Qdrant: add helm charts

TEST.md

@@ -67,7 +67,7 @@ helm template -f ./override.yaml sourcegraph charts/sourcegraph/.
 Perform a diff of the rendered helm manifests before and after your change. There're many ways to produce the diff:
 
 - Run `helm template` before and after the change, then run `diff bundle.old.yaml bundle.new.yaml`.
-- Run `helm install` before the change, then run `helm diff` to inspecth the diff.
+- Run `helm install` before the change, then run `helm diff` to inspect the diff.
 
 ### Deploy the chart
 

charts/sourcegraph/CHANGELOG.md

@@ -8,6 +8,8 @@ Use `**BREAKING**:` to denote a breaking change
 
 ## Unreleased
 
+- Added a service for the Qdrant vector database
+
 ## 5.1.6
 
 - Sourcegraph 5.1.6 is now available!

charts/sourcegraph/README.md

@@ -90,7 +90,7 @@ In addition to the documented values, all services also support the following va
 | codeIntelDB.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `codeintel-db` |
 | codeIntelDB.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
 | codeIntelDB.storageSize | string | `"200Gi"` | PVC Storage Request for `codeintel-db` data volume |
-| embeddings.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
+| embeddings.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `embeddings` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
 | embeddings.enabled | bool | `false` | Enable `embeddings` |
 | embeddings.env | object | `{}` | Environment variables for the `embeddings` container |
 | embeddings.extraVolumeMounts | object | `{}` |  |
@@ -99,7 +99,7 @@ In addition to the documented values, all services also support the following va
 | embeddings.image.name | string | `"embeddings"` | Docker image name for the `embeddings` image |
 | embeddings.name | string | `"embeddings"` | Name of the `embeddings` service |
 | embeddings.podSecurityContext | object | `{}` | Security context for the `embeddings` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
-| embeddings.resources | object | `{"limits":{"cpu":"8","memory":"64G"},"requests":{"cpu":"4","memory":"32G"}}` | Resource requests & limits for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| embeddings.resources | object | `{"limits":{"cpu":"8","memory":"64G"},"requests":{"cpu":"4","memory":"32G"}}` | Resource requests & limits for the `embeddings` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | embeddings.serviceAccount.annotations | object | `{}` |  |
 | embeddings.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `embeddings` |
 | embeddings.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
@@ -264,6 +264,24 @@ In addition to the documented values, all services also support the following va
 | prometheus.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount |
 | prometheus.serviceAccount.name | string | `"prometheus"` | Name of the ServiceAccount to be created or an existing ServiceAccount |
 | prometheus.storageSize | string | `"200Gi"` | PVC Storage Request for `prometheus` data volume |
+| qdrant.config | object | `{"debug":true,"log_level":"INFO"}` | Resource requests & limits for the `qdrant` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| qdrant.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"fsGroup":101,"runAsGroup":101,"runAsUser":100}` | Security context for the `qdrant` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
+| qdrant.enabled | bool | `false` | Enable `qdrant` |
+| qdrant.env | object | `{}` | Environment variables for the `qdrant` container |
+| qdrant.extraVolumeMounts | object | `{}` |  |
+| qdrant.extraVolumes | object | `{}` |  |
+| qdrant.image.defaultTag | string | `"239247_2023-08-18_5.1-433e1b1c997f@sha256:eafcd7af2aca699fa9c9ce8e6aa674cc0470441f794baf031296d5d1cdadd0bc"` | Docker image tag for the `embeddings` image |
+| qdrant.image.name | string | `"qdrant"` | Docker image name for the `embeddings` image |
+| qdrant.name | string | `"qdrant"` | Name of the `qdrant` service |
+| qdrant.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `qdrant` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |
+| qdrant.resources.limits.cpu | string | `"2"` |  |
+| qdrant.resources.limits.memory | string | `"8G"` |  |
+| qdrant.resources.requests.cpu | string | `"500m"` |  |
+| qdrant.resources.requests.memory | string | `"2G"` |  |
+| qdrant.serviceAccount.annotations | object | `{}` |  |
+| qdrant.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `embeddings` |
+| qdrant.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount |
+| qdrant.storageSize | string | `"100Gi"` | PVC Storage Request for `qdrant` data volume |
 | redisCache.connection.endpoint | string | `"redis-cache:6379"` | Endpoint to use for redis-cache. Supports either host:port or IANA specification |
 | redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) |
 | redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |

charts/sourcegraph/templates/qdrant/qdrant.ConfigMap.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.qdrant.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.qdrant.name }}
+  labels:
+    deploy: sourcegraph
+    app.kubernetes.io/component: qdrant
+data:
+  config.yaml: |
+    debug: {{ .Values.qdrant.config.debug }}
+    log_level: {{ .Values.qdrant.config.log_level }}
+    storage:
+      storage_path: /data
+      snapshots_path: /data/storage
+      on_disk_payload: true
+    service:
+      http_port: 6333
+      grpc_port: 6334
+    telemetry_disabled: true
+    # The following parameters can be configured
+    # on a per-collection basis, so these are just defaults.
+    performance:
+      max_optimization_threads: 4
+    optimizers:
+      max_optimization_threads: 4
+      mmap_threshold_kb: 1
+      indexing_threshold_kb: 0 # disable indexing
+    hnsw_index:
+      m: 8
+      ef_construct: 100
+      full_scan_threshold: 10
+      max_indexing_threads: 4
+      on_disk: true
+      payload_m: 8
+{{- end }}

charts/sourcegraph/templates/qdrant/qdrant.PersistentVolumeClaim.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.qdrant.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    deploy: sourcegraph
+    app.kubernetes.io/component: qdrant
+  name: qdrant
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.qdrant.storageSize }}
+  storageClassName: {{ .Values.storageClass.name }}
+  {{- if .Values.qdrant.volumeName }}
+  volumeName: {{ .Values.qdrant.volumeName }}
+  {{- end }}
+{{- end }}

charts/sourcegraph/templates/qdrant/qdrant.Service.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.qdrant.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    sourcegraph.prometheus/scrape: "true"
+    prometheus.io/port: "6333"
+    {{- if .Values.qdrant.serviceAnnotations }}
+    {{- toYaml .Values.qdrant.serviceAnnotations | nindent 4 }}
+    {{- end }}
+  labels:
+    app: qdrant
+    deploy: sourcegraph
+    app.kubernetes.io/component: qdrant
+    {{- if .Values.qdrant.serviceLabels }}
+      {{- toYaml .Values.qdrant.serviceLabels | nindent 4 }}
+    {{- end }}
+  name: qdrant
+spec:
+  ports:
+  - name: http
+    port: 6333
+    targetPort: http
+  - name: grpc
+    port: 6334
+    targetPort: grpc
+  selector:
+    {{- include "sourcegraph.selectorLabels" . | nindent 4 }}
+    app: qdrant
+  type: {{ .Values.qdrant.serviceType | default "ClusterIP" }}
+{{- end }}

charts/sourcegraph/templates/qdrant/qdrant.ServiceAccount.yaml

@@ -0,0 +1,11 @@
+{{- if and .Values.qdrant.enabled .Values.qdrant.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    category: rbac
+    deploy: sourcegraph
+    app.kubernetes.io/component: {{ .Values.qdrant.name }}
+  {{- include "sourcegraph.serviceAccountAnnotations" (list . "qdrant") | trim | nindent 2 }}
+  name: {{ include "sourcegraph.serviceAccountName" (list . "qdrant") }}
+{{- end }}

charts/sourcegraph/templates/qdrant/qdrant.StatefulSet.yaml

@@ -0,0 +1,125 @@
+{{- if .Values.qdrant.enabled -}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .Values.qdrant.name }}
+  annotations:
+    description: Backend for vector search operations.
+  labels:
+    {{- include "sourcegraph.labels" . | nindent 4 }}
+    {{- if .Values.qdrant.labels }}
+      {{- toYaml .Values.qdrant.labels | nindent 4 }}
+    {{- end }}
+    deploy: sourcegraph
+    app.kubernetes.io/component: qdrant
+spec:
+  minReadySeconds: 10
+  replicas: 1
+  revisionHistoryLimit: {{ .Values.sourcegraph.revisionHistoryLimit }}
+  selector:
+    matchLabels:
+      {{- include "sourcegraph.selectorLabels" . | nindent 6 }}
+      app: {{ .Values.qdrant.name }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: qdrant
+      {{- if .Values.sourcegraph.podAnnotations }}
+      {{- toYaml .Values.sourcegraph.podAnnotations | nindent 8 }}
+      {{- end }}
+      {{- if .Values.qdrant.podAnnotations }}
+      {{- toYaml .Values.qdrant.podAnnotations | nindent 8 }}
+      {{- end }}
+      labels:
+      {{- include "sourcegraph.selectorLabels" . | nindent 8 }}
+      {{- if .Values.sourcegraph.podLabels }}
+      {{- toYaml .Values.sourcegraph.podLabels | nindent 8 }}
+      {{- end }}
+      {{- if .Values.qdrant.podLabels }}
+      {{- toYaml .Values.qdrant.podLabels | nindent 8 }}
+      {{- end }}
+        app: {{ .Values.qdrant.name }}
+        app.kubernetes.io/component: qdrant
+        deploy: sourcegraph
+    spec:
+      containers:
+      - name: {{ .Values.qdrant.name }}
+        image: {{ include "sourcegraph.image" (list . "qdrant") }}
+        imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }}
+        terminationMessagePolicy: FallbackToLogsOnError
+        env:
+        {{- range $name, $item := .Values.qdrant.env }}
+        - name: {{ $name }}
+          {{- $item | toYaml | nindent 10 }}
+        {{- end }}
+        ports:
+          - containerPort: 6333
+            name: http
+            protocol: TCP
+          - containerPort: 6334
+            name: grpc
+            protocol: TCP
+        # TODO: use gRPC liveness/readiness probe once this PR lands: https://github.com/qdrant/qdrant/pull/2409
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            scheme: HTTP
+            port: http
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            scheme: HTTP
+            port: http
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+          - name: qdrant-data
+            mountPath: /data
+          - name: config
+            mountPath: /etc/qdrant
+          {{- if .Values.qdrant.extraVolumeMounts }}
+          {{- toYaml .Values.qdrant.extraVolumeMounts | nindent 8 }}
+          {{- end }}
+        {{- if not .Values.sourcegraph.localDevMode}}
+        resources:
+          {{- toYaml .Values.qdrant.resources | nindent 10 }}
+        {{- end }}
+        securityContext:
+          {{- toYaml .Values.qdrant.containerSecurityContext | nindent 10 }}
+      {{- if .Values.blobstore.extraContainers }}
+        {{- toYaml .Values.blobstore.extraContainers | nindent 6 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.qdrant.podSecurityContext | nindent 8 }}
+      {{- include "sourcegraph.nodeSelector" (list . "qdrant" ) | trim | nindent 6 }}
+      {{- include "sourcegraph.affinity" (list . "qdrant" ) | trim | nindent 6 }}
+      {{- include "sourcegraph.tolerations" (list . "qdrant" ) | trim | nindent 6 }}
+      {{- if .Values.qdrant.serviceAccount.create }}
+      serviceAccountName: {{ .Values.qdrant.serviceAccount.name }}
+      {{- end}}
+      {{- with .Values.sourcegraph.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        {{- if .Values.qdrant.extraVolumes }}
+        {{- toYaml .Values.qdrant.extraVolumes | nindent 6 }}
+        {{- end }}
+        - name: qdrant-data
+          persistentVolumeClaim:
+            claimName: qdrant
+        - name: config
+          configMap:
+            name: qdrant
+            items:
+              - key: config.yaml
+                path: config.yaml
+{{- end }}

charts/sourcegraph/values.yaml

@@ -292,7 +292,7 @@ embeddings:
     name: "embeddings"
     # -- Docker image tag for the `embeddings` image
     defaultTag: "5.1.6@sha256:e849f52e38637882e5d2ba3d7d27a656d897c4b4e2905e1fdb843536d9c948ab"
-  # -- Resource requests & limits for the `worker` container,
+  # -- Resource requests & limits for the `embeddings` container,
   # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
   resources:
     limits:
@@ -303,7 +303,7 @@ embeddings:
       memory: 32G
   # -- Environment variables for the `embeddings` container
   env: {}
-  # -- Security context for the `worker` container,
+  # -- Security context for the `embeddings` container,
   # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)
   containerSecurityContext:
     allowPrivilegeEscalation: false
@@ -322,6 +322,55 @@ embeddings:
   extraVolumeMounts: {}
   extraVolumes: {}
 
+qdrant:
+  # -- Enable `qdrant`
+  enabled: false
+  # -- Name of the `qdrant` service
+  name: qdrant
+  image:
+    # -- Docker image name for the `embeddings` image
+    name: "qdrant"
+    # -- Docker image tag for the `embeddings` image
+    defaultTag: "239247_2023-08-18_5.1-433e1b1c997f@sha256:eafcd7af2aca699fa9c9ce8e6aa674cc0470441f794baf031296d5d1cdadd0bc"
+  # -- Resource requests & limits for the `qdrant` container,
+  # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+  config:
+    debug: true
+    log_level: INFO
+  resources:
+    limits:
+      cpu: "2"
+      memory: 8G
+    requests:
+      cpu: "500m"
+      memory: 2G
+  # -- Environment variables for the `qdrant` container
+  env: {}
+  # -- Security context for the `qdrant` container,
+  # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    runAsUser: 100
+    runAsGroup: 101
+    fsGroup: 101
+  # -- Security context for the `qdrant` container,
+  # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)
+  podSecurityContext:
+    runAsUser: 100
+    runAsGroup: 101
+    fsGroup: 101
+    fsGroupChangePolicy: "OnRootMismatch"
+  serviceAccount:
+    # -- Enable creation of ServiceAccount for `embeddings`
+    create: false
+    # -- Name of the ServiceAccount to be created or an existing ServiceAccount
+    name: ""
+    annotations: {}
+  extraVolumeMounts: {}
+  extraVolumes: {}
+  # -- PVC Storage Request for `qdrant` data volume
+  storageSize: 100Gi
+
 frontend:
   # -- Environment variables for the `frontend` container
   # @default -- the chart will add some default environment values