From 8619a3fabbfb45b3a021f49503768e9f70bb06fe Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Wed, 12 Feb 2025 18:30:37 +0000 Subject: [PATCH] release_patch: v6.0.2687 {"version":"v6.0.2687","inputs":"server=6.0.2687","type":"patch"} --- .../cadvisor/cadvisor.DaemonSet.yaml | 2 +- .../grafana/grafana.StatefulSet.yaml | 2 +- base/monitoring/jaeger/jaeger.Deployment.yaml | 2 +- .../node-exporter.DaemonSet.yaml | 2 +- .../otel-collector/otel-agent.DaemonSet.yaml | 2 +- .../otel-collector.Deployment.yaml | 2 +- .../prometheus/prometheus.Deployment.yaml | 2 +- .../blobstore/blobstore.Deployment.yaml | 2 +- .../codeinsights-db.StatefulSet.yaml | 6 +- .../codeintel-db.StatefulSet.yaml | 6 +- .../sourcegraph-frontend.Deployment.yaml | 4 +- .../gitserver/gitserver.StatefulSet.yaml | 2 +- .../indexed-search.StatefulSet.yaml | 4 +- base/sourcegraph/pgsql/pgsql.StatefulSet.yaml | 6 +- .../precise-code-intel/worker.Deployment.yaml | 2 +- .../redis/redis-cache.Deployment.yaml | 4 +- .../redis/redis-store.Deployment.yaml | 4 +- .../repo-updater/repo-updater.Deployment.yaml | 2 +- .../searcher/searcher.StatefulSet.yaml | 2 +- .../symbols/symbols.StatefulSet.yaml | 2 +- .../syntect-server.Deployment.yaml | 2 +- .../sourcegraph/worker/worker.Deployment.yaml | 2 +- cluster.yaml | 4731 +++++++++++++++++ .../executors/dind/executor.Deployment.yaml | 4 +- .../executors/k8s/executor.Deployment.yaml | 2 +- instances/my-sourcegraph/buildConfig.yaml | 35 + instances/my-sourcegraph/kustomization.yaml | 302 ++ 27 files changed, 5103 insertions(+), 35 deletions(-) create mode 100644 cluster.yaml create mode 100644 instances/my-sourcegraph/buildConfig.yaml create mode 100644 instances/my-sourcegraph/kustomization.yaml diff --git a/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml b/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml index 9fbe439f..27e00dc4 100644 --- a/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml +++ b/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: serviceAccountName: cadvisor containers: - name: cadvisor - image: index.docker.io/sourcegraph/cadvisor:5.11.4013@sha256:efc2b4fe867b27e633f5e638bfda82ed63839efd76b6c03cd56541f907f387fa + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/cadvisor:6.0.2687@sha256:a21a124f9b3366924b578132ddcd66fd505b7e4c00d22141b415a359ee5c6643 args: # Kubernetes-specific flags below (other flags are baked into the Docker image) # diff --git a/base/monitoring/grafana/grafana.StatefulSet.yaml b/base/monitoring/grafana/grafana.StatefulSet.yaml index d09640c6..fe94a5bb 100644 --- a/base/monitoring/grafana/grafana.StatefulSet.yaml +++ b/base/monitoring/grafana/grafana.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: grafana - image: index.docker.io/sourcegraph/grafana:5.11.4013@sha256:fc3cad4d59db3c92c57899f0c2afc93d0846f739c2af6dea58ef2a52e2ebe240 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/grafana:6.0.2687@sha256:948d4ad577dca492deec4d292632ddc217e089be148828609725954128e0d9f5 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3370 diff --git a/base/monitoring/jaeger/jaeger.Deployment.yaml b/base/monitoring/jaeger/jaeger.Deployment.yaml index 2cd24675..9b890e60 100644 --- a/base/monitoring/jaeger/jaeger.Deployment.yaml +++ b/base/monitoring/jaeger/jaeger.Deployment.yaml @@ -30,7 +30,7 @@ spec: spec: containers: - name: jaeger - image: index.docker.io/sourcegraph/jaeger-all-in-one:5.11.4013@sha256:6eeaa0d18df812dfd4197c96fa675b98d07b5ef3022e7ba5b4da73e6a4e09f2b + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/jaeger-all-in-one:6.0.2687@sha256:0ff23bbfcf3ae917a0a9ec4f789f8dfe18c22df5672f10543d7302aef7f53d6a args: ["--memory.max-traces=20000", "--sampling.strategies-file=/etc/jaeger/sampling_strategies.json", "--collector.otlp.enabled"] ports: - containerPort: 5775 diff --git a/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml b/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml index acdec719..7caf73f5 100644 --- a/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml +++ b/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: node-exporter - image: index.docker.io/sourcegraph/node-exporter:5.11.4013@sha256:84e29f0aa25078d07daf631950a6b4d0bf64484d80f1ae88a3582f6d2a6ac680 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/node-exporter:6.0.2687@sha256:c1479894f5f29fc9915d0d5eb17766b1092a9bcdd1e9ba8b499d706b02b83857 imagePullPolicy: IfNotPresent resources: limits: diff --git a/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml b/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml index 95f24aed..f150b757 100644 --- a/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml +++ b/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-agent - image: index.docker.io/sourcegraph/opentelemetry-collector:5.11.4013@sha256:05cf6fbaea888d91d87a8c2edd257fc9903630072671f4b677df11af185c8302 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:6.0.2687@sha256:2a7168b8aca2e7003d8f872e7743265fc50790b3aa1135d3ff08cc4273fa294c command: - "/bin/otelcol-sourcegraph" - "--config=/etc/otel-agent/config.yaml" diff --git a/base/monitoring/otel-collector/otel-collector.Deployment.yaml b/base/monitoring/otel-collector/otel-collector.Deployment.yaml index d10f20e6..f6626bba 100644 --- a/base/monitoring/otel-collector/otel-collector.Deployment.yaml +++ b/base/monitoring/otel-collector/otel-collector.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-collector - image: index.docker.io/sourcegraph/opentelemetry-collector:5.11.4013@sha256:05cf6fbaea888d91d87a8c2edd257fc9903630072671f4b677df11af185c8302 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:6.0.2687@sha256:2a7168b8aca2e7003d8f872e7743265fc50790b3aa1135d3ff08cc4273fa294c command: - "/bin/otelcol-sourcegraph" # To use a custom configuration, edit otel-collector.ConfigMap.yaml diff --git a/base/monitoring/prometheus/prometheus.Deployment.yaml b/base/monitoring/prometheus/prometheus.Deployment.yaml index b3fd7232..3b5653bc 100644 --- a/base/monitoring/prometheus/prometheus.Deployment.yaml +++ b/base/monitoring/prometheus/prometheus.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: prometheus - image: index.docker.io/sourcegraph/prometheus:5.11.4013@sha256:e08e33354c46c03bdebb7c001213ee7c4c99f2bc51a8f7d3e603f0f382bf45e8 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/prometheus:6.0.2687@sha256:dd7dccad7ded30ab199c38aef0f761658dd2998b54cb65c764a653b357cd6644 terminationMessagePolicy: FallbackToLogsOnError env: - name: SG_NAMESPACE diff --git a/base/sourcegraph/blobstore/blobstore.Deployment.yaml b/base/sourcegraph/blobstore/blobstore.Deployment.yaml index 8e4096b4..c1f0b309 100644 --- a/base/sourcegraph/blobstore/blobstore.Deployment.yaml +++ b/base/sourcegraph/blobstore/blobstore.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: blobstore - image: index.docker.io/sourcegraph/blobstore:5.11.4013@sha256:5027f2b2982101687c6b0767bed4e59d9a71c4b83f434d494860e76998359d5b + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/blobstore:6.0.2687@sha256:6d244efa19d0b106aa9e804128b62ecfb5758fc26a3c34c834cce56f0d53b0d9 livenessProbe: httpGet: path: / diff --git a/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml b/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml index 3480922d..9b09513c 100644 --- a/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml +++ b/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:5.11.4013@sha256:7dfdde795861878a0e9580a79619a5f560521afbce9085b88e47ee292a4029d5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:6.0.2687@sha256:f276631b5dcd61f57ec8da723b316c1c730fc667064b584e647601e816fe9679 command: ["sh", "-c", "if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; fi"] volumeMounts: - mountPath: /var/lib/postgresql/data/ @@ -45,7 +45,7 @@ spec: runAsUser: 70 containers: - name: codeinsights - image: index.docker.io/sourcegraph/postgresql-16-codeinsights:5.11.4013@sha256:fae0e171a4a9cc7c183f50c01d2a0087b15ded2f96fcd2358369fb9f186b9728 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgresql-16-codeinsights:6.0.2687@sha256:e354060521e22f383754afe5638980a36e83ef04648f64ade33d5fb8a2bf3473 env: - name: POSTGRES_DB value: postgres @@ -82,7 +82,7 @@ spec: value: postgres://postgres:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_insights_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.11.4013@sha256:c5e20d5083ee827a05f48bf4faa303f696bcc3a6b8eb10f05fc7272bc8e56c22 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:6.0.2687@sha256:97800ae975ffa191f1d2ecfdde58ea465afe29b3ab45653fa672f1bb3007fa3f terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml b/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml index 4616c128..9bcfac1d 100644 --- a/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml +++ b/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:5.11.4013@sha256:7dfdde795861878a0e9580a79619a5f560521afbce9085b88e47ee292a4029d5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:6.0.2687@sha256:f276631b5dcd61f57ec8da723b316c1c730fc667064b584e647601e816fe9679 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -45,7 +45,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/postgresql-16:5.11.4013@sha256:c12f7b65e46152aee6462f9e3b5613d0c0d5af6f3ea01210c371d0c05cbbac9f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgresql-16:6.0.2687@sha256:f7f30c39af9d461d3d3225da2c2801dc79888d9a0c1020aee8590630661fa4a6 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -87,7 +87,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_intel_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.11.4013@sha256:c5e20d5083ee827a05f48bf4faa303f696bcc3a6b8eb10f05fc7272bc8e56c22 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:6.0.2687@sha256:97800ae975ffa191f1d2ecfdde58ea465afe29b3ab45653fa672f1bb3007fa3f terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml b/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml index 7c493316..28fa0ec4 100644 --- a/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml +++ b/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: initContainers: - name: migrator - image: index.docker.io/sourcegraph/migrator:5.11.4013@sha256:6df430235b5589d0af3b86aab82205897c9422045c4c63bb3698553c624f8bf9 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/migrator:6.0.2687@sha256:0b7fea4138f5372970c6735947250025977f25b06044c531f5ee81c38f388383 args: ["up"] resources: limits: @@ -48,7 +48,7 @@ spec: name: sourcegraph-frontend-env containers: - name: frontend - image: index.docker.io/sourcegraph/frontend:5.11.4013@sha256:982bd32f943cab3eba6cc0adb5d8ad5abd29680c1bdb2fe32dcaff5cbc8c318f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/frontend:6.0.2687@sha256:22dea605734d106c984f0ba31badf6df54cbe34691eb130337321a36ffe9dd65 args: - serve envFrom: diff --git a/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml b/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml index e0371991..824cf546 100644 --- a/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml +++ b/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml @@ -35,7 +35,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/gitserver:5.11.4013@sha256:8154d44d9b845081fecb7581d6b03038d81d57544446924244429d7931dfae32 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/gitserver:6.0.2687@sha256:57daf7cae7a73d5ea23606d5e07d893df31f2b7336f45d17a75fe052b7cf8fe6 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 5 diff --git a/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml b/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml index 030576e4..e131a20d 100644 --- a/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml +++ b/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml @@ -33,7 +33,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/indexed-searcher:5.11.4013@sha256:26afc9b0f58aacb433cbb2cb584ad37da6ff96d9d1edab59dc9445715523d9b3 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/indexed-searcher:6.0.2687@sha256:4fd79f733ddc0ca5b919cd6686122efda0fccdcae671a0fcf111955f858aee29 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6070 @@ -72,7 +72,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/search-indexer:5.11.4013@sha256:f9a6bb1f8116fb1f0c422842950abdfb7184ecde0d41cf8c22a9f61336072099 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/search-indexer:6.0.2687@sha256:99af681d24793a3e58a2b95a2763cb26d7665d89adcf5531971ab77a26601850 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6072 diff --git a/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml b/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml index f2d181a1..928b6558 100644 --- a/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml +++ b/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:5.11.4013@sha256:7dfdde795861878a0e9580a79619a5f560521afbce9085b88e47ee292a4029d5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:6.0.2687@sha256:f276631b5dcd61f57ec8da723b316c1c730fc667064b584e647601e816fe9679 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -46,7 +46,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/postgresql-16:5.11.4013@sha256:c12f7b65e46152aee6462f9e3b5613d0c0d5af6f3ea01210c371d0c05cbbac9f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgresql-16:6.0.2687@sha256:f7f30c39af9d461d3d3225da2c2801dc79888d9a0c1020aee8590630661fa4a6 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -90,7 +90,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.11.4013@sha256:c5e20d5083ee827a05f48bf4faa303f696bcc3a6b8eb10f05fc7272bc8e56c22 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:6.0.2687@sha256:97800ae975ffa191f1d2ecfdde58ea465afe29b3ab45653fa672f1bb3007fa3f terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: diff --git a/base/sourcegraph/precise-code-intel/worker.Deployment.yaml b/base/sourcegraph/precise-code-intel/worker.Deployment.yaml index 6cf8e66b..c5a7bbf5 100644 --- a/base/sourcegraph/precise-code-intel/worker.Deployment.yaml +++ b/base/sourcegraph/precise-code-intel/worker.Deployment.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:5.11.4013@sha256:a33c2966a4d5c1343cbe780b9483236594157be56aa66fd08174b6ef2c0623f2 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/precise-code-intel-worker:6.0.2687@sha256:e987894d81911e5ecd75ce6bddd9d25b356badcdaa621d4f16129d9aa535a154 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/sourcegraph/redis/redis-cache.Deployment.yaml b/base/sourcegraph/redis/redis-cache.Deployment.yaml index e05d4c87..34568f41 100644 --- a/base/sourcegraph/redis/redis-cache.Deployment.yaml +++ b/base/sourcegraph/redis/redis-cache.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: redis-cache - image: index.docker.io/sourcegraph/redis-cache:5.11.4013@sha256:a1811bb363ec880c3fd1211de857b82f1628376e0ba26bb481a7cbb2ed67a901 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-cache:6.0.2687@sha256:724d7ffb2f09a30998cafb38322b94b78d9802df066306fc26c1320830f9e6ea terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -70,7 +70,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:5.11.4013@sha256:5b1b57ca2e8e6732e36e927cb9fa17766a82f7ab83ef0e74c0f1ff69b70f520a + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:6.0.2687@sha256:ba52bed25e8c7fe03769b6aa0790e636b62f41c7f0ecba62f7275ecb618d8b40 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/sourcegraph/redis/redis-store.Deployment.yaml b/base/sourcegraph/redis/redis-store.Deployment.yaml index 191254ec..8a9051a3 100644 --- a/base/sourcegraph/redis/redis-store.Deployment.yaml +++ b/base/sourcegraph/redis/redis-store.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: redis-store - image: index.docker.io/sourcegraph/redis-store:5.11.4013@sha256:ac0ba847ca491d52e9737c0604b6bbc8396e057465afbd1095eca943760192d2 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-store:6.0.2687@sha256:77efb74f9f47c4e1c634dd63df916e255a1c47abbc7e417e677302bef7f156e8 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -69,7 +69,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:5.11.4013@sha256:5b1b57ca2e8e6732e36e927cb9fa17766a82f7ab83ef0e74c0f1ff69b70f520a + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:6.0.2687@sha256:ba52bed25e8c7fe03769b6aa0790e636b62f41c7f0ecba62f7275ecb618d8b40 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml b/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml index b74356b6..38a9556c 100644 --- a/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml +++ b/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: repo-updater - image: index.docker.io/sourcegraph/repo-updater:5.11.4013@sha256:aeece36e8693cbb3772c7649b6ae820971ccd70d0cb6f14125d879fd3464fa5b + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/repo-updater:6.0.2687@sha256:7d8e4e21e4498ee876d670d601d50192c95d0238184bb55845eb0e15b153e439 env: # OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable - name: OTEL_AGENT_HOST diff --git a/base/sourcegraph/searcher/searcher.StatefulSet.yaml b/base/sourcegraph/searcher/searcher.StatefulSet.yaml index 24826d1a..a2235860 100644 --- a/base/sourcegraph/searcher/searcher.StatefulSet.yaml +++ b/base/sourcegraph/searcher/searcher.StatefulSet.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/searcher:5.11.4013@sha256:57409a7f05eafacec0ac0d8f1502de531cc10ca688d5f25de10f4f18fd42f9c2 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/searcher:6.0.2687@sha256:fd9b7d37222bc8cc4ebd21d2eefb45e2e03c2e054282754a6d2b0abd36ab06ae terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3181 diff --git a/base/sourcegraph/symbols/symbols.StatefulSet.yaml b/base/sourcegraph/symbols/symbols.StatefulSet.yaml index 8f571fe5..b294b7fc 100644 --- a/base/sourcegraph/symbols/symbols.StatefulSet.yaml +++ b/base/sourcegraph/symbols/symbols.StatefulSet.yaml @@ -43,7 +43,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:5.11.4013@sha256:2747e155ca2200c6fd153217133574d03dfd5e810c75c00fd988bb64263d4183 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/symbols:6.0.2687@sha256:7b0623a7f37de3fc06079c2d83d7a1fee4436edf37cf8586c1b942fd67b40b6d livenessProbe: httpGet: path: /healthz diff --git a/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml b/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml index b64d5914..041278ba 100644 --- a/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml +++ b/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml @@ -32,7 +32,7 @@ spec: allowPrivilegeEscalation: false runAsGroup: 101 runAsUser: 100 - image: index.docker.io/sourcegraph/syntax-highlighter:5.11.4013@sha256:abafd0499c35e885aff06898ca946c1d1cb6a467183fc49f71339f8acb916845 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/syntax-highlighter:6.0.2687@sha256:555670a263fd2f109947d2b9dae8a5a8a05535ecd14a700505ca23ccad7fcddd terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/sourcegraph/worker/worker.Deployment.yaml b/base/sourcegraph/worker/worker.Deployment.yaml index 89ca09a2..50352cc0 100644 --- a/base/sourcegraph/worker/worker.Deployment.yaml +++ b/base/sourcegraph/worker/worker.Deployment.yaml @@ -48,7 +48,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/worker:5.11.4013@sha256:b29453a9096842dd50ec95ef0378d579371b2e8a1a97da8868753e3bdbf09291 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/worker:6.0.2687@sha256:0fa07a895653e1d62490c46b58c2386a11dbb539d0629b78150c2958a1ba1b0d terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/cluster.yaml b/cluster.yaml new file mode 100644 index 00000000..c9684cfb --- /dev/null +++ b/cluster.yaml @@ -0,0 +1,4731 @@ +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 20 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP settings - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_min_protocol_version = 'TLSv1' + #ssl_max_protocol_version = '' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 509546kB # min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 3184kB # min 64kB + maintenance_work_mem = 254773kB # min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + #shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + + # - Disk - + + #temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + #bgwriter_delay = 200ms # 10-10000ms between rounds + #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 19 # (change requires restart) + #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers + max_parallel_workers_per_gather = 4 # taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + #wal_init_zero = on # zero-fill new WAL files + #wal_recycle = on # recycle WAL files + wal_buffers = 15285kB # min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 1GB + min_wal_size = 512MB + checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + # - Archive Recovery - + + # These are only used in recovery mode. + + #restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) + #archive_cleanup_command = '' # command to execute at every restartpoint + #recovery_end_command = '' # command to execute at completion of recovery + + # - Recovery Target - + + # Set these only when performing a targeted recovery. + + #recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) + #recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) + #recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) + #recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) + #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) + #recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) + #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) + #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #primary_conninfo = '' # connection string to sending server + # (change requires restart) + #primary_slot_name = '' # replication slot on sending server + # (change requires restart) + #promote_trigger_file = '' # file name whose presence ends recovery + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 1492MB + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + default_statistics_target = 500 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = on # allow JIT compilation + #plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + #log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + autovacuum_max_workers = 10 # max number of autovacuum subprocesses + # (change requires restart) + autovacuum_naptime = 10 # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #default_table_access_method = 'heap' + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. Note that these are directives, not variable + # assignments, so they can usefully be given more than once. + + #include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '...' # include file only if it exists + #include = '...' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for CodeInsightsDB + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db-conf + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # SOURCEGRAPH CUSTOMIZATIONS CONTAIN "# SG CUSTOM" in the comment + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 100 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP Keepalives - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 1GB # SG CUSTOM min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 5MB # SG CUSTOM min 64kB + maintenance_work_mem = 250MB # SG CUSTOM min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + + # - Disk - + + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds + bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables + + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 4 # SG CUSTOM (change requires restart) + max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers + max_parallel_workers_per_gather = 2 # SG CUSTOM taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 4 # SG CUSTOM maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + wal_buffers = 16MB # SG CUSTOM min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 8GB # SG CUSTOM + min_wal_size = 2GB # SG CUSTOM + #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # SG CUSTOM same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 3GB # SG CUSTOM + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + #default_statistics_target = 100 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = off # allow JIT compilation + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'Etc/UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + #autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) + #autovacuum_naptime = 1min # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'Etc/UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 0 # min -15, max 3 + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + #shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + #max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #default_with_oids = off + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. + + #include_dir = '' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '' # include file only if it exists + #include = '' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for PostgreSQL + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db-conf + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + datasources.yml: | + apiVersion: 1 + + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus:30090 + isDefault: true + editable: false +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # SOURCEGRAPH CUSTOMIZATIONS CONTAIN "# SG CUSTOM" in the comment + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 100 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP Keepalives - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 1GB # SG CUSTOM min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 5MB # SG CUSTOM min 64kB + maintenance_work_mem = 250MB # SG CUSTOM min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + + # - Disk - + + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds + bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables + + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 4 # SG CUSTOM (change requires restart) + max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers + max_parallel_workers_per_gather = 2 # SG CUSTOM taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 4 # SG CUSTOM maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + wal_buffers = 16MB # SG CUSTOM min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 8GB # SG CUSTOM + min_wal_size = 2GB # SG CUSTOM + #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # SG CUSTOM same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 3GB # SG CUSTOM + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + #default_statistics_target = 100 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = off # allow JIT compilation + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'Etc/UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + #autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) + #autovacuum_naptime = 1min # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'Etc/UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 0 # min -15, max 3 + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + #shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + #max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #default_with_oids = off + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. + + #include_dir = '' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '' # include file only if it exists + #include = '' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for PostgreSQL + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql-conf + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + extra_rules.yml: "" + prometheus.yml: | + global: # Prometheus global config + # scrape_timeout is set to the global default (10s) + scrape_interval: 30s # How frequently to scrape targets by default + evaluation_interval: 30s # How frequently to evaluate rules + alerting: # Alertmanager configuration + alertmanagers: + # bundled alertmanager, started by prom-wrapper + - static_configs: + - targets: ["127.0.0.1:9093"] + path_prefix: /alertmanager + # add more alertmanagers here + rule_files: # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. + - "/sg_config_prometheus/*_rules.yml" + - "/sg_prometheus_add_ons/*_rules.yml" + scrape_configs: # Configure targets to scrape + # Scrape prometheus itself for metrics. + - job_name: "builtin-prometheus" + static_configs: + - targets: ["127.0.0.1:9092"] + # Scrape Alertmanager + - job_name: "builtin-alertmanager" + metrics_path: /alertmanager/metrics + static_configs: + - targets: ["127.0.0.1:9093"] + #------------------------------------------------------------------------------ + # cAdvisor + #------------------------------------------------------------------------------ + - job_name: "kubernetes-pods" + dns_sd_configs: + - names: + - "cadvisor.default.svc.cluster.local" + - "cadvisor.ns-sourcegraph.svc.cluster.local" + type: A + port: 48080 + relabel_configs: + - source_labels: [__address__] + target_label: instance + regex: (.*)\.(.*) + replacement: cadvisor_${2} + - source_labels: [container_label_io_kubernetes_pod_name] + target_label: name + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] + regex: (.+) + action: replace + target_label: name + separator: "-" + #------------------------------------------------------------------------------ + # Sourcegraph Service Discovery with DNS-SRV records + # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + #------------------------------------------------------------------------------ + - job_name: "sourcegraph-statefulsets" + dns_sd_configs: + - names: + - "symbols.default.svc.cluster.local" + - "symbols.ns-sourcegraph.svc.cluster.local" + - "symbols.$SG_NAMESPACE.svc.cluster.local" + - "searcher.default.svc.cluster.local" + - "searcher.ns-sourcegraph.svc.cluster.local" + - "searcher.$SG_NAMESPACE.svc.cluster.local" + - "gitserver.default.svc.cluster.local" + - "gitserver.ns-sourcegraph.svc.cluster.local" + - "gitserver.$SG_NAMESPACE.svc.cluster.local" + - "sourcegraph-frontend.default.svc.cluster.local" + - "sourcegraph-frontend.ns-sourcegraph.svc.cluster.local" + - "sourcegraph-frontend.$SG_NAMESPACE.svc.cluster.local" + - "indexed-search.default.svc.cluster.local" + - "indexed-search.ns-sourcegraph.svc.cluster.local" + - "indexed-search.$SG_NAMESPACE.svc.cluster.local" + - "indexed-search-indexer.default.svc.cluster.local" + - "indexed-search-indexer.ns-sourcegraph.svc.cluster.local" + - "indexed-search-indexer.$SG_NAMESPACE.svc.cluster.local" + type: SRV + relabel_configs: + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: (.*)\. + replacement: ${1}:6060 + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: ^(indexed-search.*)\. + replacement: ${1}:6070 + - source_labels: [__meta_dns_srv_record_target] + target_label: __address__ + regex: (.*)\.(indexed-search-indexer.*)\. + replacement: ${1}.${2}:6072 + - source_labels: [__meta_dns_srv_record_port] + target_label: __meta_dns_srv_record_port + replacement: "6060" + - source_labels: [__address__] + regex: ^(indexed-search).*$ + target_label: __meta_dns_srv_record_port + replacement: "6070" + - source_labels: [__meta_dns_name] + target_label: job + regex: (.*)\..*\..*\..*\..* + replacement: ${1} + - source_labels: [__meta_dns_srv_record_target] + regex: (.*)\.(.*)\..*\..*\..*\..*\..* + target_label: instance + replacement: ${2}_${1} + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + - source_labels: [__address__] + target_label: instance + regex: (.*)\:.* + replacement: $1:6060 + - source_labels: [__address__] + target_label: instance + regex: (.*)\.(.*)\..*\..*\..*\..*\..* + replacement: ${2}_${1} + - source_labels: [container_label_io_kubernetes_pod_namespace] + target_label: ns + action: replace + #------------------------------------------------------------------------------ + # Sourcegraph Service Discovery with statics targets + #------------------------------------------------------------------------------ + - job_name: "sourcegraph-services" + relabel_configs: + - source_labels: [__address__] + target_label: instance + regex: (.*)\:(.*) + replacement: ${1} + - source_labels: [__address__] + target_label: job + regex: (.*)\:(.*) + replacement: ${1} + - source_labels: [container_label_io_kubernetes_pod_namespace] + action: replace + target_label: ns + - source_labels: [pod] + action: replace + target_label: pod + metric_relabel_configs: + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: kube-system + action: drop + static_configs: + - labels: + group: sourcegraph-service + targets: + - sourcegraph-frontend:6060 + - repo-updater:6060 + - worker:6060 + - worker-executors:6996 + - syntect-server:6060 + - precise-code-intel-worker:6060 + - pgsql:9187 + - codeintel-db:9187 + - codeinsights-db:9187 + - redis-cache:9121 + - redis-store:9121 + - node-exporter:9100 + - otel-collector:8888 + - cadvisor:48080 + - executor:6060 + prometheus_targets.yml: "" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + CODEINSIGHTS_PGDATASOURCE: postgres://postgres:password@codeinsights-db:5432/postgres + CODEINTEL_PGDATABASE: sg + CODEINTEL_PGHOST: codeintel-db + CODEINTEL_PGPORT: "5432" + CODEINTEL_PGSSLMODE: disable + CODEINTEL_PGUSER: sg + DEPLOY_TYPE: kustomize + GRAFANA_SERVER_URL: http://grafana:30070 + INDEXED_SEARCH_SERVERS: "1" + PGDATABASE: sg + PGHOST: pgsql + PGPORT: "5432" + PGSSLMODE: disable + PGUSER: sg + PROMETHEUS_URL: http://prometheus:30090 + SEARCHER_URL: "1" + SRC_GIT_SERVERS: "1" + SYMBOLS_URL: "1" +kind: ConfigMap +metadata: + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend-env + namespace: ns-sourcegraph +--- +apiVersion: v1 +data: + EXAMPLE_CONFIG_KEY: example +kind: ConfigMap +metadata: + annotations: + description: Some components read the configuration values from the "data" field + below during the build process. You only need to update this file if you are + using components that require specific CONFIG_KEYS. If no components in your + overlay require extra configuration, no update is necessary. + labels: + deploy: sourcegraph + name: sourcegraph-kustomize-build-config + namespace: ns-sourcegraph +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: blobstore + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: ns-sourcegraph +spec: + ports: + - name: blobstore + port: 9000 + targetPort: blobstore + selector: + app: blobstore + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: codeinsights-db + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: ns-sourcegraph +spec: + ports: + - name: codeinsights-db + port: 5432 + targetPort: codeinsights-db + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: codeinsights-db + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: codeintel-db + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: ns-sourcegraph +spec: + ports: + - name: pgsql + port: 5432 + targetPort: pgsql + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: codeintel-db + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + gitserver stateful set. + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: gitserver + app.kubernetes.io/component: gitserver + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + type: gitserver + name: gitserver + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - name: unused + port: 10811 + targetPort: 10811 + selector: + app: gitserver + type: gitserver + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: grafana + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 30070 + targetPort: http + selector: + app: grafana + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + indexed-search stateful set. + prometheus.io/port: "6070" + sourcegraph.prometheus/scrape: "true" + labels: + app: indexed-search + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - port: 6070 + targetPort: 6070 + selector: + app: indexed-search + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + indexed-search stateful set. + prometheus.io/port: "6072" + sourcegraph.prometheus/scrape: "true" + labels: + app: indexed-search-indexer + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search-indexer + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - port: 6072 + targetPort: 6072 + selector: + app: indexed-search + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Prometheus exporter for hardware and OS metrics. + prometheus.io/port: "9100" + sourcegraph.prometheus/scrape: "true" + url: https://github.com/prometheus/node_exporter + labels: + app: node-exporter + app.kubernetes.io/component: node-exporter + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: node-exporter + namespace: ns-sourcegraph +spec: + ports: + - name: metrics + port: 9100 + targetPort: metrics + selector: + app: node-exporter + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: pgsql + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: ns-sourcegraph +spec: + ports: + - name: pgsql + port: 5432 + targetPort: pgsql + - name: pgsql-exporter + port: 9187 + targetPort: pgsql-exporter + selector: + app: pgsql + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: precise-code-intel-worker + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 3188 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: precise-code-intel-worker + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: prometheus + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 30090 + targetPort: http + selector: + app: prometheus + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + labels: + app: redis-cache + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: ns-sourcegraph +spec: + ports: + - name: redis + port: 6379 + targetPort: redis + - name: redisexp + port: 9121 + targetPort: redisexp + selector: + app: redis-cache + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + labels: + app: redis-store + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: ns-sourcegraph +spec: + ports: + - name: redis + port: 6379 + targetPort: redis + - name: redisexp + port: 9121 + targetPort: redisexp + selector: + app: redis-store + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: repo-updater + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 3182 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: repo-updater + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: searcher + app.kubernetes.io/component: searcher + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: searcher + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - name: http + port: 3181 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: searcher + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 30080 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: sourcegraph-frontend + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend-internal + namespace: ns-sourcegraph +spec: + ports: + - name: http-internal + port: 80 + targetPort: http-internal + selector: + app: sourcegraph-frontend + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: symbols + app.kubernetes.io/component: symbols + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: symbols + namespace: ns-sourcegraph +spec: + clusterIP: None + ports: + - name: http + port: 3184 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: symbols + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: syntect-server + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntect-server + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 9238 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: syntect-server + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: worker + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker + namespace: ns-sourcegraph +spec: + ports: + - name: http + port: 3189 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: worker + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6996" + sourcegraph.prometheus/scrape: "true" + labels: + app: worker + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker-executors + namespace: ns-sourcegraph +spec: + ports: + - name: prom + port: 6996 + targetPort: prom + selector: + app: worker + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: ns-sourcegraph +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: generic S3-like blobstore for storing LSIF uploads. + kubectl.kubernetes.io/default-container: blobstore + labels: + app.kubernetes.io/component: blobstore + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: blobstore + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: blobstore + strategy: + type: Recreate + template: + metadata: + labels: + app: blobstore + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/blobstore:5.8.0@sha256:d0fe27963d618f527ab4fcc2768e27fc114478b82206c394228db48619c34b5c + livenessProbe: + httpGet: + path: / + port: blobstore + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: blobstore + ports: + - containerPort: 9000 + name: blobstore + readinessProbe: + httpGet: + path: / + port: blobstore + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: blobstore-data + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: blobstore-data + persistentVolumeClaim: + claimName: blobstore +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Handles conversion of uploaded precise code intelligence bundles. + labels: + app.kubernetes.io/component: precise-code-intel + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: precise-code-intel-worker + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: precise-code-intel-worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: precise-code-intel-worker + deploy: sourcegraph + spec: + containers: + - env: + - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND + value: blobstore + - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT + value: http://blobstore:9000 + - name: NUM_WORKERS + value: "4" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/precise-code-intel-worker:5.8.0@sha256:2dacbd7f0f23b9991210357de110082c40c129e4ff3ac26f089abaefaeeacf39 + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Collects metrics and aggregates them into graphs. + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: prometheus + strategy: + type: Recreate + template: + metadata: + labels: + app: prometheus + deploy: sourcegraph + spec: + containers: + - env: + - name: SG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: index.docker.io/sourcegraph/prometheus:5.8.0@sha256:651650ec60c79dbe93be6db46466a6cbe2f3d8397af30895bacd2c285253b11f + name: prometheus + ports: + - containerPort: 9090 + name: http + readinessProbe: + failureThreshold: 120 + httpGet: + path: /-/ready + port: 9090 + periodSeconds: 5 + timeoutSeconds: 3 + resources: + limits: + cpu: "2" + memory: 6G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 100 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /prometheus + name: data + - mountPath: /sg_prometheus_add_ons + name: config + securityContext: + fsGroup: 100 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + terminationGracePeriodSeconds: 120 + volumes: + - name: data + persistentVolumeClaim: + claimName: prometheus + - configMap: + defaultMode: 511 + name: prometheus + name: config +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Redis for storing short-lived caches. + kubectl.kubernetes.io/default-container: redis-cache + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: redis-cache + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-cache + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/redis-cache:5.8.0@sha256:677ba0d1264f23dc20879e256e4c6c4004bbbfa35f0bb628fb98923b9025df26 + livenessProbe: + initialDelaySeconds: 30 + tcpSocket: + port: redis + name: redis-cache + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + #!/bin/bash + PASS_CHECK=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + if [ ! -z "$PASS_CHECK" ]; then + export REDISCLI_AUTH="$PASS_CHECK" + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 3Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:5.8.0@sha256:2954dcfb5e227ee6ff051c084ef8375422f2885d1c8da10a360ae272f7a5c86a + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-cache +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Redis for storing semi-persistent data like user sessions. + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: redis-store + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-store + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/redis-store:5.8.0@sha256:4d06523d3e2079ebb393147f087295cb5b4013e2d9a4fd7b72f98425ad74ff19 + livenessProbe: + initialDelaySeconds: 30 + tcpSocket: + port: redis + name: redis-store + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - /bin/sh + - -c + - | + #!/bin/bash + PASS_CHECK=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + if [ ! -z "$PASS_CHECK" ]; then + export REDISCLI_AUTH="$PASS_CHECK" + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 3Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:5.8.0@sha256:2954dcfb5e227ee6ff051c084ef8375422f2885d1c8da10a360ae272f7a5c86a + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-store +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Handles repository metadata (not Git data) lookups and updates from + external code hosts and other similar services. + kubectl.kubernetes.io/default-container: repo-updater + labels: + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: repo-updater + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: repo-updater + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: repo-updater + deploy: sourcegraph + spec: + containers: + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/repo-updater:5.8.0@sha256:4167c6198c1120c5e4f8aa062c01d4f2aba4f606d0fb4879743230c339928782 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Serves the frontend of Sourcegraph via HTTP(S). + kubectl.kubernetes.io/default-container: frontend + labels: + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: sourcegraph-frontend + strategy: + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: sourcegraph-frontend + deploy: sourcegraph + spec: + containers: + - args: + - serve + env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + envFrom: + - configMapRef: + name: sourcegraph-frontend-env + image: index.docker.io/sourcegraph/frontend:5.8.0@sha256:3b78eb53d0f614dd62b82f7178394a1b8c19cd583e166129d29a68f282ef279f + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 300 + timeoutSeconds: 5 + name: frontend + ports: + - containerPort: 3080 + name: http + - containerPort: 3090 + name: http-internal + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "4" + ephemeral-storage: 8Gi + memory: 8G + requests: + cpu: 100m + ephemeral-storage: 4Gi + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - args: + - up + envFrom: + - configMapRef: + name: sourcegraph-frontend-env + image: index.docker.io/sourcegraph/migrator:5.8.0@sha256:7a93083744fe9a8ab4b83dd7a6c8a2b815339bae1aff0417c757d799139b463c + name: migrator + resources: + limits: + cpu: 500m + memory: 100M + requests: + cpu: 100m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Backend for syntax highlighting operations. + labels: + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntect-server + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: syntect-server + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: syntect-server + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/syntax-highlighter:5.8.0@sha256:4fbdb6bea5462a5ef0339bbc9033eedc3d15499674028982808f3e95d18a4fbf + livenessProbe: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: syntect-server + ports: + - containerPort: 9238 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + tcpSocket: + port: http + resources: + limits: + cpu: "4" + memory: 6G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Manages background processes. + labels: + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker + namespace: ns-sourcegraph +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: worker + deploy: sourcegraph + spec: + containers: + - env: + - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND + value: blobstore + - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT + value: http://blobstore:9000 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/worker:5.8.0@sha256:15409f0ea5aebc4eb291d96a74b4b1049a289890e62076c65879fe2ad393a9d8 + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: worker + ports: + - containerPort: 3189 + name: http + - containerPort: 6060 + name: debug + - containerPort: 6996 + name: prom + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Code Insights Postgres DB instance. + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: codeinsights-db + serviceName: codeinsights-db + template: + metadata: + labels: + app: codeinsights-db + deploy: sourcegraph + group: backend + spec: + containers: + - env: + - name: POSTGRES_DB + value: postgres + - name: POSTGRES_PASSWORD + value: password + - name: POSTGRES_USER + value: postgres + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POSTGRESQL_CONF_DIR + value: /conf + image: index.docker.io/sourcegraph/codeinsights-db:5.8.0@sha256:5f7247a03594a215bd02c4802788693d21828ce70b98415d94cc147efb9d5cfb + name: codeinsights + ports: + - containerPort: 5432 + name: codeinsights-db + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 70 + runAsUser: 70 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/lib/postgresql/data/ + name: disk + - mountPath: /conf + name: codeinsights-conf + - env: + - name: DATA_SOURCE_NAME + value: postgres://postgres:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_insights_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:5.8.0@sha256:e02ca582131234edb25c0fc6a5ebecb6dfd4f46840e266571eb3c85fc7bdfdb8 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; + fi + image: index.docker.io/sourcegraph/alpine-3.14:5.8.0@sha256:ce43a38e55b675cf312f96f09c44938e4a57569ecd2b8a8683851b17d2954764 + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 70 + runAsUser: 70 + volumeMounts: + - mountPath: /var/lib/postgresql/data/ + name: disk + securityContext: + fsGroup: 70 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 70 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: codeinsights-db + - configMap: + defaultMode: 511 + name: codeinsights-db-conf + name: codeinsights-conf + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Postgres database for various data. + kubectl.kubernetes.io/default-container: pgsql + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: codeintel-db + serviceName: codeintel-db + template: + metadata: + labels: + app: codeintel-db + deploy: sourcegraph + group: backend + spec: + containers: + - image: index.docker.io/sourcegraph/codeintel-db:5.8.0@sha256:ba3f7141e6747f6027dc7d904cd209146d76d7a08069a4e6f9444478bc7c4017 + livenessProbe: + exec: + command: + - /liveness.sh + initialDelaySeconds: 15 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + readinessProbe: + exec: + command: + - /ready.sh + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - env: + - name: DATA_SOURCE_NAME + value: postgres://sg:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_intel_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:5.8.0@sha256:e02ca582131234edb25c0fc6a5ebecb6dfd4f46840e266571eb3c85fc7bdfdb8 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:5.8.0@sha256:ce43a38e55b675cf312f96f09c44938e4a57569ecd2b8a8683851b17d2954764 + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + volumeMounts: + - mountPath: /data + name: disk + securityContext: + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: codeintel-db + - configMap: + defaultMode: 511 + name: codeintel-db-conf + name: pgsql-conf + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Stores clones of repositories to perform Git operations. + kubectl.kubernetes.io/default-container: gitserver + labels: + app.kubernetes.io/component: gitserver + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: gitserver + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: gitserver + serviceName: gitserver + template: + metadata: + labels: + app: gitserver + deploy: sourcegraph + group: backend + type: gitserver + spec: + containers: + - args: + - run + env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/gitserver:5.8.0@sha256:8a05a3f10de93a6dab688ab2029c739d60c3f31f750341b3c900a65980f8bc0e + livenessProbe: + initialDelaySeconds: 5 + tcpSocket: + port: rpc + timeoutSeconds: 5 + name: gitserver + ports: + - containerPort: 3178 + name: rpc + protocol: TCP + resources: + limits: + cpu: "4" + memory: 8G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data/repos + name: repos + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: repos + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: repos + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Metrics/monitoring dashboards and alerts. + kubectl.kubernetes.io/default-container: grafana + labels: + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: grafana + serviceName: grafana + template: + metadata: + labels: + app: grafana + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/grafana:5.8.0@sha256:9e34fc2e5df22f84c5f527986c7d640e1486f80f42edc5f12418ade873a205ed + name: grafana + ports: + - containerPort: 3370 + name: http + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 472 + runAsUser: 472 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/lib/grafana + name: grafana-data + - mountPath: /sg_config_grafana/provisioning/datasources + name: config + securityContext: + fsGroup: 472 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 472 + volumes: + - configMap: + defaultMode: 511 + name: grafana + name: config + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: grafana-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for indexed text search operations. + labels: + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: indexed-search + serviceName: indexed-search + template: + metadata: + labels: + app: indexed-search + deploy: sourcegraph + spec: + containers: + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: OPENTELEMETRY_DISABLED + value: "false" + image: index.docker.io/sourcegraph/indexed-searcher:5.8.0@sha256:dcfffede88becd19963857007fa90d2631e22ea150bdfbca9a493417b92aef7e + name: zoekt-webserver + ports: + - containerPort: 6070 + name: http + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "8" + memory: 16G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: data + - env: + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: OPENTELEMETRY_DISABLED + value: "false" + image: index.docker.io/sourcegraph/search-indexer:5.8.0@sha256:ffa70f829fc8ac510004c3d0cb7ae291b261b7c19f4b25ad1186d159674cc1d3 + name: zoekt-indexserver + ports: + - containerPort: 6072 + name: index-http + resources: + limits: + cpu: "8" + memory: 8G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: data + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - name: data + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + labels: + deploy: sourcegraph + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Postgres database for various data. + kubectl.kubernetes.io/default-container: pgsql + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: pgsql + serviceName: pgsql + template: + metadata: + labels: + app: pgsql + deploy: sourcegraph + group: backend + spec: + containers: + - image: index.docker.io/sourcegraph/postgres-12-alpine:5.8.0@sha256:ba3f7141e6747f6027dc7d904cd209146d76d7a08069a4e6f9444478bc7c4017 + livenessProbe: + exec: + command: + - /liveness.sh + initialDelaySeconds: 15 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + readinessProbe: + exec: + command: + - /ready.sh + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - mountPath: /dev/shm + name: dshm + - env: + - name: DATA_SOURCE_NAME + value: postgres://sg:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:5.8.0@sha256:e02ca582131234edb25c0fc6a5ebecb6dfd4f46840e266571eb3c85fc7bdfdb8 + name: pgsql-exporter + ports: + - containerPort: 9187 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:5.8.0@sha256:ce43a38e55b675cf312f96f09c44938e4a57569ecd2b8a8683851b17d2954764 + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + volumeMounts: + - mountPath: /data + name: disk + securityContext: + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: pgsql + - configMap: + defaultMode: 511 + name: pgsql-conf + name: pgsql-conf + - emptyDir: + medium: Memory + sizeLimit: 1G + name: dshm + updateStrategy: + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for text search operations. + kubectl.kubernetes.io/default-container: searcher + labels: + app.kubernetes.io/component: searcher + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: searcher + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: searcher + serviceName: searcher + template: + metadata: + labels: + app: searcher + deploy: sourcegraph + spec: + containers: + - env: + - name: SEARCHER_CACHE_SIZE_MB + value: "25000" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/searcher:5.8.0@sha256:10130baee086e8588019696b99ad1dcaab814e94c6d627d5e678512cc63c8a26 + name: searcher + ports: + - containerPort: 3181 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 2G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - emptyDir: {} + name: cache + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30G +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for symbols operations. + kubectl.kubernetes.io/default-container: symbols + labels: + app.kubernetes.io/component: symbols + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: symbols + namespace: ns-sourcegraph +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: symbols + serviceName: symbols + template: + metadata: + labels: + app: symbols + deploy: sourcegraph + spec: + containers: + - env: + - name: SYMBOLS_CACHE_SIZE_MB + value: "12000" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + - name: USE_ROCKSKIP + value: "true" + - name: ROCKSKIP_MIN_REPO_SIZE_MB + value: "1000" + image: index.docker.io/sourcegraph/symbols:5.8.0@sha256:538e190f2585ec09c312469882b21a30ab726c58d424ac5c146a0105b0c8c3b0 + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: symbols + ports: + - containerPort: 3184 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "4" + memory: 4G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 100 + volumes: + - emptyDir: {} + name: cache + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: cache + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 12G +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + description: DaemonSet to ensure all nodes run a node-exporter pod. + seccomp.security.alpha.kubernetes.io/pod: docker/default + labels: + app: node-exporter + app.kubernetes.io/component: node-exporter + deploy: sourcegraph + name: node-exporter + namespace: ns-sourcegraph +spec: + selector: + matchLabels: + app: node-exporter + template: + metadata: + annotations: + description: Collects and exports machine metrics. + kubectl.kubernetes.io/default-container: node-exporter + labels: + app: node-exporter + deploy: sourcegraph + spec: + affinity: null + automountServiceAccountToken: false + containers: + - args: + - --web.listen-address=:9100 + - --path.sysfs=/host/sys + - --path.rootfs=/host/root + - --path.procfs=/host/proc + - --no-collector.wifi + - --no-collector.hwmon + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) + - --collector.netclass.ignored-devices=^(veth.*)$ + - --collector.netdev.device-exclude=^(veth.*)$ + env: null + image: index.docker.io/sourcegraph/node-exporter:5.8.0@sha256:1e01eb6a8caa63500c9b324bbc666802adf215e37ebdcb6c4d93df921c894074 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + port: metrics + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: node-exporter + ports: + - containerPort: 9100 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + port: metrics + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 65534 + runAsUser: 65534 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/root + mountPropagation: HostToContainer + name: rootfs + readOnly: true + - mountPath: /host/sys + mountPropagation: HostToContainer + name: sys + readOnly: true + - mountPath: /host/proc + mountPropagation: HostToContainer + name: proc + readOnly: true + hostPID: true + nodeSelector: null + securityContext: + fsGroup: 65534 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 30 + tolerations: null + volumes: + - hostPath: + path: / + name: rootfs + - hostPath: + path: /sys + name: sys + - hostPath: + path: /proc + name: proc +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 150m + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: ns-sourcegraph +spec: + rules: + - http: + paths: + - backend: + service: + name: sourcegraph-frontend + port: + number: 30080 + path: / + pathType: Prefix diff --git a/components/executors/dind/executor.Deployment.yaml b/components/executors/dind/executor.Deployment.yaml index ba1857a9..bac7622c 100644 --- a/components/executors/dind/executor.Deployment.yaml +++ b/components/executors/dind/executor.Deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: executor - image: index.docker.io/sourcegraph/executor:5.11.3601@sha256:6c390a31eed7810fb2b86e869f3885acc82002322f88e457f562c8343934484e + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/executor:6.0.2687@sha256:6e35aeae14ce86d8986be96a4d9030e3649fb7f5108852fcb7d7990bf6223ad5 imagePullPolicy: Always livenessProbe: exec: @@ -60,7 +60,7 @@ spec: - mountPath: /scratch name: executor-scratch - name: dind - image: index.docker.io/sourcegraph/dind:5.11.3601@sha256:d00fcb4bfa9e823df43f4d08087d89a35904497e6f5b09b3da96f5f1cdea08d0 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/dind:6.0.2687@sha256:760a32c715b025ca538237469697feb5414cbf0b59a09884676a3a1eed992034 imagePullPolicy: Always securityContext: privileged: true diff --git a/components/executors/k8s/executor.Deployment.yaml b/components/executors/k8s/executor.Deployment.yaml index dddddce3..6c584659 100644 --- a/components/executors/k8s/executor.Deployment.yaml +++ b/components/executors/k8s/executor.Deployment.yaml @@ -29,7 +29,7 @@ spec: serviceAccountName: executor containers: - name: executor - image: index.docker.io/sourcegraph/executor-kubernetes:5.11.3601@sha256:f2aaa1dab005e1cf24ccf4222aa44a7b2d16e6dd31c2347822b0a16dbee8ef91 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/executor-kubernetes:6.0.2687@sha256:d026af0bb97e22272d8d536866ad2a3a679ead0b9ea5bc48bc8b66cf61f821be imagePullPolicy: Always livenessProbe: exec: diff --git a/instances/my-sourcegraph/buildConfig.yaml b/instances/my-sourcegraph/buildConfig.yaml new file mode 100644 index 00000000..347370f2 --- /dev/null +++ b/instances/my-sourcegraph/buildConfig.yaml @@ -0,0 +1,35 @@ +################################################################################################ +# [BUILD CONFIGURATIONS] +# Some components read the configuration values in this file during the Kustomize build-process +# +# HOW TO USE: +# Enter the configuration values as instructed by components used in your kustomization.yaml +# Always refer to the component’s documentation or comments before updating +################################################################################################ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + description: Some components read the configuration values from the "data" field below during the build process. You only need to update this file if you are using components that require specific CONFIG_KEYS. If no components in your overlay require extra configuration, no update is necessary. + labels: + deploy: sourcegraph + name: sourcegraph-kustomize-build-config +data: + # example: + EXAMPLE_CONFIG_KEY: example + #-------- Update config options below ---------# + # AWS_MANAGED_CERT_ARN: __placeholder__ + # GKE_MANAGED_CERT_NAME: __placeholder__ + # HOST_DOMAIN: __placeholder__ + # NEW_REDIS_CACHE_ENDPOINT: __placeholder__ + # NEW_REDIS_STORE_ENDPOINT: __placeholder__ + # PRIVATE_REGISTRY: __placeholder__ + # PRIVATE_REGISTRY_SECRET_KEY: __placeholder__ + # SSD_NODE_PATH: __placeholder__ + # STORAGECLASS_NAME: __placeholder__ + # STORAGECLASS_PROVISIONER: __placeholder__ + # STORAGECLASS_PARAM_TYPE: __placeholder__ + # TLS_HOST: __placeholder__ + # TLS_INGRESS_CLASS_NAME: __placeholder__ + # TLS_CLUSTER_ISSUER: __placeholder__ + # TLS_SECRET_NAME: __placeholder__ diff --git a/instances/my-sourcegraph/kustomization.yaml b/instances/my-sourcegraph/kustomization.yaml new file mode 100644 index 00000000..0c70879d --- /dev/null +++ b/instances/my-sourcegraph/kustomization.yaml @@ -0,0 +1,302 @@ +########################################################################################## +# DEPLOY INSTRUCTIONS +# +# Build Manifests: kubectl kustomize instances/$CURRENT_DIR -o cluster.yaml +# Review Manifests: less cluster.yaml +# kubectl apply --prune -l deploy=sourcegraph -f cluster.yaml +########################################################################################## +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +########################################################################################## +# [RESOURCES] Resources with default settings +# +# You can add additional resources to the end of this section if needed +########################################################################################## +resources: + # [REQUIRED: BUILD CONFIG] Update this file when using components that have "CONFIG KEYS" + - buildConfig.yaml # -- Update the CONFIG Key values in buildConfig.yaml when instructed + # [REQUIRED: RESOURCES] Resources for the default Sourcegraph instance + - ../../base/sourcegraph # -- Resources for Sourcegraph + - ../../base/monitoring # -- Resources for Sourcegraph Monitoring Stack + # ---------------- Add additional resources below this line if needed ---------------- # + # - +########################################################################################## +# [REQUIRED: NAMESPACE] Add namespace to all resources generated by this overlay +# +# NOTE: Include the 'namespace' component to create namespace with the same name if needed +########################################################################################## +namespace: ns-sourcegraph +########################################################################################## +# [COMPONENTS] Uncomment the lines for the components you'd like to include +# +# To configure your Sourcegraph deployment, uncomment the components/section +# below following the instructions in our configuration docs. +# +# Components with CONFIG KEYS require additional input in the ./buildConfig.yaml file +# +# Docs: +# https://docs.sourcegraph.com/admin/deploy/kubernetes/kustomize/configure +########################################################################################## +components: + #--------------------------------------------------------------------------------------- + # Namespace Creation + #--------------------------------------------------------------------------------------- + # - ../../components/resources/namespace # -- Create namespace based on NAMESPACE input above + # + #--------------------------------------------------------------------------------------- + # Monitoring Stack + #--------------------------------------------------------------------------------------- + # - ../../components/monitoring/otel # -- Deploy OpenTelemetry Collector + # - ../../components/monitoring/tracing # -- Deploy OpenTelemetry Collector with Jaeger as tracing backend + # - ../../components/monitoring/cadvisor # -- Add resources for cAdvisor (requires privileges) + # - ../../components/remove/daemonset # -- Remove all services with daemonsets: node-exporter & otel + # - ../../components/remove/otel-collector # -- Remove otel-collector and otel-agent + # + #--------------------------------------------------------------------------------------- + # Resource Allocation - Instance size based + #--------------------------------------------------------------------------------------- + # Use size XS resources by default. Include one only. + # Find your instance size on https://docs.sourcegraph.com/admin/deploy/instance-size + - ../../components/sizes/xs # -- Allocate resources for size XS instance + # - ../../components/sizes/s # -- Allocate resources for size S instance + # - ../../components/sizes/m # -- Allocate resources for size M instance + # - ../../components/sizes/l # -- Allocate resources for size L instance + # - ../../components/sizes/xl # -- Allocate resources for size XL instance + # - custom-resources # -- Allocate customized resources --See docs for detailed instructions + # + #--------------------------------------------------------------------------------------- + # Storage class + #--------------------------------------------------------------------------------------- + # - ../../components/storage-class/aws/aws-ebs # -- Create storage class resources for AWS when provisioner = `kubernetes.io/aws-ebs` + # - ../../components/storage-class/aws/ebs-csi # -- Create storage class resources for AWS when provisioner = `ebs.csi.aws.com` + # - ../../components/storage-class/azure # -- Create storage class resources for Azure AKS + # - ../../components/storage-class/gcp # -- Create storage class resources for GCP GKE + # - ../../components/storage-class/cloud # -- Create storage class resources for other cloud provider + # - ../../components/storage-class/trident/ext3 # -- Create storage class resources for Trident, fsType ext3 + # - ../../components/storage-class/trident/ext4 # -- Create storage class resources for Trident, fsType ext4 + # - ../../components/storage-class/trident/xfs # -- Create storage class resources for Trident, fsType xfs + # - ../../components/storage-class/k3s # -- Configure to use the default storage class in a k3s cluster + # - ../../components/storage-class/sourcegraph # -- Update storageClassName for all resources to 'sourcegraph' + # + # - ../../components/storage-class/name-update # -- Update storageClassName to $STORAGECLASS_NAME + # CONFIG KEYS: STORAGECLASS_NAME + # + # - ../../components/storage-class/cloud # -- Create a custom storage class for other cloud providers + # CONFIG KEYS: STORAGECLASS_NAME + # STORAGECLASS_PROVISIONER + # STORAGECLASS_PARAM_TYPE + # + # - ../../components/storage-class/ssd # -- Create resources to use local SSDs - requires RBACs + # CONFIG KEYS: SSD_NODE_PATH + # + #--------------------------------------------------------------------------------------- + # Networking + #--------------------------------------------------------------------------------------- + # - ../../components/remove/default-ingress # -- Remove the default ingress from frontend + # - ../../components/network/nodeport/30080 # -- Use nodeport 30080 for frontend service + # - ../../components/network/loadbalancer # -- Use load balancer type for frontend service + # - ../../components/network/network-policy # -- Add NetworkPolicy + # - ../../components/network/envoy # -- Add EnvoyFilter to resolve known issues caused by service mesh + # - ../../components/ingress/gke # -- Ingress controller settings for GKE with HTTP load balancing enabled + # - ../../components/ingress/alb # -- Ingress controller settings for AWS ALB + # - ../../components/ingress/k3s # -- Ingress controller settings for K3s + # - ../../components/clusters/aws/managed-cert # -- Apply settings to frontend ingress for aws managed cert + # - ../../components/clusters/gke/managed-cert # -- Apply settings to frontend ingress for gke managed cert + # + # - ../../components/ingress/hostname # -- Set hostname/domain for your Sourcegraph ingress + # CONFIG KEYS: HOST_DOMAIN + # + # - ../../components/network/tls # -- Enable TLS with existing certificates + # CONFIG KEYS: TLS_HOST + # TLS_INGRESS_CLASS_NAME + # TLS_CLUSTER_ISSUER + # + # - ../../components/network/tls-secretname # -- Replace TLS secretName with TLS_SECRET_NAME + # CONFIG KEYS: TLS_SECRET_NAME + # + #--------------------------------------------------------------------------------------- + # External Services + # You must add external instances via frontend env vars if you remove the bundled instances + #--------------------------------------------------------------------------------------- + # - ../../components/remove/pgsql/deployment # -- Remove default database deployment for frontend + # - ../../components/remove/pgsql/statefulset # -- Remove default database statefulset for frontend + # - ../../components/remove/codeintel-db/deployment # -- Remove default database deployment for code-intel + # - ../../components/remove/codeintel-db/statefulset # -- Remove default database statefulset for code-intel + # - ../../components/remove/codeinsights-db/deployment # -- Remove default database deployment for code-insights + # - ../../components/remove/codeinsights-db/statefulset # -- Remove default database statefulset for code-insights + # - ../../components/remove/redis # -- Remove embedded redis instance + # + # - ../../components/services/redis # -- Use external redis servers + # CONFIG KEYS: REDIS_CACHE_ENDPOINT + # REDIS_STORE_ENDPOINT + # + #--------------------------------------------------------------------------------------- + # Executors + # See https://docs.sourcegraph.com/admin/executors for information and instructions + #--------------------------------------------------------------------------------------- + # - ../../components/executors/k8s # -- Enable native K8s executors + # - ../../components/executors/dind # -- Enable dind executors + # - ../../components/executors/dind/private-docker-registry # -- Enable private docker registry + # + #--------------------------------------------------------------------------------------- + # Other Configurations + #--------------------------------------------------------------------------------------- + # - ../../components/clusters/k3s # -- Configure instance to run in a k3s cluster (storage class, network, etc) + # - ../../components/clusters/minikube # -- Configure instance to run in a minikube cluster (storage class, network, etc) + # - ../../components/enable/rockskip # -- Enable rockskip + # - ../../components/disable/rockskip # -- Disable rockskip + # - ../../components/enable/ssh/non-root # Enable SSH to clon repositories as non-root user (default) + # - ../../components/enable/ssh/root # Enable SSH to clon repositories as root user (when using privileged component) + # - ../../components/remove/pvcs # -- Remove all pvcs resources + # - ../../components/remove/prometheus # -- Remove prometheus + # - ../../components/remove/resources # -- Remove resources (Limits, requests) from all containers + # - ../../components/remove/security-context # -- Remove security context from all resources + # - ../../components/utils/uid # -- Run all Postgres database with valid users on host + # - ../../components/utils/multi-version-upgrade # -- Scale down non-database pods to 0 for multi-version upgrade + # - ../../components/utils/migrate-to-nonprivileged # -- Component for migrating from privileged to non-privileged + # + #--------------------------------------------------------------------------------------- + # Resource migration from deploy-sourcegraph + #--------------------------------------------------------------------------------------- + # - ../../components/clusters/old-base # -- Generate old cluster from deploy-sourcegraph + # - old-patches # -- Component to store patches from old deployment. See migration docs for more information + # + #--------------------------------------------------------------------------------------- + # Use private registry + #--------------------------------------------------------------------------------------- + # - ../../components/enable/private-registry # -- Update images name to private registry name + # CONFIG KEYS: PRIVATE_REGISTRY + # + # - ../../components/resources/imagepullsecrets # -- Add imagePullSecrets field to all resources + # CONFIG KEYS: IMAGE_PULL_SECRET_NAME + # + # ------------------------------------------------------------------------ + # Permission Configurations + # IMPORTANT: Keep the components below as the LAST components + # ------------------------------------------------------------------------ + # [DO NOT REMOVE] This component add replica count for some statefulset services as env vars to frontend + # so that when service discovery is disabled, frontend can generate service endpoints based on replica count + - ../../components/utils/endpoints # REQUIRED - DO NOT REMOVE + # + # - ../../components/privileged # -- Run Sourcegraph with privileged and root access + # - ../../components/monitoring/privileged # -- Run monitoring stack with privileged and root access + # + # Recommended for clusters with RBAC enabled. + # - ../../components/enable/service-discovery # -- Enable service-discovery for frontend +# +# +########################################################################################## +# [SECRETS GENERATOR] Turns the contents of the secret files into Kubernetes secrets +# +# Copy and paste all the associated files to the root of this directory +########################################################################################## +# secretGenerator: +# +# # - SSH for Gitserver to clone repositories - +# - name: gitserver-ssh +# files: +# - id_rsa +# - known_hosts +# +# # - TLS - +# - name: sourcegraph-frontend-tls +# behavior: create +# files: +# - tls.crt +# - tls.key +# +# # - Database - +# - name: dbs-secrets +# files: +# - secrets.env +# +# # - Executor - +# - name: executor-secret +# behavior: create +# literals: +# - password=our-shared-secret +# +########################################################################################## +# [CUSTOM RESOURCES] Add files as patches to customize resources +# +# Create a directory `patches` and then copy the required files as +# instructed by the configuration docs to update ConfigMaps and other +# resources using patch files to customize your deployment +# Do not use the built-in replicas field to update replica counts +########################################################################################## +# +# patches: +# #--------------------------------------------------------------------------------------- +# # custom patches +# #--------------------------------------------------------------------------------------- +# - path: patches/frontend-ingress.annotations.yaml +# - path: patches/prometheus.ConfigMap.yaml +# - path: patches/pgsql.ConfigMap.yaml +# - path: patches/otel-collector.ConfigMap.yaml +# - path: patches/custom.NodePort.yaml +# - path: patches/resources.yaml +# - path: patches/executor.ConfigMap.yaml +# +# #--------------------------------------------------------------------------------------- +# # Update env vars for non-frontend services +# #--------------------------------------------------------------------------------------- +# - patch: |- +# - op: add +# path: /spec/template/spec/containers/0/env/- +# value: +# name: SRC_ENABLE_GC_AUTO +# value: "true" +# target: +# name: gitserver +# kind: StatefulSet +# +# - patch: |- +# - op: replace +# path: /spec/template/spec/containers/0/env/0 +# value: +# name: SEARCHER_CACHE_SIZE_MB +# value: "50000" +# target: +# name: searcher +# kind: StatefulSet|Deployment +# +# - patch: |- +# - op: replace +# path: /spec/template/spec/containers/0/env/0 +# value: +# name: SYMBOLS_CACHE_SIZE_MB +# value: "50000" +# target: +# name: symbols +# kind: StatefulSet|Deployment +# +# #--------------------------------------------------------------------------------------- +# # Adjust Storage Sizes +# #--------------------------------------------------------------------------------------- +# - patch: |- +# - op: replace +# path: /spec/resources/requests/storage +# value: 100Gi +# target: +# kind: PersistentVolumeClaim +# name: blobstore|codeinsights-db|codeintel-db|pgsql|prometheus|redis-store|redis-cache|private-docker-registry +# +# - patch: |- +# - op: replace +# path: /spec/volumeClaimTemplates/0/spec/resources/requests/storage +# value: 200Gi +# target: +# kind: StatefulSet +# name: gitserver|indexed-search|searcher|symbols +# +# +########################################################################################## +# [FRONTEND ENV VARS] Handles updating env vars for sourcegraph-frontend +########################################################################################## +# +# configMapGenerator: +# - name: sourcegraph-frontend-env +# behavior: merge +# literals: +# - DEPLOY_TYPE=kustomize # make your edit below this line +#