diff --git a/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml b/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml index 7d2ab9a1..17079a69 100644 --- a/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml +++ b/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: serviceAccountName: cadvisor containers: - name: cadvisor - image: index.docker.io/sourcegraph/cadvisor:6.0.0@sha256:48082a2822a727e22c556ae2c3bae5f5bf4528c7b462efc3c085271ee5145be8 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/cadvisor:6.1.376@sha256:11d63cd489608d78c0e14f2780a457c14cf203a119c34c082a965e0a721cf44e args: # Kubernetes-specific flags below (other flags are baked into the Docker image) # diff --git a/base/monitoring/grafana/grafana.StatefulSet.yaml b/base/monitoring/grafana/grafana.StatefulSet.yaml index 960f6aaf..616a53e3 100644 --- a/base/monitoring/grafana/grafana.StatefulSet.yaml +++ b/base/monitoring/grafana/grafana.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: grafana - image: index.docker.io/sourcegraph/grafana:6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/grafana:6.1.376@sha256:dc0516face7622359c6e5d1d35fb47a950524857e9ae6a2ef64a7f0f93b16ec4 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3370 diff --git a/base/monitoring/jaeger/jaeger.Deployment.yaml b/base/monitoring/jaeger/jaeger.Deployment.yaml index d4806420..19f97208 100644 --- a/base/monitoring/jaeger/jaeger.Deployment.yaml +++ b/base/monitoring/jaeger/jaeger.Deployment.yaml @@ -30,7 +30,7 @@ spec: spec: containers: - name: jaeger - image: index.docker.io/sourcegraph/jaeger-all-in-one:6.0.0@sha256:79548aa11d7e2e6bf3e2012fb9e046df12ba5c5410bc24ec8f4d7cbb880336b9 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/jaeger-all-in-one:6.1.376@sha256:8d16aeabd865fba81933392022a8a4a58a8785e5c0c5aba2c1950a50ff6bcf5d args: ["--memory.max-traces=20000", "--sampling.strategies-file=/etc/jaeger/sampling_strategies.json", "--collector.otlp.enabled"] ports: - containerPort: 5775 diff --git a/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml b/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml index 4db67cfb..a72ee600 100644 --- a/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml +++ b/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: node-exporter - image: index.docker.io/sourcegraph/node-exporter:6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/node-exporter:6.1.376@sha256:705ea2451e6fee22dba1cd639ea4de938bdfe45f5338414cd43d1b8649216e63 imagePullPolicy: IfNotPresent resources: limits: diff --git a/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml b/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml index 5e98f9a3..2a605ef7 100644 --- a/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml +++ b/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-agent - image: index.docker.io/sourcegraph/opentelemetry-collector:6.0.0@sha256:ef3e61a4f0a624523ecdee57d8b7757436c2389e0cf12401b4764d19c826ff8a + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:6.1.376@sha256:e3373f83f05cfac58634746bb92fe344bc47b458a135a5b1ac05cfb899c626c3 command: - "/bin/otelcol-sourcegraph" - "--config=/etc/otel-agent/config.yaml" diff --git a/base/monitoring/otel-collector/otel-collector.Deployment.yaml b/base/monitoring/otel-collector/otel-collector.Deployment.yaml index 906c27c6..0ef40fc0 100644 --- a/base/monitoring/otel-collector/otel-collector.Deployment.yaml +++ b/base/monitoring/otel-collector/otel-collector.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-collector - image: index.docker.io/sourcegraph/opentelemetry-collector:6.0.0@sha256:ef3e61a4f0a624523ecdee57d8b7757436c2389e0cf12401b4764d19c826ff8a + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:6.1.376@sha256:e3373f83f05cfac58634746bb92fe344bc47b458a135a5b1ac05cfb899c626c3 command: - "/bin/otelcol-sourcegraph" # To use a custom configuration, edit otel-collector.ConfigMap.yaml diff --git a/base/monitoring/prometheus/prometheus.Deployment.yaml b/base/monitoring/prometheus/prometheus.Deployment.yaml index 677b9a47..82ca1274 100644 --- a/base/monitoring/prometheus/prometheus.Deployment.yaml +++ b/base/monitoring/prometheus/prometheus.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: prometheus - image: index.docker.io/sourcegraph/prometheus:6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/prometheus:6.1.376@sha256:463cf33707fa8d0debdd9107928fbd5844bc95b02dde545fd29c504d6dfa4331 terminationMessagePolicy: FallbackToLogsOnError env: - name: SG_NAMESPACE diff --git a/base/sourcegraph/blobstore/blobstore.Deployment.yaml b/base/sourcegraph/blobstore/blobstore.Deployment.yaml index 1dd208c8..6c8fa304 100644 --- a/base/sourcegraph/blobstore/blobstore.Deployment.yaml +++ b/base/sourcegraph/blobstore/blobstore.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: blobstore - image: index.docker.io/sourcegraph/blobstore:6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/blobstore:6.1.376@sha256:9c34897da2aada8ce3de29312f8856008ebee9c1e23bc537f0f2cf0828e8d2bc livenessProbe: httpGet: path: / diff --git a/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml b/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml index 661eaf51..1167b6f1 100644 --- a/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml +++ b/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:6.1.376@sha256:405643bfcc5cfc05800dbacb30c5231bdd6f8b6ae5ac8d654c86d70e8bc303c0 command: ["sh", "-c", "if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; fi"] volumeMounts: - mountPath: /var/lib/postgresql/data/ @@ -45,7 +45,7 @@ spec: runAsUser: 70 containers: - name: codeinsights - image: index.docker.io/sourcegraph/postgresql-16-codeinsights:6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgresql-16-codeinsights:6.1.376@sha256:142d335fb067241692a1e4562c6779c8b181ef40bc3e5f5febfdfed5253bdaba env: - name: POSTGRES_DB value: postgres @@ -82,7 +82,7 @@ spec: value: postgres://postgres:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_insights_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:6.1.376@sha256:1054e1d8c278b5572c23358e145c45aacd6ea2ea127eeb27eccd159362bf0f1d terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml b/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml index ab941895..e88a48c1 100644 --- a/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml +++ b/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:6.1.376@sha256:405643bfcc5cfc05800dbacb30c5231bdd6f8b6ae5ac8d654c86d70e8bc303c0 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -45,7 +45,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/postgresql-16:6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgresql-16:6.1.376@sha256:5b90d06b1285310501553bc3f81a8192457a14bcceea97fb5ab1cbf555f5f96a terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -87,7 +87,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_intel_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:6.1.376@sha256:1054e1d8c278b5572c23358e145c45aacd6ea2ea127eeb27eccd159362bf0f1d terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml b/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml index 9b38cca9..3eb59ee7 100644 --- a/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml +++ b/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: initContainers: - name: migrator - image: index.docker.io/sourcegraph/migrator:6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/migrator:6.1.376@sha256:85a1c80e810a2cc997acea5a10d8df662ca32f2ee7dea1985434381bb20e1484 args: ["up"] resources: limits: @@ -48,7 +48,7 @@ spec: name: sourcegraph-frontend-env containers: - name: frontend - image: index.docker.io/sourcegraph/frontend:6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/frontend:6.1.376@sha256:0da7e9d196b59d6b9c2d05757bb06bcdd3dc0f5242d8581ff10466a6c9421efc args: - serve envFrom: diff --git a/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml b/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml index 5091cb9d..1afc81e5 100644 --- a/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml +++ b/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml @@ -35,7 +35,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/gitserver:6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/gitserver:6.1.376@sha256:773be629627ec63528148ac79f0242312424f1905bcb660acccad0b12f395bce terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 5 diff --git a/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml b/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml index 050e582a..2919bfdf 100644 --- a/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml +++ b/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml @@ -33,7 +33,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/indexed-searcher:6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/indexed-searcher:6.1.376@sha256:a3dbbfb704e4e090d179cc8cff1f5795692fce84fa61157582b6bde70c5e9a43 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6070 @@ -72,7 +72,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/search-indexer:6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/search-indexer:6.1.376@sha256:872538dc1eaf39559eaebb3ab363330a1150f1b9f6fc92abf6e31150801cf3d5 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6072 diff --git a/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml b/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml index f3fde8dc..00806c97 100644 --- a/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml +++ b/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:6.1.376@sha256:405643bfcc5cfc05800dbacb30c5231bdd6f8b6ae5ac8d654c86d70e8bc303c0 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -46,7 +46,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/postgresql-16:6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgresql-16:6.1.376@sha256:5b90d06b1285310501553bc3f81a8192457a14bcceea97fb5ab1cbf555f5f96a terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -90,7 +90,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:6.1.376@sha256:1054e1d8c278b5572c23358e145c45aacd6ea2ea127eeb27eccd159362bf0f1d terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/precise-code-intel/worker.Deployment.yaml b/base/sourcegraph/precise-code-intel/worker.Deployment.yaml index 0eb55af0..ecb19f07 100644 --- a/base/sourcegraph/precise-code-intel/worker.Deployment.yaml +++ b/base/sourcegraph/precise-code-intel/worker.Deployment.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/precise-code-intel-worker:6.1.376@sha256:31b31f90b3adb4c186485997fe19a3b5d67421db6a45c0afffba5c99ceff523b terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/sourcegraph/redis/redis-cache.Deployment.yaml b/base/sourcegraph/redis/redis-cache.Deployment.yaml index 9f54ed2f..c1de1fa3 100644 --- a/base/sourcegraph/redis/redis-cache.Deployment.yaml +++ b/base/sourcegraph/redis/redis-cache.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: redis-cache - image: index.docker.io/sourcegraph/redis-cache:6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-cache:6.1.376@sha256:d6fdb7d69ac0ed6929b52588a93b86e498ac1dcb9992d4f148d80fb3bbbc940c terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -70,7 +70,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:6.1.376@sha256:ef950500b1830249268b746e9814b1e7adf2e03deeae0feaf0824a64fc21c2c0 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/sourcegraph/redis/redis-store.Deployment.yaml b/base/sourcegraph/redis/redis-store.Deployment.yaml index 60f72612..2240cba3 100644 --- a/base/sourcegraph/redis/redis-store.Deployment.yaml +++ b/base/sourcegraph/redis/redis-store.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: redis-store - image: index.docker.io/sourcegraph/redis-store:6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-store:6.1.376@sha256:f2a4f157853c3678e4b9f051c0f482be8862f0458a76dfa827d24beb6b74ecca terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -69,7 +69,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:6.1.376@sha256:ef950500b1830249268b746e9814b1e7adf2e03deeae0feaf0824a64fc21c2c0 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml b/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml index 9e44083d..b8a788ab 100644 --- a/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml +++ b/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: repo-updater - image: index.docker.io/sourcegraph/repo-updater:6.0.0@sha256:238702dde17eaa41f9dc5b5f379c08a9e57940587128ceda6008d7f06e72cccc + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/repo-updater:6.1.376@sha256:599e697f31184ca8c82cafceef1d2999a07a9811126c9e809096b936fde68098 env: # OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable - name: OTEL_AGENT_HOST diff --git a/base/sourcegraph/searcher/searcher.StatefulSet.yaml b/base/sourcegraph/searcher/searcher.StatefulSet.yaml index c0dce372..5f9efe9d 100644 --- a/base/sourcegraph/searcher/searcher.StatefulSet.yaml +++ b/base/sourcegraph/searcher/searcher.StatefulSet.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/searcher:6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/searcher:6.1.376@sha256:9609754cf17e12d862664370329ac7ff5d3b2e39c46ff8e27d16f736eb2824d4 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3181 diff --git a/base/sourcegraph/symbols/symbols.StatefulSet.yaml b/base/sourcegraph/symbols/symbols.StatefulSet.yaml index 58ae990f..f72327e8 100644 --- a/base/sourcegraph/symbols/symbols.StatefulSet.yaml +++ b/base/sourcegraph/symbols/symbols.StatefulSet.yaml @@ -43,7 +43,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/symbols:6.1.376@sha256:970844e59dcaddd1ee4a405e198f1f3e5c6e402c7181507545533b76724476ca livenessProbe: httpGet: path: /healthz diff --git a/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml b/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml index 5ea68ded..88eb0fdf 100644 --- a/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml +++ b/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml @@ -32,7 +32,7 @@ spec: allowPrivilegeEscalation: false runAsGroup: 101 runAsUser: 100 - image: index.docker.io/sourcegraph/syntax-highlighter:6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/syntax-highlighter:6.1.376@sha256:4e8571a9c6fc4f95afba82e2a0a27ab52a0ece5ec4e21af354fd3d07a2bfc313 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/sourcegraph/worker/worker.Deployment.yaml b/base/sourcegraph/worker/worker.Deployment.yaml index bde42875..0066bd8b 100644 --- a/base/sourcegraph/worker/worker.Deployment.yaml +++ b/base/sourcegraph/worker/worker.Deployment.yaml @@ -48,7 +48,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/worker:6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/worker:6.1.376@sha256:8c2d845c467282d0bd40bb41c84e46aaea60ad3e56747a3d3e1b6b435346e8bc terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/cluster.yaml b/cluster.yaml new file mode 100644 index 00000000..58ab8e8e --- /dev/null +++ b/cluster.yaml @@ -0,0 +1,4844 @@ +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 20 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP settings - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_min_protocol_version = 'TLSv1' + #ssl_max_protocol_version = '' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 509546kB # min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 3184kB # min 64kB + maintenance_work_mem = 254773kB # min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + #shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + + # - Disk - + + #temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + #bgwriter_delay = 200ms # 10-10000ms between rounds + #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 19 # (change requires restart) + #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers + max_parallel_workers_per_gather = 4 # taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + #wal_init_zero = on # zero-fill new WAL files + #wal_recycle = on # recycle WAL files + wal_buffers = 15285kB # min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 1GB + min_wal_size = 512MB + checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + # - Archive Recovery - + + # These are only used in recovery mode. + + #restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) + #archive_cleanup_command = '' # command to execute at every restartpoint + #recovery_end_command = '' # command to execute at completion of recovery + + # - Recovery Target - + + # Set these only when performing a targeted recovery. + + #recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) + #recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) + #recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) + #recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) + #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) + #recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) + #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) + #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #primary_conninfo = '' # connection string to sending server + # (change requires restart) + #primary_slot_name = '' # replication slot on sending server + # (change requires restart) + #promote_trigger_file = '' # file name whose presence ends recovery + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 1492MB + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + default_statistics_target = 500 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = on # allow JIT compilation + #plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + #log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + autovacuum_max_workers = 10 # max number of autovacuum subprocesses + # (change requires restart) + autovacuum_naptime = 10 # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #default_table_access_method = 'heap' + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. Note that these are directives, not variable + # assignments, so they can usefully be given more than once. + + #include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '...' # include file only if it exists + #include = '...' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for CodeInsightsDB + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db-conf + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # SOURCEGRAPH CUSTOMIZATIONS CONTAIN "# SG CUSTOM" in the comment + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 100 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP Keepalives - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 1GB # SG CUSTOM min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 5MB # SG CUSTOM min 64kB + maintenance_work_mem = 250MB # SG CUSTOM min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + + # - Disk - + + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds + bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables + + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 4 # SG CUSTOM (change requires restart) + max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers + max_parallel_workers_per_gather = 2 # SG CUSTOM taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 4 # SG CUSTOM maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + wal_buffers = 16MB # SG CUSTOM min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 8GB # SG CUSTOM + min_wal_size = 2GB # SG CUSTOM + #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # SG CUSTOM same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 3GB # SG CUSTOM + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + #default_statistics_target = 100 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = off # allow JIT compilation + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'Etc/UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + #autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) + #autovacuum_naptime = 1min # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'Etc/UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 0 # min -15, max 3 + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + #shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + #max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #default_with_oids = off + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. + + #include_dir = '' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '' # include file only if it exists + #include = '' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for PostgreSQL + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db-conf + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + datasources.yml: | + apiVersion: 1 + + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus:30090 + isDefault: true + editable: false + - name: pgsql + type: postgres + url: $GRAFANA_PGSQL_HOST:$GRAFANA_PGSQL_PORT + user: $GRAFANA_PGSQL_USER + database: $GRAFANA_PGSQL_DATABASE + secureJsonData: + password: $GRAFANA_PGSQL_PASSWORD + jsonData: + sslmode: $GRAFANA_PGSQL_SSLMODE +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # SOURCEGRAPH CUSTOMIZATIONS CONTAIN "# SG CUSTOM" in the comment + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 100 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP Keepalives - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 1GB # SG CUSTOM min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 5MB # SG CUSTOM min 64kB + maintenance_work_mem = 250MB # SG CUSTOM min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + + # - Disk - + + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds + bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables + + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 4 # SG CUSTOM (change requires restart) + max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers + max_parallel_workers_per_gather = 2 # SG CUSTOM taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 4 # SG CUSTOM maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + wal_buffers = 16MB # SG CUSTOM min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 8GB # SG CUSTOM + min_wal_size = 2GB # SG CUSTOM + #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # SG CUSTOM same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 3GB # SG CUSTOM + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + #default_statistics_target = 100 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = off # allow JIT compilation + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'Etc/UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + #autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) + #autovacuum_naptime = 1min # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'Etc/UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 0 # min -15, max 3 + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + #shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + #max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #default_with_oids = off + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. + + #include_dir = '' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '' # include file only if it exists + #include = '' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for PostgreSQL + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql-conf + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + extra_rules.yml: "" + prometheus.yml: | + global: # Prometheus global config + # scrape_timeout is set to the global default (10s) + scrape_interval: 30s # How frequently to scrape targets by default + evaluation_interval: 30s # How frequently to evaluate rules + alerting: # Alertmanager configuration + alertmanagers: + # bundled alertmanager, started by prom-wrapper + - static_configs: + - targets: ["127.0.0.1:9093"] + path_prefix: /alertmanager + # add more alertmanagers here + rule_files: # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. + - "/sg_config_prometheus/*_rules.yml" + - "/sg_prometheus_add_ons/*_rules.yml" + scrape_configs: # Configure targets to scrape + # Scrape prometheus itself for metrics. + - job_name: "builtin-prometheus" + static_configs: + - targets: ["127.0.0.1:9092"] + # Scrape Alertmanager + - job_name: "builtin-alertmanager" + metrics_path: /alertmanager/metrics + static_configs: + - targets: ["127.0.0.1:9093"] + #------------------------------------------------------------------------------ + # cAdvisor + #------------------------------------------------------------------------------ + - job_name: "kubernetes-pods" + dns_sd_configs: + - names: + - "cadvisor.default.svc.cluster.local" + - "cadvisor.ns-sourcegraph.svc.cluster.local" + type: A + port: 48080 + relabel_configs: + - source_labels: [__address__] + target_label: instance + regex: (.*)\.(.*) + replacement: cadvisor_${2} + - source_labels: [container_label_io_kubernetes_pod_name] + target_label: name + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] + regex: (.+) + action: replace + target_label: name + separator: "-" + #------------------------------------------------------------------------------ + # Sourcegraph Service Discovery with DNS-SRV records + # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + #------------------------------------------------------------------------------ + - job_name: "sourcegraph-statefulsets" + dns_sd_configs: + - names: + - "symbols.default.svc.cluster.local" + - "symbols.ns-sourcegraph.svc.cluster.local" + - "symbols.$SG_NAMESPACE.svc.cluster.local" + - "searcher.default.svc.cluster.local" + - "searcher.ns-sourcegraph.svc.cluster.local" + - "searcher.$SG_NAMESPACE.svc.cluster.local" + - "gitserver.default.svc.cluster.local" + - "gitserver.ns-sourcegraph.svc.cluster.local" + - "gitserver.$SG_NAMESPACE.svc.cluster.local" + - "sourcegraph-frontend.default.svc.cluster.local" + - "sourcegraph-frontend.ns-sourcegraph.svc.cluster.local" + - "sourcegraph-frontend.$SG_NAMESPACE.svc.cluster.local" + - "indexed-search.default.svc.cluster.local" + - "indexed-search.ns-sourcegraph.svc.cluster.local" + - "indexed-search.$SG_NAMESPACE.svc.cluster.local" + - "indexed-search-indexer.default.svc.cluster.local" + - "indexed-search-indexer.ns-sourcegraph.svc.cluster.local" + - "indexed-search-indexer.$SG_NAMESPACE.svc.cluster.local" + type: SRV + relabel_configs: + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: (.*)\. + replacement: ${1}:6060 + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: ^(indexed-search.*)\. + replacement: ${1}:6070 + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: (.*)\.(indexed-search-indexer.*)\. + replacement: ${1}.${2}:6072 + - source_labels: [__meta_dns_srv_record_port] + target_label: __meta_dns_srv_record_port + replacement: "6060" + - source_labels: [__address__] + regex: ^(indexed-search).*$ + target_label: __meta_dns_srv_record_port + replacement: "6070" + - source_labels: [__meta_dns_name] + target_label: job + regex: (.*)\..*\..*\..*\..* + replacement: ${1} + - source_labels: [__meta_dns_srv_record_target] + regex: (.*)\.(.*)\..*\..*\..*\..*\..* + target_label: instance + replacement: ${2}_${1} + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + - source_labels: [__address__] + target_label: instance + regex: (.*)\:.* + replacement: $1:6060 + - source_labels: [__address__] + target_label: instance + regex: (.*)\.(.*)\..*\..*\..*\..*\..* + replacement: ${2}_${1} + - source_labels: [container_label_io_kubernetes_pod_namespace] + target_label: ns + action: replace + #------------------------------------------------------------------------------ + # Sourcegraph Service Discovery with statics targets + #------------------------------------------------------------------------------ + - job_name: "sourcegraph-services" + relabel_configs: + - source_labels: [__address__] + target_label: instance + regex: (.*)\:(.*) + replacement: ${1} + - source_labels: [__address__] + target_label: job + regex: (.*)\:(.*) + replacement: ${1} + - source_labels: [container_label_io_kubernetes_pod_namespace] + action: replace + target_label: ns + - source_labels: [pod] + action: replace + target_label: pod + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + static_configs: + - labels: + group: sourcegraph-service + targets: + - sourcegraph-frontend:6060 + - repo-updater:6060 + - worker:6060 + - worker-executors:6996 + - syntect-server:6060 + - precise-code-intel-worker:6060 + - pgsql:9187 + - codeintel-db:9187 + - codeinsights-db:9187 + - redis-cache:9121 + - redis-store:9121 + - node-exporter:9100 + - otel-collector:8888 + - cadvisor:48080 + - executor:6060 + prometheus_targets.yml: "" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + CODEINSIGHTS_PGDATASOURCE: postgres://postgres:password@codeinsights-db:5432/postgres + CODEINTEL_PGDATABASE: sg + CODEINTEL_PGHOST: codeintel-db + CODEINTEL_PGPORT: "5432" + CODEINTEL_PGSSLMODE: disable + CODEINTEL_PGUSER: sg + DEPLOY_TYPE: kustomize + GRAFANA_SERVER_URL: http://grafana:30070 + INDEXED_SEARCH_SERVERS: "1" + PGDATABASE: sg + PGHOST: pgsql + PGPORT: "5432" + PGSSLMODE: disable + PGUSER: sg + PROMETHEUS_URL: http://prometheus:30090 + SEARCHER_URL: "1" + SRC_GIT_SERVERS: "1" + SYMBOLS_URL: "1" +kind: ConfigMap +metadata: + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend-env + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + EXAMPLE_CONFIG_KEY: example +kind: ConfigMap +metadata: + annotations: + description: Some components read the configuration values from the "data" field + below during the build process. You only need to update this file if you are + using components that require specific CONFIG_KEYS. If no components in your + overlay require extra configuration, no update is necessary. + labels: + deploy: sourcegraph + name: sourcegraph-kustomize-build-config + namespace: ns-sourcegraph +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: blobstore + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: ns-sourcegraph +spec: + ports: + - name: blobstore + port: 9000 + targetPort: blobstore + selector: + app: blobstore + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: codeinsights-db + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: ns-sourcegraph +spec: + ports: + - name: codeinsights-db + port: 5432 + targetPort: codeinsights-db + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: codeinsights-db + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: codeintel-db + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: ns-sourcegraph +spec: + ports: + - name: pgsql + port: 5432 + targetPort: pgsql + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: codeintel-db + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + gitserver stateful set. + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: gitserver + app.kubernetes.io/component: gitserver + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + type: gitserver + name: gitserver + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - name: unused + port: 10811 + targetPort: 10811 + selector: + app: gitserver + type: gitserver + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: grafana + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 30070 + targetPort: http + selector: + app: grafana + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + indexed-search stateful set. + prometheus.io/port: "6070" + sourcegraph.prometheus/scrape: "true" + labels: + app: indexed-search + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - port: 6070 + targetPort: 6070 + selector: + app: indexed-search + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + indexed-search stateful set. + prometheus.io/port: "6072" + sourcegraph.prometheus/scrape: "true" + labels: + app: indexed-search-indexer + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search-indexer + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - port: 6072 + targetPort: 6072 + selector: + app: indexed-search + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Prometheus exporter for hardware and OS metrics. + prometheus.io/port: "9100" + sourcegraph.prometheus/scrape: "true" + url: https://github.com/prometheus/node_exporter + labels: + app: node-exporter + app.kubernetes.io/component: node-exporter + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: node-exporter + namespace: ns-sourcegraph +spec: + ports: + - name: metrics + port: 9100 + targetPort: metrics + selector: + app: node-exporter + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: pgsql + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: ns-sourcegraph +spec: + ports: + - name: pgsql + port: 5432 + targetPort: pgsql + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: pgsql + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: precise-code-intel-worker + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 3188 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: precise-code-intel-worker + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: prometheus + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 30090 + targetPort: http + selector: + app: prometheus + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + labels: + app: redis-cache + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: ns-sourcegraph +spec: + ports: + - name: redis + port: 6379 + targetPort: redis + - name: redisexp + port: 9121 + targetPort: redisexp + selector: + app: redis-cache + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + labels: + app: redis-store + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: ns-sourcegraph +spec: + ports: + - name: redis + port: 6379 + targetPort: redis + - name: redisexp + port: 9121 + targetPort: redisexp + selector: + app: redis-store + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: repo-updater + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 3182 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: repo-updater + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: searcher + app.kubernetes.io/component: searcher + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: searcher + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - name: http + port: 3181 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: searcher + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 30080 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: sourcegraph-frontend + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend-internal + namespace: ns-sourcegraph +spec: + ports: + - name: http-internal + port: 80 + targetPort: http-internal + selector: + app: sourcegraph-frontend + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: symbols + app.kubernetes.io/component: symbols + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: symbols + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - name: http + port: 3184 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: symbols + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: syntactic-code-intel-worker + app.kubernetes.io/component: syntactic-code-intel-worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntactic-code-intel-worker + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 3188 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: syntactic-code-intel-worker + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: syntect-server + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntect-server + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 9238 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: syntect-server + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: worker + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 3189 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: worker + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6996" + sourcegraph.prometheus/scrape: "true" + labels: + app: worker + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker-executors + namespace: ns-sourcegraph +spec: + ports: + - name: prom + port: 6996 + targetPort: prom + selector: + app: worker + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: generic S3-like blobstore for storing LSIF uploads. + kubectl.kubernetes.io/default-container: blobstore + labels: + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: blobstore + strategy: + type: Recreate + template: + metadata: + labels: + app: blobstore + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/blobstore:6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5 + livenessProbe: + httpGet: + path: / + port: blobstore + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: blobstore + ports: + - containerPort: 9000 + name: blobstore + readinessProbe: + httpGet: + path: / + port: blobstore + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: blobstore-data + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: blobstore-data + persistentVolumeClaim: + claimName: blobstore +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Handles conversion of uploaded precise code intelligence bundles. + labels: + app.kubernetes.io/component: precise-code-intel + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: precise-code-intel-worker + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: precise-code-intel-worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: precise-code-intel-worker + deploy: sourcegraph + spec: + containers: + - env: + - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND + value: blobstore + - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT + value: http://blobstore:9000 + - name: NUM_WORKERS + value: "4" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/precise-code-intel-worker:6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37 + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Collects metrics and aggregates them into graphs. + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: prometheus + strategy: + type: Recreate + template: + metadata: + labels: + app: prometheus + deploy: sourcegraph + spec: + containers: + - env: + - name: SG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: index.docker.io/sourcegraph/prometheus:6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f + name: prometheus + ports: + - containerPort: 9090 + name: http + readinessProbe: + failureThreshold: 120 + httpGet: + path: /-/ready + port: 9090 + periodSeconds: 5 + timeoutSeconds: 3 + resources: + limits: + cpu: "2" + memory: 6G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 100 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /prometheus + name: data + - mountPath: /sg_prometheus_add_ons + name: config + securityContext: + fsGroup: 100 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + terminationGracePeriodSeconds: 120 + volumes: + - name: data + persistentVolumeClaim: + claimName: prometheus + - configMap: + defaultMode: 511 + name: prometheus + name: config +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Redis for storing short-lived caches. + kubectl.kubernetes.io/default-container: redis-cache + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: redis-cache + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-cache + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/redis-cache:6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78 + livenessProbe: + initialDelaySeconds: 30 + tcpSocket: + port: redis + name: redis-cache + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + #!/bin/bash + PASS_CHECK=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + if [ ! -z "$PASS_CHECK" ]; then + export REDISCLI_AUTH="$PASS_CHECK" + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 3Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-cache +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Redis for storing semi-persistent data like user sessions. + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: redis-store + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-store + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/redis-store:6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be + livenessProbe: + initialDelaySeconds: 30 + tcpSocket: + port: redis + name: redis-store + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + #!/bin/bash + PASS_CHECK=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + if [ ! -z "$PASS_CHECK" ]; then + export REDISCLI_AUTH="$PASS_CHECK" + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 3Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-store +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Handles repository metadata (not Git data) lookups and updates from + external code hosts and other similar services. + kubectl.kubernetes.io/default-container: repo-updater + labels: + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: repo-updater + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: repo-updater + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: repo-updater + deploy: sourcegraph + spec: + containers: + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/repo-updater:6.0.0@sha256:238702dde17eaa41f9dc5b5f379c08a9e57940587128ceda6008d7f06e72cccc + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Serves the frontend of Sourcegraph via HTTP(S). + kubectl.kubernetes.io/default-container: frontend + labels: + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: sourcegraph-frontend + strategy: + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: sourcegraph-frontend + deploy: sourcegraph + spec: + containers: + - args: + - serve + env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + envFrom: + - configMapRef: + name: sourcegraph-frontend-env + image: index.docker.io/sourcegraph/frontend:6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 300 + timeoutSeconds: 5 + name: frontend + ports: + - containerPort: 3080 + name: http + - containerPort: 3090 + name: http-internal + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "4" + ephemeral-storage: 8Gi + memory: 8G + requests: + cpu: 100m + ephemeral-storage: 4Gi + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - up + envFrom: + - configMapRef: + name: sourcegraph-frontend-env + image: index.docker.io/sourcegraph/migrator:6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc + name: migrator + resources: + limits: + cpu: 500m + memory: 100M + requests: + cpu: 100m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: High level syntax analysis + labels: + app.kubernetes.io/component: syntactic-code-intel-worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntactic-code-intel-worker + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: syntactic-code-intel-worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: syntactic-code-intel-worker + deploy: sourcegraph + spec: + containers: + - env: + - name: SYNTACTIC_CODE_INTEL_BACKEND + value: blobstore + - name: SYNTACTIC_CODE_INTEL_UPLOAD_AWS_ENDPOINT + value: http://blobstore:9000 + - name: SYNTACTIC_CODE_INTEL_WORKER_ADDR + value: :3188 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: index.docker.io/sourcegraph/syntactic-code-intel-worker:6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: syntactic-code-intel-worker + ports: + - containerPort: 3188 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Backend for syntax highlighting operations. + labels: + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntect-server + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: syntect-server + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: syntect-server + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/syntax-highlighter:6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60 + livenessProbe: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: syntect-server + ports: + - containerPort: 9238 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + tcpSocket: + port: http + resources: + limits: + cpu: "4" + memory: 6G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Manages background processes. + labels: + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: worker + deploy: sourcegraph + spec: + containers: + - env: + - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND + value: blobstore + - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT + value: http://blobstore:9000 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/worker:6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: worker + ports: + - containerPort: 3189 + name: http + - containerPort: 6060 + name: debug + - containerPort: 6996 + name: prom + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Code Insights Postgres DB instance. + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: codeinsights-db + serviceName: codeinsights-db + template: + metadata: + labels: + app: codeinsights-db + deploy: sourcegraph + group: backend + spec: + containers: + - env: + - name: POSTGRES_DB + value: postgres + - name: POSTGRES_PASSWORD + value: password + - name: POSTGRES_USER + value: postgres + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POSTGRESQL_CONF_DIR + value: /conf + image: index.docker.io/sourcegraph/postgresql-16-codeinsights:6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9 + name: codeinsights + ports: + - containerPort: 5432 + name: codeinsights-db + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 70 + runAsUser: 70 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/lib/postgresql/data/ + name: disk + - mountPath: /conf + name: codeinsights-conf + - env: + - name: DATA_SOURCE_NAME + value: postgres://postgres:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_insights_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; + fi + image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 70 + runAsUser: 70 + volumeMounts: + - mountPath: /var/lib/postgresql/data/ + name: disk + securityContext: + fsGroup: 70 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 70 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: codeinsights-db + - configMap: + defaultMode: 511 + name: codeinsights-db-conf + name: codeinsights-conf + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Postgres database for various data. + kubectl.kubernetes.io/default-container: pgsql + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: codeintel-db + serviceName: codeintel-db + template: + metadata: + labels: + app: codeintel-db + deploy: sourcegraph + group: backend + spec: + containers: + - image: index.docker.io/sourcegraph/postgresql-16:6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb + livenessProbe: + exec: + command: + - /liveness.sh + initialDelaySeconds: 15 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + readinessProbe: + exec: + command: + - /ready.sh + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - env: + - name: DATA_SOURCE_NAME + value: postgres://sg:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_intel_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + volumeMounts: + - mountPath: /data + name: disk + securityContext: + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: codeintel-db + - configMap: + defaultMode: 511 + name: codeintel-db-conf + name: pgsql-conf + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Stores clones of repositories to perform Git operations. + kubectl.kubernetes.io/default-container: gitserver + labels: + app.kubernetes.io/component: gitserver + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: gitserver + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: gitserver + serviceName: gitserver + template: + metadata: + labels: + app: gitserver + deploy: sourcegraph + group: backend + type: gitserver + spec: + containers: + - args: + - run + env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/gitserver:6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35 + livenessProbe: + initialDelaySeconds: 5 + tcpSocket: + port: rpc + timeoutSeconds: 5 + name: gitserver + ports: + - containerPort: 3178 + name: rpc + protocol: TCP + resources: + limits: + cpu: "4" + memory: 8G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data/repos + name: repos + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: repos + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: repos + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Metrics/monitoring dashboards and alerts. + kubectl.kubernetes.io/default-container: grafana + labels: + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: grafana + serviceName: grafana + template: + metadata: + labels: + app: grafana + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/grafana:6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8 + name: grafana + ports: + - containerPort: 3370 + name: http + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 472 + runAsUser: 472 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/lib/grafana + name: grafana-data + - mountPath: /sg_config_grafana/provisioning/datasources + name: config + securityContext: + fsGroup: 472 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 472 + volumes: + - configMap: + defaultMode: 511 + name: grafana + name: config + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: grafana-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for indexed text search operations. + labels: + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: indexed-search + serviceName: indexed-search + template: + metadata: + labels: + app: indexed-search + deploy: sourcegraph + spec: + containers: + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: OPENTELEMETRY_DISABLED + value: "false" + image: index.docker.io/sourcegraph/indexed-searcher:6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323 + name: zoekt-webserver + ports: + - containerPort: 6070 + name: http + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "8" + memory: 16G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: data + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: OPENTELEMETRY_DISABLED + value: "false" + image: index.docker.io/sourcegraph/search-indexer:6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91 + name: zoekt-indexserver + ports: + - containerPort: 6072 + name: index-http + resources: + limits: + cpu: "8" + memory: 8G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: data + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: data + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + labels: + deploy: sourcegraph + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Postgres database for various data. + kubectl.kubernetes.io/default-container: pgsql + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: pgsql + serviceName: pgsql + template: + metadata: + labels: + app: pgsql + deploy: sourcegraph + group: backend + spec: + containers: + - image: index.docker.io/sourcegraph/postgresql-16:6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb + livenessProbe: + exec: + command: + - /liveness.sh + initialDelaySeconds: 15 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + readinessProbe: + exec: + command: + - /ready.sh + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - mountPath: /dev/shm + name: dshm + - env: + - name: DATA_SOURCE_NAME + value: postgres://sg:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + volumeMounts: + - mountPath: /data + name: disk + securityContext: + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: pgsql + - configMap: + defaultMode: 511 + name: pgsql-conf + name: pgsql-conf + - emptyDir: + medium: Memory + sizeLimit: 1G + name: dshm + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for text search operations. + kubectl.kubernetes.io/default-container: searcher + labels: + app.kubernetes.io/component: searcher + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: searcher + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: searcher + serviceName: searcher + template: + metadata: + labels: + app: searcher + deploy: sourcegraph + spec: + containers: + - env: + - name: SEARCHER_CACHE_SIZE_MB + value: "25000" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/searcher:6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336 + name: searcher + ports: + - containerPort: 3181 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 2G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - emptyDir: {} + name: cache + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30G +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for symbols operations. + kubectl.kubernetes.io/default-container: symbols + labels: + app.kubernetes.io/component: symbols + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: symbols + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: symbols + serviceName: symbols + template: + metadata: + labels: + app: symbols + deploy: sourcegraph + spec: + containers: + - env: + - name: SYMBOLS_CACHE_SIZE_MB + value: "12000" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: USE_ROCKSKIP + value: "true" + - name: ROCKSKIP_MIN_REPO_SIZE_MB + value: "1000" + image: index.docker.io/sourcegraph/symbols:6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051 + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: symbols + ports: + - containerPort: 3184 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - emptyDir: {} + name: cache + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 12G +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + description: DaemonSet to ensure all nodes run a node-exporter pod. + seccomp.security.alpha.kubernetes.io/pod: docker/default + labels: + app: node-exporter + app.kubernetes.io/component: node-exporter + deploy: sourcegraph + name: node-exporter + namespace: ns-sourcegraph +spec: + selector: + matchLabels: + app: node-exporter + template: + metadata: + annotations: + description: Collects and exports machine metrics. + kubectl.kubernetes.io/default-container: node-exporter + labels: + app: node-exporter + deploy: sourcegraph + spec: + affinity: null + automountServiceAccountToken: false + containers: + - args: + - --web.listen-address=:9100 + - --path.sysfs=/host/sys + - --path.rootfs=/host/root + - --path.procfs=/host/proc + - --no-collector.wifi + - --no-collector.hwmon + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) + - --collector.netclass.ignored-devices=^(veth.*)$ + - --collector.netdev.device-exclude=^(veth.*)$ + env: null + image: index.docker.io/sourcegraph/node-exporter:6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + port: metrics + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: node-exporter + ports: + - containerPort: 9100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + port: metrics + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 65534 + runAsUser: 65534 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/root + mountPropagation: HostToContainer + name: rootfs + readOnly: true + - mountPath: /host/sys + mountPropagation: HostToContainer + name: sys + readOnly: true + - mountPath: /host/proc + mountPropagation: HostToContainer + name: proc + readOnly: true + hostPID: true + nodeSelector: null + securityContext: + fsGroup: 65534 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 30 + tolerations: null + volumes: + - hostPath: + path: / + name: rootfs + - hostPath: + path: /sys + name: sys + - hostPath: + path: /proc + name: proc +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 150m + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: ns-sourcegraph +spec: + rules: + - http: + paths: + - backend: + service: + name: sourcegraph-frontend + port: + number: 30080 + path: / + pathType: Prefix diff --git a/components/executors/dind/executor.Deployment.yaml b/components/executors/dind/executor.Deployment.yaml index 7d4639ac..4e0948fa 100644 --- a/components/executors/dind/executor.Deployment.yaml +++ b/components/executors/dind/executor.Deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: executor - image: index.docker.io/sourcegraph/executor:6.0.0@sha256:0be94a7c91f8273db10fdf46718c6596340ab2acc570e7b85353806e67a27508 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/executor:6.1.376@sha256:2ee357b9e76d85d56a96711bf6f496fa2cb28448c6bcf66c59bfa6fee83bfaeb imagePullPolicy: Always livenessProbe: exec: @@ -60,7 +60,7 @@ spec: - mountPath: /scratch name: executor-scratch - name: dind - image: index.docker.io/sourcegraph/dind:6.0.0@sha256:1bbacc4186c3d9dbed735f17d629623190c146f48b98468560d9451df22f3618 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/dind:6.1.376@sha256:61c24622481e1b599c1dbb8b62f5a1a08db93e5e51cff263293ce48204bf8633 imagePullPolicy: Always securityContext: privileged: true diff --git a/components/executors/k8s/executor.Deployment.yaml b/components/executors/k8s/executor.Deployment.yaml index ea5b6364..ff9a0dc2 100644 --- a/components/executors/k8s/executor.Deployment.yaml +++ b/components/executors/k8s/executor.Deployment.yaml @@ -29,7 +29,7 @@ spec: serviceAccountName: executor containers: - name: executor - image: index.docker.io/sourcegraph/executor-kubernetes:6.0.0@sha256:6dc771a0c281a41ef676213f2f84a63d99045cf2e58d43022554a8022070ed65 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/executor-kubernetes:6.1.376@sha256:9df80d863e5be048e5bc29e663474f002dc11316cecec959aed46efa73e12664 imagePullPolicy: Always livenessProbe: exec: diff --git a/instances/my-sourcegraph/buildConfig.yaml b/instances/my-sourcegraph/buildConfig.yaml new file mode 100644 index 00000000..347370f2 --- /dev/null +++ b/instances/my-sourcegraph/buildConfig.yaml @@ -0,0 +1,35 @@ +################################################################################################ +# [BUILD CONFIGURATIONS] +# Some components read the configuration values in this file during the Kustomize build-process +# +# HOW TO USE: +# Enter the configuration values as instructed by components used in your kustomization.yaml +# Always refer to the component’s documentation or comments before updating +################################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + description: Some components read the configuration values from the "data" field below during the build process. You only need to update this file if you are using components that require specific CONFIG_KEYS. If no components in your overlay require extra configuration, no update is necessary. + labels: + deploy: sourcegraph + name: sourcegraph-kustomize-build-config +data: + # example: + EXAMPLE_CONFIG_KEY: example + #-------- Update config options below ---------# + # AWS_MANAGED_CERT_ARN: __placeholder__ + # GKE_MANAGED_CERT_NAME: __placeholder__ + # HOST_DOMAIN: __placeholder__ + # NEW_REDIS_CACHE_ENDPOINT: __placeholder__ + # NEW_REDIS_STORE_ENDPOINT: __placeholder__ + # PRIVATE_REGISTRY: __placeholder__ + # PRIVATE_REGISTRY_SECRET_KEY: __placeholder__ + # SSD_NODE_PATH: __placeholder__ + # STORAGECLASS_NAME: __placeholder__ + # STORAGECLASS_PROVISIONER: __placeholder__ + # STORAGECLASS_PARAM_TYPE: __placeholder__ + # TLS_HOST: __placeholder__ + # TLS_INGRESS_CLASS_NAME: __placeholder__ + # TLS_CLUSTER_ISSUER: __placeholder__ + # TLS_SECRET_NAME: __placeholder__ diff --git a/instances/my-sourcegraph/kustomization.yaml b/instances/my-sourcegraph/kustomization.yaml new file mode 100644 index 00000000..0c70879d --- /dev/null +++ b/instances/my-sourcegraph/kustomization.yaml @@ -0,0 +1,302 @@ +########################################################################################## +# DEPLOY INSTRUCTIONS +# +# Build Manifests: kubectl kustomize instances/$CURRENT_DIR -o cluster.yaml +# Review Manifests: less cluster.yaml +# kubectl apply --prune -l deploy=sourcegraph -f cluster.yaml +########################################################################################## +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +########################################################################################## +# [RESOURCES] Resources with default settings +# +# You can add additional resources to the end of this section if needed +########################################################################################## +resources: + # [REQUIRED: BUILD CONFIG] Update this file when using components that have "CONFIG KEYS" + - buildConfig.yaml # -- Update the CONFIG Key values in buildConfig.yaml when instructed + # [REQUIRED: RESOURCES] Resources for the default Sourcegraph instance + - ../../base/sourcegraph # -- Resources for Sourcegraph + - ../../base/monitoring # -- Resources for Sourcegraph Monitoring Stack + # ---------------- Add additional resources below this line if needed ---------------- # + # - +########################################################################################## +# [REQUIRED: NAMESPACE] Add namespace to all resources generated by this overlay +# +# NOTE: Include the 'namespace' component to create namespace with the same name if needed +########################################################################################## +namespace: ns-sourcegraph +########################################################################################## +# [COMPONENTS] Uncomment the lines for the components you'd like to include +# +# To configure your Sourcegraph deployment, uncomment the components/section +# below following the instructions in our configuration docs. +# +# Components with CONFIG KEYS require additional input in the ./buildConfig.yaml file +# +# Docs: +# https://docs.sourcegraph.com/admin/deploy/kubernetes/kustomize/configure +########################################################################################## +components: + #--------------------------------------------------------------------------------------- + # Namespace Creation + #--------------------------------------------------------------------------------------- + # - ../../components/resources/namespace # -- Create namespace based on NAMESPACE input above + # + #--------------------------------------------------------------------------------------- + # Monitoring Stack + #--------------------------------------------------------------------------------------- + # - ../../components/monitoring/otel # -- Deploy OpenTelemetry Collector + # - ../../components/monitoring/tracing # -- Deploy OpenTelemetry Collector with Jaeger as tracing backend + # - ../../components/monitoring/cadvisor # -- Add resources for cAdvisor (requires privileges) + # - ../../components/remove/daemonset # -- Remove all services with daemonsets: node-exporter & otel + # - ../../components/remove/otel-collector # -- Remove otel-collector and otel-agent + # + #--------------------------------------------------------------------------------------- + # Resource Allocation - Instance size based + #--------------------------------------------------------------------------------------- + # Use size XS resources by default. Include one only. + # Find your instance size on https://docs.sourcegraph.com/admin/deploy/instance-size + - ../../components/sizes/xs # -- Allocate resources for size XS instance + # - ../../components/sizes/s # -- Allocate resources for size S instance + # - ../../components/sizes/m # -- Allocate resources for size M instance + # - ../../components/sizes/l # -- Allocate resources for size L instance + # - ../../components/sizes/xl # -- Allocate resources for size XL instance + # - custom-resources # -- Allocate customized resources --See docs for detailed instructions + # + #--------------------------------------------------------------------------------------- + # Storage class + #--------------------------------------------------------------------------------------- + # - ../../components/storage-class/aws/aws-ebs # -- Create storage class resources for AWS when provisioner = `kubernetes.io/aws-ebs` + # - ../../components/storage-class/aws/ebs-csi # -- Create storage class resources for AWS when provisioner = `ebs.csi.aws.com` + # - ../../components/storage-class/azure # -- Create storage class resources for Azure AKS + # - ../../components/storage-class/gcp # -- Create storage class resources for GCP GKE + # - ../../components/storage-class/cloud # -- Create storage class resources for other cloud provider + # - ../../components/storage-class/trident/ext3 # -- Create storage class resources for Trident, fsType ext3 + # - ../../components/storage-class/trident/ext4 # -- Create storage class resources for Trident, fsType ext4 + # - ../../components/storage-class/trident/xfs # -- Create storage class resources for Trident, fsType xfs + # - ../../components/storage-class/k3s # -- Configure to use the default storage class in a k3s cluster + # - ../../components/storage-class/sourcegraph # -- Update storageClassName for all resources to 'sourcegraph' + # + # - ../../components/storage-class/name-update # -- Update storageClassName to $STORAGECLASS_NAME + # CONFIG KEYS: STORAGECLASS_NAME + # + # - ../../components/storage-class/cloud # -- Create a custom storage class for other cloud providers + # CONFIG KEYS: STORAGECLASS_NAME + # STORAGECLASS_PROVISIONER + # STORAGECLASS_PARAM_TYPE + # + # - ../../components/storage-class/ssd # -- Create resources to use local SSDs - requires RBACs + # CONFIG KEYS: SSD_NODE_PATH + # + #--------------------------------------------------------------------------------------- + # Networking + #--------------------------------------------------------------------------------------- + # - ../../components/remove/default-ingress # -- Remove the default ingress from frontend + # - ../../components/network/nodeport/30080 # -- Use nodeport 30080 for frontend service + # - ../../components/network/loadbalancer # -- Use load balancer type for frontend service + # - ../../components/network/network-policy # -- Add NetworkPolicy + # - ../../components/network/envoy # -- Add EnvoyFilter to resolve known issues caused by service mesh + # - ../../components/ingress/gke # -- Ingress controller settings for GKE with HTTP load balancing enabled + # - ../../components/ingress/alb # -- Ingress controller settings for AWS ALB + # - ../../components/ingress/k3s # -- Ingress controller settings for K3s + # - ../../components/clusters/aws/managed-cert # -- Apply settings to frontend ingress for aws managed cert + # - ../../components/clusters/gke/managed-cert # -- Apply settings to frontend ingress for gke managed cert + # + # - ../../components/ingress/hostname # -- Set hostname/domain for your Sourcegraph ingress + # CONFIG KEYS: HOST_DOMAIN + # + # - ../../components/network/tls # -- Enable TLS with existing certificates + # CONFIG KEYS: TLS_HOST + # TLS_INGRESS_CLASS_NAME + # TLS_CLUSTER_ISSUER + # + # - ../../components/network/tls-secretname # -- Replace TLS secretName with TLS_SECRET_NAME + # CONFIG KEYS: TLS_SECRET_NAME + # + #--------------------------------------------------------------------------------------- + # External Services + # You must add external instances via frontend env vars if you remove the bundled instances + #--------------------------------------------------------------------------------------- + # - ../../components/remove/pgsql/deployment # -- Remove default database deployment for frontend + # - ../../components/remove/pgsql/statefulset # -- Remove default database statefulset for frontend + # - ../../components/remove/codeintel-db/deployment # -- Remove default database deployment for code-intel + # - ../../components/remove/codeintel-db/statefulset # -- Remove default database statefulset for code-intel + # - ../../components/remove/codeinsights-db/deployment # -- Remove default database deployment for code-insights + # - ../../components/remove/codeinsights-db/statefulset # -- Remove default database statefulset for code-insights + # - ../../components/remove/redis # -- Remove embedded redis instance + # + # - ../../components/services/redis # -- Use external redis servers + # CONFIG KEYS: REDIS_CACHE_ENDPOINT + # REDIS_STORE_ENDPOINT + # + #--------------------------------------------------------------------------------------- + # Executors + # See https://docs.sourcegraph.com/admin/executors for information and instructions + #--------------------------------------------------------------------------------------- + # - ../../components/executors/k8s # -- Enable native K8s executors + # - ../../components/executors/dind # -- Enable dind executors + # - ../../components/executors/dind/private-docker-registry # -- Enable private docker registry + # + #--------------------------------------------------------------------------------------- + # Other Configurations + #--------------------------------------------------------------------------------------- + # - ../../components/clusters/k3s # -- Configure instance to run in a k3s cluster (storage class, network, etc) + # - ../../components/clusters/minikube # -- Configure instance to run in a minikube cluster (storage class, network, etc) + # - ../../components/enable/rockskip # -- Enable rockskip + # - ../../components/disable/rockskip # -- Disable rockskip + # - ../../components/enable/ssh/non-root # Enable SSH to clon repositories as non-root user (default) + # - ../../components/enable/ssh/root # Enable SSH to clon repositories as root user (when using privileged component) + # - ../../components/remove/pvcs # -- Remove all pvcs resources + # - ../../components/remove/prometheus # -- Remove prometheus + # - ../../components/remove/resources # -- Remove resources (Limits, requests) from all containers + # - ../../components/remove/security-context # -- Remove security context from all resources + # - ../../components/utils/uid # -- Run all Postgres database with valid users on host + # - ../../components/utils/multi-version-upgrade # -- Scale down non-database pods to 0 for multi-version upgrade + # - ../../components/utils/migrate-to-nonprivileged # -- Component for migrating from privileged to non-privileged + # + #--------------------------------------------------------------------------------------- + # Resource migration from deploy-sourcegraph + #--------------------------------------------------------------------------------------- + # - ../../components/clusters/old-base # -- Generate old cluster from deploy-sourcegraph + # - old-patches # -- Component to store patches from old deployment. See migration docs for more information + # + #--------------------------------------------------------------------------------------- + # Use private registry + #--------------------------------------------------------------------------------------- + # - ../../components/enable/private-registry # -- Update images name to private registry name + # CONFIG KEYS: PRIVATE_REGISTRY + # + # - ../../components/resources/imagepullsecrets # -- Add imagePullSecrets field to all resources + # CONFIG KEYS: IMAGE_PULL_SECRET_NAME + # + # ------------------------------------------------------------------------ + # Permission Configurations + # IMPORTANT: Keep the components below as the LAST components + # ------------------------------------------------------------------------ + # [DO NOT REMOVE] This component add replica count for some statefulset services as env vars to frontend + # so that when service discovery is disabled, frontend can generate service endpoints based on replica count + - ../../components/utils/endpoints # REQUIRED - DO NOT REMOVE + # + # - ../../components/privileged # -- Run Sourcegraph with privileged and root access + # - ../../components/monitoring/privileged # -- Run monitoring stack with privileged and root access + # + # Recommended for clusters with RBAC enabled. + # - ../../components/enable/service-discovery # -- Enable service-discovery for frontend +# +# +########################################################################################## +# [SECRETS GENERATOR] Turns the contents of the secret files into Kubernetes secrets +# +# Copy and paste all the associated files to the root of this directory +########################################################################################## +# secretGenerator: +# +# # - SSH for Gitserver to clone repositories - +# - name: gitserver-ssh +# files: +# - id_rsa +# - known_hosts +# +# # - TLS - +# - name: sourcegraph-frontend-tls +# behavior: create +# files: +# - tls.crt +# - tls.key +# +# # - Database - +# - name: dbs-secrets +# files: +# - secrets.env +# +# # - Executor - +# - name: executor-secret +# behavior: create +# literals: +# - password=our-shared-secret +# +########################################################################################## +# [CUSTOM RESOURCES] Add files as patches to customize resources +# +# Create a directory `patches` and then copy the required files as +# instructed by the configuration docs to update ConfigMaps and other +# resources using patch files to customize your deployment +# Do not use the built-in replicas field to update replica counts +########################################################################################## +# +# patches: +# #--------------------------------------------------------------------------------------- +# # custom patches +# #--------------------------------------------------------------------------------------- +# - path: patches/frontend-ingress.annotations.yaml +# - path: patches/prometheus.ConfigMap.yaml +# - path: patches/pgsql.ConfigMap.yaml +# - path: patches/otel-collector.ConfigMap.yaml +# - path: patches/custom.NodePort.yaml +# - path: patches/resources.yaml +# - path: patches/executor.ConfigMap.yaml +# +# #--------------------------------------------------------------------------------------- +# # Update env vars for non-frontend services +# #--------------------------------------------------------------------------------------- +# - patch: |- +# - op: add +# path: /spec/template/spec/containers/0/env/- +# value: +# name: SRC_ENABLE_GC_AUTO +# value: "true" +# target: +# name: gitserver +# kind: StatefulSet +# +# - patch: |- +# - op: replace +# path: /spec/template/spec/containers/0/env/0 +# value: +# name: SEARCHER_CACHE_SIZE_MB +# value: "50000" +# target: +# name: searcher +# kind: StatefulSet|Deployment +# +# - patch: |- +# - op: replace +# path: /spec/template/spec/containers/0/env/0 +# value: +# name: SYMBOLS_CACHE_SIZE_MB +# value: "50000" +# target: +# name: symbols +# kind: StatefulSet|Deployment +# +# #--------------------------------------------------------------------------------------- +# # Adjust Storage Sizes +# #--------------------------------------------------------------------------------------- +# - patch: |- +# - op: replace +# path: /spec/resources/requests/storage +# value: 100Gi +# target: +# kind: PersistentVolumeClaim +# name: blobstore|codeinsights-db|codeintel-db|pgsql|prometheus|redis-store|redis-cache|private-docker-registry +# +# - patch: |- +# - op: replace +# path: /spec/volumeClaimTemplates/0/spec/resources/requests/storage +# value: 200Gi +# target: +# kind: StatefulSet +# name: gitserver|indexed-search|searcher|symbols +# +# +########################################################################################## +# [FRONTEND ENV VARS] Handles updating env vars for sourcegraph-frontend +########################################################################################## +# +# configMapGenerator: +# - name: sourcegraph-frontend-env +# behavior: merge +# literals: +# - DEPLOY_TYPE=kustomize # make your edit below this line +#