From cda9a21ba78d534480482982dadbc3417890a24b Mon Sep 17 00:00:00 2001 From: Jean-Hadrien Chabran Date: Mon, 19 Feb 2024 09:18:31 +0000 Subject: [PATCH] release_patch: v5.3.0 {"version":"v5.3.0","inputs":"server=5.3.0","type":"patch"} --- base/blobstore/blobstore.Deployment.yaml | 2 +- base/cadvisor/cadvisor.DaemonSet.yaml | 2 +- .../codeinsights-db.Deployment.yaml | 6 +- base/codeintel-db/codeintel-db.ConfigMap.yaml | 248 +++--- .../codeintel-db/codeintel-db.Deployment.yaml | 6 +- .../sourcegraph-frontend.Deployment.yaml | 4 +- .../sourcegraph-frontend.Ingress.yaml | 2 +- base/frontend/sourcegraph-frontend.Role.yaml | 11 +- base/gitserver/gitserver.Service.yaml | 3 +- base/gitserver/gitserver.StatefulSet.yaml | 2 +- base/grafana/grafana.StatefulSet.yaml | 2 +- .../indexed-search.IndexerService.yaml | 3 +- .../indexed-search.Service.yaml | 3 +- .../indexed-search.StatefulSet.yaml | 4 +- .../node-exporter.DaemonSet.yaml | 2 +- base/otel-collector/otel-agent.ConfigMap.yaml | 36 +- base/otel-collector/otel-agent.DaemonSet.yaml | 2 +- .../otel-collector.ConfigMap.yaml | 1 - .../otel-collector.Deployment.yaml | 2 +- base/pgsql/pgsql.ConfigMap.yaml | 248 +++--- base/pgsql/pgsql.Deployment.yaml | 6 +- .../precise-code-intel/worker.Deployment.yaml | 2 +- base/prometheus/prometheus.ConfigMap.yaml | 288 +------ base/prometheus/prometheus.Deployment.yaml | 2 +- base/redis/redis-cache.Deployment.yaml | 4 +- base/redis/redis-store.Deployment.yaml | 4 +- .../repo-updater/repo-updater.Deployment.yaml | 2 +- base/searcher/searcher.Deployment.yaml | 2 +- base/symbols/symbols.Deployment.yaml | 2 +- .../syntect-server.Deployment.yaml | 2 +- base/worker/worker.Deployment.yaml | 2 +- .../embeddings/embeddings.ConfigMap.yaml | 51 +- .../embeddings/embeddings.Deployment.yaml | 2 +- .../dind/docker-daemon.ConfigMap.yaml | 3 +- .../executors/dind/executor.Deployment.yaml | 6 +- .../executors/dind/executor.Service.yaml | 2 +- .../executors/k8s/executor.ConfigMap.yaml | 1 - .../executors/k8s/executor.Deployment.yaml | 3 +- .../k8s/executor.PersistentVolumeClaim.yaml | 3 +- configure/executors/k8s/executor.Service.yaml | 3 +- .../executors/k8s/rbac/executor.Role.yaml | 3 +- .../k8s/rbac/executor.RoleBinding.yaml | 3 +- .../k8s/rbac/executor.ServiceAccount.yaml | 3 +- ...docker-registry.PersistentVolumeClaim.yaml | 2 +- configure/ingress-nginx/cloud-generic.yaml | 1 - configure/ingress-nginx/mandatory.yaml | 13 - .../ssd/pod-tmp-gc.ClusterRoleBinding.yaml | 2 +- configure/ssd/pod-tmp-gc.DaemonSet.yaml | 14 +- genclu/apps_v1_daemonset_cadvisor.yaml | 79 ++ .../apps_v1_deployment_codeinsights-db.yaml | 110 +++ genclu/apps_v1_deployment_codeintel-db.yaml | 114 +++ genclu/apps_v1_deployment_github-proxy.yaml | 81 ++ genclu/apps_v1_deployment_jaeger.yaml | 67 ++ genclu/apps_v1_deployment_minio.yaml | 78 ++ genclu/apps_v1_deployment_pgsql.yaml | 120 +++ ..._deployment_precise-code-intel-worker.yaml | 72 ++ genclu/apps_v1_deployment_prometheus.yaml | 69 ++ genclu/apps_v1_deployment_redis-cache.yaml | 80 ++ genclu/apps_v1_deployment_redis-store.yaml | 79 ++ genclu/apps_v1_deployment_repo-updater.yaml | 100 +++ genclu/apps_v1_deployment_searcher.yaml | 112 +++ ...ps_v1_deployment_sourcegraph-frontend.yaml | 184 +++++ genclu/apps_v1_deployment_symbols.yaml | 118 +++ genclu/apps_v1_deployment_syntect-server.yaml | 59 ++ genclu/apps_v1_deployment_worker.yaml | 70 ++ genclu/apps_v1_statefulset_gitserver.yaml | 104 +++ genclu/apps_v1_statefulset_grafana.yaml | 69 ++ .../apps_v1_statefulset_indexed-search.yaml | 92 +++ ...8s.io_v1_ingress_sourcegraph-frontend.yaml | 24 + ..._rolebinding_prometheus-nonprivileged.yaml | 17 + ...ng_sourcegraph-frontend-nonprivileged.yaml | 17 + genclu/v1_configmap_codeinsights-db-conf.yaml | 763 ++++++++++++++++++ genclu/v1_configmap_codeintel-db-conf.yaml | 705 ++++++++++++++++ genclu/v1_configmap_grafana.yaml | 24 + genclu/v1_configmap_pgsql-conf.yaml | 705 ++++++++++++++++ genclu/v1_configmap_prometheus.yaml | 73 ++ ...persistentvolumeclaim_codeinsights-db.yaml | 16 + ...v1_persistentvolumeclaim_codeintel-db.yaml | 16 + genclu/v1_persistentvolumeclaim_minio.yaml | 16 + genclu/v1_persistentvolumeclaim_pgsql.yaml | 16 + .../v1_persistentvolumeclaim_prometheus.yaml | 16 + .../v1_persistentvolumeclaim_redis-cache.yaml | 16 + .../v1_persistentvolumeclaim_redis-store.yaml | 16 + genclu/v1_service_codeinsights-db.yaml | 21 + genclu/v1_service_codeintel-db.yaml | 21 + genclu/v1_service_github-proxy.yaml | 21 + genclu/v1_service_gitserver.yaml | 26 + genclu/v1_service_grafana.yaml | 18 + genclu/v1_service_indexed-search-indexer.yaml | 23 + genclu/v1_service_indexed-search.yaml | 22 + genclu/v1_service_jaeger-collector.yaml | 29 + genclu/v1_service_jaeger-query.yaml | 21 + genclu/v1_service_minio.yaml | 22 + genclu/v1_service_pgsql.yaml | 21 + .../v1_service_precise-code-intel-worker.yaml | 24 + genclu/v1_service_prometheus.yaml | 18 + genclu/v1_service_redis-cache.yaml | 21 + genclu/v1_service_redis-store.yaml | 21 + genclu/v1_service_repo-updater.yaml | 21 + genclu/v1_service_searcher.yaml | 24 + ...service_sourcegraph-frontend-internal.yaml | 18 + genclu/v1_service_sourcegraph-frontend.yaml | 21 + genclu/v1_service_symbols.yaml | 24 + genclu/v1_service_syntect-server.yaml | 18 + genclu/v1_service_worker.yaml | 24 + genclu/v1_serviceaccount_grafana.yaml | 12 + genclu/v1_serviceaccount_prometheus.yaml | 12 + ...1_serviceaccount_sourcegraph-frontend.yaml | 12 + overlays/bases/pvcs/kustomization.yaml | 1 - overlays/envoy/gitserver.EnvoyFilter.yaml | 2 +- overlays/envoy/kustomization.yaml | 2 +- overlays/jaeger/grafana.ConfigMap.yaml | 2 +- overlays/jaeger/jaeger.Deployment.yaml | 62 +- .../blobstore/blobstore.Deployment.yaml | 6 +- .../gitserver/gitserver.StatefulSet.yaml | 2 +- .../grafana/grafana.StatefulSet.yaml | 2 +- .../indexed-search.StatefulSet.yaml | 2 +- .../kustomization.yaml | 2 +- .../prometheus/prometheus.Deployment.yaml | 2 +- .../redis/redis-cache.Deployment.yaml | 2 +- .../redis/redis-store.Deployment.yaml | 2 +- .../searcher/searcher.Deployment.yaml | 2 +- .../sourcegraph-frontend.Deployment.yaml | 12 +- 123 files changed, 5200 insertions(+), 735 deletions(-) create mode 100644 genclu/apps_v1_daemonset_cadvisor.yaml create mode 100644 genclu/apps_v1_deployment_codeinsights-db.yaml create mode 100644 genclu/apps_v1_deployment_codeintel-db.yaml create mode 100644 genclu/apps_v1_deployment_github-proxy.yaml create mode 100644 genclu/apps_v1_deployment_jaeger.yaml create mode 100644 genclu/apps_v1_deployment_minio.yaml create mode 100644 genclu/apps_v1_deployment_pgsql.yaml create mode 100644 genclu/apps_v1_deployment_precise-code-intel-worker.yaml create mode 100644 genclu/apps_v1_deployment_prometheus.yaml create mode 100644 genclu/apps_v1_deployment_redis-cache.yaml create mode 100644 genclu/apps_v1_deployment_redis-store.yaml create mode 100644 genclu/apps_v1_deployment_repo-updater.yaml create mode 100644 genclu/apps_v1_deployment_searcher.yaml create mode 100644 genclu/apps_v1_deployment_sourcegraph-frontend.yaml create mode 100644 genclu/apps_v1_deployment_symbols.yaml create mode 100644 genclu/apps_v1_deployment_syntect-server.yaml create mode 100644 genclu/apps_v1_deployment_worker.yaml create mode 100644 genclu/apps_v1_statefulset_gitserver.yaml create mode 100644 genclu/apps_v1_statefulset_grafana.yaml create mode 100644 genclu/apps_v1_statefulset_indexed-search.yaml create mode 100644 genclu/networking.k8s.io_v1_ingress_sourcegraph-frontend.yaml create mode 100644 genclu/rbac.authorization.k8s.io_v1_rolebinding_prometheus-nonprivileged.yaml create mode 100644 genclu/rbac.authorization.k8s.io_v1_rolebinding_sourcegraph-frontend-nonprivileged.yaml create mode 100644 genclu/v1_configmap_codeinsights-db-conf.yaml create mode 100644 genclu/v1_configmap_codeintel-db-conf.yaml create mode 100644 genclu/v1_configmap_grafana.yaml create mode 100644 genclu/v1_configmap_pgsql-conf.yaml create mode 100644 genclu/v1_configmap_prometheus.yaml create mode 100644 genclu/v1_persistentvolumeclaim_codeinsights-db.yaml create mode 100644 genclu/v1_persistentvolumeclaim_codeintel-db.yaml create mode 100644 genclu/v1_persistentvolumeclaim_minio.yaml create mode 100644 genclu/v1_persistentvolumeclaim_pgsql.yaml create mode 100644 genclu/v1_persistentvolumeclaim_prometheus.yaml create mode 100644 genclu/v1_persistentvolumeclaim_redis-cache.yaml create mode 100644 genclu/v1_persistentvolumeclaim_redis-store.yaml create mode 100644 genclu/v1_service_codeinsights-db.yaml create mode 100644 genclu/v1_service_codeintel-db.yaml create mode 100644 genclu/v1_service_github-proxy.yaml create mode 100644 genclu/v1_service_gitserver.yaml create mode 100644 genclu/v1_service_grafana.yaml create mode 100644 genclu/v1_service_indexed-search-indexer.yaml create mode 100644 genclu/v1_service_indexed-search.yaml create mode 100644 genclu/v1_service_jaeger-collector.yaml create mode 100644 genclu/v1_service_jaeger-query.yaml create mode 100644 genclu/v1_service_minio.yaml create mode 100644 genclu/v1_service_pgsql.yaml create mode 100644 genclu/v1_service_precise-code-intel-worker.yaml create mode 100644 genclu/v1_service_prometheus.yaml create mode 100644 genclu/v1_service_redis-cache.yaml create mode 100644 genclu/v1_service_redis-store.yaml create mode 100644 genclu/v1_service_repo-updater.yaml create mode 100644 genclu/v1_service_searcher.yaml create mode 100644 genclu/v1_service_sourcegraph-frontend-internal.yaml create mode 100644 genclu/v1_service_sourcegraph-frontend.yaml create mode 100644 genclu/v1_service_symbols.yaml create mode 100644 genclu/v1_service_syntect-server.yaml create mode 100644 genclu/v1_service_worker.yaml create mode 100644 genclu/v1_serviceaccount_grafana.yaml create mode 100644 genclu/v1_serviceaccount_prometheus.yaml create mode 100644 genclu/v1_serviceaccount_sourcegraph-frontend.yaml diff --git a/base/blobstore/blobstore.Deployment.yaml b/base/blobstore/blobstore.Deployment.yaml index ded823bb6224..d02fce5f16a7 100644 --- a/base/blobstore/blobstore.Deployment.yaml +++ b/base/blobstore/blobstore.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: blobstore - image: index.docker.io/sourcegraph/blobstore:insiders@sha256:bd5e1e25cc4e9d6a45e8ef660821d521eb212dccda20e61f496a7baf8806c537 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/blobstore:5.3.0@sha256:7d24918463593dca0190e674f0433abc282cb5d7055ef76df79298d128944075 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9000 diff --git a/base/cadvisor/cadvisor.DaemonSet.yaml b/base/cadvisor/cadvisor.DaemonSet.yaml index bce0a6c715a7..9e1760b41b4a 100644 --- a/base/cadvisor/cadvisor.DaemonSet.yaml +++ b/base/cadvisor/cadvisor.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: serviceAccountName: cadvisor containers: - name: cadvisor - image: index.docker.io/sourcegraph/cadvisor:insiders@sha256:775a22b491a9956b725c12d72841adbcd9852964f171a942118f9aa8839e47d7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/cadvisor:5.3.0@sha256:8e4ebd289321ece9efc4061767a1761a427479e2381344f7ba6bad958b1e68d2 args: # Kubernetes-specific flags below (other flags are baked into the Docker image) # diff --git a/base/codeinsights-db/codeinsights-db.Deployment.yaml b/base/codeinsights-db/codeinsights-db.Deployment.yaml index 701436c2af78..ad23c5286fa6 100644 --- a/base/codeinsights-db/codeinsights-db.Deployment.yaml +++ b/base/codeinsights-db/codeinsights-db.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.3.0@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 command: ["sh", "-c", "if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; fi"] volumeMounts: - mountPath: /var/lib/postgresql/data/ @@ -42,7 +42,7 @@ spec: memory: "50Mi" containers: - name: codeinsights - image: index.docker.io/sourcegraph/codeinsights-db:insiders@sha256:c4a1bd3908658e1c09558a638e378e5570d5f669d27f9f867eeda25fe60cb88f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/codeinsights-db:5.3.0@sha256:c4a1bd3908658e1c09558a638e378e5570d5f669d27f9f867eeda25fe60cb88f env: - name: POSTGRES_DB value: postgres @@ -75,7 +75,7 @@ spec: value: postgres://postgres:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_insights_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.3.0@sha256:6dafa0b94b025e4c29b0c8bd0e1d1c1f891db0d8fda4e6d0a71ae82724ec8f5a terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter resources: diff --git a/base/codeintel-db/codeintel-db.ConfigMap.yaml b/base/codeintel-db/codeintel-db.ConfigMap.yaml index bc338e349733..8aac1f6cc267 100644 --- a/base/codeintel-db/codeintel-db.ConfigMap.yaml +++ b/base/codeintel-db/codeintel-db.ConfigMap.yaml @@ -42,33 +42,33 @@ data: # GB = gigabytes min = minutes # TB = terabytes h = hours # d = days - - + + #------------------------------------------------------------------------------ # FILE LOCATIONS #------------------------------------------------------------------------------ - + # The default values of these variables are driven from the -D command-line # option or PGDATA environment variable, represented here as ConfigDir. - + #data_directory = 'ConfigDir' # use data in another directory # (change requires restart) #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file # (change requires restart) #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file # (change requires restart) - + # If external_pid_file is not explicitly set, no extra PID file is written. #external_pid_file = '' # write an extra PID file # (change requires restart) - - + + #------------------------------------------------------------------------------ # CONNECTIONS AND AUTHENTICATION #------------------------------------------------------------------------------ - + # - Connection Settings - - + listen_addresses = '*' # comma-separated list of addresses; # defaults to 'localhost'; use '*' for all @@ -85,29 +85,29 @@ data: # (change requires restart) #bonjour_name = '' # defaults to the computer name # (change requires restart) - + # - TCP Keepalives - # see "man 7 tcp" for details - + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; # 0 selects the system default #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; # 0 selects the system default #tcp_keepalives_count = 0 # TCP_KEEPCNT; # 0 selects the system default - + # - Authentication - - + #authentication_timeout = 1min # 1s-600s #password_encryption = md5 # md5 or scram-sha-256 #db_user_namespace = off - + # GSSAPI using Kerberos #krb_server_keyfile = '' #krb_caseins_users = off - + # - SSL - - + #ssl = off #ssl_ca_file = '' #ssl_cert_file = 'server.crt' @@ -119,14 +119,14 @@ data: #ssl_dh_params_file = '' #ssl_passphrase_command = '' #ssl_passphrase_command_supports_reload = off - - + + #------------------------------------------------------------------------------ # RESOURCE USAGE (except WAL) #------------------------------------------------------------------------------ - + # - Memory - - + shared_buffers = 1GB # SG CUSTOM min 128kB # (change requires restart) #huge_pages = try # on, off, or try @@ -148,35 +148,35 @@ data: # mmap # use none to disable dynamic shared memory # (change requires restart) - + # - Disk - - + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space # in kB, or -1 for no limit - + # - Kernel Resources - - + #max_files_per_process = 1000 # min 25 # (change requires restart) - + # - Cost-Based Vacuum Delay - - + #vacuum_cost_delay = 0 # 0-100 milliseconds #vacuum_cost_page_hit = 1 # 0-10000 credits #vacuum_cost_page_miss = 10 # 0-10000 credits #vacuum_cost_page_dirty = 20 # 0-10000 credits #vacuum_cost_limit = 200 # 1-10000 credits - + # - Background Writer - - + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round #bgwriter_flush_after = 512kB # measured in pages, 0 disables - + # - Asynchronous Behavior - - + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching max_worker_processes = 4 # SG CUSTOM (change requires restart) max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers @@ -187,14 +187,14 @@ data: #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate # (change requires restart) #backend_flush_after = 0 # measured in pages, 0 disables - - + + #------------------------------------------------------------------------------ # WRITE-AHEAD LOG #------------------------------------------------------------------------------ - + # - Settings - - + #wal_level = replica # minimal, replica, or logical # (change requires restart) #fsync = on # flush data to disk for crash safety @@ -217,21 +217,21 @@ data: # (change requires restart) #wal_writer_delay = 200ms # 1-10000 milliseconds #wal_writer_flush_after = 1MB # measured in pages, 0 disables - + #commit_delay = 0 # range 0-100000, in microseconds #commit_siblings = 5 # range 1-1000 - + # - Checkpoints - - + #checkpoint_timeout = 5min # range 30s-1d max_wal_size = 8GB # SG CUSTOM min_wal_size = 2GB # SG CUSTOM #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 #checkpoint_flush_after = 256kB # measured in pages, 0 disables #checkpoint_warning = 30s # 0 disables - + # - Archiving - - + #archive_mode = off # enables archiving; off, on, or always # (change requires restart) #archive_command = '' # command to use to archive a logfile segment @@ -240,40 +240,40 @@ data: # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' #archive_timeout = 0 # force a logfile segment switch after this # number of seconds; 0 disables - - + + #------------------------------------------------------------------------------ # REPLICATION #------------------------------------------------------------------------------ - + # - Sending Servers - - + # Set these on the master and on any standby that will send replication data. - + #max_wal_senders = 10 # max number of walsender processes # (change requires restart) #wal_keep_segments = 0 # in logfile segments; 0 disables #wal_sender_timeout = 60s # in milliseconds; 0 disables - + #max_replication_slots = 10 # max number of replication slots # (change requires restart) #track_commit_timestamp = off # collect timestamp of transaction commit # (change requires restart) - + # - Master Server - - + # These settings are ignored on a standby server. - + #synchronous_standby_names = '' # standby servers that provide sync rep # method to choose sync standbys, number of sync standbys, # and comma-separated list of application_name # from standby(s); '*' = all #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed - + # - Standby Servers - - + # These settings are ignored on a master server. - + #hot_standby = on # "off" disallows queries during recovery # (change requires restart) #max_standby_archive_delay = 30s # max delay before canceling queries @@ -291,22 +291,22 @@ data: # in milliseconds; 0 disables #wal_retrieve_retry_interval = 5s # time to wait before retrying to # retrieve WAL after a failed attempt - + # - Subscribers - - + # These settings are ignored on a publisher. - + #max_logical_replication_workers = 4 # taken from max_worker_processes # (change requires restart) #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers - - + + #------------------------------------------------------------------------------ # QUERY TUNING #------------------------------------------------------------------------------ - + # - Planner Method Configuration - - + #enable_bitmapscan = on #enable_hashagg = on #enable_hashjoin = on @@ -323,9 +323,9 @@ data: #enable_partitionwise_aggregate = off #enable_parallel_hash = on #enable_partition_pruning = on - + # - Planner Cost Constants - - + #seq_page_cost = 1.0 # measured on an arbitrary scale random_page_cost = 1.1 # SG CUSTOM same scale as above #cpu_tuple_cost = 0.01 # same scale as above @@ -333,7 +333,7 @@ data: #cpu_operator_cost = 0.0025 # same scale as above #parallel_tuple_cost = 0.1 # same scale as above #parallel_setup_cost = 1000.0 # same scale as above - + #jit_above_cost = 100000 # perform JIT compilation if available # and query more expensive than this; # -1 disables @@ -342,13 +342,13 @@ data: #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if # query is more expensive than this; # -1 disables - + #min_parallel_table_scan_size = 8MB #min_parallel_index_scan_size = 512kB effective_cache_size = 3GB # SG CUSTOM - + # - Genetic Query Optimizer - - + #geqo = on #geqo_threshold = 12 #geqo_effort = 5 # range 1-10 @@ -356,9 +356,9 @@ data: #geqo_generations = 0 # selects default based on effort #geqo_selection_bias = 2.0 # range 1.5-2.0 #geqo_seed = 0.0 # range 0.0-1.0 - + # - Other Planner Options - - + #default_statistics_target = 100 # range 1-10000 #constraint_exclusion = partition # on, off, or partition #cursor_tuple_fraction = 0.1 # range 0.0-1.0 @@ -367,25 +367,25 @@ data: # JOIN clauses #force_parallel_mode = off #jit = off # allow JIT compilation - - + + #------------------------------------------------------------------------------ # REPORTING AND LOGGING #------------------------------------------------------------------------------ - + # - Where to Log - - + #log_destination = 'stderr' # Valid values are combinations of # stderr, csvlog, syslog, and eventlog, # depending on platform. csvlog # requires logging_collector to be on. - + # This is used when logging to stderr: #logging_collector = off # Enable capturing of stderr and csvlog # into log files. Required to be on for # csvlogs. # (change requires restart) - + # These are only used if logging_collector is on: #log_directory = 'log' # directory where log files are written, # can be absolute or relative to PGDATA @@ -406,19 +406,19 @@ data: #log_rotation_size = 10MB # Automatic rotation of logfiles will # happen after that much log output. # 0 disables. - + # These are relevant when logging to syslog: #syslog_facility = 'LOCAL0' #syslog_ident = 'postgres' #syslog_sequence_numbers = on #syslog_split_messages = on - + # This is only relevant when logging to eventlog (win32): # (change requires restart) #event_source = 'PostgreSQL' - + # - When to Log - - + #log_min_messages = warning # values in order of decreasing detail: # debug5 # debug4 @@ -432,7 +432,7 @@ data: # log # fatal # panic - + #log_min_error_statement = error # values in order of decreasing detail: # debug5 # debug4 @@ -446,15 +446,15 @@ data: # log # fatal # panic (effectively off) - + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements # and their durations, > 0 logs only # statements running at least this number # of milliseconds - - + + # - What to Log - - + #debug_print_parse = off #debug_print_rewritten = off #debug_print_plan = off @@ -493,42 +493,42 @@ data: # than the specified size in kilobytes; # -1 disables, 0 logs all temp files log_timezone = 'Etc/UTC' - + #------------------------------------------------------------------------------ # PROCESS TITLE #------------------------------------------------------------------------------ - + #cluster_name = '' # added to process titles if nonempty # (change requires restart) #update_process_title = on - - + + #------------------------------------------------------------------------------ # STATISTICS #------------------------------------------------------------------------------ - + # - Query and Index Statistics Collector - - + #track_activities = on #track_counts = on #track_io_timing = off #track_functions = none # none, pl, all #track_activity_query_size = 1024 # (change requires restart) #stats_temp_directory = 'pg_stat_tmp' - - + + # - Monitoring - - + #log_parser_stats = off #log_planner_stats = off #log_executor_stats = off #log_statement_stats = off - - + + #------------------------------------------------------------------------------ # AUTOVACUUM #------------------------------------------------------------------------------ - + #autovacuum = on # Enable autovacuum subprocess? 'on' # requires track_counts to also be on. #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and @@ -555,14 +555,14 @@ data: #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for # autovacuum, -1 means use # vacuum_cost_limit - - + + #------------------------------------------------------------------------------ # CLIENT CONNECTION DEFAULTS #------------------------------------------------------------------------------ - + # - Statement Behavior - - + #client_min_messages = notice # values in order of decreasing detail: # debug5 # debug4 @@ -598,9 +598,9 @@ data: #xmloption = 'content' #gin_fuzzy_search_limit = 0 #gin_pending_list_limit = 4MB - + # - Locale and Formatting - - + datestyle = 'iso, mdy' #intervalstyle = 'postgres' timezone = 'Etc/UTC' @@ -614,33 +614,33 @@ data: #extra_float_digits = 0 # min -15, max 3 #client_encoding = sql_ascii # actually, defaults to database # encoding - + # These settings are initialized by initdb, but they can be changed. lc_messages = 'en_US.utf8' # locale for system error message # strings lc_monetary = 'en_US.utf8' # locale for monetary formatting lc_numeric = 'en_US.utf8' # locale for number formatting lc_time = 'en_US.utf8' # locale for time formatting - + # default configuration for text search default_text_search_config = 'pg_catalog.english' - + # - Shared Library Preloading - - + #shared_preload_libraries = '' # (change requires restart) #local_preload_libraries = '' #session_preload_libraries = '' #jit_provider = 'llvmjit' # JIT library to use - + # - Other Defaults - - + #dynamic_library_path = '$libdir' - - + + #------------------------------------------------------------------------------ # LOCK MANAGEMENT #------------------------------------------------------------------------------ - + #deadlock_timeout = 1s #max_locks_per_transaction = 64 # min 10 # (change requires restart) @@ -650,14 +650,14 @@ data: # (max_pred_locks_per_transaction # / -max_pred_locks_per_relation) - 1 #max_pred_locks_per_page = 2 # min 0 - - + + #------------------------------------------------------------------------------ # VERSION AND PLATFORM COMPATIBILITY #------------------------------------------------------------------------------ - + # - Previous PostgreSQL Versions - - + #array_nulls = on #backslash_quote = safe_encoding # on, off, or safe_encoding #default_with_oids = off @@ -667,38 +667,38 @@ data: #quote_all_identifiers = off #standard_conforming_strings = on #synchronize_seqscans = on - + # - Other Platforms and Clients - - + #transform_null_equals = off - - + + #------------------------------------------------------------------------------ # ERROR HANDLING #------------------------------------------------------------------------------ - + #exit_on_error = off # terminate session on any error? #restart_after_crash = on # reinitialize after backend crash? #data_sync_retry = off # retry or panic on failure to fsync # data? # (change requires restart) - - + + #------------------------------------------------------------------------------ # CONFIG FILE INCLUDES #------------------------------------------------------------------------------ - + # These options allow settings to be loaded from files other than the # default postgresql.conf. - + #include_dir = '' # include files ending in '.conf' from # a directory, e.g., 'conf.d' #include_if_exists = '' # include file only if it exists #include = '' # include file - - + + #------------------------------------------------------------------------------ # CUSTOMIZED OPTIONS #------------------------------------------------------------------------------ - + # Add settings for extensions here diff --git a/base/codeintel-db/codeintel-db.Deployment.yaml b/base/codeintel-db/codeintel-db.Deployment.yaml index 4f120cc3aa0d..7fb1d9eb9d92 100644 --- a/base/codeintel-db/codeintel-db.Deployment.yaml +++ b/base/codeintel-db/codeintel-db.Deployment.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.3.0@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -43,7 +43,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/codeintel-db:insiders@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/codeintel-db:5.3.0@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -80,7 +80,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_intel_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.3.0@sha256:6dafa0b94b025e4c29b0c8bd0e1d1c1f891db0d8fda4e6d0a71ae82724ec8f5a terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter resources: diff --git a/base/frontend/sourcegraph-frontend.Deployment.yaml b/base/frontend/sourcegraph-frontend.Deployment.yaml index bb43d666870a..d30b8bdfb31d 100644 --- a/base/frontend/sourcegraph-frontend.Deployment.yaml +++ b/base/frontend/sourcegraph-frontend.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: initContainers: - name: migrator - image: index.docker.io/sourcegraph/migrator:insiders@sha256:85d81c0833b7d5ff3d461d437eb429b2b976576765fc703c6b830805f3fc9222 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/migrator:5.3.0@sha256:2352b7afd1548b5dbd4f15ef11698e6b3a3c55c0a2e78eb5be118f42456a9b76 args: ["up"] resources: limits: @@ -63,7 +63,7 @@ spec: value: sg containers: - name: frontend - image: index.docker.io/sourcegraph/frontend:insiders@sha256:51ca50fe119fe261a38ead2f1b94f985e3f73259a757c3f6bde37f7d6d83b7ab + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/frontend:5.3.0@sha256:c1714190b9cf0e6ede5d9b1ac77c35c00926811f8fd59ca8cbb571dfe3897bfd args: - serve env: diff --git a/base/frontend/sourcegraph-frontend.Ingress.yaml b/base/frontend/sourcegraph-frontend.Ingress.yaml index 94e7a984a449..5f6e7ae1c5b5 100644 --- a/base/frontend/sourcegraph-frontend.Ingress.yaml +++ b/base/frontend/sourcegraph-frontend.Ingress.yaml @@ -29,7 +29,7 @@ spec: backend: service: name: sourcegraph-frontend - port: + port: number: 30080 # If you're using TLS/SSL, uncomment the following line and replace 'sourcegraph.example.com' with the real # domain that you want to use for your Sourcegraph instance. diff --git a/base/frontend/sourcegraph-frontend.Role.yaml b/base/frontend/sourcegraph-frontend.Role.yaml index 8b513c8f11ed..fd928b04db27 100644 --- a/base/frontend/sourcegraph-frontend.Role.yaml +++ b/base/frontend/sourcegraph-frontend.Role.yaml @@ -19,13 +19,12 @@ rules: - get - list - watch - - apiGroups: - "apps" resources: - # necessary for resolving k8s+http://indexed-search?kind=sts URLs - - statefulsets + # necessary for resolving k8s+http://indexed-search?kind=sts URLs + - statefulsets verbs: - - get - - list - - watch + - get + - list + - watch diff --git a/base/gitserver/gitserver.Service.yaml b/base/gitserver/gitserver.Service.yaml index c59180ffa998..6dbd69dacdec 100644 --- a/base/gitserver/gitserver.Service.yaml +++ b/base/gitserver/gitserver.Service.yaml @@ -2,8 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - description: Headless service that provides a stable network identity for the - gitserver stateful set. + description: Headless service that provides a stable network identity for the gitserver stateful set. prometheus.io/port: "6060" sourcegraph.prometheus/scrape: "true" labels: diff --git a/base/gitserver/gitserver.StatefulSet.yaml b/base/gitserver/gitserver.StatefulSet.yaml index 99011686d5c8..c1b5f187691f 100644 --- a/base/gitserver/gitserver.StatefulSet.yaml +++ b/base/gitserver/gitserver.StatefulSet.yaml @@ -35,7 +35,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/gitserver:insiders@sha256:67821419b390fee5ad73f55a8782baa60c34e7394a235c1c383e1ceaf025a9d9 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/gitserver:5.3.0@sha256:cb8eb2b92a0863ba5eb5b88d2fb5315392ea00b975822f98e948bd135581a084 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 5 diff --git a/base/grafana/grafana.StatefulSet.yaml b/base/grafana/grafana.StatefulSet.yaml index a5d1ad4e7aa0..bd47eb83dee1 100644 --- a/base/grafana/grafana.StatefulSet.yaml +++ b/base/grafana/grafana.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: grafana - image: index.docker.io/sourcegraph/grafana:insiders@sha256:4492ae6d8911410abacf1e9639a43491c5c82300f918a0e93ad2e225b4ac62cc + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/grafana:5.3.0@sha256:80854950ca65ce2414d0bd3350639750f26d57d2004bfb49556215a27c1a1b78 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3370 diff --git a/base/indexed-search/indexed-search.IndexerService.yaml b/base/indexed-search/indexed-search.IndexerService.yaml index 079bdacd22aa..ade1a4ddd0a5 100644 --- a/base/indexed-search/indexed-search.IndexerService.yaml +++ b/base/indexed-search/indexed-search.IndexerService.yaml @@ -2,8 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - description: Headless service that provides a stable network identity for the - indexed-search stateful set. + description: Headless service that provides a stable network identity for the indexed-search stateful set. sourcegraph.prometheus/scrape: "true" prometheus.io/port: "6072" labels: diff --git a/base/indexed-search/indexed-search.Service.yaml b/base/indexed-search/indexed-search.Service.yaml index 5833c8962387..9f03e222d245 100644 --- a/base/indexed-search/indexed-search.Service.yaml +++ b/base/indexed-search/indexed-search.Service.yaml @@ -2,8 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - description: Headless service that provides a stable network identity for the - indexed-search stateful set. + description: Headless service that provides a stable network identity for the indexed-search stateful set. sourcegraph.prometheus/scrape: "true" prometheus.io/port: "6070" labels: diff --git a/base/indexed-search/indexed-search.StatefulSet.yaml b/base/indexed-search/indexed-search.StatefulSet.yaml index 047bb153e7a2..3a21d1d30326 100644 --- a/base/indexed-search/indexed-search.StatefulSet.yaml +++ b/base/indexed-search/indexed-search.StatefulSet.yaml @@ -33,7 +33,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/indexed-searcher:insiders@sha256:65acfb9299957cfa667a0c4ee0345ee6752bb1333cccb2fec1a81db52ad22da0 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/indexed-searcher:5.3.0@sha256:a5a6fdd4503ebf51ba4a9ea098c96064aa637fea01285d91e7bae87ebc275ae8 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6070 @@ -67,7 +67,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/search-indexer:insiders@sha256:29b686369ae6012d8abc73f8a2d47401b6aba5368cc83a4d3051343825fce778 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/search-indexer:5.3.0@sha256:dd6f27df905d708e12ebbefd334c899d00e31f1d8d1d7f61f8f3ac314b493023 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6072 diff --git a/base/node-exporter/node-exporter.DaemonSet.yaml b/base/node-exporter/node-exporter.DaemonSet.yaml index 23423517a361..999a8f40fe18 100644 --- a/base/node-exporter/node-exporter.DaemonSet.yaml +++ b/base/node-exporter/node-exporter.DaemonSet.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: node-exporter - image: index.docker.io/sourcegraph/node-exporter:insiders@sha256:a43c3f58201c07243e130108e1904402a086d975447794ad37b970495e46211c + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/node-exporter:5.3.0@sha256:c74fafcb2c90356e8b7ca9bf2829d9c36510db8ca1500f15e9efe381b5992bd2 imagePullPolicy: IfNotPresent resources: limits: diff --git a/base/otel-collector/otel-agent.ConfigMap.yaml b/base/otel-collector/otel-agent.ConfigMap.yaml index ee00c30e3f88..352d8dcf44e0 100644 --- a/base/otel-collector/otel-agent.ConfigMap.yaml +++ b/base/otel-collector/otel-agent.ConfigMap.yaml @@ -8,38 +8,4 @@ metadata: app.kubernetes.io/component: otel-collector sourcegraph-resource-requires: no-cluster-admin data: - config.yaml: | - receivers: - otlp: - protocols: - grpc: # port 4317 - http: # port 4318 - - exporters: - otlp: - endpoint: "otel-collector:4317" - tls: - insecure: true - sending_queue: - num_consumers: 4 - queue_size: 100 - retry_on_failure: - enabled: true - - extensions: - health_check: - endpoint: ":13133" - zpages: - endpoint: "localhost:55679" - - service: - extensions: - - zpages - - health_check - pipelines: - traces: - receivers: - - otlp - exporters: - - otlp - + config.yaml: "receivers:\n otlp:\n protocols:\n grpc: # port 4317\n http: # port 4318\n\nexporters:\n otlp:\n endpoint: \"otel-collector:4317\"\n tls:\n insecure: true\n sending_queue:\n num_consumers: 4\n queue_size: 100\n retry_on_failure:\n enabled: true\n\nextensions:\n health_check:\n endpoint: \":13133\"\n zpages:\n endpoint: \"localhost:55679\"\n\nservice:\n extensions:\n - zpages\n - health_check\n pipelines:\n traces:\n receivers:\n - otlp\n exporters:\n - otlp\n \n" diff --git a/base/otel-collector/otel-agent.DaemonSet.yaml b/base/otel-collector/otel-agent.DaemonSet.yaml index bf63e47f7fd9..ca54266ad859 100644 --- a/base/otel-collector/otel-agent.DaemonSet.yaml +++ b/base/otel-collector/otel-agent.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-agent - image: index.docker.io/sourcegraph/opentelemetry-collector:insiders@sha256:918f2299cbfb23588e761844c9a99328c8dffdfca943166f6d94e2a285d9c18d + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:5.3.0@sha256:a963692fb30d46865e7f06b753489f93331f5ebde610317110232a8e93be310a command: - "/bin/otelcol-sourcegraph" - "--config=/etc/otel-agent/config.yaml" diff --git a/base/otel-collector/otel-collector.ConfigMap.yaml b/base/otel-collector/otel-collector.ConfigMap.yaml index 7a36bd5cf656..cd75b57ed40d 100644 --- a/base/otel-collector/otel-collector.ConfigMap.yaml +++ b/base/otel-collector/otel-collector.ConfigMap.yaml @@ -44,4 +44,3 @@ data: port: 13133 zpages: endpoint: "localhost:55679" - diff --git a/base/otel-collector/otel-collector.Deployment.yaml b/base/otel-collector/otel-collector.Deployment.yaml index 2d492b469be0..ac513edd72c3 100644 --- a/base/otel-collector/otel-collector.Deployment.yaml +++ b/base/otel-collector/otel-collector.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-collector - image: index.docker.io/sourcegraph/opentelemetry-collector:insiders@sha256:918f2299cbfb23588e761844c9a99328c8dffdfca943166f6d94e2a285d9c18d + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:5.3.0@sha256:a963692fb30d46865e7f06b753489f93331f5ebde610317110232a8e93be310a command: - "/bin/otelcol-sourcegraph" # To use a custom configuration, edit otel-collector.ConfigMap.yaml diff --git a/base/pgsql/pgsql.ConfigMap.yaml b/base/pgsql/pgsql.ConfigMap.yaml index 1ddeb472be2f..c7c65d5adcff 100644 --- a/base/pgsql/pgsql.ConfigMap.yaml +++ b/base/pgsql/pgsql.ConfigMap.yaml @@ -42,33 +42,33 @@ data: # GB = gigabytes min = minutes # TB = terabytes h = hours # d = days - - + + #------------------------------------------------------------------------------ # FILE LOCATIONS #------------------------------------------------------------------------------ - + # The default values of these variables are driven from the -D command-line # option or PGDATA environment variable, represented here as ConfigDir. - + #data_directory = 'ConfigDir' # use data in another directory # (change requires restart) #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file # (change requires restart) #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file # (change requires restart) - + # If external_pid_file is not explicitly set, no extra PID file is written. #external_pid_file = '' # write an extra PID file # (change requires restart) - - + + #------------------------------------------------------------------------------ # CONNECTIONS AND AUTHENTICATION #------------------------------------------------------------------------------ - + # - Connection Settings - - + listen_addresses = '*' # comma-separated list of addresses; # defaults to 'localhost'; use '*' for all @@ -85,29 +85,29 @@ data: # (change requires restart) #bonjour_name = '' # defaults to the computer name # (change requires restart) - + # - TCP Keepalives - # see "man 7 tcp" for details - + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; # 0 selects the system default #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; # 0 selects the system default #tcp_keepalives_count = 0 # TCP_KEEPCNT; # 0 selects the system default - + # - Authentication - - + #authentication_timeout = 1min # 1s-600s #password_encryption = md5 # md5 or scram-sha-256 #db_user_namespace = off - + # GSSAPI using Kerberos #krb_server_keyfile = '' #krb_caseins_users = off - + # - SSL - - + #ssl = off #ssl_ca_file = '' #ssl_cert_file = 'server.crt' @@ -119,14 +119,14 @@ data: #ssl_dh_params_file = '' #ssl_passphrase_command = '' #ssl_passphrase_command_supports_reload = off - - + + #------------------------------------------------------------------------------ # RESOURCE USAGE (except WAL) #------------------------------------------------------------------------------ - + # - Memory - - + shared_buffers = 1GB # SG CUSTOM min 128kB # (change requires restart) #huge_pages = try # on, off, or try @@ -148,35 +148,35 @@ data: # mmap # use none to disable dynamic shared memory # (change requires restart) - + # - Disk - - + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space # in kB, or -1 for no limit - + # - Kernel Resources - - + #max_files_per_process = 1000 # min 25 # (change requires restart) - + # - Cost-Based Vacuum Delay - - + #vacuum_cost_delay = 0 # 0-100 milliseconds #vacuum_cost_page_hit = 1 # 0-10000 credits #vacuum_cost_page_miss = 10 # 0-10000 credits #vacuum_cost_page_dirty = 20 # 0-10000 credits #vacuum_cost_limit = 200 # 1-10000 credits - + # - Background Writer - - + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round #bgwriter_flush_after = 512kB # measured in pages, 0 disables - + # - Asynchronous Behavior - - + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching max_worker_processes = 4 # SG CUSTOM (change requires restart) max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers @@ -187,14 +187,14 @@ data: #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate # (change requires restart) #backend_flush_after = 0 # measured in pages, 0 disables - - + + #------------------------------------------------------------------------------ # WRITE-AHEAD LOG #------------------------------------------------------------------------------ - + # - Settings - - + #wal_level = replica # minimal, replica, or logical # (change requires restart) #fsync = on # flush data to disk for crash safety @@ -217,21 +217,21 @@ data: # (change requires restart) #wal_writer_delay = 200ms # 1-10000 milliseconds #wal_writer_flush_after = 1MB # measured in pages, 0 disables - + #commit_delay = 0 # range 0-100000, in microseconds #commit_siblings = 5 # range 1-1000 - + # - Checkpoints - - + #checkpoint_timeout = 5min # range 30s-1d max_wal_size = 8GB # SG CUSTOM min_wal_size = 2GB # SG CUSTOM #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 #checkpoint_flush_after = 256kB # measured in pages, 0 disables #checkpoint_warning = 30s # 0 disables - + # - Archiving - - + #archive_mode = off # enables archiving; off, on, or always # (change requires restart) #archive_command = '' # command to use to archive a logfile segment @@ -240,40 +240,40 @@ data: # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' #archive_timeout = 0 # force a logfile segment switch after this # number of seconds; 0 disables - - + + #------------------------------------------------------------------------------ # REPLICATION #------------------------------------------------------------------------------ - + # - Sending Servers - - + # Set these on the master and on any standby that will send replication data. - + #max_wal_senders = 10 # max number of walsender processes # (change requires restart) #wal_keep_segments = 0 # in logfile segments; 0 disables #wal_sender_timeout = 60s # in milliseconds; 0 disables - + #max_replication_slots = 10 # max number of replication slots # (change requires restart) #track_commit_timestamp = off # collect timestamp of transaction commit # (change requires restart) - + # - Master Server - - + # These settings are ignored on a standby server. - + #synchronous_standby_names = '' # standby servers that provide sync rep # method to choose sync standbys, number of sync standbys, # and comma-separated list of application_name # from standby(s); '*' = all #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed - + # - Standby Servers - - + # These settings are ignored on a master server. - + #hot_standby = on # "off" disallows queries during recovery # (change requires restart) #max_standby_archive_delay = 30s # max delay before canceling queries @@ -291,22 +291,22 @@ data: # in milliseconds; 0 disables #wal_retrieve_retry_interval = 5s # time to wait before retrying to # retrieve WAL after a failed attempt - + # - Subscribers - - + # These settings are ignored on a publisher. - + #max_logical_replication_workers = 4 # taken from max_worker_processes # (change requires restart) #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers - - + + #------------------------------------------------------------------------------ # QUERY TUNING #------------------------------------------------------------------------------ - + # - Planner Method Configuration - - + #enable_bitmapscan = on #enable_hashagg = on #enable_hashjoin = on @@ -323,9 +323,9 @@ data: #enable_partitionwise_aggregate = off #enable_parallel_hash = on #enable_partition_pruning = on - + # - Planner Cost Constants - - + #seq_page_cost = 1.0 # measured on an arbitrary scale random_page_cost = 1.1 # SG CUSTOM same scale as above #cpu_tuple_cost = 0.01 # same scale as above @@ -333,7 +333,7 @@ data: #cpu_operator_cost = 0.0025 # same scale as above #parallel_tuple_cost = 0.1 # same scale as above #parallel_setup_cost = 1000.0 # same scale as above - + #jit_above_cost = 100000 # perform JIT compilation if available # and query more expensive than this; # -1 disables @@ -342,13 +342,13 @@ data: #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if # query is more expensive than this; # -1 disables - + #min_parallel_table_scan_size = 8MB #min_parallel_index_scan_size = 512kB effective_cache_size = 3GB # SG CUSTOM - + # - Genetic Query Optimizer - - + #geqo = on #geqo_threshold = 12 #geqo_effort = 5 # range 1-10 @@ -356,9 +356,9 @@ data: #geqo_generations = 0 # selects default based on effort #geqo_selection_bias = 2.0 # range 1.5-2.0 #geqo_seed = 0.0 # range 0.0-1.0 - + # - Other Planner Options - - + #default_statistics_target = 100 # range 1-10000 #constraint_exclusion = partition # on, off, or partition #cursor_tuple_fraction = 0.1 # range 0.0-1.0 @@ -367,25 +367,25 @@ data: # JOIN clauses #force_parallel_mode = off #jit = off # allow JIT compilation - - + + #------------------------------------------------------------------------------ # REPORTING AND LOGGING #------------------------------------------------------------------------------ - + # - Where to Log - - + #log_destination = 'stderr' # Valid values are combinations of # stderr, csvlog, syslog, and eventlog, # depending on platform. csvlog # requires logging_collector to be on. - + # This is used when logging to stderr: #logging_collector = off # Enable capturing of stderr and csvlog # into log files. Required to be on for # csvlogs. # (change requires restart) - + # These are only used if logging_collector is on: #log_directory = 'log' # directory where log files are written, # can be absolute or relative to PGDATA @@ -406,19 +406,19 @@ data: #log_rotation_size = 10MB # Automatic rotation of logfiles will # happen after that much log output. # 0 disables. - + # These are relevant when logging to syslog: #syslog_facility = 'LOCAL0' #syslog_ident = 'postgres' #syslog_sequence_numbers = on #syslog_split_messages = on - + # This is only relevant when logging to eventlog (win32): # (change requires restart) #event_source = 'PostgreSQL' - + # - When to Log - - + #log_min_messages = warning # values in order of decreasing detail: # debug5 # debug4 @@ -432,7 +432,7 @@ data: # log # fatal # panic - + #log_min_error_statement = error # values in order of decreasing detail: # debug5 # debug4 @@ -446,15 +446,15 @@ data: # log # fatal # panic (effectively off) - + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements # and their durations, > 0 logs only # statements running at least this number # of milliseconds - - + + # - What to Log - - + #debug_print_parse = off #debug_print_rewritten = off #debug_print_plan = off @@ -493,42 +493,42 @@ data: # than the specified size in kilobytes; # -1 disables, 0 logs all temp files log_timezone = 'Etc/UTC' - + #------------------------------------------------------------------------------ # PROCESS TITLE #------------------------------------------------------------------------------ - + #cluster_name = '' # added to process titles if nonempty # (change requires restart) #update_process_title = on - - + + #------------------------------------------------------------------------------ # STATISTICS #------------------------------------------------------------------------------ - + # - Query and Index Statistics Collector - - + #track_activities = on #track_counts = on #track_io_timing = off #track_functions = none # none, pl, all #track_activity_query_size = 1024 # (change requires restart) #stats_temp_directory = 'pg_stat_tmp' - - + + # - Monitoring - - + #log_parser_stats = off #log_planner_stats = off #log_executor_stats = off #log_statement_stats = off - - + + #------------------------------------------------------------------------------ # AUTOVACUUM #------------------------------------------------------------------------------ - + #autovacuum = on # Enable autovacuum subprocess? 'on' # requires track_counts to also be on. #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and @@ -555,14 +555,14 @@ data: #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for # autovacuum, -1 means use # vacuum_cost_limit - - + + #------------------------------------------------------------------------------ # CLIENT CONNECTION DEFAULTS #------------------------------------------------------------------------------ - + # - Statement Behavior - - + #client_min_messages = notice # values in order of decreasing detail: # debug5 # debug4 @@ -598,9 +598,9 @@ data: #xmloption = 'content' #gin_fuzzy_search_limit = 0 #gin_pending_list_limit = 4MB - + # - Locale and Formatting - - + datestyle = 'iso, mdy' #intervalstyle = 'postgres' timezone = 'Etc/UTC' @@ -614,33 +614,33 @@ data: #extra_float_digits = 0 # min -15, max 3 #client_encoding = sql_ascii # actually, defaults to database # encoding - + # These settings are initialized by initdb, but they can be changed. lc_messages = 'en_US.utf8' # locale for system error message # strings lc_monetary = 'en_US.utf8' # locale for monetary formatting lc_numeric = 'en_US.utf8' # locale for number formatting lc_time = 'en_US.utf8' # locale for time formatting - + # default configuration for text search default_text_search_config = 'pg_catalog.english' - + # - Shared Library Preloading - - + #shared_preload_libraries = '' # (change requires restart) #local_preload_libraries = '' #session_preload_libraries = '' #jit_provider = 'llvmjit' # JIT library to use - + # - Other Defaults - - + #dynamic_library_path = '$libdir' - - + + #------------------------------------------------------------------------------ # LOCK MANAGEMENT #------------------------------------------------------------------------------ - + #deadlock_timeout = 1s #max_locks_per_transaction = 64 # min 10 # (change requires restart) @@ -650,14 +650,14 @@ data: # (max_pred_locks_per_transaction # / -max_pred_locks_per_relation) - 1 #max_pred_locks_per_page = 2 # min 0 - - + + #------------------------------------------------------------------------------ # VERSION AND PLATFORM COMPATIBILITY #------------------------------------------------------------------------------ - + # - Previous PostgreSQL Versions - - + #array_nulls = on #backslash_quote = safe_encoding # on, off, or safe_encoding #default_with_oids = off @@ -667,38 +667,38 @@ data: #quote_all_identifiers = off #standard_conforming_strings = on #synchronize_seqscans = on - + # - Other Platforms and Clients - - + #transform_null_equals = off - - + + #------------------------------------------------------------------------------ # ERROR HANDLING #------------------------------------------------------------------------------ - + #exit_on_error = off # terminate session on any error? #restart_after_crash = on # reinitialize after backend crash? #data_sync_retry = off # retry or panic on failure to fsync # data? # (change requires restart) - - + + #------------------------------------------------------------------------------ # CONFIG FILE INCLUDES #------------------------------------------------------------------------------ - + # These options allow settings to be loaded from files other than the # default postgresql.conf. - + #include_dir = '' # include files ending in '.conf' from # a directory, e.g., 'conf.d' #include_if_exists = '' # include file only if it exists #include = '' # include file - - + + #------------------------------------------------------------------------------ # CUSTOMIZED OPTIONS #------------------------------------------------------------------------------ - + # Add settings for extensions here diff --git a/base/pgsql/pgsql.Deployment.yaml b/base/pgsql/pgsql.Deployment.yaml index 348f0ea7485b..edcce0349f89 100644 --- a/base/pgsql/pgsql.Deployment.yaml +++ b/base/pgsql/pgsql.Deployment.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.3.0@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -43,7 +43,7 @@ spec: memory: "50Mi" containers: - env: - image: index.docker.io/sourcegraph/postgres-12-alpine:insiders@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres-12-alpine:5.3.0@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -83,7 +83,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.3.0@sha256:6dafa0b94b025e4c29b0c8bd0e1d1c1f891db0d8fda4e6d0a71ae82724ec8f5a terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter resources: diff --git a/base/precise-code-intel/worker.Deployment.yaml b/base/precise-code-intel/worker.Deployment.yaml index 1673535197d2..5f652e556fb7 100644 --- a/base/precise-code-intel/worker.Deployment.yaml +++ b/base/precise-code-intel/worker.Deployment.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:insiders@sha256:049d91cfcf468f292ed018646e69e0328f71597626920fa3f8588cd674f43933 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/precise-code-intel-worker:5.3.0@sha256:88fdccdeaff9a1db08c210b677611d82ae0aad36c8d35eb02263d67eff0fa6e1 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/prometheus/prometheus.ConfigMap.yaml b/base/prometheus/prometheus.ConfigMap.yaml index 1b0bf1745bcb..c57846a5d79a 100644 --- a/base/prometheus/prometheus.ConfigMap.yaml +++ b/base/prometheus/prometheus.ConfigMap.yaml @@ -1,292 +1,6 @@ apiVersion: v1 data: - prometheus.yml: | - global: - scrape_interval: 30s - evaluation_interval: 30s - - alerting: - alertmanagers: - # Bundled Alertmanager, started by prom-wrapper - - static_configs: - - targets: ['127.0.0.1:9093'] - path_prefix: /alertmanager - # Uncomment the following to have alerts delivered to additional Alertmanagers discovered - # in the cluster. This configuration is not required if you use Sourcegraph's built-in alerting: - # https://docs.sourcegraph.com/admin/observability/alerting - # - kubernetes_sd_configs: - # - role: endpoints - # relabel_configs: - # - source_labels: [__meta_kubernetes_service_name] - # regex: alertmanager - # action: keep - - rule_files: - - '*_rules.yml' - - "/sg_config_prometheus/*_rules.yml" - - "/sg_prometheus_add_ons/*_rules.yml" - - # A scrape configuration for running Prometheus on a Kubernetes cluster. - # This uses separate scrape configs for cluster components (i.e. API server, node) - # and services to allow each to use different authentication configs. - # - # Kubernetes labels will be added as Prometheus labels on metrics via the - # `labelmap` relabeling action. - - # Scrape config for API servers. - # - # Kubernetes exposes API servers as endpoints to the default/kubernetes - # service so this uses `endpoints` role and uses relabelling to only keep - # the endpoints associated with the default/kubernetes service using the - # default named port `https`. This works for single API server deployments as - # well as HA API server deployments. - scrape_configs: - - job_name: 'kubernetes-apiservers' - - kubernetes_sd_configs: - - role: endpoints - - # Default to scraping over https. If required, just disable this or change to - # `http`. - scheme: https - - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then disable certificate verification below. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # disable certificate verification by uncommenting the line below. - # - # insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - # Keep only the default/kubernetes service endpoints for the https port. This - # will add targets for each API server which Kubernetes adds an endpoint to - # the default/kubernetes service. - relabel_configs: - - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: default;kubernetes;https - - - job_name: 'kubernetes-nodes' - - # Default to scraping over https. If required, just disable this or change to - # `http`. - scheme: https - - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then disable certificate verification below. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # disable certificate verification by uncommenting the line below. - # - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - kubernetes_sd_configs: - - role: node - - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for service endpoints. - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `sourcegraph.prometheus/scrape`: Only scrape services that have a value of `true` - # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need - # to set this to `https` & most likely set the `tls_config` of the scrape config. - # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. - # * `prometheus.io/port`: If the metrics are exposed on a different port to the - # service then set this appropriately. - - job_name: 'kubernetes-service-endpoints' - - kubernetes_sd_configs: - - role: endpoints - - relabel_configs: - # Sourcegraph specific customization, only scrape pods with our annotation - - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: (.+)(?::\d+);(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - # Sourcegraph specific customization. We want a more convenient to type label. - # target_label: kubernetes_namespace - target_label: ns - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - # Sourcegraph specific customization. We want a nicer name for job - - source_labels: [app] - action: replace - target_label: job - # Sourcegraph specific customization. We want a nicer name for instance - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: instance - # Sourcegraph specific customization. We want to add a label to every - # metric that indicates the node it came from. - - source_labels: [__meta_kubernetes_endpoint_node_name] - action: replace - target_label: nodename - metric_relabel_configs: - # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API - - source_labels: [nodename] - regex: ^$ - action: drop - - # Example scrape config for probing services via the Blackbox Exporter. - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `prometheus.io/probe`: Only probe services that have a value of `true` - - job_name: 'kubernetes-services' - - metrics_path: /probe - params: - module: [http_2xx] - - kubernetes_sd_configs: - - role: service - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] - action: keep - regex: true - - source_labels: [__address__] - target_label: __param_target - - target_label: __address__ - replacement: blackbox - - source_labels: [__param_target] - target_label: instance - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_service_namespace] - # Sourcegraph specific customization. We want a more convenient to type label. - # target_label: kubernetes_namespace - target_label: ns - - source_labels: [__meta_kubernetes_service_name] - target_label: kubernetes_name - - # Example scrape config for pods - # - # The relabeling allows the actual pod scrape endpoint to be configured via the - # following annotations: - # - # * `sourcegraph.prometheus/scrape`: Only scrape pods that have a value of `true` - # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. - # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. - - job_name: 'kubernetes-pods' - - kubernetes_sd_configs: - - role: pod - - relabel_configs: - # Sourcegraph specific customization, only scrape pods with our annotation - - source_labels: [__meta_kubernetes_pod_annotation_sourcegraph_prometheus_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: (.+):(?:\d+);(\d+) - replacement: ${1}:${2} - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name - # Sourcegraph specific customization. We want a more convenient to type label. - # target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: ns - # Sourcegraph specific customization. We want to add a label to every - # metric that indicates the node it came from. - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: nodename - - metric_relabel_configs: - # cAdvisor-specific customization. Drop container metrics exported by cAdvisor - # not in the same namespace as Sourcegraph. - # Uncomment this if you have problems with certain dashboards or cAdvisor itself - # picking up non-Sourcegraph services. Ensure all Sourcegraph services are running - # within the Sourcegraph namespace you have defined. - # The regex must keep matches on '^$' (empty string) to ensure other metrics do not - # get dropped. - # - source_labels: [container_label_io_kubernetes_pod_namespace] - # regex: ^$|ns-sourcegraph # ensure this matches with namespace declarations - # action: keep - # cAdvisor-specific customization. We want container metrics to be named after their container name label. - # Note that 'io.kubernetes.container.name' and 'io.kubernetes.pod.name' must be provided in cAdvisor - # '--whitelisted_container_labels' (see cadvisor.DaemonSet.yaml) - - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] - regex: (.+) - action: replace - target_label: name - separator: '-' - # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API - - source_labels: [nodename] - regex: ^$ - action: drop - - # Scrape prometheus itself for metrics. - - job_name: 'builtin-prometheus' - static_configs: - - targets: ['127.0.0.1:9092'] - labels: - app: prometheus - - job_name: 'builtin-alertmanager' - metrics_path: /alertmanager/metrics - static_configs: - - targets: ['127.0.0.1:9093'] - labels: - app: alertmanager + prometheus.yml: "global:\n scrape_interval: 30s\n evaluation_interval: 30s\n\nalerting:\n alertmanagers:\n # Bundled Alertmanager, started by prom-wrapper\n - static_configs:\n - targets: ['127.0.0.1:9093']\n path_prefix: /alertmanager\n # Uncomment the following to have alerts delivered to additional Alertmanagers discovered\n # in the cluster. This configuration is not required if you use Sourcegraph's built-in alerting:\n # https://docs.sourcegraph.com/admin/observability/alerting\n # - kubernetes_sd_configs:\n # - role: endpoints\n # relabel_configs:\n # - source_labels: [__meta_kubernetes_service_name]\n # regex: alertmanager\n # action: keep\n\nrule_files:\n - '*_rules.yml'\n - \"/sg_config_prometheus/*_rules.yml\"\n - \"/sg_prometheus_add_ons/*_rules.yml\"\n\n# A scrape configuration for running Prometheus on a Kubernetes cluster.\n# This uses separate scrape configs for cluster components (i.e. API server, node)\n# and services to allow each to use different authentication configs.\n#\n# Kubernetes labels will be added as Prometheus labels on metrics via the\n# `labelmap` relabeling action.\n\n# Scrape config for API servers.\n#\n# Kubernetes exposes API servers as endpoints to the default/kubernetes\n# service so this uses `endpoints` role and uses relabelling to only keep\n# the endpoints associated with the default/kubernetes service using the\n# default named port `https`. This works for single API server deployments as\n# well as HA API server deployments.\nscrape_configs:\n- job_name: 'kubernetes-apiservers'\n\n kubernetes_sd_configs:\n - role: endpoints\n\n # Default to scraping over https. If required, just disable this or change to\n # `http`.\n scheme: https\n\n # This TLS & bearer token file config is used to connect to the actual scrape\n # endpoints for cluster components. This is separate to discovery auth\n # configuration because discovery & scraping are two separate concerns in\n # Prometheus. The discovery auth config is automatic if Prometheus runs inside\n # the cluster. Otherwise, more config options have to be provided within the\n # .\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n # If your node certificates are self-signed or use a different CA to the\n # master CA, then disable certificate verification below. Note that\n # certificate verification is an integral part of a secure infrastructure\n # so this should only be disabled in a controlled environment. You can\n # disable certificate verification by uncommenting the line below.\n #\n # insecure_skip_verify: true\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n # Keep only the default/kubernetes service endpoints for the https port. This\n # will add targets for each API server which Kubernetes adds an endpoint to\n # the default/kubernetes service.\n relabel_configs:\n - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n action: keep\n regex: default;kubernetes;https\n\n- job_name: 'kubernetes-nodes'\n\n # Default to scraping over https. If required, just disable this or change to\n # `http`.\n scheme: https\n\n # This TLS & bearer token file config is used to connect to the actual scrape\n # endpoints for cluster components. This is separate to discovery auth\n # configuration because discovery & scraping are two separate concerns in\n # Prometheus. The discovery auth config is automatic if Prometheus runs inside\n # the cluster. Otherwise, more config options have to be provided within the\n # .\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n # If your node certificates are self-signed or use a different CA to the\n # master CA, then disable certificate verification below. Note that\n # certificate verification is an integral part of a secure infrastructure\n # so this should only be disabled in a controlled environment. You can\n # disable certificate verification by uncommenting the line below.\n #\n insecure_skip_verify: true\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n kubernetes_sd_configs:\n - role: node\n\n relabel_configs:\n - action: labelmap\n regex: __meta_kubernetes_node_label_(.+)\n - target_label: __address__\n replacement: kubernetes.default.svc:443\n - source_labels: [__meta_kubernetes_node_name]\n regex: (.+)\n target_label: __metrics_path__\n replacement: /api/v1/nodes/${1}/proxy/metrics\n\n# Scrape config for service endpoints.\n#\n# The relabeling allows the actual service scrape endpoint to be configured\n# via the following annotations:\n#\n# * `sourcegraph.prometheus/scrape`: Only scrape services that have a value of `true`\n# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need\n# to set this to `https` & most likely set the `tls_config` of the scrape config.\n# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.\n# * `prometheus.io/port`: If the metrics are exposed on a different port to the\n# service then set this appropriately.\n- job_name: 'kubernetes-service-endpoints'\n\n kubernetes_sd_configs:\n - role: endpoints\n\n relabel_configs:\n # Sourcegraph specific customization, only scrape pods with our annotation\n - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape]\n action: keep\n regex: true\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]\n action: replace\n target_label: __scheme__\n regex: (https?)\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: (.+)\n - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]\n action: replace\n target_label: __address__\n regex: (.+)(?::\\d+);(\\d+)\n replacement: $1:$2\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n action: replace\n # Sourcegraph specific customization. We want a more convenient to type label.\n # target_label: kubernetes_namespace\n target_label: ns\n - source_labels: [__meta_kubernetes_service_name]\n action: replace\n target_label: kubernetes_name\n # Sourcegraph specific customization. We want a nicer name for job\n - source_labels: [app]\n action: replace\n target_label: job\n # Sourcegraph specific customization. We want a nicer name for instance\n - source_labels: [__meta_kubernetes_pod_name]\n action: replace\n target_label: instance\n # Sourcegraph specific customization. We want to add a label to every \n # metric that indicates the node it came from.\n - source_labels: [__meta_kubernetes_endpoint_node_name]\n action: replace\n target_label: nodename\n metric_relabel_configs:\n # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API\n - source_labels: [nodename]\n regex: ^$\n action: drop\n\n# Example scrape config for probing services via the Blackbox Exporter.\n#\n# The relabeling allows the actual service scrape endpoint to be configured\n# via the following annotations:\n#\n# * `prometheus.io/probe`: Only probe services that have a value of `true`\n- job_name: 'kubernetes-services'\n\n metrics_path: /probe\n params:\n module: [http_2xx]\n\n kubernetes_sd_configs:\n - role: service\n\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]\n action: keep\n regex: true\n - source_labels: [__address__]\n target_label: __param_target\n - target_label: __address__\n replacement: blackbox\n - source_labels: [__param_target]\n target_label: instance\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_service_namespace]\n # Sourcegraph specific customization. We want a more convenient to type label.\n # target_label: kubernetes_namespace\n target_label: ns\n - source_labels: [__meta_kubernetes_service_name]\n target_label: kubernetes_name\n\n# Example scrape config for pods\n#\n# The relabeling allows the actual pod scrape endpoint to be configured via the\n# following annotations:\n#\n# * `sourcegraph.prometheus/scrape`: Only scrape pods that have a value of `true`\n# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.\n# * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.\n- job_name: 'kubernetes-pods'\n\n kubernetes_sd_configs:\n - role: pod\n\n relabel_configs:\n # Sourcegraph specific customization, only scrape pods with our annotation\n - source_labels: [__meta_kubernetes_pod_annotation_sourcegraph_prometheus_scrape]\n action: keep\n regex: true\n - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: (.+)\n - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]\n action: replace\n regex: (.+):(?:\\d+);(\\d+)\n replacement: ${1}:${2}\n target_label: __address__\n - action: labelmap\n regex: __meta_kubernetes_pod_label_(.+)\n - source_labels: [__meta_kubernetes_pod_name]\n action: replace\n target_label: kubernetes_pod_name\n # Sourcegraph specific customization. We want a more convenient to type label.\n # target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_namespace]\n action: replace\n target_label: ns\n # Sourcegraph specific customization. We want to add a label to every \n # metric that indicates the node it came from.\n - source_labels: [__meta_kubernetes_pod_node_name]\n action: replace\n target_label: nodename\n\n metric_relabel_configs:\n # cAdvisor-specific customization. Drop container metrics exported by cAdvisor\n # not in the same namespace as Sourcegraph.\n # Uncomment this if you have problems with certain dashboards or cAdvisor itself\n # picking up non-Sourcegraph services. Ensure all Sourcegraph services are running\n # within the Sourcegraph namespace you have defined.\n # The regex must keep matches on '^$' (empty string) to ensure other metrics do not\n # get dropped.\n # - source_labels: [container_label_io_kubernetes_pod_namespace]\n # regex: ^$|ns-sourcegraph # ensure this matches with namespace declarations\n # action: keep\n # cAdvisor-specific customization. We want container metrics to be named after their container name label.\n # Note that 'io.kubernetes.container.name' and 'io.kubernetes.pod.name' must be provided in cAdvisor\n # '--whitelisted_container_labels' (see cadvisor.DaemonSet.yaml)\n - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name]\n regex: (.+)\n action: replace\n target_label: name\n separator: '-'\n # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API\n - source_labels: [nodename]\n regex: ^$\n action: drop\n\n# Scrape prometheus itself for metrics.\n- job_name: 'builtin-prometheus'\n static_configs:\n - targets: ['127.0.0.1:9092']\n labels:\n app: prometheus\n- job_name: 'builtin-alertmanager'\n metrics_path: /alertmanager/metrics\n static_configs:\n - targets: ['127.0.0.1:9093']\n labels:\n app: alertmanager\n" extra_rules.yml: "" kind: ConfigMap metadata: diff --git a/base/prometheus/prometheus.Deployment.yaml b/base/prometheus/prometheus.Deployment.yaml index 7ee437dd670c..425c5ab360bf 100644 --- a/base/prometheus/prometheus.Deployment.yaml +++ b/base/prometheus/prometheus.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: prometheus - image: index.docker.io/sourcegraph/prometheus:insiders@sha256:b51607c8b348c2150193dff0a2656a97ba591b935d4c08e03f49bd21a7b58f5c + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/prometheus:5.3.0@sha256:61d6ad26b02c949c2f24c02ffd601ce016dbc2f42ab5006af814f55ce5897a14 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: httpGet: diff --git a/base/redis/redis-cache.Deployment.yaml b/base/redis/redis-cache.Deployment.yaml index 2393958015bb..78b40fc1260f 100644 --- a/base/redis/redis-cache.Deployment.yaml +++ b/base/redis/redis-cache.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: redis-cache - image: index.docker.io/sourcegraph/redis-cache:insiders@sha256:7b5f4501ec28696b9c842def4217f03e21e687c824c277623425f9acddf1def8 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-cache:5.3.0@sha256:e98452bfbb54aa73a9854fe4c516443079d998a14d2c29555bb9a606094c299a terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -50,7 +50,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:insiders@sha256:e5c30856d511423b655c7e3c524f6118336845a0f9a339fc92738f5282a67c35 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:5.3.0@sha256:6f6d43aa5a73fa95652fb2cac9b0d901e40728f7da2e9ac0a7f9113b654f2208 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/redis/redis-store.Deployment.yaml b/base/redis/redis-store.Deployment.yaml index 3874131f60f1..6bf43002e77f 100644 --- a/base/redis/redis-store.Deployment.yaml +++ b/base/redis/redis-store.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: redis-store - image: index.docker.io/sourcegraph/redis-store:insiders@sha256:be2c0f4caff00d545a4cec70baee710040f2adb71df255665661142147820065 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-store:5.3.0@sha256:70dc8147b8e2827d8341a2b963c1534d66a95014d040481a55bec99f0f206780 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -49,7 +49,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:insiders@sha256:e5c30856d511423b655c7e3c524f6118336845a0f9a339fc92738f5282a67c35 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:5.3.0@sha256:6f6d43aa5a73fa95652fb2cac9b0d901e40728f7da2e9ac0a7f9113b654f2208 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/repo-updater/repo-updater.Deployment.yaml b/base/repo-updater/repo-updater.Deployment.yaml index cb285498e693..e13694d03ceb 100644 --- a/base/repo-updater/repo-updater.Deployment.yaml +++ b/base/repo-updater/repo-updater.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: repo-updater - image: index.docker.io/sourcegraph/repo-updater:insiders@sha256:7b23c97ddb91bc354b3fee6f5a87fb3221936208e6d9b07acc7d7c1916247fff + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/repo-updater:5.3.0@sha256:b7689a2add8b4e987010d5f815fa29fb9cf1e249f7d80166ef8415625d60f334 env: # OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable - name: OTEL_AGENT_HOST diff --git a/base/searcher/searcher.Deployment.yaml b/base/searcher/searcher.Deployment.yaml index fc996cbf6c5d..34d1fd9f96ad 100644 --- a/base/searcher/searcher.Deployment.yaml +++ b/base/searcher/searcher.Deployment.yaml @@ -49,7 +49,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/searcher:insiders@sha256:fd43bdc2480a0cb7f649ceb865284e7194bf63f084de76bfccd0e9c5da08ad7e + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/searcher:5.3.0@sha256:6c0eb554181b4546f9dd0c7e797b5c9fcc682dd005d2dd0b5054ac8105d04850 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3181 diff --git a/base/symbols/symbols.Deployment.yaml b/base/symbols/symbols.Deployment.yaml index 619c5e7d1bbe..58fc62caa087 100644 --- a/base/symbols/symbols.Deployment.yaml +++ b/base/symbols/symbols.Deployment.yaml @@ -49,7 +49,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:insiders@sha256:c36923fe32ac832a6af8ed20bb34b9dd131c04bd96741ccbd548537b9f3886d5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/symbols:5.3.0@sha256:bdbc55f268e39f4df1e315fb2c0507ad5669d279fad2957da5482e8138deda7e terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/syntect-server/syntect-server.Deployment.yaml b/base/syntect-server/syntect-server.Deployment.yaml index 5be4574e58c0..efd74aebbd5c 100644 --- a/base/syntect-server/syntect-server.Deployment.yaml +++ b/base/syntect-server/syntect-server.Deployment.yaml @@ -29,7 +29,7 @@ spec: containers: - name: syntect-server env: - image: index.docker.io/sourcegraph/syntax-highlighter:insiders@sha256:13a3d617ea5e970af18278c679bbbedeed2bf232e1884616ad30e1e3939296e4 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/syntax-highlighter:5.3.0@sha256:d447cc04c279c4b5afb88ea1d3a22fbd9c703979552e2bcf8ba7585c3840525e terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/worker/worker.Deployment.yaml b/base/worker/worker.Deployment.yaml index 00f8156a6fb1..6961a186bf35 100644 --- a/base/worker/worker.Deployment.yaml +++ b/base/worker/worker.Deployment.yaml @@ -44,7 +44,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/worker:insiders@sha256:fcdb7037ce979ef58a5925e1a9341be8fded6282e21d3301a9914646a54ebd7c + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/worker:5.3.0@sha256:376f988e24f0608fb7571d4a56a5faeb94a2b5248bd3d2a18a9e2a3c71ade797 envFrom: - configMapRef: name: embeddings-backend diff --git a/configure/embeddings/embeddings.ConfigMap.yaml b/configure/embeddings/embeddings.ConfigMap.yaml index b8dd14fe8228..6c4a15a3c23e 100644 --- a/configure/embeddings/embeddings.ConfigMap.yaml +++ b/configure/embeddings/embeddings.ConfigMap.yaml @@ -8,30 +8,31 @@ metadata: sourcegraph-resource-requires: no-cluster-admin name: embeddings-backend data: - # EMBEDDINGS_UPLOAD_BACKEND: blobstore - # EMBEDDINGS_UPLOAD_AWS_ENDPOINT: http://blobstore:9000 - # Add env vars for `embeddings`, `worker` services below - # See [storing-embeddings-indexes](https://docs.sourcegraph.com/cody/explanations/code_graph_context#storing-embedding-indexes) for more details - # EMBEDDINGS_UPLOAD_MANAGE_BUCKET: "true" - # EMBEDDINGS_REPO_INDEX_CACHE_SIZE: "5" - ############ - ## S3 ## - ############ - # EMBEDDINGS_UPLOAD_BACKEND: S3 - # EMBEDDINGS_UPLOAD_BUCKET: - # EMBEDDINGS_UPLOAD_AWS_ENDPOINT: https://s3.us-east-1.amazonaws.com - # EMBEDDINGS_UPLOAD_AWS_ACCESS_KEY_ID: - # EMBEDDINGS_UPLOAD_AWS_SECRET_ACCESS_KEY: - # EMBEDDINGS_UPLOAD_AWS_SESSION_TOKEN: # (optional) - # EMBEDDINGS_UPLOAD_AWS_USE_EC2_ROLE_CREDENTIALS: "true" # (optional; set to use EC2 metadata API over static credentials) - # EMBEDDINGS_UPLOAD_AWS_REGION: us-east-1 +# EMBEDDINGS_UPLOAD_BACKEND: blobstore +# EMBEDDINGS_UPLOAD_AWS_ENDPOINT: http://blobstore:9000 +# Add env vars for `embeddings`, `worker` services below +# See [storing-embeddings-indexes](https://docs.sourcegraph.com/cody/explanations/code_graph_context#storing-embedding-indexes) for more details +# EMBEDDINGS_UPLOAD_MANAGE_BUCKET: "true" +# EMBEDDINGS_REPO_INDEX_CACHE_SIZE: "5" - ############# - ## GCS ## - ############# - # EMBEDDINGS_UPLOAD_BACKEND: GCS - # EMBEDDINGS_UPLOAD_BUCKET: - # EMBEDDINGS_UPLOAD_GCP_PROJECT_ID: - # EMBEDDINGS_UPLOAD_GOOGLE_APPLICATION_CREDENTIALS_FILE: - # EMBEDDINGS_UPLOAD_GOOGLE_APPLICATION_CREDENTIALS_FILE_CONTENT: <{"my": "content"}> +############ +## S3 ## +############ +# EMBEDDINGS_UPLOAD_BACKEND: S3 +# EMBEDDINGS_UPLOAD_BUCKET: +# EMBEDDINGS_UPLOAD_AWS_ENDPOINT: https://s3.us-east-1.amazonaws.com +# EMBEDDINGS_UPLOAD_AWS_ACCESS_KEY_ID: +# EMBEDDINGS_UPLOAD_AWS_SECRET_ACCESS_KEY: +# EMBEDDINGS_UPLOAD_AWS_SESSION_TOKEN: # (optional) +# EMBEDDINGS_UPLOAD_AWS_USE_EC2_ROLE_CREDENTIALS: "true" # (optional; set to use EC2 metadata API over static credentials) +# EMBEDDINGS_UPLOAD_AWS_REGION: us-east-1 + +############# +## GCS ## +############# +# EMBEDDINGS_UPLOAD_BACKEND: GCS +# EMBEDDINGS_UPLOAD_BUCKET: +# EMBEDDINGS_UPLOAD_GCP_PROJECT_ID: +# EMBEDDINGS_UPLOAD_GOOGLE_APPLICATION_CREDENTIALS_FILE: +# EMBEDDINGS_UPLOAD_GOOGLE_APPLICATION_CREDENTIALS_FILE_CONTENT: <{"my": "content"}> diff --git a/configure/embeddings/embeddings.Deployment.yaml b/configure/embeddings/embeddings.Deployment.yaml index 7584f45a13a5..b0e6383f6814 100644 --- a/configure/embeddings/embeddings.Deployment.yaml +++ b/configure/embeddings/embeddings.Deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: embeddings - image: index.docker.io/sourcegraph/embeddings:insiders@sha256:a6feb02746694671b084b86b7aa14e70341869cdcf913ccb2ec66aeaef1a488b + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/embeddings:5.3.0@sha256:e1951f98ea69a7204ae91922571f9dbbce165a98ae3bb857517bed7b41b4cf4c env: - name: POD_NAME valueFrom: diff --git a/configure/executors/dind/docker-daemon.ConfigMap.yaml b/configure/executors/dind/docker-daemon.ConfigMap.yaml index 9bdc0b7e82c3..5479a74f26c4 100644 --- a/configure/executors/dind/docker-daemon.ConfigMap.yaml +++ b/configure/executors/dind/docker-daemon.ConfigMap.yaml @@ -2,12 +2,11 @@ apiVersion: v1 data: daemon.json: | { "insecure-registries":["private-docker-registry:5000"] } - kind: ConfigMap metadata: labels: app: executor deploy: sourcegraph sourcegraph-resource-requires: no-cluster-admin - app.kubernetes.io/component: executor + app.kubernetes.io/component: executor name: docker-config diff --git a/configure/executors/dind/executor.Deployment.yaml b/configure/executors/dind/executor.Deployment.yaml index a37cd4090c3a..855e1c20ec2f 100644 --- a/configure/executors/dind/executor.Deployment.yaml +++ b/configure/executors/dind/executor.Deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: executor - image: index.docker.io/sourcegraph/executor:insiders@sha256:da6653e0cd6f95d60a0db2f0342c4d77d652d786112dbb8d66752e68f1e0609d + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/executor:5.3.0@sha256:ca1e1f2d3c45f29757e633d58e89d75754cecf8d1ebb62895bdbfa20874bea74 imagePullPolicy: Always livenessProbe: exec: @@ -67,7 +67,7 @@ spec: - mountPath: /scratch name: executor-scratch - name: dind - image: index.docker.io/sourcegraph/dind:insiders@sha256:da2ab73a8e22ff7873bb671ee44fb7b940adac304f36ce4f93df3b6c11838556 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/dind:5.3.0@sha256:31b848f6e755ee0d9690b0411ccf29772574c7c31dba72faa87aa9302090ff77 imagePullPolicy: Always securityContext: privileged: true @@ -79,7 +79,7 @@ spec: - '--host=tcp://0.0.0.0:2375' livenessProbe: tcpSocket: - port: 2375 + port: 2375 initialDelaySeconds: 5 periodSeconds: 5 failureThreshold: 5 diff --git a/configure/executors/dind/executor.Service.yaml b/configure/executors/dind/executor.Service.yaml index bc79ab4d6db3..64472da82bc7 100644 --- a/configure/executors/dind/executor.Service.yaml +++ b/configure/executors/dind/executor.Service.yaml @@ -17,4 +17,4 @@ spec: targetPort: debug selector: app: executor - type: ClusterIP \ No newline at end of file + type: ClusterIP diff --git a/configure/executors/k8s/executor.ConfigMap.yaml b/configure/executors/k8s/executor.ConfigMap.yaml index ea82ef56b734..e794044ec418 100644 --- a/configure/executors/k8s/executor.ConfigMap.yaml +++ b/configure/executors/k8s/executor.ConfigMap.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: ConfigMap metadata: diff --git a/configure/executors/k8s/executor.Deployment.yaml b/configure/executors/k8s/executor.Deployment.yaml index a60e14410762..49ad1d0f0d22 100644 --- a/configure/executors/k8s/executor.Deployment.yaml +++ b/configure/executors/k8s/executor.Deployment.yaml @@ -1,4 +1,3 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -30,7 +29,7 @@ spec: serviceAccountName: executor containers: - name: executor - image: index.docker.io/sourcegraph/executor-kubernetes:insiders@sha256:42951c79924af8c633aed2f6e9cbcb2cce6e363366d8aee9c6e45b2e6c99fcfa + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/executor-kubernetes:5.3.0@sha256:8a15296c7443237a958b089122dc291dc939b2164ba9ceaa6c973ce6822b475e imagePullPolicy: Always livenessProbe: exec: diff --git a/configure/executors/k8s/executor.PersistentVolumeClaim.yaml b/configure/executors/k8s/executor.PersistentVolumeClaim.yaml index 34d89da8245f..219017fbb230 100644 --- a/configure/executors/k8s/executor.PersistentVolumeClaim.yaml +++ b/configure/executors/k8s/executor.PersistentVolumeClaim.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -12,4 +11,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 100Gi \ No newline at end of file + storage: 100Gi diff --git a/configure/executors/k8s/executor.Service.yaml b/configure/executors/k8s/executor.Service.yaml index 12667f66d8da..f4db7b3311a2 100644 --- a/configure/executors/k8s/executor.Service.yaml +++ b/configure/executors/k8s/executor.Service.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: Service metadata: @@ -18,4 +17,4 @@ spec: targetPort: debug selector: app: executor - type: ClusterIP \ No newline at end of file + type: ClusterIP diff --git a/configure/executors/k8s/rbac/executor.Role.yaml b/configure/executors/k8s/rbac/executor.Role.yaml index ce47770dc453..6df066703537 100644 --- a/configure/executors/k8s/rbac/executor.Role.yaml +++ b/configure/executors/k8s/rbac/executor.Role.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -26,4 +25,4 @@ rules: verbs: - get - list - - watch \ No newline at end of file + - watch diff --git a/configure/executors/k8s/rbac/executor.RoleBinding.yaml b/configure/executors/k8s/rbac/executor.RoleBinding.yaml index 7f611e6daa1b..d54874faf10a 100644 --- a/configure/executors/k8s/rbac/executor.RoleBinding.yaml +++ b/configure/executors/k8s/rbac/executor.RoleBinding.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -15,4 +14,4 @@ subjects: roleRef: apiGroup: "rbac.authorization.k8s.io" kind: Role - name: executor \ No newline at end of file + name: executor diff --git a/configure/executors/k8s/rbac/executor.ServiceAccount.yaml b/configure/executors/k8s/rbac/executor.ServiceAccount.yaml index d9994e9e0bf5..b0c97d1d9cc6 100644 --- a/configure/executors/k8s/rbac/executor.ServiceAccount.yaml +++ b/configure/executors/k8s/rbac/executor.ServiceAccount.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: ServiceAccount metadata: @@ -7,4 +6,4 @@ metadata: category: rbac deploy: sourcegraph sourcegraph-resource-requires: cluster-admin - app.kubernetes.io/component: executor \ No newline at end of file + app.kubernetes.io/component: executor diff --git a/configure/executors/private-docker-registry/private-docker-registry.PersistentVolumeClaim.yaml b/configure/executors/private-docker-registry/private-docker-registry.PersistentVolumeClaim.yaml index ebc03984ef27..5f34dd25b40a 100644 --- a/configure/executors/private-docker-registry/private-docker-registry.PersistentVolumeClaim.yaml +++ b/configure/executors/private-docker-registry/private-docker-registry.PersistentVolumeClaim.yaml @@ -5,7 +5,7 @@ metadata: labels: deploy: sourcegraph sourcegraph-resource-requires: no-cluster-admin - app.kubernetes.io/component: private-docker-registry + app.kubernetes.io/component: private-docker-registry spec: accessModes: - ReadWriteOnce diff --git a/configure/ingress-nginx/cloud-generic.yaml b/configure/ingress-nginx/cloud-generic.yaml index 90af2955b725..9eb9cbe510c9 100644 --- a/configure/ingress-nginx/cloud-generic.yaml +++ b/configure/ingress-nginx/cloud-generic.yaml @@ -22,4 +22,3 @@ spec: protocol: TCP targetPort: https # loadBalancerIP: xxx.xxx.xxx.xxx ---- diff --git a/configure/ingress-nginx/mandatory.yaml b/configure/ingress-nginx/mandatory.yaml index 6fe138a25f95..8f46ee8a0e29 100644 --- a/configure/ingress-nginx/mandatory.yaml +++ b/configure/ingress-nginx/mandatory.yaml @@ -5,9 +5,7 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- - kind: ConfigMap apiVersion: v1 metadata: @@ -16,7 +14,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- kind: ConfigMap apiVersion: v1 @@ -26,7 +23,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- kind: ConfigMap apiVersion: v1 @@ -36,7 +32,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- apiVersion: v1 kind: ServiceAccount @@ -46,7 +41,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -104,7 +98,6 @@ rules: - ingresses/status verbs: - update - --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -149,7 +142,6 @@ rules: - endpoints verbs: - get - --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -167,7 +159,6 @@ subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -184,9 +175,7 @@ subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx - --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -275,9 +264,7 @@ spec: exec: command: - /wait-shutdown - --- - apiVersion: v1 kind: LimitRange metadata: diff --git a/configure/ssd/pod-tmp-gc.ClusterRoleBinding.yaml b/configure/ssd/pod-tmp-gc.ClusterRoleBinding.yaml index 4deec37288d9..a4cf99e5362a 100644 --- a/configure/ssd/pod-tmp-gc.ClusterRoleBinding.yaml +++ b/configure/ssd/pod-tmp-gc.ClusterRoleBinding.yaml @@ -3,7 +3,7 @@ kind: ClusterRoleBinding metadata: labels: category: rbac - deploy: pod-tmp-gc + deploy: pod-tmp-gc name: pod-tmp-gc roleRef: apiGroup: "" diff --git a/configure/ssd/pod-tmp-gc.DaemonSet.yaml b/configure/ssd/pod-tmp-gc.DaemonSet.yaml index 49ee79a3b726..c833e6d817fb 100644 --- a/configure/ssd/pod-tmp-gc.DaemonSet.yaml +++ b/configure/ssd/pod-tmp-gc.DaemonSet.yaml @@ -30,12 +30,12 @@ spec: limits: cpu: 10m memory: 20M - # Replace ${SSD_MOUNT_PATH} with the with the absolute directory path - # on the node where the local SSD is mounted. - # See ../README.md for more information. - # - # volumeMounts: - # - mountPath: ${SSD_MOUNT_PATH}/pod-tmp - # name: pod-tmp + # Replace ${SSD_MOUNT_PATH} with the with the absolute directory path + # on the node where the local SSD is mounted. + # See ../README.md for more information. + # + # volumeMounts: + # - mountPath: ${SSD_MOUNT_PATH}/pod-tmp + # name: pod-tmp serviceAccountName: pod-tmp-gc updateStrategy: {} diff --git a/genclu/apps_v1_daemonset_cadvisor.yaml b/genclu/apps_v1_daemonset_cadvisor.yaml new file mode 100644 index 000000000000..2ba2632d83f9 --- /dev/null +++ b/genclu/apps_v1_daemonset_cadvisor.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + description: DaemonSet to ensure all nodes run a cAdvisor pod. + seccomp.security.alpha.kubernetes.io/pod: docker/default + labels: + app.kubernetes.io/component: cadvisor + deploy: sourcegraph + sourcegraph-resource-requires: cluster-admin + name: cadvisor + namespace: foobar +spec: + selector: + matchLabels: + app: cadvisor + template: + metadata: + annotations: + description: Collects and exports container metrics. + prometheus.io/port: "48080" + sourcegraph.prometheus/scrape: "true" + labels: + app: cadvisor + deploy: sourcegraph + spec: + automountServiceAccountToken: false + containers: + - args: + - --store_container_labels=false + - --whitelisted_container_labels=io.kubernetes.container.name,io.kubernetes.pod.name,io.kubernetes.pod.namespace,io.kubernetes.pod.uid + image: index.docker.io/sourcegraph/cadvisor:insiders@sha256:d4d8b87931155b949118695f2b7b214b97a398d9548d5ea436a637c96c36fced + name: cadvisor + ports: + - containerPort: 48080 + name: http + protocol: TCP + resources: + limits: + cpu: 300m + memory: 2000Mi + requests: + cpu: 150m + memory: 200Mi + securityContext: {} + volumeMounts: + - mountPath: /rootfs + name: rootfs + readOnly: true + - mountPath: /var/run + name: var-run + readOnly: true + - mountPath: /sys + name: sys + readOnly: true + - mountPath: /var/lib/docker + name: docker + readOnly: true + - mountPath: /dev/disk + name: disk + readOnly: true + serviceAccountName: cadvisor + terminationGracePeriodSeconds: 30 + volumes: + - hostPath: + path: / + name: rootfs + - hostPath: + path: /var/run + name: var-run + - hostPath: + path: /sys + name: sys + - hostPath: + path: /var/lib/docker + name: docker + - hostPath: + path: /dev/disk + name: disk diff --git a/genclu/apps_v1_deployment_codeinsights-db.yaml b/genclu/apps_v1_deployment_codeinsights-db.yaml new file mode 100644 index 000000000000..34c18398e2b4 --- /dev/null +++ b/genclu/apps_v1_deployment_codeinsights-db.yaml @@ -0,0 +1,110 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Code Insights Postgres DB instance. + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: codeinsights-db + strategy: + type: Recreate + template: + metadata: + labels: + app: codeinsights-db + deploy: sourcegraph + group: backend + spec: + containers: + - env: + - name: POSTGRES_DB + value: postgres + - name: POSTGRES_PASSWORD + value: password + - name: POSTGRES_USER + value: postgres + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POSTGRESQL_CONF_DIR + value: /conf + image: index.docker.io/sourcegraph/codeinsights-db:insiders@sha256:f973d43dfddc714bf001f378fc3edd9a47456e0f50d492d22b0fb290baadcbef + name: codeinsights + ports: + - containerPort: 5432 + name: codeinsights-db + resources: + limits: + cpu: "4" + memory: 2Gi + requests: + cpu: "4" + memory: 2Gi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 70 + runAsUser: 70 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/lib/postgresql/data/ + name: disk + - mountPath: /conf + name: codeinsights-conf + - env: + - name: DATA_SOURCE_NAME + value: postgres://postgres:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_insights_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:058803235a9deca67412edb01ec6fe22f58a7326c2f565281f7e745701df3080 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; + fi + image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:c12d8679188e14a5e7d581aa5550ab411f2013fb0662a3f697d378460fe7b5f4 + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 70 + runAsUser: 70 + volumeMounts: + - mountPath: /var/lib/postgresql/data/ + name: disk + securityContext: + fsGroup: 70 + runAsUser: 70 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: codeinsights-db + - configMap: + defaultMode: 511 + name: codeinsights-db-conf + name: codeinsights-conf diff --git a/genclu/apps_v1_deployment_codeintel-db.yaml b/genclu/apps_v1_deployment_codeintel-db.yaml new file mode 100644 index 000000000000..8d1a164bec6e --- /dev/null +++ b/genclu/apps_v1_deployment_codeintel-db.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Postgres database for various data. + kubectl.kubernetes.io/default-container: pgsql + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: codeintel-db + strategy: + type: Recreate + template: + metadata: + labels: + app: codeintel-db + deploy: sourcegraph + group: backend + spec: + containers: + - image: index.docker.io/sourcegraph/codeintel-db:insiders@sha256:8c6d086559c97408a2080660693a4b3d8f8bb8d3cd64d09379dc6a20c21469dc + livenessProbe: + exec: + command: + - /liveness.sh + initialDelaySeconds: 15 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + readinessProbe: + exec: + command: + - /ready.sh + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "4" + memory: 4Gi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - env: + - name: DATA_SOURCE_NAME + value: postgres://sg:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_intel_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:058803235a9deca67412edb01ec6fe22f58a7326c2f565281f7e745701df3080 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:c12d8679188e14a5e7d581aa5550ab411f2013fb0662a3f697d378460fe7b5f4 + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + volumeMounts: + - mountPath: /data + name: disk + securityContext: + fsGroup: 999 + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: codeintel-db + - configMap: + defaultMode: 511 + name: codeintel-db-conf + name: pgsql-conf diff --git a/genclu/apps_v1_deployment_github-proxy.yaml b/genclu/apps_v1_deployment_github-proxy.yaml new file mode 100644 index 000000000000..afae6c4ef9b1 --- /dev/null +++ b/genclu/apps_v1_deployment_github-proxy.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Rate-limiting proxy for the GitHub API. + kubectl.kubernetes.io/default-container: github-proxy + labels: + app.kubernetes.io/component: github-proxy + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: github-proxy + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: github-proxy + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: github-proxy + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/github-proxy:insiders@sha256:d6ee6be362ecadfc9337e3bcf2b9a9a467ece8c69269d7721838049be622f51b + name: github-proxy + ports: + - containerPort: 3180 + name: http + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 100m + memory: 250M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + - args: + - --reporter.grpc.host-port=jaeger-collector:14250 + - --reporter.type=grpc + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: index.docker.io/sourcegraph/jaeger-agent:insiders@sha256:c56b7e45efab76e285c791c932c91aeed64551e160b2417a5b3df6acef664b34 + name: jaeger-agent + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 100m + memory: 100M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + runAsUser: 0 diff --git a/genclu/apps_v1_deployment_jaeger.yaml b/genclu/apps_v1_deployment_jaeger.yaml new file mode 100644 index 000000000000..cb2da00dfe19 --- /dev/null +++ b/genclu/apps_v1_deployment_jaeger.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jaeger + app.kubernetes.io/component: jaeger + app.kubernetes.io/name: jaeger + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: jaeger + namespace: foobar +spec: + replicas: 1 + selector: + matchLabels: + app: jaeger + app.kubernetes.io/component: all-in-one + app.kubernetes.io/name: jaeger + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/port: "16686" + prometheus.io/scrape: "true" + labels: + app: jaeger + app.kubernetes.io/component: all-in-one + app.kubernetes.io/name: jaeger + deploy: sourcegraph + spec: + containers: + - args: + - --memory.max-traces=20000 + image: index.docker.io/sourcegraph/jaeger-all-in-one:insiders@sha256:1d23af9d3aab63c1fbd8423b7e30f6c9d439db1198911f06837206b97822ff22 + name: jaeger + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 16686 + protocol: TCP + - containerPort: 14250 + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 14269 + initialDelaySeconds: 5 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 500m + memory: 500M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + runAsUser: 0 diff --git a/genclu/apps_v1_deployment_minio.yaml b/genclu/apps_v1_deployment_minio.yaml new file mode 100644 index 000000000000..993b41ead66b --- /dev/null +++ b/genclu/apps_v1_deployment_minio.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: MinIO for storing LSIF uploads. + kubectl.kubernetes.io/default-container: minio + labels: + app.kubernetes.io/component: minio + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: minio + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + deploy: sourcegraph + spec: + containers: + - args: + - minio + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: AKIAIOSFODNN7EXAMPLE + - name: MINIO_SECRET_KEY + value: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + image: index.docker.io/sourcegraph/minio:insiders@sha256:d5377e0c6e4ed742c551f253591d4a1a7f3a104ca17c51d46d6324206577f209 + livenessProbe: + httpGet: + path: /minio/health/live + port: minio + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: minio + ports: + - containerPort: 9000 + name: minio + readinessProbe: + httpGet: + path: /minio/health/live + port: minio + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: "1" + memory: 500M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: minio-data + securityContext: + fsGroup: 101 + runAsUser: 0 + volumes: + - name: minio-data + persistentVolumeClaim: + claimName: minio diff --git a/genclu/apps_v1_deployment_pgsql.yaml b/genclu/apps_v1_deployment_pgsql.yaml new file mode 100644 index 000000000000..319eeb61ca4b --- /dev/null +++ b/genclu/apps_v1_deployment_pgsql.yaml @@ -0,0 +1,120 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Postgres database for various data. + kubectl.kubernetes.io/default-container: pgsql + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: pgsql + strategy: + type: Recreate + template: + metadata: + labels: + app: pgsql + deploy: sourcegraph + group: backend + spec: + containers: + - image: index.docker.io/sourcegraph/postgres-12-alpine:135107_2022-03-03_9498a8bd3366@sha256:e26b159dc7c0c47d136886390c899816e669a3c2c1ead689bdad0b610364e45e + livenessProbe: + exec: + command: + - /liveness.sh + initialDelaySeconds: 15 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + readinessProbe: + exec: + command: + - /ready.sh + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "4" + memory: 4Gi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - mountPath: /dev/shm + name: dshm + - env: + - name: DATA_SOURCE_NAME + value: postgres://sg:@localhost:5432/?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:058803235a9deca67412edb01ec6fe22f58a7326c2f565281f7e745701df3080 + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:c12d8679188e14a5e7d581aa5550ab411f2013fb0662a3f697d378460fe7b5f4 + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + volumeMounts: + - mountPath: /data + name: disk + securityContext: + fsGroup: 999 + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - name: disk + persistentVolumeClaim: + claimName: pgsql + - configMap: + defaultMode: 511 + name: pgsql-conf + name: pgsql-conf + - emptyDir: + medium: Memory + sizeLimit: 1G + name: dshm diff --git a/genclu/apps_v1_deployment_precise-code-intel-worker.yaml b/genclu/apps_v1_deployment_precise-code-intel-worker.yaml new file mode 100644 index 000000000000..e428db7ebb00 --- /dev/null +++ b/genclu/apps_v1_deployment_precise-code-intel-worker.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Handles conversion of uploaded precise code intelligence bundles. + labels: + app.kubernetes.io/component: precise-code-intel + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: precise-code-intel-worker + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: precise-code-intel-worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: precise-code-intel-worker + deploy: sourcegraph + spec: + containers: + - env: + - name: NUM_WORKERS + value: "4" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: index.docker.io/sourcegraph/precise-code-intel-worker:insiders@sha256:3742b9a2da997e9e8e68d4c2f641249f0e26d47dc4c6b19a0a230a17dee41834 + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 500m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + runAsUser: 0 diff --git a/genclu/apps_v1_deployment_prometheus.yaml b/genclu/apps_v1_deployment_prometheus.yaml new file mode 100644 index 000000000000..c3c8d39274a0 --- /dev/null +++ b/genclu/apps_v1_deployment_prometheus.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Collects metrics and aggregates them into graphs. + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: prometheus + strategy: + type: Recreate + template: + metadata: + labels: + app: prometheus + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/prometheus:insiders@sha256:17bb16819796fde8ed847fbb25cbbb44edaf8b61198dc29cc55c8bf2ef70e387 + name: prometheus + ports: + - containerPort: 9090 + name: http + readinessProbe: + failureThreshold: 120 + httpGet: + path: /-/ready + port: 9090 + periodSeconds: 5 + timeoutSeconds: 3 + resources: + limits: + cpu: "2" + memory: 6G + requests: + cpu: 500m + memory: 6G + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 100 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /prometheus + name: data + - mountPath: /sg_prometheus_add_ons + name: config + securityContext: + fsGroup: 100 + runAsUser: 0 + serviceAccountName: prometheus + terminationGracePeriodSeconds: 120 + volumes: + - name: data + persistentVolumeClaim: + claimName: prometheus + - configMap: + defaultMode: 511 + name: prometheus + name: config diff --git a/genclu/apps_v1_deployment_redis-cache.yaml b/genclu/apps_v1_deployment_redis-cache.yaml new file mode 100644 index 000000000000..460e1853f48b --- /dev/null +++ b/genclu/apps_v1_deployment_redis-cache.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Redis for storing short-lived caches. + kubectl.kubernetes.io/default-container: redis-cache + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: redis-cache + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-cache + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/redis-cache:insiders@sha256:aae082c6fdda44d21cb1636110421112a3ec9b6a16f8917f6d6222482adebad3 + livenessProbe: + initialDelaySeconds: 30 + tcpSocket: + port: redis + name: redis-cache + ports: + - containerPort: 6379 + name: redis + readinessProbe: + initialDelaySeconds: 5 + tcpSocket: + port: redis + resources: + limits: + cpu: "1" + memory: 7Gi + requests: + cpu: "1" + memory: 7Gi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:84464_2021-01-15_c2e4c28@sha256:f3f51453e4261734f08579fe9c812c66ee443626690091401674be4fb724da70 + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 1000 + runAsUser: 0 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-cache diff --git a/genclu/apps_v1_deployment_redis-store.yaml b/genclu/apps_v1_deployment_redis-store.yaml new file mode 100644 index 000000000000..958f25509b8f --- /dev/null +++ b/genclu/apps_v1_deployment_redis-store.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Redis for storing semi-persistent data like user sessions. + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: redis-store + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-store + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/redis-store:insiders@sha256:cf0ec768d43a3107f54a3e915e227d75d5ea314ed6219926827dbc66fe3796f0 + livenessProbe: + initialDelaySeconds: 30 + tcpSocket: + port: redis + name: redis-store + ports: + - containerPort: 6379 + name: redis + readinessProbe: + initialDelaySeconds: 5 + tcpSocket: + port: redis + resources: + limits: + cpu: "1" + memory: 7Gi + requests: + cpu: "1" + memory: 7Gi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:84464_2021-01-15_c2e4c28@sha256:f3f51453e4261734f08579fe9c812c66ee443626690091401674be4fb724da70 + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + fsGroup: 1000 + runAsUser: 0 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-store diff --git a/genclu/apps_v1_deployment_repo-updater.yaml b/genclu/apps_v1_deployment_repo-updater.yaml new file mode 100644 index 000000000000..492cc264a1a6 --- /dev/null +++ b/genclu/apps_v1_deployment_repo-updater.yaml @@ -0,0 +1,100 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Handles repository metadata (not Git data) lookups and updates from + external code hosts and other similar services. + kubectl.kubernetes.io/default-container: repo-updater + labels: + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: repo-updater + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: repo-updater + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: repo-updater + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/repo-updater:insiders@sha256:fce859125453c69c2e738618027b7542af8e6a430a038862b2fc3ae6c55b6d45 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + - args: + - --reporter.grpc.host-port=jaeger-collector:14250 + - --reporter.type=grpc + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: index.docker.io/sourcegraph/jaeger-agent:insiders@sha256:c56b7e45efab76e285c791c932c91aeed64551e160b2417a5b3df6acef664b34 + name: jaeger-agent + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 100m + memory: 100M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + runAsUser: 0 diff --git a/genclu/apps_v1_deployment_searcher.yaml b/genclu/apps_v1_deployment_searcher.yaml new file mode 100644 index 000000000000..0e1277ba58e2 --- /dev/null +++ b/genclu/apps_v1_deployment_searcher.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Backend for text search operations. + kubectl.kubernetes.io/default-container: searcher + labels: + app.kubernetes.io/component: searcher + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: searcher + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: searcher + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: searcher + deploy: sourcegraph + spec: + containers: + - env: + - name: SEARCHER_CACHE_SIZE_MB + valueFrom: + resourceFieldRef: + containerName: searcher + divisor: 1M + resource: requests.ephemeral-storage + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + image: index.docker.io/sourcegraph/searcher:insiders@sha256:2ac95c00f424330c42b7d2051592b4b1974fcd3575cc221fbb6c84c7944c1e0e + name: searcher + ports: + - containerPort: 3181 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + ephemeral-storage: 26G + memory: 2G + requests: + cpu: 500m + ephemeral-storage: 25G + memory: 500M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache-ssd + - args: + - --reporter.grpc.host-port=jaeger-collector:14250 + - --reporter.type=grpc + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: index.docker.io/sourcegraph/jaeger-agent:insiders@sha256:c56b7e45efab76e285c791c932c91aeed64551e160b2417a5b3df6acef664b34 + name: jaeger-agent + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 100m + memory: 100M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + runAsUser: 0 + volumes: + - emptyDir: {} + name: cache-ssd diff --git a/genclu/apps_v1_deployment_sourcegraph-frontend.yaml b/genclu/apps_v1_deployment_sourcegraph-frontend.yaml new file mode 100644 index 000000000000..22d5fffc8944 --- /dev/null +++ b/genclu/apps_v1_deployment_sourcegraph-frontend.yaml @@ -0,0 +1,184 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Serves the frontend of Sourcegraph via HTTP(S). + kubectl.kubernetes.io/default-container: frontend + labels: + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: sourcegraph-frontend + strategy: + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: sourcegraph-frontend + deploy: sourcegraph + spec: + containers: + - args: + - serve + env: + - name: PGDATABASE + value: sg + - name: PGHOST + value: pgsql + - name: PGPORT + value: "5432" + - name: PGSSLMODE + value: disable + - name: PGUSER + value: sg + - name: CODEINSIGHTS_PGDATASOURCE + value: postgres://postgres:password@codeinsights-db:5432/postgres + - name: CODEINTEL_PGDATABASE + value: sg + - name: CODEINTEL_PGHOST + value: codeintel-db + - name: CODEINTEL_PGPORT + value: "5432" + - name: CODEINTEL_PGSSLMODE + value: disable + - name: CODEINTEL_PGUSER + value: sg + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: GRAFANA_SERVER_URL + value: http://grafana:30070 + - name: JAEGER_SERVER_URL + value: http://jaeger-query:16686 + - name: PROMETHEUS_URL + value: http://prometheus:30090 + image: index.docker.io/sourcegraph/frontend:insiders@sha256:3fb1105d32e317645c080720d17e73a9da5fdcbee567bda31a51883c2dd7ac39 + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 300 + timeoutSeconds: 5 + name: frontend + ports: + - containerPort: 3080 + name: http + - containerPort: 3090 + name: http-internal + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + ephemeral-storage: 8Gi + memory: 4G + requests: + cpu: "2" + ephemeral-storage: 4Gi + memory: 2G + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache-ssd + - args: + - --reporter.grpc.host-port=jaeger-collector:14250 + - --reporter.type=grpc + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: index.docker.io/sourcegraph/jaeger-agent:insiders@sha256:c56b7e45efab76e285c791c932c91aeed64551e160b2417a5b3df6acef664b34 + name: jaeger-agent + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 100m + memory: 100M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + initContainers: + - args: + - up + env: + - name: PGDATABASE + value: sg + - name: PGHOST + value: pgsql + - name: PGPORT + value: "5432" + - name: PGSSLMODE + value: disable + - name: PGUSER + value: sg + - name: CODEINSIGHTS_PGDATASOURCE + value: postgres://postgres:password@codeinsights-db:5432/postgres + - name: CODEINTEL_PGDATABASE + value: sg + - name: CODEINTEL_PGHOST + value: codeintel-db + - name: CODEINTEL_PGPORT + value: "5432" + - name: CODEINTEL_PGSSLMODE + value: disable + - name: CODEINTEL_PGUSER + value: sg + image: index.docker.io/sourcegraph/migrator:insiders@sha256:27f0661fb17329a8355f44a14b4276d19d0b635dbe4a76e8d02afbdc0dd92021 + name: migrator + resources: + limits: + cpu: 500m + memory: 100M + requests: + cpu: 100m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + runAsUser: 0 + serviceAccountName: sourcegraph-frontend + volumes: + - emptyDir: {} + name: cache-ssd diff --git a/genclu/apps_v1_deployment_symbols.yaml b/genclu/apps_v1_deployment_symbols.yaml new file mode 100644 index 000000000000..da214d940121 --- /dev/null +++ b/genclu/apps_v1_deployment_symbols.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Backend for symbols operations. + kubectl.kubernetes.io/default-container: symbols + labels: + app.kubernetes.io/component: symbols + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: symbols + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: symbols + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: symbols + deploy: sourcegraph + spec: + containers: + - env: + - name: SYMBOLS_CACHE_SIZE_MB + valueFrom: + resourceFieldRef: + containerName: symbols + divisor: 1M + resource: requests.ephemeral-storage + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CACHE_DIR + value: /mnt/cache/$(POD_NAME) + image: index.docker.io/sourcegraph/symbols:insiders@sha256:a749ad761bcd36879f34abda2ee9f872490a1b77c1815e6dff5eb35cc80ae315 + livenessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: symbols + ports: + - containerPort: 3184 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + ephemeral-storage: 12G + memory: 2G + requests: + cpu: 500m + ephemeral-storage: 10G + memory: 500M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache-ssd + - args: + - --reporter.grpc.host-port=jaeger-collector:14250 + - --reporter.type=grpc + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: index.docker.io/sourcegraph/jaeger-agent:insiders@sha256:c56b7e45efab76e285c791c932c91aeed64551e160b2417a5b3df6acef664b34 + name: jaeger-agent + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 100m + memory: 100M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + runAsUser: 0 + volumes: + - emptyDir: {} + name: cache-ssd diff --git a/genclu/apps_v1_deployment_syntect-server.yaml b/genclu/apps_v1_deployment_syntect-server.yaml new file mode 100644 index 000000000000..753eb5a27b35 --- /dev/null +++ b/genclu/apps_v1_deployment_syntect-server.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Backend for syntax highlighting operations. + labels: + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntect-server + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: syntect-server + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: syntect-server + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/syntax-highlighter:insiders@sha256:f40a37cd9c4ca5c2f7292d87d1b76e63efb822bed26ce2ee3711d721cc045624 + livenessProbe: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: syntect-server + ports: + - containerPort: 9238 + name: http + readinessProbe: + tcpSocket: + port: http + resources: + limits: + cpu: "4" + memory: 6G + requests: + cpu: 250m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + runAsUser: 0 diff --git a/genclu/apps_v1_deployment_worker.yaml b/genclu/apps_v1_deployment_worker.yaml new file mode 100644 index 000000000000..0fb6d6e2708e --- /dev/null +++ b/genclu/apps_v1_deployment_worker.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + description: Manages background processes. + labels: + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker + namespace: foobar +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: worker + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: worker + deploy: sourcegraph + spec: + containers: + - env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: index.docker.io/sourcegraph/worker:insiders@sha256:c4a701ae351d06ac6916b399d5edc360cb43cd819ecee50a76d321fabc747576 + livenessProbe: + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + name: worker + ports: + - containerPort: 3189 + name: http + - containerPort: 6060 + name: debug + readinessProbe: + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 500m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + runAsUser: 0 diff --git a/genclu/apps_v1_statefulset_gitserver.yaml b/genclu/apps_v1_statefulset_gitserver.yaml new file mode 100644 index 000000000000..74dcd5108d6f --- /dev/null +++ b/genclu/apps_v1_statefulset_gitserver.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Stores clones of repositories to perform Git operations. + kubectl.kubernetes.io/default-container: gitserver + labels: + app.kubernetes.io/component: gitserver + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: gitserver + namespace: foobar +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: gitserver + serviceName: gitserver + template: + metadata: + labels: + app: gitserver + deploy: sourcegraph + group: backend + type: gitserver + spec: + containers: + - args: + - run + image: index.docker.io/sourcegraph/gitserver:insiders@sha256:1165b471e32fd4f0508267cf739ba8f7d90d0610bcece71fd9eced0036f69198 + livenessProbe: + initialDelaySeconds: 5 + tcpSocket: + port: rpc + timeoutSeconds: 5 + name: gitserver + ports: + - containerPort: 3178 + name: rpc + protocol: TCP + resources: + limits: + cpu: "4" + memory: 8G + requests: + cpu: "4" + memory: 8G + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data/repos + name: repos + - args: + - --reporter.grpc.host-port=jaeger-collector:14250 + - --reporter.type=grpc + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: index.docker.io/sourcegraph/jaeger-agent:insiders@sha256:c56b7e45efab76e285c791c932c91aeed64551e160b2417a5b3df6acef664b34 + name: jaeger-agent + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: 100m + memory: 100M + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + securityContext: + fsGroup: 101 + runAsUser: 0 + volumes: + - name: repos + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: repos + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + storageClassName: sourcegraph diff --git a/genclu/apps_v1_statefulset_grafana.yaml b/genclu/apps_v1_statefulset_grafana.yaml new file mode 100644 index 000000000000..c8ea31d77581 --- /dev/null +++ b/genclu/apps_v1_statefulset_grafana.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Metrics/monitoring dashboards and alerts. + kubectl.kubernetes.io/default-container: grafana + labels: + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: foobar +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: grafana + serviceName: grafana + template: + metadata: + labels: + app: grafana + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/grafana:insiders@sha256:7e23d7509d2107b8f0fe0942c98da2a6d31cab1e4e5f96bd31564a3a756aa104 + name: grafana + ports: + - containerPort: 3370 + name: http + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 472 + runAsUser: 472 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/lib/grafana + name: grafana-data + - mountPath: /sg_config_grafana/provisioning/datasources + name: config + securityContext: + fsGroup: 472 + runAsUser: 0 + serviceAccountName: grafana + volumes: + - configMap: + defaultMode: 511 + name: grafana + name: config + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: grafana-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + storageClassName: sourcegraph diff --git a/genclu/apps_v1_statefulset_indexed-search.yaml b/genclu/apps_v1_statefulset_indexed-search.yaml new file mode 100644 index 000000000000..83758d4c8c32 --- /dev/null +++ b/genclu/apps_v1_statefulset_indexed-search.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + description: Backend for indexed text search operations. + labels: + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search + namespace: foobar +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: indexed-search + serviceName: indexed-search + template: + metadata: + labels: + app: indexed-search + deploy: sourcegraph + spec: + containers: + - image: index.docker.io/sourcegraph/indexed-searcher:insiders@sha256:1d58bab3cdcae0b13361676f12658a2257f322c17e2bf417995b0e1a53d9a595 + name: zoekt-webserver + ports: + - containerPort: 6070 + name: http + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + periodSeconds: 5 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 500m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: data + - image: index.docker.io/sourcegraph/search-indexer:insiders@sha256:7b1a411dc8a207f4f1743edd2377ae2a5cad4ae4801a9a0388b31bc24db23fa5 + name: zoekt-indexserver + ports: + - containerPort: 6072 + name: index-http + resources: + limits: + cpu: "8" + memory: 8G + requests: + cpu: "4" + memory: 4G + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 101 + runAsUser: 100 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: data + securityContext: + fsGroup: 101 + runAsUser: 0 + volumes: + - name: data + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + labels: + deploy: sourcegraph + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + storageClassName: sourcegraph diff --git a/genclu/networking.k8s.io_v1_ingress_sourcegraph-frontend.yaml b/genclu/networking.k8s.io_v1_ingress_sourcegraph-frontend.yaml new file mode 100644 index 000000000000..1e99caa48cf8 --- /dev/null +++ b/genclu/networking.k8s.io_v1_ingress_sourcegraph-frontend.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: 150m + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: foobar +spec: + rules: + - http: + paths: + - backend: + service: + name: sourcegraph-frontend + port: + number: 30080 + path: / + pathType: Prefix diff --git a/genclu/rbac.authorization.k8s.io_v1_rolebinding_prometheus-nonprivileged.yaml b/genclu/rbac.authorization.k8s.io_v1_rolebinding_prometheus-nonprivileged.yaml new file mode 100644 index 000000000000..5d5b33c44fbf --- /dev/null +++ b/genclu/rbac.authorization.k8s.io_v1_rolebinding_prometheus-nonprivileged.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + category: rbac + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus-nonprivileged + namespace: foobar +roleRef: + apiGroup: "" + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: prometheus + namespace: ns-sourcegraph diff --git a/genclu/rbac.authorization.k8s.io_v1_rolebinding_sourcegraph-frontend-nonprivileged.yaml b/genclu/rbac.authorization.k8s.io_v1_rolebinding_sourcegraph-frontend-nonprivileged.yaml new file mode 100644 index 000000000000..fd7b322b6ffb --- /dev/null +++ b/genclu/rbac.authorization.k8s.io_v1_rolebinding_sourcegraph-frontend-nonprivileged.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + category: rbac + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend-nonprivileged + namespace: foobar +roleRef: + apiGroup: "" + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: sourcegraph-frontend + namespace: ns-sourcegraph diff --git a/genclu/v1_configmap_codeinsights-db-conf.yaml b/genclu/v1_configmap_codeinsights-db-conf.yaml new file mode 100644 index 000000000000..626b61f65f10 --- /dev/null +++ b/genclu/v1_configmap_codeinsights-db-conf.yaml @@ -0,0 +1,763 @@ +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 20 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP settings - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_min_protocol_version = 'TLSv1' + #ssl_max_protocol_version = '' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 509546kB # min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 3184kB # min 64kB + maintenance_work_mem = 254773kB # min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + #shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + + # - Disk - + + #temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + #bgwriter_delay = 200ms # 10-10000ms between rounds + #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 19 # (change requires restart) + #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers + max_parallel_workers_per_gather = 4 # taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + #wal_init_zero = on # zero-fill new WAL files + #wal_recycle = on # recycle WAL files + wal_buffers = 15285kB # min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 1GB + min_wal_size = 512MB + checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + # - Archive Recovery - + + # These are only used in recovery mode. + + #restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) + #archive_cleanup_command = '' # command to execute at every restartpoint + #recovery_end_command = '' # command to execute at completion of recovery + + # - Recovery Target - + + # Set these only when performing a targeted recovery. + + #recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) + #recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) + #recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) + #recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) + #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) + #recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) + #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) + #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #primary_conninfo = '' # connection string to sending server + # (change requires restart) + #primary_slot_name = '' # replication slot on sending server + # (change requires restart) + #promote_trigger_file = '' # file name whose presence ends recovery + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 1492MB + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + default_statistics_target = 500 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = on # allow JIT compilation + #plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + #log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + autovacuum_max_workers = 10 # max number of autovacuum subprocesses + # (change requires restart) + autovacuum_naptime = 10 # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #default_table_access_method = 'heap' + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. Note that these are directives, not variable + # assignments, so they can usefully be given more than once. + + #include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '...' # include file only if it exists + #include = '...' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for CodeInsightsDB + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db-conf + namespace: foobar diff --git a/genclu/v1_configmap_codeintel-db-conf.yaml b/genclu/v1_configmap_codeintel-db-conf.yaml new file mode 100644 index 000000000000..897f1d0292f3 --- /dev/null +++ b/genclu/v1_configmap_codeintel-db-conf.yaml @@ -0,0 +1,705 @@ +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # SOURCEGRAPH CUSTOMIZATIONS CONTAIN "# SG CUSTOM" in the comment + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 100 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP Keepalives - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 1GB # SG CUSTOM min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 5MB # SG CUSTOM min 64kB + maintenance_work_mem = 250MB # SG CUSTOM min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + + # - Disk - + + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds + bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables + + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 4 # SG CUSTOM (change requires restart) + max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers + max_parallel_workers_per_gather = 2 # SG CUSTOM taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 4 # SG CUSTOM maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + wal_buffers = 16MB # SG CUSTOM min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 8GB # SG CUSTOM + min_wal_size = 2GB # SG CUSTOM + #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # SG CUSTOM same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 3GB # SG CUSTOM + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + #default_statistics_target = 100 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = off # allow JIT compilation + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'Etc/UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + #autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) + #autovacuum_naptime = 1min # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'Etc/UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 0 # min -15, max 3 + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + #shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + #max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #default_with_oids = off + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. + + #include_dir = '' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '' # include file only if it exists + #include = '' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for PostgreSQL + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db-conf + namespace: foobar diff --git a/genclu/v1_configmap_grafana.yaml b/genclu/v1_configmap_grafana.yaml new file mode 100644 index 000000000000..6804d1e780e0 --- /dev/null +++ b/genclu/v1_configmap_grafana.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +data: + datasources.yml: | + apiVersion: 1 + + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus:30090 + isDefault: true + editable: false + - name: Jaeger + type: Jaeger + access: proxy + url: http://jaeger-query:16686/-/debug/jaeger +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: foobar diff --git a/genclu/v1_configmap_pgsql-conf.yaml b/genclu/v1_configmap_pgsql-conf.yaml new file mode 100644 index 000000000000..5c78298721b8 --- /dev/null +++ b/genclu/v1_configmap_pgsql-conf.yaml @@ -0,0 +1,705 @@ +apiVersion: v1 +data: + postgresql.conf: | + # ----------------------------- + # PostgreSQL configuration file + # ----------------------------- + # SOURCEGRAPH CUSTOMIZATIONS CONTAIN "# SG CUSTOM" in the comment + # + # This file consists of lines of the form: + # + # name = value + # + # (The "=" is optional.) Whitespace may be used. Comments are introduced with + # "#" anywhere on a line. The complete list of parameter names and allowed + # values can be found in the PostgreSQL documentation. + # + # The commented-out settings shown in this file represent the default values. + # Re-commenting a setting is NOT sufficient to revert it to the default value; + # you need to reload the server. + # + # This file is read on server startup and when the server receives a SIGHUP + # signal. If you edit the file on a running system, you have to SIGHUP the + # server for the changes to take effect, run "pg_ctl reload", or execute + # "SELECT pg_reload_conf()". Some parameters, which are marked below, + # require a server shutdown and restart to take effect. + # + # Any parameter can also be given as a command-line option to the server, e.g., + # "postgres -c log_connections=on". Some parameters can be changed at run time + # with the "SET" SQL command. + # + # Memory units: kB = kilobytes Time units: ms = milliseconds + # MB = megabytes s = seconds + # GB = gigabytes min = minutes + # TB = terabytes h = hours + # d = days + + + #------------------------------------------------------------------------------ + # FILE LOCATIONS + #------------------------------------------------------------------------------ + + # The default values of these variables are driven from the -D command-line + # option or PGDATA environment variable, represented here as ConfigDir. + + #data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) + #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) + #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + + # If external_pid_file is not explicitly set, no extra PID file is written. + #external_pid_file = '' # write an extra PID file + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + # - Connection Settings - + + listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) + #port = 5432 # (change requires restart) + max_connections = 100 # (change requires restart) + #superuser_reserved_connections = 3 # (change requires restart) + #unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) + #unix_socket_group = '' # (change requires restart) + #unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) + #bonjour = off # advertise server via Bonjour + # (change requires restart) + #bonjour_name = '' # defaults to the computer name + # (change requires restart) + + # - TCP Keepalives - + # see "man 7 tcp" for details + + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default + #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default + #tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + # - Authentication - + + #authentication_timeout = 1min # 1s-600s + #password_encryption = md5 # md5 or scram-sha-256 + #db_user_namespace = off + + # GSSAPI using Kerberos + #krb_server_keyfile = '' + #krb_caseins_users = off + + # - SSL - + + #ssl = off + #ssl_ca_file = '' + #ssl_cert_file = 'server.crt' + #ssl_crl_file = '' + #ssl_key_file = 'server.key' + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + #ssl_prefer_server_ciphers = on + #ssl_ecdh_curve = 'prime256v1' + #ssl_dh_params_file = '' + #ssl_passphrase_command = '' + #ssl_passphrase_command_supports_reload = off + + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + # - Memory - + + shared_buffers = 1GB # SG CUSTOM min 128kB + # (change requires restart) + #huge_pages = try # on, off, or try + # (change requires restart) + #temp_buffers = 8MB # min 800kB + #max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) + # Caution: it is not advisable to set max_prepared_transactions nonzero unless + # you actively intend to use prepared transactions. + work_mem = 5MB # SG CUSTOM min 64kB + maintenance_work_mem = 250MB # SG CUSTOM min 1MB + #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem + #max_stack_depth = 2MB # min 100kB + dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + + # - Disk - + + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space + # in kB, or -1 for no limit + + # - Kernel Resources - + + #max_files_per_process = 1000 # min 25 + # (change requires restart) + + # - Cost-Based Vacuum Delay - + + #vacuum_cost_delay = 0 # 0-100 milliseconds + #vacuum_cost_page_hit = 1 # 0-10000 credits + #vacuum_cost_page_miss = 10 # 0-10000 credits + #vacuum_cost_page_dirty = 20 # 0-10000 credits + #vacuum_cost_limit = 200 # 1-10000 credits + + # - Background Writer - + + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds + bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables + + #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round + #bgwriter_flush_after = 512kB # measured in pages, 0 disables + + # - Asynchronous Behavior - + + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching + max_worker_processes = 4 # SG CUSTOM (change requires restart) + max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers + max_parallel_workers_per_gather = 2 # SG CUSTOM taken from max_parallel_workers + #parallel_leader_participation = on + max_parallel_workers = 4 # SG CUSTOM maximum number of max_worker_processes that + # can be used in parallel operations + #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + #backend_flush_after = 0 # measured in pages, 0 disables + + + #------------------------------------------------------------------------------ + # WRITE-AHEAD LOG + #------------------------------------------------------------------------------ + + # - Settings - + + #wal_level = replica # minimal, replica, or logical + # (change requires restart) + #fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) + #synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on + #wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync + #full_page_writes = on # recover from partial page writes + #wal_compression = off # enable compression of full-page writes + #wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) + wal_buffers = 16MB # SG CUSTOM min 32kB, -1 sets based on shared_buffers + # (change requires restart) + #wal_writer_delay = 200ms # 1-10000 milliseconds + #wal_writer_flush_after = 1MB # measured in pages, 0 disables + + #commit_delay = 0 # range 0-100000, in microseconds + #commit_siblings = 5 # range 1-1000 + + # - Checkpoints - + + #checkpoint_timeout = 5min # range 30s-1d + max_wal_size = 8GB # SG CUSTOM + min_wal_size = 2GB # SG CUSTOM + #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 + #checkpoint_flush_after = 256kB # measured in pages, 0 disables + #checkpoint_warning = 30s # 0 disables + + # - Archiving - + + #archive_mode = off # enables archiving; off, on, or always + # (change requires restart) + #archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' + #archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + # - Sending Servers - + + # Set these on the master and on any standby that will send replication data. + + #max_wal_senders = 10 # max number of walsender processes + # (change requires restart) + #wal_keep_segments = 0 # in logfile segments; 0 disables + #wal_sender_timeout = 60s # in milliseconds; 0 disables + + #max_replication_slots = 10 # max number of replication slots + # (change requires restart) + #track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + + # - Master Server - + + # These settings are ignored on a standby server. + + #synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all + #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + + # - Standby Servers - + + # These settings are ignored on a master server. + + #hot_standby = on # "off" disallows queries during recovery + # (change requires restart) + #max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay + #max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay + #wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables + #hot_standby_feedback = off # send info from standby to prevent + # query conflicts + #wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + #wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + # - Subscribers - + + # These settings are ignored on a publisher. + + #max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) + #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + + #------------------------------------------------------------------------------ + # QUERY TUNING + #------------------------------------------------------------------------------ + + # - Planner Method Configuration - + + #enable_bitmapscan = on + #enable_hashagg = on + #enable_hashjoin = on + #enable_indexscan = on + #enable_indexonlyscan = on + #enable_material = on + #enable_mergejoin = on + #enable_nestloop = on + #enable_parallel_append = on + #enable_seqscan = on + #enable_sort = on + #enable_tidscan = on + #enable_partitionwise_join = off + #enable_partitionwise_aggregate = off + #enable_parallel_hash = on + #enable_partition_pruning = on + + # - Planner Cost Constants - + + #seq_page_cost = 1.0 # measured on an arbitrary scale + random_page_cost = 1.1 # SG CUSTOM same scale as above + #cpu_tuple_cost = 0.01 # same scale as above + #cpu_index_tuple_cost = 0.005 # same scale as above + #cpu_operator_cost = 0.0025 # same scale as above + #parallel_tuple_cost = 0.1 # same scale as above + #parallel_setup_cost = 1000.0 # same scale as above + + #jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables + #jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables + #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + + #min_parallel_table_scan_size = 8MB + #min_parallel_index_scan_size = 512kB + effective_cache_size = 3GB # SG CUSTOM + + # - Genetic Query Optimizer - + + #geqo = on + #geqo_threshold = 12 + #geqo_effort = 5 # range 1-10 + #geqo_pool_size = 0 # selects default based on effort + #geqo_generations = 0 # selects default based on effort + #geqo_selection_bias = 2.0 # range 1.5-2.0 + #geqo_seed = 0.0 # range 0.0-1.0 + + # - Other Planner Options - + + #default_statistics_target = 100 # range 1-10000 + #constraint_exclusion = partition # on, off, or partition + #cursor_tuple_fraction = 0.1 # range 0.0-1.0 + #from_collapse_limit = 8 + #join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + #force_parallel_mode = off + #jit = off # allow JIT compilation + + + #------------------------------------------------------------------------------ + # REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + # - Where to Log - + + #log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + + # This is used when logging to stderr: + #logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA + #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation + #log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + #log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. + #log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + #syslog_sequence_numbers = on + #syslog_split_messages = on + + # This is only relevant when logging to eventlog (win32): + # (change requires restart) + #event_source = 'PostgreSQL' + + # - When to Log - + + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + + # - What to Log - + + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default # terse, default, or verbose messages + #log_hostname = off + #log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_replication_commands = off + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files + log_timezone = 'Etc/UTC' + + #------------------------------------------------------------------------------ + # PROCESS TITLE + #------------------------------------------------------------------------------ + + #cluster_name = '' # added to process titles if nonempty + # (change requires restart) + #update_process_title = on + + + #------------------------------------------------------------------------------ + # STATISTICS + #------------------------------------------------------------------------------ + + # - Query and Index Statistics Collector - + + #track_activities = on + #track_counts = on + #track_io_timing = off + #track_functions = none # none, pl, all + #track_activity_query_size = 1024 # (change requires restart) + #stats_temp_directory = 'pg_stat_tmp' + + + # - Monitoring - + + #log_parser_stats = off + #log_planner_stats = off + #log_executor_stats = off + #log_statement_stats = off + + + #------------------------------------------------------------------------------ + # AUTOVACUUM + #------------------------------------------------------------------------------ + + #autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. + #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. + #autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) + #autovacuum_naptime = 1min # time between autovacuum runs + #autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum + #autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze + #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum + #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze + #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) + #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) + #autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay + #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + + #------------------------------------------------------------------------------ + # CLIENT CONNECTION DEFAULTS + #------------------------------------------------------------------------------ + + # - Statement Behavior - + + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #search_path = '"$user", public' # schema names + #row_security = on + #default_tablespace = '' # a tablespace name, '' uses the default + #temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace + #check_function_bodies = on + #default_transaction_isolation = 'read committed' + #default_transaction_read_only = off + #default_transaction_deferrable = off + #session_replication_role = 'origin' + #statement_timeout = 0 # in milliseconds, 0 is disabled + #lock_timeout = 0 # in milliseconds, 0 is disabled + #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled + #vacuum_freeze_min_age = 50000000 + #vacuum_freeze_table_age = 150000000 + #vacuum_multixact_freeze_min_age = 5000000 + #vacuum_multixact_freeze_table_age = 150000000 + #vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup + #bytea_output = 'hex' # hex, escape + #xmlbinary = 'base64' + #xmloption = 'content' + #gin_fuzzy_search_limit = 0 + #gin_pending_list_limit = 4MB + + # - Locale and Formatting - + + datestyle = 'iso, mdy' + #intervalstyle = 'postgres' + timezone = 'Etc/UTC' + #timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. + #extra_float_digits = 0 # min -15, max 3 + #client_encoding = sql_ascii # actually, defaults to database + # encoding + + # These settings are initialized by initdb, but they can be changed. + lc_messages = 'en_US.utf8' # locale for system error message + # strings + lc_monetary = 'en_US.utf8' # locale for monetary formatting + lc_numeric = 'en_US.utf8' # locale for number formatting + lc_time = 'en_US.utf8' # locale for time formatting + + # default configuration for text search + default_text_search_config = 'pg_catalog.english' + + # - Shared Library Preloading - + + #shared_preload_libraries = '' # (change requires restart) + #local_preload_libraries = '' + #session_preload_libraries = '' + #jit_provider = 'llvmjit' # JIT library to use + + # - Other Defaults - + + #dynamic_library_path = '$libdir' + + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + #deadlock_timeout = 1s + #max_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + #max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 + #max_pred_locks_per_page = 2 # min 0 + + + #------------------------------------------------------------------------------ + # VERSION AND PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + # - Previous PostgreSQL Versions - + + #array_nulls = on + #backslash_quote = safe_encoding # on, off, or safe_encoding + #default_with_oids = off + #escape_string_warning = on + #lo_compat_privileges = off + #operator_precedence_warning = off + #quote_all_identifiers = off + #standard_conforming_strings = on + #synchronize_seqscans = on + + # - Other Platforms and Clients - + + #transform_null_equals = off + + + #------------------------------------------------------------------------------ + # ERROR HANDLING + #------------------------------------------------------------------------------ + + #exit_on_error = off # terminate session on any error? + #restart_after_crash = on # reinitialize after backend crash? + #data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + + #------------------------------------------------------------------------------ + # CONFIG FILE INCLUDES + #------------------------------------------------------------------------------ + + # These options allow settings to be loaded from files other than the + # default postgresql.conf. + + #include_dir = '' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' + #include_if_exists = '' # include file only if it exists + #include = '' # include file + + + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ + + # Add settings for extensions here +kind: ConfigMap +metadata: + annotations: + description: Configuration for PostgreSQL + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql-conf + namespace: foobar diff --git a/genclu/v1_configmap_prometheus.yaml b/genclu/v1_configmap_prometheus.yaml new file mode 100644 index 000000000000..5046af7b769f --- /dev/null +++ b/genclu/v1_configmap_prometheus.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +data: + extra_rules.yml: "" + node_rules.yml: "" + prometheus.yml: | + global: + scrape_interval: 30s + evaluation_interval: 30s + + alerting: + alertmanagers: + # Bundled Alertmanager, started by prom-wrapper + - static_configs: + - targets: ['127.0.0.1:9093'] + path_prefix: /alertmanager + + rule_files: + - '*_rules.yml' + - "/sg_config_prometheus/*_rules.yml" + - "/sg_prometheus_add_ons/*_rules.yml" + + scrape_configs: + - job_name: 'kubernetes-service-endpoints' + + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - ns-sourcegraph + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+)(?::\d+);(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + # Sourcegraph specific customization. We want a nicer name for job + - source_labels: [app] + action: replace + target_label: job + # Sourcegraph specific customization. We want a nicer name for instance + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: instance +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: foobar diff --git a/genclu/v1_persistentvolumeclaim_codeinsights-db.yaml b/genclu/v1_persistentvolumeclaim_codeinsights-db.yaml new file mode 100644 index 000000000000..440312af8a1d --- /dev/null +++ b/genclu/v1_persistentvolumeclaim_codeinsights-db.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: foobar +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + storageClassName: sourcegraph diff --git a/genclu/v1_persistentvolumeclaim_codeintel-db.yaml b/genclu/v1_persistentvolumeclaim_codeintel-db.yaml new file mode 100644 index 000000000000..e05b40e67afb --- /dev/null +++ b/genclu/v1_persistentvolumeclaim_codeintel-db.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: foobar +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + storageClassName: sourcegraph diff --git a/genclu/v1_persistentvolumeclaim_minio.yaml b/genclu/v1_persistentvolumeclaim_minio.yaml new file mode 100644 index 000000000000..d77c530d6c00 --- /dev/null +++ b/genclu/v1_persistentvolumeclaim_minio.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: minio + namespace: foobar +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: sourcegraph diff --git a/genclu/v1_persistentvolumeclaim_pgsql.yaml b/genclu/v1_persistentvolumeclaim_pgsql.yaml new file mode 100644 index 000000000000..6ede9cea3622 --- /dev/null +++ b/genclu/v1_persistentvolumeclaim_pgsql.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: foobar +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + storageClassName: sourcegraph diff --git a/genclu/v1_persistentvolumeclaim_prometheus.yaml b/genclu/v1_persistentvolumeclaim_prometheus.yaml new file mode 100644 index 000000000000..3282b2c537ca --- /dev/null +++ b/genclu/v1_persistentvolumeclaim_prometheus.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: foobar +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + storageClassName: sourcegraph diff --git a/genclu/v1_persistentvolumeclaim_redis-cache.yaml b/genclu/v1_persistentvolumeclaim_redis-cache.yaml new file mode 100644 index 000000000000..d2b30b90427a --- /dev/null +++ b/genclu/v1_persistentvolumeclaim_redis-cache.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: foobar +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: sourcegraph diff --git a/genclu/v1_persistentvolumeclaim_redis-store.yaml b/genclu/v1_persistentvolumeclaim_redis-store.yaml new file mode 100644 index 000000000000..11dcffc512e0 --- /dev/null +++ b/genclu/v1_persistentvolumeclaim_redis-store.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: foobar +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: sourcegraph diff --git a/genclu/v1_service_codeinsights-db.yaml b/genclu/v1_service_codeinsights-db.yaml new file mode 100644 index 000000000000..a902e142e201 --- /dev/null +++ b/genclu/v1_service_codeinsights-db.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: codeinsights-db + app.kubernetes.io/component: codeinsights-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeinsights-db + namespace: foobar +spec: + ports: + - name: codeinsights-db + port: 5432 + targetPort: codeinsights-db + selector: + app: codeinsights-db + type: ClusterIP diff --git a/genclu/v1_service_codeintel-db.yaml b/genclu/v1_service_codeintel-db.yaml new file mode 100644 index 000000000000..6d0c18599a8e --- /dev/null +++ b/genclu/v1_service_codeintel-db.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: codeintel-db + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: codeintel-db + namespace: foobar +spec: + ports: + - name: pgsql + port: 5432 + targetPort: pgsql + selector: + app: codeintel-db + type: ClusterIP diff --git a/genclu/v1_service_github-proxy.yaml b/genclu/v1_service_github-proxy.yaml new file mode 100644 index 000000000000..a9cf0dadf38a --- /dev/null +++ b/genclu/v1_service_github-proxy.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: github-proxy + app.kubernetes.io/component: github-proxy + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: github-proxy + namespace: foobar +spec: + ports: + - name: http + port: 80 + targetPort: http + selector: + app: github-proxy + type: ClusterIP diff --git a/genclu/v1_service_gitserver.yaml b/genclu/v1_service_gitserver.yaml new file mode 100644 index 000000000000..d5ad9539e8f0 --- /dev/null +++ b/genclu/v1_service_gitserver.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + gitserver stateful set. + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: gitserver + app.kubernetes.io/component: gitserver + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + type: gitserver + name: gitserver + namespace: foobar +spec: + clusterIP: None + ports: + - name: unused + port: 10811 + targetPort: 10811 + selector: + app: gitserver + type: gitserver + type: ClusterIP diff --git a/genclu/v1_service_grafana.yaml b/genclu/v1_service_grafana.yaml new file mode 100644 index 000000000000..728f9a44ae91 --- /dev/null +++ b/genclu/v1_service_grafana.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grafana + app.kubernetes.io/component: grafana + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: foobar +spec: + ports: + - name: http + port: 30070 + targetPort: http + selector: + app: grafana + type: ClusterIP diff --git a/genclu/v1_service_indexed-search-indexer.yaml b/genclu/v1_service_indexed-search-indexer.yaml new file mode 100644 index 000000000000..a86fdb44cac3 --- /dev/null +++ b/genclu/v1_service_indexed-search-indexer.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + indexed-search stateful set. + prometheus.io/port: "6072" + sourcegraph.prometheus/scrape: "true" + labels: + app: indexed-search-indexer + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search-indexer + namespace: foobar +spec: + clusterIP: None + ports: + - port: 6072 + targetPort: 6072 + selector: + app: indexed-search + type: ClusterIP diff --git a/genclu/v1_service_indexed-search.yaml b/genclu/v1_service_indexed-search.yaml new file mode 100644 index 000000000000..e891072bd2df --- /dev/null +++ b/genclu/v1_service_indexed-search.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + description: Headless service that provides a stable network identity for the + indexed-search stateful set. + prometheus.io/port: "6070" + sourcegraph.prometheus/scrape: "true" + labels: + app: indexed-search + app.kubernetes.io/component: indexed-search + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: indexed-search + namespace: foobar +spec: + clusterIP: None + ports: + - port: 6070 + selector: + app: indexed-search + type: ClusterIP diff --git a/genclu/v1_service_jaeger-collector.yaml b/genclu/v1_service_jaeger-collector.yaml new file mode 100644 index 000000000000..7ce2229af6a1 --- /dev/null +++ b/genclu/v1_service_jaeger-collector.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + app.kubernetes.io/component: jaeger + app.kubernetes.io/name: jaeger + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: jaeger-collector + namespace: foobar +spec: + ports: + - name: jaeger-collector-tchannel + port: 14267 + protocol: TCP + targetPort: 14267 + - name: jaeger-collector-http + port: 14268 + protocol: TCP + targetPort: 14268 + - name: jaeger-collector-grpc + port: 14250 + protocol: TCP + targetPort: 14250 + selector: + app.kubernetes.io/component: all-in-one + app.kubernetes.io/name: jaeger + type: ClusterIP diff --git a/genclu/v1_service_jaeger-query.yaml b/genclu/v1_service_jaeger-query.yaml new file mode 100644 index 000000000000..cf370d3c61bf --- /dev/null +++ b/genclu/v1_service_jaeger-query.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: jaeger + app.kubernetes.io/component: jaeger + app.kubernetes.io/name: jaeger + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: jaeger-query + namespace: foobar +spec: + ports: + - name: query-http + port: 16686 + protocol: TCP + targetPort: 16686 + selector: + app.kubernetes.io/component: all-in-one + app.kubernetes.io/name: jaeger + type: ClusterIP diff --git a/genclu/v1_service_minio.yaml b/genclu/v1_service_minio.yaml new file mode 100644 index 000000000000..d813d4112093 --- /dev/null +++ b/genclu/v1_service_minio.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /minio/prometheus/metrics + prometheus.io/port: "9000" + sourcegraph.prometheus/scrape: "true" + labels: + app: minio + app.kubernetes.io/component: minio + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: minio + namespace: foobar +spec: + ports: + - name: minio + port: 9000 + targetPort: minio + selector: + app: minio + type: ClusterIP diff --git a/genclu/v1_service_pgsql.yaml b/genclu/v1_service_pgsql.yaml new file mode 100644 index 000000000000..5e811449cc1f --- /dev/null +++ b/genclu/v1_service_pgsql.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + labels: + app: pgsql + app.kubernetes.io/component: pgsql + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: pgsql + namespace: foobar +spec: + ports: + - name: pgsql + port: 5432 + targetPort: pgsql + selector: + app: pgsql + type: ClusterIP diff --git a/genclu/v1_service_precise-code-intel-worker.yaml b/genclu/v1_service_precise-code-intel-worker.yaml new file mode 100644 index 000000000000..ac1a30fd1d7e --- /dev/null +++ b/genclu/v1_service_precise-code-intel-worker.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: precise-code-intel-worker + namespace: foobar +spec: + ports: + - name: http + port: 3188 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: precise-code-intel-worker + type: ClusterIP diff --git a/genclu/v1_service_prometheus.yaml b/genclu/v1_service_prometheus.yaml new file mode 100644 index 000000000000..57f026302a5a --- /dev/null +++ b/genclu/v1_service_prometheus.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: prometheus + app.kubernetes.io/component: prometheus + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: foobar +spec: + ports: + - name: http + port: 30090 + targetPort: http + selector: + app: prometheus + type: ClusterIP diff --git a/genclu/v1_service_redis-cache.yaml b/genclu/v1_service_redis-cache.yaml new file mode 100644 index 000000000000..fa395b1feb36 --- /dev/null +++ b/genclu/v1_service_redis-cache.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + labels: + app: redis-cache + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-cache + namespace: foobar +spec: + ports: + - name: redis + port: 6379 + targetPort: redis + selector: + app: redis-cache + type: ClusterIP diff --git a/genclu/v1_service_redis-store.yaml b/genclu/v1_service_redis-store.yaml new file mode 100644 index 000000000000..345b4292ee59 --- /dev/null +++ b/genclu/v1_service_redis-store.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + labels: + app: redis-store + app.kubernetes.io/component: redis + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: redis-store + namespace: foobar +spec: + ports: + - name: redis + port: 6379 + targetPort: redis + selector: + app: redis-store + type: ClusterIP diff --git a/genclu/v1_service_repo-updater.yaml b/genclu/v1_service_repo-updater.yaml new file mode 100644 index 000000000000..9ab7c55f2b84 --- /dev/null +++ b/genclu/v1_service_repo-updater.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: repo-updater + namespace: foobar +spec: + ports: + - name: http + port: 3182 + targetPort: http + selector: + app: repo-updater + type: ClusterIP diff --git a/genclu/v1_service_searcher.yaml b/genclu/v1_service_searcher.yaml new file mode 100644 index 000000000000..0e504a279830 --- /dev/null +++ b/genclu/v1_service_searcher.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: searcher + app.kubernetes.io/component: searcher + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: searcher + namespace: foobar +spec: + ports: + - name: http + port: 3181 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: searcher + type: ClusterIP diff --git a/genclu/v1_service_sourcegraph-frontend-internal.yaml b/genclu/v1_service_sourcegraph-frontend-internal.yaml new file mode 100644 index 000000000000..c5fa2dc3f0ad --- /dev/null +++ b/genclu/v1_service_sourcegraph-frontend-internal.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend-internal + namespace: foobar +spec: + ports: + - name: http-internal + port: 80 + targetPort: http-internal + selector: + app: sourcegraph-frontend + type: ClusterIP diff --git a/genclu/v1_service_sourcegraph-frontend.yaml b/genclu/v1_service_sourcegraph-frontend.yaml new file mode 100644 index 000000000000..fda4c67f97b6 --- /dev/null +++ b/genclu/v1_service_sourcegraph-frontend.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: sourcegraph-frontend + app.kubernetes.io/component: frontend + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: foobar +spec: + ports: + - name: http + port: 30080 + targetPort: http + selector: + app: sourcegraph-frontend + type: ClusterIP diff --git a/genclu/v1_service_symbols.yaml b/genclu/v1_service_symbols.yaml new file mode 100644 index 000000000000..fdfddae1600f --- /dev/null +++ b/genclu/v1_service_symbols.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: symbols + app.kubernetes.io/component: symbols + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: symbols + namespace: foobar +spec: + ports: + - name: http + port: 3184 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: symbols + type: ClusterIP diff --git a/genclu/v1_service_syntect-server.yaml b/genclu/v1_service_syntect-server.yaml new file mode 100644 index 000000000000..94c70b140670 --- /dev/null +++ b/genclu/v1_service_syntect-server.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: syntect-server + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: syntect-server + namespace: foobar +spec: + ports: + - name: http + port: 9238 + targetPort: http + selector: + app: syntect-server + type: ClusterIP diff --git a/genclu/v1_service_worker.yaml b/genclu/v1_service_worker.yaml new file mode 100644 index 000000000000..1edcfa32fe04 --- /dev/null +++ b/genclu/v1_service_worker.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + labels: + app: worker + app.kubernetes.io/component: worker + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: worker + namespace: foobar +spec: + ports: + - name: http + port: 3189 + targetPort: http + - name: debug + port: 6060 + targetPort: debug + selector: + app: worker + type: ClusterIP diff --git a/genclu/v1_serviceaccount_grafana.yaml b/genclu/v1_serviceaccount_grafana.yaml new file mode 100644 index 000000000000..659820158697 --- /dev/null +++ b/genclu/v1_serviceaccount_grafana.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +imagePullSecrets: +- name: docker-registry +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: grafana + category: rbac + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: grafana + namespace: foobar diff --git a/genclu/v1_serviceaccount_prometheus.yaml b/genclu/v1_serviceaccount_prometheus.yaml new file mode 100644 index 000000000000..64280481bc0d --- /dev/null +++ b/genclu/v1_serviceaccount_prometheus.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +imagePullSecrets: +- name: docker-registry +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: prometheus + category: rbac + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: prometheus + namespace: foobar diff --git a/genclu/v1_serviceaccount_sourcegraph-frontend.yaml b/genclu/v1_serviceaccount_sourcegraph-frontend.yaml new file mode 100644 index 000000000000..e83c7af944a7 --- /dev/null +++ b/genclu/v1_serviceaccount_sourcegraph-frontend.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +imagePullSecrets: +- name: docker-registry +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: frontend + category: rbac + deploy: sourcegraph + sourcegraph-resource-requires: no-cluster-admin + name: sourcegraph-frontend + namespace: foobar diff --git a/overlays/bases/pvcs/kustomization.yaml b/overlays/bases/pvcs/kustomization.yaml index 0471734f0b22..e4b442ab224f 100644 --- a/overlays/bases/pvcs/kustomization.yaml +++ b/overlays/bases/pvcs/kustomization.yaml @@ -8,4 +8,3 @@ resources: - base/codeintel-db/codeintel-db.PersistentVolumeClaim.yaml - base/blobstore/blobstore.PersistentVolumeClaim.yaml - base/codeinsights-db/codeinsights-db.PersistentVolumeClaim.yaml - diff --git a/overlays/envoy/gitserver.EnvoyFilter.yaml b/overlays/envoy/gitserver.EnvoyFilter.yaml index 3336f96cd245..eb9239afdb2e 100644 --- a/overlays/envoy/gitserver.EnvoyFilter.yaml +++ b/overlays/envoy/gitserver.EnvoyFilter.yaml @@ -33,4 +33,4 @@ spec: "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions explicit_http_config: http_protocol_options: - enable_trailers: true \ No newline at end of file + enable_trailers: true diff --git a/overlays/envoy/kustomization.yaml b/overlays/envoy/kustomization.yaml index 8ba225e1d557..7e990458b613 100644 --- a/overlays/envoy/kustomization.yaml +++ b/overlays/envoy/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ../bases/deployments - ../bases/rbac-roles - ../bases/pvcs - - gitserver.EnvoyFilter.yaml \ No newline at end of file + - gitserver.EnvoyFilter.yaml diff --git a/overlays/jaeger/grafana.ConfigMap.yaml b/overlays/jaeger/grafana.ConfigMap.yaml index 43dd15c4ad42..fc1022d0be71 100644 --- a/overlays/jaeger/grafana.ConfigMap.yaml +++ b/overlays/jaeger/grafana.ConfigMap.yaml @@ -5,7 +5,7 @@ metadata: data: datasources.yml: | apiVersion: 1 - + datasources: - name: Prometheus type: prometheus diff --git a/overlays/jaeger/jaeger.Deployment.yaml b/overlays/jaeger/jaeger.Deployment.yaml index 56762414ab96..a82571bc2424 100644 --- a/overlays/jaeger/jaeger.Deployment.yaml +++ b/overlays/jaeger/jaeger.Deployment.yaml @@ -28,34 +28,34 @@ spec: prometheus.io/scrape: "true" prometheus.io/port: "16686" spec: - containers: - - name: jaeger - image: index.docker.io/sourcegraph/jaeger-all-in-one:insiders@sha256:3b7d972994ba6ae3b58575db3249478e2d9393e8b7f1d5c952523aaf0fdd10cf - args: ["--memory.max-traces=20000"] - ports: - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - - containerPort: 5778 - protocol: TCP - - containerPort: 16686 - protocol: TCP - - containerPort: 14250 - protocol: TCP - readinessProbe: - httpGet: - path: "/" - port: 14269 - initialDelaySeconds: 5 - resources: - limits: - cpu: "1" - memory: 1G - requests: - cpu: 500m - memory: 500M - securityContext: - runAsUser: 0 + containers: + - name: jaeger + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/jaeger-all-in-one:5.3.0@sha256:9c84bf86249b404f6a7ecb30b5f30201b3ec17449aad275e4ad192d8e4d970eb + args: ["--memory.max-traces=20000"] + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 16686 + protocol: TCP + - containerPort: 14250 + protocol: TCP + readinessProbe: + httpGet: + path: "/" + port: 14269 + initialDelaySeconds: 5 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 500m + memory: 500M + securityContext: + runAsUser: 0 diff --git a/overlays/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml b/overlays/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml index 7ad588b38a4d..b14168f0d727 100644 --- a/overlays/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml @@ -7,10 +7,10 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.0@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 100:101 /data"] volumeMounts: - - mountPath: /data - name: blobstore-data + - mountPath: /data + name: blobstore-data securityContext: runAsUser: 0 diff --git a/overlays/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml b/overlays/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml index b2f3c76b7a6d..d2d9e584ac01 100644 --- a/overlays/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml +++ b/overlays/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.0@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "if [[ \"$(stat -c '%u' /data/repos)\" -ne 100 ]]; then chown -R 100:101 /data/repos; fi"] volumeMounts: - mountPath: /data/repos diff --git a/overlays/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml b/overlays/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml index baed3900cc17..9599d0a09b9e 100644 --- a/overlays/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml +++ b/overlays/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.0@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 472:472 /var/lib/grafana"] volumeMounts: - mountPath: /var/lib/grafana diff --git a/overlays/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml b/overlays/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml index 30f2ca8da9c6..68c0d884e825 100644 --- a/overlays/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml +++ b/overlays/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.0@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 100:101 /data"] volumeMounts: - mountPath: /data diff --git a/overlays/migrate-to-nonprivileged/kustomization.yaml b/overlays/migrate-to-nonprivileged/kustomization.yaml index aef3a5395e3e..65e9ec06c6d5 100644 --- a/overlays/migrate-to-nonprivileged/kustomization.yaml +++ b/overlays/migrate-to-nonprivileged/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization # If you have used an alternative namespace, please change the default value below before generating your overlays. -namespace: default +namespace: default resources: - ../non-privileged patchesStrategicMerge: diff --git a/overlays/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml b/overlays/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml index ad2789a788ff..87679ec7305a 100644 --- a/overlays/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.0@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 100:100 /prometheus"] volumeMounts: - mountPath: /prometheus diff --git a/overlays/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml b/overlays/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml index c99754068ea4..bd6d8a87c6dd 100644 --- a/overlays/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.0@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 999:1000 /redis-data"] volumeMounts: - mountPath: /redis-data diff --git a/overlays/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml b/overlays/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml index fbab628bf00c..2ea02e7f27ac 100644 --- a/overlays/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.0@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 999:1000 /redis-data"] volumeMounts: - mountPath: /redis-data diff --git a/overlays/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml b/overlays/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml index fbaaa7cd6143..f4b78c4dacb9 100644 --- a/overlays/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-cache - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.0@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "if [[ \"$(stat -c '%u' /mnt/cache)\" -ne 100 ]]; then chown -R 100:101 /mnt/cache; fi"] volumeMounts: - mountPath: /mnt/cache diff --git a/overlays/non-privileged/frontend/sourcegraph-frontend.Deployment.yaml b/overlays/non-privileged/frontend/sourcegraph-frontend.Deployment.yaml index 6ad2e718ca5f..9de0d242672f 100644 --- a/overlays/non-privileged/frontend/sourcegraph-frontend.Deployment.yaml +++ b/overlays/non-privileged/frontend/sourcegraph-frontend.Deployment.yaml @@ -12,9 +12,9 @@ spec: runAsUser: 100 runAsGroup: 101 containers: - - name: frontend - securityContext: - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - runAsUser: 100 - runAsGroup: 101 + - name: frontend + securityContext: + # Required to prevent escalations to root. + allowPrivilegeEscalation: false + runAsUser: 100 + runAsGroup: 101