From 8b018a03732ccf323e2e0e312747517a4065ed16 Mon Sep 17 00:00:00 2001 From: Michael Lin Date: Mon, 12 May 2025 10:01:32 -0700 Subject: [PATCH] Revert "Remove symbols statefulset (#675)" This reverts commit 422af6d5db66295a0a0ba829b8b597752d51d5f9. --- charts/sourcegraph/CHANGELOG.md | 1 - charts/sourcegraph/README.md | 12 +- .../advanced-scheduling/override.yaml | 13 ++ .../sourcegraph/examples/basic/override.yaml | 11 ++ .../common-modifications/override.yaml | 13 ++ charts/sourcegraph/examples/gcp/override.yaml | 5 + .../searcher/searcher.StatefulSet.yaml | 15 +- .../templates/symbols/symbols.Service.yaml | 29 ++++ .../symbols/symbols.ServiceAccount.yaml | 11 ++ .../symbols/symbols.StatefulSet.yaml | 145 ++++++++++++++++++ .../sourcegraph/tests/priorityClass_test.yaml | 9 ++ charts/sourcegraph/values.yaml | 42 ++++- 12 files changed, 291 insertions(+), 15 deletions(-) create mode 100644 charts/sourcegraph/templates/symbols/symbols.Service.yaml create mode 100644 charts/sourcegraph/templates/symbols/symbols.ServiceAccount.yaml create mode 100644 charts/sourcegraph/templates/symbols/symbols.StatefulSet.yaml diff --git a/charts/sourcegraph/CHANGELOG.md b/charts/sourcegraph/CHANGELOG.md index 7b98638e..696244ba 100644 --- a/charts/sourcegraph/CHANGELOG.md +++ b/charts/sourcegraph/CHANGELOG.md @@ -11,7 +11,6 @@ Use `**BREAKING**:` to denote a breaking change - Fix Pod Disruption Budget for sourcegraph-frontend - Added a startup probe to the gitserver statefulset to give it time to run the on-disk migration from repo names to repo IDs - The repo-updater service is no longer needed and has been removed from the chart. -- The symbols service is no longer needed and has been removed from the chart. Consider merging env vars and resource overrides given to symbols into searcher before upgrading. ## 5.10.0 diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 77c6d31b..233c0bac 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -298,7 +298,7 @@ In addition to the documented values, all services also support the following va | searcher.resources | object | `{"limits":{"cpu":"2","memory":"2G"},"requests":{"cpu":"500m","memory":"500M"}}` | Resource requests & limits for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | searcher.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `searcher` | | searcher.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| searcher.storageSize | string | `"52Gi"` | Size of the PVC for searcher pods to store cache data | +| searcher.storageSize | string | `"26Gi"` | Size of the PVC for searcher pods to store cache data | | sourcegraph.affinity | object | `{}` | Global Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | @@ -320,6 +320,16 @@ In addition to the documented values, all services also support the following va | storageClass.parameters | object | `{}` | Extra parameters of storageClass, consult your cloud provider persistent storage documentation | | storageClass.provisioner | string | `"kubernetes.io/gce-pd"` | Name of the storageClass provisioner, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner) and consult your cloud provider persistent storage documentation | | storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation | +| symbols.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | +| symbols.image.defaultTag | string | `"6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051"` | Docker image tag for the `symbols` image | +| symbols.image.name | string | `"symbols"` | Docker image name for the `symbols` image | +| symbols.name | string | `"symbols"` | Name used by resources. Does not affect service names or PVCs. | +| symbols.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `symbols` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | +| symbols.replicaCount | int | `1` | Number of `symbols` pod | +| symbols.resources | object | `{"limits":{"cpu":"2","memory":"2G"},"requests":{"cpu":"500m","memory":"500M"}}` | Resource requests & limits for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| symbols.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `symbols` | +| symbols.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | +| symbols.storageSize | string | `"12Gi"` | Size of the PVC for symbols pods to store cache data | | syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | syntacticCodeIntel.enabled | bool | `false` | | | syntacticCodeIntel.image.defaultTag | string | `"6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c"` | Docker image tag for the `syntactic-code-intel-worker` image | diff --git a/charts/sourcegraph/examples/advanced-scheduling/override.yaml b/charts/sourcegraph/examples/advanced-scheduling/override.yaml index fe5cdefd..505400d3 100644 --- a/charts/sourcegraph/examples/advanced-scheduling/override.yaml +++ b/charts/sourcegraph/examples/advanced-scheduling/override.yaml @@ -93,6 +93,19 @@ searcher: app: searcher weight: 100 +symbols: + replicaCount: 3 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + <<: *commonSelectorLabels + app: symbols + weight: 100 + worker: replicaCount: 3 affinity: diff --git a/charts/sourcegraph/examples/basic/override.yaml b/charts/sourcegraph/examples/basic/override.yaml index d436f970..fe95a67c 100644 --- a/charts/sourcegraph/examples/basic/override.yaml +++ b/charts/sourcegraph/examples/basic/override.yaml @@ -64,3 +64,14 @@ searcher: requests: cpu: 500m memory: 1G + +symbols: + resources: + limits: + cpu: "4" + memory: 4G + ephemeral-storage: "10G" + requests: + cpu: "1" + memory: 1G + ephemeral-storage: "10G" diff --git a/charts/sourcegraph/examples/common-modifications/override.yaml b/charts/sourcegraph/examples/common-modifications/override.yaml index 80a33040..118f4fea 100644 --- a/charts/sourcegraph/examples/common-modifications/override.yaml +++ b/charts/sourcegraph/examples/common-modifications/override.yaml @@ -183,6 +183,19 @@ searcher: ephemeral-storage: 25G memory: 500M + +symbols: + replicaCount: 1 + resources: + limits: + cpu: "2" + ephemeral-storage: 12G + memory: 2G + requests: + cpu: 500m + ephemeral-storage: 10G + memory: 500M + syntectServer: replicaCount: 1 resources: diff --git a/charts/sourcegraph/examples/gcp/override.yaml b/charts/sourcegraph/examples/gcp/override.yaml index cae0e9f6..6026346e 100644 --- a/charts/sourcegraph/examples/gcp/override.yaml +++ b/charts/sourcegraph/examples/gcp/override.yaml @@ -74,6 +74,11 @@ searcher: SRC_LOG_FORMAT: value: json_gcp +symbols: + env: + SRC_LOG_FORMAT: + value: json_gcp + syntectServer: env: SRC_LOG_FORMAT: diff --git a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml index d7aa26f5..1db434b3 100644 --- a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml +++ b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml @@ -56,20 +56,11 @@ spec: {{- $item | toYaml | nindent 10 }} {{- end }} - name: SEARCHER_CACHE_SIZE_MB - # Set the cache size to ~45% of the PVC size + # Set the cache size to ~90% of the PVC size {{- if .Values.searcher.storageSize }} - value: {{ trimSuffix "Gi" .Values.searcher.storageSize | mul 450 | quote }} + value: {{ trimSuffix "Gi" .Values.searcher.storageSize | mul 900 | quote }} {{- else }} - # This value is ~45% of the default value for - # storageSize in the VolumeClaimTemplate below - value: "23400" - {{- end }} - - name: SYMBOLS_CACHE_SIZE_MB - # Set the cache size to ~45% of the PVC size - {{- if .Values.searcher.storageSize }} - value: {{ trimSuffix "Gi" .Values.searcher.storageSize | mul 450 | quote }} - {{- else }} - # This value is ~45% of the default value for + # This value is ~90% of the default value for # storageSize in the VolumeClaimTemplate below value: "23400" {{- end }} diff --git a/charts/sourcegraph/templates/symbols/symbols.Service.yaml b/charts/sourcegraph/templates/symbols/symbols.Service.yaml new file mode 100644 index 00000000..4ddd578a --- /dev/null +++ b/charts/sourcegraph/templates/symbols/symbols.Service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + {{- if .Values.symbols.serviceAnnotations }} + {{- toYaml .Values.symbols.serviceAnnotations | nindent 4 }} + {{- end }} + labels: + app: symbols + deploy: sourcegraph + app.kubernetes.io/component: symbols + {{- if .Values.symbols.serviceLabels }} + {{- toYaml .Values.symbols.serviceLabels | nindent 4 }} + {{- end }} + name: symbols +spec: + clusterIP: None + ports: + - name: http + port: 3184 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + {{- include "sourcegraph.selectorLabels" . | nindent 4 }} + app: symbols diff --git a/charts/sourcegraph/templates/symbols/symbols.ServiceAccount.yaml b/charts/sourcegraph/templates/symbols/symbols.ServiceAccount.yaml new file mode 100644 index 00000000..247875a6 --- /dev/null +++ b/charts/sourcegraph/templates/symbols/symbols.ServiceAccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.symbols.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + category: rbac + deploy: sourcegraph + app.kubernetes.io/component: symbols + {{- include "sourcegraph.serviceAccountAnnotations" (list . "symbols") | trim | nindent 2 }} + name: {{ include "sourcegraph.serviceAccountName" (list . "symbols") }} +{{- end }} diff --git a/charts/sourcegraph/templates/symbols/symbols.StatefulSet.yaml b/charts/sourcegraph/templates/symbols/symbols.StatefulSet.yaml new file mode 100644 index 00000000..4fc94ec0 --- /dev/null +++ b/charts/sourcegraph/templates/symbols/symbols.StatefulSet.yaml @@ -0,0 +1,145 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for symbols operations. + labels: + {{- include "sourcegraph.labels" . | nindent 4 }} + {{- if .Values.symbols.labels }} + {{- toYaml .Values.symbols.labels | nindent 4 }} + {{- end }} + deploy: sourcegraph + app.kubernetes.io/component: symbols + name: {{ .Values.symbols.name }} +spec: + replicas: {{ .Values.symbols.replicaCount }} + revisionHistoryLimit: {{ .Values.sourcegraph.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "sourcegraph.selectorLabels" . | nindent 6 }} + app: symbols + updateStrategy: + type: RollingUpdate + serviceName: symbols + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: symbols + {{- include "sourcegraph.redisChecksum" . | nindent 8 }} + {{- if .Values.sourcegraph.podAnnotations }} + {{- toYaml .Values.sourcegraph.podAnnotations | nindent 8 }} + {{- end }} + {{- if .Values.symbols.podAnnotations }} + {{- toYaml .Values.symbols.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "sourcegraph.selectorLabels" . | nindent 8 }} + {{- if .Values.sourcegraph.podLabels }} + {{- toYaml .Values.sourcegraph.podLabels | nindent 8 }} + {{- end }} + {{- if .Values.symbols.podLabels }} + {{- toYaml .Values.symbols.podLabels | nindent 8 }} + {{- end }} + deploy: sourcegraph + app: symbols + spec: + containers: + - name: symbols + env: + {{- include "sourcegraph.redisConnection" .| nindent 8 }} + {{- range $name, $item := .Values.symbols.env}} + - name: {{ $name }} + {{- $item | toYaml | nindent 10 }} + {{- end }} + - name: SYMBOLS_CACHE_SIZE_MB + # Set the cache size to ~90% of the PVC size + {{- if .Values.symbols.storageSize }} + value: {{ trimSuffix "Gi" .Values.symbols.storageSize | mul 900 | quote }} + {{- else }} + # This value is ~90% of the default value for + # storageSize in the VolumeClaimTemplate below + value: "10800" + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYMBOLS_CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: TMPDIR + value: /mnt/tmp + {{- include "sourcegraph.openTelemetryEnv" . | nindent 8 }} + image: {{ include "sourcegraph.image" (list . "symbols" ) }} + imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} + {{- with .Values.symbols.args }} + args: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationMessagePolicy: FallbackToLogsOnError + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + ports: + - containerPort: 3184 + name: http + - containerPort: 6060 + name: debug + volumeMounts: + - mountPath: /mnt/cache + name: cache + - mountPath: /mnt/tmp + name: tmp + {{- if .Values.symbols.extraVolumeMounts }} + {{- toYaml .Values.symbols.extraVolumeMounts | nindent 8 }} + {{- end }} + {{- if not .Values.sourcegraph.localDevMode }} + resources: + {{- toYaml .Values.symbols.resources | nindent 10 }} + {{- end }} + securityContext: + {{- toYaml .Values.symbols.containerSecurityContext | nindent 10 }} + {{- if .Values.symbols.extraContainers }} + {{- toYaml .Values.symbols.extraContainers | nindent 6 }} + {{- end }} + securityContext: + {{- toYaml .Values.symbols.podSecurityContext | nindent 8 }} + {{- include "sourcegraph.nodeSelector" (list . "symbols" ) | trim | nindent 6 }} + {{- include "sourcegraph.affinity" (list . "symbols" ) | trim | nindent 6 }} + {{- include "sourcegraph.tolerations" (list . "symbols" ) | trim | nindent 6 }} + {{- with .Values.sourcegraph.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "sourcegraph.renderServiceAccountName" (list . "symbols") | trim | nindent 6 }} + volumes: + - emptyDir: {} + name: cache + - emptyDir: {} + name: tmp + {{- if .Values.symbols.extraVolumes }} + {{- toYaml .Values.symbols.extraVolumes | nindent 6 }} + {{- end }} + {{- if .Values.symbols.priorityClassName }} + priorityClassName: {{ .Values.symbols.priorityClassName }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.symbols.storageSize | default "12Gi" }} + storageClassName: {{ .Values.storageClass.name }} diff --git a/charts/sourcegraph/tests/priorityClass_test.yaml b/charts/sourcegraph/tests/priorityClass_test.yaml index 9b64600e..16a45540 100644 --- a/charts/sourcegraph/tests/priorityClass_test.yaml +++ b/charts/sourcegraph/tests/priorityClass_test.yaml @@ -96,6 +96,15 @@ tests: - equal: path: spec.template.spec.priorityClassName value: searcher-class +- it: set priority class on symbols + template: symbols/symbols.StatefulSet.yaml + set: + symbols: + priorityClassName: symbols-class + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: symbols-class - it: set priority class on redisCache template: redis/redis-cache.Deployment.yaml set: diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 7386e716..3de364ee 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -1073,7 +1073,7 @@ searcher: # -- Name of the ServiceAccount to be created or an existing ServiceAccount name: "" # -- Size of the PVC for searcher pods to store cache data - storageSize: 52Gi + storageSize: 26Gi storageClass: # -- Enable creation of storageClass. @@ -1096,6 +1096,46 @@ storageClass: # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#allowed-topologies) allowedTopologies: [] +symbols: + image: + # -- Docker image tag for the `symbols` image + defaultTag: 6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051 + # -- Docker image name for the `symbols` image + name: "symbols" + # -- Security context for the `symbols` container, + # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) + containerSecurityContext: + allowPrivilegeEscalation: false + runAsUser: 100 + runAsGroup: 101 + readOnlyRootFilesystem: true + # -- Security context for the `symbols` pod, + # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + podSecurityContext: + runAsUser: 100 + fsGroup: 101 + fsGroupChangePolicy: "OnRootMismatch" + # -- Name used by resources. Does not affect service names or PVCs. + name: "symbols" + # -- Number of `symbols` pod + replicaCount: 1 + # -- Resource requests & limits for the `symbols` container, + # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) + resources: + limits: + cpu: "2" + memory: 2G + requests: + cpu: 500m + memory: 500M + serviceAccount: + # -- Enable creation of ServiceAccount for `symbols` + create: false + # -- Name of the ServiceAccount to be created or an existing ServiceAccount + name: "" + # -- Size of the PVC for symbols pods to store cache data + storageSize: 12Gi + syntectServer: image: # -- Docker image tag for the `syntect-server` image