diff --git a/TEST.md b/TEST.md index 0ba8de6f..4c645608 100644 --- a/TEST.md +++ b/TEST.md @@ -67,7 +67,7 @@ helm template -f ./override.yaml sourcegraph charts/sourcegraph/. Perform a diff of the rendered helm manifests before and after your change. There're many ways to produce the diff: - Run `helm template` before and after the change, then run `diff bundle.old.yaml bundle.new.yaml`. -- Run `helm install` before the change, then run `helm diff` to inspecth the diff. +- Run `helm install` before the change, then run `helm diff` to inspect the diff. ### Deploy the chart diff --git a/charts/sourcegraph/CHANGELOG.md b/charts/sourcegraph/CHANGELOG.md index daf11263..fcd8ff11 100644 --- a/charts/sourcegraph/CHANGELOG.md +++ b/charts/sourcegraph/CHANGELOG.md @@ -8,6 +8,8 @@ Use `**BREAKING**:` to denote a breaking change ## Unreleased +- Added a service for the Qdrant vector database + ## 5.1.6 - Sourcegraph 5.1.6 is now available! diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 74dc7bf5..a5f49939 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -90,7 +90,7 @@ In addition to the documented values, all services also support the following va | codeIntelDB.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `codeintel-db` | | codeIntelDB.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | codeIntelDB.storageSize | string | `"200Gi"` | PVC Storage Request for `codeintel-db` data volume | -| embeddings.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | +| embeddings.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `embeddings` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | embeddings.enabled | bool | `false` | Enable `embeddings` | | embeddings.env | object | `{}` | Environment variables for the `embeddings` container | | embeddings.extraVolumeMounts | object | `{}` | | @@ -99,7 +99,7 @@ In addition to the documented values, all services also support the following va | embeddings.image.name | string | `"embeddings"` | Docker image name for the `embeddings` image | | embeddings.name | string | `"embeddings"` | Name of the `embeddings` service | | embeddings.podSecurityContext | object | `{}` | Security context for the `embeddings` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| embeddings.resources | object | `{"limits":{"cpu":"8","memory":"64G"},"requests":{"cpu":"4","memory":"32G"}}` | Resource requests & limits for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| embeddings.resources | object | `{"limits":{"cpu":"8","memory":"64G"},"requests":{"cpu":"4","memory":"32G"}}` | Resource requests & limits for the `embeddings` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | embeddings.serviceAccount.annotations | object | `{}` | | | embeddings.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `embeddings` | | embeddings.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | @@ -264,6 +264,24 @@ In addition to the documented values, all services also support the following va | prometheus.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount | | prometheus.serviceAccount.name | string | `"prometheus"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | prometheus.storageSize | string | `"200Gi"` | PVC Storage Request for `prometheus` data volume | +| qdrant.config | object | `{"debug":true,"log_level":"INFO"}` | Resource requests & limits for the `qdrant` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| qdrant.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"fsGroup":101,"runAsGroup":101,"runAsUser":100}` | Security context for the `qdrant` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | +| qdrant.enabled | bool | `false` | Enable `qdrant` | +| qdrant.env | object | `{}` | Environment variables for the `qdrant` container | +| qdrant.extraVolumeMounts | object | `{}` | | +| qdrant.extraVolumes | object | `{}` | | +| qdrant.image.defaultTag | string | `"239247_2023-08-18_5.1-433e1b1c997f@sha256:eafcd7af2aca699fa9c9ce8e6aa674cc0470441f794baf031296d5d1cdadd0bc"` | Docker image tag for the `embeddings` image | +| qdrant.image.name | string | `"qdrant"` | Docker image name for the `embeddings` image | +| qdrant.name | string | `"qdrant"` | Name of the `qdrant` service | +| qdrant.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `qdrant` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | +| qdrant.resources.limits.cpu | string | `"2"` | | +| qdrant.resources.limits.memory | string | `"8G"` | | +| qdrant.resources.requests.cpu | string | `"500m"` | | +| qdrant.resources.requests.memory | string | `"2G"` | | +| qdrant.serviceAccount.annotations | object | `{}` | | +| qdrant.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `embeddings` | +| qdrant.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | +| qdrant.storageSize | string | `"100Gi"` | PVC Storage Request for `qdrant` data volume | | redisCache.connection.endpoint | string | `"redis-cache:6379"` | Endpoint to use for redis-cache. Supports either host:port or IANA specification | | redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | diff --git a/charts/sourcegraph/templates/qdrant/qdrant.ConfigMap.yaml b/charts/sourcegraph/templates/qdrant/qdrant.ConfigMap.yaml new file mode 100644 index 00000000..9ccc21b0 --- /dev/null +++ b/charts/sourcegraph/templates/qdrant/qdrant.ConfigMap.yaml @@ -0,0 +1,36 @@ +{{- if .Values.qdrant.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.qdrant.name }} + labels: + deploy: sourcegraph + app.kubernetes.io/component: qdrant +data: + config.yaml: | + debug: {{ .Values.qdrant.config.debug }} + log_level: {{ .Values.qdrant.config.log_level }} + storage: + storage_path: /data + snapshots_path: /data/storage + on_disk_payload: true + service: + http_port: 6333 + grpc_port: 6334 + telemetry_disabled: true + # The following parameters can be configured + # on a per-collection basis, so these are just defaults. + performance: + max_optimization_threads: 4 + optimizers: + max_optimization_threads: 4 + mmap_threshold_kb: 1 + indexing_threshold_kb: 0 # disable indexing + hnsw_index: + m: 8 + ef_construct: 100 + full_scan_threshold: 10 + max_indexing_threads: 4 + on_disk: true + payload_m: 8 +{{- end }} diff --git a/charts/sourcegraph/templates/qdrant/qdrant.PersistentVolumeClaim.yaml b/charts/sourcegraph/templates/qdrant/qdrant.PersistentVolumeClaim.yaml new file mode 100644 index 00000000..e946ae52 --- /dev/null +++ b/charts/sourcegraph/templates/qdrant/qdrant.PersistentVolumeClaim.yaml @@ -0,0 +1,19 @@ +{{- if .Values.qdrant.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + deploy: sourcegraph + app.kubernetes.io/component: qdrant + name: qdrant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.qdrant.storageSize }} + storageClassName: {{ .Values.storageClass.name }} + {{- if .Values.qdrant.volumeName }} + volumeName: {{ .Values.qdrant.volumeName }} + {{- end }} +{{- end }} diff --git a/charts/sourcegraph/templates/qdrant/qdrant.Service.yaml b/charts/sourcegraph/templates/qdrant/qdrant.Service.yaml new file mode 100644 index 00000000..d2084016 --- /dev/null +++ b/charts/sourcegraph/templates/qdrant/qdrant.Service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.qdrant.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + sourcegraph.prometheus/scrape: "true" + prometheus.io/port: "6333" + {{- if .Values.qdrant.serviceAnnotations }} + {{- toYaml .Values.qdrant.serviceAnnotations | nindent 4 }} + {{- end }} + labels: + app: qdrant + deploy: sourcegraph + app.kubernetes.io/component: qdrant + {{- if .Values.qdrant.serviceLabels }} + {{- toYaml .Values.qdrant.serviceLabels | nindent 4 }} + {{- end }} + name: qdrant +spec: + ports: + - name: http + port: 6333 + targetPort: http + - name: grpc + port: 6334 + targetPort: grpc + selector: + {{- include "sourcegraph.selectorLabels" . | nindent 4 }} + app: qdrant + type: {{ .Values.qdrant.serviceType | default "ClusterIP" }} +{{- end }} diff --git a/charts/sourcegraph/templates/qdrant/qdrant.ServiceAccount.yaml b/charts/sourcegraph/templates/qdrant/qdrant.ServiceAccount.yaml new file mode 100644 index 00000000..a8f1014e --- /dev/null +++ b/charts/sourcegraph/templates/qdrant/qdrant.ServiceAccount.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.qdrant.enabled .Values.qdrant.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + category: rbac + deploy: sourcegraph + app.kubernetes.io/component: {{ .Values.qdrant.name }} + {{- include "sourcegraph.serviceAccountAnnotations" (list . "qdrant") | trim | nindent 2 }} + name: {{ include "sourcegraph.serviceAccountName" (list . "qdrant") }} +{{- end }} diff --git a/charts/sourcegraph/templates/qdrant/qdrant.StatefulSet.yaml b/charts/sourcegraph/templates/qdrant/qdrant.StatefulSet.yaml new file mode 100644 index 00000000..947414a4 --- /dev/null +++ b/charts/sourcegraph/templates/qdrant/qdrant.StatefulSet.yaml @@ -0,0 +1,125 @@ +{{- if .Values.qdrant.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Values.qdrant.name }} + annotations: + description: Backend for vector search operations. + labels: + {{- include "sourcegraph.labels" . | nindent 4 }} + {{- if .Values.qdrant.labels }} + {{- toYaml .Values.qdrant.labels | nindent 4 }} + {{- end }} + deploy: sourcegraph + app.kubernetes.io/component: qdrant +spec: + minReadySeconds: 10 + replicas: 1 + revisionHistoryLimit: {{ .Values.sourcegraph.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "sourcegraph.selectorLabels" . | nindent 6 }} + app: {{ .Values.qdrant.name }} + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: qdrant + {{- if .Values.sourcegraph.podAnnotations }} + {{- toYaml .Values.sourcegraph.podAnnotations | nindent 8 }} + {{- end }} + {{- if .Values.qdrant.podAnnotations }} + {{- toYaml .Values.qdrant.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "sourcegraph.selectorLabels" . | nindent 8 }} + {{- if .Values.sourcegraph.podLabels }} + {{- toYaml .Values.sourcegraph.podLabels | nindent 8 }} + {{- end }} + {{- if .Values.qdrant.podLabels }} + {{- toYaml .Values.qdrant.podLabels | nindent 8 }} + {{- end }} + app: {{ .Values.qdrant.name }} + app.kubernetes.io/component: qdrant + deploy: sourcegraph + spec: + containers: + - name: {{ .Values.qdrant.name }} + image: {{ include "sourcegraph.image" (list . "qdrant") }} + imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} + terminationMessagePolicy: FallbackToLogsOnError + env: + {{- range $name, $item := .Values.qdrant.env }} + - name: {{ $name }} + {{- $item | toYaml | nindent 10 }} + {{- end }} + ports: + - containerPort: 6333 + name: http + protocol: TCP + - containerPort: 6334 + name: grpc + protocol: TCP + # TODO: use gRPC liveness/readiness probe once this PR lands: https://github.com/qdrant/qdrant/pull/2409 + readinessProbe: + failureThreshold: 3 + httpGet: + scheme: HTTP + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + scheme: HTTP + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - name: qdrant-data + mountPath: /data + - name: config + mountPath: /etc/qdrant + {{- if .Values.qdrant.extraVolumeMounts }} + {{- toYaml .Values.qdrant.extraVolumeMounts | nindent 8 }} + {{- end }} + {{- if not .Values.sourcegraph.localDevMode}} + resources: + {{- toYaml .Values.qdrant.resources | nindent 10 }} + {{- end }} + securityContext: + {{- toYaml .Values.qdrant.containerSecurityContext | nindent 10 }} + {{- if .Values.blobstore.extraContainers }} + {{- toYaml .Values.blobstore.extraContainers | nindent 6 }} + {{- end }} + securityContext: + {{- toYaml .Values.qdrant.podSecurityContext | nindent 8 }} + {{- include "sourcegraph.nodeSelector" (list . "qdrant" ) | trim | nindent 6 }} + {{- include "sourcegraph.affinity" (list . "qdrant" ) | trim | nindent 6 }} + {{- include "sourcegraph.tolerations" (list . "qdrant" ) | trim | nindent 6 }} + {{- if .Values.qdrant.serviceAccount.create }} + serviceAccountName: {{ .Values.qdrant.serviceAccount.name }} + {{- end}} + {{- with .Values.sourcegraph.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.qdrant.extraVolumes }} + {{- toYaml .Values.qdrant.extraVolumes | nindent 6 }} + {{- end }} + - name: qdrant-data + persistentVolumeClaim: + claimName: qdrant + - name: config + configMap: + name: qdrant + items: + - key: config.yaml + path: config.yaml +{{- end }} diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 3c1739d7..bcc9d73d 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -292,7 +292,7 @@ embeddings: name: "embeddings" # -- Docker image tag for the `embeddings` image defaultTag: "5.1.6@sha256:e849f52e38637882e5d2ba3d7d27a656d897c4b4e2905e1fdb843536d9c948ab" - # -- Resource requests & limits for the `worker` container, + # -- Resource requests & limits for the `embeddings` container, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) resources: limits: @@ -303,7 +303,7 @@ embeddings: memory: 32G # -- Environment variables for the `embeddings` container env: {} - # -- Security context for the `worker` container, + # -- Security context for the `embeddings` container, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) containerSecurityContext: allowPrivilegeEscalation: false @@ -322,6 +322,55 @@ embeddings: extraVolumeMounts: {} extraVolumes: {} +qdrant: + # -- Enable `qdrant` + enabled: false + # -- Name of the `qdrant` service + name: qdrant + image: + # -- Docker image name for the `embeddings` image + name: "qdrant" + # -- Docker image tag for the `embeddings` image + defaultTag: "239247_2023-08-18_5.1-433e1b1c997f@sha256:eafcd7af2aca699fa9c9ce8e6aa674cc0470441f794baf031296d5d1cdadd0bc" + # -- Resource requests & limits for the `qdrant` container, + # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) + config: + debug: true + log_level: INFO + resources: + limits: + cpu: "2" + memory: 8G + requests: + cpu: "500m" + memory: 2G + # -- Environment variables for the `qdrant` container + env: {} + # -- Security context for the `qdrant` container, + # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) + containerSecurityContext: + allowPrivilegeEscalation: false + runAsUser: 100 + runAsGroup: 101 + fsGroup: 101 + # -- Security context for the `qdrant` container, + # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) + podSecurityContext: + runAsUser: 100 + runAsGroup: 101 + fsGroup: 101 + fsGroupChangePolicy: "OnRootMismatch" + serviceAccount: + # -- Enable creation of ServiceAccount for `embeddings` + create: false + # -- Name of the ServiceAccount to be created or an existing ServiceAccount + name: "" + annotations: {} + extraVolumeMounts: {} + extraVolumes: {} + # -- PVC Storage Request for `qdrant` data volume + storageSize: 100Gi + frontend: # -- Environment variables for the `frontend` container # @default -- the chart will add some default environment values