From 566005249bfe5c27e827e1a45a2a5e99937510f2 Mon Sep 17 00:00:00 2001
From: Release Bot <107104610+sourcegraph-release-bot@users.noreply.github.com>
Date: Wed, 14 May 2025 17:13:34 -0400
Subject: [PATCH 1/4] [Backport 6.3.x] configure resource requests and limits
for native k8s executors (#680)
configure resource request and limits for native k8s executors for consistency with other sourcegraph helm charts.
### Checklist
- [ ] Follow the [manual testing process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md)
- [ ] Update [changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md)
- [ ] Update [Kubernetes update doc](https://docs.sourcegraph.com/admin/updates/kubernetes)
### Test plan
verified with `helm template . --show-only templates/executor.Deployment.yaml`
Backport f8dd02a53353ad3839901b8874624c7dcb928957 from #678
---
charts/sourcegraph-executor/k8s/README.md | 5 +++++
.../k8s/templates/executor.Deployment.yaml | 4 ++++
charts/sourcegraph-executor/k8s/values.yaml | 9 +++++++++
3 files changed, 18 insertions(+)
diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md
index b91c5e71..4258c745 100644
--- a/charts/sourcegraph-executor/k8s/README.md
+++ b/charts/sourcegraph-executor/k8s/README.md
@@ -89,6 +89,10 @@ In addition to the documented values, the `executor` and `private-docker-registr
| executor.queueName | string | `""` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or queueNames is required.** |
| executor.queueNames | list | `[]` | The names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or queueName is required.** |
| executor.replicas | int | `1` | |
+| executor.resources.limits.cpu | string | `"1"` | |
+| executor.resources.limits.memory | string | `"1Gi"` | |
+| executor.resources.requests.cpu | string | `"500m"` | |
+| executor.resources.requests.memory | string | `"200Mi"` | |
| executor.securityContext | object | `{"fsGroup":null,"privileged":false,"runAsGroup":null,"runAsUser":null}` | The containerSecurityContext for the executor image |
| executor.storageSize | string | `"10Gi"` | The storage size of the PVC attached to the executor deployment. |
| executor.tolerations | list | `[]` | Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
@@ -99,6 +103,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add a global label to all resources |
+| sourcegraph.localDevMode | bool | `false` | When true, remove all resource stanzas, allowing the scheduler to best-fit pods. Intended for local development with limited resources. |
| sourcegraph.nameOverride | string | `""` | Set a custom name for the app.kubernetes.io/name annotation |
| sourcegraph.nodeSelector | object | `{}` | NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) |
| sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods |
diff --git a/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml b/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml
index c4546d8a..635798c3 100644
--- a/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml
+++ b/charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml
@@ -68,6 +68,10 @@ spec:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- end }}
+ {{- if not .Values.sourcegraph.localDevMode }}
+ resources:
+ {{- toYaml .Values.executor.resources | nindent 12 }}
+ {{- end }}
livenessProbe:
exec:
command:
diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml
index ea4e5ed5..11af2cb4 100644
--- a/charts/sourcegraph-executor/k8s/values.yaml
+++ b/charts/sourcegraph-executor/k8s/values.yaml
@@ -15,6 +15,8 @@ sourcegraph:
imagePullSecrets: [ ]
# -- Add a global label to all resources
labels: { }
+ # -- When true, remove all resource stanzas, allowing the scheduler to best-fit pods. Intended for local development with limited resources.
+ localDevMode: false
# -- Set a custom name for the app.kubernetes.io/name annotation
nameOverride: ""
# -- Affinity,
@@ -59,6 +61,13 @@ executor:
image:
defaultTag: 6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65
name: "executor-kubernetes"
+ resources:
+ limits:
+ cpu: "1"
+ memory: 1Gi
+ requests:
+ cpu: 500m
+ memory: 200Mi
# -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace).
# This will avoid unnecessary network charges as traffic will stay within the local network.
frontendUrl: ""
From 83364525a1bcb2cbe34025d24cc5ad30d58c3b77 Mon Sep 17 00:00:00 2001
From: Jacob Pleiness
Date: Wed, 4 Jun 2025 20:27:41 +0000
Subject: [PATCH 2/4] release_patch: v6.3.4167
{"version":"v6.3.4167","inputs":"server=v6.3.4167","type":"patch"}
---
charts/sourcegraph-executor/dind/Chart.yaml | 4 +-
charts/sourcegraph-executor/dind/README.md | 4 +-
charts/sourcegraph-executor/dind/values.yaml | 4 +-
charts/sourcegraph-executor/k8s/Chart.yaml | 4 +-
charts/sourcegraph-executor/k8s/README.md | 4 +-
charts/sourcegraph-executor/k8s/values.yaml | 4 +-
charts/sourcegraph-migrator/Chart.yaml | 4 +-
charts/sourcegraph-migrator/README.md | 8 +--
charts/sourcegraph-migrator/values.yaml | 4 +-
charts/sourcegraph/Chart.yaml | 4 +-
charts/sourcegraph/README.md | 52 +++++++++----------
.../sourcegraph/examples/subchart/Chart.yaml | 4 +-
charts/sourcegraph/values.yaml | 52 +++++++++----------
13 files changed, 76 insertions(+), 76 deletions(-)
diff --git a/charts/sourcegraph-executor/dind/Chart.yaml b/charts/sourcegraph-executor/dind/Chart.yaml
index 537f5b5d..fba5a4e4 100644
--- a/charts/sourcegraph-executor/dind/Chart.yaml
+++ b/charts/sourcegraph-executor/dind/Chart.yaml
@@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico
type: application
# Chart version, separate from Sourcegraph
-version: "5.11.0"
+version: "6.3.4167"
# Version of Sourcegraph release
-appVersion: "5.11.0"
+appVersion: "6.3.4167"
diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md
index 71555791..ec62748a 100644
--- a/charts/sourcegraph-executor/dind/README.md
+++ b/charts/sourcegraph-executor/dind/README.md
@@ -60,7 +60,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| executor.env.EXECUTOR_FRONTEND_URL | object | `{"value":""}` | The external URL of the Sourcegraph instance. Required. |
| executor.env.EXECUTOR_QUEUE_NAME | object | `{"value":""}` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAMES is required.** |
| executor.env.EXECUTOR_QUEUE_NAMES | object | `{"value":""}` | The comma-separated list of names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAME is required.** |
-| executor.image.defaultTag | string | `"6.0.0@sha256:0be94a7c91f8273db10fdf46718c6596340ab2acc570e7b85353806e67a27508"` | |
+| executor.image.defaultTag | string | `"6.3.4167@sha256:046b2e9cc42f897b13b9d3a009fbb841db97bcbbb3c03d06f436f35c3b33287e"` | |
| executor.image.name | string | `"executor"` | |
| executor.replicaCount | int | `1` | |
| privateDockerRegistry.enabled | bool | `true` | Whether to deploy the private registry. Only one registry is needed when deploying multiple executors. More information: https://docs.sourcegraph.com/admin/executors/deploy_executors#using-private-registries |
@@ -71,7 +71,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag |
| sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy |
-| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix |
+| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add a global label to all resources |
diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml
index bd2c345d..51399565 100644
--- a/charts/sourcegraph-executor/dind/values.yaml
+++ b/charts/sourcegraph-executor/dind/values.yaml
@@ -8,7 +8,7 @@ sourcegraph:
# -- Global docker image pull policy
pullPolicy: IfNotPresent
# -- Global docker image registry or prefix
- repository: index.docker.io/sourcegraph
+ repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal
# -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags
useGlobalTagAsDefault: false
# -- Mount named secrets containing docker credentials
@@ -55,7 +55,7 @@ storageClass:
executor:
enabled: true
image:
- defaultTag: 6.0.0@sha256:0be94a7c91f8273db10fdf46718c6596340ab2acc570e7b85353806e67a27508
+ defaultTag: 6.3.4167@sha256:046b2e9cc42f897b13b9d3a009fbb841db97bcbbb3c03d06f436f35c3b33287e
name: "executor"
replicaCount: 1
env:
diff --git a/charts/sourcegraph-executor/k8s/Chart.yaml b/charts/sourcegraph-executor/k8s/Chart.yaml
index 9dae46f9..effc5bcf 100644
--- a/charts/sourcegraph-executor/k8s/Chart.yaml
+++ b/charts/sourcegraph-executor/k8s/Chart.yaml
@@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico
type: application
# Chart version, separate from Sourcegraph
-version: "5.11.0"
+version: "6.3.4167"
# Version of Sourcegraph release
-appVersion: "5.11.0"
+appVersion: "6.3.4167"
diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md
index 4258c745..f86d8298 100644
--- a/charts/sourcegraph-executor/k8s/README.md
+++ b/charts/sourcegraph-executor/k8s/README.md
@@ -61,7 +61,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. |
| executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. |
| executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. |
-| executor.image.defaultTag | string | `"6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65"` | |
+| executor.image.defaultTag | string | `"6.3.4167@sha256:0a1ff0ef77ab82588dd0aadeec6623989e94c16617ce2bdb6862f1152fd323c8"` | |
| executor.image.name | string | `"executor-kubernetes"` | |
| executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. |
| executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. |
@@ -99,7 +99,7 @@ In addition to the documented values, the `executor` and `private-docker-registr
| sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag |
| sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy |
-| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix |
+| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add a global label to all resources |
diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml
index 11af2cb4..3cb0a74f 100644
--- a/charts/sourcegraph-executor/k8s/values.yaml
+++ b/charts/sourcegraph-executor/k8s/values.yaml
@@ -8,7 +8,7 @@ sourcegraph:
# -- Global docker image pull policy
pullPolicy: IfNotPresent
# -- Global docker image registry or prefix
- repository: index.docker.io/sourcegraph
+ repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal
# -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags
useGlobalTagAsDefault: false
# -- Mount named secrets containing docker credentials
@@ -59,7 +59,7 @@ executor:
configureRbac: true
replicas: 1
image:
- defaultTag: 6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65
+ defaultTag: 6.3.4167@sha256:0a1ff0ef77ab82588dd0aadeec6623989e94c16617ce2bdb6862f1152fd323c8
name: "executor-kubernetes"
resources:
limits:
diff --git a/charts/sourcegraph-migrator/Chart.yaml b/charts/sourcegraph-migrator/Chart.yaml
index 9ad6613d..42b1e828 100644
--- a/charts/sourcegraph-migrator/Chart.yaml
+++ b/charts/sourcegraph-migrator/Chart.yaml
@@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico
type: application
# Chart version, separate from Sourcegraph
-version: "5.11.0"
+version: "6.3.4167"
# Version of Sourcegraph release
-appVersion: "5.11.0"
+appVersion: "6.3.4167"
diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md
index cad56823..4b6d6418 100644
--- a/charts/sourcegraph-migrator/README.md
+++ b/charts/sourcegraph-migrator/README.md
@@ -42,7 +42,7 @@ You should consult the list of available [migrator commands]. Below is some exam
- Perform initial migrations against external PostgreSQL databases prior to the Sourcegraph deployment
```sh
-helm upgrade --install -f --version 5.11.0 sg-migrator sourcegraph/sourcegraph-migrator
+helm upgrade --install -f --version 6.3.4167 sg-migrator sourcegraph/sourcegraph-migrator
```
### Add a migration log entry
@@ -52,7 +52,7 @@ helm upgrade --install -f --version 5.11.0 sg-migrator
Add an entry to the migration log after a site administrator has explicitly applied the contents of a migration file, learn more about troubleshooting a [dirty database].
```sh
-helm upgrade --install -f --set "migrator.args={add-log,-db=frontend,-version=1528395834}" --version 5.11.0 sg-migrator sourcegraph/sourcegraph-migrator
+helm upgrade --install -f --set "migrator.args={add-log,-db=frontend,-version=1528395834}" --version 6.3.4167 sg-migrator sourcegraph/sourcegraph-migrator
```
## Rendering manifests for kubectl deployment
@@ -80,7 +80,7 @@ In addition to the documented values, the `migrator` service also supports the f
| migrator.args | list | `["up","-db=all"]` | Override default `migrator` container args Available commands can be found at https://docs.sourcegraph.com/admin/how-to/manual_database_migrations |
| migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| migrator.env | object | `{}` | Environment variables for the `migrator` container |
-| migrator.image.defaultTag | string | `"6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc"` | Docker image tag for the `migrator` image |
+| migrator.image.defaultTag | string | `"6.3.4167@sha256:7ba9a4c054317677fa29386ece143a7b598cae79e4366fb64264e162c9328a0e"` | Docker image tag for the `migrator` image |
| migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image |
| migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| pgsql.auth.existingSecret | string | `""` | Name of existing secret to use for pgsql credentials This should match the setting in the sourcegraph chart values |
@@ -88,7 +88,7 @@ In addition to the documented values, the `migrator` service also supports the f
| sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag |
| sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy |
-| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix |
+| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add a global label to all resources |
diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml
index 20f30df7..e39d79d4 100644
--- a/charts/sourcegraph-migrator/values.yaml
+++ b/charts/sourcegraph-migrator/values.yaml
@@ -8,7 +8,7 @@ sourcegraph:
# -- Global docker image pull policy
pullPolicy: IfNotPresent
# -- Global docker image registry or prefix
- repository: index.docker.io/sourcegraph
+ repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal
# -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags
useGlobalTagAsDefault: false
# -- Mount named secrets containing docker credentials
@@ -102,7 +102,7 @@ pgsql:
migrator:
image:
# -- Docker image tag for the `migrator` image
- defaultTag: 6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc
+ defaultTag: 6.3.4167@sha256:7ba9a4c054317677fa29386ece143a7b598cae79e4366fb64264e162c9328a0e
# -- Docker image name for the `migrator` image
name: "migrator"
# -- Environment variables for the `migrator` container
diff --git a/charts/sourcegraph/Chart.yaml b/charts/sourcegraph/Chart.yaml
index 898e9e67..fafaff8e 100644
--- a/charts/sourcegraph/Chart.yaml
+++ b/charts/sourcegraph/Chart.yaml
@@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico
type: application
# Chart version, separate from Sourcegraph
-version: "5.11.0"
+version: "6.3.4167"
# Version of Sourcegraph release
-appVersion: "5.11.0"
+appVersion: "6.3.4167"
diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md
index ada2a76a..942031d4 100644
--- a/charts/sourcegraph/README.md
+++ b/charts/sourcegraph/README.md
@@ -28,12 +28,12 @@ In addition to the documented values, all services also support the following va
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alpine.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| alpine.image.defaultTag | string | `"6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df"` | Docker image tag for the `alpine` image |
+| alpine.image.defaultTag | string | `"6.3.4167@sha256:e2490916e251ee42c59582f77366534f5688b6a12b7ed08b700edf1bd4503bd6"` | Docker image tag for the `alpine` image |
| alpine.image.name | string | `"alpine-3.14"` | Docker image name for the `alpine` image |
| alpine.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| blobstore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| blobstore.enabled | bool | `true` | Enable `blobstore` (S3 compatible storage) |
-| blobstore.image.defaultTag | string | `"6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5"` | Docker image tag for the `blobstore` image |
+| blobstore.image.defaultTag | string | `"6.3.4167@sha256:fb0a7dacd88170e29a95ad6475dc45bc482dd6a0f66b54e7004ac45910c0fd9c"` | Docker image tag for the `blobstore` image |
| blobstore.image.name | string | `"blobstore"` | Docker image name for the `blobstore` image |
| blobstore.name | string | `"blobstore"` | Name used by resources. Does not affect service names or PVCs. |
| blobstore.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -43,7 +43,7 @@ In addition to the documented values, all services also support the following va
| blobstore.storageSize | string | `"100Gi"` | PVC Storage Request for `blobstore` data volume |
| cadvisor.containerSecurityContext | object | `{"privileged":true}` | Security context for the `cadvisor` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| cadvisor.enabled | bool | `true` | Enable `cadvisor` |
-| cadvisor.image.defaultTag | string | `"6.0.0@sha256:48082a2822a727e22c556ae2c3bae5f5bf4528c7b462efc3c085271ee5145be8"` | Docker image tag for the `cadvisor` image |
+| cadvisor.image.defaultTag | string | `"6.3.4167@sha256:bf0b44eb36821f242bd0e8b8d033ea88ea6933ec32a16cdd3157d1ee93fbf38b"` | Docker image tag for the `cadvisor` image |
| cadvisor.image.name | string | `"cadvisor"` | Docker image name for the `cadvisor` image |
| cadvisor.name | string | `"cadvisor"` | Name used by resources. Does not affect service names or PVCs. |
| cadvisor.podSecurityPolicy.enabled | bool | `false` | Enable [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for `cadvisor` pods |
@@ -62,7 +62,7 @@ In addition to the documented values, all services also support the following va
| codeInsightsDB.enabled | bool | `true` | Enable `codeinsights-db` PostgreSQL server |
| codeInsightsDB.env | object | `{}` | Environment variables for the `codeinsights-db` container |
| codeInsightsDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeinsights-db`. It must contain a `postgresql.conf` key. |
-| codeInsightsDB.image.defaultTag | string | `"6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9"` | Docker image tag for the `codeinsights-db` image |
+| codeInsightsDB.image.defaultTag | string | `"6.3.4167@sha256:65df37c2ac210a0fd354021a27535347f5486cc75dfa9447b86f71dc920d83c8"` | Docker image tag for the `codeinsights-db` image |
| codeInsightsDB.image.name | string | `"postgresql-16-codeinsights"` | Docker image name for the `codeinsights-db` image |
| codeInsightsDB.init.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| codeInsightsDB.name | string | `"codeinsights-db"` | Name used by resources. Does not affect service names or PVCs. |
@@ -83,7 +83,7 @@ In addition to the documented values, all services also support the following va
| codeIntelDB.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `codeintel-db` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| codeIntelDB.enabled | bool | `true` | Enable `codeintel-db` PostgreSQL server |
| codeIntelDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeintel-db`. It must contain a `postgresql.conf` key |
-| codeIntelDB.image.defaultTag | string | `"6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb"` | Docker image tag for the `codeintel-db` image |
+| codeIntelDB.image.defaultTag | string | `"6.3.4167@sha256:41a6074fa74dcde19b670a42f22654d4fb2b16a7708f7f6b460f8fc5d8d3f348"` | Docker image tag for the `codeintel-db` image |
| codeIntelDB.image.name | string | `"postgresql-16"` | Docker image name for the `codeintel-db` image |
| codeIntelDB.name | string | `"codeintel-db"` | Name used by resources. Does not affect service names or PVCs. |
| codeIntelDB.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999}` | Security context for the `codeintel-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -95,7 +95,7 @@ In addition to the documented values, all services also support the following va
| extraResources | list | `[]` | Additional resources to include in the rendered manifest. Templates are supported. |
| frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container |
-| frontend.image.defaultTag | string | `"6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a"` | Docker image tag for the `frontend` image |
+| frontend.image.defaultTag | string | `"6.3.4167@sha256:b8cda0b3c141690c12fc27afaafe2bbb88077d51f1e34c6bdf73746a751e5498"` | Docker image tag for the `frontend` image |
| frontend.image.name | string | `"frontend"` | Docker image name for the `frontend` image |
| frontend.ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"}` | Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by [cert-manager](https://cert-manager.io/docs/usage/ingress/) |
| frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | [Deprecated annotation](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use `ingressClassName` instead and set an override value of `null` for this annotation. |
@@ -111,7 +111,7 @@ In addition to the documented values, all services also support the following va
| frontend.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for `frontend` |
| frontend.serviceAccount.name | string | `"sourcegraph-frontend"` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| gitserver.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| gitserver.image.defaultTag | string | `"6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35"` | Docker image tag for the `gitserver` image |
+| gitserver.image.defaultTag | string | `"6.3.4167@sha256:2df07f9790e1f5dbc22531cfa6d45b83a74ce38b0a339917853e8761bdf43c4d"` | Docker image tag for the `gitserver` image |
| gitserver.image.name | string | `"gitserver"` | Docker image name for the `gitserver` image |
| gitserver.name | string | `"gitserver"` | Name used by resources. Does not affect service names or PVCs. |
| gitserver.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -132,7 +132,7 @@ In addition to the documented values, all services also support the following va
| grafana.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| grafana.enabled | bool | `true` | Enable `grafana` dashboard (recommended) |
| grafana.existingConfig | string | `""` | Name of existing ConfigMap for `grafana`. It must contain a `datasources.yml` key. |
-| grafana.image.defaultTag | string | `"6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8"` | Docker image tag for the `grafana` image |
+| grafana.image.defaultTag | string | `"6.3.4167@sha256:9d3d5ba37aea208eb0f07e5bff3e2cefe649945c7f849e311795c7014279c0bf"` | Docker image tag for the `grafana` image |
| grafana.image.name | string | `"grafana"` | Docker image name for the `grafana` image |
| grafana.name | string | `"grafana"` | Name used by resources. Does not affect service names or PVCs. |
| grafana.podSecurityContext | object | `{"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -141,7 +141,7 @@ In addition to the documented values, all services also support the following va
| grafana.serviceAccount.name | string | `"grafana"` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| grafana.storageSize | string | `"2Gi"` | PVC Storage Request for `grafana` data volume |
| indexedSearch.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-webserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| indexedSearch.image.defaultTag | string | `"6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323"` | Docker image tag for the `zoekt-webserver` image |
+| indexedSearch.image.defaultTag | string | `"6.3.4167@sha256:5251e562299e67ec45d9ca47bb3dc9f6fbe5e72571f52b8f492a51a9ddb90d74"` | Docker image tag for the `zoekt-webserver` image |
| indexedSearch.image.name | string | `"indexed-searcher"` | Docker image name for the `zoekt-webserver` image |
| indexedSearch.name | string | `"indexed-search"` | Name used by resources. Does not affect service names or PVCs. |
| indexedSearch.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `indexed-search` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -151,7 +151,7 @@ In addition to the documented values, all services also support the following va
| indexedSearch.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| indexedSearch.storageSize | string | `"200Gi"` | PVC Storage Request for `indexed-search` data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. |
| indexedSearchIndexer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| indexedSearchIndexer.image.defaultTag | string | `"6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91"` | Docker image tag for the `zoekt-indexserver` image |
+| indexedSearchIndexer.image.defaultTag | string | `"6.3.4167@sha256:a24290636f0e209b471a8903d48f809727f916b4ac902e92a492437a13c395e3"` | Docker image tag for the `zoekt-indexserver` image |
| indexedSearchIndexer.image.name | string | `"search-indexer"` | Docker image name for the `zoekt-indexserver` image |
| indexedSearchIndexer.resources | object | `{"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}}` | Resource requests & limits for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. |
| jaeger.args | list | `["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"]` | Default args passed to the `jaeger` binary |
@@ -161,7 +161,7 @@ In addition to the documented values, all services also support the following va
| jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger `collector` service, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) |
| jaeger.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `jaeger` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| jaeger.enabled | bool | `false` | Enable `jaeger` |
-| jaeger.image.defaultTag | string | `"6.0.0@sha256:79548aa11d7e2e6bf3e2012fb9e046df12ba5c5410bc24ec8f4d7cbb880336b9"` | Docker image tag for the `jaeger` image |
+| jaeger.image.defaultTag | string | `"6.3.4167@sha256:48cf0af81f2ad9e98053a0afc6bc27c0f5e0adacdbc18417053983b07c84442e"` | Docker image tag for the `jaeger` image |
| jaeger.image.name | string | `"jaeger-all-in-one"` | Docker image name for the `jaeger` image |
| jaeger.name | string | `"jaeger"` | Name used by resources. Does not affect service names or PVCs. |
| jaeger.podSecurityContext | object | `{}` | Security context for the `jaeger` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -176,14 +176,14 @@ In addition to the documented values, all services also support the following va
| migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| migrator.enabled | bool | `true` | Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in `frontend` deployment to perform database migration |
| migrator.env | object | `{}` | Environment variables for the `migrator` container |
-| migrator.image.defaultTag | string | `"6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc"` | Docker image tag for the `migrator` image |
+| migrator.image.defaultTag | string | `"6.3.4167@sha256:7ba9a4c054317677fa29386ece143a7b598cae79e4366fb64264e162c9328a0e"` | Docker image tag for the `migrator` image |
| migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image |
| migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| nodeExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534}` | Security context for the `node-exporter` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| nodeExporter.enabled | bool | `true` | Enable `node-exporter` |
| nodeExporter.extraArgs | list | `[]` | |
| nodeExporter.hostPID | bool | `true` | |
-| nodeExporter.image.defaultTag | string | `"6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06"` | Docker image tag for the `node-exporter` image |
+| nodeExporter.image.defaultTag | string | `"6.3.4167@sha256:5e3291d5cadca7f3b637d90aeeeaeda2a592d2868c8d1de6a423de066138adc9"` | Docker image tag for the `node-exporter` image |
| nodeExporter.image.name | string | `"node-exporter"` | Docker image name for the `node-exporter` image |
| nodeExporter.name | string | `"node-exporter"` | Name used by resources. Does not affect service names or PVCs. |
| nodeExporter.podSecurityContext | object | `{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}` | Security context for the `node-exporter` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -213,7 +213,7 @@ In addition to the documented values, all services also support the following va
| openTelemetry.gateway.resources | object | `{"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}}` | Resource requests & limits for the `otel-collector` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| openTelemetry.gateway.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `otel-collector` |
| openTelemetry.gateway.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
-| openTelemetry.image.defaultTag | string | `"6.0.0@sha256:ef3e61a4f0a624523ecdee57d8b7757436c2389e0cf12401b4764d19c826ff8a"` | Docker image tag for the `otel-collector` image |
+| openTelemetry.image.defaultTag | string | `"6.3.4167@sha256:0115ee968abf849b00347ce30cd3bc2292c5da4a300c9fe432389e89a64e1b0c"` | Docker image tag for the `otel-collector` image |
| openTelemetry.image.name | string | `"opentelemetry-collector"` | Docker image name for the `otel-collector` image |
| pgsql.additionalConfig | string | `""` | Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our [recommended PostgreSQL configuration](https://docs.sourcegraph.com/admin/config/postgres-conf) and [PostgreSQL documentation](https://www.postgresql.org/docs/12/config-setting.html) |
| pgsql.auth.database | string | `"sg"` | Sets postgres database name |
@@ -226,7 +226,7 @@ In addition to the documented values, all services also support the following va
| pgsql.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| pgsql.enabled | bool | `true` | Enable `pgsql` PostgreSQL server |
| pgsql.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `postgresql.conf` key |
-| pgsql.image.defaultTag | string | `"6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb"` | Docker image tag for the `pgsql` image |
+| pgsql.image.defaultTag | string | `"6.3.4167@sha256:41a6074fa74dcde19b670a42f22654d4fb2b16a7708f7f6b460f8fc5d8d3f348"` | Docker image tag for the `pgsql` image |
| pgsql.image.name | string | `"postgresql-16"` | Docker image name for the `pgsql` image |
| pgsql.name | string | `"pgsql"` | Name used by resources. Does not affect service names or PVCs. |
| pgsql.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -235,12 +235,12 @@ In addition to the documented values, all services also support the following va
| pgsql.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `pgsql` |
| pgsql.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| pgsql.storageSize | string | `"200Gi"` | PVC Storage Request for `pgsql` data volume |
-| postgresExporter.image.defaultTag | string | `"6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27"` | Docker image tag for the `pgsql-exporter` image |
+| postgresExporter.image.defaultTag | string | `"6.3.4167@sha256:44568bbeb551681572be116a74fc1a150aff9c2a1eba5c93e4c524e0d85c9730"` | Docker image tag for the `pgsql-exporter` image |
| postgresExporter.image.name | string | `"postgres_exporter"` | Docker image name for the `pgsql-exporter` image |
| postgresExporter.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `pgsql-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| preciseCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| preciseCodeIntel.env | object | `{"NUM_WORKERS":{"value":"4"}}` | Environment variables for the `precise-code-intel-worker` container |
-| preciseCodeIntel.image.defaultTag | string | `"6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37"` | Docker image tag for the `precise-code-intel-worker` image |
+| preciseCodeIntel.image.defaultTag | string | `"6.3.4167@sha256:d1a6e9e30e8811b20e0ea1de80945e5bc8dd0b3d8674165ea4829a16ac922176"` | Docker image tag for the `precise-code-intel-worker` image |
| preciseCodeIntel.image.name | string | `"precise-code-intel-worker"` | Docker image name for the `precise-code-intel-worker` image |
| preciseCodeIntel.name | string | `"precise-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. |
| preciseCodeIntel.podSecurityContext | object | `{}` | Security context for the `precise-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -252,7 +252,7 @@ In addition to the documented values, all services also support the following va
| prometheus.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":false,"runAsGroup":100,"runAsUser":100}` | Security context for the `prometheus` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) |
| prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key |
-| prometheus.image.defaultTag | string | `"6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f"` | Docker image tag for the `prometheus` image |
+| prometheus.image.defaultTag | string | `"6.3.4167@sha256:cff5fb515a283c5ebb5804997878e4752a4329e930b5f2f9b818f55217757ed2"` | Docker image tag for the `prometheus` image |
| prometheus.image.name | string | `"prometheus"` | Docker image name for the `prometheus` image |
| prometheus.name | string | `"prometheus"` | Name used by resources. Does not affect service names or PVCs. |
| prometheus.podSecurityContext | object | `{"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `prometheus` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -265,7 +265,7 @@ In addition to the documented values, all services also support the following va
| redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) |
| redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| redisCache.enabled | bool | `true` | Enable `redis-cache` Redis server |
-| redisCache.image.defaultTag | string | `"6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78"` | Docker image tag for the `redis-cache` image |
+| redisCache.image.defaultTag | string | `"6.3.4167@sha256:d9096d881d28efb1d2e73944ed2ac4dcd676eeb79649791316b8090b5667ae95"` | Docker image tag for the `redis-cache` image |
| redisCache.image.name | string | `"redis-cache"` | Docker image name for the `redis-cache` image |
| redisCache.name | string | `"redis-cache"` | Name used by resources. Does not affect service names or PVCs. |
| redisCache.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-cache` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -274,14 +274,14 @@ In addition to the documented values, all services also support the following va
| redisCache.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| redisCache.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-cache` data volume |
| redisExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| redisExporter.image.defaultTag | string | `"6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af"` | Docker image tag for the `redis-exporter` image |
+| redisExporter.image.defaultTag | string | `"6.3.4167@sha256:b61c24412af226ad0a5cc64d31edce0cb59b3ee54de07c54863cb22fbdcc6e10"` | Docker image tag for the `redis-exporter` image |
| redisExporter.image.name | string | `"redis_exporter"` | Docker image name for the `redis-exporter` image |
| redisExporter.resources | object | `{"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}}` | Resource requests & limits for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
| redisStore.connection.endpoint | string | `"redis-store:6379"` | Endpoint to use for redis-store. Supports either host:port or IANA specification |
| redisStore.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) |
| redisStore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-store` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| redisStore.enabled | bool | `true` | Enable `redis-store` Redis server |
-| redisStore.image.defaultTag | string | `"6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be"` | Docker image tag for the `redis-store` image |
+| redisStore.image.defaultTag | string | `"6.3.4167@sha256:74e5a24222b446b94342bad163db44c86e9734ced315816aa0afd497bfd7c935"` | Docker image tag for the `redis-store` image |
| redisStore.image.name | string | `"redis-store"` | Docker image name for the `redis-store` image |
| redisStore.name | string | `"redis-store"` | Name used by resources. Does not affect service names or PVCs. |
| redisStore.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-store` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -298,7 +298,7 @@ In addition to the documented values, all services also support the following va
| repoUpdater.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `repo-updater` |
| repoUpdater.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| searcher.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| searcher.image.defaultTag | string | `"6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336"` | Docker image tag for the `searcher` image |
+| searcher.image.defaultTag | string | `"6.3.4167@sha256:298a78a456dcfd4926fa52e4eca600d22d317a9b3adc1316976ba95293d1bf28"` | Docker image tag for the `searcher` image |
| searcher.image.name | string | `"searcher"` | Docker image name for the `searcher` image |
| searcher.name | string | `"searcher"` | Name used by resources. Does not affect service names or PVCs. |
| searcher.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `searcher` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -310,7 +310,7 @@ In addition to the documented values, all services also support the following va
| sourcegraph.affinity | object | `{}` | Global Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag |
| sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy |
-| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix |
+| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials |
| sourcegraph.labels | object | `{}` | Add extra labels to all resources |
@@ -340,7 +340,7 @@ In addition to the documented values, all services also support the following va
| symbols.storageSize | string | `"12Gi"` | Size of the PVC for symbols pods to store cache data |
| syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| syntacticCodeIntel.enabled | bool | `false` | |
-| syntacticCodeIntel.image.defaultTag | string | `"6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c"` | Docker image tag for the `syntactic-code-intel-worker` image |
+| syntacticCodeIntel.image.defaultTag | string | `"6.3.4167@sha256:fc9cb6d0bf21e548f7026cfd53297fe9d774d7c31eb1d8c92a9563a783f5e74f"` | Docker image tag for the `syntactic-code-intel-worker` image |
| syntacticCodeIntel.image.name | string | `"syntactic-code-intel-worker"` | Docker image name for the `syntactic-code-intel-worker` image |
| syntacticCodeIntel.name | string | `"syntactic-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. |
| syntacticCodeIntel.podSecurityContext | object | `{}` | Security context for the `syntactic-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -350,7 +350,7 @@ In addition to the documented values, all services also support the following va
| syntacticCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntactic-code-intel-worker` |
| syntacticCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| syntectServer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntect-server` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| syntectServer.image.defaultTag | string | `"6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60"` | Docker image tag for the `syntect-server` image |
+| syntectServer.image.defaultTag | string | `"6.3.4167@sha256:d04b28f256a1fe0c9a1c0071debf6299384e0b704a36d8d24cf527a9236789f6"` | Docker image tag for the `syntect-server` image |
| syntectServer.image.name | string | `"syntax-highlighter"` | Docker image name for the `syntect-server` image |
| syntectServer.name | string | `"syntect-server"` | Name used by resources. Does not affect service names or PVCs. |
| syntectServer.podSecurityContext | object | `{}` | Security context for the `syntect-server` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -361,7 +361,7 @@ In addition to the documented values, all services also support the following va
| worker.blocklist | list | `[]` | List of jobs to block globally If replicas are configured, use this values to block jobs instead of manually setting WORKER_JOB_BLOCKLIST |
| worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
| worker.env | object | `{}` | Environment variables for the `worker` container |
-| worker.image.defaultTag | string | `"6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a"` | Docker image tag for the `worker` image |
+| worker.image.defaultTag | string | `"6.3.4167@sha256:d8f4feeb85b12f68ec552758a3d64799ffe46651d6a2b8538893d071594ee9e4"` | Docker image tag for the `worker` image |
| worker.image.name | string | `"worker"` | Docker image name for the `worker` image |
| worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. |
| worker.podSecurityContext | object | `{}` | Security context for the `worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
diff --git a/charts/sourcegraph/examples/subchart/Chart.yaml b/charts/sourcegraph/examples/subchart/Chart.yaml
index 437f9b00..4cc7ea46 100644
--- a/charts/sourcegraph/examples/subchart/Chart.yaml
+++ b/charts/sourcegraph/examples/subchart/Chart.yaml
@@ -2,10 +2,10 @@ apiVersion: v2
name: sourcegraph-subchart
description: Customer-owned chart that inherits from Sourcegraph
type: application
-version: "5.11.0"
+version: "6.3.4167"
dependencies:
- name: sourcegraph
alias: sg # Optional, allows a custom name to be used
- version: "5.11.0"
+ version: "6.3.4167"
repository: "https://sourcegraph.github.io/deploy-sourcegraph-helm"
diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml
index b638002f..bc7e872c 100644
--- a/charts/sourcegraph/values.yaml
+++ b/charts/sourcegraph/values.yaml
@@ -9,7 +9,7 @@ sourcegraph:
# -- Global docker image pull policy
pullPolicy: IfNotPresent
# -- Global docker image registry or prefix
- repository: index.docker.io/sourcegraph
+ repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal
# -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags
useGlobalTagAsDefault: false
# -- Mount named secrets containing docker credentials
@@ -86,7 +86,7 @@ sourcegraph:
alpine: # Used in init containers
image:
# -- Docker image tag for the `alpine` image
- defaultTag: 6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df
+ defaultTag: 6.3.4167@sha256:e2490916e251ee42c59582f77366534f5688b6a12b7ed08b700edf1bd4503bd6
# -- Docker image name for the `alpine` image
name: "alpine-3.14"
# -- Security context for the `alpine` initContainer,
@@ -111,7 +111,7 @@ cadvisor:
enabled: true
image:
# -- Docker image tag for the `cadvisor` image
- defaultTag: 6.0.0@sha256:48082a2822a727e22c556ae2c3bae5f5bf4528c7b462efc3c085271ee5145be8
+ defaultTag: 6.3.4167@sha256:bf0b44eb36821f242bd0e8b8d033ea88ea6933ec32a16cdd3157d1ee93fbf38b
# -- Docker image name for the `cadvisor` image
name: "cadvisor"
# -- Name used by resources. Does not affect service names or PVCs.
@@ -176,7 +176,7 @@ codeInsightsDB:
additionalConfig: ""
image:
# -- Docker image tag for the `codeinsights-db` image
- defaultTag: 6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9
+ defaultTag: 6.3.4167@sha256:65df37c2ac210a0fd354021a27535347f5486cc75dfa9447b86f71dc920d83c8
# -- Docker image name for the `codeinsights-db` image
name: "postgresql-16-codeinsights"
# -- Security context for the `codeinsights-db` container,
@@ -249,7 +249,7 @@ codeIntelDB:
additionalConfig: ""
image:
# -- Docker image tag for the `codeintel-db` image
- defaultTag: 6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb
+ defaultTag: 6.3.4167@sha256:41a6074fa74dcde19b670a42f22654d4fb2b16a7708f7f6b460f8fc5d8d3f348
# -- Docker image name for the `codeintel-db` image
name: "postgresql-16"
# -- Security context for the `codeintel-db` container,
@@ -300,7 +300,7 @@ frontend:
value: http://prometheus:30090
image:
# -- Docker image tag for the `frontend` image
- defaultTag: 6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a
+ defaultTag: 6.3.4167@sha256:b8cda0b3c141690c12fc27afaafe2bbb88077d51f1e34c6bdf73746a751e5498
# -- Docker image name for the `frontend` image
name: "frontend"
ingress:
@@ -358,7 +358,7 @@ migrator:
enabled: true
image:
# -- Docker image tag for the `migrator` image
- defaultTag: 6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc
+ defaultTag: 6.3.4167@sha256:7ba9a4c054317677fa29386ece143a7b598cae79e4366fb64264e162c9328a0e
# -- Docker image name for the `migrator` image
name: "migrator"
# -- Environment variables for the `migrator` container
@@ -383,7 +383,7 @@ migrator:
gitserver:
image:
# -- Docker image tag for the `gitserver` image
- defaultTag: 6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35
+ defaultTag: 6.3.4167@sha256:2df07f9790e1f5dbc22531cfa6d45b83a74ce38b0a339917853e8761bdf43c4d
# -- Docker image name for the `gitserver` image
name: "gitserver"
# -- Name of existing Secret that contains SSH credentials to clone repositories.
@@ -451,7 +451,7 @@ grafana:
existingConfig: "" # Name of an existing configmap
image:
# -- Docker image tag for the `grafana` image
- defaultTag: 6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8
+ defaultTag: 6.3.4167@sha256:9d3d5ba37aea208eb0f07e5bff3e2cefe649945c7f849e311795c7014279c0bf
# -- Docker image name for the `grafana` image
name: "grafana"
# -- Security context for the `grafana` container,
@@ -490,7 +490,7 @@ grafana:
indexedSearch:
image:
# -- Docker image tag for the `zoekt-webserver` image
- defaultTag: 6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323
+ defaultTag: 6.3.4167@sha256:5251e562299e67ec45d9ca47bb3dc9f6fbe5e72571f52b8f492a51a9ddb90d74
# -- Docker image name for the `zoekt-webserver` image
name: "indexed-searcher"
# -- Security context for the `zoekt-webserver` container,
@@ -531,7 +531,7 @@ indexedSearch:
indexedSearchIndexer:
image:
# -- Docker image tag for the `zoekt-indexserver` image
- defaultTag: 6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91
+ defaultTag: 6.3.4167@sha256:a24290636f0e209b471a8903d48f809727f916b4ac902e92a492437a13c395e3
# -- Docker image name for the `zoekt-indexserver` image
name: "search-indexer"
# -- Security context for the `zoekt-indexserver` container,
@@ -558,7 +558,7 @@ blobstore:
enabled: true
image:
# -- Docker image tag for the `blobstore` image
- defaultTag: 6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5
+ defaultTag: 6.3.4167@sha256:fb0a7dacd88170e29a95ad6475dc45bc482dd6a0f66b54e7004ac45910c0fd9c
# -- Docker image name for the `blobstore` image
name: "blobstore"
# -- Security context for the `blobstore` container,
@@ -597,7 +597,7 @@ openTelemetry:
enabled: true
image:
# -- Docker image tag for the `otel-collector` image
- defaultTag: 6.0.0@sha256:ef3e61a4f0a624523ecdee57d8b7757436c2389e0cf12401b4764d19c826ff8a
+ defaultTag: 6.3.4167@sha256:0115ee968abf849b00347ce30cd3bc2292c5da4a300c9fe432389e89a64e1b0c
# -- Docker image name for the `otel-collector` image
name: "opentelemetry-collector"
gateway:
@@ -664,7 +664,7 @@ nodeExporter:
enabled: true
image:
# -- Docker image tag for the `node-exporter` image
- defaultTag: 6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06
+ defaultTag: 6.3.4167@sha256:5e3291d5cadca7f3b637d90aeeeaeda2a592d2868c8d1de6a423de066138adc9
# -- Docker image name for the `node-exporter` image
name: "node-exporter"
# -- Name used by resources. Does not affect service names or PVCs.
@@ -735,7 +735,7 @@ pgsql:
additionalConfig: ""
image:
# -- Docker image tag for the `pgsql` image
- defaultTag: 6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb
+ defaultTag: 6.3.4167@sha256:41a6074fa74dcde19b670a42f22654d4fb2b16a7708f7f6b460f8fc5d8d3f348
# -- Docker image name for the `pgsql` image
name: "postgresql-16"
# -- Security context for the `pgsql` container,
@@ -777,7 +777,7 @@ pgsql:
postgresExporter:
image:
# -- Docker image tag for the `pgsql-exporter` image
- defaultTag: 6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27
+ defaultTag: 6.3.4167@sha256:44568bbeb551681572be116a74fc1a150aff9c2a1eba5c93e4c524e0d85c9730
# -- Docker image name for the `pgsql-exporter` image
name: "postgres_exporter"
# -- Resource requests & limits for the `pgsql-exporter` sidecar container,
@@ -797,7 +797,7 @@ syntacticCodeIntel:
workerPort: 3188
image:
# -- Docker image tag for the `syntactic-code-intel-worker` image
- defaultTag: 6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c
+ defaultTag: 6.3.4167@sha256:fc9cb6d0bf21e548f7026cfd53297fe9d774d7c31eb1d8c92a9563a783f5e74f
# -- Docker image name for the `syntactic-code-intel-worker` image
name: "syntactic-code-intel-worker"
# -- Security context for the `syntactic-code-intel-worker` container,
@@ -836,7 +836,7 @@ preciseCodeIntel:
value: "4"
image:
# -- Docker image tag for the `precise-code-intel-worker` image
- defaultTag: 6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37
+ defaultTag: 6.3.4167@sha256:d1a6e9e30e8811b20e0ea1de80945e5bc8dd0b3d8674165ea4829a16ac922176
# -- Docker image name for the `precise-code-intel-worker` image
name: "precise-code-intel-worker"
# -- Security context for the `precise-code-intel-worker` container,
@@ -875,7 +875,7 @@ prometheus:
existingConfig: "" # Name of an existing configmap
image:
# -- Docker image tag for the `prometheus` image
- defaultTag: 6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f
+ defaultTag: 6.3.4167@sha256:cff5fb515a283c5ebb5804997878e4752a4329e930b5f2f9b818f55217757ed2
# -- Docker image name for the `prometheus` image
name: "prometheus"
# -- Security context for the `prometheus` container,
@@ -925,7 +925,7 @@ redisCache:
enabled: true
image:
# -- Docker image tag for the `redis-cache` image
- defaultTag: 6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78
+ defaultTag: 6.3.4167@sha256:d9096d881d28efb1d2e73944ed2ac4dcd676eeb79649791316b8090b5667ae95
# -- Docker image name for the `redis-cache` image
name: "redis-cache"
connection:
@@ -969,7 +969,7 @@ redisCache:
redisExporter:
image:
# -- Docker image tag for the `redis-exporter` image
- defaultTag: 6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af
+ defaultTag: 6.3.4167@sha256:b61c24412af226ad0a5cc64d31edce0cb59b3ee54de07c54863cb22fbdcc6e10
# -- Docker image name for the `redis-exporter` image
name: "redis_exporter"
# -- Security context for the `redis-exporter` sidecar container,
@@ -1001,7 +1001,7 @@ redisStore:
endpoint: "redis-store:6379"
image:
# -- Docker image tag for the `redis-store` image
- defaultTag: 6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be
+ defaultTag: 6.3.4167@sha256:74e5a24222b446b94342bad163db44c86e9734ced315816aa0afd497bfd7c935
# -- Docker image name for the `redis-store` image
name: "redis-store"
# -- Security context for the `redis-store` container,
@@ -1071,7 +1071,7 @@ repoUpdater:
searcher:
image:
# -- Docker image tag for the `searcher` image
- defaultTag: 6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336
+ defaultTag: 6.3.4167@sha256:298a78a456dcfd4926fa52e4eca600d22d317a9b3adc1316976ba95293d1bf28
# -- Docker image name for the `searcher` image
name: "searcher"
# -- Security context for the `searcher` container,
@@ -1172,7 +1172,7 @@ symbols:
syntectServer:
image:
# -- Docker image tag for the `syntect-server` image
- defaultTag: 6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60
+ defaultTag: 6.3.4167@sha256:d04b28f256a1fe0c9a1c0071debf6299384e0b704a36d8d24cf527a9236789f6
# -- Docker image name for the `syntect-server` image
name: "syntax-highlighter"
# -- Security context for the `syntect-server` container,
@@ -1220,7 +1220,7 @@ jaeger:
enabled: false
image:
# -- Docker image tag for the `jaeger` image
- defaultTag: 6.0.0@sha256:79548aa11d7e2e6bf3e2012fb9e046df12ba5c5410bc24ec8f4d7cbb880336b9
+ defaultTag: 6.3.4167@sha256:48cf0af81f2ad9e98053a0afc6bc27c0f5e0adacdbc18417053983b07c84442e
# -- Docker image name for the `jaeger` image
name: "jaeger-all-in-one"
# -- Name used by resources. Does not affect service names or PVCs.
@@ -1275,7 +1275,7 @@ jaeger:
worker:
image:
# -- Docker image tag for the `worker` image
- defaultTag: 6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a
+ defaultTag: 6.3.4167@sha256:d8f4feeb85b12f68ec552758a3d64799ffe46651d6a2b8538893d071594ee9e4
# -- Docker image name for the `worker` image
name: "worker"
# -- Security context for the `worker` container,
From bc706648e296589819cc6c8446a06e104558d0e7 Mon Sep 17 00:00:00 2001
From: Jacob Pleiness
Date: Wed, 4 Jun 2025 16:43:27 -0400
Subject: [PATCH 3/4] fix symbols and repo-updater image tags
---
charts/sourcegraph/values.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml
index bc7e872c..4f67077b 100644
--- a/charts/sourcegraph/values.yaml
+++ b/charts/sourcegraph/values.yaml
@@ -1038,7 +1038,7 @@ redisStore:
repoUpdater:
image:
# -- Docker image tag for the `repo-updater` image
- defaultTag: 6.0.0@sha256:238702dde17eaa41f9dc5b5f379c08a9e57940587128ceda6008d7f06e72cccc
+ defaultTag: 6.3.4167@sha256:b348d65ba159501386a444af6a94566620711a4767909a4f01c07b8e6ba454bb
# -- Docker image name for the `repo-updater` image
name: "repo-updater"
# -- Security context for the `repo-updater` container,
@@ -1132,7 +1132,7 @@ storageClass:
symbols:
image:
# -- Docker image tag for the `symbols` image
- defaultTag: 6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051
+ defaultTag: 6.3.4167@sha256:caecea6f17d1f03cde25ba2ec6fa315a5b0e2e27e6bc0b13bdfc2499c3a8b783
# -- Docker image name for the `symbols` image
name: "symbols"
# -- Security context for the `symbols` container,
From 75c3b495abfdb5718b3474666a483804ccc17d4d Mon Sep 17 00:00:00 2001
From: Jacob Pleiness
Date: Wed, 4 Jun 2025 16:45:04 -0400
Subject: [PATCH 4/4] Update docs
---
charts/sourcegraph/README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md
index 942031d4..8b64ff03 100644
--- a/charts/sourcegraph/README.md
+++ b/charts/sourcegraph/README.md
@@ -290,7 +290,7 @@ In addition to the documented values, all services also support the following va
| redisStore.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
| redisStore.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-store` data volume |
| repoUpdater.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `repo-updater` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| repoUpdater.image.defaultTag | string | `"6.0.0@sha256:238702dde17eaa41f9dc5b5f379c08a9e57940587128ceda6008d7f06e72cccc"` | Docker image tag for the `repo-updater` image |
+| repoUpdater.image.defaultTag | string | `"6.3.4167@sha256:b348d65ba159501386a444af6a94566620711a4767909a4f01c07b8e6ba454bb"` | Docker image tag for the `repo-updater` image |
| repoUpdater.image.name | string | `"repo-updater"` | Docker image name for the `repo-updater` image |
| repoUpdater.name | string | `"repo-updater"` | Name used by resources. Does not affect service names or PVCs. |
| repoUpdater.podSecurityContext | object | `{}` | Security context for the `repo-updater` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
@@ -329,7 +329,7 @@ In addition to the documented values, all services also support the following va
| storageClass.provisioner | string | `"kubernetes.io/gce-pd"` | Name of the storageClass provisioner, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner) and consult your cloud provider persistent storage documentation |
| storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation |
| symbols.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| symbols.image.defaultTag | string | `"6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051"` | Docker image tag for the `symbols` image |
+| symbols.image.defaultTag | string | `"6.3.4167@sha256:caecea6f17d1f03cde25ba2ec6fa315a5b0e2e27e6bc0b13bdfc2499c3a8b783"` | Docker image tag for the `symbols` image |
| symbols.image.name | string | `"symbols"` | Docker image name for the `symbols` image |
| symbols.name | string | `"symbols"` | Name used by resources. Does not affect service names or PVCs. |
| symbols.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `symbols` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |