From 22129c67bfada87d6f287d221c0f66c15b6f7351 Mon Sep 17 00:00:00 2001 From: Jacob Pleiness Date: Mon, 25 Nov 2024 17:15:17 -0500 Subject: [PATCH 1/4] chore(rel): update postgres images to 16 versions (#584) Update Postgres 12 images to Postgres 16. ### Checklist - [x] Follow the [manual testing process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md) - [x] Update [changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md) - [ ] Update [Kubernetes update doc](https://docs.sourcegraph.com/admin/updates/kubernetes) ### Test plan CI tests --- charts/sourcegraph/CHANGELOG.md | 3 +++ charts/sourcegraph/README.md | 12 ++++++------ charts/sourcegraph/values.yaml | 12 ++++++------ 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/charts/sourcegraph/CHANGELOG.md b/charts/sourcegraph/CHANGELOG.md index d28846ec..e1f7848c 100644 --- a/charts/sourcegraph/CHANGELOG.md +++ b/charts/sourcegraph/CHANGELOG.md @@ -8,8 +8,11 @@ Use `**BREAKING**:` to denote a breaking change ## Unreleased +## 5.10.0 + - Updated OpenTelemetry collector and agent images to run as non-root users [#543](https://github.com/sourcegraph/deploy-sourcegraph-helm/pull/543) - redis cache and redis store deployments support priority class +- Update Postgres images to Postgres 16. These images will update existing Postgres 12 databases to Postgres 16. Please see our [technical changelog](https://sourcegraph.com/docs/technical-changelog) for more details. ## 5.6.185 diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index b4d73796..09aeed6b 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -61,8 +61,8 @@ In addition to the documented values, all services also support the following va | codeInsightsDB.enabled | bool | `true` | Enable `codeinsights-db` PostgreSQL server | | codeInsightsDB.env | object | `{}` | Environment variables for the `codeinsights-db` container | | codeInsightsDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeinsights-db`. It must contain a `postgresql.conf` key. | -| codeInsightsDB.image.defaultTag | string | `"5.9.1590@sha256:4e75b2c463ce1ef3bfeec4bb71a16693df02005e66b9e697859ce61064e08f42"` | Docker image tag for the `codeinsights-db` image | -| codeInsightsDB.image.name | string | `"codeinsights-db"` | Docker image name for the `codeinsights-db` image | +| codeInsightsDB.image.defaultTag | string | `"insiders"` | Docker image tag for the `codeinsights-db` image | +| codeInsightsDB.image.name | string | `"postgresql-16-codeinsights"` | Docker image name for the `codeinsights-db` image | | codeInsightsDB.init.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeInsightsDB.name | string | `"codeinsights-db"` | Name used by resources. Does not affect service names or PVCs. | | codeInsightsDB.podSecurityContext | object | `{"fsGroup":70,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":70}` | Security context for the `codeinsights-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -81,8 +81,8 @@ In addition to the documented values, all services also support the following va | codeIntelDB.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `codeintel-db` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeIntelDB.enabled | bool | `true` | Enable `codeintel-db` PostgreSQL server | | codeIntelDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeintel-db`. It must contain a `postgresql.conf` key | -| codeIntelDB.image.defaultTag | string | `"5.9.1590@sha256:3d5dd36e3af6b643903f507422be19ed1cb1f5f71c4541572d4a8a252e81aeb8"` | Docker image tag for the `codeintel-db` image | -| codeIntelDB.image.name | string | `"codeintel-db"` | Docker image name for the `codeintel-db` image | +| codeIntelDB.image.defaultTag | string | `"insiders"` | Docker image tag for the `codeintel-db` image | +| codeIntelDB.image.name | string | `"postgresql-16"` | Docker image name for the `codeintel-db` image | | codeIntelDB.name | string | `"codeintel-db"` | Name used by resources. Does not affect service names or PVCs. | | codeIntelDB.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999}` | Security context for the `codeintel-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | | codeIntelDB.postgresExporter | object | `{}` | Configuration for the `pgsql-exporter` sidecar container | @@ -223,8 +223,8 @@ In addition to the documented values, all services also support the following va | pgsql.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | pgsql.enabled | bool | `true` | Enable `pgsql` PostgreSQL server | | pgsql.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `postgresql.conf` key | -| pgsql.image.defaultTag | string | `"5.9.1590@sha256:3d5dd36e3af6b643903f507422be19ed1cb1f5f71c4541572d4a8a252e81aeb8"` | Docker image tag for the `pgsql` image | -| pgsql.image.name | string | `"postgres-12-alpine"` | Docker image name for the `pgsql` image | +| pgsql.image.defaultTag | string | `"insiders"` | Docker image tag for the `pgsql` image | +| pgsql.image.name | string | `"postgresql-16"` | Docker image name for the `pgsql` image | | pgsql.name | string | `"pgsql"` | Name used by resources. Does not affect service names or PVCs. | | pgsql.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | | pgsql.postgresExporter | object | `{}` | Configuration for the `pgsql-exporter` sidecar container | diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 3f230ac9..53083608 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -174,9 +174,9 @@ codeInsightsDB: additionalConfig: "" image: # -- Docker image tag for the `codeinsights-db` image - defaultTag: 5.9.1590@sha256:4e75b2c463ce1ef3bfeec4bb71a16693df02005e66b9e697859ce61064e08f42 + defaultTag: insiders # -- Docker image name for the `codeinsights-db` image - name: "codeinsights-db" + name: "postgresql-16-codeinsights" # -- Security context for the `codeinsights-db` container, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) containerSecurityContext: @@ -245,9 +245,9 @@ codeIntelDB: additionalConfig: "" image: # -- Docker image tag for the `codeintel-db` image - defaultTag: 5.9.1590@sha256:3d5dd36e3af6b643903f507422be19ed1cb1f5f71c4541572d4a8a252e81aeb8 + defaultTag: insiders # -- Docker image name for the `codeintel-db` image - name: "codeintel-db" + name: "postgresql-16" # -- Security context for the `codeintel-db` container, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) containerSecurityContext: @@ -729,9 +729,9 @@ pgsql: additionalConfig: "" image: # -- Docker image tag for the `pgsql` image - defaultTag: 5.9.1590@sha256:3d5dd36e3af6b643903f507422be19ed1cb1f5f71c4541572d4a8a252e81aeb8 + defaultTag: insiders # -- Docker image name for the `pgsql` image - name: "postgres-12-alpine" + name: "postgresql-16" # -- Security context for the `pgsql` container, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) containerSecurityContext: From 082d4753bd79c67718e546c6f770d71a5e9f698c Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Wed, 27 Nov 2024 03:42:54 +0000 Subject: [PATCH 2/4] release_minor: v5.10.0 {"version":"v5.10.0","inputs":"server=5.10.0","type":"minor"} --- charts/sourcegraph-appliance/Chart.yaml | 4 +- charts/sourcegraph-appliance/README.md | 2 +- charts/sourcegraph-appliance/values.yaml | 2 +- charts/sourcegraph-executor/dind/Chart.yaml | 4 +- charts/sourcegraph-executor/dind/README.md | 4 +- charts/sourcegraph-executor/dind/values.yaml | 4 +- charts/sourcegraph-executor/k8s/Chart.yaml | 4 +- charts/sourcegraph-executor/k8s/README.md | 4 +- charts/sourcegraph-executor/k8s/values.yaml | 4 +- charts/sourcegraph-migrator/Chart.yaml | 4 +- charts/sourcegraph-migrator/README.md | 8 +-- charts/sourcegraph-migrator/values.yaml | 4 +- charts/sourcegraph/Chart.yaml | 4 +- charts/sourcegraph/README.md | 50 +++++++++---------- .../sourcegraph/examples/subchart/Chart.yaml | 4 +- charts/sourcegraph/values.yaml | 50 +++++++++---------- 16 files changed, 78 insertions(+), 78 deletions(-) diff --git a/charts/sourcegraph-appliance/Chart.yaml b/charts/sourcegraph-appliance/Chart.yaml index 0e2de56e..ec124f3d 100644 --- a/charts/sourcegraph-appliance/Chart.yaml +++ b/charts/sourcegraph-appliance/Chart.yaml @@ -4,7 +4,7 @@ description: The Sourcegraph Appliance type: application # Chart version, separate from Sourcegraph -version: "5.9.1590" +version: "5.10.0" # Version of Sourcegraph release -appVersion: "5.9.1590" +appVersion: "5.10.0" diff --git a/charts/sourcegraph-appliance/README.md b/charts/sourcegraph-appliance/README.md index 787f75d0..cba5697a 100644 --- a/charts/sourcegraph-appliance/README.md +++ b/charts/sourcegraph-appliance/README.md @@ -65,5 +65,5 @@ In addition to the documented values, all services also support the following va | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `"sourcegraph-appliance"` | | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | | +| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | | | tolerations | list | `[]` | | diff --git a/charts/sourcegraph-appliance/values.yaml b/charts/sourcegraph-appliance/values.yaml index 8e97e44f..a9c1638b 100644 --- a/charts/sourcegraph-appliance/values.yaml +++ b/charts/sourcegraph-appliance/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 sourcegraph: image: - repository: index.docker.io/sourcegraph + repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. # Version and Tag (above) are subtley different diff --git a/charts/sourcegraph-executor/dind/Chart.yaml b/charts/sourcegraph-executor/dind/Chart.yaml index 1df17b47..77aceddb 100644 --- a/charts/sourcegraph-executor/dind/Chart.yaml +++ b/charts/sourcegraph-executor/dind/Chart.yaml @@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico type: application # Chart version, separate from Sourcegraph -version: "5.9.1590" +version: "5.10.0" # Version of Sourcegraph release -appVersion: "5.9.1590" +appVersion: "5.10.0" diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md index fe2c9dfd..80a161ba 100644 --- a/charts/sourcegraph-executor/dind/README.md +++ b/charts/sourcegraph-executor/dind/README.md @@ -60,7 +60,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.env.EXECUTOR_FRONTEND_URL | object | `{"value":""}` | The external URL of the Sourcegraph instance. Required. | | executor.env.EXECUTOR_QUEUE_NAME | object | `{"value":""}` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAMES is required.** | | executor.env.EXECUTOR_QUEUE_NAMES | object | `{"value":""}` | The comma-separated list of names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAME is required.** | -| executor.image.defaultTag | string | `"5.9.1590@sha256:131141c304cceadcfe7afbe73f909d1202c39140225e3e9476963ffbd9eb3214"` | | +| executor.image.defaultTag | string | `"5.10.0@sha256:765156ac9b1d6422bf45bab4cb5a1f190ef8ec88b8677f94c9f31ba07f39c039"` | | | executor.image.name | string | `"executor"` | | | executor.replicaCount | int | `1` | | | privateDockerRegistry.enabled | bool | `true` | Whether to deploy the private registry. Only one registry is needed when deploying multiple executors. More information: https://docs.sourcegraph.com/admin/executors/deploy_executors#using-private-registries | @@ -71,7 +71,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml index e503d6a9..1224273a 100644 --- a/charts/sourcegraph-executor/dind/values.yaml +++ b/charts/sourcegraph-executor/dind/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: index.docker.io/sourcegraph + repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -55,7 +55,7 @@ storageClass: executor: enabled: true image: - defaultTag: 5.9.1590@sha256:131141c304cceadcfe7afbe73f909d1202c39140225e3e9476963ffbd9eb3214 + defaultTag: 5.10.0@sha256:765156ac9b1d6422bf45bab4cb5a1f190ef8ec88b8677f94c9f31ba07f39c039 name: "executor" replicaCount: 1 env: diff --git a/charts/sourcegraph-executor/k8s/Chart.yaml b/charts/sourcegraph-executor/k8s/Chart.yaml index f1f2716c..f040ddfc 100644 --- a/charts/sourcegraph-executor/k8s/Chart.yaml +++ b/charts/sourcegraph-executor/k8s/Chart.yaml @@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico type: application # Chart version, separate from Sourcegraph -version: "5.9.1590" +version: "5.10.0" # Version of Sourcegraph release -appVersion: "5.9.1590" +appVersion: "5.10.0" diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md index 01271aea..8086cd54 100644 --- a/charts/sourcegraph-executor/k8s/README.md +++ b/charts/sourcegraph-executor/k8s/README.md @@ -61,7 +61,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. | | executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. | | executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. | -| executor.image.defaultTag | string | `"5.9.1590@sha256:0100406b8647f1f1f7959168871ab78ed6cfbf1d7df62bf201de0bd58bf835f9"` | | +| executor.image.defaultTag | string | `"5.10.0@sha256:00ed00025d3aa4b9717cfed8dde05ae5f1718268c8a635bb493e5869ed0ed003"` | | | executor.image.name | string | `"executor-kubernetes"` | | | executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. | | executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. | @@ -94,7 +94,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml index e2c32e45..d073cf58 100644 --- a/charts/sourcegraph-executor/k8s/values.yaml +++ b/charts/sourcegraph-executor/k8s/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: index.docker.io/sourcegraph + repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -57,7 +57,7 @@ executor: configureRbac: true replicas: 1 image: - defaultTag: 5.9.1590@sha256:0100406b8647f1f1f7959168871ab78ed6cfbf1d7df62bf201de0bd58bf835f9 + defaultTag: 5.10.0@sha256:00ed00025d3aa4b9717cfed8dde05ae5f1718268c8a635bb493e5869ed0ed003 name: "executor-kubernetes" # -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). # This will avoid unnecessary network charges as traffic will stay within the local network. diff --git a/charts/sourcegraph-migrator/Chart.yaml b/charts/sourcegraph-migrator/Chart.yaml index 3530d0ba..6a71f845 100644 --- a/charts/sourcegraph-migrator/Chart.yaml +++ b/charts/sourcegraph-migrator/Chart.yaml @@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico type: application # Chart version, separate from Sourcegraph -version: "5.9.1590" +version: "5.10.0" # Version of Sourcegraph release -appVersion: "5.9.1590" +appVersion: "5.10.0" diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md index 30689efc..83059d8c 100644 --- a/charts/sourcegraph-migrator/README.md +++ b/charts/sourcegraph-migrator/README.md @@ -42,7 +42,7 @@ You should consult the list of available [migrator commands]. Below is some exam - Perform initial migrations against external PostgreSQL databases prior to the Sourcegraph deployment ```sh -helm upgrade --install -f --version 5.9.1590 sg-migrator sourcegraph/sourcegraph-migrator +helm upgrade --install -f --version 5.10.0 sg-migrator sourcegraph/sourcegraph-migrator ``` ### Add a migration log entry @@ -52,7 +52,7 @@ helm upgrade --install -f --version 5.9.1590 sg-migrat Add an entry to the migration log after a site administrator has explicitly applied the contents of a migration file, learn more about troubleshooting a [dirty database]. ```sh -helm upgrade --install -f --set "migrator.args={add-log,-db=frontend,-version=1528395834}" --version 5.9.1590 sg-migrator sourcegraph/sourcegraph-migrator +helm upgrade --install -f --set "migrator.args={add-log,-db=frontend,-version=1528395834}" --version 5.10.0 sg-migrator sourcegraph/sourcegraph-migrator ``` ## Rendering manifests for kubectl deployment @@ -80,7 +80,7 @@ In addition to the documented values, the `migrator` service also supports the f | migrator.args | list | `["up","-db=all"]` | Override default `migrator` container args Available commands can be found at https://docs.sourcegraph.com/admin/how-to/manual_database_migrations | | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"5.9.1590@sha256:7031d742e1eeb7843aa9a9af4165c96b59776da0d630742b77fb805f12864ac6"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"5.10.0@sha256:780a1256268107f57cd69c09c0699f636dd20b17ee5d9d04d34f2f9e6512079c"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | pgsql.auth.existingSecret | string | `""` | Name of existing secret to use for pgsql credentials This should match the setting in the sourcegraph chart values | @@ -88,7 +88,7 @@ In addition to the documented values, the `migrator` service also supports the f | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml index 5849708c..1c73be61 100644 --- a/charts/sourcegraph-migrator/values.yaml +++ b/charts/sourcegraph-migrator/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: index.docker.io/sourcegraph + repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -102,7 +102,7 @@ pgsql: migrator: image: # -- Docker image tag for the `migrator` image - defaultTag: 5.9.1590@sha256:7031d742e1eeb7843aa9a9af4165c96b59776da0d630742b77fb805f12864ac6 + defaultTag: 5.10.0@sha256:780a1256268107f57cd69c09c0699f636dd20b17ee5d9d04d34f2f9e6512079c # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container diff --git a/charts/sourcegraph/Chart.yaml b/charts/sourcegraph/Chart.yaml index d45985ba..ca1211a7 100644 --- a/charts/sourcegraph/Chart.yaml +++ b/charts/sourcegraph/Chart.yaml @@ -5,7 +5,7 @@ icon: https://sourcegraph.com/favicon.ico type: application # Chart version, separate from Sourcegraph -version: "5.9.1590" +version: "5.10.0" # Version of Sourcegraph release -appVersion: "5.9.1590" +appVersion: "5.10.0" diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 09aeed6b..d52cdf8d 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -28,12 +28,12 @@ In addition to the documented values, all services also support the following va | Key | Type | Default | Description | |-----|------|---------|-------------| | alpine.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| alpine.image.defaultTag | string | `"5.9.1590@sha256:542e92925d9aa6d62f1f741e8422ef22f29a13b8cf96c2fce118af06eb882742"` | Docker image tag for the `alpine` image | +| alpine.image.defaultTag | string | `"5.10.0@sha256:b064232610f660267155f3613f27c28b4afcf5e9af43c1b63ae597624c358d0c"` | Docker image tag for the `alpine` image | | alpine.image.name | string | `"alpine-3.14"` | Docker image name for the `alpine` image | | alpine.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | blobstore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | blobstore.enabled | bool | `true` | Enable `blobstore` (S3 compatible storage) | -| blobstore.image.defaultTag | string | `"5.9.1590@sha256:e0a170cbc4ecab83ed0471273c2632394a602dea1817e698affc72c14c7469ca"` | Docker image tag for the `blobstore` image | +| blobstore.image.defaultTag | string | `"5.10.0@sha256:713a3142f2b624c9db7d0aa1e9c93783e253ddec1c76b8be33522b384871c594"` | Docker image tag for the `blobstore` image | | blobstore.image.name | string | `"blobstore"` | Docker image name for the `blobstore` image | | blobstore.name | string | `"blobstore"` | Name used by resources. Does not affect service names or PVCs. | | blobstore.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -43,7 +43,7 @@ In addition to the documented values, all services also support the following va | blobstore.storageSize | string | `"100Gi"` | PVC Storage Request for `blobstore` data volume | | cadvisor.containerSecurityContext | object | `{"privileged":true}` | Security context for the `cadvisor` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | cadvisor.enabled | bool | `true` | Enable `cadvisor` | -| cadvisor.image.defaultTag | string | `"5.9.1590@sha256:406a3e6b0ca6384008be43c9b87c761c8e98737f2294af92bcaa2a35a563e63e"` | Docker image tag for the `cadvisor` image | +| cadvisor.image.defaultTag | string | `"5.10.0@sha256:52538dacd447e43849922246c5fed380b836f68532df74cfd63d2785491ba930"` | Docker image tag for the `cadvisor` image | | cadvisor.image.name | string | `"cadvisor"` | Docker image name for the `cadvisor` image | | cadvisor.name | string | `"cadvisor"` | Name used by resources. Does not affect service names or PVCs. | | cadvisor.podSecurityPolicy.enabled | bool | `false` | Enable [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for `cadvisor` pods | @@ -93,7 +93,7 @@ In addition to the documented values, all services also support the following va | extraResources | list | `[]` | Additional resources to include in the rendered manifest. Templates are supported. | | frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container | -| frontend.image.defaultTag | string | `"5.9.1590@sha256:8ee5bf8cf1addad9c9165681a162be6f695bfa823a9cb97114758a849a39892c"` | Docker image tag for the `frontend` image | +| frontend.image.defaultTag | string | `"5.10.0@sha256:2597ce309c4bb29881f468a7cf1425c8304f54174f10767ef57be5f576b73ec3"` | Docker image tag for the `frontend` image | | frontend.image.name | string | `"frontend"` | Docker image name for the `frontend` image | | frontend.ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"}` | Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by [cert-manager](https://cert-manager.io/docs/usage/ingress/) | | frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | [Deprecated annotation](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use `ingressClassName` instead and set an override value of `null` for this annotation. | @@ -109,7 +109,7 @@ In addition to the documented values, all services also support the following va | frontend.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for `frontend` | | frontend.serviceAccount.name | string | `"sourcegraph-frontend"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | gitserver.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| gitserver.image.defaultTag | string | `"5.9.1590@sha256:63ab3a2dbd3bc678e4bdd313bcaa277607a8cf2d88e82897d043a070a7da7471"` | Docker image tag for the `gitserver` image | +| gitserver.image.defaultTag | string | `"5.10.0@sha256:c8b88c155c23c0ef2f75a147be470d0815b6b53ce592f2d73c0ef32f1cbc4110"` | Docker image tag for the `gitserver` image | | gitserver.image.name | string | `"gitserver"` | Docker image name for the `gitserver` image | | gitserver.name | string | `"gitserver"` | Name used by resources. Does not affect service names or PVCs. | | gitserver.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -130,7 +130,7 @@ In addition to the documented values, all services also support the following va | grafana.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | grafana.enabled | bool | `true` | Enable `grafana` dashboard (recommended) | | grafana.existingConfig | string | `""` | Name of existing ConfigMap for `grafana`. It must contain a `datasources.yml` key. | -| grafana.image.defaultTag | string | `"5.9.1590@sha256:ac4e6f2ab247165ee07314f8947d32a9df5bef4a24e73413b3b3664da870954f"` | Docker image tag for the `grafana` image | +| grafana.image.defaultTag | string | `"5.10.0@sha256:96c215b9b7ccac31c20df414944cedf7658311e11e5baf90052f00e38c754b69"` | Docker image tag for the `grafana` image | | grafana.image.name | string | `"grafana"` | Docker image name for the `grafana` image | | grafana.name | string | `"grafana"` | Name used by resources. Does not affect service names or PVCs. | | grafana.podSecurityContext | object | `{"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -139,7 +139,7 @@ In addition to the documented values, all services also support the following va | grafana.serviceAccount.name | string | `"grafana"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | grafana.storageSize | string | `"2Gi"` | PVC Storage Request for `grafana` data volume | | indexedSearch.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-webserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearch.image.defaultTag | string | `"5.9.1590@sha256:49499a9b8eda091f6cbe41058e1701994dd09ffbb9de2dddde34943db32643c3"` | Docker image tag for the `zoekt-webserver` image | +| indexedSearch.image.defaultTag | string | `"5.10.0@sha256:3a10e6f6ad1b4312366269507c5cf983444cd9dc9754586a4a330d48d7751107"` | Docker image tag for the `zoekt-webserver` image | | indexedSearch.image.name | string | `"indexed-searcher"` | Docker image name for the `zoekt-webserver` image | | indexedSearch.name | string | `"indexed-search"` | Name used by resources. Does not affect service names or PVCs. | | indexedSearch.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `indexed-search` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -149,7 +149,7 @@ In addition to the documented values, all services also support the following va | indexedSearch.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | indexedSearch.storageSize | string | `"200Gi"` | PVC Storage Request for `indexed-search` data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. | | indexedSearchIndexer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearchIndexer.image.defaultTag | string | `"5.9.1590@sha256:93a61fc432c7776144c1bff3c682143b6a2634acf64d9d5c5ab857c72810bc35"` | Docker image tag for the `zoekt-indexserver` image | +| indexedSearchIndexer.image.defaultTag | string | `"5.10.0@sha256:7a3dbc5973c1d42fb0c53d167d62d46b0c98e14e8790afe3ed5239ead31c68dd"` | Docker image tag for the `zoekt-indexserver` image | | indexedSearchIndexer.image.name | string | `"search-indexer"` | Docker image name for the `zoekt-indexserver` image | | indexedSearchIndexer.resources | object | `{"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}}` | Resource requests & limits for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. | | jaeger.args | list | `["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"]` | Default args passed to the `jaeger` binary | @@ -159,7 +159,7 @@ In addition to the documented values, all services also support the following va | jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger `collector` service, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | | jaeger.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `jaeger` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | jaeger.enabled | bool | `false` | Enable `jaeger` | -| jaeger.image.defaultTag | string | `"5.9.1590@sha256:58bf91017d27e766374cfe4c4d526138fad5ca93944ae46aca1760fdbc7edf75"` | Docker image tag for the `jaeger` image | +| jaeger.image.defaultTag | string | `"5.10.0@sha256:32e63308e69590b6983144aaa2a66ef7e80393a6fa6419026bcff52bc07dea03"` | Docker image tag for the `jaeger` image | | jaeger.image.name | string | `"jaeger-all-in-one"` | Docker image name for the `jaeger` image | | jaeger.name | string | `"jaeger"` | Name used by resources. Does not affect service names or PVCs. | | jaeger.podSecurityContext | object | `{}` | Security context for the `jaeger` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -174,14 +174,14 @@ In addition to the documented values, all services also support the following va | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.enabled | bool | `true` | Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in `frontend` deployment to perform database migration | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"5.9.1590@sha256:7031d742e1eeb7843aa9a9af4165c96b59776da0d630742b77fb805f12864ac6"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"5.10.0@sha256:780a1256268107f57cd69c09c0699f636dd20b17ee5d9d04d34f2f9e6512079c"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | nodeExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534}` | Security context for the `node-exporter` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | nodeExporter.enabled | bool | `true` | Enable `node-exporter` | | nodeExporter.extraArgs | list | `[]` | | | nodeExporter.hostPID | bool | `true` | | -| nodeExporter.image.defaultTag | string | `"5.9.1590@sha256:5a7d2c0b90a86dfb852053e0af4b6b701606dc4e4f69b15411fe9d123198ff2b"` | Docker image tag for the `node-exporter` image | +| nodeExporter.image.defaultTag | string | `"5.10.0@sha256:8626ab8782707113249d8db8905c77c2c915e467acf08416a5843c3ee5a0a494"` | Docker image tag for the `node-exporter` image | | nodeExporter.image.name | string | `"node-exporter"` | Docker image name for the `node-exporter` image | | nodeExporter.name | string | `"node-exporter"` | Name used by resources. Does not affect service names or PVCs. | | nodeExporter.podSecurityContext | object | `{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}` | Security context for the `node-exporter` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -211,7 +211,7 @@ In addition to the documented values, all services also support the following va | openTelemetry.gateway.resources | object | `{"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}}` | Resource requests & limits for the `otel-collector` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | openTelemetry.gateway.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `otel-collector` | | openTelemetry.gateway.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| openTelemetry.image.defaultTag | string | `"5.9.1590@sha256:21eb71c47ee13f071e899fd16befd25357449da4fd279a0d0d000b59aa9e3057"` | Docker image tag for the `otel-collector` image | +| openTelemetry.image.defaultTag | string | `"5.10.0@sha256:752a4841d2418a26a925c18243d9daa2e399843f7158bddafb4676a2db900f65"` | Docker image tag for the `otel-collector` image | | openTelemetry.image.name | string | `"opentelemetry-collector"` | Docker image name for the `otel-collector` image | | pgsql.additionalConfig | string | `""` | Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our [recommended PostgreSQL configuration](https://docs.sourcegraph.com/admin/config/postgres-conf) and [PostgreSQL documentation](https://www.postgresql.org/docs/12/config-setting.html) | | pgsql.auth.database | string | `"sg"` | Sets postgres database name | @@ -232,12 +232,12 @@ In addition to the documented values, all services also support the following va | pgsql.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `pgsql` | | pgsql.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | pgsql.storageSize | string | `"200Gi"` | PVC Storage Request for `pgsql` data volume | -| postgresExporter.image.defaultTag | string | `"5.9.1590@sha256:ebf5dd7809ae10b617d497f71f430022f88dcab92b55fb4c58df60c43345ab34"` | Docker image tag for the `pgsql-exporter` image | +| postgresExporter.image.defaultTag | string | `"5.10.0@sha256:0c606e6cc4ab19db4c4077852447baf5598e8d2f537e2fc97cdd4e995ad9ea9c"` | Docker image tag for the `pgsql-exporter` image | | postgresExporter.image.name | string | `"postgres_exporter"` | Docker image name for the `pgsql-exporter` image | | postgresExporter.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `pgsql-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | preciseCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | preciseCodeIntel.env | object | `{"NUM_WORKERS":{"value":"4"}}` | Environment variables for the `precise-code-intel-worker` container | -| preciseCodeIntel.image.defaultTag | string | `"5.9.1590@sha256:3f0257b29bc7b79a05701d33e4d1b14998a33254644fe478569ee23b9ec229be"` | Docker image tag for the `precise-code-intel-worker` image | +| preciseCodeIntel.image.defaultTag | string | `"5.10.0@sha256:408aa48da41fed272315d330a5f2ad62fb0f0a1ad6e851a8aee2a0dedf51a9a6"` | Docker image tag for the `precise-code-intel-worker` image | | preciseCodeIntel.image.name | string | `"precise-code-intel-worker"` | Docker image name for the `precise-code-intel-worker` image | | preciseCodeIntel.name | string | `"precise-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | preciseCodeIntel.podSecurityContext | object | `{}` | Security context for the `precise-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -249,7 +249,7 @@ In addition to the documented values, all services also support the following va | prometheus.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":false,"runAsGroup":100,"runAsUser":100}` | Security context for the `prometheus` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) | | prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key | -| prometheus.image.defaultTag | string | `"5.9.1590@sha256:c05d053c0a4faaf8f814996bb922fd74784cc6853dd23a33e4df61e56262ac44"` | Docker image tag for the `prometheus` image | +| prometheus.image.defaultTag | string | `"5.10.0@sha256:c964f93b7b70e43332c0ab74837009c788285a83fade7d72c0bbd115a090df36"` | Docker image tag for the `prometheus` image | | prometheus.image.name | string | `"prometheus"` | Docker image name for the `prometheus` image | | prometheus.name | string | `"prometheus"` | Name used by resources. Does not affect service names or PVCs. | | prometheus.podSecurityContext | object | `{"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `prometheus` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -262,7 +262,7 @@ In addition to the documented values, all services also support the following va | redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisCache.enabled | bool | `true` | Enable `redis-cache` Redis server | -| redisCache.image.defaultTag | string | `"5.9.1590@sha256:aca0a5616ef20c955aeca2e71034e0d4dd65e899716cdc08d72ef1ce1fa9564f"` | Docker image tag for the `redis-cache` image | +| redisCache.image.defaultTag | string | `"5.10.0@sha256:513410052167aa03e988706d9249d9cd6eadd81d6e15bf1f2a7c7e6850344e04"` | Docker image tag for the `redis-cache` image | | redisCache.image.name | string | `"redis-cache"` | Docker image name for the `redis-cache` image | | redisCache.name | string | `"redis-cache"` | Name used by resources. Does not affect service names or PVCs. | | redisCache.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-cache` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -271,14 +271,14 @@ In addition to the documented values, all services also support the following va | redisCache.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisCache.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-cache` data volume | | redisExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| redisExporter.image.defaultTag | string | `"5.9.1590@sha256:8b05fb7f8ff16aa68d05ef6750672fe2a4a9c2358d9b91a10db1327bd5d0cac1"` | Docker image tag for the `redis-exporter` image | +| redisExporter.image.defaultTag | string | `"5.10.0@sha256:1beae35e38bc172546e86c09b48449eae2c2898c91b6bbeb23e45d9e795e8663"` | Docker image tag for the `redis-exporter` image | | redisExporter.image.name | string | `"redis_exporter"` | Docker image name for the `redis-exporter` image | | redisExporter.resources | object | `{"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}}` | Resource requests & limits for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | redisStore.connection.endpoint | string | `"redis-store:6379"` | Endpoint to use for redis-store. Supports either host:port or IANA specification | | redisStore.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisStore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-store` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisStore.enabled | bool | `true` | Enable `redis-store` Redis server | -| redisStore.image.defaultTag | string | `"5.9.1590@sha256:d7d8b5cd4d784b6f8025941701f6db95e0d3ea263e165b611295d30bdc0e6e60"` | Docker image tag for the `redis-store` image | +| redisStore.image.defaultTag | string | `"5.10.0@sha256:6d2f5ff0880ce660aa49b41822bf1def907f8433af52ec25e12f11b7ee14bcc3"` | Docker image tag for the `redis-store` image | | redisStore.image.name | string | `"redis-store"` | Docker image name for the `redis-store` image | | redisStore.name | string | `"redis-store"` | Name used by resources. Does not affect service names or PVCs. | | redisStore.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-store` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -287,7 +287,7 @@ In addition to the documented values, all services also support the following va | redisStore.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisStore.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-store` data volume | | repoUpdater.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `repo-updater` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| repoUpdater.image.defaultTag | string | `"5.9.1590@sha256:d8ec1e1487ed803d07f9fb0dfa2db0a4a637871fa7ba778378749a398de724d9"` | Docker image tag for the `repo-updater` image | +| repoUpdater.image.defaultTag | string | `"5.10.0@sha256:fd28c09622f05af65474cb03aa0a7b63fd9fd4178bcf69ba15d7415834718ba1"` | Docker image tag for the `repo-updater` image | | repoUpdater.image.name | string | `"repo-updater"` | Docker image name for the `repo-updater` image | | repoUpdater.name | string | `"repo-updater"` | Name used by resources. Does not affect service names or PVCs. | | repoUpdater.podSecurityContext | object | `{}` | Security context for the `repo-updater` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -295,7 +295,7 @@ In addition to the documented values, all services also support the following va | repoUpdater.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `repo-updater` | | repoUpdater.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | searcher.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| searcher.image.defaultTag | string | `"5.9.1590@sha256:76173ca0542622c390c5ae2af2cf8e40a9b175f01dc4a9c931285ac2cfd88854"` | Docker image tag for the `searcher` image | +| searcher.image.defaultTag | string | `"5.10.0@sha256:078510c889843b17125546399ea54e793d477ef562ca6638c7a2188ef9c9c66a"` | Docker image tag for the `searcher` image | | searcher.image.name | string | `"searcher"` | Docker image name for the `searcher` image | | searcher.name | string | `"searcher"` | Name used by resources. Does not affect service names or PVCs. | | searcher.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `searcher` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -307,7 +307,7 @@ In addition to the documented values, all services also support the following va | sourcegraph.affinity | object | `{}` | Global Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add extra labels to all resources | @@ -326,7 +326,7 @@ In addition to the documented values, all services also support the following va | storageClass.provisioner | string | `"kubernetes.io/gce-pd"` | Name of the storageClass provisioner, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner) and consult your cloud provider persistent storage documentation | | storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation | | symbols.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| symbols.image.defaultTag | string | `"5.9.1590@sha256:f4c570b42fbdedc132010c94f1d20fa286c09b255b4bc57e51885b41dd4ea886"` | Docker image tag for the `symbols` image | +| symbols.image.defaultTag | string | `"5.10.0@sha256:21b3d17d147208fa59e7eb5a5cccdd7de89714bc186c46a5237f9037206299ee"` | Docker image tag for the `symbols` image | | symbols.image.name | string | `"symbols"` | Docker image name for the `symbols` image | | symbols.name | string | `"symbols"` | Name used by resources. Does not affect service names or PVCs. | | symbols.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `symbols` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -337,7 +337,7 @@ In addition to the documented values, all services also support the following va | symbols.storageSize | string | `"12Gi"` | Size of the PVC for symbols pods to store cache data | | syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | syntacticCodeIntel.enabled | bool | `false` | | -| syntacticCodeIntel.image.defaultTag | string | `"5.9.1590@sha256:b29ec6c9f9fb8f76b9d3758b69ceadfd6f310667b6682b51599bef1cbbb7e651"` | Docker image tag for the `syntactic-code-intel-worker` image | +| syntacticCodeIntel.image.defaultTag | string | `"5.10.0@sha256:1198f54e664b498bd2ef920749cb7c51daf6518d73da03214129659cdfc72784"` | Docker image tag for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.image.name | string | `"syntactic-code-intel-worker"` | Docker image name for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.name | string | `"syntactic-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | syntacticCodeIntel.podSecurityContext | object | `{}` | Security context for the `syntactic-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -347,7 +347,7 @@ In addition to the documented values, all services also support the following va | syntacticCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntactic-code-intel-worker` | | syntacticCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | syntectServer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntect-server` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| syntectServer.image.defaultTag | string | `"5.9.1590@sha256:7a15d6fd63d0d6a39f9066209f3c406674b41cf1d365e172cc30cd877e7c0885"` | Docker image tag for the `syntect-server` image | +| syntectServer.image.defaultTag | string | `"5.10.0@sha256:7425fe182eb9315803cf22bd534907d0aef722d71cdd2d2ccdc6e5a656f036cb"` | Docker image tag for the `syntect-server` image | | syntectServer.image.name | string | `"syntax-highlighter"` | Docker image name for the `syntect-server` image | | syntectServer.name | string | `"syntect-server"` | Name used by resources. Does not affect service names or PVCs. | | syntectServer.podSecurityContext | object | `{}` | Security context for the `syntect-server` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -358,7 +358,7 @@ In addition to the documented values, all services also support the following va | worker.blocklist | list | `[]` | List of jobs to block globally If replicas are configured, use this values to block jobs instead of manually setting WORKER_JOB_BLOCKLIST | | worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | worker.env | object | `{}` | Environment variables for the `worker` container | -| worker.image.defaultTag | string | `"5.9.1590@sha256:b258021d297a7a562982a5606507d4e4ddb27ebe010f3fdbbda20ab7f0a9f4fc"` | Docker image tag for the `worker` image | +| worker.image.defaultTag | string | `"5.10.0@sha256:6a16c2fb29525189f5f8318f8fb5f710a2e57802d8bb7c556ff7fb64d57abc2b"` | Docker image tag for the `worker` image | | worker.image.name | string | `"worker"` | Docker image name for the `worker` image | | worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. | | worker.podSecurityContext | object | `{}` | Security context for the `worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | diff --git a/charts/sourcegraph/examples/subchart/Chart.yaml b/charts/sourcegraph/examples/subchart/Chart.yaml index 61c350dc..f8e12bf3 100644 --- a/charts/sourcegraph/examples/subchart/Chart.yaml +++ b/charts/sourcegraph/examples/subchart/Chart.yaml @@ -2,10 +2,10 @@ apiVersion: v2 name: sourcegraph-subchart description: Customer-owned chart that inherits from Sourcegraph type: application -version: "5.9.1590" +version: "5.10.0" dependencies: - name: sourcegraph alias: sg # Optional, allows a custom name to be used - version: "5.9.1590" + version: "5.10.0" repository: "https://sourcegraph.github.io/deploy-sourcegraph-helm" diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 53083608..2d181dd6 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -9,7 +9,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: index.docker.io/sourcegraph + repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -86,7 +86,7 @@ sourcegraph: alpine: # Used in init containers image: # -- Docker image tag for the `alpine` image - defaultTag: 5.9.1590@sha256:542e92925d9aa6d62f1f741e8422ef22f29a13b8cf96c2fce118af06eb882742 + defaultTag: 5.10.0@sha256:b064232610f660267155f3613f27c28b4afcf5e9af43c1b63ae597624c358d0c # -- Docker image name for the `alpine` image name: "alpine-3.14" # -- Security context for the `alpine` initContainer, @@ -111,7 +111,7 @@ cadvisor: enabled: true image: # -- Docker image tag for the `cadvisor` image - defaultTag: 5.9.1590@sha256:406a3e6b0ca6384008be43c9b87c761c8e98737f2294af92bcaa2a35a563e63e + defaultTag: 5.10.0@sha256:52538dacd447e43849922246c5fed380b836f68532df74cfd63d2785491ba930 # -- Docker image name for the `cadvisor` image name: "cadvisor" # -- Name used by resources. Does not affect service names or PVCs. @@ -296,7 +296,7 @@ frontend: value: http://prometheus:30090 image: # -- Docker image tag for the `frontend` image - defaultTag: 5.9.1590@sha256:8ee5bf8cf1addad9c9165681a162be6f695bfa823a9cb97114758a849a39892c + defaultTag: 5.10.0@sha256:2597ce309c4bb29881f468a7cf1425c8304f54174f10767ef57be5f576b73ec3 # -- Docker image name for the `frontend` image name: "frontend" ingress: @@ -354,7 +354,7 @@ migrator: enabled: true image: # -- Docker image tag for the `migrator` image - defaultTag: 5.9.1590@sha256:7031d742e1eeb7843aa9a9af4165c96b59776da0d630742b77fb805f12864ac6 + defaultTag: 5.10.0@sha256:780a1256268107f57cd69c09c0699f636dd20b17ee5d9d04d34f2f9e6512079c # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container @@ -379,7 +379,7 @@ migrator: gitserver: image: # -- Docker image tag for the `gitserver` image - defaultTag: 5.9.1590@sha256:63ab3a2dbd3bc678e4bdd313bcaa277607a8cf2d88e82897d043a070a7da7471 + defaultTag: 5.10.0@sha256:c8b88c155c23c0ef2f75a147be470d0815b6b53ce592f2d73c0ef32f1cbc4110 # -- Docker image name for the `gitserver` image name: "gitserver" # -- Name of existing Secret that contains SSH credentials to clone repositories. @@ -447,7 +447,7 @@ grafana: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `grafana` image - defaultTag: 5.9.1590@sha256:ac4e6f2ab247165ee07314f8947d32a9df5bef4a24e73413b3b3664da870954f + defaultTag: 5.10.0@sha256:96c215b9b7ccac31c20df414944cedf7658311e11e5baf90052f00e38c754b69 # -- Docker image name for the `grafana` image name: "grafana" # -- Security context for the `grafana` container, @@ -486,7 +486,7 @@ grafana: indexedSearch: image: # -- Docker image tag for the `zoekt-webserver` image - defaultTag: 5.9.1590@sha256:49499a9b8eda091f6cbe41058e1701994dd09ffbb9de2dddde34943db32643c3 + defaultTag: 5.10.0@sha256:3a10e6f6ad1b4312366269507c5cf983444cd9dc9754586a4a330d48d7751107 # -- Docker image name for the `zoekt-webserver` image name: "indexed-searcher" # -- Security context for the `zoekt-webserver` container, @@ -527,7 +527,7 @@ indexedSearch: indexedSearchIndexer: image: # -- Docker image tag for the `zoekt-indexserver` image - defaultTag: 5.9.1590@sha256:93a61fc432c7776144c1bff3c682143b6a2634acf64d9d5c5ab857c72810bc35 + defaultTag: 5.10.0@sha256:7a3dbc5973c1d42fb0c53d167d62d46b0c98e14e8790afe3ed5239ead31c68dd # -- Docker image name for the `zoekt-indexserver` image name: "search-indexer" # -- Security context for the `zoekt-indexserver` container, @@ -554,7 +554,7 @@ blobstore: enabled: true image: # -- Docker image tag for the `blobstore` image - defaultTag: 5.9.1590@sha256:e0a170cbc4ecab83ed0471273c2632394a602dea1817e698affc72c14c7469ca + defaultTag: 5.10.0@sha256:713a3142f2b624c9db7d0aa1e9c93783e253ddec1c76b8be33522b384871c594 # -- Docker image name for the `blobstore` image name: "blobstore" # -- Security context for the `blobstore` container, @@ -593,7 +593,7 @@ openTelemetry: enabled: true image: # -- Docker image tag for the `otel-collector` image - defaultTag: 5.9.1590@sha256:21eb71c47ee13f071e899fd16befd25357449da4fd279a0d0d000b59aa9e3057 + defaultTag: 5.10.0@sha256:752a4841d2418a26a925c18243d9daa2e399843f7158bddafb4676a2db900f65 # -- Docker image name for the `otel-collector` image name: "opentelemetry-collector" gateway: @@ -660,7 +660,7 @@ nodeExporter: enabled: true image: # -- Docker image tag for the `node-exporter` image - defaultTag: 5.9.1590@sha256:5a7d2c0b90a86dfb852053e0af4b6b701606dc4e4f69b15411fe9d123198ff2b + defaultTag: 5.10.0@sha256:8626ab8782707113249d8db8905c77c2c915e467acf08416a5843c3ee5a0a494 # -- Docker image name for the `node-exporter` image name: "node-exporter" # -- Name used by resources. Does not affect service names or PVCs. @@ -771,7 +771,7 @@ pgsql: postgresExporter: image: # -- Docker image tag for the `pgsql-exporter` image - defaultTag: 5.9.1590@sha256:ebf5dd7809ae10b617d497f71f430022f88dcab92b55fb4c58df60c43345ab34 + defaultTag: 5.10.0@sha256:0c606e6cc4ab19db4c4077852447baf5598e8d2f537e2fc97cdd4e995ad9ea9c # -- Docker image name for the `pgsql-exporter` image name: "postgres_exporter" # -- Resource requests & limits for the `pgsql-exporter` sidecar container, @@ -791,7 +791,7 @@ syntacticCodeIntel: workerPort: 3188 image: # -- Docker image tag for the `syntactic-code-intel-worker` image - defaultTag: 5.9.1590@sha256:b29ec6c9f9fb8f76b9d3758b69ceadfd6f310667b6682b51599bef1cbbb7e651 + defaultTag: 5.10.0@sha256:1198f54e664b498bd2ef920749cb7c51daf6518d73da03214129659cdfc72784 # -- Docker image name for the `syntactic-code-intel-worker` image name: "syntactic-code-intel-worker" # -- Security context for the `syntactic-code-intel-worker` container, @@ -831,7 +831,7 @@ preciseCodeIntel: value: "4" image: # -- Docker image tag for the `precise-code-intel-worker` image - defaultTag: 5.9.1590@sha256:3f0257b29bc7b79a05701d33e4d1b14998a33254644fe478569ee23b9ec229be + defaultTag: 5.10.0@sha256:408aa48da41fed272315d330a5f2ad62fb0f0a1ad6e851a8aee2a0dedf51a9a6 # -- Docker image name for the `precise-code-intel-worker` image name: "precise-code-intel-worker" # -- Security context for the `precise-code-intel-worker` container, @@ -870,7 +870,7 @@ prometheus: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `prometheus` image - defaultTag: 5.9.1590@sha256:c05d053c0a4faaf8f814996bb922fd74784cc6853dd23a33e4df61e56262ac44 + defaultTag: 5.10.0@sha256:c964f93b7b70e43332c0ab74837009c788285a83fade7d72c0bbd115a090df36 # -- Docker image name for the `prometheus` image name: "prometheus" # -- Security context for the `prometheus` container, @@ -920,7 +920,7 @@ redisCache: enabled: true image: # -- Docker image tag for the `redis-cache` image - defaultTag: 5.9.1590@sha256:aca0a5616ef20c955aeca2e71034e0d4dd65e899716cdc08d72ef1ce1fa9564f + defaultTag: 5.10.0@sha256:513410052167aa03e988706d9249d9cd6eadd81d6e15bf1f2a7c7e6850344e04 # -- Docker image name for the `redis-cache` image name: "redis-cache" connection: @@ -964,7 +964,7 @@ redisCache: redisExporter: image: # -- Docker image tag for the `redis-exporter` image - defaultTag: 5.9.1590@sha256:8b05fb7f8ff16aa68d05ef6750672fe2a4a9c2358d9b91a10db1327bd5d0cac1 + defaultTag: 5.10.0@sha256:1beae35e38bc172546e86c09b48449eae2c2898c91b6bbeb23e45d9e795e8663 # -- Docker image name for the `redis-exporter` image name: "redis_exporter" # -- Security context for the `redis-exporter` sidecar container, @@ -996,7 +996,7 @@ redisStore: endpoint: "redis-store:6379" image: # -- Docker image tag for the `redis-store` image - defaultTag: 5.9.1590@sha256:d7d8b5cd4d784b6f8025941701f6db95e0d3ea263e165b611295d30bdc0e6e60 + defaultTag: 5.10.0@sha256:6d2f5ff0880ce660aa49b41822bf1def907f8433af52ec25e12f11b7ee14bcc3 # -- Docker image name for the `redis-store` image name: "redis-store" # -- Security context for the `redis-store` container, @@ -1033,7 +1033,7 @@ redisStore: repoUpdater: image: # -- Docker image tag for the `repo-updater` image - defaultTag: 5.9.1590@sha256:d8ec1e1487ed803d07f9fb0dfa2db0a4a637871fa7ba778378749a398de724d9 + defaultTag: 5.10.0@sha256:fd28c09622f05af65474cb03aa0a7b63fd9fd4178bcf69ba15d7415834718ba1 # -- Docker image name for the `repo-updater` image name: "repo-updater" # -- Security context for the `repo-updater` container, @@ -1066,7 +1066,7 @@ repoUpdater: searcher: image: # -- Docker image tag for the `searcher` image - defaultTag: 5.9.1590@sha256:76173ca0542622c390c5ae2af2cf8e40a9b175f01dc4a9c931285ac2cfd88854 + defaultTag: 5.10.0@sha256:078510c889843b17125546399ea54e793d477ef562ca6638c7a2188ef9c9c66a # -- Docker image name for the `searcher` image name: "searcher" # -- Security context for the `searcher` container, @@ -1127,7 +1127,7 @@ storageClass: symbols: image: # -- Docker image tag for the `symbols` image - defaultTag: 5.9.1590@sha256:f4c570b42fbdedc132010c94f1d20fa286c09b255b4bc57e51885b41dd4ea886 + defaultTag: 5.10.0@sha256:21b3d17d147208fa59e7eb5a5cccdd7de89714bc186c46a5237f9037206299ee # -- Docker image name for the `symbols` image name: "symbols" # -- Security context for the `symbols` container, @@ -1167,7 +1167,7 @@ symbols: syntectServer: image: # -- Docker image tag for the `syntect-server` image - defaultTag: 5.9.1590@sha256:7a15d6fd63d0d6a39f9066209f3c406674b41cf1d365e172cc30cd877e7c0885 + defaultTag: 5.10.0@sha256:7425fe182eb9315803cf22bd534907d0aef722d71cdd2d2ccdc6e5a656f036cb # -- Docker image name for the `syntect-server` image name: "syntax-highlighter" # -- Security context for the `syntect-server` container, @@ -1215,7 +1215,7 @@ jaeger: enabled: false image: # -- Docker image tag for the `jaeger` image - defaultTag: 5.9.1590@sha256:58bf91017d27e766374cfe4c4d526138fad5ca93944ae46aca1760fdbc7edf75 + defaultTag: 5.10.0@sha256:32e63308e69590b6983144aaa2a66ef7e80393a6fa6419026bcff52bc07dea03 # -- Docker image name for the `jaeger` image name: "jaeger-all-in-one" # -- Name used by resources. Does not affect service names or PVCs. @@ -1263,7 +1263,7 @@ jaeger: worker: image: # -- Docker image tag for the `worker` image - defaultTag: 5.9.1590@sha256:b258021d297a7a562982a5606507d4e4ddb27ebe010f3fdbbda20ab7f0a9f4fc + defaultTag: 5.10.0@sha256:6a16c2fb29525189f5f8318f8fb5f710a2e57802d8bb7c556ff7fb64d57abc2b # -- Docker image name for the `worker` image name: "worker" # -- Security context for the `worker` container, From 50758849e76f8155330279288fc0de22e1b5f497 Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Wed, 27 Nov 2024 05:25:26 +0000 Subject: [PATCH 3/4] promote-release: v5.10.0 {"version":"v5.10.0","inputs":"server=5.10.0","type":"minor"} --- charts/sourcegraph-appliance/README.md | 2 +- charts/sourcegraph-appliance/values.yaml | 2 +- charts/sourcegraph-executor/dind/README.md | 4 +- charts/sourcegraph-executor/dind/values.yaml | 4 +- charts/sourcegraph-executor/k8s/README.md | 4 +- charts/sourcegraph-executor/k8s/values.yaml | 4 +- charts/sourcegraph-migrator/README.md | 4 +- charts/sourcegraph-migrator/values.yaml | 4 +- charts/sourcegraph/README.md | 50 ++++++++++---------- charts/sourcegraph/values.yaml | 50 ++++++++++---------- 10 files changed, 64 insertions(+), 64 deletions(-) diff --git a/charts/sourcegraph-appliance/README.md b/charts/sourcegraph-appliance/README.md index cba5697a..787f75d0 100644 --- a/charts/sourcegraph-appliance/README.md +++ b/charts/sourcegraph-appliance/README.md @@ -65,5 +65,5 @@ In addition to the documented values, all services also support the following va | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `"sourcegraph-appliance"` | | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | | | tolerations | list | `[]` | | diff --git a/charts/sourcegraph-appliance/values.yaml b/charts/sourcegraph-appliance/values.yaml index a9c1638b..8e97e44f 100644 --- a/charts/sourcegraph-appliance/values.yaml +++ b/charts/sourcegraph-appliance/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 sourcegraph: image: - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. # Version and Tag (above) are subtley different diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md index 80a161ba..560a8268 100644 --- a/charts/sourcegraph-executor/dind/README.md +++ b/charts/sourcegraph-executor/dind/README.md @@ -60,7 +60,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.env.EXECUTOR_FRONTEND_URL | object | `{"value":""}` | The external URL of the Sourcegraph instance. Required. | | executor.env.EXECUTOR_QUEUE_NAME | object | `{"value":""}` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAMES is required.** | | executor.env.EXECUTOR_QUEUE_NAMES | object | `{"value":""}` | The comma-separated list of names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAME is required.** | -| executor.image.defaultTag | string | `"5.10.0@sha256:765156ac9b1d6422bf45bab4cb5a1f190ef8ec88b8677f94c9f31ba07f39c039"` | | +| executor.image.defaultTag | string | `"5.10.0@sha256:1d354b4e6fc2ead29c413341f6107beefb08810394325f6c8b45eb0b22802ecc"` | | | executor.image.name | string | `"executor"` | | | executor.replicaCount | int | `1` | | | privateDockerRegistry.enabled | bool | `true` | Whether to deploy the private registry. Only one registry is needed when deploying multiple executors. More information: https://docs.sourcegraph.com/admin/executors/deploy_executors#using-private-registries | @@ -71,7 +71,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml index 1224273a..61a79c48 100644 --- a/charts/sourcegraph-executor/dind/values.yaml +++ b/charts/sourcegraph-executor/dind/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -55,7 +55,7 @@ storageClass: executor: enabled: true image: - defaultTag: 5.10.0@sha256:765156ac9b1d6422bf45bab4cb5a1f190ef8ec88b8677f94c9f31ba07f39c039 + defaultTag: 5.10.0@sha256:1d354b4e6fc2ead29c413341f6107beefb08810394325f6c8b45eb0b22802ecc name: "executor" replicaCount: 1 env: diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md index 8086cd54..931734d9 100644 --- a/charts/sourcegraph-executor/k8s/README.md +++ b/charts/sourcegraph-executor/k8s/README.md @@ -61,7 +61,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. | | executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. | | executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. | -| executor.image.defaultTag | string | `"5.10.0@sha256:00ed00025d3aa4b9717cfed8dde05ae5f1718268c8a635bb493e5869ed0ed003"` | | +| executor.image.defaultTag | string | `"5.10.0@sha256:d621528eaaea2a4f39db23da1b69feb0a7cc9ecae291ce54fda821c424664267"` | | | executor.image.name | string | `"executor-kubernetes"` | | | executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. | | executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. | @@ -94,7 +94,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml index d073cf58..e853be19 100644 --- a/charts/sourcegraph-executor/k8s/values.yaml +++ b/charts/sourcegraph-executor/k8s/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -57,7 +57,7 @@ executor: configureRbac: true replicas: 1 image: - defaultTag: 5.10.0@sha256:00ed00025d3aa4b9717cfed8dde05ae5f1718268c8a635bb493e5869ed0ed003 + defaultTag: 5.10.0@sha256:d621528eaaea2a4f39db23da1b69feb0a7cc9ecae291ce54fda821c424664267 name: "executor-kubernetes" # -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). # This will avoid unnecessary network charges as traffic will stay within the local network. diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md index 83059d8c..e3fb9a1f 100644 --- a/charts/sourcegraph-migrator/README.md +++ b/charts/sourcegraph-migrator/README.md @@ -80,7 +80,7 @@ In addition to the documented values, the `migrator` service also supports the f | migrator.args | list | `["up","-db=all"]` | Override default `migrator` container args Available commands can be found at https://docs.sourcegraph.com/admin/how-to/manual_database_migrations | | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"5.10.0@sha256:780a1256268107f57cd69c09c0699f636dd20b17ee5d9d04d34f2f9e6512079c"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"5.10.0@sha256:fc2b0c4ff82ebca70dd19f48ebb8378eb00d41959466b099c15870e2cacf80d2"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | pgsql.auth.existingSecret | string | `""` | Name of existing secret to use for pgsql credentials This should match the setting in the sourcegraph chart values | @@ -88,7 +88,7 @@ In addition to the documented values, the `migrator` service also supports the f | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml index 1c73be61..aa9000ff 100644 --- a/charts/sourcegraph-migrator/values.yaml +++ b/charts/sourcegraph-migrator/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -102,7 +102,7 @@ pgsql: migrator: image: # -- Docker image tag for the `migrator` image - defaultTag: 5.10.0@sha256:780a1256268107f57cd69c09c0699f636dd20b17ee5d9d04d34f2f9e6512079c + defaultTag: 5.10.0@sha256:fc2b0c4ff82ebca70dd19f48ebb8378eb00d41959466b099c15870e2cacf80d2 # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index d52cdf8d..b807e703 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -28,12 +28,12 @@ In addition to the documented values, all services also support the following va | Key | Type | Default | Description | |-----|------|---------|-------------| | alpine.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| alpine.image.defaultTag | string | `"5.10.0@sha256:b064232610f660267155f3613f27c28b4afcf5e9af43c1b63ae597624c358d0c"` | Docker image tag for the `alpine` image | +| alpine.image.defaultTag | string | `"5.10.0@sha256:5d7262caf360dc668bd598c5233049526f0e46fd4bb91f301544515a9eb79df8"` | Docker image tag for the `alpine` image | | alpine.image.name | string | `"alpine-3.14"` | Docker image name for the `alpine` image | | alpine.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | blobstore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | blobstore.enabled | bool | `true` | Enable `blobstore` (S3 compatible storage) | -| blobstore.image.defaultTag | string | `"5.10.0@sha256:713a3142f2b624c9db7d0aa1e9c93783e253ddec1c76b8be33522b384871c594"` | Docker image tag for the `blobstore` image | +| blobstore.image.defaultTag | string | `"5.10.0@sha256:075736a86c5e4cf0cc889d4e895b469eb4f8c2b094e9bc61490b10acb5dfb1dd"` | Docker image tag for the `blobstore` image | | blobstore.image.name | string | `"blobstore"` | Docker image name for the `blobstore` image | | blobstore.name | string | `"blobstore"` | Name used by resources. Does not affect service names or PVCs. | | blobstore.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -43,7 +43,7 @@ In addition to the documented values, all services also support the following va | blobstore.storageSize | string | `"100Gi"` | PVC Storage Request for `blobstore` data volume | | cadvisor.containerSecurityContext | object | `{"privileged":true}` | Security context for the `cadvisor` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | cadvisor.enabled | bool | `true` | Enable `cadvisor` | -| cadvisor.image.defaultTag | string | `"5.10.0@sha256:52538dacd447e43849922246c5fed380b836f68532df74cfd63d2785491ba930"` | Docker image tag for the `cadvisor` image | +| cadvisor.image.defaultTag | string | `"5.10.0@sha256:26767f32ffeaf4e3cfba699c34951f49ac8312cbca4dc36609c3bec3cd2a2d8e"` | Docker image tag for the `cadvisor` image | | cadvisor.image.name | string | `"cadvisor"` | Docker image name for the `cadvisor` image | | cadvisor.name | string | `"cadvisor"` | Name used by resources. Does not affect service names or PVCs. | | cadvisor.podSecurityPolicy.enabled | bool | `false` | Enable [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for `cadvisor` pods | @@ -93,7 +93,7 @@ In addition to the documented values, all services also support the following va | extraResources | list | `[]` | Additional resources to include in the rendered manifest. Templates are supported. | | frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container | -| frontend.image.defaultTag | string | `"5.10.0@sha256:2597ce309c4bb29881f468a7cf1425c8304f54174f10767ef57be5f576b73ec3"` | Docker image tag for the `frontend` image | +| frontend.image.defaultTag | string | `"5.10.0@sha256:ad4d6e08adc455f3bd21a8d5bb112216d89f5568f39a07d5d3629ff65d93bab3"` | Docker image tag for the `frontend` image | | frontend.image.name | string | `"frontend"` | Docker image name for the `frontend` image | | frontend.ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"}` | Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by [cert-manager](https://cert-manager.io/docs/usage/ingress/) | | frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | [Deprecated annotation](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use `ingressClassName` instead and set an override value of `null` for this annotation. | @@ -109,7 +109,7 @@ In addition to the documented values, all services also support the following va | frontend.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for `frontend` | | frontend.serviceAccount.name | string | `"sourcegraph-frontend"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | gitserver.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| gitserver.image.defaultTag | string | `"5.10.0@sha256:c8b88c155c23c0ef2f75a147be470d0815b6b53ce592f2d73c0ef32f1cbc4110"` | Docker image tag for the `gitserver` image | +| gitserver.image.defaultTag | string | `"5.10.0@sha256:55d27f452ea3c31b1c4825f34b5acfa4fe02cb348787c828eae44680707ba7c4"` | Docker image tag for the `gitserver` image | | gitserver.image.name | string | `"gitserver"` | Docker image name for the `gitserver` image | | gitserver.name | string | `"gitserver"` | Name used by resources. Does not affect service names or PVCs. | | gitserver.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -130,7 +130,7 @@ In addition to the documented values, all services also support the following va | grafana.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | grafana.enabled | bool | `true` | Enable `grafana` dashboard (recommended) | | grafana.existingConfig | string | `""` | Name of existing ConfigMap for `grafana`. It must contain a `datasources.yml` key. | -| grafana.image.defaultTag | string | `"5.10.0@sha256:96c215b9b7ccac31c20df414944cedf7658311e11e5baf90052f00e38c754b69"` | Docker image tag for the `grafana` image | +| grafana.image.defaultTag | string | `"5.10.0@sha256:91a911a1682b53b025394b1096f6b7c0108554520dd549168a9d6281b810f417"` | Docker image tag for the `grafana` image | | grafana.image.name | string | `"grafana"` | Docker image name for the `grafana` image | | grafana.name | string | `"grafana"` | Name used by resources. Does not affect service names or PVCs. | | grafana.podSecurityContext | object | `{"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -139,7 +139,7 @@ In addition to the documented values, all services also support the following va | grafana.serviceAccount.name | string | `"grafana"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | grafana.storageSize | string | `"2Gi"` | PVC Storage Request for `grafana` data volume | | indexedSearch.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-webserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearch.image.defaultTag | string | `"5.10.0@sha256:3a10e6f6ad1b4312366269507c5cf983444cd9dc9754586a4a330d48d7751107"` | Docker image tag for the `zoekt-webserver` image | +| indexedSearch.image.defaultTag | string | `"5.10.0@sha256:04ddb2012406c8cdc04749254194bea62bd5ef4c4adbd0100089afd8665e6084"` | Docker image tag for the `zoekt-webserver` image | | indexedSearch.image.name | string | `"indexed-searcher"` | Docker image name for the `zoekt-webserver` image | | indexedSearch.name | string | `"indexed-search"` | Name used by resources. Does not affect service names or PVCs. | | indexedSearch.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `indexed-search` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -149,7 +149,7 @@ In addition to the documented values, all services also support the following va | indexedSearch.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | indexedSearch.storageSize | string | `"200Gi"` | PVC Storage Request for `indexed-search` data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. | | indexedSearchIndexer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearchIndexer.image.defaultTag | string | `"5.10.0@sha256:7a3dbc5973c1d42fb0c53d167d62d46b0c98e14e8790afe3ed5239ead31c68dd"` | Docker image tag for the `zoekt-indexserver` image | +| indexedSearchIndexer.image.defaultTag | string | `"5.10.0@sha256:684af01ca03734c50740b94b513c128e55489f21b2976d20e81f675a5f49bcff"` | Docker image tag for the `zoekt-indexserver` image | | indexedSearchIndexer.image.name | string | `"search-indexer"` | Docker image name for the `zoekt-indexserver` image | | indexedSearchIndexer.resources | object | `{"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}}` | Resource requests & limits for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. | | jaeger.args | list | `["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"]` | Default args passed to the `jaeger` binary | @@ -159,7 +159,7 @@ In addition to the documented values, all services also support the following va | jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger `collector` service, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | | jaeger.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `jaeger` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | jaeger.enabled | bool | `false` | Enable `jaeger` | -| jaeger.image.defaultTag | string | `"5.10.0@sha256:32e63308e69590b6983144aaa2a66ef7e80393a6fa6419026bcff52bc07dea03"` | Docker image tag for the `jaeger` image | +| jaeger.image.defaultTag | string | `"5.10.0@sha256:99c46dfa6b6cbc5477890efc6c878c4318f28a492c08de4ec67885b45d7989d2"` | Docker image tag for the `jaeger` image | | jaeger.image.name | string | `"jaeger-all-in-one"` | Docker image name for the `jaeger` image | | jaeger.name | string | `"jaeger"` | Name used by resources. Does not affect service names or PVCs. | | jaeger.podSecurityContext | object | `{}` | Security context for the `jaeger` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -174,14 +174,14 @@ In addition to the documented values, all services also support the following va | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.enabled | bool | `true` | Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in `frontend` deployment to perform database migration | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"5.10.0@sha256:780a1256268107f57cd69c09c0699f636dd20b17ee5d9d04d34f2f9e6512079c"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"5.10.0@sha256:fc2b0c4ff82ebca70dd19f48ebb8378eb00d41959466b099c15870e2cacf80d2"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | nodeExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534}` | Security context for the `node-exporter` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | nodeExporter.enabled | bool | `true` | Enable `node-exporter` | | nodeExporter.extraArgs | list | `[]` | | | nodeExporter.hostPID | bool | `true` | | -| nodeExporter.image.defaultTag | string | `"5.10.0@sha256:8626ab8782707113249d8db8905c77c2c915e467acf08416a5843c3ee5a0a494"` | Docker image tag for the `node-exporter` image | +| nodeExporter.image.defaultTag | string | `"5.10.0@sha256:f0c08bdefaa90f85aad5b04c7a72f34ebade031ac23e23ea40969c78e3d8cbc9"` | Docker image tag for the `node-exporter` image | | nodeExporter.image.name | string | `"node-exporter"` | Docker image name for the `node-exporter` image | | nodeExporter.name | string | `"node-exporter"` | Name used by resources. Does not affect service names or PVCs. | | nodeExporter.podSecurityContext | object | `{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}` | Security context for the `node-exporter` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -211,7 +211,7 @@ In addition to the documented values, all services also support the following va | openTelemetry.gateway.resources | object | `{"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}}` | Resource requests & limits for the `otel-collector` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | openTelemetry.gateway.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `otel-collector` | | openTelemetry.gateway.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| openTelemetry.image.defaultTag | string | `"5.10.0@sha256:752a4841d2418a26a925c18243d9daa2e399843f7158bddafb4676a2db900f65"` | Docker image tag for the `otel-collector` image | +| openTelemetry.image.defaultTag | string | `"5.10.0@sha256:35ff98cd292bacc48834f1d261d4090d6980f497a4c1028769d4f132f6ceefc9"` | Docker image tag for the `otel-collector` image | | openTelemetry.image.name | string | `"opentelemetry-collector"` | Docker image name for the `otel-collector` image | | pgsql.additionalConfig | string | `""` | Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our [recommended PostgreSQL configuration](https://docs.sourcegraph.com/admin/config/postgres-conf) and [PostgreSQL documentation](https://www.postgresql.org/docs/12/config-setting.html) | | pgsql.auth.database | string | `"sg"` | Sets postgres database name | @@ -232,12 +232,12 @@ In addition to the documented values, all services also support the following va | pgsql.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `pgsql` | | pgsql.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | pgsql.storageSize | string | `"200Gi"` | PVC Storage Request for `pgsql` data volume | -| postgresExporter.image.defaultTag | string | `"5.10.0@sha256:0c606e6cc4ab19db4c4077852447baf5598e8d2f537e2fc97cdd4e995ad9ea9c"` | Docker image tag for the `pgsql-exporter` image | +| postgresExporter.image.defaultTag | string | `"5.10.0@sha256:318706b084bd485aa6eb0d61f7d66d915db8b3054e651d5b7114ff84343acc24"` | Docker image tag for the `pgsql-exporter` image | | postgresExporter.image.name | string | `"postgres_exporter"` | Docker image name for the `pgsql-exporter` image | | postgresExporter.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `pgsql-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | preciseCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | preciseCodeIntel.env | object | `{"NUM_WORKERS":{"value":"4"}}` | Environment variables for the `precise-code-intel-worker` container | -| preciseCodeIntel.image.defaultTag | string | `"5.10.0@sha256:408aa48da41fed272315d330a5f2ad62fb0f0a1ad6e851a8aee2a0dedf51a9a6"` | Docker image tag for the `precise-code-intel-worker` image | +| preciseCodeIntel.image.defaultTag | string | `"5.10.0@sha256:24c5a52c046fdbe9d923b3d69ad561949f021ba0a31858784c3afc7294c7096f"` | Docker image tag for the `precise-code-intel-worker` image | | preciseCodeIntel.image.name | string | `"precise-code-intel-worker"` | Docker image name for the `precise-code-intel-worker` image | | preciseCodeIntel.name | string | `"precise-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | preciseCodeIntel.podSecurityContext | object | `{}` | Security context for the `precise-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -249,7 +249,7 @@ In addition to the documented values, all services also support the following va | prometheus.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":false,"runAsGroup":100,"runAsUser":100}` | Security context for the `prometheus` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) | | prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key | -| prometheus.image.defaultTag | string | `"5.10.0@sha256:c964f93b7b70e43332c0ab74837009c788285a83fade7d72c0bbd115a090df36"` | Docker image tag for the `prometheus` image | +| prometheus.image.defaultTag | string | `"5.10.0@sha256:762cdd16736f3abf4865c468b87d59c12dbcaa671b2450df43cb56cfc8dda5af"` | Docker image tag for the `prometheus` image | | prometheus.image.name | string | `"prometheus"` | Docker image name for the `prometheus` image | | prometheus.name | string | `"prometheus"` | Name used by resources. Does not affect service names or PVCs. | | prometheus.podSecurityContext | object | `{"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `prometheus` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -262,7 +262,7 @@ In addition to the documented values, all services also support the following va | redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisCache.enabled | bool | `true` | Enable `redis-cache` Redis server | -| redisCache.image.defaultTag | string | `"5.10.0@sha256:513410052167aa03e988706d9249d9cd6eadd81d6e15bf1f2a7c7e6850344e04"` | Docker image tag for the `redis-cache` image | +| redisCache.image.defaultTag | string | `"5.10.0@sha256:98d7e9bb26f2424e0ab29c026aa38460c1f9ebe65d0f26733382af65d34edac4"` | Docker image tag for the `redis-cache` image | | redisCache.image.name | string | `"redis-cache"` | Docker image name for the `redis-cache` image | | redisCache.name | string | `"redis-cache"` | Name used by resources. Does not affect service names or PVCs. | | redisCache.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-cache` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -271,14 +271,14 @@ In addition to the documented values, all services also support the following va | redisCache.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisCache.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-cache` data volume | | redisExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| redisExporter.image.defaultTag | string | `"5.10.0@sha256:1beae35e38bc172546e86c09b48449eae2c2898c91b6bbeb23e45d9e795e8663"` | Docker image tag for the `redis-exporter` image | +| redisExporter.image.defaultTag | string | `"5.10.0@sha256:95b84e2e76df0c36d75daee1f5c0119e648825359155d874b98649a011a42053"` | Docker image tag for the `redis-exporter` image | | redisExporter.image.name | string | `"redis_exporter"` | Docker image name for the `redis-exporter` image | | redisExporter.resources | object | `{"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}}` | Resource requests & limits for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | redisStore.connection.endpoint | string | `"redis-store:6379"` | Endpoint to use for redis-store. Supports either host:port or IANA specification | | redisStore.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisStore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-store` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisStore.enabled | bool | `true` | Enable `redis-store` Redis server | -| redisStore.image.defaultTag | string | `"5.10.0@sha256:6d2f5ff0880ce660aa49b41822bf1def907f8433af52ec25e12f11b7ee14bcc3"` | Docker image tag for the `redis-store` image | +| redisStore.image.defaultTag | string | `"5.10.0@sha256:e129eb8901f12a5e7d022e0de17fd69166fba4595c085e6571a2bbe95de17f16"` | Docker image tag for the `redis-store` image | | redisStore.image.name | string | `"redis-store"` | Docker image name for the `redis-store` image | | redisStore.name | string | `"redis-store"` | Name used by resources. Does not affect service names or PVCs. | | redisStore.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-store` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -287,7 +287,7 @@ In addition to the documented values, all services also support the following va | redisStore.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisStore.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-store` data volume | | repoUpdater.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `repo-updater` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| repoUpdater.image.defaultTag | string | `"5.10.0@sha256:fd28c09622f05af65474cb03aa0a7b63fd9fd4178bcf69ba15d7415834718ba1"` | Docker image tag for the `repo-updater` image | +| repoUpdater.image.defaultTag | string | `"5.10.0@sha256:1a4cfe362f430166f961a72a27edde58cb97536d424a99e41a1bf159960e37cd"` | Docker image tag for the `repo-updater` image | | repoUpdater.image.name | string | `"repo-updater"` | Docker image name for the `repo-updater` image | | repoUpdater.name | string | `"repo-updater"` | Name used by resources. Does not affect service names or PVCs. | | repoUpdater.podSecurityContext | object | `{}` | Security context for the `repo-updater` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -295,7 +295,7 @@ In addition to the documented values, all services also support the following va | repoUpdater.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `repo-updater` | | repoUpdater.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | searcher.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| searcher.image.defaultTag | string | `"5.10.0@sha256:078510c889843b17125546399ea54e793d477ef562ca6638c7a2188ef9c9c66a"` | Docker image tag for the `searcher` image | +| searcher.image.defaultTag | string | `"5.10.0@sha256:731c80ef73b171dbe3e79fa5992236df70bc1f7c489b0a7d5139cfed7260f761"` | Docker image tag for the `searcher` image | | searcher.image.name | string | `"searcher"` | Docker image name for the `searcher` image | | searcher.name | string | `"searcher"` | Name used by resources. Does not affect service names or PVCs. | | searcher.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `searcher` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -307,7 +307,7 @@ In addition to the documented values, all services also support the following va | sourcegraph.affinity | object | `{}` | Global Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add extra labels to all resources | @@ -326,7 +326,7 @@ In addition to the documented values, all services also support the following va | storageClass.provisioner | string | `"kubernetes.io/gce-pd"` | Name of the storageClass provisioner, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner) and consult your cloud provider persistent storage documentation | | storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation | | symbols.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| symbols.image.defaultTag | string | `"5.10.0@sha256:21b3d17d147208fa59e7eb5a5cccdd7de89714bc186c46a5237f9037206299ee"` | Docker image tag for the `symbols` image | +| symbols.image.defaultTag | string | `"5.10.0@sha256:718b7c0be30715c2e199865227bcec8afe0dbda87146fd2d85ccc86451799e31"` | Docker image tag for the `symbols` image | | symbols.image.name | string | `"symbols"` | Docker image name for the `symbols` image | | symbols.name | string | `"symbols"` | Name used by resources. Does not affect service names or PVCs. | | symbols.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `symbols` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -337,7 +337,7 @@ In addition to the documented values, all services also support the following va | symbols.storageSize | string | `"12Gi"` | Size of the PVC for symbols pods to store cache data | | syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | syntacticCodeIntel.enabled | bool | `false` | | -| syntacticCodeIntel.image.defaultTag | string | `"5.10.0@sha256:1198f54e664b498bd2ef920749cb7c51daf6518d73da03214129659cdfc72784"` | Docker image tag for the `syntactic-code-intel-worker` image | +| syntacticCodeIntel.image.defaultTag | string | `"5.10.0@sha256:bffc3a9d7eb5854d930e542fc22263a66a42c3728b4848fa4385c1b5a482e7b9"` | Docker image tag for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.image.name | string | `"syntactic-code-intel-worker"` | Docker image name for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.name | string | `"syntactic-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | syntacticCodeIntel.podSecurityContext | object | `{}` | Security context for the `syntactic-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -347,7 +347,7 @@ In addition to the documented values, all services also support the following va | syntacticCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntactic-code-intel-worker` | | syntacticCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | syntectServer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntect-server` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| syntectServer.image.defaultTag | string | `"5.10.0@sha256:7425fe182eb9315803cf22bd534907d0aef722d71cdd2d2ccdc6e5a656f036cb"` | Docker image tag for the `syntect-server` image | +| syntectServer.image.defaultTag | string | `"5.10.0@sha256:d4398f091fd32508b32bfae59c2ec2ea00f6bf8c95ebb7e7dddf28288bca34cf"` | Docker image tag for the `syntect-server` image | | syntectServer.image.name | string | `"syntax-highlighter"` | Docker image name for the `syntect-server` image | | syntectServer.name | string | `"syntect-server"` | Name used by resources. Does not affect service names or PVCs. | | syntectServer.podSecurityContext | object | `{}` | Security context for the `syntect-server` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -358,7 +358,7 @@ In addition to the documented values, all services also support the following va | worker.blocklist | list | `[]` | List of jobs to block globally If replicas are configured, use this values to block jobs instead of manually setting WORKER_JOB_BLOCKLIST | | worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | worker.env | object | `{}` | Environment variables for the `worker` container | -| worker.image.defaultTag | string | `"5.10.0@sha256:6a16c2fb29525189f5f8318f8fb5f710a2e57802d8bb7c556ff7fb64d57abc2b"` | Docker image tag for the `worker` image | +| worker.image.defaultTag | string | `"5.10.0@sha256:2f64d6c46a26d0502754e8d37614c2d5aeb1174d0945296e214185f2c13014a9"` | Docker image tag for the `worker` image | | worker.image.name | string | `"worker"` | Docker image name for the `worker` image | | worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. | | worker.podSecurityContext | object | `{}` | Security context for the `worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 2d181dd6..300e36a4 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -9,7 +9,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -86,7 +86,7 @@ sourcegraph: alpine: # Used in init containers image: # -- Docker image tag for the `alpine` image - defaultTag: 5.10.0@sha256:b064232610f660267155f3613f27c28b4afcf5e9af43c1b63ae597624c358d0c + defaultTag: 5.10.0@sha256:5d7262caf360dc668bd598c5233049526f0e46fd4bb91f301544515a9eb79df8 # -- Docker image name for the `alpine` image name: "alpine-3.14" # -- Security context for the `alpine` initContainer, @@ -111,7 +111,7 @@ cadvisor: enabled: true image: # -- Docker image tag for the `cadvisor` image - defaultTag: 5.10.0@sha256:52538dacd447e43849922246c5fed380b836f68532df74cfd63d2785491ba930 + defaultTag: 5.10.0@sha256:26767f32ffeaf4e3cfba699c34951f49ac8312cbca4dc36609c3bec3cd2a2d8e # -- Docker image name for the `cadvisor` image name: "cadvisor" # -- Name used by resources. Does not affect service names or PVCs. @@ -296,7 +296,7 @@ frontend: value: http://prometheus:30090 image: # -- Docker image tag for the `frontend` image - defaultTag: 5.10.0@sha256:2597ce309c4bb29881f468a7cf1425c8304f54174f10767ef57be5f576b73ec3 + defaultTag: 5.10.0@sha256:ad4d6e08adc455f3bd21a8d5bb112216d89f5568f39a07d5d3629ff65d93bab3 # -- Docker image name for the `frontend` image name: "frontend" ingress: @@ -354,7 +354,7 @@ migrator: enabled: true image: # -- Docker image tag for the `migrator` image - defaultTag: 5.10.0@sha256:780a1256268107f57cd69c09c0699f636dd20b17ee5d9d04d34f2f9e6512079c + defaultTag: 5.10.0@sha256:fc2b0c4ff82ebca70dd19f48ebb8378eb00d41959466b099c15870e2cacf80d2 # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container @@ -379,7 +379,7 @@ migrator: gitserver: image: # -- Docker image tag for the `gitserver` image - defaultTag: 5.10.0@sha256:c8b88c155c23c0ef2f75a147be470d0815b6b53ce592f2d73c0ef32f1cbc4110 + defaultTag: 5.10.0@sha256:55d27f452ea3c31b1c4825f34b5acfa4fe02cb348787c828eae44680707ba7c4 # -- Docker image name for the `gitserver` image name: "gitserver" # -- Name of existing Secret that contains SSH credentials to clone repositories. @@ -447,7 +447,7 @@ grafana: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `grafana` image - defaultTag: 5.10.0@sha256:96c215b9b7ccac31c20df414944cedf7658311e11e5baf90052f00e38c754b69 + defaultTag: 5.10.0@sha256:91a911a1682b53b025394b1096f6b7c0108554520dd549168a9d6281b810f417 # -- Docker image name for the `grafana` image name: "grafana" # -- Security context for the `grafana` container, @@ -486,7 +486,7 @@ grafana: indexedSearch: image: # -- Docker image tag for the `zoekt-webserver` image - defaultTag: 5.10.0@sha256:3a10e6f6ad1b4312366269507c5cf983444cd9dc9754586a4a330d48d7751107 + defaultTag: 5.10.0@sha256:04ddb2012406c8cdc04749254194bea62bd5ef4c4adbd0100089afd8665e6084 # -- Docker image name for the `zoekt-webserver` image name: "indexed-searcher" # -- Security context for the `zoekt-webserver` container, @@ -527,7 +527,7 @@ indexedSearch: indexedSearchIndexer: image: # -- Docker image tag for the `zoekt-indexserver` image - defaultTag: 5.10.0@sha256:7a3dbc5973c1d42fb0c53d167d62d46b0c98e14e8790afe3ed5239ead31c68dd + defaultTag: 5.10.0@sha256:684af01ca03734c50740b94b513c128e55489f21b2976d20e81f675a5f49bcff # -- Docker image name for the `zoekt-indexserver` image name: "search-indexer" # -- Security context for the `zoekt-indexserver` container, @@ -554,7 +554,7 @@ blobstore: enabled: true image: # -- Docker image tag for the `blobstore` image - defaultTag: 5.10.0@sha256:713a3142f2b624c9db7d0aa1e9c93783e253ddec1c76b8be33522b384871c594 + defaultTag: 5.10.0@sha256:075736a86c5e4cf0cc889d4e895b469eb4f8c2b094e9bc61490b10acb5dfb1dd # -- Docker image name for the `blobstore` image name: "blobstore" # -- Security context for the `blobstore` container, @@ -593,7 +593,7 @@ openTelemetry: enabled: true image: # -- Docker image tag for the `otel-collector` image - defaultTag: 5.10.0@sha256:752a4841d2418a26a925c18243d9daa2e399843f7158bddafb4676a2db900f65 + defaultTag: 5.10.0@sha256:35ff98cd292bacc48834f1d261d4090d6980f497a4c1028769d4f132f6ceefc9 # -- Docker image name for the `otel-collector` image name: "opentelemetry-collector" gateway: @@ -660,7 +660,7 @@ nodeExporter: enabled: true image: # -- Docker image tag for the `node-exporter` image - defaultTag: 5.10.0@sha256:8626ab8782707113249d8db8905c77c2c915e467acf08416a5843c3ee5a0a494 + defaultTag: 5.10.0@sha256:f0c08bdefaa90f85aad5b04c7a72f34ebade031ac23e23ea40969c78e3d8cbc9 # -- Docker image name for the `node-exporter` image name: "node-exporter" # -- Name used by resources. Does not affect service names or PVCs. @@ -771,7 +771,7 @@ pgsql: postgresExporter: image: # -- Docker image tag for the `pgsql-exporter` image - defaultTag: 5.10.0@sha256:0c606e6cc4ab19db4c4077852447baf5598e8d2f537e2fc97cdd4e995ad9ea9c + defaultTag: 5.10.0@sha256:318706b084bd485aa6eb0d61f7d66d915db8b3054e651d5b7114ff84343acc24 # -- Docker image name for the `pgsql-exporter` image name: "postgres_exporter" # -- Resource requests & limits for the `pgsql-exporter` sidecar container, @@ -791,7 +791,7 @@ syntacticCodeIntel: workerPort: 3188 image: # -- Docker image tag for the `syntactic-code-intel-worker` image - defaultTag: 5.10.0@sha256:1198f54e664b498bd2ef920749cb7c51daf6518d73da03214129659cdfc72784 + defaultTag: 5.10.0@sha256:bffc3a9d7eb5854d930e542fc22263a66a42c3728b4848fa4385c1b5a482e7b9 # -- Docker image name for the `syntactic-code-intel-worker` image name: "syntactic-code-intel-worker" # -- Security context for the `syntactic-code-intel-worker` container, @@ -831,7 +831,7 @@ preciseCodeIntel: value: "4" image: # -- Docker image tag for the `precise-code-intel-worker` image - defaultTag: 5.10.0@sha256:408aa48da41fed272315d330a5f2ad62fb0f0a1ad6e851a8aee2a0dedf51a9a6 + defaultTag: 5.10.0@sha256:24c5a52c046fdbe9d923b3d69ad561949f021ba0a31858784c3afc7294c7096f # -- Docker image name for the `precise-code-intel-worker` image name: "precise-code-intel-worker" # -- Security context for the `precise-code-intel-worker` container, @@ -870,7 +870,7 @@ prometheus: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `prometheus` image - defaultTag: 5.10.0@sha256:c964f93b7b70e43332c0ab74837009c788285a83fade7d72c0bbd115a090df36 + defaultTag: 5.10.0@sha256:762cdd16736f3abf4865c468b87d59c12dbcaa671b2450df43cb56cfc8dda5af # -- Docker image name for the `prometheus` image name: "prometheus" # -- Security context for the `prometheus` container, @@ -920,7 +920,7 @@ redisCache: enabled: true image: # -- Docker image tag for the `redis-cache` image - defaultTag: 5.10.0@sha256:513410052167aa03e988706d9249d9cd6eadd81d6e15bf1f2a7c7e6850344e04 + defaultTag: 5.10.0@sha256:98d7e9bb26f2424e0ab29c026aa38460c1f9ebe65d0f26733382af65d34edac4 # -- Docker image name for the `redis-cache` image name: "redis-cache" connection: @@ -964,7 +964,7 @@ redisCache: redisExporter: image: # -- Docker image tag for the `redis-exporter` image - defaultTag: 5.10.0@sha256:1beae35e38bc172546e86c09b48449eae2c2898c91b6bbeb23e45d9e795e8663 + defaultTag: 5.10.0@sha256:95b84e2e76df0c36d75daee1f5c0119e648825359155d874b98649a011a42053 # -- Docker image name for the `redis-exporter` image name: "redis_exporter" # -- Security context for the `redis-exporter` sidecar container, @@ -996,7 +996,7 @@ redisStore: endpoint: "redis-store:6379" image: # -- Docker image tag for the `redis-store` image - defaultTag: 5.10.0@sha256:6d2f5ff0880ce660aa49b41822bf1def907f8433af52ec25e12f11b7ee14bcc3 + defaultTag: 5.10.0@sha256:e129eb8901f12a5e7d022e0de17fd69166fba4595c085e6571a2bbe95de17f16 # -- Docker image name for the `redis-store` image name: "redis-store" # -- Security context for the `redis-store` container, @@ -1033,7 +1033,7 @@ redisStore: repoUpdater: image: # -- Docker image tag for the `repo-updater` image - defaultTag: 5.10.0@sha256:fd28c09622f05af65474cb03aa0a7b63fd9fd4178bcf69ba15d7415834718ba1 + defaultTag: 5.10.0@sha256:1a4cfe362f430166f961a72a27edde58cb97536d424a99e41a1bf159960e37cd # -- Docker image name for the `repo-updater` image name: "repo-updater" # -- Security context for the `repo-updater` container, @@ -1066,7 +1066,7 @@ repoUpdater: searcher: image: # -- Docker image tag for the `searcher` image - defaultTag: 5.10.0@sha256:078510c889843b17125546399ea54e793d477ef562ca6638c7a2188ef9c9c66a + defaultTag: 5.10.0@sha256:731c80ef73b171dbe3e79fa5992236df70bc1f7c489b0a7d5139cfed7260f761 # -- Docker image name for the `searcher` image name: "searcher" # -- Security context for the `searcher` container, @@ -1127,7 +1127,7 @@ storageClass: symbols: image: # -- Docker image tag for the `symbols` image - defaultTag: 5.10.0@sha256:21b3d17d147208fa59e7eb5a5cccdd7de89714bc186c46a5237f9037206299ee + defaultTag: 5.10.0@sha256:718b7c0be30715c2e199865227bcec8afe0dbda87146fd2d85ccc86451799e31 # -- Docker image name for the `symbols` image name: "symbols" # -- Security context for the `symbols` container, @@ -1167,7 +1167,7 @@ symbols: syntectServer: image: # -- Docker image tag for the `syntect-server` image - defaultTag: 5.10.0@sha256:7425fe182eb9315803cf22bd534907d0aef722d71cdd2d2ccdc6e5a656f036cb + defaultTag: 5.10.0@sha256:d4398f091fd32508b32bfae59c2ec2ea00f6bf8c95ebb7e7dddf28288bca34cf # -- Docker image name for the `syntect-server` image name: "syntax-highlighter" # -- Security context for the `syntect-server` container, @@ -1215,7 +1215,7 @@ jaeger: enabled: false image: # -- Docker image tag for the `jaeger` image - defaultTag: 5.10.0@sha256:32e63308e69590b6983144aaa2a66ef7e80393a6fa6419026bcff52bc07dea03 + defaultTag: 5.10.0@sha256:99c46dfa6b6cbc5477890efc6c878c4318f28a492c08de4ec67885b45d7989d2 # -- Docker image name for the `jaeger` image name: "jaeger-all-in-one" # -- Name used by resources. Does not affect service names or PVCs. @@ -1263,7 +1263,7 @@ jaeger: worker: image: # -- Docker image tag for the `worker` image - defaultTag: 5.10.0@sha256:6a16c2fb29525189f5f8318f8fb5f710a2e57802d8bb7c556ff7fb64d57abc2b + defaultTag: 5.10.0@sha256:2f64d6c46a26d0502754e8d37614c2d5aeb1174d0945296e214185f2c13014a9 # -- Docker image name for the `worker` image name: "worker" # -- Security context for the `worker` container, From 833227f29d4764dce3a062fa1b2fe352d443c007 Mon Sep 17 00:00:00 2001 From: Jacob Pleiness Date: Wed, 27 Nov 2024 09:28:33 -0500 Subject: [PATCH 4/4] fix(rel): fix db image tags 5.10.0 release (#588) Fix image tags that got missed by tooling ### Checklist - [x] Follow the [manual testing process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md) - [x] Update [changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md) - [x] Update [Kubernetes update doc](https://docs.sourcegraph.com/admin/updates/kubernetes) ### Test plan Manually tested/ CI --- charts/sourcegraph/README.md | 6 +++--- charts/sourcegraph/values.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index b807e703..2052cca4 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -61,7 +61,7 @@ In addition to the documented values, all services also support the following va | codeInsightsDB.enabled | bool | `true` | Enable `codeinsights-db` PostgreSQL server | | codeInsightsDB.env | object | `{}` | Environment variables for the `codeinsights-db` container | | codeInsightsDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeinsights-db`. It must contain a `postgresql.conf` key. | -| codeInsightsDB.image.defaultTag | string | `"insiders"` | Docker image tag for the `codeinsights-db` image | +| codeInsightsDB.image.defaultTag | string | `"5.10.0@sha256:fc3bc82f68abe635bb164af6b5d00ca3017a9b862ac0c930be2e8766a12ad810"` | Docker image tag for the `codeinsights-db` image | | codeInsightsDB.image.name | string | `"postgresql-16-codeinsights"` | Docker image name for the `codeinsights-db` image | | codeInsightsDB.init.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeInsightsDB.name | string | `"codeinsights-db"` | Name used by resources. Does not affect service names or PVCs. | @@ -81,7 +81,7 @@ In addition to the documented values, all services also support the following va | codeIntelDB.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `codeintel-db` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeIntelDB.enabled | bool | `true` | Enable `codeintel-db` PostgreSQL server | | codeIntelDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeintel-db`. It must contain a `postgresql.conf` key | -| codeIntelDB.image.defaultTag | string | `"insiders"` | Docker image tag for the `codeintel-db` image | +| codeIntelDB.image.defaultTag | string | `"5.10.0@sha256:3605d1f49c24518ecbbae57db89aaaea46664db1235e5eb7b83ca229cc471358"` | Docker image tag for the `codeintel-db` image | | codeIntelDB.image.name | string | `"postgresql-16"` | Docker image name for the `codeintel-db` image | | codeIntelDB.name | string | `"codeintel-db"` | Name used by resources. Does not affect service names or PVCs. | | codeIntelDB.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999}` | Security context for the `codeintel-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -223,7 +223,7 @@ In addition to the documented values, all services also support the following va | pgsql.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | pgsql.enabled | bool | `true` | Enable `pgsql` PostgreSQL server | | pgsql.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `postgresql.conf` key | -| pgsql.image.defaultTag | string | `"insiders"` | Docker image tag for the `pgsql` image | +| pgsql.image.defaultTag | string | `"5.10.0@sha256:3605d1f49c24518ecbbae57db89aaaea46664db1235e5eb7b83ca229cc471358"` | Docker image tag for the `pgsql` image | | pgsql.image.name | string | `"postgresql-16"` | Docker image name for the `pgsql` image | | pgsql.name | string | `"pgsql"` | Name used by resources. Does not affect service names or PVCs. | | pgsql.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 300e36a4..8012daa8 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -174,7 +174,7 @@ codeInsightsDB: additionalConfig: "" image: # -- Docker image tag for the `codeinsights-db` image - defaultTag: insiders + defaultTag: 5.10.0@sha256:fc3bc82f68abe635bb164af6b5d00ca3017a9b862ac0c930be2e8766a12ad810 # -- Docker image name for the `codeinsights-db` image name: "postgresql-16-codeinsights" # -- Security context for the `codeinsights-db` container, @@ -245,7 +245,7 @@ codeIntelDB: additionalConfig: "" image: # -- Docker image tag for the `codeintel-db` image - defaultTag: insiders + defaultTag: 5.10.0@sha256:3605d1f49c24518ecbbae57db89aaaea46664db1235e5eb7b83ca229cc471358 # -- Docker image name for the `codeintel-db` image name: "postgresql-16" # -- Security context for the `codeintel-db` container, @@ -729,7 +729,7 @@ pgsql: additionalConfig: "" image: # -- Docker image tag for the `pgsql` image - defaultTag: insiders + defaultTag: 5.10.0@sha256:3605d1f49c24518ecbbae57db89aaaea46664db1235e5eb7b83ca229cc471358 # -- Docker image name for the `pgsql` image name: "postgresql-16" # -- Security context for the `pgsql` container,