From 78e46b97085184a1304422e419f1ee74dec12be1 Mon Sep 17 00:00:00 2001 From: Erik Seliger Date: Mon, 12 May 2025 14:27:46 +0200 Subject: [PATCH 1/4] Remove symbols statefulset Starting in Sourcegraph 6.4, the Symbols and Searcher services are now combined, for easier operation, simplified architecture, and better resource utilization. Customers can delete the service if not deleted automatically, and may want to consider reallocating resources previously given to symbols to searcher. Environment variables should be copied over from symbols to searcher. Test plan: This deployment ran for ~2 weeks on S2 and dotcom already and has signoff from team-product-platform. --- charts/sourcegraph/README.md | 10 -- .../advanced-scheduling/override.yaml | 13 -- .../sourcegraph/examples/basic/override.yaml | 11 -- .../common-modifications/override.yaml | 13 -- charts/sourcegraph/examples/gcp/override.yaml | 5 - .../templates/symbols/symbols.Service.yaml | 29 ---- .../symbols/symbols.ServiceAccount.yaml | 11 -- .../symbols/symbols.StatefulSet.yaml | 145 ------------------ .../sourcegraph/tests/priorityClass_test.yaml | 9 -- charts/sourcegraph/values.yaml | 40 ----- 10 files changed, 286 deletions(-) delete mode 100644 charts/sourcegraph/templates/symbols/symbols.Service.yaml delete mode 100644 charts/sourcegraph/templates/symbols/symbols.ServiceAccount.yaml delete mode 100644 charts/sourcegraph/templates/symbols/symbols.StatefulSet.yaml diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 233c0bac..08110c8e 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -320,16 +320,6 @@ In addition to the documented values, all services also support the following va | storageClass.parameters | object | `{}` | Extra parameters of storageClass, consult your cloud provider persistent storage documentation | | storageClass.provisioner | string | `"kubernetes.io/gce-pd"` | Name of the storageClass provisioner, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner) and consult your cloud provider persistent storage documentation | | storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation | -| symbols.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| symbols.image.defaultTag | string | `"6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051"` | Docker image tag for the `symbols` image | -| symbols.image.name | string | `"symbols"` | Docker image name for the `symbols` image | -| symbols.name | string | `"symbols"` | Name used by resources. Does not affect service names or PVCs. | -| symbols.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `symbols` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | -| symbols.replicaCount | int | `1` | Number of `symbols` pod | -| symbols.resources | object | `{"limits":{"cpu":"2","memory":"2G"},"requests":{"cpu":"500m","memory":"500M"}}` | Resource requests & limits for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| symbols.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `symbols` | -| symbols.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| symbols.storageSize | string | `"12Gi"` | Size of the PVC for symbols pods to store cache data | | syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | syntacticCodeIntel.enabled | bool | `false` | | | syntacticCodeIntel.image.defaultTag | string | `"6.0.0@sha256:50bdeb38b196f0fc21404969016bf8263f78144292e905867e93480f66c8251c"` | Docker image tag for the `syntactic-code-intel-worker` image | diff --git a/charts/sourcegraph/examples/advanced-scheduling/override.yaml b/charts/sourcegraph/examples/advanced-scheduling/override.yaml index 505400d3..fe5cdefd 100644 --- a/charts/sourcegraph/examples/advanced-scheduling/override.yaml +++ b/charts/sourcegraph/examples/advanced-scheduling/override.yaml @@ -93,19 +93,6 @@ searcher: app: searcher weight: 100 -symbols: - replicaCount: 3 - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchLabels: - <<: *commonSelectorLabels - app: symbols - weight: 100 - worker: replicaCount: 3 affinity: diff --git a/charts/sourcegraph/examples/basic/override.yaml b/charts/sourcegraph/examples/basic/override.yaml index fe95a67c..d436f970 100644 --- a/charts/sourcegraph/examples/basic/override.yaml +++ b/charts/sourcegraph/examples/basic/override.yaml @@ -64,14 +64,3 @@ searcher: requests: cpu: 500m memory: 1G - -symbols: - resources: - limits: - cpu: "4" - memory: 4G - ephemeral-storage: "10G" - requests: - cpu: "1" - memory: 1G - ephemeral-storage: "10G" diff --git a/charts/sourcegraph/examples/common-modifications/override.yaml b/charts/sourcegraph/examples/common-modifications/override.yaml index 118f4fea..80a33040 100644 --- a/charts/sourcegraph/examples/common-modifications/override.yaml +++ b/charts/sourcegraph/examples/common-modifications/override.yaml @@ -183,19 +183,6 @@ searcher: ephemeral-storage: 25G memory: 500M - -symbols: - replicaCount: 1 - resources: - limits: - cpu: "2" - ephemeral-storage: 12G - memory: 2G - requests: - cpu: 500m - ephemeral-storage: 10G - memory: 500M - syntectServer: replicaCount: 1 resources: diff --git a/charts/sourcegraph/examples/gcp/override.yaml b/charts/sourcegraph/examples/gcp/override.yaml index 6026346e..cae0e9f6 100644 --- a/charts/sourcegraph/examples/gcp/override.yaml +++ b/charts/sourcegraph/examples/gcp/override.yaml @@ -74,11 +74,6 @@ searcher: SRC_LOG_FORMAT: value: json_gcp -symbols: - env: - SRC_LOG_FORMAT: - value: json_gcp - syntectServer: env: SRC_LOG_FORMAT: diff --git a/charts/sourcegraph/templates/symbols/symbols.Service.yaml b/charts/sourcegraph/templates/symbols/symbols.Service.yaml deleted file mode 100644 index 4ddd578a..00000000 --- a/charts/sourcegraph/templates/symbols/symbols.Service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - {{- if .Values.symbols.serviceAnnotations }} - {{- toYaml .Values.symbols.serviceAnnotations | nindent 4 }} - {{- end }} - labels: - app: symbols - deploy: sourcegraph - app.kubernetes.io/component: symbols - {{- if .Values.symbols.serviceLabels }} - {{- toYaml .Values.symbols.serviceLabels | nindent 4 }} - {{- end }} - name: symbols -spec: - clusterIP: None - ports: - - name: http - port: 3184 - targetPort: http - - name: debug - port: 6060 - targetPort: debug - selector: - {{- include "sourcegraph.selectorLabels" . | nindent 4 }} - app: symbols diff --git a/charts/sourcegraph/templates/symbols/symbols.ServiceAccount.yaml b/charts/sourcegraph/templates/symbols/symbols.ServiceAccount.yaml deleted file mode 100644 index 247875a6..00000000 --- a/charts/sourcegraph/templates/symbols/symbols.ServiceAccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.symbols.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - category: rbac - deploy: sourcegraph - app.kubernetes.io/component: symbols - {{- include "sourcegraph.serviceAccountAnnotations" (list . "symbols") | trim | nindent 2 }} - name: {{ include "sourcegraph.serviceAccountName" (list . "symbols") }} -{{- end }} diff --git a/charts/sourcegraph/templates/symbols/symbols.StatefulSet.yaml b/charts/sourcegraph/templates/symbols/symbols.StatefulSet.yaml deleted file mode 100644 index 4fc94ec0..00000000 --- a/charts/sourcegraph/templates/symbols/symbols.StatefulSet.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: - description: Backend for symbols operations. - labels: - {{- include "sourcegraph.labels" . | nindent 4 }} - {{- if .Values.symbols.labels }} - {{- toYaml .Values.symbols.labels | nindent 4 }} - {{- end }} - deploy: sourcegraph - app.kubernetes.io/component: symbols - name: {{ .Values.symbols.name }} -spec: - replicas: {{ .Values.symbols.replicaCount }} - revisionHistoryLimit: {{ .Values.sourcegraph.revisionHistoryLimit }} - selector: - matchLabels: - {{- include "sourcegraph.selectorLabels" . | nindent 6 }} - app: symbols - updateStrategy: - type: RollingUpdate - serviceName: symbols - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: symbols - {{- include "sourcegraph.redisChecksum" . | nindent 8 }} - {{- if .Values.sourcegraph.podAnnotations }} - {{- toYaml .Values.sourcegraph.podAnnotations | nindent 8 }} - {{- end }} - {{- if .Values.symbols.podAnnotations }} - {{- toYaml .Values.symbols.podAnnotations | nindent 8 }} - {{- end }} - labels: - {{- include "sourcegraph.selectorLabels" . | nindent 8 }} - {{- if .Values.sourcegraph.podLabels }} - {{- toYaml .Values.sourcegraph.podLabels | nindent 8 }} - {{- end }} - {{- if .Values.symbols.podLabels }} - {{- toYaml .Values.symbols.podLabels | nindent 8 }} - {{- end }} - deploy: sourcegraph - app: symbols - spec: - containers: - - name: symbols - env: - {{- include "sourcegraph.redisConnection" .| nindent 8 }} - {{- range $name, $item := .Values.symbols.env}} - - name: {{ $name }} - {{- $item | toYaml | nindent 10 }} - {{- end }} - - name: SYMBOLS_CACHE_SIZE_MB - # Set the cache size to ~90% of the PVC size - {{- if .Values.symbols.storageSize }} - value: {{ trimSuffix "Gi" .Values.symbols.storageSize | mul 900 | quote }} - {{- else }} - # This value is ~90% of the default value for - # storageSize in the VolumeClaimTemplate below - value: "10800" - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYMBOLS_CACHE_DIR - value: /mnt/cache/$(POD_NAME) - - name: TMPDIR - value: /mnt/tmp - {{- include "sourcegraph.openTelemetryEnv" . | nindent 8 }} - image: {{ include "sourcegraph.image" (list . "symbols" ) }} - imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} - {{- with .Values.symbols.args }} - args: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationMessagePolicy: FallbackToLogsOnError - livenessProbe: - httpGet: - path: /healthz - port: http - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /healthz - port: http - scheme: HTTP - periodSeconds: 5 - timeoutSeconds: 5 - ports: - - containerPort: 3184 - name: http - - containerPort: 6060 - name: debug - volumeMounts: - - mountPath: /mnt/cache - name: cache - - mountPath: /mnt/tmp - name: tmp - {{- if .Values.symbols.extraVolumeMounts }} - {{- toYaml .Values.symbols.extraVolumeMounts | nindent 8 }} - {{- end }} - {{- if not .Values.sourcegraph.localDevMode }} - resources: - {{- toYaml .Values.symbols.resources | nindent 10 }} - {{- end }} - securityContext: - {{- toYaml .Values.symbols.containerSecurityContext | nindent 10 }} - {{- if .Values.symbols.extraContainers }} - {{- toYaml .Values.symbols.extraContainers | nindent 6 }} - {{- end }} - securityContext: - {{- toYaml .Values.symbols.podSecurityContext | nindent 8 }} - {{- include "sourcegraph.nodeSelector" (list . "symbols" ) | trim | nindent 6 }} - {{- include "sourcegraph.affinity" (list . "symbols" ) | trim | nindent 6 }} - {{- include "sourcegraph.tolerations" (list . "symbols" ) | trim | nindent 6 }} - {{- with .Values.sourcegraph.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- include "sourcegraph.renderServiceAccountName" (list . "symbols") | trim | nindent 6 }} - volumes: - - emptyDir: {} - name: cache - - emptyDir: {} - name: tmp - {{- if .Values.symbols.extraVolumes }} - {{- toYaml .Values.symbols.extraVolumes | nindent 6 }} - {{- end }} - {{- if .Values.symbols.priorityClassName }} - priorityClassName: {{ .Values.symbols.priorityClassName }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: cache - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.symbols.storageSize | default "12Gi" }} - storageClassName: {{ .Values.storageClass.name }} diff --git a/charts/sourcegraph/tests/priorityClass_test.yaml b/charts/sourcegraph/tests/priorityClass_test.yaml index 16a45540..9b64600e 100644 --- a/charts/sourcegraph/tests/priorityClass_test.yaml +++ b/charts/sourcegraph/tests/priorityClass_test.yaml @@ -96,15 +96,6 @@ tests: - equal: path: spec.template.spec.priorityClassName value: searcher-class -- it: set priority class on symbols - template: symbols/symbols.StatefulSet.yaml - set: - symbols: - priorityClassName: symbols-class - asserts: - - equal: - path: spec.template.spec.priorityClassName - value: symbols-class - it: set priority class on redisCache template: redis/redis-cache.Deployment.yaml set: diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 3de364ee..afab1c1f 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -1096,46 +1096,6 @@ storageClass: # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#allowed-topologies) allowedTopologies: [] -symbols: - image: - # -- Docker image tag for the `symbols` image - defaultTag: 6.0.0@sha256:7f91048d1966add54b199755c77a5c3ca84b7f57bb5d2ffb65113da7f100b051 - # -- Docker image name for the `symbols` image - name: "symbols" - # -- Security context for the `symbols` container, - # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) - containerSecurityContext: - allowPrivilegeEscalation: false - runAsUser: 100 - runAsGroup: 101 - readOnlyRootFilesystem: true - # -- Security context for the `symbols` pod, - # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) - podSecurityContext: - runAsUser: 100 - fsGroup: 101 - fsGroupChangePolicy: "OnRootMismatch" - # -- Name used by resources. Does not affect service names or PVCs. - name: "symbols" - # -- Number of `symbols` pod - replicaCount: 1 - # -- Resource requests & limits for the `symbols` container, - # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - resources: - limits: - cpu: "2" - memory: 2G - requests: - cpu: 500m - memory: 500M - serviceAccount: - # -- Enable creation of ServiceAccount for `symbols` - create: false - # -- Name of the ServiceAccount to be created or an existing ServiceAccount - name: "" - # -- Size of the PVC for symbols pods to store cache data - storageSize: 12Gi - syntectServer: image: # -- Docker image tag for the `syntect-server` image From e46c071c86a991ebd4e8ae877b5c602134ed91c9 Mon Sep 17 00:00:00 2001 From: Erik Seliger Date: Mon, 12 May 2025 14:50:43 +0200 Subject: [PATCH 2/4] Fixups --- .../templates/searcher/searcher.StatefulSet.yaml | 15 ++++++++++++--- charts/sourcegraph/values.yaml | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml index 1db434b3..d7aa26f5 100644 --- a/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml +++ b/charts/sourcegraph/templates/searcher/searcher.StatefulSet.yaml @@ -56,11 +56,20 @@ spec: {{- $item | toYaml | nindent 10 }} {{- end }} - name: SEARCHER_CACHE_SIZE_MB - # Set the cache size to ~90% of the PVC size + # Set the cache size to ~45% of the PVC size {{- if .Values.searcher.storageSize }} - value: {{ trimSuffix "Gi" .Values.searcher.storageSize | mul 900 | quote }} + value: {{ trimSuffix "Gi" .Values.searcher.storageSize | mul 450 | quote }} {{- else }} - # This value is ~90% of the default value for + # This value is ~45% of the default value for + # storageSize in the VolumeClaimTemplate below + value: "23400" + {{- end }} + - name: SYMBOLS_CACHE_SIZE_MB + # Set the cache size to ~45% of the PVC size + {{- if .Values.searcher.storageSize }} + value: {{ trimSuffix "Gi" .Values.searcher.storageSize | mul 450 | quote }} + {{- else }} + # This value is ~45% of the default value for # storageSize in the VolumeClaimTemplate below value: "23400" {{- end }} diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index afab1c1f..7386e716 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -1073,7 +1073,7 @@ searcher: # -- Name of the ServiceAccount to be created or an existing ServiceAccount name: "" # -- Size of the PVC for searcher pods to store cache data - storageSize: 26Gi + storageSize: 52Gi storageClass: # -- Enable creation of storageClass. From 9dec91a7f1d35da337411f191732368d7d8dc894 Mon Sep 17 00:00:00 2001 From: Erik Seliger Date: Mon, 12 May 2025 14:58:00 +0200 Subject: [PATCH 3/4] Fixup --- charts/sourcegraph/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 08110c8e..77c6d31b 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -298,7 +298,7 @@ In addition to the documented values, all services also support the following va | searcher.resources | object | `{"limits":{"cpu":"2","memory":"2G"},"requests":{"cpu":"500m","memory":"500M"}}` | Resource requests & limits for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | searcher.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `searcher` | | searcher.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| searcher.storageSize | string | `"26Gi"` | Size of the PVC for searcher pods to store cache data | +| searcher.storageSize | string | `"52Gi"` | Size of the PVC for searcher pods to store cache data | | sourcegraph.affinity | object | `{}` | Global Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | From f1e57d38e2f1e89e3e0d5f2090970cc931ae8827 Mon Sep 17 00:00:00 2001 From: Erik Seliger Date: Mon, 12 May 2025 15:02:21 +0200 Subject: [PATCH 4/4] Changelog --- charts/sourcegraph/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/sourcegraph/CHANGELOG.md b/charts/sourcegraph/CHANGELOG.md index 696244ba..7b98638e 100644 --- a/charts/sourcegraph/CHANGELOG.md +++ b/charts/sourcegraph/CHANGELOG.md @@ -11,6 +11,7 @@ Use `**BREAKING**:` to denote a breaking change - Fix Pod Disruption Budget for sourcegraph-frontend - Added a startup probe to the gitserver statefulset to give it time to run the on-disk migration from repo names to repo IDs - The repo-updater service is no longer needed and has been removed from the chart. +- The symbols service is no longer needed and has been removed from the chart. Consider merging env vars and resource overrides given to symbols into searcher before upgrading. ## 5.10.0