helm-unittest/issues/790
+HELM_UNITTEST_VERSION="v1.0.2"
+
### Install the helm-unittest plugin
-helm plugin install https://github.com/helm-unittest/helm-unittest
+helm plugin install https://github.com/helm-unittest/helm-unittest --version "$HELM_UNITTEST_VERSION"
### Run the helm tests
helm unittest -q charts/sourcegraph
From df9d0f8ddec119e2a32e132ae10aa13d61f9cd09 Mon Sep 17 00:00:00 2001
From: Release Bot <107104610+sourcegraph-release-bot@users.noreply.github.com>
Date: Tue, 16 Dec 2025 04:34:47 -0500
Subject: [PATCH 3/5] [Backport 6.11.x] Add priorityClassName to remaining pods
(#785)
Linear issue [FEIE-297: Add `priorityClassName` to remaining
pods](https://linear.app/sourcegraph/issue/FEIE-297/add-priorityclassname-to-remaining-pods)
- Customer's Kubernetes cluster policy blocks pods from starting if they do not have a priorityClassName in their config.
- We already had support for priorityClassName, but only for ~5 pods, need to add this for all remaining pods
- Added logic so that priorityClassName could be defined once, under the `sourcegraph` top level key, and / or under each pod's top-level key, which would override the config on the `sourcegraph` top level key, so the customer could configure:
```yaml
sourcegraph:
priorityClassName: p2
pgsql:
priorityClassName: p1
```
### Checklist
- [x] Follow the [manual testing
process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md)
- [ ] Update
[changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md)
- [ ] Update [Kubernetes update
doc](https://docs.sourcegraph.com/admin/updates/kubernetes)
### Test plan
- Tested with Helm template
- Followed the manual testing process
- Deployed it on my test cluster, with the following override file:
```yaml
priorityClasses:
- name: test
value: 100
preemptionPolicy: Never
description: "test"
- name: test2
value: 102
preemptionPolicy: Never
description: "test2"
sourcegraph:
image:
defaultTag: 6.10.3349
useGlobalTagAsDefault: true
priorityClassName: test
```
- Then re-applied, adding:
```yaml
gitserver:
priorityClassName: test2
```
- Both worked, output:
```
[2025-12-15 03:58:52] config % kubectl get pods -o custom-columns=NAME:.metadata.name,PRIORITY_CLASS:.spec.priorityClassName,PRIORITY_VALUE:.spec.priority
NAME PRIORITY_CLASS PRIORITY_VALUE
blobstore-579cbc4cb9-2gn69 test 100
codeinsights-db-0 test 100
codeintel-db-0 test 100
gitserver-0 test2 102
gitserver-1 test2 102
grafana-0 test 100
indexed-search-0 test 100
pgsql-0 test 100
precise-code-intel-worker-5b6bd8d898-9zrbg test 100
prometheus-65468d765d-j4rgw test 100
redis-cache-595c746f84-2wxtf test 100
redis-store-5f4b87dbf4-8n24m test 100
searcher-0 test 100
sourcegraph-frontend-677d647479-77zrl test 100
syntect-server-657b89b6f4-p59x6 test 100
worker-6d68db5b5c-twxkk test 100
```
Backport a49fce293f7dbe87b52fdbd534aa909caecc9a60 from #778
Co-authored-by: Marc <7050295+marcleblanc2@users.noreply.github.com>
---
TEST.md | 4 +-
charts/sourcegraph-executor/dind/README.md | 1 +
.../templates/_helpers/_priorityClassName.tpl | 20 ++++++++++
.../executor/executor.Deployment.yaml | 1 +
.../private-docker-registry.Deployment.yaml | 1 +
charts/sourcegraph-executor/dind/values.yaml | 2 +
charts/sourcegraph-executor/k8s/README.md | 9 +++--
.../templates/_helpers/_priorityClassName.tpl | 20 ++++++++++
.../k8s/templates/executor.Deployment.yaml | 1 +
charts/sourcegraph-executor/k8s/values.yaml | 38 ++++++++++---------
charts/sourcegraph-migrator/README.md | 1 +
.../templates/_helpers/_priorityClassName.tpl | 20 ++++++++++
.../migrator/sourcegraph-migrator.Job.yaml | 1 +
charts/sourcegraph-migrator/values.yaml | 2 +
charts/sourcegraph/README.md | 1 +
.../templates/_helpers/_priorityClassName.tpl | 20 ++++++++++
charts/sourcegraph/templates/_worker.tpl | 1 +
.../blobstore/blobstore.Deployment.yaml | 1 +
.../cadvisor/cadvisor.DaemonSet.yaml | 1 +
.../codeinsights-db.StatefulSet.yaml | 1 +
.../codeintel-db.StatefulSet.yaml | 1 +
.../sourcegraph-frontend.Deployment.yaml | 3 +-
.../gitserver/gitserver.StatefulSet.yaml | 4 +-
.../grafana/grafana.StatefulSet.yaml | 1 +
.../indexed-search.StatefulSet.yaml | 4 +-
.../templates/jaeger/jaeger.Deployment.yaml | 1 +
.../node-exporter.DaemonSet.yaml | 1 +
.../otel-collector/otel-agent.DaemonSet.yaml | 1 +
.../otel-collector.Deployment.yaml | 1 +
.../templates/pgsql/pgsql.StatefulSet.yaml | 1 +
.../precise-code-intel/worker.Deployment.yaml | 1 +
.../prometheus/prometheus.Deployment.yaml | 1 +
.../redis/redis-cache.Deployment.yaml | 4 +-
.../redis/redis-store.Deployment.yaml | 4 +-
.../searcher/searcher.StatefulSet.yaml | 4 +-
.../worker.Deployment.yaml | 1 +
.../syntect-server.Deployment.yaml | 1 +
charts/sourcegraph/values.yaml | 2 +
38 files changed, 142 insertions(+), 40 deletions(-)
create mode 100644 charts/sourcegraph-executor/dind/templates/_helpers/_priorityClassName.tpl
create mode 100644 charts/sourcegraph-executor/k8s/templates/_helpers/_priorityClassName.tpl
create mode 100644 charts/sourcegraph-migrator/templates/_helpers/_priorityClassName.tpl
create mode 100644 charts/sourcegraph/templates/_helpers/_priorityClassName.tpl
diff --git a/TEST.md b/TEST.md
index 7a4f1fa8..20e8dfa5 100644
--- a/TEST.md
+++ b/TEST.md
@@ -23,7 +23,7 @@ helm plugin install https://github.com/helm-unittest/helm-unittest
Once the plugin is installed, you can run the unit tests using the following:
```bash
-helm unittest --helm3 ./charts/sourcegraph/.
+helm unittest ./charts/sourcegraph
```
We currently do not have testing best practices or require unit tests for new changes, so add test cases at your best judgement if possible.
@@ -59,7 +59,7 @@ Make sure you test both enabled and disabled toggles. For example, if you added
You have two options to target specificy Sourcegraph version. Add the below to your `override.yaml`:
```yaml
-sourcegraph:
+sourcegraph:
image:
defaultTag: "6.10.0"
useGlobalTagAsDefault: true
diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md
index 71555791..b6f5f8a8 100644
--- a/charts/sourcegraph-executor/dind/README.md
+++ b/charts/sourcegraph-executor/dind/README.md
@@ -79,6 +79,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| sourcegraph.nodeSelector | object | `{}` | NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) |
| sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods |
| sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods |
+| sourcegraph.priorityClassName | string | `""` | Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) |
| sourcegraph.tolerations | list | `[]` | Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| storageClass.allowedTopologies | object | `{}` | Persistent volumes topology configuration, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#allowed-topologies) |
| storageClass.create | bool | `false` | Enable creation of storageClass. Defaults to Google Cloud Platform. Disable if you have your own existing storage class |
diff --git a/charts/sourcegraph-executor/dind/templates/_helpers/_priorityClassName.tpl b/charts/sourcegraph-executor/dind/templates/_helpers/_priorityClassName.tpl
new file mode 100644
index 00000000..edff6746
--- /dev/null
+++ b/charts/sourcegraph-executor/dind/templates/_helpers/_priorityClassName.tpl
@@ -0,0 +1,20 @@
+{{/*
+
+Allow customers to assign a priorityClassName to all resources which create pods (ex. DaemonSets, Deployments, StatefulSets)
+
+Customers can configure an instance-wide default priorty class name at .Values.sourcegraph.priorityClassName,
+and can override it for individual services, if needed, at .Values..priorityClassName
+
+*/}}
+
+{{- define "sourcegraph.priorityClassName" -}}
+{{- $top := index . 0 }}
+{{- $service := index . 1 }}
+{{- $globalPriorityClassName := (index $top.Values "sourcegraph" "priorityClassName") }}
+{{- $servicePriorityClassName := (index $top.Values $service "priorityClassName") }}
+{{- if $servicePriorityClassName }}
+priorityClassName: {{ $servicePriorityClassName | toYaml | trim }}
+{{- else if $globalPriorityClassName }}
+priorityClassName: {{ $globalPriorityClassName | toYaml | trim }}
+{{- end }}
+{{- end }}
diff --git a/charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml b/charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml
index 9570283d..06948149 100644
--- a/charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml
+++ b/charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml
@@ -130,6 +130,7 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with include "sourcegraph.priorityClassName" (list . "executor") | trim }}{{ . | nindent 6 }}{{- end }}
{{- with .Values.sourcegraph.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
diff --git a/charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml b/charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml
index 257dae57..32554be6 100644
--- a/charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml
+++ b/charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml
@@ -74,6 +74,7 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with include "sourcegraph.priorityClassName" (list . "privateDockerRegistry") | trim }}{{ . | nindent 6 }}{{- end }}
{{- with .Values.sourcegraph.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml
index bd2c345d..eec0a03c 100644
--- a/charts/sourcegraph-executor/dind/values.yaml
+++ b/charts/sourcegraph-executor/dind/values.yaml
@@ -30,6 +30,8 @@ sourcegraph:
podAnnotations: {}
# -- Add extra labels to attach to all pods
podLabels: {}
+ # -- Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets)
+ priorityClassName: ""
storageClass:
diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md
index 4258c745..777c0bc8 100644
--- a/charts/sourcegraph-executor/k8s/README.md
+++ b/charts/sourcegraph-executor/k8s/README.md
@@ -60,16 +60,16 @@ In addition to the documented values, the `executor` and `private-docker-registr
| executor.extraEnv | string | `nil` | Sets extra environment variables on the executor deployment. See `values.yaml` for the format. |
| executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. |
| executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. |
-| executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. |
+| executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. |
| executor.image.defaultTag | string | `"6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65"` | |
| executor.image.name | string | `"executor-kubernetes"` | |
| executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. |
| executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. |
-| executor.kubernetesJob.fsGroup | string | `"1000"` | The group ID which is set on the job PVC file system. |
-| executor.kubernetesJob.node.name | string | `""` | The name of the Kubernetes Node to create job pods on. If not specified, the pods are created on the first available node. |
+| executor.kubernetesJob.fsGroup | string | `"1000"` | The group ID which is set on the job PVC file system. |
+| executor.kubernetesJob.node.name | string | `""` | The name of the Kubernetes Node to create job pods on. If not specified, the pods are created on the first available node. |
| executor.kubernetesJob.node.requiredAffinityMatchExpressions | string | `""` | The JSON encoded required affinity match expressions for Kubernetes Jobs. e.g. '[{\"key\":\"foo\",\"operator\":\"In\",\"values\":[\"bar\"]}]' |
| executor.kubernetesJob.node.requiredAffinityMatchFields | string | `""` | The JSON encoded required affinity match fields for Kubernetes Jobs. e.g. '[{\"key\":\"foo\",\"operator\":\"In\",\"values\":[\"bar\"]}]' |
-| executor.kubernetesJob.node.selector | string | `""` | A comma separated list of values to use as a node selector for Kubernetes Jobs. e.g. `foo=bar,app=my-app` |
+| executor.kubernetesJob.node.selector | string | `""` | A comma separated list of values to use as a node selector for Kubernetes Jobs. e.g. `foo=bar,app=my-app` |
| executor.kubernetesJob.node.tolerations | string | `""` | The JSON encoded tolerations for Kubernetes Jobs. e.g. '[{\"key\":\"foo\",\"operator\":\"Equal\",\"value\":\"bar\",\"effect\":\"NoSchedule\"}]' |
| executor.kubernetesJob.pod.affinity | string | `""` | The JSON encoded pod affinity for Kubernetes Jobs. e.g. '[{\"labelSelector\": {\"matchExpressions\": [{\"key\": \"foo\",\"operator\": \"In\",\"values\": [\"bar\"]}]},\"topologyKey\": \"kubernetes.io/hostname\"}]' |
| executor.kubernetesJob.pod.antiAffinity | string | `""` | The JSON encoded pod anti-affinity for Kubernetes Jobs. e.g. '[{\"labelSelector\": {\"matchExpressions\": [{\"key\": \"foo\",\"operator\": \"In\",\"values\": [\"bar\"]}]},\"topologyKey\": \"kubernetes.io/hostname\"}]' |
@@ -108,6 +108,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| sourcegraph.nodeSelector | object | `{}` | NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) |
| sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods |
| sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods |
+| sourcegraph.priorityClassName | string | `""` | Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) |
| sourcegraph.tolerations | list | `[]` | Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| storageClass.allowedTopologies | object | `{}` | Persistent volumes topology configuration, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#allowed-topologies) |
| storageClass.create | bool | `false` | Enable creation of storageClass. Defaults to Google Cloud Platform. Disable if you have your own existing storage class |
diff --git a/charts/sourcegraph-executor/k8s/templates/_helpers/_priorityClassName.tpl b/charts/sourcegraph-executor/k8s/templates/_helpers/_priorityClassName.tpl
new file mode 100644
index 00000000..edff6746
--- /dev/null
+++ b/charts/sourcegraph-executor/k8s/templates/_helpers/_priorityClassName.tpl
@@ -0,0 +1,20 @@
+{{/*
+
+Allow customers to assign a priorityClassName to all resources which create pods (ex. DaemonSets, Deployments, StatefulSets)
+
+Customers can configure an instance-wide default priorty class name at .Values.sourcegraph.priorityClassName,
+and can override it for individual services, if needed, at .Values..priorityClassName
+
+*/}}
+
+{{- define "sourcegraph.priorityClassName" -}}
+{{- $top := index . 0 }}
+{{- $service := index . 1 }}
+{{- $globalPriorityClassName := (index $top.Values "sourcegraph" "priorityClassName") }}
+{{- $servicePriorityClassName := (index $top.Values $service "priorityClassName") }}
+{{- if $servicePriorityClassName }}
+priorityClassName: {{ $servicePriorityClassName | toYaml | trim }}
+{{- else if $globalPriorityClassName }}
+priorityClassName: {{ $globalPriorityClassName | toYaml | trim }}
+{{- end }}
+{{- end }}
diff --git a/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml b/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml
index dd33bdf9..4fa52c64 100644
--- a/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml
+++ b/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml
@@ -99,6 +99,7 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with include "sourcegraph.priorityClassName" (list . "executor") | trim }}{{ . | nindent 6 }}{{- end }}
{{- with .Values.executor.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml
index 11af2cb4..730df98e 100644
--- a/charts/sourcegraph-executor/k8s/values.yaml
+++ b/charts/sourcegraph-executor/k8s/values.yaml
@@ -32,6 +32,8 @@ sourcegraph:
podAnnotations: { }
# -- Add extra labels to attach to all pods
podLabels: { }
+ # -- Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets)
+ priorityClassName: ""
storageClass:
@@ -68,7 +70,7 @@ executor:
requests:
cpu: 500m
memory: 200Mi
- # -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace).
+ # -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace).
# This will avoid unnecessary network charges as traffic will stay within the local network.
frontendUrl: ""
# -- Name of existing k8s Secret to use for frontend password
@@ -86,13 +88,13 @@ executor:
maximumNumJobs: 10
# - The maximum wall time that can be spent on a single job.
maximumRuntimePerJob: "30m"
-
+
log:
# -- Possible values are `dbug`, `info`, `warn`, `eror`, `crit`.
level: "warn"
format: "condensed"
trace: "false"
-
+
# -- The storage size of the PVC attached to the executor deployment.
storageSize: 10Gi
# -- The namespace in which jobs are generated by the executor.
@@ -102,24 +104,24 @@ executor:
# -- The containerSecurityContext for the executor image
securityContext:
# @default -- nil; accepts [0, 2147483647]
- runAsUser:
+ runAsUser:
# @default -- nil; accepts [0, 2147483647]
- runAsGroup:
+ runAsGroup:
# @default -- nil; accepts [0, 2147483647]
fsGroup:
# @default -- false; accepts [true, false]
privileged: false
-
+
kubernetesJob:
# -- The number of seconds after which a Kubernetes job will be terminated.
deadline: "1200"
# -- (int) The user ID to run Kubernetes jobs as.
# @default -- `nil`; accepts [0, 2147483647]
- runAsUser:
+ runAsUser:
# -- (int) The group ID to run Kubernetes jobs as.
# @default -- `nil`; accepts [0, 2147483647]
- runAsGroup:
- # -- The group ID which is set on the job PVC file system.
+ runAsGroup:
+ # -- The group ID which is set on the job PVC file system.
fsGroup: "1000"
resources:
requests:
@@ -132,11 +134,11 @@ executor:
cpu: ""
# -- The maximum memory for a job.
memory: "12Gi"
-
+
node:
- # -- The name of the Kubernetes Node to create job pods on. If not specified, the pods are created on the first available node.
+ # -- The name of the Kubernetes Node to create job pods on. If not specified, the pods are created on the first available node.
name: ""
- # -- A comma separated list of values to use as a node selector for Kubernetes Jobs. e.g. `foo=bar,app=my-app`
+ # -- A comma separated list of values to use as a node selector for Kubernetes Jobs. e.g. `foo=bar,app=my-app`
selector: ""
# -- The JSON encoded tolerations for Kubernetes Jobs. e.g. '[{\"key\":\"foo\",\"operator\":\"Equal\",\"value\":\"bar\",\"effect\":\"NoSchedule\"}]'
tolerations: ""
@@ -150,28 +152,28 @@ executor:
affinity: ""
# -- The JSON encoded pod anti-affinity for Kubernetes Jobs. e.g. '[{\"labelSelector\": {\"matchExpressions\": [{\"key\": \"foo\",\"operator\": \"In\",\"values\": [\"bar\"]}]},\"topologyKey\": \"kubernetes.io/hostname\"}]'
antiAffinity: ""
-
+
debug:
# -- If true, Kubernetes jobs will not be deleted after they complete. Not recommended for production use as it can hit cluster limits.
keepJobs: "false"
keepWorkspaces: "false"
-
+
# -- Affinity,
# learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
affinity: { }
-
+
# -- NodeSelector,
# learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)
nodeSelector: { }
-
+
# -- Tolerations,
# learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
tolerations: [ ]
-
+
# -- Sets extra environment variables on the executor deployment. See `values.yaml` for the format.
extraEnv:
# - name: MY_ENV
# value: my_value
-
+
# -- For local deployments the host is 'host.docker.internal' and this needs to be true
dockerAddHostGateway: "false"
diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md
index cad56823..d7ef768d 100644
--- a/charts/sourcegraph-migrator/README.md
+++ b/charts/sourcegraph-migrator/README.md
@@ -96,6 +96,7 @@ In addition to the documented values, the `migrator` service also supports the f
| sourcegraph.nodeSelector | object | `{}` | NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) |
| sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods |
| sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods |
+| sourcegraph.priorityClassName | string | `""` | Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) |
| sourcegraph.tolerations | list | `[]` | Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
## Troubleshooting
diff --git a/charts/sourcegraph-migrator/templates/_helpers/_priorityClassName.tpl b/charts/sourcegraph-migrator/templates/_helpers/_priorityClassName.tpl
new file mode 100644
index 00000000..edff6746
--- /dev/null
+++ b/charts/sourcegraph-migrator/templates/_helpers/_priorityClassName.tpl
@@ -0,0 +1,20 @@
+{{/*
+
+Allow customers to assign a priorityClassName to all resources which create pods (ex. DaemonSets, Deployments, StatefulSets)
+
+Customers can configure an instance-wide default priorty class name at .Values.sourcegraph.priorityClassName,
+and can override it for individual services, if needed, at .Values..priorityClassName
+
+*/}}
+
+{{- define "sourcegraph.priorityClassName" -}}
+{{- $top := index . 0 }}
+{{- $service := index . 1 }}
+{{- $globalPriorityClassName := (index $top.Values "sourcegraph" "priorityClassName") }}
+{{- $servicePriorityClassName := (index $top.Values $service "priorityClassName") }}
+{{- if $servicePriorityClassName }}
+priorityClassName: {{ $servicePriorityClassName | toYaml | trim }}
+{{- else if $globalPriorityClassName }}
+priorityClassName: {{ $globalPriorityClassName | toYaml | trim }}
+{{- end }}
+{{- end }}
diff --git a/charts/sourcegraph-migrator/templates/migrator/sourcegraph-migrator.Job.yaml b/charts/sourcegraph-migrator/templates/migrator/sourcegraph-migrator.Job.yaml
index 9c06be82..c77ec3b3 100644
--- a/charts/sourcegraph-migrator/templates/migrator/sourcegraph-migrator.Job.yaml
+++ b/charts/sourcegraph-migrator/templates/migrator/sourcegraph-migrator.Job.yaml
@@ -68,6 +68,7 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with include "sourcegraph.priorityClassName" (list . "migrator") | trim }}{{ . | nindent 6 }}{{- end }}
{{- with .Values.sourcegraph.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml
index 20f30df7..bb144176 100644
--- a/charts/sourcegraph-migrator/values.yaml
+++ b/charts/sourcegraph-migrator/values.yaml
@@ -30,6 +30,8 @@ sourcegraph:
podAnnotations: {}
# -- Add extra labels to attach to all pods
podLabels: {}
+ # -- Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets)
+ priorityClassName: ""
# Generic application configuration options, used by most applications below
diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md
index b30d4d0d..986d573d 100644
--- a/charts/sourcegraph/README.md
+++ b/charts/sourcegraph/README.md
@@ -315,6 +315,7 @@ In addition to the documented values, all services also support the following va
| sourcegraph.nodeSelector | object | `{}` | Global NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) |
| sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods |
| sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods |
+| sourcegraph.priorityClassName | string | `""` | Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) |
| sourcegraph.revisionHistoryLimit | int | `10` | Global deployment clean up policy, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) |
| sourcegraph.serviceLabels | object | `{}` | Add extra labels to all services |
| sourcegraph.tolerations | list | `[]` | Global Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
diff --git a/charts/sourcegraph/templates/_helpers/_priorityClassName.tpl b/charts/sourcegraph/templates/_helpers/_priorityClassName.tpl
new file mode 100644
index 00000000..edff6746
--- /dev/null
+++ b/charts/sourcegraph/templates/_helpers/_priorityClassName.tpl
@@ -0,0 +1,20 @@
+{{/*
+
+Allow customers to assign a priorityClassName to all resources which create pods (ex. DaemonSets, Deployments, StatefulSets)
+
+Customers can configure an instance-wide default priorty class name at .Values.sourcegraph.priorityClassName,
+and can override it for individual services, if needed, at .Values..priorityClassName
+
+*/}}
+
+{{- define "sourcegraph.priorityClassName" -}}
+{{- $top := index . 0 }}
+{{- $service := index . 1 }}
+{{- $globalPriorityClassName := (index $top.Values "sourcegraph" "priorityClassName") }}
+{{- $servicePriorityClassName := (index $top.Values $service "priorityClassName") }}
+{{- if $servicePriorityClassName }}
+priorityClassName: {{ $servicePriorityClassName | toYaml | trim }}
+{{- else if $globalPriorityClassName }}
+priorityClassName: {{ $globalPriorityClassName | toYaml | trim }}
+{{- end }}
+{{- end }}
diff --git a/charts/sourcegraph/templates/_worker.tpl b/charts/sourcegraph/templates/_worker.tpl
index 73c4b64a..899bf03b 100644
--- a/charts/sourcegraph/templates/_worker.tpl
+++ b/charts/sourcegraph/templates/_worker.tpl
@@ -135,6 +135,7 @@ spec:
{{- toYaml $top.Values.worker.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list $top "worker" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list $top "worker" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list $top "worker") | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list $top "worker" ) | trim | nindent 6 }}
{{- with $top.Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml b/charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml
index 08c87d9d..8f02c7d4 100644
--- a/charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml
+++ b/charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml
@@ -92,6 +92,7 @@ spec:
{{- toYaml .Values.blobstore.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "blobstore" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "blobstore" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "blobstore") | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "blobstore" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml b/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml
index c0c325ad..e9814a4e 100644
--- a/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml
+++ b/charts/sourcegraph/templates/cadvisor/cadvisor.DaemonSet.yaml
@@ -103,6 +103,7 @@ spec:
{{- toYaml .Values.cadvisor.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "cadvisor" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "cadvisor" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "cadvisor" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "cadvisor" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.StatefulSet.yaml b/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.StatefulSet.yaml
index d56a02a8..99c78fd3 100644
--- a/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.StatefulSet.yaml
@@ -124,6 +124,7 @@ spec:
{{- toYaml .Values.codeInsightsDB.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "codeInsightsDB" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "codeInsightsDB" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "codeInsightsDB" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "codeInsightsDB" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml b/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml
index 7ea3c456..d95649a3 100644
--- a/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/codeintel-db/codeintel-db.StatefulSet.yaml
@@ -136,6 +136,7 @@ spec:
{{- toYaml .Values.codeIntelDB.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "codeIntelDB" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "codeIntelDB" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "codeIntelDB" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "codeIntelDB" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml
index e0f61903..1696644e 100644
--- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml
+++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml
@@ -65,7 +65,7 @@ spec:
{{- range $name, $item := .Values.migrator.env }}
- name: {{ $name }}
{{- $item | toYaml | nindent 10 }}
- {{- end }}
+ {{- end }}
{{- if not .Values.sourcegraph.localDevMode}}
resources:
{{- toYaml .Values.migrator.resources | nindent 10 }}
@@ -144,6 +144,7 @@ spec:
{{- toYaml .Values.frontend.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "frontend" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "frontend" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "frontend" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "frontend" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/gitserver/gitserver.StatefulSet.yaml b/charts/sourcegraph/templates/gitserver/gitserver.StatefulSet.yaml
index 9620df24..833b9799 100644
--- a/charts/sourcegraph/templates/gitserver/gitserver.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/gitserver/gitserver.StatefulSet.yaml
@@ -99,6 +99,7 @@ spec:
{{- toYaml .Values.gitserver.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "gitserver" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "gitserver" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "gitserver" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "gitserver" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
@@ -118,9 +119,6 @@ spec:
{{- if .Values.gitserver.extraVolumes }}
{{- toYaml .Values.gitserver.extraVolumes | nindent 6 }}
{{- end }}
- {{- if .Values.gitserver.priorityClassName }}
- priorityClassName: {{ .Values.gitserver.priorityClassName }}
- {{- end }}
updateStrategy:
type: RollingUpdate
volumeClaimTemplates:
diff --git a/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml b/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml
index da569d02..66e56943 100644
--- a/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml
@@ -88,6 +88,7 @@ spec:
{{- toYaml .Values.grafana.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "grafana" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "grafana" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "grafana" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "grafana" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/indexed-search/indexed-search.StatefulSet.yaml b/charts/sourcegraph/templates/indexed-search/indexed-search.StatefulSet.yaml
index cd2df9c9..b96e1ea8 100644
--- a/charts/sourcegraph/templates/indexed-search/indexed-search.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/indexed-search/indexed-search.StatefulSet.yaml
@@ -119,6 +119,7 @@ spec:
{{- toYaml .Values.indexedSearch.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "indexedSearch" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "indexedSearch" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "indexedSearch" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "indexedSearch" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
@@ -130,9 +131,6 @@ spec:
{{- if .Values.indexedSearch.extraVolumes }}
{{- toYaml .Values.indexedSearch.extraVolumes | nindent 6 }}
{{- end }}
- {{- if .Values.indexedSearch.priorityClassName }}
- priorityClassName: {{ .Values.indexedSearch.priorityClassName }}
- {{- end }}
updateStrategy:
type: RollingUpdate
volumeClaimTemplates:
diff --git a/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml b/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml
index 38aa01d8..34eb8381 100644
--- a/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml
+++ b/charts/sourcegraph/templates/jaeger/jaeger.Deployment.yaml
@@ -101,6 +101,7 @@ spec:
{{- toYaml .Values.jaeger.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "jaeger" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "jaeger" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "jaeger" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "jaeger" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml b/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml
index 68693182..db0bc0c3 100644
--- a/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml
+++ b/charts/sourcegraph/templates/node-exporter/node-exporter.DaemonSet.yaml
@@ -120,6 +120,7 @@ spec:
{{- toYaml .Values.nodeExporter.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "nodeExporter" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "nodeExporter" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "nodeExporter" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "nodeExporter" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/otel-collector/otel-agent.DaemonSet.yaml b/charts/sourcegraph/templates/otel-collector/otel-agent.DaemonSet.yaml
index 3efd5b1c..b2771396 100644
--- a/charts/sourcegraph/templates/otel-collector/otel-agent.DaemonSet.yaml
+++ b/charts/sourcegraph/templates/otel-collector/otel-agent.DaemonSet.yaml
@@ -84,6 +84,7 @@ spec:
terminationGracePeriodSeconds: 120
{{- include "sourcegraph.nodeSelector" (list . "openTelemetry" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "openTelemetry" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "openTelemetry" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "openTelemetry" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/otel-collector/otel-collector.Deployment.yaml b/charts/sourcegraph/templates/otel-collector/otel-collector.Deployment.yaml
index 47896c1b..d1d428a4 100644
--- a/charts/sourcegraph/templates/otel-collector/otel-collector.Deployment.yaml
+++ b/charts/sourcegraph/templates/otel-collector/otel-collector.Deployment.yaml
@@ -105,6 +105,7 @@ spec:
terminationGracePeriodSeconds: 120
{{- include "sourcegraph.nodeSelector" (list . "openTelemetry" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "openTelemetry" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "openTelemetry" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "openTelemetry" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml b/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml
index 4155e037..26047eaf 100644
--- a/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/pgsql/pgsql.StatefulSet.yaml
@@ -138,6 +138,7 @@ spec:
{{- toYaml .Values.pgsql.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "pgsql" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "pgsql" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "pgsql" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "pgsql" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml b/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml
index 17b41e64..bb15fbf7 100644
--- a/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml
+++ b/charts/sourcegraph/templates/precise-code-intel/worker.Deployment.yaml
@@ -108,6 +108,7 @@ spec:
{{- toYaml .Values.preciseCodeIntel.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "preciseCodeIntel" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "preciseCodeIntel" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "preciseCodeIntel" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "preciseCodeIntel" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml b/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml
index 9616c9de..cee8cc9e 100644
--- a/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml
+++ b/charts/sourcegraph/templates/prometheus/prometheus.Deployment.yaml
@@ -89,6 +89,7 @@ spec:
{{- toYaml .Values.prometheus.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "prometheus" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "prometheus" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "prometheus" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "prometheus" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml b/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml
index fc00f487..41eb3042 100644
--- a/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml
+++ b/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml
@@ -125,15 +125,13 @@ spec:
{{- toYaml .Values.redisCache.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "redisCache" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "redisCache" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "redisCache" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "redisCache" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "sourcegraph.renderServiceAccountName" (list . "redisCache") | trim | nindent 6 }}
- {{- if .Values.redisCache.priorityClassName }}
- priorityClassName: {{ .Values.redisCache.priorityClassName }}
- {{- end }}
volumes:
- name: redis-data
persistentVolumeClaim:
diff --git a/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml b/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml
index d1697741..64c2710c 100644
--- a/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml
+++ b/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml
@@ -124,15 +124,13 @@ spec:
{{- toYaml .Values.redisStore.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "redisStore" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "redisStore" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "redisStore" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "redisStore" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "sourcegraph.renderServiceAccountName" (list . "redisStore") | trim | nindent 6 }}
- {{- if .Values.redisStore.priorityClassName }}
- priorityClassName: {{ .Values.redisStore.priorityClassName }}
- {{- end }}
volumes:
- name: redis-data
persistentVolumeClaim:
diff --git a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml
index ab201aeb..7c73b48b 100644
--- a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml
+++ b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml
@@ -117,6 +117,7 @@ spec:
{{- toYaml .Values.searcher.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "searcher" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "searcher" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "searcher" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "searcher" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
@@ -131,9 +132,6 @@ spec:
{{- if .Values.searcher.extraVolumes }}
{{- toYaml .Values.searcher.extraVolumes | nindent 6 }}
{{- end }}
- {{- if .Values.searcher.priorityClassName }}
- priorityClassName: {{ .Values.searcher.priorityClassName }}
- {{- end }}
volumeClaimTemplates:
- metadata:
name: cache
diff --git a/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml b/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml
index 96240603..d7a63f37 100644
--- a/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml
+++ b/charts/sourcegraph/templates/syntactic-code-intel/worker.Deployment.yaml
@@ -111,6 +111,7 @@ spec:
{{- toYaml .Values.syntacticCodeIntel.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "syntacticCodeIntel" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "syntacticCodeIntel" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "syntacticCodeIntel" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "syntacticCodeIntel" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/templates/syntect-server/syntect-server.Deployment.yaml b/charts/sourcegraph/templates/syntect-server/syntect-server.Deployment.yaml
index 7d6e0712..9a66ae5f 100644
--- a/charts/sourcegraph/templates/syntect-server/syntect-server.Deployment.yaml
+++ b/charts/sourcegraph/templates/syntect-server/syntect-server.Deployment.yaml
@@ -91,6 +91,7 @@ spec:
{{- toYaml .Values.syntectServer.podSecurityContext | nindent 8 }}
{{- include "sourcegraph.nodeSelector" (list . "syntectServer" ) | trim | nindent 6 }}
{{- include "sourcegraph.affinity" (list . "syntectServer" ) | trim | nindent 6 }}
+ {{- with include "sourcegraph.priorityClassName" (list . "syntectServer" ) | trim }}{{ . | nindent 6 }}{{- end }}
{{- include "sourcegraph.tolerations" (list . "syntectServer" ) | trim | nindent 6 }}
{{- with .Values.sourcegraph.imagePullSecrets }}
imagePullSecrets:
diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml
index f11ca539..78ed3246 100644
--- a/charts/sourcegraph/values.yaml
+++ b/charts/sourcegraph/values.yaml
@@ -33,6 +33,8 @@ sourcegraph:
podAnnotations: {}
# -- Add extra labels to attach to all pods
podLabels: {}
+ # -- Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets)
+ priorityClassName: ""
# -- Global deployment clean up policy,
# learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
revisionHistoryLimit: 10
From 27519e6ebf9621f5010600f3bb910912ae8feb22 Mon Sep 17 00:00:00 2001
From: Release Bot <107104610+sourcegraph-release-bot@users.noreply.github.com>
Date: Tue, 16 Dec 2025 05:17:47 -0500
Subject: [PATCH 4/5] [Backport 6.11.x] fix(sourcegraph): incorrect rendering
of redis connection env vars (#789)
reworked https://github.com/sourcegraph/deploy-sourcegraph-helm/pull/784
### Checklist
- [x] Follow the [manual testing
process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md)
- [x] Update
[changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md)
- [x] Update [Kubernetes update
doc](https://docs.sourcegraph.com/admin/updates/kubernetes)
### Test plan
added unit test
Backport 5ff81c8b627cfad0b583b9d2ca7bd1c14245bd04 from #786
Co-authored-by: Michael Lin
Co-authored-by: Marc <7050295+marcleblanc2@users.noreply.github.com>
---
charts/sourcegraph/templates/_helpers.tpl | 36 ++++++++----
.../tests/redisConnection_test.yaml | 57 +++++++++++++++++++
2 files changed, 81 insertions(+), 12 deletions(-)
create mode 100644 charts/sourcegraph/tests/redisConnection_test.yaml
diff --git a/charts/sourcegraph/templates/_helpers.tpl b/charts/sourcegraph/templates/_helpers.tpl
index c1671edd..13d0ed52 100644
--- a/charts/sourcegraph/templates/_helpers.tpl
+++ b/charts/sourcegraph/templates/_helpers.tpl
@@ -249,23 +249,35 @@ app.kubernetes.io/name: jaeger
{{- end }}
{{/*
-Set redisCache and redisStore endpoints
-So that customers can configure them any of these ways:
-1. Create a new Kubernetes secret, with default values (default, no override config required)
-2. Use an existing Kubernetes secret, by configuring .Values.redisCache.connection.existingSecret
-3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true
-4. Do not create or use Kubernetes secrets, but pass custom values (ex. external Redis) directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true, .Values.redisCache.connection.endpoint = "", .Values.redisStore.connection.endpoint = "", and defining the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods
+Set redisCache and redisStore endpoints,
+so that customers can configure them any of these ways:
+
+1. Create new Kubernetes secrets, with default values (default, no override config required)
+
+2. Use existing Kubernetes secrets, managed externally, by configuring:
+.Values.redisCache.connection.existingSecret:
+.Values.redisStore.connection.existingSecret:
+
+3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring:
+.Values.sourcegraph.disableKubernetesSecrets: true
+
+4. Do not create or use Kubernetes secrets, but provide custom values (ex. external Redis) to have this function pass them into the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods, by configuring:
+.Values.sourcegraph.disableKubernetesSecrets: true
+.Values.redisCache.connection.endpoint:
+.Values.redisStore.connection.endpoint:
+
*/}}
{{- define "sourcegraph.redisConnection" -}}
{{- if .Values.sourcegraph.disableKubernetesSecrets -}}
-{{- if .Values.redisCache.connection.endpoint -}}
-- name: REDIS_CACHE_ENDPOINT
- value: {{ .Values.redisCache.connection.endpoint }}
+{{- $cacheEndpoint := dig "connection" "endpoint" "" .Values.redisCache -}}
+{{- $storeEndpoint := dig "connection" "endpoint" "" .Values.redisStore -}}
+{{- if not (and $cacheEndpoint $storeEndpoint) -}}
+{{- fail ".Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint must be set when disableKubernetesSecrets is true!" -}}
{{- end -}}
-{{- if .Values.redisStore.connection.endpoint -}}
+- name: REDIS_CACHE_ENDPOINT
+ value: {{ $cacheEndpoint }}
- name: REDIS_STORE_ENDPOINT
- value: {{ .Values.redisStore.connection.endpoint }}
-{{- end -}}
+ value: {{ $storeEndpoint }}
{{- else -}}
- name: REDIS_CACHE_ENDPOINT
valueFrom:
diff --git a/charts/sourcegraph/tests/redisConnection_test.yaml b/charts/sourcegraph/tests/redisConnection_test.yaml
new file mode 100644
index 00000000..c387b8e6
--- /dev/null
+++ b/charts/sourcegraph/tests/redisConnection_test.yaml
@@ -0,0 +1,57 @@
+---
+suite: redisConnection
+templates:
+- frontend/sourcegraph-frontend.Deployment.yaml
+tests:
+- it: should reference the default secret
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: REDIS_CACHE_ENDPOINT
+ valueFrom:
+ secretKeyRef:
+ key: endpoint
+ name: redis-cache
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: REDIS_STORE_ENDPOINT
+ valueFrom:
+ secretKeyRef:
+ key: endpoint
+ name: redis-store
+- it: should not reference secret when .sourcegraph.disableKubernetesSecrets is true
+ set:
+ sourcegraph:
+ disableKubernetesSecrets: true
+ redisCache:
+ connection:
+ endpoint: redis-cache-svc
+ redisStore:
+ connection:
+ endpoint: redis-store-svc
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: REDIS_CACHE_ENDPOINT
+ value: redis-cache-svc
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: REDIS_STORE_ENDPOINT
+ value: redis-store-svc
+- it: should fail when .sourcegraph.disableKubernetesSecrets is true but .Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint are not set
+ set:
+ sourcegraph:
+ disableKubernetesSecrets: true
+ redisCache:
+ connection:
+ endpoint: ""
+ redisStore:
+ connection:
+ endpoint: ""
+ asserts:
+ - failedTemplate:
+ errorMessage: .Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint must be set when disableKubernetesSecrets is true!
From cb31fa90a84a93f29a98707beafefae2e5ade046 Mon Sep 17 00:00:00 2001
From: Warren Gifford
Date: Wed, 24 Dec 2025 03:00:26 +0000
Subject: [PATCH 5/5] release_patch: v6.11.2752
{"version":"v6.11.2752","inputs":"server=6.11.2752","type":"patch"}
---
charts/sourcegraph-executor/dind/Chart.yaml | 4 +-
charts/sourcegraph-executor/dind/README.md | 4 +-
charts/sourcegraph-executor/dind/values.yaml | 4 +-
charts/sourcegraph-executor/k8s/Chart.yaml | 4 +-
charts/sourcegraph-executor/k8s/README.md | 4 +-
charts/sourcegraph-executor/k8s/values.yaml | 4 +-
charts/sourcegraph-migrator/Chart.yaml | 4 +-
charts/sourcegraph-migrator/README.md | 8 +--
charts/sourcegraph-migrator/values.yaml | 4 +-
charts/sourcegraph/Chart.yaml | 4 +-
charts/sourcegraph/README.md | 52 +++++++++----------
.../sourcegraph/examples/subchart/Chart.yaml | 4 +-
charts/sourcegraph/values.yaml | 52 +++++++++----------
13 files changed, 76 insertions(+), 76 deletions(-)
diff --git a/charts/sourcegraph-executor/dind/Chart.yaml b/charts/sourcegraph-executor/dind/Chart.yaml
index 537f5b5d..458f39a5 100644
--- a/charts/sourcegraph-executor/dind/Chart.yaml
+++ b/charts/sourcegraph-executor/dind/Chart.yaml
@@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico
type: application
# Chart version, separate from Sourcegraph
-version: "5.11.0"
+version: "6.11.2752"
# Version of Sourcegraph release
-appVersion: "5.11.0"
+appVersion: "6.11.2752"
diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md
index b6f5f8a8..dd0cb17f 100644
--- a/charts/sourcegraph-executor/dind/README.md
+++ b/charts/sourcegraph-executor/dind/README.md
@@ -60,7 +60,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| executor.env.EXECUTOR_FRONTEND_URL | object | `{"value":""}` | The external URL of the Sourcegraph instance. Required. |
| executor.env.EXECUTOR_QUEUE_NAME | object | `{"value":""}` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAMES is required.** |
| executor.env.EXECUTOR_QUEUE_NAMES | object | `{"value":""}` | The comma-separated list of names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAME is required.** |
-| executor.image.defaultTag | string | `"6.0.0@sha256:0be94a7c91f8273db10fdf46718c6596340ab2acc570e7b85353806e67a27508"` | |
+| executor.image.defaultTag | string | `"6.11.2752@sha256:01359d150c3954953e13b9c3027f86c9e66e7a3d638db1de667cea80185b9b6e"` | |
| executor.image.name | string | `"executor"` | |
| executor.replicaCount | int | `1` | |
| privateDockerRegistry.enabled | bool | `true` | Whether to deploy the private registry. Only one registry is needed when deploying multiple executors. More information: https://docs.sourcegraph.com/admin/executors/deploy_executors#using-private-registries |
@@ -71,7 +71,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag |
| sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy |
-| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix |
+| sourcegraph.image.repository | string | `"us-docker.pkg.dev/sourcegraph-images/internal"` | Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add a global label to all resources |
diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml
index eec0a03c..0811e7a4 100644
--- a/charts/sourcegraph-executor/dind/values.yaml
+++ b/charts/sourcegraph-executor/dind/values.yaml
@@ -8,7 +8,7 @@ sourcegraph:
# -- Global docker image pull policy
pullPolicy: IfNotPresent
# -- Global docker image registry or prefix
- repository: index.docker.io/sourcegraph
+ repository: us-docker.pkg.dev/sourcegraph-images/internal
# -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags
useGlobalTagAsDefault: false
# -- Mount named secrets containing docker credentials
@@ -57,7 +57,7 @@ storageClass:
executor:
enabled: true
image:
- defaultTag: 6.0.0@sha256:0be94a7c91f8273db10fdf46718c6596340ab2acc570e7b85353806e67a27508
+ defaultTag: 6.11.2752@sha256:01359d150c3954953e13b9c3027f86c9e66e7a3d638db1de667cea80185b9b6e
name: "executor"
replicaCount: 1
env:
diff --git a/charts/sourcegraph-executor/k8s/Chart.yaml b/charts/sourcegraph-executor/k8s/Chart.yaml
index 9dae46f9..701ca38c 100644
--- a/charts/sourcegraph-executor/k8s/Chart.yaml
+++ b/charts/sourcegraph-executor/k8s/Chart.yaml
@@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico
type: application
# Chart version, separate from Sourcegraph
-version: "5.11.0"
+version: "6.11.2752"
# Version of Sourcegraph release
-appVersion: "5.11.0"
+appVersion: "6.11.2752"
diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md
index 777c0bc8..9eb6830e 100644
--- a/charts/sourcegraph-executor/k8s/README.md
+++ b/charts/sourcegraph-executor/k8s/README.md
@@ -61,7 +61,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. |
| executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. |
| executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. |
-| executor.image.defaultTag | string | `"6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65"` | |
+| executor.image.defaultTag | string | `"6.11.2752@sha256:4318892d49adeab8f4c6c5665a82b432667647d2936e9fdd386f19f2da65ac1f"` | |
| executor.image.name | string | `"executor-kubernetes"` | |
| executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. |
| executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. |
@@ -99,7 +99,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag |
| sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy |
-| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix |
+| sourcegraph.image.repository | string | `"us-docker.pkg.dev/sourcegraph-images/internal"` | Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add a global label to all resources |
diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml
index 730df98e..091499c2 100644
--- a/charts/sourcegraph-executor/k8s/values.yaml
+++ b/charts/sourcegraph-executor/k8s/values.yaml
@@ -8,7 +8,7 @@ sourcegraph:
# -- Global docker image pull policy
pullPolicy: IfNotPresent
# -- Global docker image registry or prefix
- repository: index.docker.io/sourcegraph
+ repository: us-docker.pkg.dev/sourcegraph-images/internal
# -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags
useGlobalTagAsDefault: false
# -- Mount named secrets containing docker credentials
@@ -61,7 +61,7 @@ executor:
configureRbac: true
replicas: 1
image:
- defaultTag: 6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65
+ defaultTag: 6.11.2752@sha256:4318892d49adeab8f4c6c5665a82b432667647d2936e9fdd386f19f2da65ac1f
name: "executor-kubernetes"
resources:
limits:
diff --git a/charts/sourcegraph-migrator/Chart.yaml b/charts/sourcegraph-migrator/Chart.yaml
index 9ad6613d..8f88a98a 100644
--- a/charts/sourcegraph-migrator/Chart.yaml
+++ b/charts/sourcegraph-migrator/Chart.yaml
@@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico
type: application
# Chart version, separate from Sourcegraph
-version: "5.11.0"
+version: "6.11.2752"
# Version of Sourcegraph release
-appVersion: "5.11.0"
+appVersion: "6.11.2752"
diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md
index d7ef768d..514c4438 100644
--- a/charts/sourcegraph-migrator/README.md
+++ b/charts/sourcegraph-migrator/README.md
@@ -42,7 +42,7 @@ You should consult the list of available [migrator commands]. Below is some exam
- Perform initial migrations against external PostgreSQL databases prior to the Sourcegraph deployment
```sh
-helm upgrade --install -f --version 5.11.0 sg-migrator sourcegraph/sourcegraph-migrator
+helm upgrade --install -f --version 6.11.2752 sg-migrator sourcegraph/sourcegraph-migrator
```
### Add a migration log entry
@@ -52,7 +52,7 @@ helm upgrade --install -f --version 5.11.0 sg-migrator
Add an entry to the migration log after a site administrator has explicitly applied the contents of a migration file, learn more about troubleshooting a [dirty database].
```sh
-helm upgrade --install -f --set "migrator.args={add-log,-db=frontend,-version=1528395834}" --version 5.11.0 sg-migrator sourcegraph/sourcegraph-migrator
+helm upgrade --install -f --set "migrator.args={add-log,-db=frontend,-version=1528395834}" --version 6.11.2752 sg-migrator sourcegraph/sourcegraph-migrator
```
## Rendering manifests for kubectl deployment
@@ -80,7 +80,7 @@ In addition to the documented values, the `migrator` service also supports the f
| migrator.args | list | `["up","-db=all"]` | Override default `migrator` container args Available commands can be found at https://docs.sourcegraph.com/admin/how-to/manual_database_migrations |
| migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| migrator.env | object | `{}` | Environment variables for the `migrator` container |
-| migrator.image.defaultTag | string | `"6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc"` | Docker image tag for the `migrator` image |
+| migrator.image.defaultTag | string | `"6.11.2752@sha256:fa4c0c8d79c1e2e37fd0a625418f2299c8229ccdfb1de0adffdcb738c20e8b67"` | Docker image tag for the `migrator` image |
| migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image |
| migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| pgsql.auth.existingSecret | string | `""` | Name of existing secret to use for pgsql credentials This should match the setting in the sourcegraph chart values |
@@ -88,7 +88,7 @@ In addition to the documented values, the `migrator` service also supports the f
| sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag |
| sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy |
-| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix |
+| sourcegraph.image.repository | string | `"us-docker.pkg.dev/sourcegraph-images/internal"` | Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add a global label to all resources |
diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml
index bb144176..90b76b5e 100644
--- a/charts/sourcegraph-migrator/values.yaml
+++ b/charts/sourcegraph-migrator/values.yaml
@@ -8,7 +8,7 @@ sourcegraph:
# -- Global docker image pull policy
pullPolicy: IfNotPresent
# -- Global docker image registry or prefix
- repository: index.docker.io/sourcegraph
+ repository: us-docker.pkg.dev/sourcegraph-images/internal
# -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags
useGlobalTagAsDefault: false
# -- Mount named secrets containing docker credentials
@@ -104,7 +104,7 @@ pgsql:
migrator:
image:
# -- Docker image tag for the `migrator` image
- defaultTag: 6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc
+ defaultTag: 6.11.2752@sha256:fa4c0c8d79c1e2e37fd0a625418f2299c8229ccdfb1de0adffdcb738c20e8b67
# -- Docker image name for the `migrator` image
name: "migrator"
# -- Environment variables for the `migrator` container
diff --git a/charts/sourcegraph/Chart.yaml b/charts/sourcegraph/Chart.yaml
index 898e9e67..a9a38e5e 100644
--- a/charts/sourcegraph/Chart.yaml
+++ b/charts/sourcegraph/Chart.yaml
@@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico
type: application
# Chart version, separate from Sourcegraph
-version: "5.11.0"
+version: "6.11.2752"
# Version of Sourcegraph release
-appVersion: "5.11.0"
+appVersion: "6.11.2752"
diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md
index 986d573d..3dbf4b4e 100644
--- a/charts/sourcegraph/README.md
+++ b/charts/sourcegraph/README.md
@@ -28,12 +28,12 @@ In addition to the documented values, all services also support the following va
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alpine.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| alpine.image.defaultTag | string | `"6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df"` | Docker image tag for the `alpine` image |
+| alpine.image.defaultTag | string | `"6.11.2752@sha256:df97d9fad72aab628e70d31ac3415543e7b7017100648449f9c5ab87e92a67c7"` | Docker image tag for the `alpine` image |
| alpine.image.name | string | `"alpine-3.14"` | Docker image name for the `alpine` image |
| alpine.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| blobstore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| blobstore.enabled | bool | `true` | Enable `blobstore` (S3 compatible storage) |
-| blobstore.image.defaultTag | string | `"6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5"` | Docker image tag for the `blobstore` image |
+| blobstore.image.defaultTag | string | `"6.11.2752@sha256:6e255ebfb906b8461a61742925376e78b9482cbc2a975a622ddc0fa8cb9b680f"` | Docker image tag for the `blobstore` image |
| blobstore.image.name | string | `"blobstore"` | Docker image name for the `blobstore` image |
| blobstore.name | string | `"blobstore"` | Name used by resources. Does not affect service names or PVCs. |
| blobstore.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -43,7 +43,7 @@ In addition to the documented values, all services also support the following va
| blobstore.storageSize | string | `"100Gi"` | PVC Storage Request for `blobstore` data volume |
| cadvisor.containerSecurityContext | object | `{"privileged":true}` | Security context for the `cadvisor` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| cadvisor.enabled | bool | `true` | Enable `cadvisor` |
-| cadvisor.image.defaultTag | string | `"6.0.0@sha256:48082a2822a727e22c556ae2c3bae5f5bf4528c7b462efc3c085271ee5145be8"` | Docker image tag for the `cadvisor` image |
+| cadvisor.image.defaultTag | string | `"6.11.2752@sha256:6f196f57396556945b29039a9697cb97bdb1a32b08555018d85a42f4d88f0dbd"` | Docker image tag for the `cadvisor` image |
| cadvisor.image.name | string | `"cadvisor"` | Docker image name for the `cadvisor` image |
| cadvisor.name | string | `"cadvisor"` | Name used by resources. Does not affect service names or PVCs. |
| cadvisor.podSecurityPolicy.enabled | bool | `false` | Enable [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for `cadvisor` pods |
@@ -62,7 +62,7 @@ In addition to the documented values, all services also support the following va
| codeInsightsDB.enabled | bool | `true` | Enable `codeinsights-db` PostgreSQL server |
| codeInsightsDB.env | object | `{}` | Environment variables for the `codeinsights-db` container |
| codeInsightsDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeinsights-db`. It must contain a `postgresql.conf` key. |
-| codeInsightsDB.image.defaultTag | string | `"6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9"` | Docker image tag for the `codeinsights-db` image |
+| codeInsightsDB.image.defaultTag | string | `"6.11.2752@sha256:d270d0590b826649f9ac82c66cbfaaa45b1fad38f91d08aa3946521cbb19f43b"` | Docker image tag for the `codeinsights-db` image |
| codeInsightsDB.image.name | string | `"postgresql-16-codeinsights"` | Docker image name for the `codeinsights-db` image |
| codeInsightsDB.init.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| codeInsightsDB.name | string | `"codeinsights-db"` | Name used by resources. Does not affect service names or PVCs. |
@@ -83,7 +83,7 @@ In addition to the documented values, all services also support the following va
| codeIntelDB.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `codeintel-db` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| codeIntelDB.enabled | bool | `true` | Enable `codeintel-db` PostgreSQL server |
| codeIntelDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeintel-db`. It must contain a `postgresql.conf` key |
-| codeIntelDB.image.defaultTag | string | `"6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb"` | Docker image tag for the `codeintel-db` image |
+| codeIntelDB.image.defaultTag | string | `"6.11.2752@sha256:eaba36971ee69fb3e071c9155ac3d62af84ad20e3f70155ff75ec1c61ef676c1"` | Docker image tag for the `codeintel-db` image |
| codeIntelDB.image.name | string | `"postgresql-16"` | Docker image name for the `codeintel-db` image |
| codeIntelDB.name | string | `"codeintel-db"` | Name used by resources. Does not affect service names or PVCs. |
| codeIntelDB.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999}` | Security context for the `codeintel-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -96,7 +96,7 @@ In addition to the documented values, all services also support the following va
| frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| frontend.createRoleBinding | bool | `true` | Disable the roleBinding resource for deployment environments blocking RBAC, ex. OpenShift's default "secure" SCC |
| frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container |
-| frontend.image.defaultTag | string | `"6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a"` | Docker image tag for the `frontend` image |
+| frontend.image.defaultTag | string | `"6.11.2752@sha256:63d2e45df7cb9a46a59735a2852512485621a528cff894695a5b871dbab8a229"` | Docker image tag for the `frontend` image |
| frontend.image.name | string | `"frontend"` | Docker image name for the `frontend` image |
| frontend.ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"}` | Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by [cert-manager](https://cert-manager.io/docs/usage/ingress/) |
| frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | [Deprecated annotation](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use `ingressClassName` instead and set an override value of `null` for this annotation. |
@@ -112,7 +112,7 @@ In addition to the documented values, all services also support the following va
| frontend.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for `frontend` |
| frontend.serviceAccount.name | string | `"sourcegraph-frontend"` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| gitserver.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| gitserver.image.defaultTag | string | `"6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35"` | Docker image tag for the `gitserver` image |
+| gitserver.image.defaultTag | string | `"6.11.2752@sha256:e7f3751544f992bb41e11805a4a72cf698787712756588d510f4fb807a2f95c1"` | Docker image tag for the `gitserver` image |
| gitserver.image.name | string | `"gitserver"` | Docker image name for the `gitserver` image |
| gitserver.name | string | `"gitserver"` | Name used by resources. Does not affect service names or PVCs. |
| gitserver.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -133,7 +133,7 @@ In addition to the documented values, all services also support the following va
| grafana.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| grafana.enabled | bool | `true` | Enable `grafana` dashboard (recommended) |
| grafana.existingConfig | string | `""` | Name of existing ConfigMap for `grafana`. It must contain a `datasources.yml` key. |
-| grafana.image.defaultTag | string | `"6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8"` | Docker image tag for the `grafana` image |
+| grafana.image.defaultTag | string | `"6.11.2752@sha256:70d017e741d4096caf7bd237ea46c39b4bbab640cfbf5cae4b2849b6f887ad1c"` | Docker image tag for the `grafana` image |
| grafana.image.name | string | `"grafana"` | Docker image name for the `grafana` image |
| grafana.name | string | `"grafana"` | Name used by resources. Does not affect service names or PVCs. |
| grafana.podSecurityContext | object | `{"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -142,7 +142,7 @@ In addition to the documented values, all services also support the following va
| grafana.serviceAccount.name | string | `"grafana"` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| grafana.storageSize | string | `"2Gi"` | PVC Storage Request for `grafana` data volume |
| indexedSearch.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-webserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| indexedSearch.image.defaultTag | string | `"6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323"` | Docker image tag for the `zoekt-webserver` image |
+| indexedSearch.image.defaultTag | string | `"6.11.2752@sha256:e84d5944021f8e8a5f695a0df23226ba18b8520cb3de111e4fbc9fd0b3c5ada7"` | Docker image tag for the `zoekt-webserver` image |
| indexedSearch.image.name | string | `"indexed-searcher"` | Docker image name for the `zoekt-webserver` image |
| indexedSearch.name | string | `"indexed-search"` | Name used by resources. Does not affect service names or PVCs. |
| indexedSearch.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `indexed-search` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -152,7 +152,7 @@ In addition to the documented values, all services also support the following va
| indexedSearch.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| indexedSearch.storageSize | string | `"200Gi"` | PVC Storage Request for `indexed-search` data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. |
| indexedSearchIndexer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| indexedSearchIndexer.image.defaultTag | string | `"6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91"` | Docker image tag for the `zoekt-indexserver` image |
+| indexedSearchIndexer.image.defaultTag | string | `"6.11.2752@sha256:43d3847011eac4f5bc2a2f843b4929f0e4d7747f7b5d90b0d883f79aef77f2cd"` | Docker image tag for the `zoekt-indexserver` image |
| indexedSearchIndexer.image.name | string | `"search-indexer"` | Docker image name for the `zoekt-indexserver` image |
| indexedSearchIndexer.resources | object | `{"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}}` | Resource requests & limits for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. |
| jaeger.args | list | `["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"]` | Default args passed to the `jaeger` binary |
@@ -162,7 +162,7 @@ In addition to the documented values, all services also support the following va
| jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger `collector` service, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) |
| jaeger.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `jaeger` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| jaeger.enabled | bool | `false` | Enable `jaeger` |
-| jaeger.image.defaultTag | string | `"6.0.0@sha256:79548aa11d7e2e6bf3e2012fb9e046df12ba5c5410bc24ec8f4d7cbb880336b9"` | Docker image tag for the `jaeger` image |
+| jaeger.image.defaultTag | string | `"6.11.2752@sha256:df58d506b85465a3f9e3ba0063da4f416bbfb372b84d7127d99ded168554e6fe"` | Docker image tag for the `jaeger` image |
| jaeger.image.name | string | `"jaeger-all-in-one"` | Docker image name for the `jaeger` image |
| jaeger.name | string | `"jaeger"` | Name used by resources. Does not affect service names or PVCs. |
| jaeger.podSecurityContext | object | `{}` | Security context for the `jaeger` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -177,14 +177,14 @@ In addition to the documented values, all services also support the following va
| migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| migrator.enabled | bool | `true` | Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in `frontend` deployment to perform database migration |
| migrator.env | object | `{}` | Environment variables for the `migrator` container |
-| migrator.image.defaultTag | string | `"6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc"` | Docker image tag for the `migrator` image |
+| migrator.image.defaultTag | string | `"6.11.2752@sha256:fa4c0c8d79c1e2e37fd0a625418f2299c8229ccdfb1de0adffdcb738c20e8b67"` | Docker image tag for the `migrator` image |
| migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image |
| migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| nodeExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534}` | Security context for the `node-exporter` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| nodeExporter.enabled | bool | `true` | Enable `node-exporter` |
| nodeExporter.extraArgs | list | `[]` | |
| nodeExporter.hostPID | bool | `true` | |
-| nodeExporter.image.defaultTag | string | `"6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06"` | Docker image tag for the `node-exporter` image |
+| nodeExporter.image.defaultTag | string | `"6.11.2752@sha256:14cc720b3f500c1a6d516ec0f2d7b29daabbb448447fc75f89aadce4d54546f6"` | Docker image tag for the `node-exporter` image |
| nodeExporter.image.name | string | `"node-exporter"` | Docker image name for the `node-exporter` image |
| nodeExporter.name | string | `"node-exporter"` | Name used by resources. Does not affect service names or PVCs. |
| nodeExporter.podSecurityContext | object | `{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}` | Security context for the `node-exporter` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -214,7 +214,7 @@ In addition to the documented values, all services also support the following va
| openTelemetry.gateway.resources | object | `{"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}}` | Resource requests & limits for the `otel-collector` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| openTelemetry.gateway.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `otel-collector` |
| openTelemetry.gateway.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
-| openTelemetry.image.defaultTag | string | `"6.0.0@sha256:ef3e61a4f0a624523ecdee57d8b7757436c2389e0cf12401b4764d19c826ff8a"` | Docker image tag for the `otel-collector` image |
+| openTelemetry.image.defaultTag | string | `"6.11.2752@sha256:bd19d8a9ba096320b9af73ad3ca7cd3b26315062077d8d9f14f23ada6662bbea"` | Docker image tag for the `otel-collector` image |
| openTelemetry.image.name | string | `"opentelemetry-collector"` | Docker image name for the `otel-collector` image |
| pgsql.additionalConfig | string | `""` | Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our [recommended PostgreSQL configuration](https://docs.sourcegraph.com/admin/config/postgres-conf) and [PostgreSQL documentation](https://www.postgresql.org/docs/12/config-setting.html) |
| pgsql.auth.database | string | `"sg"` | Sets postgres database name |
@@ -227,7 +227,7 @@ In addition to the documented values, all services also support the following va
| pgsql.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| pgsql.enabled | bool | `true` | Enable `pgsql` PostgreSQL server |
| pgsql.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `postgresql.conf` key |
-| pgsql.image.defaultTag | string | `"6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb"` | Docker image tag for the `pgsql` image |
+| pgsql.image.defaultTag | string | `"6.11.2752@sha256:eaba36971ee69fb3e071c9155ac3d62af84ad20e3f70155ff75ec1c61ef676c1"` | Docker image tag for the `pgsql` image |
| pgsql.image.name | string | `"postgresql-16"` | Docker image name for the `pgsql` image |
| pgsql.name | string | `"pgsql"` | Name used by resources. Does not affect service names or PVCs. |
| pgsql.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -236,12 +236,12 @@ In addition to the documented values, all services also support the following va
| pgsql.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `pgsql` |
| pgsql.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| pgsql.storageSize | string | `"200Gi"` | PVC Storage Request for `pgsql` data volume |
-| postgresExporter.image.defaultTag | string | `"6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27"` | Docker image tag for the `pgsql-exporter` image |
+| postgresExporter.image.defaultTag | string | `"6.11.2752@sha256:12f06f5052954ebf3efaeac71a5d9a4091e84f2ed6a24d87ef993bbeb305d70b"` | Docker image tag for the `pgsql-exporter` image |
| postgresExporter.image.name | string | `"postgres_exporter"` | Docker image name for the `pgsql-exporter` image |
| postgresExporter.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `pgsql-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| preciseCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| preciseCodeIntel.env | object | `{"NUM_WORKERS":{"value":"4"}}` | Environment variables for the `precise-code-intel-worker` container |
-| preciseCodeIntel.image.defaultTag | string | `"6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37"` | Docker image tag for the `precise-code-intel-worker` image |
+| preciseCodeIntel.image.defaultTag | string | `"6.11.2752@sha256:c8fb3bac5808b89bac058383ae994c9927758b64a92b5cff31d86a61ac227c6e"` | Docker image tag for the `precise-code-intel-worker` image |
| preciseCodeIntel.image.name | string | `"precise-code-intel-worker"` | Docker image name for the `precise-code-intel-worker` image |
| preciseCodeIntel.name | string | `"precise-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. |
| preciseCodeIntel.podSecurityContext | object | `{}` | Security context for the `precise-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -254,7 +254,7 @@ In addition to the documented values, all services also support the following va
| prometheus.createRoleBinding | bool | `true` | Disable the creation of a RoleBinding object, for customers who block all RBAC resource creation |
| prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) |
| prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key |
-| prometheus.image.defaultTag | string | `"6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f"` | Docker image tag for the `prometheus` image |
+| prometheus.image.defaultTag | string | `"6.11.2752@sha256:41b4cabff778afe4be6370c4a3dc97c7af1a7683009bd6867f37f0b6e5d9eb58"` | Docker image tag for the `prometheus` image |
| prometheus.image.name | string | `"prometheus"` | Docker image name for the `prometheus` image |
| prometheus.name | string | `"prometheus"` | Name used by resources. Does not affect service names or PVCs. |
| prometheus.podSecurityContext | object | `{"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `prometheus` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -267,7 +267,7 @@ In addition to the documented values, all services also support the following va
| redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) |
| redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| redisCache.enabled | bool | `true` | Enable `redis-cache` Redis server |
-| redisCache.image.defaultTag | string | `"6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78"` | Docker image tag for the `redis-cache` image |
+| redisCache.image.defaultTag | string | `"6.11.2752@sha256:cf7f4557b6333a9c881d55b604712109d975bd10d5b47f85af08bf12ad81d886"` | Docker image tag for the `redis-cache` image |
| redisCache.image.name | string | `"redis-cache"` | Docker image name for the `redis-cache` image |
| redisCache.name | string | `"redis-cache"` | Name used by resources. Does not affect service names or PVCs. |
| redisCache.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-cache` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -276,14 +276,14 @@ In addition to the documented values, all services also support the following va
| redisCache.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| redisCache.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-cache` data volume |
| redisExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| redisExporter.image.defaultTag | string | `"6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af"` | Docker image tag for the `redis-exporter` image |
+| redisExporter.image.defaultTag | string | `"6.11.2752@sha256:27143eb7fb7ab5aa7b6d4ff027c97248fcc987670b796e5454f4dc7729001999"` | Docker image tag for the `redis-exporter` image |
| redisExporter.image.name | string | `"redis_exporter"` | Docker image name for the `redis-exporter` image |
| redisExporter.resources | object | `{"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}}` | Resource requests & limits for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| redisStore.connection.endpoint | string | `"redis-store:6379"` | Endpoint to use for redis-store. Supports either host:port or IANA specification |
| redisStore.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) |
| redisStore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-store` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| redisStore.enabled | bool | `true` | Enable `redis-store` Redis server |
-| redisStore.image.defaultTag | string | `"6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be"` | Docker image tag for the `redis-store` image |
+| redisStore.image.defaultTag | string | `"6.11.2752@sha256:052660f3a3c892e9d2215efac515178a8fbe3b138111c0ec7b974422e8364c34"` | Docker image tag for the `redis-store` image |
| redisStore.image.name | string | `"redis-store"` | Docker image name for the `redis-store` image |
| redisStore.name | string | `"redis-store"` | Name used by resources. Does not affect service names or PVCs. |
| redisStore.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-store` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -292,7 +292,7 @@ In addition to the documented values, all services also support the following va
| redisStore.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| redisStore.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-store` data volume |
| searcher.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| searcher.image.defaultTag | string | `"6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336"` | Docker image tag for the `searcher` image |
+| searcher.image.defaultTag | string | `"6.11.2752@sha256:293f848dbc0baf87adab847ce46cfa95c38d9e56240950a17db5bc6c3a8b09ac"` | Docker image tag for the `searcher` image |
| searcher.image.name | string | `"searcher"` | Docker image name for the `searcher` image |
| searcher.name | string | `"searcher"` | Name used by resources. Does not affect service names or PVCs. |
| searcher.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `searcher` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -306,7 +306,7 @@ In addition to the documented values, all services also support the following va
| sourcegraph.disableKubernetesSecrets | bool | `false` | Disable the creation of Kubernetes secrets objects |
| sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag |
| sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy |
-| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix |
+| sourcegraph.image.repository | string | `"us-docker.pkg.dev/sourcegraph-images/internal"` | Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add extra labels to all resources |
@@ -327,7 +327,7 @@ In addition to the documented values, all services also support the following va
| storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation |
| syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| syntacticCodeIntel.enabled | bool | `false` | |
-| syntacticCodeIntel.image.defaultTag | string | `"6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c"` | Docker image tag for the `syntactic-code-intel-worker` image |
+| syntacticCodeIntel.image.defaultTag | string | `"6.11.2752@sha256:5c430f90e0e5203f0fa48448a971685cc13ac90688d0ed7719d4d57b73cae0c3"` | Docker image tag for the `syntactic-code-intel-worker` image |
| syntacticCodeIntel.image.name | string | `"syntactic-code-intel-worker"` | Docker image name for the `syntactic-code-intel-worker` image |
| syntacticCodeIntel.name | string | `"syntactic-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. |
| syntacticCodeIntel.podSecurityContext | object | `{}` | Security context for the `syntactic-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -337,7 +337,7 @@ In addition to the documented values, all services also support the following va
| syntacticCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntactic-code-intel-worker` |
| syntacticCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| syntectServer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntect-server` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| syntectServer.image.defaultTag | string | `"6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60"` | Docker image tag for the `syntect-server` image |
+| syntectServer.image.defaultTag | string | `"6.11.2752@sha256:045102114d1ffd20f2ecc6ae3084595db76794e737eeaaf3f4aa0628ac37bf95"` | Docker image tag for the `syntect-server` image |
| syntectServer.image.name | string | `"syntax-highlighter"` | Docker image name for the `syntect-server` image |
| syntectServer.name | string | `"syntect-server"` | Name used by resources. Does not affect service names or PVCs. |
| syntectServer.podSecurityContext | object | `{}` | Security context for the `syntect-server` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -348,7 +348,7 @@ In addition to the documented values, all services also support the following va
| worker.blocklist | list | `[]` | List of jobs to block globally If replicas are configured, use this values to block jobs instead of manually setting WORKER_JOB_BLOCKLIST |
| worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| worker.env | object | `{}` | Environment variables for the `worker` container |
-| worker.image.defaultTag | string | `"6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a"` | Docker image tag for the `worker` image |
+| worker.image.defaultTag | string | `"6.11.2752@sha256:8bb69a5bd65533c6585222bcb16854119944018c919d639190fd43b44160c3ce"` | Docker image tag for the `worker` image |
| worker.image.name | string | `"worker"` | Docker image name for the `worker` image |
| worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. |
| worker.podSecurityContext | object | `{}` | Security context for the `worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
diff --git a/charts/sourcegraph/examples/subchart/Chart.yaml b/charts/sourcegraph/examples/subchart/Chart.yaml
index 437f9b00..2b8ddb76 100644
--- a/charts/sourcegraph/examples/subchart/Chart.yaml
+++ b/charts/sourcegraph/examples/subchart/Chart.yaml
@@ -2,10 +2,10 @@ apiVersion: v2
name: sourcegraph-subchart
description: Customer-owned chart that inherits from Sourcegraph
type: application
-version: "5.11.0"
+version: "6.11.2752"
dependencies:
- name: sourcegraph
alias: sg # Optional, allows a custom name to be used
- version: "5.11.0"
+ version: "6.11.2752"
repository: "https://sourcegraph.github.io/deploy-sourcegraph-helm"
diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml
index 78ed3246..2b4c5e08 100644
--- a/charts/sourcegraph/values.yaml
+++ b/charts/sourcegraph/values.yaml
@@ -9,7 +9,7 @@ sourcegraph:
# -- Global docker image pull policy
pullPolicy: IfNotPresent
# -- Global docker image registry or prefix
- repository: index.docker.io/sourcegraph
+ repository: us-docker.pkg.dev/sourcegraph-images/internal
# -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags
useGlobalTagAsDefault: false
# -- Mount named secrets containing docker credentials
@@ -91,7 +91,7 @@ alpine:
# Used in init containers
image:
# -- Docker image tag for the `alpine` image
- defaultTag: 6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df
+ defaultTag: 6.11.2752@sha256:df97d9fad72aab628e70d31ac3415543e7b7017100648449f9c5ab87e92a67c7
# -- Docker image name for the `alpine` image
name: "alpine-3.14"
# -- Security context for the `alpine` initContainer,
@@ -116,7 +116,7 @@ cadvisor:
enabled: true
image:
# -- Docker image tag for the `cadvisor` image
- defaultTag: 6.0.0@sha256:48082a2822a727e22c556ae2c3bae5f5bf4528c7b462efc3c085271ee5145be8
+ defaultTag: 6.11.2752@sha256:6f196f57396556945b29039a9697cb97bdb1a32b08555018d85a42f4d88f0dbd
# -- Docker image name for the `cadvisor` image
name: "cadvisor"
# -- Name used by resources. Does not affect service names or PVCs.
@@ -181,7 +181,7 @@ codeInsightsDB:
additionalConfig: ""
image:
# -- Docker image tag for the `codeinsights-db` image
- defaultTag: 6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9
+ defaultTag: 6.11.2752@sha256:d270d0590b826649f9ac82c66cbfaaa45b1fad38f91d08aa3946521cbb19f43b
# -- Docker image name for the `codeinsights-db` image
name: "postgresql-16-codeinsights"
# -- Security context for the `codeinsights-db` container,
@@ -254,7 +254,7 @@ codeIntelDB:
additionalConfig: ""
image:
# -- Docker image tag for the `codeintel-db` image
- defaultTag: 6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb
+ defaultTag: 6.11.2752@sha256:eaba36971ee69fb3e071c9155ac3d62af84ad20e3f70155ff75ec1c61ef676c1
# -- Docker image name for the `codeintel-db` image
name: "postgresql-16"
# -- Security context for the `codeintel-db` container,
@@ -305,7 +305,7 @@ frontend:
value: http://prometheus:30090
image:
# -- Docker image tag for the `frontend` image
- defaultTag: 6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a
+ defaultTag: 6.11.2752@sha256:63d2e45df7cb9a46a59735a2852512485621a528cff894695a5b871dbab8a229
# -- Docker image name for the `frontend` image
name: "frontend"
ingress:
@@ -365,7 +365,7 @@ migrator:
enabled: true
image:
# -- Docker image tag for the `migrator` image
- defaultTag: 6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc
+ defaultTag: 6.11.2752@sha256:fa4c0c8d79c1e2e37fd0a625418f2299c8229ccdfb1de0adffdcb738c20e8b67
# -- Docker image name for the `migrator` image
name: "migrator"
# -- Environment variables for the `migrator` container
@@ -390,7 +390,7 @@ migrator:
gitserver:
image:
# -- Docker image tag for the `gitserver` image
- defaultTag: 6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35
+ defaultTag: 6.11.2752@sha256:e7f3751544f992bb41e11805a4a72cf698787712756588d510f4fb807a2f95c1
# -- Docker image name for the `gitserver` image
name: "gitserver"
# -- Name of existing Secret that contains SSH credentials to clone repositories.
@@ -458,7 +458,7 @@ grafana:
existingConfig: "" # Name of an existing configmap
image:
# -- Docker image tag for the `grafana` image
- defaultTag: 6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8
+ defaultTag: 6.11.2752@sha256:70d017e741d4096caf7bd237ea46c39b4bbab640cfbf5cae4b2849b6f887ad1c
# -- Docker image name for the `grafana` image
name: "grafana"
# -- Security context for the `grafana` container,
@@ -497,7 +497,7 @@ grafana:
indexedSearch:
image:
# -- Docker image tag for the `zoekt-webserver` image
- defaultTag: 6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323
+ defaultTag: 6.11.2752@sha256:e84d5944021f8e8a5f695a0df23226ba18b8520cb3de111e4fbc9fd0b3c5ada7
# -- Docker image name for the `zoekt-webserver` image
name: "indexed-searcher"
# -- Security context for the `zoekt-webserver` container,
@@ -538,7 +538,7 @@ indexedSearch:
indexedSearchIndexer:
image:
# -- Docker image tag for the `zoekt-indexserver` image
- defaultTag: 6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91
+ defaultTag: 6.11.2752@sha256:43d3847011eac4f5bc2a2f843b4929f0e4d7747f7b5d90b0d883f79aef77f2cd
# -- Docker image name for the `zoekt-indexserver` image
name: "search-indexer"
# -- Security context for the `zoekt-indexserver` container,
@@ -565,7 +565,7 @@ blobstore:
enabled: true
image:
# -- Docker image tag for the `blobstore` image
- defaultTag: 6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5
+ defaultTag: 6.11.2752@sha256:6e255ebfb906b8461a61742925376e78b9482cbc2a975a622ddc0fa8cb9b680f
# -- Docker image name for the `blobstore` image
name: "blobstore"
# -- Security context for the `blobstore` container,
@@ -604,7 +604,7 @@ openTelemetry:
enabled: true
image:
# -- Docker image tag for the `otel-collector` image
- defaultTag: 6.0.0@sha256:ef3e61a4f0a624523ecdee57d8b7757436c2389e0cf12401b4764d19c826ff8a
+ defaultTag: 6.11.2752@sha256:bd19d8a9ba096320b9af73ad3ca7cd3b26315062077d8d9f14f23ada6662bbea
# -- Docker image name for the `otel-collector` image
name: "opentelemetry-collector"
gateway:
@@ -671,7 +671,7 @@ nodeExporter:
enabled: true
image:
# -- Docker image tag for the `node-exporter` image
- defaultTag: 6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06
+ defaultTag: 6.11.2752@sha256:14cc720b3f500c1a6d516ec0f2d7b29daabbb448447fc75f89aadce4d54546f6
# -- Docker image name for the `node-exporter` image
name: "node-exporter"
# -- Name used by resources. Does not affect service names or PVCs.
@@ -742,7 +742,7 @@ pgsql:
additionalConfig: ""
image:
# -- Docker image tag for the `pgsql` image
- defaultTag: 6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb
+ defaultTag: 6.11.2752@sha256:eaba36971ee69fb3e071c9155ac3d62af84ad20e3f70155ff75ec1c61ef676c1
# -- Docker image name for the `pgsql` image
name: "postgresql-16"
# -- Security context for the `pgsql` container,
@@ -784,7 +784,7 @@ pgsql:
postgresExporter:
image:
# -- Docker image tag for the `pgsql-exporter` image
- defaultTag: 6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27
+ defaultTag: 6.11.2752@sha256:12f06f5052954ebf3efaeac71a5d9a4091e84f2ed6a24d87ef993bbeb305d70b
# -- Docker image name for the `pgsql-exporter` image
name: "postgres_exporter"
# -- Resource requests & limits for the `pgsql-exporter` sidecar container,
@@ -804,7 +804,7 @@ syntacticCodeIntel:
workerPort: 3188
image:
# -- Docker image tag for the `syntactic-code-intel-worker` image
- defaultTag: 6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c
+ defaultTag: 6.11.2752@sha256:5c430f90e0e5203f0fa48448a971685cc13ac90688d0ed7719d4d57b73cae0c3
# -- Docker image name for the `syntactic-code-intel-worker` image
name: "syntactic-code-intel-worker"
# -- Security context for the `syntactic-code-intel-worker` container,
@@ -843,7 +843,7 @@ preciseCodeIntel:
value: "4"
image:
# -- Docker image tag for the `precise-code-intel-worker` image
- defaultTag: 6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37
+ defaultTag: 6.11.2752@sha256:c8fb3bac5808b89bac058383ae994c9927758b64a92b5cff31d86a61ac227c6e
# -- Docker image name for the `precise-code-intel-worker` image
name: "precise-code-intel-worker"
# -- Security context for the `precise-code-intel-worker` container,
@@ -882,7 +882,7 @@ prometheus:
existingConfig: "" # Name of an existing configmap
image:
# -- Docker image tag for the `prometheus` image
- defaultTag: 6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f
+ defaultTag: 6.11.2752@sha256:41b4cabff778afe4be6370c4a3dc97c7af1a7683009bd6867f37f0b6e5d9eb58
# -- Docker image name for the `prometheus` image
name: "prometheus"
# -- Security context for the `prometheus` container,
@@ -934,7 +934,7 @@ redisCache:
enabled: true
image:
# -- Docker image tag for the `redis-cache` image
- defaultTag: 6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78
+ defaultTag: 6.11.2752@sha256:cf7f4557b6333a9c881d55b604712109d975bd10d5b47f85af08bf12ad81d886
# -- Docker image name for the `redis-cache` image
name: "redis-cache"
connection:
@@ -978,7 +978,7 @@ redisCache:
redisExporter:
image:
# -- Docker image tag for the `redis-exporter` image
- defaultTag: 6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af
+ defaultTag: 6.11.2752@sha256:27143eb7fb7ab5aa7b6d4ff027c97248fcc987670b796e5454f4dc7729001999
# -- Docker image name for the `redis-exporter` image
name: "redis_exporter"
# -- Security context for the `redis-exporter` sidecar container,
@@ -1010,7 +1010,7 @@ redisStore:
endpoint: "redis-store:6379"
image:
# -- Docker image tag for the `redis-store` image
- defaultTag: 6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be
+ defaultTag: 6.11.2752@sha256:052660f3a3c892e9d2215efac515178a8fbe3b138111c0ec7b974422e8364c34
# -- Docker image name for the `redis-store` image
name: "redis-store"
# -- Security context for the `redis-store` container,
@@ -1047,7 +1047,7 @@ redisStore:
searcher:
image:
# -- Docker image tag for the `searcher` image
- defaultTag: 6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336
+ defaultTag: 6.11.2752@sha256:293f848dbc0baf87adab847ce46cfa95c38d9e56240950a17db5bc6c3a8b09ac
# -- Docker image name for the `searcher` image
name: "searcher"
# -- Security context for the `searcher` container,
@@ -1108,7 +1108,7 @@ storageClass:
syntectServer:
image:
# -- Docker image tag for the `syntect-server` image
- defaultTag: 6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60
+ defaultTag: 6.11.2752@sha256:045102114d1ffd20f2ecc6ae3084595db76794e737eeaaf3f4aa0628ac37bf95
# -- Docker image name for the `syntect-server` image
name: "syntax-highlighter"
# -- Security context for the `syntect-server` container,
@@ -1156,7 +1156,7 @@ jaeger:
enabled: false
image:
# -- Docker image tag for the `jaeger` image
- defaultTag: 6.0.0@sha256:79548aa11d7e2e6bf3e2012fb9e046df12ba5c5410bc24ec8f4d7cbb880336b9
+ defaultTag: 6.11.2752@sha256:df58d506b85465a3f9e3ba0063da4f416bbfb372b84d7127d99ded168554e6fe
# -- Docker image name for the `jaeger` image
name: "jaeger-all-in-one"
# -- Name used by resources. Does not affect service names or PVCs.
@@ -1211,7 +1211,7 @@ jaeger:
worker:
image:
# -- Docker image tag for the `worker` image
- defaultTag: 6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a
+ defaultTag: 6.11.2752@sha256:8bb69a5bd65533c6585222bcb16854119944018c919d639190fd43b44160c3ce
# -- Docker image name for the `worker` image
name: "worker"
# -- Security context for the `worker` container,