diff --git a/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml b/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml index f49ac7f3..a4d97c38 100644 --- a/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml +++ b/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: serviceAccountName: cadvisor containers: - name: cadvisor - image: index.docker.io/sourcegraph/cadvisor:5.9.347@sha256:4f2a2c550f4cdfeca0d87cf607d75d356f3be6a32132fa88cdbb3e086ae6429a + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/cadvisor:5.9.17785@sha256:5b4459633e28b53a41fdb3118194d9c353373d7e4327e73cb44ad9a788815ae9 args: # Kubernetes-specific flags below (other flags are baked into the Docker image) # diff --git a/base/monitoring/grafana/grafana.StatefulSet.yaml b/base/monitoring/grafana/grafana.StatefulSet.yaml index 6ff87396..95189a82 100644 --- a/base/monitoring/grafana/grafana.StatefulSet.yaml +++ b/base/monitoring/grafana/grafana.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: grafana - image: index.docker.io/sourcegraph/grafana:5.9.347@sha256:91d0076d075a461d9ff977f9d32b2c7b7e453869ee38f36ab147f0f3fe347a3f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/grafana:5.9.17785@sha256:f26e275c6d2181a677a8fd077b4524fe85b478492a1d011af8e7aabb6c3edcb6 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3370 diff --git a/base/monitoring/jaeger/jaeger.Deployment.yaml b/base/monitoring/jaeger/jaeger.Deployment.yaml index 924b5ff8..d2a2de9b 100644 --- a/base/monitoring/jaeger/jaeger.Deployment.yaml +++ b/base/monitoring/jaeger/jaeger.Deployment.yaml @@ -30,7 +30,7 @@ spec: spec: containers: - name: jaeger - image: index.docker.io/sourcegraph/jaeger-all-in-one:5.9.347@sha256:5ab8468ff65c055abb7aaba15a8bca44f40835efa59117c734517779f4f8863c + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/jaeger-all-in-one:5.9.17785@sha256:0770db3b24ef3f77945ea5cca641217b54f9fc781ecaffba3cab9c52d8a0b4d7 args: ["--memory.max-traces=20000", "--sampling.strategies-file=/etc/jaeger/sampling_strategies.json", "--collector.otlp.enabled"] ports: - containerPort: 5775 diff --git a/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml b/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml index aa8df427..deb1ec56 100644 --- a/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml +++ b/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: node-exporter - image: index.docker.io/sourcegraph/node-exporter:5.9.347@sha256:43d70602b9f5a461fc6f137d743006605d18dab627b9961587fca499db721d7b + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/node-exporter:5.9.17785@sha256:8fc64a1c746b3720a022c78f83481550f2fb6c94bcbbfe1fc339f1314e22d233 imagePullPolicy: IfNotPresent resources: limits: diff --git a/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml b/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml index 509da0ce..30055e0b 100644 --- a/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml +++ b/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-agent - image: index.docker.io/sourcegraph/opentelemetry-collector:5.9.347@sha256:78846526afae30eaebd0c598720f05490e64cc32534421357d2b40444bf56bfa + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:5.9.17785@sha256:dd5aee9c51b53a51828c7723952d82ca752b79aabb1bd32861a61f66c597c32a command: - "/bin/otelcol-sourcegraph" - "--config=/etc/otel-agent/config.yaml" diff --git a/base/monitoring/otel-collector/otel-collector.Deployment.yaml b/base/monitoring/otel-collector/otel-collector.Deployment.yaml index 3b50a344..ffbd20ab 100644 --- a/base/monitoring/otel-collector/otel-collector.Deployment.yaml +++ b/base/monitoring/otel-collector/otel-collector.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-collector - image: index.docker.io/sourcegraph/opentelemetry-collector:5.9.347@sha256:78846526afae30eaebd0c598720f05490e64cc32534421357d2b40444bf56bfa + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:5.9.17785@sha256:dd5aee9c51b53a51828c7723952d82ca752b79aabb1bd32861a61f66c597c32a command: - "/bin/otelcol-sourcegraph" # To use a custom configuration, edit otel-collector.ConfigMap.yaml diff --git a/base/monitoring/prometheus/prometheus.Deployment.yaml b/base/monitoring/prometheus/prometheus.Deployment.yaml index 8e789d4c..aecc01a4 100644 --- a/base/monitoring/prometheus/prometheus.Deployment.yaml +++ b/base/monitoring/prometheus/prometheus.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: prometheus - image: index.docker.io/sourcegraph/prometheus:5.9.347@sha256:4a7710ede3b1eccadc0b6364d61c66d8f9a5c4b5a4209313987529fa4e9ebda1 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/prometheus:5.9.17785@sha256:73c3645eb4fbbb0763e22239904d5162b6d4120c0da4d45f3704173459a35ecb terminationMessagePolicy: FallbackToLogsOnError env: - name: SG_NAMESPACE diff --git a/base/sourcegraph/blobstore/blobstore.Deployment.yaml b/base/sourcegraph/blobstore/blobstore.Deployment.yaml index bfea37bb..2bc60618 100644 --- a/base/sourcegraph/blobstore/blobstore.Deployment.yaml +++ b/base/sourcegraph/blobstore/blobstore.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: blobstore - image: index.docker.io/sourcegraph/blobstore:5.9.347@sha256:aed5ade110f16b36237c040ffc787e73237e109f0b1341aaa608c44eae48004b + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/blobstore:5.9.17785@sha256:2eadc30402db576b9a9ffb3ed1abfbd26e455b7444ab0dde0bd2aa1838c7b21b livenessProbe: httpGet: path: / diff --git a/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml b/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml index 860a4363..dd107952 100644 --- a/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml +++ b/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:5.9.347@sha256:b4d78b475c4eb1fa4e592338bf619939d574b0ac7056df4d96533748c5c06560 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.9.17785@sha256:37e5c808adb380a04902e8620dbf44a716509431de4e7151e733609b40344084 command: ["sh", "-c", "if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; fi"] volumeMounts: - mountPath: /var/lib/postgresql/data/ @@ -45,7 +45,7 @@ spec: runAsUser: 70 containers: - name: codeinsights - image: index.docker.io/sourcegraph/codeinsights-db:5.9.347@sha256:dfe1d4f308ae27baddf144ceb7249b653af6c6cdd731a82e3a36741a7a939e94 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/codeinsights-db:5.9.17785@sha256:2a49fd773e6d15b1e2796917f511ec702e1d939e16cb5092c23c408859fd0cdd env: - name: POSTGRES_DB value: postgres @@ -82,7 +82,7 @@ spec: value: postgres://postgres:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_insights_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.9.347@sha256:5ae8e30dc827e30154ca1c0d309b476e0298b354e877fe95f71b4c5130d1da33 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.9.17785@sha256:f6a536624f6852b3c906b72bbe3bbcc29004a442de165698e5831f7834487bba terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml b/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml index c41cd667..d4bb2931 100644 --- a/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml +++ b/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:5.9.347@sha256:b4d78b475c4eb1fa4e592338bf619939d574b0ac7056df4d96533748c5c06560 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.9.17785@sha256:37e5c808adb380a04902e8620dbf44a716509431de4e7151e733609b40344084 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -45,7 +45,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/codeintel-db:5.9.347@sha256:98399050651d0d0ba169693c82f254ad1c160e28d3a16c42e1b82bbc7f0cb9e5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/codeintel-db:5.9.17785@sha256:516d731ba26bb138332429bcf964d7542b2573df5553bf1fb6f5be91a4c9af99 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -87,7 +87,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_intel_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.9.347@sha256:5ae8e30dc827e30154ca1c0d309b476e0298b354e877fe95f71b4c5130d1da33 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.9.17785@sha256:f6a536624f6852b3c906b72bbe3bbcc29004a442de165698e5831f7834487bba terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml b/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml index a5ac1c54..47dbd3a8 100644 --- a/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml +++ b/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: initContainers: - name: migrator - image: index.docker.io/sourcegraph/migrator:5.9.347@sha256:a2a90a003c12643e40256dc4a3a80cd6a1854b67d487b5f8ef7a3cfb6b5a0c93 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/migrator:5.9.17785@sha256:3a50acab73c079cbcc0df69ddb03225dd0183bcd02bf1ce9dc710849f3b78dde args: ["up"] resources: limits: @@ -48,7 +48,7 @@ spec: name: sourcegraph-frontend-env containers: - name: frontend - image: index.docker.io/sourcegraph/frontend:5.9.347@sha256:a6536c2379c05c6547910c5569dab5ddbc5b09a54219749bebcedfd550359cff + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/frontend:5.9.17785@sha256:2456ad7f20d04a674df8c926a2ab3576627bcc984b6118db18c11bd482f8cb10 args: - serve envFrom: diff --git a/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml b/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml index b520d789..cf647b78 100644 --- a/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml +++ b/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml @@ -35,7 +35,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/gitserver:5.9.347@sha256:ad4a27e69f33a9a38a53db0bd801ce6508bfebbc51b2af1e5a881b748742dab2 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/gitserver:5.9.17785@sha256:6ed0d3cb298f250687965b61f0762c6ffc290d293f8bc9a80145895fec52e4d6 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 5 diff --git a/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml b/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml index ba78c25b..9c4b924f 100644 --- a/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml +++ b/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml @@ -33,7 +33,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/indexed-searcher:5.9.347@sha256:817141cc166702896fdf14f710b5d610042c0639e1dd2ea5a6ef572648fd8456 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/indexed-searcher:5.9.17785@sha256:617eca4a1b5e4fefaa6a87c5423667b68a0c27b3c606dbefdd8d74823a913cde terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6070 @@ -72,7 +72,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/search-indexer:5.9.347@sha256:2542aaa8fb7b418b94374c14797b90ad3b39688b324897b0adfc726d05a2ba48 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/search-indexer:5.9.17785@sha256:97977b63da0b0c1f33926d0a32201e532ffbeada2be2d561c80503c695a28ab5 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6072 diff --git a/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml b/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml index 641a2c3d..71b749c6 100644 --- a/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml +++ b/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:5.9.347@sha256:b4d78b475c4eb1fa4e592338bf619939d574b0ac7056df4d96533748c5c06560 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.9.17785@sha256:37e5c808adb380a04902e8620dbf44a716509431de4e7151e733609b40344084 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -46,7 +46,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/postgres-12-alpine:5.9.347@sha256:98399050651d0d0ba169693c82f254ad1c160e28d3a16c42e1b82bbc7f0cb9e5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres-12-alpine:5.9.17785@sha256:516d731ba26bb138332429bcf964d7542b2573df5553bf1fb6f5be91a4c9af99 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -90,7 +90,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.9.347@sha256:5ae8e30dc827e30154ca1c0d309b476e0298b354e877fe95f71b4c5130d1da33 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.9.17785@sha256:f6a536624f6852b3c906b72bbe3bbcc29004a442de165698e5831f7834487bba terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/precise-code-intel/worker.Deployment.yaml b/base/sourcegraph/precise-code-intel/worker.Deployment.yaml index 78c0b0f0..b5da1434 100644 --- a/base/sourcegraph/precise-code-intel/worker.Deployment.yaml +++ b/base/sourcegraph/precise-code-intel/worker.Deployment.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:5.9.347@sha256:aa0a9787d2626d606f89e9bd39371f3d21261d9d700102aa70e2640f2ed6ff2b + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/precise-code-intel-worker:5.9.17785@sha256:1c5952b0fdfb0c134bb0d7269cf36d90fc725050f98c6047a68111c12e941e84 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/sourcegraph/redis/redis-cache.Deployment.yaml b/base/sourcegraph/redis/redis-cache.Deployment.yaml index 6fe51622..f69aa827 100644 --- a/base/sourcegraph/redis/redis-cache.Deployment.yaml +++ b/base/sourcegraph/redis/redis-cache.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: redis-cache - image: index.docker.io/sourcegraph/redis-cache:5.9.347@sha256:a9ff1251eb3c4e8934516bb7266eb131b8ef2a8cc715a1841baea4bedce75341 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-cache:5.9.17785@sha256:c0420c12bf50f4c60fd6a1c59ecd62e28febee402aa19249974116b95b0178f1 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -70,7 +70,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:5.9.347@sha256:f5f1b1e78c6812b91185418c38497930eed16fd5d0633518ef5c73d6a98c1f1f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:5.9.17785@sha256:a8008099a466b4a1475741572c1a93f786182b5c6247d66173a11584ed3639ac terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/sourcegraph/redis/redis-store.Deployment.yaml b/base/sourcegraph/redis/redis-store.Deployment.yaml index 4473886e..8a4ba625 100644 --- a/base/sourcegraph/redis/redis-store.Deployment.yaml +++ b/base/sourcegraph/redis/redis-store.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: redis-store - image: index.docker.io/sourcegraph/redis-store:5.9.347@sha256:2364359b9fdeb53e25831e0ff3783867a74333c6cc4df4f5d272e3eb87356cd1 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-store:5.9.17785@sha256:ef7517c7b65c73f9b581dbd4469828bad12c51fc369ec5caffeebace3e972b9e terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -69,7 +69,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:5.9.347@sha256:f5f1b1e78c6812b91185418c38497930eed16fd5d0633518ef5c73d6a98c1f1f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:5.9.17785@sha256:a8008099a466b4a1475741572c1a93f786182b5c6247d66173a11584ed3639ac terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml b/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml index 0fa214e4..30310ef9 100644 --- a/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml +++ b/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: repo-updater - image: index.docker.io/sourcegraph/repo-updater:5.9.347@sha256:093e0e0e9f717bd26b3309a59d69238e5ae8caf60b84f11c4d49a4ffb5437db5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/repo-updater:5.9.17785@sha256:d8c17aac658b55b85c98a29f85968c1ce98c9de3ba65cf332157cf5649534fd6 env: # OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable - name: OTEL_AGENT_HOST diff --git a/base/sourcegraph/searcher/searcher.StatefulSet.yaml b/base/sourcegraph/searcher/searcher.StatefulSet.yaml index 297a2e85..130e4957 100644 --- a/base/sourcegraph/searcher/searcher.StatefulSet.yaml +++ b/base/sourcegraph/searcher/searcher.StatefulSet.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/searcher:5.9.347@sha256:6ef2e798c158a8129f1a6a4206ec4eff31b6f4bbf2a52ef22ecdd6e64fa013b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/searcher:5.9.17785@sha256:9cdb3110a4ae29cb4811a1be69810c2f1cb14fd0a4ace478ebcea8916519d4f1 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3181 diff --git a/base/sourcegraph/symbols/symbols.StatefulSet.yaml b/base/sourcegraph/symbols/symbols.StatefulSet.yaml index 1be60fd1..4e63ed38 100644 --- a/base/sourcegraph/symbols/symbols.StatefulSet.yaml +++ b/base/sourcegraph/symbols/symbols.StatefulSet.yaml @@ -43,7 +43,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:5.9.347@sha256:ed5f4c5db70dd0f256f332f30a93b91c0d32de0686b531c7b377f1da33d3bc42 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/symbols:5.9.17785@sha256:d7b2d2ff028e0dc6af4fb88bc1132be61285fe0a2c05e11346fbd87a5e53ebbb livenessProbe: httpGet: path: /healthz diff --git a/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml b/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml index c182c1db..b837a47c 100644 --- a/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml +++ b/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml @@ -32,7 +32,7 @@ spec: allowPrivilegeEscalation: false runAsGroup: 101 runAsUser: 100 - image: index.docker.io/sourcegraph/syntax-highlighter:5.9.347@sha256:068144989c8afa62db3dcb45bc86697f6da84e376ac42d4c25b794c2b8b3c97c + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/syntax-highlighter:5.9.17785@sha256:230685b85b02e789e41f3c9ca354991f5d13e66289a1ae7e50f44fd22a4140a6 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/sourcegraph/worker/worker.Deployment.yaml b/base/sourcegraph/worker/worker.Deployment.yaml index a400f6ed..bdc065e1 100644 --- a/base/sourcegraph/worker/worker.Deployment.yaml +++ b/base/sourcegraph/worker/worker.Deployment.yaml @@ -48,7 +48,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/worker:5.9.347@sha256:b4b01b6ee35420743ac2c7492d19e0479d151be84b850c96bc96a52a88e2f1dd + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/worker:5.9.17785@sha256:fb69eb97aba4d9dc7b59fca6e7d81dbf164223a0c8beab9587eb87ab1f659267 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/cluster.yaml b/cluster.yaml new file mode 100644 index 00000000..0d346a46 --- /dev/null +++ b/cluster.yaml @@ -0,0 +1,4561 @@ +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 20 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP settings - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_min_protocol_version = 'TLSv1' + #ssl_max_protocol_version = '' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 509546kB # min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 3184kB # min 64kB + maintenance_work_mem = 254773kB # min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + #shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + + # - Disk - + + #temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + #bgwriter_delay = 200ms # 10-10000ms between rounds + #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 19 # (change requires restart) + #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers + max_parallel_workers_per_gather = 4 # taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + #wal_init_zero = on # zero-fill new WAL files + #wal_recycle = on # recycle WAL files + wal_buffers = 15285kB # min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 1GB + min_wal_size = 512MB + checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + # - Archive Recovery - + + # These are only used in recovery mode. + + #restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) + #archive_cleanup_command = '' # command to execute at every restartpoint + #recovery_end_command = '' # command to execute at completion of recovery + + # - Recovery Target - + + # Set these only when performing a targeted recovery. + + #recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) + #recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) + #recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) + #recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) + #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) + #recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) + #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) + #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #primary_conninfo = '' # connection string to sending server + # (change requires restart) + #primary_slot_name = '' # replication slot on sending server + # (change requires restart) + #promote_trigger_file = '' # file name whose presence ends recovery + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 1492MB + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + default_statistics_target = 500 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = on # allow JIT compilation + #plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + #log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + autovacuum_max_workers = 10 # max number of autovacuum subprocesses + # (change requires restart) + autovacuum_naptime = 10 # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #default_table_access_method = 'heap' + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. Note that these are directives, not variable + # assignments, so they can usefully be given more than once. + + #include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '...' # include file only if it exists + #include = '...' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for CodeInsightsDB + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db-conf + namespace: default +--- +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # SOURCEGRAPH CUSTOMIZATIONS CONTAIN "# SG CUSTOM" in the comment + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 100 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP Keepalives - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 1GB # SG CUSTOM min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 5MB # SG CUSTOM min 64kB + maintenance_work_mem = 250MB # SG CUSTOM min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + + # - Disk - + + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds + bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables + + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 4 # SG CUSTOM (change requires restart) + max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers + max_parallel_workers_per_gather = 2 # SG CUSTOM taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 4 # SG CUSTOM maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + wal_buffers = 16MB # SG CUSTOM min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 8GB # SG CUSTOM + min_wal_size = 2GB # SG CUSTOM + #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # SG CUSTOM same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 3GB # SG CUSTOM + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + #default_statistics_target = 100 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = off # allow JIT compilation + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'Etc/UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + #autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) + #autovacuum_naptime = 1min # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'Etc/UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 0 # min -15, max 3 + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + #shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + #max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #default_with_oids = off + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. + + #include_dir = '' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '' # include file only if it exists + #include = '' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for PostgreSQL + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db-conf + namespace: default +--- +apiVersion: v1 +data: + datasources.yml: | + apiVersion: 1 + + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus:30090 + isDefault: true + editable: false + - name: pgsql + type: postgres + url: $GRAFANA_PGSQL_HOST:$GRAFANA_PGSQL_PORT + user: $GRAFANA_PGSQL_USER + database: $GRAFANA_PGSQL_DATABASE + secureJsonData: + password: $GRAFANA_PGSQL_PASSWORD + jsonData: + sslmode: $GRAFANA_PGSQL_SSLMODE +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: default +--- +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # SOURCEGRAPH CUSTOMIZATIONS CONTAIN "# SG CUSTOM" in the comment + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 100 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP Keepalives - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 1GB # SG CUSTOM min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 5MB # SG CUSTOM min 64kB + maintenance_work_mem = 250MB # SG CUSTOM min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + + # - Disk - + + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds + bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables + + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 4 # SG CUSTOM (change requires restart) + max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers + max_parallel_workers_per_gather = 2 # SG CUSTOM taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 4 # SG CUSTOM maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + wal_buffers = 16MB # SG CUSTOM min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 8GB # SG CUSTOM + min_wal_size = 2GB # SG CUSTOM + #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # SG CUSTOM same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 3GB # SG CUSTOM + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + #default_statistics_target = 100 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = off # allow JIT compilation + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'Etc/UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + #autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) + #autovacuum_naptime = 1min # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'Etc/UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 0 # min -15, max 3 + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + #shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + #max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #default_with_oids = off + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. + + #include_dir = '' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '' # include file only if it exists + #include = '' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for PostgreSQL + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql-conf + namespace: default +--- +apiVersion: v1 +data: + extra_rules.yml: "" + prometheus.yml: | + global: # Prometheus global config + # scrape_timeout is set to the global default (10s) + scrape_interval: 30s # How frequently to scrape targets by default + evaluation_interval: 30s # How frequently to evaluate rules + alerting: # Alertmanager configuration + alertmanagers: + # bundled alertmanager, started by prom-wrapper + - static_configs: + - targets: ["127.0.0.1:9093"] + path_prefix: /alertmanager + # add more alertmanagers here + rule_files: # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. + - "/sg_config_prometheus/*_rules.yml" + - "/sg_prometheus_add_ons/*_rules.yml" + scrape_configs: # Configure targets to scrape + # Scrape prometheus itself for metrics. + - job_name: "builtin-prometheus" + static_configs: + - targets: ["127.0.0.1:9092"] + # Scrape Alertmanager + - job_name: "builtin-alertmanager" + metrics_path: /alertmanager/metrics + static_configs: + - targets: ["127.0.0.1:9093"] + #------------------------------------------------------------------------------ + # cAdvisor + #------------------------------------------------------------------------------ + - job_name: "kubernetes-pods" + dns_sd_configs: + - names: + - "cadvisor.default.svc.cluster.local" + - "cadvisor.ns-sourcegraph.svc.cluster.local" + type: A + port: 48080 + relabel_configs: + - source_labels: [__address__] + target_label: instance + regex: (.*)\.(.*) + replacement: cadvisor_${2} + - source_labels: [container_label_io_kubernetes_pod_name] + target_label: name + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] + regex: (.+) + action: replace + target_label: name + separator: "-" + #------------------------------------------------------------------------------ + # Sourcegraph Service Discovery with DNS-SRV records + # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + #------------------------------------------------------------------------------ + - job_name: "sourcegraph-statefulsets" + dns_sd_configs: + - names: + - "symbols.default.svc.cluster.local" + - "symbols.ns-sourcegraph.svc.cluster.local" + - "symbols.$SG_NAMESPACE.svc.cluster.local" + - "searcher.default.svc.cluster.local" + - "searcher.ns-sourcegraph.svc.cluster.local" + - "searcher.$SG_NAMESPACE.svc.cluster.local" + - "gitserver.default.svc.cluster.local" + - "gitserver.ns-sourcegraph.svc.cluster.local" + - "gitserver.$SG_NAMESPACE.svc.cluster.local" + - "sourcegraph-frontend.default.svc.cluster.local" + - "sourcegraph-frontend.ns-sourcegraph.svc.cluster.local" + - "sourcegraph-frontend.$SG_NAMESPACE.svc.cluster.local" + - "indexed-search.default.svc.cluster.local" + - "indexed-search.ns-sourcegraph.svc.cluster.local" + - "indexed-search.$SG_NAMESPACE.svc.cluster.local" + - "indexed-search-indexer.default.svc.cluster.local" + - "indexed-search-indexer.ns-sourcegraph.svc.cluster.local" + - "indexed-search-indexer.$SG_NAMESPACE.svc.cluster.local" + type: SRV + relabel_configs: + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: (.*)\. + replacement: ${1}:6060 + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: ^(indexed-search.*)\. + replacement: ${1}:6070 + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: (.*)\.(indexed-search-indexer.*)\. + replacement: ${1}.${2}:6072 + - source_labels: [__meta_dns_srv_record_port] + target_label: __meta_dns_srv_record_port + replacement: "6060" + - source_labels: [__address__] + regex: ^(indexed-search).*$ + target_label: __meta_dns_srv_record_port + replacement: "6070" + - source_labels: [__meta_dns_name] + target_label: job + regex: (.*)\..*\..*\..*\..* + replacement: ${1} + - source_labels: [__meta_dns_srv_record_target] + regex: (.*)\.(.*)\..*\..*\..*\..*\..* + target_label: instance + replacement: ${2}_${1} + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + - source_labels: [__address__] + target_label: instance + regex: (.*)\:.* + replacement: $1:6060 + - source_labels: [__address__] + target_label: instance + regex: (.*)\.(.*)\..*\..*\..*\..*\..* + replacement: ${2}_${1} + - source_labels: [container_label_io_kubernetes_pod_namespace] + target_label: ns + action: replace + #------------------------------------------------------------------------------ + # Sourcegraph Service Discovery with statics targets + #------------------------------------------------------------------------------ + - job_name: "sourcegraph-services" + relabel_configs: + - source_labels: [__address__] + target_label: instance + regex: (.*)\:(.*) + replacement: ${1} + - source_labels: [__address__] + target_label: job + regex: (.*)\:(.*) + replacement: ${1} + - source_labels: [container_label_io_kubernetes_pod_namespace] + action: replace + target_label: ns + - source_labels: [pod] + action: replace + target_label: pod + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + static_configs: + - labels: + group: sourcegraph-service + targets: + - sourcegraph-frontend:6060 + - repo-updater:6060 + - worker:6060 + - worker-executors:6996 + - syntect-server:6060 + - precise-code-intel-worker:6060 + - pgsql:9187 + - codeintel-db:9187 + - codeinsights-db:9187 + - redis-cache:9121 + - redis-store:9121 + - node-exporter:9100 + - otel-collector:8888 + - cadvisor:48080 + - executor:6060 + prometheus_targets.yml: "" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: default +--- +apiVersion: v1 +data: + CODEINSIGHTS_PGDATASOURCE: postgres://postgres:password@codeinsights-db:5432/postgres + CODEINTEL_PGDATABASE: sg + CODEINTEL_PGHOST: codeintel-db + CODEINTEL_PGPORT: "5432" + CODEINTEL_PGSSLMODE: disable + CODEINTEL_PGUSER: sg + DEPLOY_TYPE: kustomize + GRAFANA_SERVER_URL: http://grafana:30070 + INDEXED_SEARCH_SERVERS: "0" + PGDATABASE: sg + PGHOST: pgsql + PGPORT: "5432" + PGSSLMODE: disable + PGUSER: sg + PROMETHEUS_URL: http://prometheus:30090 + SEARCHER_URL: "0" + SRC_GIT_SERVERS: "0" + SYMBOLS_URL: "0" +kind: ConfigMap +metadata: + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend-env + namespace: default +--- +apiVersion: v1 +data: + EXAMPLE_CONFIG_KEY: example +kind: ConfigMap +metadata: + annotations: + description: Some components read the configuration values from the "data" field + below during the build process. You only need to update this file if you are + using components that require specific CONFIG_KEYS. If no components in your + overlay require extra configuration, no update is necessary. + labels: + deploy: sourcegraph + name: sourcegraph-kustomize-build-config + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: blobstore + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: default +spec: + ports: + - name: blobstore + port: 9000 + targetPort: blobstore + selector: + app: blobstore + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: codeinsights-db + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: default +spec: + ports: + - name: codeinsights-db + port: 5432 + targetPort: codeinsights-db + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: codeinsights-db + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: codeintel-db + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: default +spec: + ports: + - name: pgsql + port: 5432 + targetPort: pgsql + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: codeintel-db + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + gitserver stateful set. + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: gitserver + app.kubernetes.io/component: gitserver + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + type: gitserver + name: gitserver + namespace: default +spec: + clusterIP: None + ports: + - name: unused + port: 10811 + targetPort: 10811 + selector: + app: gitserver + type: gitserver + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: grafana + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: default +spec: + ports: + - name: http + port: 30070 + targetPort: http + selector: + app: grafana + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + indexed-search stateful set. + prometheus.io/port: "6070" + sourcegraph.prometheus/scrape: "true" + labels: + app: indexed-search + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search + namespace: default +spec: + clusterIP: None + ports: + - port: 6070 + targetPort: 6070 + selector: + app: indexed-search + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + indexed-search stateful set. + prometheus.io/port: "6072" + sourcegraph.prometheus/scrape: "true" + labels: + app: indexed-search-indexer + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search-indexer + namespace: default +spec: + clusterIP: None + ports: + - port: 6072 + targetPort: 6072 + selector: + app: indexed-search + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Prometheus exporter for hardware and OS metrics. + prometheus.io/port: "9100" + sourcegraph.prometheus/scrape: "true" + url: https://github.com/prometheus/node_exporter + labels: + app: node-exporter + app.kubernetes.io/component: node-exporter + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: node-exporter + namespace: default +spec: + ports: + - name: metrics + port: 9100 + targetPort: metrics + selector: + app: node-exporter + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: pgsql + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: default +spec: + ports: + - name: pgsql + port: 5432 + targetPort: pgsql + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: pgsql + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: precise-code-intel-worker + namespace: default +spec: + ports: + - name: http + port: 3188 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: precise-code-intel-worker + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: prometheus + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: default +spec: + ports: + - name: http + port: 30090 + targetPort: http + selector: + app: prometheus + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + labels: + app: redis-cache + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: default +spec: + ports: + - name: redis + port: 6379 + targetPort: redis + - name: redisexp + port: 9121 + targetPort: redisexp + selector: + app: redis-cache + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + labels: + app: redis-store + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: default +spec: + ports: + - name: redis + port: 6379 + targetPort: redis + - name: redisexp + port: 9121 + targetPort: redisexp + selector: + app: redis-store + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: repo-updater + namespace: default +spec: + ports: + - name: http + port: 3182 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: repo-updater + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: searcher + app.kubernetes.io/component: searcher + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: searcher + namespace: default +spec: + clusterIP: None + ports: + - name: http + port: 3181 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: searcher + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: default +spec: + ports: + - name: http + port: 30080 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: sourcegraph-frontend + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend-internal + namespace: default +spec: + ports: + - name: http-internal + port: 80 + targetPort: http-internal + selector: + app: sourcegraph-frontend + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: symbols + app.kubernetes.io/component: symbols + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: symbols + namespace: default +spec: + clusterIP: None + ports: + - name: http + port: 3184 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: symbols + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: syntect-server + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntect-server + namespace: default +spec: + ports: + - name: http + port: 9238 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: syntect-server + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: worker + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker + namespace: default +spec: + ports: + - name: http + port: 3189 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: worker + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6996" + sourcegraph.prometheus/scrape: "true" + labels: + app: worker + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker-executors + namespace: default +spec: + ports: + - name: prom + port: 6996 + targetPort: prom + selector: + app: worker + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: standard +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: standard +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: standard +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: standard +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: standard +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: standard +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: standard +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: generic S3-like blobstore for storing LSIF uploads. + kubectl.kubernetes.io/default-container: blobstore + labels: + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: blobstore + strategy: + type: Recreate + template: + metadata: + labels: + app: blobstore + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/blobstore:6.0.0@sha256:82caab40f920282069c84e0e4ca503857926e934c67fb022f6d93823b4ea98b5 + livenessProbe: + httpGet: + path: / + port: blobstore + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: blobstore + ports: + - containerPort: 9000 + name: blobstore + readinessProbe: + httpGet: + path: / + port: blobstore + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: blobstore-data + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: blobstore-data + persistentVolumeClaim: + claimName: blobstore +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Handles conversion of uploaded precise code intelligence bundles. + labels: + app.kubernetes.io/component: precise-code-intel + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: precise-code-intel-worker + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: precise-code-intel-worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: precise-code-intel-worker + deploy: sourcegraph + spec: + containers: + - env: + - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND + value: blobstore + - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT + value: http://blobstore:9000 + - name: NUM_WORKERS + value: "4" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/precise-code-intel-worker:6.0.0@sha256:3a72cf893cb25731d4636593c544c91781d925d867417416255e56debc27ed37 + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Collects metrics and aggregates them into graphs. + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: prometheus + strategy: + type: Recreate + template: + metadata: + labels: + app: prometheus + deploy: sourcegraph + spec: + containers: + - env: + - name: SG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: index.docker.io/sourcegraph/prometheus:6.0.0@sha256:86a315720fd9813d9ef9746d92e637bc20cd9ebd90da78d8cc6906062252891f + name: prometheus + ports: + - containerPort: 9090 + name: http + readinessProbe: + failureThreshold: 120 + httpGet: + path: /-/ready + port: 9090 + periodSeconds: 5 + timeoutSeconds: 3 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 100 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /prometheus + name: data + - mountPath: /sg_prometheus_add_ons + name: config + securityContext: + fsGroup: 100 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + terminationGracePeriodSeconds: 120 + volumes: + - name: data + persistentVolumeClaim: + claimName: prometheus + - configMap: + defaultMode: 511 + name: prometheus + name: config +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Redis for storing short-lived caches. + kubectl.kubernetes.io/default-container: redis-cache + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: redis-cache + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-cache + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/redis-cache:6.0.0@sha256:40ea19e8944b93e05d7697c808969fe0c81a014a56245f3a97b645aa34a9ab78 + livenessProbe: + initialDelaySeconds: 30 + tcpSocket: + port: redis + name: redis-cache + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + #!/bin/bash + PASS_CHECK=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + if [ ! -z "$PASS_CHECK" ]; then + export REDISCLI_AUTH="$PASS_CHECK" + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + initialDelaySeconds: 10 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-cache +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Redis for storing semi-persistent data like user sessions. + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: redis-store + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-store + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/redis-store:6.0.0@sha256:39f3b27d993652c202c1f892df83e1a3e8e8ea5ae58291f79ad14b56672ab8be + livenessProbe: + initialDelaySeconds: 30 + tcpSocket: + port: redis + name: redis-store + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + #!/bin/bash + PASS_CHECK=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + if [ ! -z "$PASS_CHECK" ]; then + export REDISCLI_AUTH="$PASS_CHECK" + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + initialDelaySeconds: 10 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:6.0.0@sha256:b2ec48fc6adef31f36d525170138dec303c1c0c20c530d659f1fb7c6c54698af + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-store +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Handles repository metadata (not Git data) lookups and updates from + external code hosts and other similar services. + kubectl.kubernetes.io/default-container: repo-updater + labels: + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: repo-updater + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: repo-updater + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: repo-updater + deploy: sourcegraph + spec: + containers: + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/repo-updater:6.0.0@sha256:238702dde17eaa41f9dc5b5f379c08a9e57940587128ceda6008d7f06e72cccc + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Serves the frontend of Sourcegraph via HTTP(S). + kubectl.kubernetes.io/default-container: frontend + labels: + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: sourcegraph-frontend + strategy: + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: sourcegraph-frontend + deploy: sourcegraph + spec: + containers: + - args: + - serve + env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + envFrom: + - configMapRef: + name: sourcegraph-frontend-env + image: index.docker.io/sourcegraph/frontend:6.0.0@sha256:d4f21178096da5fdb3804099ae9de2e050b06e859a327aa79452b1ea2f3ede0a + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 300 + timeoutSeconds: 5 + name: frontend + ports: + - containerPort: 3080 + name: http + - containerPort: 3090 + name: http-internal + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - up + envFrom: + - configMapRef: + name: sourcegraph-frontend-env + image: index.docker.io/sourcegraph/migrator:6.0.0@sha256:ec295eb0b743da6bf56777ca6524972267a5c442b0288095e2fe12fce38ebacc + name: migrator + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Backend for syntax highlighting operations. + labels: + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntect-server + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: syntect-server + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: syntect-server + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/syntax-highlighter:6.0.0@sha256:1e35f77690222a76724b45f2305b838c40c35201e60b0f619b3fe8499504ff60 + livenessProbe: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: syntect-server + ports: + - containerPort: 9238 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + tcpSocket: + port: http + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Manages background processes. + labels: + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker + namespace: default +spec: + minReadySeconds: 10 + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: worker + deploy: sourcegraph + spec: + containers: + - env: + - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND + value: blobstore + - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT + value: http://blobstore:9000 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/worker:6.0.0@sha256:4892c5aa107d4384f811afcf1980e0fb2cb8beb5585a15adcb64353a2d8abf5a + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: worker + ports: + - containerPort: 3189 + name: http + - containerPort: 6060 + name: debug + - containerPort: 6996 + name: prom + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Code Insights Postgres DB instance. + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: default +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: codeinsights-db + serviceName: codeinsights-db + template: + metadata: + labels: + app: codeinsights-db + deploy: sourcegraph + group: backend + spec: + containers: + - env: + - name: POSTGRES_DB + value: postgres + - name: POSTGRES_PASSWORD + value: password + - name: POSTGRES_USER + value: postgres + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POSTGRESQL_CONF_DIR + value: /conf + image: index.docker.io/sourcegraph/postgresql-16-codeinsights:6.0.0@sha256:24263ff136f8cc328d63808982beb4a109461da30b522b63d2867a4e708713c9 + name: codeinsights + ports: + - containerPort: 5432 + name: codeinsights-db + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 70 + runAsUser: 70 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/lib/postgresql/data/ + name: disk + - mountPath: /conf + name: codeinsights-conf + - env: + - name: DATA_SOURCE_NAME + value: postgres://postgres:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_insights_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; + fi + image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + name: correct-data-dir-permissions + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 70 + runAsUser: 70 + volumeMounts: + - mountPath: /var/lib/postgresql/data/ + name: disk + securityContext: + fsGroup: 70 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 70 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: codeinsights-db + - configMap: + defaultMode: 511 + name: codeinsights-db-conf + name: codeinsights-conf + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Postgres database for various data. + kubectl.kubernetes.io/default-container: pgsql + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: default +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: codeintel-db + serviceName: codeintel-db + template: + metadata: + labels: + app: codeintel-db + deploy: sourcegraph + group: backend + spec: + containers: + - image: index.docker.io/sourcegraph/postgresql-16:6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb + livenessProbe: + exec: + command: + - /liveness.sh + initialDelaySeconds: 15 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + readinessProbe: + exec: + command: + - /ready.sh + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - env: + - name: DATA_SOURCE_NAME + value: postgres://sg:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_intel_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + name: correct-data-dir-permissions + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + volumeMounts: + - mountPath: /data + name: disk + securityContext: + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: codeintel-db + - configMap: + defaultMode: 511 + name: codeintel-db-conf + name: pgsql-conf + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Stores clones of repositories to perform Git operations. + kubectl.kubernetes.io/default-container: gitserver + labels: + app.kubernetes.io/component: gitserver + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: gitserver + namespace: default +spec: + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: gitserver + serviceName: gitserver + template: + metadata: + labels: + app: gitserver + deploy: sourcegraph + group: backend + type: gitserver + spec: + containers: + - args: + - run + env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/gitserver:6.0.0@sha256:aec9bf6993c243a283109104cd7c44be3c85680b77e3e8be0c5fba8f01a3bd35 + livenessProbe: + initialDelaySeconds: 5 + tcpSocket: + port: rpc + timeoutSeconds: 5 + name: gitserver + ports: + - containerPort: 3178 + name: rpc + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data/repos + name: repos + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: repos + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: repos + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + storageClassName: standard +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Metrics/monitoring dashboards and alerts. + kubectl.kubernetes.io/default-container: grafana + labels: + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: default +spec: + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: grafana + serviceName: grafana + template: + metadata: + labels: + app: grafana + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/grafana:6.0.0@sha256:e40236d0143d0735ff87374afce95b878b8cde448ef65cfdc7008056a03097e8 + name: grafana + ports: + - containerPort: 3370 + name: http + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 472 + runAsUser: 472 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/lib/grafana + name: grafana-data + - mountPath: /sg_config_grafana/provisioning/datasources + name: config + securityContext: + fsGroup: 472 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 472 + volumes: + - configMap: + defaultMode: 511 + name: grafana + name: config + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: grafana-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + storageClassName: standard +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for indexed text search operations. + labels: + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search + namespace: default +spec: + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: indexed-search + serviceName: indexed-search + template: + metadata: + labels: + app: indexed-search + deploy: sourcegraph + spec: + containers: + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: OPENTELEMETRY_DISABLED + value: "false" + image: index.docker.io/sourcegraph/indexed-searcher:6.0.0@sha256:99038e0ec9bef930030c118d774fcdcd67d7fe57ad4c80d216703a4d29d64323 + name: zoekt-webserver + ports: + - containerPort: 6070 + name: http + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: data + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: OPENTELEMETRY_DISABLED + value: "false" + image: index.docker.io/sourcegraph/search-indexer:6.0.0@sha256:11539e07040b85045a9aa07f970aa310066e240dc28e6c9627653ee2bc6e0b91 + name: zoekt-indexserver + ports: + - containerPort: 6072 + name: index-http + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: data + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: data + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + labels: + deploy: sourcegraph + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + storageClassName: standard +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Postgres database for various data. + kubectl.kubernetes.io/default-container: pgsql + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: default +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: pgsql + serviceName: pgsql + template: + metadata: + labels: + app: pgsql + deploy: sourcegraph + group: backend + spec: + containers: + - image: index.docker.io/sourcegraph/postgresql-16:6.0.0@sha256:224a2604331cb73809f466394c5b4f3ca95bf6a5a140cb75820dfe67301074bb + livenessProbe: + exec: + command: + - /liveness.sh + initialDelaySeconds: 15 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + readinessProbe: + exec: + command: + - /ready.sh + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - mountPath: /dev/shm + name: dshm + - env: + - name: DATA_SOURCE_NAME + value: postgres://sg:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:6.0.0@sha256:685a18f482e4a71a54e15814ffd6b8cd62844f6af056a81f7ec0ba5cf23fce27 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:6.0.0@sha256:c4705ccf969e262ee3916719ecc7c0fb5e606dd954278ac07ac1d052e4e490df + name: correct-data-dir-permissions + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + volumeMounts: + - mountPath: /data + name: disk + securityContext: + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: pgsql + - configMap: + defaultMode: 511 + name: pgsql-conf + name: pgsql-conf + - emptyDir: + medium: Memory + sizeLimit: 1G + name: dshm + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for text search operations. + kubectl.kubernetes.io/default-container: searcher + labels: + app.kubernetes.io/component: searcher + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: searcher + namespace: default +spec: + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: searcher + serviceName: searcher + template: + metadata: + labels: + app: searcher + deploy: sourcegraph + spec: + containers: + - env: + - name: SEARCHER_CACHE_SIZE_MB + value: "25000" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/searcher:6.0.0@sha256:c7508abda2202d4a33400ce23a95dd8d59fe6220d85d7fbee6fb186c55931336 + name: searcher + ports: + - containerPort: 3181 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - emptyDir: {} + name: cache + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30G + storageClassName: standard +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for symbols operations. + kubectl.kubernetes.io/default-container: symbols + labels: + app.kubernetes.io/component: symbols + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: symbols + namespace: default +spec: + replicas: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: symbols + serviceName: symbols + template: + metadata: + labels: + app: symbols + deploy: sourcegraph + spec: + containers: + - env: + - name: SYMBOLS_CACHE_SIZE_MB + value: "12000" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: USE_ROCKSKIP + value: "true" + - name: ROCKSKIP_MIN_REPO_SIZE_MB + value: "1000" + image: index.docker.io/sourcegraph/symbols:6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051 + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: symbols + ports: + - containerPort: 3184 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - emptyDir: {} + name: cache + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 12G + storageClassName: standard +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + description: DaemonSet to ensure all nodes run a node-exporter pod. + seccomp.security.alpha.kubernetes.io/pod: docker/default + labels: + app: node-exporter + app.kubernetes.io/component: node-exporter + deploy: sourcegraph + name: node-exporter + namespace: default +spec: + selector: + matchLabels: + app: node-exporter + template: + metadata: + annotations: + description: Collects and exports machine metrics. + kubectl.kubernetes.io/default-container: node-exporter + labels: + app: node-exporter + deploy: sourcegraph + spec: + affinity: null + automountServiceAccountToken: false + containers: + - args: + - --web.listen-address=:9100 + - --path.sysfs=/host/sys + - --path.rootfs=/host/root + - --path.procfs=/host/proc + - --no-collector.wifi + - --no-collector.hwmon + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) + - --collector.netclass.ignored-devices=^(veth.*)$ + - --collector.netdev.device-exclude=^(veth.*)$ + env: null + image: index.docker.io/sourcegraph/node-exporter:6.0.0@sha256:099c2e4fb8eacdda82d2d4798591808ded7ad3dc5e6ed514535e0b8e7223ed06 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + port: metrics + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: node-exporter + ports: + - containerPort: 9100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + port: metrics + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 65534 + runAsUser: 65534 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/root + mountPropagation: HostToContainer + name: rootfs + readOnly: true + - mountPath: /host/sys + mountPropagation: HostToContainer + name: sys + readOnly: true + - mountPath: /host/proc + mountPropagation: HostToContainer + name: proc + readOnly: true + hostPID: true + nodeSelector: null + securityContext: + fsGroup: 65534 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 30 + tolerations: null + volumes: + - hostPath: + path: / + name: rootfs + - hostPath: + path: /sys + name: sys + - hostPath: + path: /proc + name: proc +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 150m + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: default +spec: + rules: + - http: + paths: + - backend: + service: + name: sourcegraph-frontend + port: + number: 30080 + path: / + pathType: Prefix diff --git a/components/executors/dind/executor.Deployment.yaml b/components/executors/dind/executor.Deployment.yaml index 78e89dc2..5b0d2327 100644 --- a/components/executors/dind/executor.Deployment.yaml +++ b/components/executors/dind/executor.Deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: executor - image: index.docker.io/sourcegraph/executor:5.9.347@sha256:1fd0a18a6ee868f683f7307489c872650f21fb0894a83aef203702ad68d959fc + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/executor:5.9.17785@sha256:baab4c6f41020974968c5152537a3f8b3df994cf062d50ac4632b65e006c42d9 imagePullPolicy: Always livenessProbe: exec: @@ -60,7 +60,7 @@ spec: - mountPath: /scratch name: executor-scratch - name: dind - image: index.docker.io/sourcegraph/dind:5.9.347@sha256:767c8e7b60ab71957a500745155ca0a3c6f5e96083e101c6497526413314d07f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/dind:5.9.17785@sha256:c7106e0e77ec110136da1fd744662efd2c9ba7ea32014f2033a63cf21465a733 imagePullPolicy: Always securityContext: privileged: true diff --git a/components/executors/k8s/executor.Deployment.yaml b/components/executors/k8s/executor.Deployment.yaml index f4814cca..876ad622 100644 --- a/components/executors/k8s/executor.Deployment.yaml +++ b/components/executors/k8s/executor.Deployment.yaml @@ -29,7 +29,7 @@ spec: serviceAccountName: executor containers: - name: executor - image: index.docker.io/sourcegraph/executor-kubernetes:5.9.347@sha256:f393592d65e5058fb265e281ca8acb8e9f2bddc8d91b48d28d78490515505797 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/executor-kubernetes:5.9.17785@sha256:f8fc00cd0ee39515bcc775fc530527018310df396c4d27a0c73ee764a8ebee71 imagePullPolicy: Always livenessProbe: exec: diff --git a/instances/my-sourcegraph/buildConfig.yaml b/instances/my-sourcegraph/buildConfig.yaml new file mode 100644 index 00000000..347370f2 --- /dev/null +++ b/instances/my-sourcegraph/buildConfig.yaml @@ -0,0 +1,35 @@ +################################################################################################ +# [BUILD CONFIGURATIONS] +# Some components read the configuration values in this file during the Kustomize build-process +# +# HOW TO USE: +# Enter the configuration values as instructed by components used in your kustomization.yaml +# Always refer to the component’s documentation or comments before updating +################################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + description: Some components read the configuration values from the "data" field below during the build process. You only need to update this file if you are using components that require specific CONFIG_KEYS. If no components in your overlay require extra configuration, no update is necessary. + labels: + deploy: sourcegraph + name: sourcegraph-kustomize-build-config +data: + # example: + EXAMPLE_CONFIG_KEY: example + #-------- Update config options below ---------# + # AWS_MANAGED_CERT_ARN: __placeholder__ + # GKE_MANAGED_CERT_NAME: __placeholder__ + # HOST_DOMAIN: __placeholder__ + # NEW_REDIS_CACHE_ENDPOINT: __placeholder__ + # NEW_REDIS_STORE_ENDPOINT: __placeholder__ + # PRIVATE_REGISTRY: __placeholder__ + # PRIVATE_REGISTRY_SECRET_KEY: __placeholder__ + # SSD_NODE_PATH: __placeholder__ + # STORAGECLASS_NAME: __placeholder__ + # STORAGECLASS_PROVISIONER: __placeholder__ + # STORAGECLASS_PARAM_TYPE: __placeholder__ + # TLS_HOST: __placeholder__ + # TLS_INGRESS_CLASS_NAME: __placeholder__ + # TLS_CLUSTER_ISSUER: __placeholder__ + # TLS_SECRET_NAME: __placeholder__ diff --git a/instances/my-sourcegraph/kustomization.yaml b/instances/my-sourcegraph/kustomization.yaml new file mode 100644 index 00000000..45d27f41 --- /dev/null +++ b/instances/my-sourcegraph/kustomization.yaml @@ -0,0 +1,302 @@ +########################################################################################## +# DEPLOY INSTRUCTIONS +# +# Build Manifests: kubectl kustomize instances/$CURRENT_DIR -o cluster.yaml +# Review Manifests: less cluster.yaml +# kubectl apply --prune -l deploy=sourcegraph -f cluster.yaml +########################################################################################## +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +########################################################################################## +# [RESOURCES] Resources with default settings +# +# You can add additional resources to the end of this section if needed +########################################################################################## +resources: + # [REQUIRED: BUILD CONFIG] Update this file when using components that have "CONFIG KEYS" + - buildConfig.yaml # -- Update the CONFIG Key values in buildConfig.yaml when instructed + # [REQUIRED: RESOURCES] Resources for the default Sourcegraph instance + - ../../base/sourcegraph # -- Resources for Sourcegraph + - ../../base/monitoring # -- Resources for Sourcegraph Monitoring Stack + # ---------------- Add additional resources below this line if needed ---------------- # + # - +########################################################################################## +# [REQUIRED: NAMESPACE] Add namespace to all resources generated by this overlay +# +# NOTE: Include the 'namespace' component to create namespace with the same name if needed +########################################################################################## +namespace: default +########################################################################################## +# [COMPONENTS] Uncomment the lines for the components you'd like to include +# +# To configure your Sourcegraph deployment, uncomment the components/section +# below following the instructions in our configuration docs. +# +# Components with CONFIG KEYS require additional input in the ./buildConfig.yaml file +# +# Docs: +# https://docs.sourcegraph.com/admin/deploy/kubernetes/kustomize/configure +########################################################################################## +components: + #--------------------------------------------------------------------------------------- + # Namespace Creation + #--------------------------------------------------------------------------------------- + # - ../../components/resources/namespace # -- Create namespace based on NAMESPACE input above + # + #--------------------------------------------------------------------------------------- + # Monitoring Stack + #--------------------------------------------------------------------------------------- + # - ../../components/monitoring/otel # -- Deploy OpenTelemetry Collector + # - ../../components/monitoring/tracing # -- Deploy OpenTelemetry Collector with Jaeger as tracing backend + # - ../../components/monitoring/cadvisor # -- Add resources for cAdvisor (requires privileges) + # - ../../components/remove/daemonset # -- Remove all services with daemonsets: node-exporter & otel + # - ../../components/remove/otel-collector # -- Remove otel-collector and otel-agent + # + #--------------------------------------------------------------------------------------- + # Resource Allocation - Instance size based + #--------------------------------------------------------------------------------------- + # Use size XS resources by default. Include one only. + # Find your instance size on https://docs.sourcegraph.com/admin/deploy/instance-size + - ../../components/sizes/xs # -- Allocate resources for size XS instance + # - ../../components/sizes/s # -- Allocate resources for size S instance + # - ../../components/sizes/m # -- Allocate resources for size M instance + # - ../../components/sizes/l # -- Allocate resources for size L instance + # - ../../components/sizes/xl # -- Allocate resources for size XL instance + # - custom-resources # -- Allocate customized resources --See docs for detailed instructions + # + #--------------------------------------------------------------------------------------- + # Storage class + #--------------------------------------------------------------------------------------- + # - ../../components/storage-class/aws/aws-ebs # -- Create storage class resources for AWS when provisioner = `kubernetes.io/aws-ebs` + # - ../../components/storage-class/aws/ebs-csi # -- Create storage class resources for AWS when provisioner = `ebs.csi.aws.com` + # - ../../components/storage-class/azure # -- Create storage class resources for Azure AKS + # - ../../components/storage-class/gcp # -- Create storage class resources for GCP GKE + # - ../../components/storage-class/cloud # -- Create storage class resources for other cloud provider + # - ../../components/storage-class/trident/ext3 # -- Create storage class resources for Trident, fsType ext3 + # - ../../components/storage-class/trident/ext4 # -- Create storage class resources for Trident, fsType ext4 + # - ../../components/storage-class/trident/xfs # -- Create storage class resources for Trident, fsType xfs + # - ../../components/storage-class/k3s # -- Configure to use the default storage class in a k3s cluster + # - ../../components/storage-class/sourcegraph # -- Update storageClassName for all resources to 'sourcegraph' + # + # - ../../components/storage-class/name-update # -- Update storageClassName to $STORAGECLASS_NAME + # CONFIG KEYS: STORAGECLASS_NAME + # + # - ../../components/storage-class/cloud # -- Create a custom storage class for other cloud providers + # CONFIG KEYS: STORAGECLASS_NAME + # STORAGECLASS_PROVISIONER + # STORAGECLASS_PARAM_TYPE + # + # - ../../components/storage-class/ssd # -- Create resources to use local SSDs - requires RBACs + # CONFIG KEYS: SSD_NODE_PATH + # + #--------------------------------------------------------------------------------------- + # Networking + #--------------------------------------------------------------------------------------- + # - ../../components/remove/default-ingress # -- Remove the default ingress from frontend + # - ../../components/network/nodeport/30080 # -- Use nodeport 30080 for frontend service + # - ../../components/network/loadbalancer # -- Use load balancer type for frontend service + # - ../../components/network/network-policy # -- Add NetworkPolicy + # - ../../components/network/envoy # -- Add EnvoyFilter to resolve known issues caused by service mesh + # - ../../components/ingress/gke # -- Ingress controller settings for GKE with HTTP load balancing enabled + # - ../../components/ingress/alb # -- Ingress controller settings for AWS ALB + # - ../../components/ingress/k3s # -- Ingress controller settings for K3s + # - ../../components/clusters/aws/managed-cert # -- Apply settings to frontend ingress for aws managed cert + # - ../../components/clusters/gke/managed-cert # -- Apply settings to frontend ingress for gke managed cert + # + # - ../../components/ingress/hostname # -- Set hostname/domain for your Sourcegraph ingress + # CONFIG KEYS: HOST_DOMAIN + # + # - ../../components/network/tls # -- Enable TLS with existing certificates + # CONFIG KEYS: TLS_HOST + # TLS_INGRESS_CLASS_NAME + # TLS_CLUSTER_ISSUER + # + # - ../../components/network/tls-secretname # -- Replace TLS secretName with TLS_SECRET_NAME + # CONFIG KEYS: TLS_SECRET_NAME + # + #--------------------------------------------------------------------------------------- + # External Services + # You must add external instances via frontend env vars if you remove the bundled instances + #--------------------------------------------------------------------------------------- + # - ../../components/remove/pgsql/deployment # -- Remove default database deployment for frontend + # - ../../components/remove/pgsql/statefulset # -- Remove default database statefulset for frontend + # - ../../components/remove/codeintel-db/deployment # -- Remove default database deployment for code-intel + # - ../../components/remove/codeintel-db/statefulset # -- Remove default database statefulset for code-intel + # - ../../components/remove/codeinsights-db/deployment # -- Remove default database deployment for code-insights + # - ../../components/remove/codeinsights-db/statefulset # -- Remove default database statefulset for code-insights + # - ../../components/remove/redis # -- Remove embedded redis instance + # + # - ../../components/services/redis # -- Use external redis servers + # CONFIG KEYS: REDIS_CACHE_ENDPOINT + # REDIS_STORE_ENDPOINT + # + #--------------------------------------------------------------------------------------- + # Executors + # See https://docs.sourcegraph.com/admin/executors for information and instructions + #--------------------------------------------------------------------------------------- + # - ../../components/executors/k8s # -- Enable native K8s executors + # - ../../components/executors/dind # -- Enable dind executors + # - ../../components/executors/dind/private-docker-registry # -- Enable private docker registry + # + #--------------------------------------------------------------------------------------- + # Other Configurations + #--------------------------------------------------------------------------------------- + # - ../../components/clusters/k3s # -- Configure instance to run in a k3s cluster (storage class, network, etc) + - ../../components/clusters/minikube # -- Configure instance to run in a minikube cluster (storage class, network, etc) + # - ../../components/enable/rockskip # -- Enable rockskip + # - ../../components/disable/rockskip # -- Disable rockskip + # - ../../components/enable/ssh/non-root # Enable SSH to clon repositories as non-root user (default) + # - ../../components/enable/ssh/root # Enable SSH to clon repositories as root user (when using privileged component) + # - ../../components/remove/pvcs # -- Remove all pvcs resources + # - ../../components/remove/prometheus # -- Remove prometheus + # - ../../components/remove/resources # -- Remove resources (Limits, requests) from all containers + # - ../../components/remove/security-context # -- Remove security context from all resources + # - ../../components/utils/uid # -- Run all Postgres database with valid users on host + - ../../components/utils/multi-version-upgrade # -- Scale down non-database pods to 0 for multi-version upgrade + # - ../../components/utils/migrate-to-nonprivileged # -- Component for migrating from privileged to non-privileged + # + #--------------------------------------------------------------------------------------- + # Resource migration from deploy-sourcegraph + #--------------------------------------------------------------------------------------- + # - ../../components/clusters/old-base # -- Generate old cluster from deploy-sourcegraph + # - old-patches # -- Component to store patches from old deployment. See migration docs for more information + # + #--------------------------------------------------------------------------------------- + # Use private registry + #--------------------------------------------------------------------------------------- + # - ../../components/enable/private-registry # -- Update images name to private registry name + # CONFIG KEYS: PRIVATE_REGISTRY + # + # - ../../components/resources/imagepullsecrets # -- Add imagePullSecrets field to all resources + # CONFIG KEYS: IMAGE_PULL_SECRET_NAME + # + # ------------------------------------------------------------------------ + # Permission Configurations + # IMPORTANT: Keep the components below as the LAST components + # ------------------------------------------------------------------------ + # [DO NOT REMOVE] This component add replica count for some statefulset services as env vars to frontend + # so that when service discovery is disabled, frontend can generate service endpoints based on replica count + - ../../components/utils/endpoints # REQUIRED - DO NOT REMOVE + # + # - ../../components/privileged # -- Run Sourcegraph with privileged and root access + # - ../../components/monitoring/privileged # -- Run monitoring stack with privileged and root access + # + # Recommended for clusters with RBAC enabled. + # - ../../components/enable/service-discovery # -- Enable service-discovery for frontend +# +# +########################################################################################## +# [SECRETS GENERATOR] Turns the contents of the secret files into Kubernetes secrets +# +# Copy and paste all the associated files to the root of this directory +########################################################################################## +# secretGenerator: +# +# # - SSH for Gitserver to clone repositories - +# - name: gitserver-ssh +# files: +# - id_rsa +# - known_hosts +# +# # - TLS - +# - name: sourcegraph-frontend-tls +# behavior: create +# files: +# - tls.crt +# - tls.key +# +# # - Database - +# - name: dbs-secrets +# files: +# - secrets.env +# +# # - Executor - +# - name: executor-secret +# behavior: create +# literals: +# - password=our-shared-secret +# +########################################################################################## +# [CUSTOM RESOURCES] Add files as patches to customize resources +# +# Create a directory `patches` and then copy the required files as +# instructed by the configuration docs to update ConfigMaps and other +# resources using patch files to customize your deployment +# Do not use the built-in replicas field to update replica counts +########################################################################################## +# +# patches: +# #--------------------------------------------------------------------------------------- +# # custom patches +# #--------------------------------------------------------------------------------------- +# - path: patches/frontend-ingress.annotations.yaml +# - path: patches/prometheus.ConfigMap.yaml +# - path: patches/pgsql.ConfigMap.yaml +# - path: patches/otel-collector.ConfigMap.yaml +# - path: patches/custom.NodePort.yaml +# - path: patches/resources.yaml +# - path: patches/executor.ConfigMap.yaml +# +# #--------------------------------------------------------------------------------------- +# # Update env vars for non-frontend services +# #--------------------------------------------------------------------------------------- +# - patch: |- +# - op: add +# path: /spec/template/spec/containers/0/env/- +# value: +# name: SRC_ENABLE_GC_AUTO +# value: "true" +# target: +# name: gitserver +# kind: StatefulSet +# +# - patch: |- +# - op: replace +# path: /spec/template/spec/containers/0/env/0 +# value: +# name: SEARCHER_CACHE_SIZE_MB +# value: "50000" +# target: +# name: searcher +# kind: StatefulSet|Deployment +# +# - patch: |- +# - op: replace +# path: /spec/template/spec/containers/0/env/0 +# value: +# name: SYMBOLS_CACHE_SIZE_MB +# value: "50000" +# target: +# name: symbols +# kind: StatefulSet|Deployment +# +# #--------------------------------------------------------------------------------------- +# # Adjust Storage Sizes +# #--------------------------------------------------------------------------------------- +# - patch: |- +# - op: replace +# path: /spec/resources/requests/storage +# value: 100Gi +# target: +# kind: PersistentVolumeClaim +# name: blobstore|codeinsights-db|codeintel-db|pgsql|prometheus|redis-store|redis-cache|private-docker-registry +# +# - patch: |- +# - op: replace +# path: /spec/volumeClaimTemplates/0/spec/resources/requests/storage +# value: 200Gi +# target: +# kind: StatefulSet +# name: gitserver|indexed-search|searcher|symbols +# +# +########################################################################################## +# [FRONTEND ENV VARS] Handles updating env vars for sourcegraph-frontend +########################################################################################## +# +# configMapGenerator: +# - name: sourcegraph-frontend-env +# behavior: merge +# literals: +# - DEPLOY_TYPE=kustomize # make your edit below this line +#