From 0b4962cbf3bc0cad897575eb493c7714d2a93a7f Mon Sep 17 00:00:00 2001 From: Jacob Pleiness Date: Thu, 19 Sep 2024 11:44:45 -0400 Subject: [PATCH 1/2] update images --- charts/sourcegraph-appliance/values.yaml | 4 +- charts/sourcegraph-executor/dind/values.yaml | 2 +- charts/sourcegraph-executor/k8s/values.yaml | 2 +- charts/sourcegraph-migrator/values.yaml | 2 +- charts/sourcegraph/values.yaml | 52 ++++++++++---------- 5 files changed, 31 insertions(+), 31 deletions(-) diff --git a/charts/sourcegraph-appliance/values.yaml b/charts/sourcegraph-appliance/values.yaml index 1c61c39b..34f59874 100644 --- a/charts/sourcegraph-appliance/values.yaml +++ b/charts/sourcegraph-appliance/values.yaml @@ -20,7 +20,7 @@ sourcegraph: backend: image: name: appliance - defaultTag: "5.6.0@sha256:ace022ecd58fdbca9a51b4100afacd19ecf2afca5dbe62ccb087c66639fb130f" + defaultTag: "5.7.2474@sha256:12d5be024316bdecb0069d654b84e16194f8094ac3925e15fb7a729b3f580ea7" imagePullSecrets: [] nameOverride: "" @@ -107,7 +107,7 @@ frontend: image: name: appliance-frontend # Overrides the image tag whose default is the chart appVersion. - defaultTag: "5.6.0@sha256:812c91b6551bab5894fa2cd9c35ff636652d00c7272841d67310d440543cafbe" + defaultTag: "5.7.2474@sha256:2d99136ebf9db9f7ee5b78e48f6c6746e3a1dc19bbd5034fc78c60499cff33fb" selfUpdate: enabled: true diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml index 169a6e38..42980a71 100644 --- a/charts/sourcegraph-executor/dind/values.yaml +++ b/charts/sourcegraph-executor/dind/values.yaml @@ -55,7 +55,7 @@ storageClass: executor: enabled: true image: - defaultTag: 5.6.185@sha256:bb44086165383ddd691275ec679766bc58e85bc5be47462493b40596f9136e69 + defaultTag: 5.7.2474@sha256:6e92a29e9401422f7b97b99ea8f5808fbe04e8d783f97e3855c1d1d0d65614e8 name: "executor" replicaCount: 1 env: diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml index 01383a87..8d1d8f52 100644 --- a/charts/sourcegraph-executor/k8s/values.yaml +++ b/charts/sourcegraph-executor/k8s/values.yaml @@ -57,7 +57,7 @@ executor: configureRbac: true replicas: 1 image: - defaultTag: 5.6.185@sha256:1814b04535f73cffea20a768f72441faee57cb1ec3287e9328a21a149ace8763 + defaultTag: 5.7.2474@sha256:35c7862fb8d52790d42248ede663f463108899eed1837ab7ae76a36977aa54f9 name: "executor-kubernetes" # -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). # This will avoid unnecessary network charges as traffic will stay within the local network. diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml index 9e1a5a84..084a7ad7 100644 --- a/charts/sourcegraph-migrator/values.yaml +++ b/charts/sourcegraph-migrator/values.yaml @@ -102,7 +102,7 @@ pgsql: migrator: image: # -- Docker image tag for the `migrator` image - defaultTag: 5.6.185@sha256:c723f514cf1eb217fb8c8ca54d174a4cdf2a1f912d949fe77dc88cbe15673307 + defaultTag: 5.7.2474@sha256:48e80b33b630f264b803ebdd251ea6bb6ee2d2af3c8a80c48c1b325e2f1a8d07 # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 28ec3a79..a67b639d 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -86,7 +86,7 @@ sourcegraph: alpine: # Used in init containers image: # -- Docker image tag for the `alpine` image - defaultTag: 5.6.185@sha256:7b2ecc8f4ed6a0dd1175ad81a3b3f32ebe4b9ab2cea4cbc25aabad5d0da76ab4 + defaultTag: 5.7.2474@sha256:3effffaad1e83edaf2bd95568a813d7f23062bafcd236340bb3da6659ed16169 # -- Docker image name for the `alpine` image name: "alpine-3.14" # -- Security context for the `alpine` initContainer, @@ -111,7 +111,7 @@ cadvisor: enabled: true image: # -- Docker image tag for the `cadvisor` image - defaultTag: 5.6.185@sha256:91fef9d8f036927f6218fb507be07cab003e9412ff8aa081416ebe0e9cd77b7b + defaultTag: 5.7.2474@sha256:d99b602a9a8dde9cfb8eed632de25f0148a71025ccb1353460b949f0120e7093 # -- Docker image name for the `cadvisor` image name: "cadvisor" # -- Name used by resources. Does not affect service names or PVCs. @@ -174,7 +174,7 @@ codeInsightsDB: additionalConfig: "" image: # -- Docker image tag for the `codeinsights-db` image - defaultTag: 5.6.185@sha256:11730061fdd4bcf70df3beb3be06f1b72ef9f9ef3974900a6a8c67dc270c57f9 + defaultTag: 5.7.2474@sha256:2651f9a245ac27c61c40a8e1f1ae1a0abb02775e8832999accb9966c905430cf # -- Docker image name for the `codeinsights-db` image name: "codeinsights-db" # -- Security context for the `codeinsights-db` container, @@ -245,7 +245,7 @@ codeIntelDB: additionalConfig: "" image: # -- Docker image tag for the `codeintel-db` image - defaultTag: 5.6.185@sha256:07ba8ce3524bea1e9252c69917ea69865a028dd54d458728f88ae1f858a7eae9 + defaultTag: 5.7.2474@sha256:214d1c9c9a33b954347ee1dd8f78a762a018bdd8f70dc4cfb1e749322bb27382 # -- Docker image name for the `codeintel-db` image name: "codeintel-db" # -- Security context for the `codeintel-db` container, @@ -296,7 +296,7 @@ frontend: value: http://prometheus:30090 image: # -- Docker image tag for the `frontend` image - defaultTag: 5.6.185@sha256:99d33f1a7fbbc96dca9c68ed299968603f926b690a326308e8ee62fae534e24b + defaultTag: 5.7.2474@sha256:33d50c943c6ecc0a6af76cebafcb6f29dc916819c33b3f5b5604515dce5cf8e5 # -- Docker image name for the `frontend` image name: "frontend" ingress: @@ -354,7 +354,7 @@ migrator: enabled: true image: # -- Docker image tag for the `migrator` image - defaultTag: 5.6.185@sha256:c723f514cf1eb217fb8c8ca54d174a4cdf2a1f912d949fe77dc88cbe15673307 + defaultTag: 5.7.2474@sha256:48e80b33b630f264b803ebdd251ea6bb6ee2d2af3c8a80c48c1b325e2f1a8d07 # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container @@ -379,7 +379,7 @@ migrator: gitserver: image: # -- Docker image tag for the `gitserver` image - defaultTag: 5.6.185@sha256:5a40cfc811de5c601bc7ef843619b685aec73ab7739e04210720c6c618506f26 + defaultTag: 5.7.2474@sha256:35628e78cbf79f7af704c0f33d6c14a062dbfff5e9a28e058004eff7abfca018 # -- Docker image name for the `gitserver` image name: "gitserver" # -- Name of existing Secret that contains SSH credentials to clone repositories. @@ -428,7 +428,7 @@ grafana: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `grafana` image - defaultTag: 5.6.185@sha256:0a8cef20bed768048074d39802703963f1b5e1a0907aa7f692867701de75ca60 + defaultTag: 5.7.2474@sha256:36cb2d8bd202ddf8c9e93224dbe7dfc72d2afe9659041374df89a65aa1ccc654 # -- Docker image name for the `grafana` image name: "grafana" # -- Security context for the `grafana` container, @@ -467,7 +467,7 @@ grafana: indexedSearch: image: # -- Docker image tag for the `zoekt-webserver` image - defaultTag: 5.6.185@sha256:d12773366ff8194828005dae8975f2535cca0f173f033be37f79fddb4a5c4ddb + defaultTag: 5.7.2474@sha256:c51fd73507aa361c0df4ab8bf342b0331a210879aa37932a4d7f02ea9b63b10a # -- Docker image name for the `zoekt-webserver` image name: "indexed-searcher" # -- Security context for the `zoekt-webserver` container, @@ -508,7 +508,7 @@ indexedSearch: indexedSearchIndexer: image: # -- Docker image tag for the `zoekt-indexserver` image - defaultTag: 5.6.185@sha256:d9882354fa07f5168ae981cd80776c9b13048502bc63a3ea217a7abdff49149a + defaultTag: 5.7.2474@sha256:21a035df820a4f27b9c98f800edf07cceea5e62c39091328ca86478ac5a7d1d2 # -- Docker image name for the `zoekt-indexserver` image name: "search-indexer" # -- Security context for the `zoekt-indexserver` container, @@ -535,7 +535,7 @@ blobstore: enabled: true image: # -- Docker image tag for the `blobstore` image - defaultTag: 5.6.185@sha256:a8906b3be4c2e954e1ee630e8371bc626712cb3d64793fdbeb3be7df5b6f8713 + defaultTag: 5.7.2474@sha256:16e41fc5e9f76ec1860411eb92a2ce599d6e972cf72598cb4d954f2f29448c79 # -- Docker image name for the `blobstore` image name: "blobstore" # -- Security context for the `blobstore` container, @@ -574,7 +574,7 @@ openTelemetry: enabled: true image: # -- Docker image tag for the `otel-collector` image - defaultTag: 5.6.185@sha256:6d5fdb5bcadc518c2580662f28788b5866a48a848d2551d795221e49e1814452 + defaultTag: 5.7.2474@sha256:b3aca231b894540aaef5e5fa7229beb994e0943f694b5d1e3b2ca6007661be40 # -- Docker image name for the `otel-collector` image name: "opentelemetry-collector" gateway: @@ -641,7 +641,7 @@ nodeExporter: enabled: true image: # -- Docker image tag for the `node-exporter` image - defaultTag: 5.6.185@sha256:76798c4a14a3d6b67cd062c297e910ea42311d182668ab20dc38e5892f3d7796 + defaultTag: 5.7.2474@sha256:ec13a36598f32a0d5cc393f20143b3ea0910bd709d53057c4b8e27812242cadb # -- Docker image name for the `node-exporter` image name: "node-exporter" # -- Name used by resources. Does not affect service names or PVCs. @@ -710,7 +710,7 @@ pgsql: additionalConfig: "" image: # -- Docker image tag for the `pgsql` image - defaultTag: 5.6.185@sha256:07ba8ce3524bea1e9252c69917ea69865a028dd54d458728f88ae1f858a7eae9 + defaultTag: 5.7.2474@sha256:214d1c9c9a33b954347ee1dd8f78a762a018bdd8f70dc4cfb1e749322bb27382 # -- Docker image name for the `pgsql` image name: "postgres-12-alpine" # -- Security context for the `pgsql` container, @@ -752,7 +752,7 @@ pgsql: postgresExporter: image: # -- Docker image tag for the `pgsql-exporter` image - defaultTag: 5.6.185@sha256:5654133c53f06d5167ed92dcc978c86dd94b1cab4d818b235318958930cbaae3 + defaultTag: 5.7.2474@sha256:47e42bcc6f7ee8dad6192f5b375f618f276ca97d59be855709614323ce07153c # -- Docker image name for the `pgsql-exporter` image name: "postgres_exporter" # -- Resource requests & limits for the `pgsql-exporter` sidecar container, @@ -812,7 +812,7 @@ preciseCodeIntel: value: "4" image: # -- Docker image tag for the `precise-code-intel-worker` image - defaultTag: 5.6.185@sha256:3e7693b5feabffd2fde441be8772297497e28ba0c77d21ab0684272814d0fde4 + defaultTag: 5.7.2474@sha256:1c1b8c12f0e441f97ea1dc2aa4c98b3423c0fb3ee00ba0cc50dace76bb8b2f41 # -- Docker image name for the `precise-code-intel-worker` image name: "precise-code-intel-worker" # -- Security context for the `precise-code-intel-worker` container, @@ -851,7 +851,7 @@ prometheus: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `prometheus` image - defaultTag: 5.6.185@sha256:39cc8f35fb46db19a5e36c3bc05144daada4fdd3dd4d195141e0edeac47f3d9d + defaultTag: 5.7.2474@sha256:52276fe60c9f5f365822e40fac28633a0399f15bf027c75bdf286b8845365ec0 # -- Docker image name for the `prometheus` image name: "prometheus" # -- Security context for the `prometheus` container, @@ -901,7 +901,7 @@ redisCache: enabled: true image: # -- Docker image tag for the `redis-cache` image - defaultTag: 5.6.185@sha256:c76bc920573b771e4d974ffb393272f5e1684437d07f7fb966411f20f5e07be6 + defaultTag: 5.7.2474@sha256:982141e7bfee156ae59ffde9a105f04924d6a412372a557457086424c7a36a45 # -- Docker image name for the `redis-cache` image name: "redis-cache" connection: @@ -945,7 +945,7 @@ redisCache: redisExporter: image: # -- Docker image tag for the `redis-exporter` image - defaultTag: 5.6.185@sha256:4c585d464f734a0b833215a5b9a531e8753cd77b6a2f94bb6ea61f782e5dae03 + defaultTag: 5.7.2474@sha256:98b61b5744926f7a08c599b5d6718e24581bcee338691a28a970b1aee55dfb9e # -- Docker image name for the `redis-exporter` image name: "redis_exporter" # -- Security context for the `redis-exporter` sidecar container, @@ -977,7 +977,7 @@ redisStore: endpoint: "redis-store:6379" image: # -- Docker image tag for the `redis-store` image - defaultTag: 5.6.185@sha256:9a0af32842813a3b2f3ee23ce04bcdad9b02a7b56d075f4fa795b10a50ad25a1 + defaultTag: 5.7.2474@sha256:31801e8876b5f28acf8e3d632f0663d33c3d8ece234007f760700c122f83539d # -- Docker image name for the `redis-store` image name: "redis-store" # -- Security context for the `redis-store` container, @@ -1014,7 +1014,7 @@ redisStore: repoUpdater: image: # -- Docker image tag for the `repo-updater` image - defaultTag: 5.6.185@sha256:86e7fbdffd9642e9f7be8dcb6fc5faa6bc9248689d2ae922eeba4c3800acb511 + defaultTag: 5.7.2474@sha256:4034feb9e7de5cdf490458f3750130177a2693e17cedf904952bd1d3ce9ec9a0 # -- Docker image name for the `repo-updater` image name: "repo-updater" # -- Security context for the `repo-updater` container, @@ -1047,7 +1047,7 @@ repoUpdater: searcher: image: # -- Docker image tag for the `searcher` image - defaultTag: 5.6.185@sha256:15a3bee6ab6295fccef5c5b06703719d49f0abe1c2dea23b069e98313aa80b08 + defaultTag: 5.7.2474@sha256:0c5d5fb35090d3b69698604a913435e41d7c4ed023a248b1e59ec92ab51def9d # -- Docker image name for the `searcher` image name: "searcher" # -- Security context for the `searcher` container, @@ -1108,7 +1108,7 @@ storageClass: symbols: image: # -- Docker image tag for the `symbols` image - defaultTag: 5.6.185@sha256:fd878be81d9d61285458e318858d33a8ac738cafe6388f1dc21b21ff173c7823 + defaultTag: 5.7.2474@sha256:e550a17136710290648135499cacb4bfd2eced49db3499d78bace578e7cfa4ca # -- Docker image name for the `symbols` image name: "symbols" # -- Security context for the `symbols` container, @@ -1148,7 +1148,7 @@ symbols: syntectServer: image: # -- Docker image tag for the `syntect-server` image - defaultTag: 5.6.185@sha256:b9f59850b43b407bd4e67c7d38c51cded85efd9d284acea90654499d98eebb0c + defaultTag: 5.7.2474@sha256:dfb67d23d483de337723fab48e2d1449e4fe8aab5eeb34447482eefd1a32a779 # -- Docker image name for the `syntect-server` image name: "syntax-highlighter" # -- Security context for the `syntect-server` container, @@ -1196,7 +1196,7 @@ jaeger: enabled: false image: # -- Docker image tag for the `jaeger` image - defaultTag: 5.6.185@sha256:c0411e4910926c92896b3ec6cf4b2f5dc0d6c99cb7433035406f57b51cdab2ef + defaultTag: 5.7.2474@sha256:b9d2a2825fcb590373c98c073ccc53f7bbe7ff4e74b75715e7cb488feb17243e # -- Docker image name for the `jaeger` image name: "jaeger-all-in-one" # -- Name used by resources. Does not affect service names or PVCs. @@ -1244,7 +1244,7 @@ jaeger: worker: image: # -- Docker image tag for the `worker` image - defaultTag: 5.6.185@sha256:8d8666abf5ff5f0cfb4e6724d657c271c9a7b13ee6386fabbab7bc67d5567191 + defaultTag: 5.7.2474@sha256:f70b632268bdbadab15704b5d31bc1a18e676aaa40b97d349de4490d96032f3a # -- Docker image name for the `worker` image name: "worker" # -- Security context for the `worker` container, From c77fb1c17830355c960bc8717769e77e3e3be284 Mon Sep 17 00:00:00 2001 From: Jacob Pleiness Date: Thu, 19 Sep 2024 12:13:14 -0400 Subject: [PATCH 2/2] Update docs --- charts/sourcegraph-appliance/README.md | 4 +- charts/sourcegraph-executor/dind/README.md | 2 +- charts/sourcegraph-executor/k8s/README.md | 2 +- charts/sourcegraph-migrator/README.md | 2 +- charts/sourcegraph/README.md | 52 +++++++++++----------- 5 files changed, 31 insertions(+), 31 deletions(-) diff --git a/charts/sourcegraph-appliance/README.md b/charts/sourcegraph-appliance/README.md index c7e43ebf..dfabad64 100644 --- a/charts/sourcegraph-appliance/README.md +++ b/charts/sourcegraph-appliance/README.md @@ -30,9 +30,9 @@ In addition to the documented values, all services also support the following va |-----|------|---------|-------------| | affinity | object | `{}` | | | airgap.enabled | bool | `false` | | -| backend.image.defaultTag | string | `"5.6.0@sha256:ace022ecd58fdbca9a51b4100afacd19ecf2afca5dbe62ccb087c66639fb130f"` | | +| backend.image.defaultTag | string | `"5.7.2474@sha256:12d5be024316bdecb0069d654b84e16194f8094ac3925e15fb7a729b3f580ea7"` | | | backend.image.name | string | `"appliance"` | | -| frontend.image.defaultTag | string | `"5.6.0@sha256:812c91b6551bab5894fa2cd9c35ff636652d00c7272841d67310d440543cafbe"` | | +| frontend.image.defaultTag | string | `"5.7.2474@sha256:2d99136ebf9db9f7ee5b78e48f6c6746e3a1dc19bbd5034fc78c60499cff33fb"` | | | frontend.image.name | string | `"appliance-frontend"` | | | fullnameOverride | string | `""` | | | imagePullSecrets | list | `[]` | | diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md index 1ba7e662..3e69014e 100644 --- a/charts/sourcegraph-executor/dind/README.md +++ b/charts/sourcegraph-executor/dind/README.md @@ -60,7 +60,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.env.EXECUTOR_FRONTEND_URL | object | `{"value":""}` | The external URL of the Sourcegraph instance. Required. | | executor.env.EXECUTOR_QUEUE_NAME | object | `{"value":""}` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAMES is required.** | | executor.env.EXECUTOR_QUEUE_NAMES | object | `{"value":""}` | The comma-separated list of names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAME is required.** | -| executor.image.defaultTag | string | `"5.6.185@sha256:bb44086165383ddd691275ec679766bc58e85bc5be47462493b40596f9136e69"` | | +| executor.image.defaultTag | string | `"5.7.2474@sha256:6e92a29e9401422f7b97b99ea8f5808fbe04e8d783f97e3855c1d1d0d65614e8"` | | | executor.image.name | string | `"executor"` | | | executor.replicaCount | int | `1` | | | privateDockerRegistry.enabled | bool | `true` | Whether to deploy the private registry. Only one registry is needed when deploying multiple executors. More information: https://docs.sourcegraph.com/admin/executors/deploy_executors#using-private-registries | diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md index e9bbb8a0..aec41660 100644 --- a/charts/sourcegraph-executor/k8s/README.md +++ b/charts/sourcegraph-executor/k8s/README.md @@ -61,7 +61,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. | | executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. | | executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. | -| executor.image.defaultTag | string | `"5.6.185@sha256:1814b04535f73cffea20a768f72441faee57cb1ec3287e9328a21a149ace8763"` | | +| executor.image.defaultTag | string | `"5.7.2474@sha256:35c7862fb8d52790d42248ede663f463108899eed1837ab7ae76a36977aa54f9"` | | | executor.image.name | string | `"executor-kubernetes"` | | | executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. | | executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. | diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md index 5c37d3aa..01dd8d76 100644 --- a/charts/sourcegraph-migrator/README.md +++ b/charts/sourcegraph-migrator/README.md @@ -80,7 +80,7 @@ In addition to the documented values, the `migrator` service also supports the f | migrator.args | list | `["up","-db=all"]` | Override default `migrator` container args Available commands can be found at https://docs.sourcegraph.com/admin/how-to/manual_database_migrations | | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"5.6.185@sha256:c723f514cf1eb217fb8c8ca54d174a4cdf2a1f912d949fe77dc88cbe15673307"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"5.7.2474@sha256:48e80b33b630f264b803ebdd251ea6bb6ee2d2af3c8a80c48c1b325e2f1a8d07"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | pgsql.auth.existingSecret | string | `""` | Name of existing secret to use for pgsql credentials This should match the setting in the sourcegraph chart values | diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 071933cd..14963d2c 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -28,12 +28,12 @@ In addition to the documented values, all services also support the following va | Key | Type | Default | Description | |-----|------|---------|-------------| | alpine.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| alpine.image.defaultTag | string | `"5.6.185@sha256:7b2ecc8f4ed6a0dd1175ad81a3b3f32ebe4b9ab2cea4cbc25aabad5d0da76ab4"` | Docker image tag for the `alpine` image | +| alpine.image.defaultTag | string | `"5.7.2474@sha256:3effffaad1e83edaf2bd95568a813d7f23062bafcd236340bb3da6659ed16169"` | Docker image tag for the `alpine` image | | alpine.image.name | string | `"alpine-3.14"` | Docker image name for the `alpine` image | | alpine.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | blobstore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | blobstore.enabled | bool | `true` | Enable `blobstore` (S3 compatible storage) | -| blobstore.image.defaultTag | string | `"5.6.185@sha256:a8906b3be4c2e954e1ee630e8371bc626712cb3d64793fdbeb3be7df5b6f8713"` | Docker image tag for the `blobstore` image | +| blobstore.image.defaultTag | string | `"5.7.2474@sha256:16e41fc5e9f76ec1860411eb92a2ce599d6e972cf72598cb4d954f2f29448c79"` | Docker image tag for the `blobstore` image | | blobstore.image.name | string | `"blobstore"` | Docker image name for the `blobstore` image | | blobstore.name | string | `"blobstore"` | Name used by resources. Does not affect service names or PVCs. | | blobstore.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -43,7 +43,7 @@ In addition to the documented values, all services also support the following va | blobstore.storageSize | string | `"100Gi"` | PVC Storage Request for `blobstore` data volume | | cadvisor.containerSecurityContext | object | `{"privileged":true}` | Security context for the `cadvisor` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | cadvisor.enabled | bool | `true` | Enable `cadvisor` | -| cadvisor.image.defaultTag | string | `"5.6.185@sha256:91fef9d8f036927f6218fb507be07cab003e9412ff8aa081416ebe0e9cd77b7b"` | Docker image tag for the `cadvisor` image | +| cadvisor.image.defaultTag | string | `"5.7.2474@sha256:d99b602a9a8dde9cfb8eed632de25f0148a71025ccb1353460b949f0120e7093"` | Docker image tag for the `cadvisor` image | | cadvisor.image.name | string | `"cadvisor"` | Docker image name for the `cadvisor` image | | cadvisor.name | string | `"cadvisor"` | Name used by resources. Does not affect service names or PVCs. | | cadvisor.podSecurityPolicy.enabled | bool | `false` | Enable [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for `cadvisor` pods | @@ -61,7 +61,7 @@ In addition to the documented values, all services also support the following va | codeInsightsDB.enabled | bool | `true` | Enable `codeinsights-db` PostgreSQL server | | codeInsightsDB.env | object | `{}` | Environment variables for the `codeinsights-db` container | | codeInsightsDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeinsights-db`. It must contain a `postgresql.conf` key. | -| codeInsightsDB.image.defaultTag | string | `"5.6.185@sha256:11730061fdd4bcf70df3beb3be06f1b72ef9f9ef3974900a6a8c67dc270c57f9"` | Docker image tag for the `codeinsights-db` image | +| codeInsightsDB.image.defaultTag | string | `"5.7.2474@sha256:2651f9a245ac27c61c40a8e1f1ae1a0abb02775e8832999accb9966c905430cf"` | Docker image tag for the `codeinsights-db` image | | codeInsightsDB.image.name | string | `"codeinsights-db"` | Docker image name for the `codeinsights-db` image | | codeInsightsDB.init.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeInsightsDB.name | string | `"codeinsights-db"` | Name used by resources. Does not affect service names or PVCs. | @@ -81,7 +81,7 @@ In addition to the documented values, all services also support the following va | codeIntelDB.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `codeintel-db` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeIntelDB.enabled | bool | `true` | Enable `codeintel-db` PostgreSQL server | | codeIntelDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeintel-db`. It must contain a `postgresql.conf` key | -| codeIntelDB.image.defaultTag | string | `"5.6.185@sha256:07ba8ce3524bea1e9252c69917ea69865a028dd54d458728f88ae1f858a7eae9"` | Docker image tag for the `codeintel-db` image | +| codeIntelDB.image.defaultTag | string | `"5.7.2474@sha256:214d1c9c9a33b954347ee1dd8f78a762a018bdd8f70dc4cfb1e749322bb27382"` | Docker image tag for the `codeintel-db` image | | codeIntelDB.image.name | string | `"codeintel-db"` | Docker image name for the `codeintel-db` image | | codeIntelDB.name | string | `"codeintel-db"` | Name used by resources. Does not affect service names or PVCs. | | codeIntelDB.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999}` | Security context for the `codeintel-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -93,7 +93,7 @@ In addition to the documented values, all services also support the following va | extraResources | list | `[]` | Additional resources to include in the rendered manifest. Templates are supported. | | frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container | -| frontend.image.defaultTag | string | `"5.6.185@sha256:99d33f1a7fbbc96dca9c68ed299968603f926b690a326308e8ee62fae534e24b"` | Docker image tag for the `frontend` image | +| frontend.image.defaultTag | string | `"5.7.2474@sha256:33d50c943c6ecc0a6af76cebafcb6f29dc916819c33b3f5b5604515dce5cf8e5"` | Docker image tag for the `frontend` image | | frontend.image.name | string | `"frontend"` | Docker image name for the `frontend` image | | frontend.ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"}` | Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by [cert-manager](https://cert-manager.io/docs/usage/ingress/) | | frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | [Deprecated annotation](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use `ingressClassName` instead and set an override value of `null` for this annotation. | @@ -109,7 +109,7 @@ In addition to the documented values, all services also support the following va | frontend.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for `frontend` | | frontend.serviceAccount.name | string | `"sourcegraph-frontend"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | gitserver.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| gitserver.image.defaultTag | string | `"5.6.185@sha256:5a40cfc811de5c601bc7ef843619b685aec73ab7739e04210720c6c618506f26"` | Docker image tag for the `gitserver` image | +| gitserver.image.defaultTag | string | `"5.7.2474@sha256:35628e78cbf79f7af704c0f33d6c14a062dbfff5e9a28e058004eff7abfca018"` | Docker image tag for the `gitserver` image | | gitserver.image.name | string | `"gitserver"` | Docker image name for the `gitserver` image | | gitserver.name | string | `"gitserver"` | Name used by resources. Does not affect service names or PVCs. | | gitserver.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -122,7 +122,7 @@ In addition to the documented values, all services also support the following va | grafana.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | grafana.enabled | bool | `true` | Enable `grafana` dashboard (recommended) | | grafana.existingConfig | string | `""` | Name of existing ConfigMap for `grafana`. It must contain a `datasources.yml` key. | -| grafana.image.defaultTag | string | `"5.6.185@sha256:0a8cef20bed768048074d39802703963f1b5e1a0907aa7f692867701de75ca60"` | Docker image tag for the `grafana` image | +| grafana.image.defaultTag | string | `"5.7.2474@sha256:36cb2d8bd202ddf8c9e93224dbe7dfc72d2afe9659041374df89a65aa1ccc654"` | Docker image tag for the `grafana` image | | grafana.image.name | string | `"grafana"` | Docker image name for the `grafana` image | | grafana.name | string | `"grafana"` | Name used by resources. Does not affect service names or PVCs. | | grafana.podSecurityContext | object | `{"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -131,7 +131,7 @@ In addition to the documented values, all services also support the following va | grafana.serviceAccount.name | string | `"grafana"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | grafana.storageSize | string | `"2Gi"` | PVC Storage Request for `grafana` data volume | | indexedSearch.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-webserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearch.image.defaultTag | string | `"5.6.185@sha256:d12773366ff8194828005dae8975f2535cca0f173f033be37f79fddb4a5c4ddb"` | Docker image tag for the `zoekt-webserver` image | +| indexedSearch.image.defaultTag | string | `"5.7.2474@sha256:c51fd73507aa361c0df4ab8bf342b0331a210879aa37932a4d7f02ea9b63b10a"` | Docker image tag for the `zoekt-webserver` image | | indexedSearch.image.name | string | `"indexed-searcher"` | Docker image name for the `zoekt-webserver` image | | indexedSearch.name | string | `"indexed-search"` | Name used by resources. Does not affect service names or PVCs. | | indexedSearch.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `indexed-search` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -141,7 +141,7 @@ In addition to the documented values, all services also support the following va | indexedSearch.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | indexedSearch.storageSize | string | `"200Gi"` | PVC Storage Request for `indexed-search` data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. | | indexedSearchIndexer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearchIndexer.image.defaultTag | string | `"5.6.185@sha256:d9882354fa07f5168ae981cd80776c9b13048502bc63a3ea217a7abdff49149a"` | Docker image tag for the `zoekt-indexserver` image | +| indexedSearchIndexer.image.defaultTag | string | `"5.7.2474@sha256:21a035df820a4f27b9c98f800edf07cceea5e62c39091328ca86478ac5a7d1d2"` | Docker image tag for the `zoekt-indexserver` image | | indexedSearchIndexer.image.name | string | `"search-indexer"` | Docker image name for the `zoekt-indexserver` image | | indexedSearchIndexer.resources | object | `{"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}}` | Resource requests & limits for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. | | jaeger.args | list | `["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"]` | Default args passed to the `jaeger` binary | @@ -151,7 +151,7 @@ In addition to the documented values, all services also support the following va | jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger `collector` service, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | | jaeger.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `jaeger` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | jaeger.enabled | bool | `false` | Enable `jaeger` | -| jaeger.image.defaultTag | string | `"5.6.185@sha256:c0411e4910926c92896b3ec6cf4b2f5dc0d6c99cb7433035406f57b51cdab2ef"` | Docker image tag for the `jaeger` image | +| jaeger.image.defaultTag | string | `"5.7.2474@sha256:b9d2a2825fcb590373c98c073ccc53f7bbe7ff4e74b75715e7cb488feb17243e"` | Docker image tag for the `jaeger` image | | jaeger.image.name | string | `"jaeger-all-in-one"` | Docker image name for the `jaeger` image | | jaeger.name | string | `"jaeger"` | Name used by resources. Does not affect service names or PVCs. | | jaeger.podSecurityContext | object | `{}` | Security context for the `jaeger` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -166,14 +166,14 @@ In addition to the documented values, all services also support the following va | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.enabled | bool | `true` | Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in `frontend` deployment to perform database migration | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"5.6.185@sha256:c723f514cf1eb217fb8c8ca54d174a4cdf2a1f912d949fe77dc88cbe15673307"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"5.7.2474@sha256:48e80b33b630f264b803ebdd251ea6bb6ee2d2af3c8a80c48c1b325e2f1a8d07"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | nodeExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534}` | Security context for the `node-exporter` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | nodeExporter.enabled | bool | `true` | Enable `node-exporter` | | nodeExporter.extraArgs | list | `[]` | | | nodeExporter.hostPID | bool | `true` | | -| nodeExporter.image.defaultTag | string | `"5.6.185@sha256:76798c4a14a3d6b67cd062c297e910ea42311d182668ab20dc38e5892f3d7796"` | Docker image tag for the `node-exporter` image | +| nodeExporter.image.defaultTag | string | `"5.7.2474@sha256:ec13a36598f32a0d5cc393f20143b3ea0910bd709d53057c4b8e27812242cadb"` | Docker image tag for the `node-exporter` image | | nodeExporter.image.name | string | `"node-exporter"` | Docker image name for the `node-exporter` image | | nodeExporter.name | string | `"node-exporter"` | Name used by resources. Does not affect service names or PVCs. | | nodeExporter.podSecurityContext | object | `{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}` | Security context for the `node-exporter` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -203,7 +203,7 @@ In addition to the documented values, all services also support the following va | openTelemetry.gateway.resources | object | `{"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}}` | Resource requests & limits for the `otel-collector` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | openTelemetry.gateway.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `otel-collector` | | openTelemetry.gateway.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| openTelemetry.image.defaultTag | string | `"5.6.185@sha256:6d5fdb5bcadc518c2580662f28788b5866a48a848d2551d795221e49e1814452"` | Docker image tag for the `otel-collector` image | +| openTelemetry.image.defaultTag | string | `"5.7.2474@sha256:b3aca231b894540aaef5e5fa7229beb994e0943f694b5d1e3b2ca6007661be40"` | Docker image tag for the `otel-collector` image | | openTelemetry.image.name | string | `"opentelemetry-collector"` | Docker image name for the `otel-collector` image | | pgsql.additionalConfig | string | `""` | Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our [recommended PostgreSQL configuration](https://docs.sourcegraph.com/admin/config/postgres-conf) and [PostgreSQL documentation](https://www.postgresql.org/docs/12/config-setting.html) | | pgsql.auth.database | string | `"sg"` | Sets postgres database name | @@ -215,7 +215,7 @@ In addition to the documented values, all services also support the following va | pgsql.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | pgsql.enabled | bool | `true` | Enable `pgsql` PostgreSQL server | | pgsql.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `postgresql.conf` key | -| pgsql.image.defaultTag | string | `"5.6.185@sha256:07ba8ce3524bea1e9252c69917ea69865a028dd54d458728f88ae1f858a7eae9"` | Docker image tag for the `pgsql` image | +| pgsql.image.defaultTag | string | `"5.7.2474@sha256:214d1c9c9a33b954347ee1dd8f78a762a018bdd8f70dc4cfb1e749322bb27382"` | Docker image tag for the `pgsql` image | | pgsql.image.name | string | `"postgres-12-alpine"` | Docker image name for the `pgsql` image | | pgsql.name | string | `"pgsql"` | Name used by resources. Does not affect service names or PVCs. | | pgsql.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -224,12 +224,12 @@ In addition to the documented values, all services also support the following va | pgsql.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `pgsql` | | pgsql.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | pgsql.storageSize | string | `"200Gi"` | PVC Storage Request for `pgsql` data volume | -| postgresExporter.image.defaultTag | string | `"5.6.185@sha256:5654133c53f06d5167ed92dcc978c86dd94b1cab4d818b235318958930cbaae3"` | Docker image tag for the `pgsql-exporter` image | +| postgresExporter.image.defaultTag | string | `"5.7.2474@sha256:47e42bcc6f7ee8dad6192f5b375f618f276ca97d59be855709614323ce07153c"` | Docker image tag for the `pgsql-exporter` image | | postgresExporter.image.name | string | `"postgres_exporter"` | Docker image name for the `pgsql-exporter` image | | postgresExporter.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `pgsql-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | preciseCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | preciseCodeIntel.env | object | `{"NUM_WORKERS":{"value":"4"}}` | Environment variables for the `precise-code-intel-worker` container | -| preciseCodeIntel.image.defaultTag | string | `"5.6.185@sha256:3e7693b5feabffd2fde441be8772297497e28ba0c77d21ab0684272814d0fde4"` | Docker image tag for the `precise-code-intel-worker` image | +| preciseCodeIntel.image.defaultTag | string | `"5.7.2474@sha256:1c1b8c12f0e441f97ea1dc2aa4c98b3423c0fb3ee00ba0cc50dace76bb8b2f41"` | Docker image tag for the `precise-code-intel-worker` image | | preciseCodeIntel.image.name | string | `"precise-code-intel-worker"` | Docker image name for the `precise-code-intel-worker` image | | preciseCodeIntel.name | string | `"precise-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | preciseCodeIntel.podSecurityContext | object | `{}` | Security context for the `precise-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -241,7 +241,7 @@ In addition to the documented values, all services also support the following va | prometheus.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":false,"runAsGroup":100,"runAsUser":100}` | Security context for the `prometheus` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) | | prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key | -| prometheus.image.defaultTag | string | `"5.6.185@sha256:39cc8f35fb46db19a5e36c3bc05144daada4fdd3dd4d195141e0edeac47f3d9d"` | Docker image tag for the `prometheus` image | +| prometheus.image.defaultTag | string | `"5.7.2474@sha256:52276fe60c9f5f365822e40fac28633a0399f15bf027c75bdf286b8845365ec0"` | Docker image tag for the `prometheus` image | | prometheus.image.name | string | `"prometheus"` | Docker image name for the `prometheus` image | | prometheus.name | string | `"prometheus"` | Name used by resources. Does not affect service names or PVCs. | | prometheus.podSecurityContext | object | `{"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `prometheus` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -254,7 +254,7 @@ In addition to the documented values, all services also support the following va | redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisCache.enabled | bool | `true` | Enable `redis-cache` Redis server | -| redisCache.image.defaultTag | string | `"5.6.185@sha256:c76bc920573b771e4d974ffb393272f5e1684437d07f7fb966411f20f5e07be6"` | Docker image tag for the `redis-cache` image | +| redisCache.image.defaultTag | string | `"5.7.2474@sha256:982141e7bfee156ae59ffde9a105f04924d6a412372a557457086424c7a36a45"` | Docker image tag for the `redis-cache` image | | redisCache.image.name | string | `"redis-cache"` | Docker image name for the `redis-cache` image | | redisCache.name | string | `"redis-cache"` | Name used by resources. Does not affect service names or PVCs. | | redisCache.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-cache` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -263,14 +263,14 @@ In addition to the documented values, all services also support the following va | redisCache.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisCache.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-cache` data volume | | redisExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| redisExporter.image.defaultTag | string | `"5.6.185@sha256:4c585d464f734a0b833215a5b9a531e8753cd77b6a2f94bb6ea61f782e5dae03"` | Docker image tag for the `redis-exporter` image | +| redisExporter.image.defaultTag | string | `"5.7.2474@sha256:98b61b5744926f7a08c599b5d6718e24581bcee338691a28a970b1aee55dfb9e"` | Docker image tag for the `redis-exporter` image | | redisExporter.image.name | string | `"redis_exporter"` | Docker image name for the `redis-exporter` image | | redisExporter.resources | object | `{"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}}` | Resource requests & limits for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | redisStore.connection.endpoint | string | `"redis-store:6379"` | Endpoint to use for redis-store. Supports either host:port or IANA specification | | redisStore.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisStore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-store` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisStore.enabled | bool | `true` | Enable `redis-store` Redis server | -| redisStore.image.defaultTag | string | `"5.6.185@sha256:9a0af32842813a3b2f3ee23ce04bcdad9b02a7b56d075f4fa795b10a50ad25a1"` | Docker image tag for the `redis-store` image | +| redisStore.image.defaultTag | string | `"5.7.2474@sha256:31801e8876b5f28acf8e3d632f0663d33c3d8ece234007f760700c122f83539d"` | Docker image tag for the `redis-store` image | | redisStore.image.name | string | `"redis-store"` | Docker image name for the `redis-store` image | | redisStore.name | string | `"redis-store"` | Name used by resources. Does not affect service names or PVCs. | | redisStore.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-store` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -279,7 +279,7 @@ In addition to the documented values, all services also support the following va | redisStore.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisStore.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-store` data volume | | repoUpdater.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `repo-updater` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| repoUpdater.image.defaultTag | string | `"5.6.185@sha256:86e7fbdffd9642e9f7be8dcb6fc5faa6bc9248689d2ae922eeba4c3800acb511"` | Docker image tag for the `repo-updater` image | +| repoUpdater.image.defaultTag | string | `"5.7.2474@sha256:4034feb9e7de5cdf490458f3750130177a2693e17cedf904952bd1d3ce9ec9a0"` | Docker image tag for the `repo-updater` image | | repoUpdater.image.name | string | `"repo-updater"` | Docker image name for the `repo-updater` image | | repoUpdater.name | string | `"repo-updater"` | Name used by resources. Does not affect service names or PVCs. | | repoUpdater.podSecurityContext | object | `{}` | Security context for the `repo-updater` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -287,7 +287,7 @@ In addition to the documented values, all services also support the following va | repoUpdater.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `repo-updater` | | repoUpdater.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | searcher.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| searcher.image.defaultTag | string | `"5.6.185@sha256:15a3bee6ab6295fccef5c5b06703719d49f0abe1c2dea23b069e98313aa80b08"` | Docker image tag for the `searcher` image | +| searcher.image.defaultTag | string | `"5.7.2474@sha256:0c5d5fb35090d3b69698604a913435e41d7c4ed023a248b1e59ec92ab51def9d"` | Docker image tag for the `searcher` image | | searcher.image.name | string | `"searcher"` | Docker image name for the `searcher` image | | searcher.name | string | `"searcher"` | Name used by resources. Does not affect service names or PVCs. | | searcher.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `searcher` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -318,7 +318,7 @@ In addition to the documented values, all services also support the following va | storageClass.provisioner | string | `"kubernetes.io/gce-pd"` | Name of the storageClass provisioner, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner) and consult your cloud provider persistent storage documentation | | storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation | | symbols.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| symbols.image.defaultTag | string | `"5.6.185@sha256:fd878be81d9d61285458e318858d33a8ac738cafe6388f1dc21b21ff173c7823"` | Docker image tag for the `symbols` image | +| symbols.image.defaultTag | string | `"5.7.2474@sha256:e550a17136710290648135499cacb4bfd2eced49db3499d78bace578e7cfa4ca"` | Docker image tag for the `symbols` image | | symbols.image.name | string | `"symbols"` | Docker image name for the `symbols` image | | symbols.name | string | `"symbols"` | Name used by resources. Does not affect service names or PVCs. | | symbols.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `symbols` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -339,7 +339,7 @@ In addition to the documented values, all services also support the following va | syntacticCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntactic-code-intel-worker` | | syntacticCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | syntectServer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntect-server` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| syntectServer.image.defaultTag | string | `"5.6.185@sha256:b9f59850b43b407bd4e67c7d38c51cded85efd9d284acea90654499d98eebb0c"` | Docker image tag for the `syntect-server` image | +| syntectServer.image.defaultTag | string | `"5.7.2474@sha256:dfb67d23d483de337723fab48e2d1449e4fe8aab5eeb34447482eefd1a32a779"` | Docker image tag for the `syntect-server` image | | syntectServer.image.name | string | `"syntax-highlighter"` | Docker image name for the `syntect-server` image | | syntectServer.name | string | `"syntect-server"` | Name used by resources. Does not affect service names or PVCs. | | syntectServer.podSecurityContext | object | `{}` | Security context for the `syntect-server` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -349,7 +349,7 @@ In addition to the documented values, all services also support the following va | syntectServer.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | worker.env | object | `{}` | Environment variables for the `worker` container | -| worker.image.defaultTag | string | `"5.6.185@sha256:8d8666abf5ff5f0cfb4e6724d657c271c9a7b13ee6386fabbab7bc67d5567191"` | Docker image tag for the `worker` image | +| worker.image.defaultTag | string | `"5.7.2474@sha256:f70b632268bdbadab15704b5d31bc1a18e676aaa40b97d349de4490d96032f3a"` | Docker image tag for the `worker` image | | worker.image.name | string | `"worker"` | Docker image name for the `worker` image | | worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. | | worker.podSecurityContext | object | `{}` | Security context for the `worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |