Add Embeddings service (#283)

Author: jac

charts/sourcegraph/README.md

@@ -90,6 +90,19 @@ In addition to the documented values, all services also support the following va
 | codeIntelDB.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `codeintel-db` |
 | codeIntelDB.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
 | codeIntelDB.storageSize | string | `"200Gi"` | PVC Storage Request for `codeintel-db` data volume |
+| embeddings.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
+| embeddings.enabled | bool | `false` | Enable `embeddings` |
+| embeddings.env | object | `{}` | Environment variables for the `embeddings` container |
+| embeddings.extraVolumeMounts | object | `{}` |  |
+| embeddings.extraVolumes | object | `{}` |  |
+| embeddings.image.defaultTag | string | `"5.0.3@sha256:1d8f05ed57e361451d92eabbb3a0d90169c1108f48a274d556e43f541190e01a"` | Docker image tag for the `embeddings` image |
+| embeddings.image.name | string | `"embeddings"` | Docker image name for the `embeddings` image |
+| embeddings.name | string | `"embeddings"` | Name of the `embeddings` service |
+| embeddings.podSecurityContext | object | `{}` | Security context for the `embeddings` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
+| embeddings.resources | object | `{"limits":{"cpu":"8","memory":"64G"},"requests":{"cpu":"4","memory":"32G"}}` | Resource requests & limits for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| embeddings.serviceAccount.annotations | object | `{}` |  |
+| embeddings.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `embeddings` |
+| embeddings.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
 | extraResources | list | `[]` | Additional resources to include in the rendered manifest. Templates are supported. |
 | frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
 | frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container |
@@ -337,6 +350,7 @@ In addition to the documented values, all services also support the following va
 | syntectServer.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntect-server` |
 | syntectServer.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
 | worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
+| worker.env | object | `{}` | Environment variables for the `worker` container |
 | worker.image.defaultTag | string | `"5.0.3@sha256:85016eadcb12a5d94b8ff47192899572bbd33cbc19769b5b1c7c3cc48ca5a914"` | Docker image tag for the `worker` image |
 | worker.image.name | string | `"worker"` | Docker image name for the `worker` image |
 | worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. |

charts/sourcegraph/examples/external-object-storage-embeddings/override.yaml

@@ -0,0 +1,36 @@
+# Override file demonstrating the use of external Object Storage services
+# Learn more from the tutorial below
+# - https://docs.sourcegraph.com/cody/explanations/code_graph_context#storing-embedding-indexes
+
+# Disable deployment of the built-in object storage
+# Only disable if also using external storage for SCIP indexes
+blobstore:
+  enabled: false
+
+# we use YAML anchors and alias to keep override file clean
+objectStorageEnv: &objectStorageEnv
+  EMBEDDINGS_UPLOAD_BACKEND:
+    value: S3 # external object stoage type, one of "S3" or "GCS"
+  EMBEDDINGS_UPLOAD_BUCKET:
+    value: embedings-uploads # external object storage bucket name
+  EMBEDDINGS_UPLOAD_AWS_ENDPOINT:
+    value: https://s3.us-east-1.amazonaws.com
+  EMBEDDINGS_UPLOAD_AWS_REGION:
+    value: us-east-1
+  EMBEDDINGS_UPLOAD_AWS_ACCESS_KEY_ID:
+    secretKeyRef: # Pre-existing secret, not created by this chart
+      name: sourcegraph-s3-credentials
+      key: EMBEDDINGS_UPLOAD_AWS_ACCESS_KEY_ID
+  EMBEDDINGS_UPLOAD_AWS_SECRET_ACCESS_KEY:
+    secretKeyRef: # Pre-existing secret, not created by this chart
+      name: sourcegraph-s3-credentials
+      key: EMBEDDINGS_UPLOAD_AWS_SECRET_ACCESS_KEY
+
+embeddings:
+  enabled: true
+  env:
+    <<: *objectStorageEnv
+
+worker:
+  env:
+    <<: *objectStorageEnv

charts/sourcegraph/templates/embeddings/embeddings.Deployment.yaml

@@ -0,0 +1,92 @@
+{{- if .Values.embeddings.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.embeddings.name }}
+  annotations:
+    description: Handles embeddings which enhance Cody's context fetching
+  labels:
+    {{- include "sourcegraph.labels" . | nindent 4 }}
+    {{- if .Values.embeddings.labels }}
+      {{- toYaml .Values.embeddings.labels | nindent 4 }}
+    {{- end }}
+  deploy: sourcegraph
+  app.kubernetes.io/component: embeddings
+spec:
+  minReadySeconds: 10
+  replicas: 1
+  revisionHistoryLimit: {{ .Values.sourcegraph.revisionHistoryLimit }}
+  selector:
+    matchLabels:
+      {{- include "sourcegraph.selectorLabels" . | nindent 6 }}
+      app: {{ .Values.embeddings.name }}
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+      {{- if .Values.sourcegraph.podAnnotations }}
+      {{- toYaml .Values.sourcegraph.podAnnotations | nindent 8 }}
+      {{- end }}
+      {{- if .Values.embeddings.podAnnotations }}
+      {{- toYaml .Values.embeddings.podAnnotations | nindent 8 }}
+      {{- end }}
+      labels:
+        app: {{ .Values.embeddings.name }}
+        app.kubernetes.io/component: embeddings
+        deploy: sourcegraph
+      {{- include "sourcegraph.selectorLabels" . | nindent 8 }}
+      {{- if .Values.sourcegraph.podLabels }}
+      {{- toYaml .Values.sourcegraph.podLabels | nindent 8 }}
+      {{- end }}
+      {{- if .Values.embeddings.podLabels }}
+      {{- toYaml .Values.embeddings.podLabels | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+      - name: {{ .Values.embeddings.name }}
+        image: {{ include "sourcegraph.image" (list . "embeddings") }}
+        imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }}
+        env:
+        {{- range $name, $item := .Values.embeddings.env }}
+        - name: {{ $name }}
+          {{- $item | toYaml | nindent 10 }}
+        {{- end }}
+        {{- if not .Values.embeddings.env.EMBEDDINGS_UPLOAD_BACKEND }}
+        - name: EMBEDDINGS_UPLOAD_BACKEND
+          value: blobstore
+        {{- end }}
+        {{- if not .Values.embeddings.env.EMBEDDINGS_UPLOAD_AWS_ENDPOINT }}
+        - name: EMBEDDINGS_UPLOAD_AWS_ENDPOINT
+          value: http://blobstore:9000
+        {{- end }}
+        ports:
+        - containerPort: 9991
+          name: http
+          protocol: TCP
+        volumeMounts:
+          {{- if .Values.embeddings.extraVolumeMounts }}
+          {{- toYaml .Values.embeddings.extraVolumeMounts | nindent 8 }}
+          {{- end }}
+        {{- if not .Values.sourcegraph.localDevMode}}
+        resources:
+          {{- toYaml .Values.embeddings.resources | nindent 10 }}
+        {{- end }}
+        securityContext:
+          {{- toYaml .Values.embeddings.containerSecurityContext | nindent 10 }}
+      securityContext:
+        {{- toYaml .Values.embeddings.podSecurityContext | nindent 8 }}
+      {{- include "sourcegraph.nodeSelector" (list . "embeddings" ) | trim | nindent 6 }}
+      {{- include "sourcegraph.affinity" (list . "embeddings" ) | trim | nindent 6 }}
+      {{- include "sourcegraph.tolerations" (list . "embeddings" ) | trim | nindent 6 }}
+      {{- if .Values.embeddings.serviceAccount.create }}
+      serviceAccountName: {{ .Values.embeddings.serviceAccount.name }}
+      {{- end}}
+    volumes:
+      {{- if .Values.embeddings.extraVolumes }}
+      {{- toYaml .Values.embeddings.extraVolumes | nindent 6 }}
+      {{- end }}
+{{- end }}

charts/sourcegraph/templates/embeddings/embeddings.Service.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.embeddings.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "6060"
+    sourcegraph.prometheus/scrape: "true"
+    {{- if .Values.frontend.serviceAnnotations }}
+    {{- toYaml .Values.frontend.serviceAnnotations | nindent 4 }}
+    {{- end }}
+  labels:
+    app: {{ .Values.embeddings.name }}
+    deploy: sourcegraph
+    app.kubernetes.io/component: embeddings
+    {{- if .Values.sourcegraph.serviceLabels }}
+      {{- toYaml .Values.sourcegraph.serviceLabels | nindent 4 }}
+    {{- end }}
+  name: {{ .Values.embeddings.name }}
+spec:
+  ports:
+  - name: http
+    port: 9991
+    protocol: TCP
+    targetPort: http
+  selector:
+    {{- include "sourcegraph.selectorLabels" . | nindent 4 }}
+    app: {{ .Values.embeddings.name }}
+  type: {{ .Values.embeddings.serviceType | default "ClusterIP" }}
+{{- end }}

charts/sourcegraph/templates/embeddings/embeddings.ServiceAccount.yaml

@@ -0,0 +1,11 @@
+{{- if and .Values.embeddings.enabled .Values.embeddings.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    category: rbac
+    deploy: sourcegraph
+    app.kubernetes.io/component: {{ .Values.embeddings.name }}
+  {{- include "sourcegraph.serviceAccountAnnotations" (list . "embeddings") | trim | nindent 2 }}
+  name: {{ include "sourcegraph.serviceAccountName" (list . "embeddings") }}
+{{- end }}

charts/sourcegraph/templates/worker/worker.Deployment.yaml

@@ -60,6 +60,14 @@ spec:
         - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT
           value: http://blobstore:9000
         {{- end }}
+        {{- if and .Values.embeddings.enabled (not .Values.worker.env.EMBEDDINGS_UPLOAD_BACKEND) }}
+        - name: EMBEDDINGS_UPLOAD_BACKEND
+          value: blobstore
+        {{- end }}
+        {{- if and .Values.embeddings.enabled (not .Values.worker.env.EMBEDDINGS_UPLOAD_AWS_ENDPOINT) }}
+        - name: EMBEDDINGS_UPLOAD_AWS_ENDPOINT
+          value: http://blobstore:9000
+        {{- end }}
         - name: POD_NAME
           valueFrom:
             fieldRef:

charts/sourcegraph/values.yaml

@@ -283,6 +283,46 @@ codeIntelDB:
   # -- PVC Storage Request for `codeintel-db` data volume
   storageSize: 200Gi
 
+embeddings:
+  # -- Enable `embeddings`
+  enabled: false
+  # -- Name of the `embeddings` service
+  name: embeddings
+  image:
+    # -- Docker image name for the `embeddings` image
+    name: "embeddings"
+    # -- Docker image tag for the `embeddings` image
+    defaultTag: "5.0.3@sha256:1d8f05ed57e361451d92eabbb3a0d90169c1108f48a274d556e43f541190e01a"
+  # -- Resource requests & limits for the `worker` container,
+  # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+  resources:
+    limits:
+      cpu: "8"
+      memory: 64G
+    requests:
+      cpu: "4"
+      memory: 32G
+  # -- Environment variables for the `embeddings` container
+  env: {}
+  # -- Security context for the `worker` container,
+  # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    runAsUser: 100
+    runAsGroup: 101
+    readOnlyRootFilesystem: true
+  # -- Security context for the `embeddings` container,
+  # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)
+  podSecurityContext: {}
+  serviceAccount:
+    # -- Enable creation of ServiceAccount for `embeddings`
+    create: false
+    # -- Name of the ServiceAccount to be created or an existing ServiceAccount
+    name: ""
+    annotations: {}
+  extraVolumeMounts: {}
+  extraVolumes: {}
+
 frontend:
   # -- Environment variables for the `frontend` container
   # @default -- the chart will add some default environment values
@@ -1240,6 +1280,8 @@ worker:
     readOnlyRootFilesystem: true
   # -- Name used by resources. Does not affect service names or PVCs.
   name: "worker"
+  # -- Environment variables for the `worker` container
+  env: {}
   # -- Security context for the `worker` pod,
   # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
   podSecurityContext: {}