Embeddings Service Config

charts/sourcegraph/README.md

@@ -90,7 +90,6 @@ In addition to the documented values, all services also support the following va
 | codeIntelDB.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `codeintel-db` |
 | codeIntelDB.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
 | codeIntelDB.storageSize | string | `"200Gi"` | PVC Storage Request for `codeintel-db` data volume |
-| embeddings.backend | object | `{"EMBEDDINGS_UPLOAD_AWS_ENDPOINT":"http://blobstore:9000","EMBEDDINGS_UPLOAD_BACKEND":"blobstore"}` | Configure the storage backend for embeddings |
 | embeddings.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
 | embeddings.enabled | bool | `false` | Enable `embeddings` |
 | embeddings.env | object | `{}` | Environment variables for the `embeddings` container |
@@ -352,6 +351,7 @@ In addition to the documented values, all services also support the following va
 | syntectServer.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntect-server` |
 | syntectServer.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
 | worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
+| worker.env | object | `{}` | Environment variables for the `worker` container |
 | worker.image.defaultTag | string | `"5.0.2@sha256:83f1e1d30bad33a311e8e0c0c9e7995ef7b7df9a1135ac0ff5e5c9561c7b74c4"` | Docker image tag for the `worker` image |
 | worker.image.name | string | `"worker"` | Docker image name for the `worker` image |
 | worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. |

charts/sourcegraph/examples/external-object-storage-embeddings/override.yaml

@@ -0,0 +1,36 @@
+# Override file demonstrating the use of external Object Storage services
+# Learn more from the tutorial below
+# - https://docs.sourcegraph.com/cody/explanations/code_graph_context#storing-embedding-indexes
+
+# Disable deployment of the built-in object storage
+# Only disable if also using external storage for SCIP indexes
+blobstore:
+  enabled: false
+
+# we use YAML anchors and alias to keep override file clean
+objectStorageEnv: &objectStorageEnv
+  EMBEDDINGS_UPLOAD_BACKEND:
+    value: S3 # external object stoage type, one of "S3" or "GCS"
+  EMBEDDINGS_UPLOAD_BUCKET:
+    value: embedings-uploads # external object storage bucket name
+  EMBEDDINGS_UPLOAD_AWS_ENDPOINT:
+    value: https://s3.us-east-1.amazonaws.com
+  EMBEDDINGS_UPLOAD_AWS_REGION:
+    value: us-east-1
+  EMBEDDINGS_UPLOAD_AWS_ACCESS_KEY_ID:
+    secretKeyRef: # Pre-existing secret, not created by this chart
+      name: sourcegraph-s3-credentials
+      key: EMBEDDINGS_UPLOAD_AWS_ACCESS_KEY_ID
+  EMBEDDINGS_UPLOAD_AWS_SECRET_ACCESS_KEY:
+    secretKeyRef: # Pre-existing secret, not created by this chart
+      name: sourcegraph-s3-credentials
+      key: EMBEDDINGS_UPLOAD_AWS_SECRET_ACCESS_KEY
+
+embeddings:
+  enabled: true
+  env:
+    <<: *objectStorageEnv
+
+worker:
+  env:
+    <<: *objectStorageEnv

charts/sourcegraph/templates/embeddings/embeddings.Deployment.yaml

@@ -55,9 +55,13 @@ spec:
         - name: {{ $name }}
           {{- $item | toYaml | nindent 10 }}
         {{- end }}
-        {{- range $name, $item := .Values.embeddings.backend }}
-        - name: {{ $name }}
-          value: {{ $item | quote }}
+        {{- if not .Values.embeddings.env.EMBEDDINGS_UPLOAD_BACKEND }}
+        - name: EMBEDDINGS_UPLOAD_BACKEND
+          value: blobstore
+        {{- end }}
+        {{- if not .Values.embeddings.env.EMBEDDINGS_UPLOAD_AWS_ENDPOINT }}
+        - name: EMBEDDINGS_UPLOAD_AWS_ENDPOINT
+          value: http://blobstore:9000
         {{- end }}
         ports:
         - containerPort: 9991

charts/sourcegraph/templates/worker/worker.Deployment.yaml

@@ -60,11 +60,13 @@ spec:
         - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT
           value: http://blobstore:9000
         {{- end }}
-        {{- if .Values.embeddings.enabled }}
-        {{- range $name, $item := .Values.embeddings.backend }}
-        - name: {{ $name }}
-          value: {{ $item | quote }}
+        {{- if and .Values.embeddings.enabled (not .Values.worker.env.EMBEDDINGS_UPLOAD_BACKEND) }}
+        - name: EMBEDDINGS_UPLOAD_BACKEND
+          value: blobstore
         {{- end }}
+        {{- if and .Values.embeddings.enabled (not .Values.worker.env.EMBEDDINGS_UPLOAD_AWS_ENDPOINT) }}
+        - name: EMBEDDINGS_UPLOAD_AWS_ENDPOINT
+          value: http://blobstore:9000
         {{- end }}
         - name: POD_NAME
           valueFrom:

charts/sourcegraph/values.yaml

@@ -301,10 +301,6 @@ embeddings:
     requests:
       cpu: "4"
       memory: 32G
-  # -- Configure the storage backend for embeddings
-  backend:
-    EMBEDDINGS_UPLOAD_BACKEND: "blobstore"
-    EMBEDDINGS_UPLOAD_AWS_ENDPOINT: "http://blobstore:9000"
   # -- Environment variables for the `embeddings` container
   env: {}
   # -- Security context for the `worker` container,
@@ -1283,6 +1279,8 @@ worker:
     readOnlyRootFilesystem: true
   # -- Name used by resources. Does not affect service names or PVCs.
   name: "worker"
+  # -- Environment variables for the `worker` container
+  env: {}
   # -- Security context for the `worker` pod,
   # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
   podSecurityContext: {}