diff --git a/.gitignore b/.gitignore index 7dcd468f..7906907d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ -generated-cluster .env .envrc .crt .key id_rsa known_hosts +dev-clusters diff --git a/README.md b/README.md index d2e0ba00..7b2ba455 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# [BETA] Sourcegraph on Kubernetes with Kustomize +# [BETA] Deploy Sourcegraph with Kustomize [![sourcegraph: beta](https://img.shields.io/badge/sourcegraph-beta-blue.svg)](https://sourcegraph.com/github.com/sourcegraph/deploy-sourcegrap-k8s) @@ -13,7 +13,7 @@ For product and [pricing](https://about.sourcegraph.com/pricing/) information, v [about.sourcegraph.com](https://about.sourcegraph.com) or [contact us](https://about.sourcegraph.com/contact/sales) for more information. -- [Installing](https://docs.sourcegraph.com/admin/deploy/kubernetes/kustomize) +- [Installing](https://docs.sourcegraph.com/admin/deploy/kubernetes) - [Configuring](https://docs.sourcegraph.com/admin/deploy/kubernetes/kustomize/configure) - [Updating](https://docs.sourcegraph.com/admin/updates/kubernetes) - [Scaling](https://docs.sourcegraph.com/admin/deploy/scale)- general advice on scaling services @@ -24,7 +24,7 @@ us](https://about.sourcegraph.com/contact/sales) for more information. ## Deploying -🚨 **The `master` branch tracks development. Use the branch of this repository corresponding to the version of Sourcegraph you wish to deploy, e.g. `git checkout v4.4.1`.** +🚨 **Please use the branch corresponding to the version of Sourcegraph you wish to deploy, e.g. `git checkout v4.5.0`.** Always refer to the [Sourcegraph Kustomize docs](https://docs.sourcegraph.com/admin/deploy/kubernetes/kustomize) for the latest instructions. @@ -34,7 +34,9 @@ When upgrading Sourcegraph, please check [upgrading docs](https://docs.sourcegra ## Contributing -We've made our deployment configurations open source to better serve our customers' needs. If there is anything we can do to make deploying Sourcegraph easier just [open an issue (in sourcegraph/sourcegraph)](https://github.com/sourcegraph/sourcegraph/issues/new?assignees=&labels=deploy-sourcegraph&template=deploy-sourcegraph.md&title=%5Bdeploy-sourcegraph%5D) or a pull request and we will respond promptly! +The `dev` branch is used to track development. + +We've made our deployment configurations open source to better serve our customers' needs. If there is anything we can do to make deploying Sourcegraph easier just [open an issue (in sourcegraph/sourcegraph)](https://github.com/sourcegraph/sourcegraph/issues/new?assignees=&labels=deploy-sourcegraph&template=deploy-sourcegraph.md&title=%5Bdeploy-sourcegraph%5D) or a pull request and we will respond as soon as possible! ## Questions & Issues diff --git a/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml b/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml index d940ae2a..1d422ba3 100644 --- a/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml +++ b/base/monitoring/cadvisor/cadvisor.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: serviceAccountName: cadvisor containers: - name: cadvisor - image: index.docker.io/sourcegraph/cadvisor:insiders@sha256:190efc306a283ed707fd09d7d65b8526beb8815fa13f31081cb290e743c62126 + image: index.docker.io/sourcegraph/cadvisor:4.4.1@sha256:87e62b4f11f6e51c8d6f363780642916b986787007808ae2ec1cc040644c10f6 args: # Kubernetes-specific flags below (other flags are baked into the Docker image) # diff --git a/base/monitoring/grafana/grafana.StatefulSet.yaml b/base/monitoring/grafana/grafana.StatefulSet.yaml index 3e426010..3ae66e8c 100644 --- a/base/monitoring/grafana/grafana.StatefulSet.yaml +++ b/base/monitoring/grafana/grafana.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: grafana - image: index.docker.io/sourcegraph/grafana:insiders@sha256:4841dd8d1eba45585eeb88f2223dd6dec158274914e737ac91141c6343b03186 + image: index.docker.io/sourcegraph/grafana:4.4.1@sha256:7e28a9761433ed3adf75788cc5e849e3faf0938b0467b4b895fbb8aa7dc36a6d terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3370 diff --git a/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml b/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml index 34af9d83..202e4d50 100644 --- a/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml +++ b/base/monitoring/node-exporter/node-exporter.DaemonSet.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: node-exporter - image: index.docker.io/sourcegraph/node-exporter:insiders@sha256:fa8e5700b7762fffe0674e944762f44bb787a7e44d97569fe55348260453bf80 + image: index.docker.io/sourcegraph/node-exporter:4.4.1@sha256:fa8e5700b7762fffe0674e944762f44bb787a7e44d97569fe55348260453bf80 imagePullPolicy: IfNotPresent resources: limits: diff --git a/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml b/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml index b802597b..2ef49ace 100644 --- a/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml +++ b/base/monitoring/otel-collector/otel-agent.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-agent - image: index.docker.io/sourcegraph/opentelemetry-collector:insiders@sha256:56a1711a25c95830468ce517b4082b593a1eadb0d72bc2dc100488418413cac9 + image: index.docker.io/sourcegraph/opentelemetry-collector:4.4.1@sha256:aab30e572c1fa8a97f98b0163ed56d0bcbd0f0fe43472937746a33b0e58c31ac command: - "/bin/otelcol-sourcegraph" - "--config=/etc/otel-agent/config.yaml" diff --git a/base/monitoring/otel-collector/otel-collector.Deployment.yaml b/base/monitoring/otel-collector/otel-collector.Deployment.yaml index 61aa13d2..8b1faba1 100644 --- a/base/monitoring/otel-collector/otel-collector.Deployment.yaml +++ b/base/monitoring/otel-collector/otel-collector.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-collector - image: index.docker.io/sourcegraph/opentelemetry-collector:insiders@sha256:56a1711a25c95830468ce517b4082b593a1eadb0d72bc2dc100488418413cac9 + image: index.docker.io/sourcegraph/opentelemetry-collector:4.4.1@sha256:aab30e572c1fa8a97f98b0163ed56d0bcbd0f0fe43472937746a33b0e58c31ac command: - "/bin/otelcol-sourcegraph" # To use a custom configuration, edit otel-collector.ConfigMap.yaml diff --git a/base/monitoring/prometheus/prometheus.ConfigMap.yaml b/base/monitoring/prometheus/prometheus.ConfigMap.yaml index a4310ae2..90b32d94 100644 --- a/base/monitoring/prometheus/prometheus.ConfigMap.yaml +++ b/base/monitoring/prometheus/prometheus.ConfigMap.yaml @@ -170,6 +170,12 @@ data: - symbols-2.symbols:6060 - symbols-3.symbols:6060 - symbols-4.symbols:6060 + - symbols-5.symbols:6060 + - symbols-6.symbols:6060 + - symbols-7.symbols:6060 + - symbols-8.symbols:6060 + - symbols-9.symbols:6060 + - symbols-10.symbols:6060 - labels: nodename: "sourcegraph-services" job: pgsql diff --git a/base/monitoring/prometheus/prometheus.Deployment.yaml b/base/monitoring/prometheus/prometheus.Deployment.yaml index 4e4851d4..2c52df4d 100644 --- a/base/monitoring/prometheus/prometheus.Deployment.yaml +++ b/base/monitoring/prometheus/prometheus.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: prometheus - image: index.docker.io/sourcegraph/prometheus:insiders@sha256:a6c02f55e4d4861094df5df18aefab6813024aae9dd8bdb5694612becc33baf3 + image: index.docker.io/sourcegraph/prometheus:4.4.1@sha256:bb1a5a8e199e9f197d98809a604b7a36fd732c993558a595b5636d4aa69d6d84 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: httpGet: diff --git a/base/sourcegraph/blobstore/blobstore.Deployment.yaml b/base/sourcegraph/blobstore/blobstore.Deployment.yaml index 4f38704f..b87ec104 100644 --- a/base/sourcegraph/blobstore/blobstore.Deployment.yaml +++ b/base/sourcegraph/blobstore/blobstore.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: blobstore - image: index.docker.io/sourcegraph/blobstore:insiders@sha256:a10b9e6be1f8bc843bd22496e6d28c2ec38aeb1f75f2eecb836cc152009d43eb + image: index.docker.io/sourcegraph/blobstore:4.4.1@sha256:d8f7d04c870f9c5c4a6b6fc8ccd7ed85980ceac6d5d527fa224499e837a39bce livenessProbe: httpGet: path: / diff --git a/base/sourcegraph/codeinsights-db/codeinsights-db.Deployment.yaml b/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml similarity index 85% rename from base/sourcegraph/codeinsights-db/codeinsights-db.Deployment.yaml rename to base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml index 45e04bb8..ccb57b06 100644 --- a/base/sourcegraph/codeinsights-db/codeinsights-db.Deployment.yaml +++ b/base/sourcegraph/codeinsights-db/codeinsights-db.StatefulSet.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: annotations: description: Code Insights Postgres DB instance. @@ -12,11 +12,12 @@ spec: minReadySeconds: 10 replicas: 1 revisionHistoryLimit: 10 + updateStrategy: + type: RollingUpdate selector: matchLabels: app: codeinsights-db - strategy: - type: Recreate + serviceName: codeinsights-db template: metadata: labels: @@ -26,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:5e047c7f753cab4a61d32728c5669ff3d6394c84ab317e8cd8ee375a402324e6 + image: index.docker.io/sourcegraph/alpine-3.14:4.4.1@sha256:d84049e03b36abe84efae5d408cb6dd16b1ca3a9ccc3e7b5e7e5ce0ca8e74dd4 command: ["sh", "-c", "if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; fi"] volumeMounts: - mountPath: /var/lib/postgresql/data/ @@ -45,7 +46,7 @@ spec: runAsUser: 70 containers: - name: codeinsights - image: index.docker.io/sourcegraph/codeinsights-db:insiders@sha256:2a245d1acbadb3f5e0fa448dd123c4edd098bfb24355087509f8b8d917b96961 + image: index.docker.io/sourcegraph/codeinsights-db:4.4.1@sha256:d83736061a1d99208d04ae60bfb15e408044dc6edba18f5fae2bdb147ae21729 env: - name: POSTGRES_DB value: postgres @@ -82,7 +83,7 @@ spec: value: postgres://postgres:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_insights_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:e1715c4e2b865670b347cdd442702718b97518922f50ddc18f471716cffd0e70 + image: index.docker.io/sourcegraph/postgres_exporter:4.4.1@sha256:ca9601bb42c6feb73d2353feee4824d4aff66efbbcb69b4d3a1d7fa613ea384c terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: @@ -106,5 +107,6 @@ spec: claimName: codeinsights-db - name: codeinsights-conf configMap: + # 511 in decimal = 0777 in octal defaultMode: 511 name: codeinsights-db-conf diff --git a/base/sourcegraph/codeinsights-db/kustomization.yaml b/base/sourcegraph/codeinsights-db/kustomization.yaml index f4445950..41691193 100644 --- a/base/sourcegraph/codeinsights-db/kustomization.yaml +++ b/base/sourcegraph/codeinsights-db/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - codeinsights-db.ConfigMap.yaml - - codeinsights-db.Deployment.yaml + - codeinsights-db.StatefulSet.yaml - codeinsights-db.PersistentVolumeClaim.yaml - codeinsights-db.Service.yaml diff --git a/base/sourcegraph/codeintel-db/codeintel-db.Deployment.yaml b/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml similarity index 84% rename from base/sourcegraph/codeintel-db/codeintel-db.Deployment.yaml rename to base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml index 34ad6ee3..e68a22b4 100644 --- a/base/sourcegraph/codeintel-db/codeintel-db.Deployment.yaml +++ b/base/sourcegraph/codeintel-db/codeintel-db.StatefulSet.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: annotations: description: Postgres database for various data. @@ -16,8 +16,9 @@ spec: selector: matchLabels: app: codeintel-db - strategy: - type: Recreate + serviceName: codeintel-db + updateStrategy: + type: RollingUpdate template: metadata: labels: @@ -27,7 +28,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:5e047c7f753cab4a61d32728c5669ff3d6394c84ab317e8cd8ee375a402324e6 + image: index.docker.io/sourcegraph/alpine-3.14:4.4.1@sha256:d84049e03b36abe84efae5d408cb6dd16b1ca3a9ccc3e7b5e7e5ce0ca8e74dd4 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -45,7 +46,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/codeintel-db:insiders@sha256:475d5373646ef42015fcf8d5d020ee5cac669399b6f693ff9c64842aed24e793 + image: index.docker.io/sourcegraph/codeintel-db:4.4.1@sha256:9fc2d35df5ccaa32f00be6c6cdc1971d4d717ccef5b43ae22573d4cecf8b490d terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -87,7 +88,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_intel_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:e1715c4e2b865670b347cdd442702718b97518922f50ddc18f471716cffd0e70 + image: index.docker.io/sourcegraph/postgres_exporter:4.4.1@sha256:ca9601bb42c6feb73d2353feee4824d4aff66efbbcb69b4d3a1d7fa613ea384c terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: @@ -111,6 +112,6 @@ spec: claimName: codeintel-db - name: pgsql-conf configMap: + # 511 in decimal = 0777 in octal defaultMode: 511 - # defaultMode: 0777 name: codeintel-db-conf diff --git a/base/sourcegraph/codeintel-db/kustomization.yaml b/base/sourcegraph/codeintel-db/kustomization.yaml index 78a3c527..b7eb6537 100644 --- a/base/sourcegraph/codeintel-db/kustomization.yaml +++ b/base/sourcegraph/codeintel-db/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - codeintel-db.ConfigMap.yaml - - codeintel-db.Deployment.yaml + - codeintel-db.StatefulSet.yaml - codeintel-db.PersistentVolumeClaim.yaml - codeintel-db.Service.yaml diff --git a/base/sourcegraph/frontend/sourcegraph-frontend.ConfigMap.yaml b/base/sourcegraph/frontend/sourcegraph-frontend.ConfigMap.yaml index c99259f6..5a280730 100644 --- a/base/sourcegraph/frontend/sourcegraph-frontend.ConfigMap.yaml +++ b/base/sourcegraph/frontend/sourcegraph-frontend.ConfigMap.yaml @@ -25,4 +25,4 @@ data: SRC_GIT_SERVERS: gitserver-0.gitserver:3178 SEARCHER_URL: http://searcher-0.searcher:3181 SYMBOLS_URL: http://symbols:3184 - INDEXED_SEARCH_SERVERS: indexed-search-0.indexed-search:6070 indexed-search-1.indexed-search:6070 indexed-search-2.indexed-search:6070 indexed-search-3.indexed-search:6070 + INDEXED_SEARCH_SERVERS: indexed-search-0.indexed-search:6070 diff --git a/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml b/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml index f05f0cdf..34a52b0a 100644 --- a/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml +++ b/base/sourcegraph/frontend/sourcegraph-frontend.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: initContainers: - name: migrator - image: index.docker.io/sourcegraph/migrator:insiders@sha256:f540c204a001a3d723c5de229c7ddb36446f7f20aaca24d29d963e9925519ae6 + image: index.docker.io/sourcegraph/migrator:4.4.1@sha256:52fa05bfcb9c47d59fa772612bf7ced8a564f08caa136391dc7694288a953cf1 args: ["up"] resources: limits: @@ -48,7 +48,7 @@ spec: name: sourcegraph-frontend-env containers: - name: frontend - image: index.docker.io/sourcegraph/frontend:insiders@sha256:b063b3d0dabdb9000929b49face859f7fa5b74cb850a7ce512eb5b104197cf6a + image: index.docker.io/sourcegraph/frontend:4.4.1@sha256:16a554421eb0c470fa1a1e0832fcdc8f1516db868aad025b5b8d54602e5045db args: - serve envFrom: diff --git a/base/sourcegraph/github-proxy/github-proxy.Deployment.yaml b/base/sourcegraph/github-proxy/github-proxy.Deployment.yaml index 91c00947..ccbcd852 100644 --- a/base/sourcegraph/github-proxy/github-proxy.Deployment.yaml +++ b/base/sourcegraph/github-proxy/github-proxy.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: github-proxy - image: index.docker.io/sourcegraph/github-proxy:insiders@sha256:a58d3afffa1de042050717771758d1c9447fb760b1a2568a0d10926f8663f34f + image: index.docker.io/sourcegraph/github-proxy:4.4.1@sha256:6fa3984c6ed2c501c53ef6dc6021f71a274b6250f43e3a1e96005d15dc1d112a env: # OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable - name: OTEL_AGENT_HOST diff --git a/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml b/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml index 642c72a6..68128821 100644 --- a/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml +++ b/base/sourcegraph/gitserver/gitserver.StatefulSet.yaml @@ -35,7 +35,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/gitserver:insiders@sha256:e2ce26308f285e73854eea82055373450f4825f39db61f5e6a7658f1495c68fc + image: index.docker.io/sourcegraph/gitserver:4.4.1@sha256:3a4ce9372fcfa631e78c5682541faed9f571f90d9fc46469d5d0d1c9907c2721 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 5 diff --git a/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml b/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml index cf7f6c50..41efa1e6 100644 --- a/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml +++ b/base/sourcegraph/indexed-search/indexed-search.StatefulSet.yaml @@ -33,7 +33,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/indexed-searcher:insiders@sha256:939c14b99f0ed394ee0f218790e10e10f0b25744b1089e484e3c22fb36e3ab93 + image: index.docker.io/sourcegraph/indexed-searcher:4.4.1@sha256:013190418308b94521e072972ae2342c41f99144205f58d61f5dfeda29ac0f58 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6070 @@ -72,7 +72,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/search-indexer:insiders@sha256:b789b8557b1814d3bb58ec11c11905863005456e00279aff6ccf8aa680bb4e0e + image: index.docker.io/sourcegraph/search-indexer:4.4.1@sha256:7716a32597300f7dfb7e974465a3bd3c62fae3aa485b48d9aa9f79ea3348f87f terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6072 diff --git a/base/sourcegraph/pgsql/kustomization.yaml b/base/sourcegraph/pgsql/kustomization.yaml index c7f08c78..27c70690 100644 --- a/base/sourcegraph/pgsql/kustomization.yaml +++ b/base/sourcegraph/pgsql/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - pgsql.ConfigMap.yaml - - pgsql.Deployment.yaml + - pgsql.StatefulSet.yaml - pgsql.PersistentVolumeClaim.yaml - pgsql.Service.yaml diff --git a/base/sourcegraph/pgsql/pgsql.Deployment.yaml b/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml similarity index 87% rename from base/sourcegraph/pgsql/pgsql.Deployment.yaml rename to base/sourcegraph/pgsql/pgsql.StatefulSet.yaml index 9224d0bb..a27166bb 100644 --- a/base/sourcegraph/pgsql/pgsql.Deployment.yaml +++ b/base/sourcegraph/pgsql/pgsql.StatefulSet.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: annotations: description: Postgres database for various data. @@ -10,14 +10,15 @@ metadata: app.kubernetes.io/component: pgsql name: pgsql spec: + serviceName: pgsql minReadySeconds: 10 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: pgsql - strategy: - type: Recreate + updateStrategy: + type: RollingUpdate template: metadata: labels: @@ -27,7 +28,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:5e047c7f753cab4a61d32728c5669ff3d6394c84ab317e8cd8ee375a402324e6 + image: index.docker.io/sourcegraph/alpine-3.14:4.4.1@sha256:d84049e03b36abe84efae5d408cb6dd16b1ca3a9ccc3e7b5e7e5ce0ca8e74dd4 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -46,7 +47,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/postgres-12-alpine:insiders@sha256:c187138e28b9f0e603ef7dd78daeb0fea8894e39e83f3a007ca97809a8627b4e + image: index.docker.io/sourcegraph/postgres-12-alpine:4.4.1@sha256:e35cc240cdff97ef5fd596a541630ce8598656872ed8fffdc267b44ee62b6ae6 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -90,7 +91,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:e1715c4e2b865670b347cdd442702718b97518922f50ddc18f471716cffd0e70 + image: index.docker.io/sourcegraph/postgres_exporter:4.4.1@sha256:ca9601bb42c6feb73d2353feee4824d4aff66efbbcb69b4d3a1d7fa613ea384c terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter ports: @@ -114,6 +115,7 @@ spec: claimName: pgsql - name: pgsql-conf configMap: + # 511 in decimal = 0777 in octal defaultMode: 511 name: pgsql-conf - name: dshm # Allocate shared memory to match the shared_buffers value diff --git a/base/sourcegraph/precise-code-intel/worker.Deployment.yaml b/base/sourcegraph/precise-code-intel/worker.Deployment.yaml index d96c7d66..9ab8cf74 100644 --- a/base/sourcegraph/precise-code-intel/worker.Deployment.yaml +++ b/base/sourcegraph/precise-code-intel/worker.Deployment.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:insiders@sha256:7b37c483cba5c9749bf74a895959f36c3086d97235ea0ea18e3b06c905034bd3 + image: index.docker.io/sourcegraph/precise-code-intel-worker:4.4.1@sha256:0d5e2f4051ed1244a1b7d9510181c80717ed55f8ca85c8896754da2ff8db4d74 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/sourcegraph/redis/redis-cache.Deployment.yaml b/base/sourcegraph/redis/redis-cache.Deployment.yaml index cbd4b649..b17cf899 100644 --- a/base/sourcegraph/redis/redis-cache.Deployment.yaml +++ b/base/sourcegraph/redis/redis-cache.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: redis-cache - image: index.docker.io/sourcegraph/redis-cache:insiders@sha256:6e6ada59c317dc5be031b691edd1172c295622a22884152af649994b2fc6136b + image: index.docker.io/sourcegraph/redis-cache:4.4.1@sha256:d26be777acb3b64ff85832e9f78c81f9a6c277d0f36f395b997f9f73d10483c0 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -54,7 +54,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:insiders@sha256:edb0c9b19cacd90acc78f13f0908a7e6efd1df704e401805c24bffd241285f70 + image: index.docker.io/sourcegraph/redis_exporter:4.4.1@sha256:edb0c9b19cacd90acc78f13f0908a7e6efd1df704e401805c24bffd241285f70 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/sourcegraph/redis/redis-store.Deployment.yaml b/base/sourcegraph/redis/redis-store.Deployment.yaml index 8b67c865..e3caf247 100644 --- a/base/sourcegraph/redis/redis-store.Deployment.yaml +++ b/base/sourcegraph/redis/redis-store.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: redis-store - image: index.docker.io/sourcegraph/redis-store:insiders@sha256:f2b5e1573fb7907c253d29651ba38112aae4788cb0a274cf9bb936284ad38527 + image: index.docker.io/sourcegraph/redis-store:4.4.1@sha256:421d9c20222284a96aabb93dc018ab6ef9c73b1e91c7e00750e9597c53ead601 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -53,7 +53,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:insiders@sha256:edb0c9b19cacd90acc78f13f0908a7e6efd1df704e401805c24bffd241285f70 + image: index.docker.io/sourcegraph/redis_exporter:4.4.1@sha256:edb0c9b19cacd90acc78f13f0908a7e6efd1df704e401805c24bffd241285f70 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml b/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml index 608dd421..135b4b8b 100644 --- a/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml +++ b/base/sourcegraph/repo-updater/repo-updater.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: repo-updater - image: index.docker.io/sourcegraph/repo-updater:insiders@sha256:6daed4707b9db2d37848b9c39e58f2494db6a2030edadc532675fe7a05d39569 + image: index.docker.io/sourcegraph/repo-updater:4.4.1@sha256:1bad38f097c90e52217e356507a0f0734332bf212a168dab795a90850668c62f env: # Required when service discovery is disabled - name: GITHUB_BASE_URL diff --git a/base/sourcegraph/searcher/searcher.StatefulSet.yaml b/base/sourcegraph/searcher/searcher.StatefulSet.yaml index a1d32cb3..882d1bc6 100644 --- a/base/sourcegraph/searcher/searcher.StatefulSet.yaml +++ b/base/sourcegraph/searcher/searcher.StatefulSet.yaml @@ -47,7 +47,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/searcher:insiders@sha256:ea74fc3e1884fa5943eef451bd49260f6a0d77540046ce14c5838e558d239452 + image: index.docker.io/sourcegraph/searcher:4.4.1@sha256:15cbbc62bbc880da859c45245d5d0af78c327e2bd0260ca39054c99a39e8fdca terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3181 diff --git a/base/sourcegraph/symbols/symbols.StatefulSet.yaml b/base/sourcegraph/symbols/symbols.StatefulSet.yaml index f35eff40..b0c36127 100644 --- a/base/sourcegraph/symbols/symbols.StatefulSet.yaml +++ b/base/sourcegraph/symbols/symbols.StatefulSet.yaml @@ -44,7 +44,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:insiders@sha256:e9a811d4d350f9e2993ca5710f18e6608862d7bb122a52fe59f5710de13c102f + image: index.docker.io/sourcegraph/symbols:4.4.1@sha256:4af7cf4bafb24fbe79f7811e62db18fe4470f29e832d1e9803836aa72acb01f2 livenessProbe: httpGet: path: /healthz diff --git a/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml b/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml index 32061f43..9ec1c944 100644 --- a/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml +++ b/base/sourcegraph/syntect-server/syntect-server.Deployment.yaml @@ -32,7 +32,7 @@ spec: allowPrivilegeEscalation: false runAsGroup: 101 runAsUser: 100 - image: index.docker.io/sourcegraph/syntax-highlighter:insiders@sha256:f727394284326eadfc588287b3d8562d9d3cb8e66c6030c2c7312abe36c343ba + image: index.docker.io/sourcegraph/syntax-highlighter:4.4.1@sha256:e5bf7c22de17cfb16fe63a58d0c855e0863ced3591bff2d9971c18c510c25fc0 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/sourcegraph/worker/worker.Deployment.yaml b/base/sourcegraph/worker/worker.Deployment.yaml index 08f407fe..497c95bd 100644 --- a/base/sourcegraph/worker/worker.Deployment.yaml +++ b/base/sourcegraph/worker/worker.Deployment.yaml @@ -48,7 +48,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/worker:insiders@sha256:bb669d3f034d6a38cf6c43f8af117cf00121fa258f3e71907e5e6acc9fe514c6 + image: index.docker.io/sourcegraph/worker:4.4.1@sha256:fda7165787589f177f82ee0f14084938ef8196300f93785319b00a7d877f07b4 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/components/clusters/minikube/kustomization.yaml b/components/clusters/minikube/kustomization.yaml index 72acba93..65b2dc95 100644 --- a/components/clusters/minikube/kustomization.yaml +++ b/components/clusters/minikube/kustomization.yaml @@ -1,5 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component +components: + - ../../storage-class/minikube patches: - target: kind: Deployment @@ -25,19 +27,6 @@ patches: group: apps version: v1 path: patches/remove-statefulset-resources-container-1.yaml - - target: - kind: PersistentVolumeClaim - patch: |- - - op: replace - path: /spec/storageClassName - # This is the default storage class for minikube - value: standard - - target: - kind: PersistentVolumeClaim - patch: |- - - op: replace - path: /spec/resources/requests/storage - value: 10Gi - target: kind: Deployment name: sourcegraph-frontend|pgsql|codeintel-db|codeinsights-db diff --git a/components/clusters/minikube/patches/remove-statefulset-resources-container-0.yaml b/components/clusters/minikube/patches/remove-statefulset-resources-container-0.yaml index b0f0f2a6..3da1d5f3 100644 --- a/components/clusters/minikube/patches/remove-statefulset-resources-container-0.yaml +++ b/components/clusters/minikube/patches/remove-statefulset-resources-container-0.yaml @@ -1,6 +1,2 @@ -- op: replace - path: /spec/volumeClaimTemplates/0/spec/storageClassName - # This is the default storage class for minikube - value: standard - op: remove path: /spec/template/spec/containers/0/resources diff --git a/components/clusters/old-base/kustomization.yaml b/components/clusters/old-base/kustomization.yaml index 3c35de3f..004f5c9d 100644 --- a/components/clusters/old-base/kustomization.yaml +++ b/components/clusters/old-base/kustomization.yaml @@ -4,30 +4,31 @@ components: - ../../monitoring - ../../monitoring/cadvisor - ../../monitoring/rbacs - # Switch from StatefulSet to Deployment + - ../../enable/service-discovery + # Switch below from StatefulSet to Deployment - ../../services/searcher/deployment - # Switch from StatefulSet to Deployment - ../../services/symbols/deployment - - ../../enable/service-discovery + - ../../services/pgsql + - ../../services/codeinsights-db + - ../../services/codeintel-db + # Add sourcegraph as default storage class name + - ../../storage-class/sourcegraph patchesStrategicMerge: - patches/blobstore/blobstore.Deployment.yaml - patches/cadvisor/cadvisor.DaemonSet.yaml - - patches/codeinsights-db/codeinsights-db.Deployment.yaml - - patches/codeintel-db/codeintel-db.Deployment.yaml - patches/frontend/sourcegraph-frontend.Deployment.yaml - patches/github-proxy/github-proxy.Deployment.yaml - patches/gitserver/gitserver.StatefulSet.yaml - patches/indexed-search/indexed-search.StatefulSet.yaml - patches/otel-collector/otel-collector.Deployment.yaml - - patches/pgsql/pgsql.Deployment.yaml - patches/precise-code-intel/worker.Deployment.yaml - patches/redis/redis-cache.Deployment.yaml - patches/redis/redis-store.Deployment.yaml - patches/repo-updater/repo-updater.Deployment.yaml - patches/syntect-server/syntect-server.Deployment.yaml - patches/worker/worker.Deployment.yaml -# To support searcher and symbols as both statefulset and deployment patchesJson6902: + # To support searcher and symbols as both statefulset and deployment - target: kind: StatefulSet|Deployment name: searcher @@ -53,7 +54,7 @@ patchesJson6902: version: v1 path: patches/remove/securityContext-daemonset.yaml - target: - kind: Deployment + kind: StatefulSet|Deployment name: codeinsights-db|codeintel-db|pgsql|sourcegraph-frontend group: apps version: v1 diff --git a/components/clusters/old-base/patches/codeinsights-db/codeinsights-db.Deployment.yaml b/components/clusters/old-base/patches/codeinsights-db/codeinsights-db.Deployment.yaml deleted file mode 100644 index a78bf09e..00000000 --- a/components/clusters/old-base/patches/codeinsights-db/codeinsights-db.Deployment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeinsights-db -spec: - template: - spec: - initContainers: - - name: correct-data-dir-permissions - securityContext: - allowPrivilegeEscalation: true - runAsGroup: 0 - runAsUser: 0 - containers: - - name: codeinsights - securityContext: - allowPrivilegeEscalation: true - runAsGroup: 0 - runAsUser: 0 - securityContext: - runAsUser: 0 - fsGroup: 0 - volumes: - - name: codeinsights-conf - configMap: - defaultMode: 0777 - name: codeinsights-db-conf diff --git a/components/clusters/old-base/patches/codeintel-db/codeintel-db.Deployment.yaml b/components/clusters/old-base/patches/codeintel-db/codeintel-db.Deployment.yaml deleted file mode 100644 index ef85254f..00000000 --- a/components/clusters/old-base/patches/codeintel-db/codeintel-db.Deployment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeintel-db -spec: - template: - spec: - initContainers: - - name: correct-data-dir-permissions - securityContext: - allowPrivilegeEscalation: true - runAsUser: 0 - runAsGroup: 0 - containers: - - name: pgsql - securityContext: - allowPrivilegeEscalation: true - runAsUser: 0 - runAsGroup: 0 - securityContext: - fsGroup: 0 - runAsUser: 0 - volumes: - - name: pgsql-conf - configMap: - defaultMode: 0777 - name: codeintel-db-conf diff --git a/components/clusters/old-base/patches/databases/securityContext.yaml b/components/clusters/old-base/patches/databases/securityContext.yaml new file mode 100644 index 00000000..f5f00a8e --- /dev/null +++ b/components/clusters/old-base/patches/databases/securityContext.yaml @@ -0,0 +1,17 @@ +- op: replace + path: /spec/template/spec/containers/0/securityContext + value: + allowPrivilegeEscalation: true + runAsGroup: 0 + runAsUser: 0 +- op: replace + path: /spec/template/spec/initContainers/0/securityContext + value: + allowPrivilegeEscalation: true + runAsGroup: 0 + runAsUser: 0 +- op: replace + path: /spec/template/spec/securityContext + value: + runAsUser: 0 + fsGroup: 0 diff --git a/components/clusters/old-base/patches/pgsql/pgsql.Deployment.yaml b/components/clusters/old-base/patches/pgsql/pgsql.Deployment.yaml deleted file mode 100644 index 47fb8cfc..00000000 --- a/components/clusters/old-base/patches/pgsql/pgsql.Deployment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pgsql -spec: - template: - spec: - initContainers: - - name: correct-data-dir-permissions - securityContext: - allowPrivilegeEscalation: true - runAsUser: 0 - runAsGroup: 0 - containers: - - name: pgsql - securityContext: - allowPrivilegeEscalation: true - runAsUser: 0 - runAsGroup: 0 - securityContext: - runAsUser: 0 - fsGroup: 0 - volumes: - - name: pgsql-conf - configMap: - defaultMode: 0777 - name: pgsql-conf \ No newline at end of file diff --git a/components/clusters/old-base/patches/remove/securityContext-databases.yaml b/components/clusters/old-base/patches/remove/securityContext-databases.yaml index 019effc8..bbc8b85d 100644 --- a/components/clusters/old-base/patches/remove/securityContext-databases.yaml +++ b/components/clusters/old-base/patches/remove/securityContext-databases.yaml @@ -1,4 +1,7 @@ - op: remove path: /spec/template/spec/initContainers/0/securityContext/allowPrivilegeEscalation - op: remove - path: /spec/template/spec/initContainers/0/securityContext/runAsGroup \ No newline at end of file + path: /spec/template/spec/initContainers/0/securityContext/runAsGroup +- op: replace + path: /spec/template/spec/initContainers/0/securityContext/runAsUser + value: 0 diff --git a/components/clusters/old-base/resources/searcher/searcher.Deployment.yaml b/components/clusters/old-base/resources/searcher/searcher.Deployment.yaml deleted file mode 100644 index 2eb7dbc5..00000000 --- a/components/clusters/old-base/resources/searcher/searcher.Deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - description: Backend for text search operations. - kubectl.kubernetes.io/default-container: searcher - labels: - deploy: sourcegraph - sourcegraph-resource-requires: no-cluster-admin - app.kubernetes.io/component: searcher - name: searcher -spec: - minReadySeconds: 10 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: searcher - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - deploy: sourcegraph - app: searcher - spec: - containers: - - name: searcher - env: - - name: SEARCHER_CACHE_SIZE_MB - valueFrom: - resourceFieldRef: - containerName: searcher - resource: requests.ephemeral-storage - divisor: 1M - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CACHE_DIR - value: /mnt/cache/$(POD_NAME) - # OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/searcher:187572_2022-12-06_cbecc5321c7d@sha256:c0d7b580c31e956dc586e3947edd2afb850cf5954e83010236294c57478256da - terminationMessagePolicy: FallbackToLogsOnError - ports: - - containerPort: 3181 - name: http - - containerPort: 6060 - name: debug - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: http - scheme: HTTP - periodSeconds: 5 - timeoutSeconds: 5 - resources: - limits: - cpu: "2" - ephemeral-storage: "26G" - memory: 2G - requests: - cpu: 500m - ephemeral-storage: "25G" - memory: 500M - volumeMounts: - - mountPath: /mnt/cache - name: cache-ssd - securityContext: - runAsUser: 0 - fsGroup: 0 - fsGroupChangePolicy: OnRootMismatch - volumes: - - emptyDir: {} - name: cache-ssd diff --git a/components/clusters/old-base/resources/symbols/symbols.Deployment.yaml b/components/clusters/old-base/resources/symbols/symbols.Deployment.yaml deleted file mode 100644 index 87d07ea4..00000000 --- a/components/clusters/old-base/resources/symbols/symbols.Deployment.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - description: Backend for symbols operations. - kubectl.kubernetes.io/default-container: symbols - labels: - deploy: sourcegraph - sourcegraph-resource-requires: no-cluster-admin - app.kubernetes.io/component: symbols - name: symbols -spec: - minReadySeconds: 10 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: symbols - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - deploy: sourcegraph - app: symbols - spec: - containers: - - name: symbols - env: - - name: SYMBOLS_CACHE_SIZE_MB - valueFrom: - resourceFieldRef: - containerName: symbols - resource: requests.ephemeral-storage - divisor: 1M - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CACHE_DIR - value: /mnt/cache/$(POD_NAME) - # OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:187572_2022-12-06_cbecc5321c7d@sha256:75615a60f318dc898eae2e5037efcd53e63cf28c2b8fca388b6923d215ff9db9 - terminationMessagePolicy: FallbackToLogsOnError - livenessProbe: - httpGet: - path: /healthz - port: http - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /healthz - port: http - scheme: HTTP - periodSeconds: 5 - timeoutSeconds: 5 - ports: - - containerPort: 3184 - name: http - - containerPort: 6060 - name: debug - resources: - limits: - cpu: "2" - ephemeral-storage: "12G" - memory: 2G - requests: - cpu: 500m - ephemeral-storage: "10G" - memory: 500M - volumeMounts: - - mountPath: /mnt/cache - name: cache-ssd - securityContext: - runAsUser: 0 - fsGroup: 0 - fsGroupChangePolicy: OnRootMismatch - volumes: - - emptyDir: {} - name: cache-ssd diff --git a/components/custom/resources/configs/resources.yaml b/components/custom/resources/configs/resources.yaml index 5d05d8fa..22c6dc3e 100644 --- a/components/custom/resources/configs/resources.yaml +++ b/components/custom/resources/configs/resources.yaml @@ -60,6 +60,23 @@ # memory: "2Gi" --- # apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: codeinsights-db +# spec: +# template: +# spec: +# containers: +# - name: codeinsights +# resources: +# limits: +# cpu: "4" +# memory: "2Gi" +# requests: +# cpu: "4" +# memory: "2Gi" +--- +# apiVersion: apps/v1 # kind: Deployment # metadata: # name: codeintel-db @@ -77,6 +94,23 @@ # memory: 8G --- # apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: codeintel-db +# spec: +# template: +# spec: +# containers: +# - name: pgsql +# resources: +# limits: +# cpu: "16" +# memory: 16G +# requests: +# cpu: "8" +# memory: 8G +--- +# apiVersion: apps/v1 # kind: Deployment # metadata: # name: sourcegraph-frontend @@ -184,6 +218,23 @@ # memory: 4Gi --- # apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: pgsql +# spec: +# template: +# spec: +# containers: +# - name: pgsql +# resources: +# limits: +# cpu: "4" +# memory: 4Gi +# requests: +# cpu: "4" +# memory: 4Gi +--- +# apiVersion: apps/v1 # kind: Deployment # metadata: # name: precise-code-intel-worker diff --git a/components/custom/security-context/configs/monitoring/cadvisor.DaemonSet.yaml b/components/custom/security-context/configs/monitoring/cadvisor.DaemonSet.yaml deleted file mode 100644 index 60fa7856..00000000 --- a/components/custom/security-context/configs/monitoring/cadvisor.DaemonSet.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# apiVersion: apps/v1 -# kind: DaemonSet -# metadata: -# name: cadvisor -# spec: -# template: -# spec: -# serviceAccountName: cadvisor -# containers: -# - name: cadvisor -# securityContext: -# privileged: true diff --git a/components/custom/security-context/configs/monitoring/grafana.StatefulSet.yaml b/components/custom/security-context/configs/monitoring/grafana.StatefulSet.yaml deleted file mode 100644 index c8d0ee19..00000000 --- a/components/custom/security-context/configs/monitoring/grafana.StatefulSet.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: StatefulSet -# metadata: -# name: grafana -# spec: -# template: -# spec: -# containers: -# - name: grafana -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 472 -# runAsUser: 472 -# securityContext: -# runAsUser: 472 -# fsGroup: 472 diff --git a/components/custom/security-context/configs/monitoring/node-exporter.DaemonSet.yaml b/components/custom/security-context/configs/monitoring/node-exporter.DaemonSet.yaml deleted file mode 100644 index 670922ee..00000000 --- a/components/custom/security-context/configs/monitoring/node-exporter.DaemonSet.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# apiVersion: apps/v1 -# kind: DaemonSet -# metadata: -# name: node-exporter -# spec: -# template: -# spec: -# containers: -# - name: node-exporter -# securityContext: -# allowPrivilegeEscalation: false -# readOnlyRootFilesystem: true -# runAsGroup: 65534 -# runAsUser: 65534 -# securityContext: -# fsGroup: 65534 -# runAsGroup: 65534 -# runAsNonRoot: true -# runAsUser: 65534 diff --git a/components/custom/security-context/configs/monitoring/otel-agent.DaemonSet.yaml b/components/custom/security-context/configs/monitoring/otel-agent.DaemonSet.yaml deleted file mode 100644 index 2615093f..00000000 --- a/components/custom/security-context/configs/monitoring/otel-agent.DaemonSet.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# apiVersion: apps/v1 -# kind: DaemonSet -# metadata: -# name: otel-agent -# spec: -# template: -# spec: -# containers: -# - name: otel-agent -# securityContext: -# # Required to prevent escalations to root. -# allowPrivilegeEscalation: false -# runAsUser: 100 -# runAsGroup: 101 diff --git a/components/custom/security-context/configs/monitoring/otel-collector.Deployment.yaml b/components/custom/security-context/configs/monitoring/otel-collector.Deployment.yaml deleted file mode 100644 index 9e771260..00000000 --- a/components/custom/security-context/configs/monitoring/otel-collector.Deployment.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: otel-collector -# spec: -# template: -# spec: -# containers: -# - name: otel-collector -# securityContext: -# # Required to prevent escalations to root. -# allowPrivilegeEscalation: false -# runAsUser: 100 -# runAsGroup: 101 -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/monitoring/prometheus.Deployment.yaml b/components/custom/security-context/configs/monitoring/prometheus.Deployment.yaml deleted file mode 100644 index 4c2b994c..00000000 --- a/components/custom/security-context/configs/monitoring/prometheus.Deployment.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: prometheus -# spec: -# template: -# spec: -# containers: -# - name: prometheus -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 100 -# runAsUser: 100 -# terminationGracePeriodSeconds: 120 -# securityContext: -# runAsUser: 100 -# fsGroup: 100 diff --git a/components/custom/security-context/configs/sourcegraph/blobstore.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/blobstore.Deployment.yaml deleted file mode 100644 index e4d6a239..00000000 --- a/components/custom/security-context/configs/sourcegraph/blobstore.Deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: blobstore -# spec: -# template: -# spec: -# containers: -# - name: blobstore -# securityContext: -# runAsUser: 100 -# runAsGroup: 101 -# allowPrivilegeEscalation: false -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/sourcegraph/codeintel-db.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/codeintel-db.Deployment.yaml deleted file mode 100644 index e043aa43..00000000 --- a/components/custom/security-context/configs/sourcegraph/codeintel-db.Deployment.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: codeintel-db -# spec: -# template: -# spec: -# initContainers: -# - name: correct-data-dir-permissions -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 999 -# runAsUser: 999 -# containers: -# - name: pgsql -# securityContext: -# allowPrivilegeEscalation: false -# runAsUser: 999 -# runAsGroup: 999 -# securityContext: -# fsGroup: 999 -# runAsUser: 999 diff --git a/components/custom/security-context/configs/sourcegraph/github-proxy.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/github-proxy.Deployment.yaml deleted file mode 100644 index d23b1633..00000000 --- a/components/custom/security-context/configs/sourcegraph/github-proxy.Deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: github-proxy -# spec: -# template: -# spec: -# containers: -# - name: github-proxy -# securityContext: -# runAsUser: 100 -# runAsGroup: 101 -# allowPrivilegeEscalation: false -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/sourcegraph/gitserver.StatefulSet.yaml b/components/custom/security-context/configs/sourcegraph/gitserver.StatefulSet.yaml deleted file mode 100644 index a4839feb..00000000 --- a/components/custom/security-context/configs/sourcegraph/gitserver.StatefulSet.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: StatefulSet -# metadata: -# name: gitserver -# spec: -# template: -# spec: -# containers: -# - name: gitserver -# securityContext: -# runAsUser: 100 -# runAsGroup: 101 -# allowPrivilegeEscalation: false -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/sourcegraph/indexed-search.StatefulSet.yaml b/components/custom/security-context/configs/sourcegraph/indexed-search.StatefulSet.yaml deleted file mode 100644 index 3a314dc8..00000000 --- a/components/custom/security-context/configs/sourcegraph/indexed-search.StatefulSet.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# apiVersion: apps/v1 -# kind: StatefulSet -# metadata: -# name: indexed-search -# spec: -# template: -# spec: -# containers: -# - name: zoekt-webserver -# securityContext: -# allowPrivilegeEscalation: false -# runAsUser: 100 -# runAsGroup: 101 -# - name: zoekt-indexserver -# securityContext: -# allowPrivilegeEscalation: false -# runAsUser: 100 -# runAsGroup: 101 -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/sourcegraph/pgsql.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/pgsql.Deployment.yaml deleted file mode 100644 index 6ec31ff0..00000000 --- a/components/custom/security-context/configs/sourcegraph/pgsql.Deployment.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: pgsql -# spec: -# template: -# spec: -# initContainers: -# - name: correct-data-dir-permissions -# securityContext: -# allowPrivilegeEscalation: false -# runAsUser: 999 -# runAsGroup: 999 -# containers: -# - name: pgsql -# securityContext: -# allowPrivilegeEscalation: false -# runAsUser: 999 -# runAsGroup: 999 -# securityContext: -# runAsUser: 999 -# fsGroup: 999 diff --git a/components/custom/security-context/configs/sourcegraph/precise-code-intel-worker.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/precise-code-intel-worker.Deployment.yaml deleted file mode 100644 index 1689ed50..00000000 --- a/components/custom/security-context/configs/sourcegraph/precise-code-intel-worker.Deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: precise-code-intel-worker -# spec: -# template: -# spec: -# containers: -# - name: precise-code-intel-worker -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 101 -# runAsUser: 100 -# securityContext: -# fsGroup: 101 -# runAsUser: 100 diff --git a/components/custom/security-context/configs/sourcegraph/redis-cache.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/redis-cache.Deployment.yaml deleted file mode 100644 index c08b1e69..00000000 --- a/components/custom/security-context/configs/sourcegraph/redis-cache.Deployment.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: redis-cache -# spec: -# template: -# spec: -# containers: -# - name: redis-cache -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 1000 -# runAsUser: 999 -# - name: redis-exporter -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 1000 -# runAsUser: 999 -# securityContext: -# runAsUser: 999 -# fsGroup: 1000 diff --git a/components/custom/security-context/configs/sourcegraph/redis-store.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/redis-store.Deployment.yaml deleted file mode 100644 index 46b063a8..00000000 --- a/components/custom/security-context/configs/sourcegraph/redis-store.Deployment.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: redis-store -# spec: -# template: -# spec: -# containers: -# - name: redis-store -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 1000 -# runAsUser: 999 -# - name: redis-exporter -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 1000 -# runAsUser: 999 -# securityContext: -# runAsUser: 999 -# fsGroup: 1000 diff --git a/components/custom/security-context/configs/sourcegraph/repo-updater.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/repo-updater.Deployment.yaml deleted file mode 100644 index 7ed9d898..00000000 --- a/components/custom/security-context/configs/sourcegraph/repo-updater.Deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: repo-updater -# spec: -# template: -# spec: -# containers: -# - name: repo-updater -# securityContext: -# runAsGroup: 101 -# runAsUser: 100 -# allowPrivilegeEscalation: false -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/sourcegraph/searcher.StatefulSet.yaml b/components/custom/security-context/configs/sourcegraph/searcher.StatefulSet.yaml deleted file mode 100644 index af6ba608..00000000 --- a/components/custom/security-context/configs/sourcegraph/searcher.StatefulSet.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: StatefulSet -# metadata: -# name: searcher -# spec: -# template: -# spec: -# containers: -# - name: searcher -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 101 -# runAsUser: 100 -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/sourcegraph/sourcegraph-frontend.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/sourcegraph-frontend.Deployment.yaml deleted file mode 100644 index 2bf695cb..00000000 --- a/components/custom/security-context/configs/sourcegraph/sourcegraph-frontend.Deployment.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: sourcegraph-frontend -# spec: -# template: -# spec: -# initContainers: -# - name: migrator -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 101 -# runAsUser: 100 -# containers: -# - name: frontend -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 101 -# runAsUser: 100 -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/sourcegraph/symbols.StatefulSet.yaml b/components/custom/security-context/configs/sourcegraph/symbols.StatefulSet.yaml deleted file mode 100644 index a48e4e0b..00000000 --- a/components/custom/security-context/configs/sourcegraph/symbols.StatefulSet.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: StatefulSet -# metadata: -# name: symbols -# spec: -# template: -# spec: -# securityContext: -# runAsUser: 100 -# fsGroup: 101 -# containers: -# - name: symbols -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 101 -# runAsUser: 100 diff --git a/components/custom/security-context/configs/sourcegraph/syntect-server.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/syntect-server.Deployment.yaml deleted file mode 100644 index 65ac7bac..00000000 --- a/components/custom/security-context/configs/sourcegraph/syntect-server.Deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: syntect-server -# spec: -# template: -# spec: -# containers: -# - name: syntect-server -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 101 -# runAsUser: 100 -# securityContext: -# runAsUser: 100 -# fsGroup: 101 diff --git a/components/custom/security-context/configs/sourcegraph/worker.Deployment.yaml b/components/custom/security-context/configs/sourcegraph/worker.Deployment.yaml deleted file mode 100644 index a723114b..00000000 --- a/components/custom/security-context/configs/sourcegraph/worker.Deployment.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: worker -# spec: -# template: -# spec: -# containers: -# - name: worker -# securityContext: -# # Required to prevent escalations to root. -# allowPrivilegeEscalation: false -# runAsUser: 100 -# runAsGroup: 101 -# securityContext: -# runAsUser: 100 -# fsGroup: 101 -# fsGroupChangePolicy: OnRootMismatch diff --git a/components/custom/security-context/kustomization.yaml b/components/custom/security-context/kustomization.yaml deleted file mode 100644 index fc97d8d8..00000000 --- a/components/custom/security-context/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -patchesStrategicMerge: - - patches/codeinsights-db.Deployment.yaml - - patches/codeintel-db.Deployment.yaml - - patches/pgsql.Deployment.yaml diff --git a/components/patches/resources.yaml b/components/patches/resources.yaml index 5d05d8fa..e5ee22f5 100644 --- a/components/patches/resources.yaml +++ b/components/patches/resources.yaml @@ -60,6 +60,28 @@ # memory: "2Gi" --- # apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: codeinsights-db +# spec: +# template: +# spec: +# containers: +# - name: codeinsights +# resources: +# limits: +# cpu: "4" +# memory: "2Gi" +# requests: +# cpu: "4" +# memory: "2Gi" +# volumeClaimTemplates: +# - spec: +# resources: +# requests: +# storage: 200Gi +--- +# apiVersion: apps/v1 # kind: Deployment # metadata: # name: codeintel-db @@ -77,6 +99,28 @@ # memory: 8G --- # apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: codeintel-db +# spec: +# template: +# spec: +# containers: +# - name: pgsql +# resources: +# limits: +# cpu: "16" +# memory: 16G +# requests: +# cpu: "8" +# memory: 8G +# volumeClaimTemplates: +# - spec: +# resources: +# requests: +# storage: 200Gi +--- +# apiVersion: apps/v1 # kind: Deployment # metadata: # name: sourcegraph-frontend @@ -184,6 +228,28 @@ # memory: 4Gi --- # apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: pgsql +# spec: +# template: +# spec: +# containers: +# - name: pgsql +# resources: +# limits: +# cpu: "4" +# memory: 4Gi +# requests: +# cpu: "4" +# memory: 4Gi +# volumeClaimTemplates: +# - spec: +# resources: +# requests: +# storage: 200Gi +--- +# apiVersion: apps/v1 # kind: Deployment # metadata: # name: precise-code-intel-worker diff --git a/components/patches/security-context/sourcegraph/codeinsights-db.Deployment.yaml b/components/patches/security-context/sourcegraph/codeinsights-db.Deployment.yaml deleted file mode 100644 index c33f1b57..00000000 --- a/components/patches/security-context/sourcegraph/codeinsights-db.Deployment.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# name: codeinsights-db -# spec: -# template: -# spec: -# initContainers: -# - name: correct-data-dir-permissions -# securityContext: -# # Required to prevent escalations to root. -# allowPrivilegeEscalation: false -# runAsGroup: 70 -# runAsUser: 70 -# containers: -# - name: codeinsights -# securityContext: -# allowPrivilegeEscalation: false -# runAsGroup: 70 -# runAsUser: 70 -# # Pod security context -# securityContext: -# runAsUser: 70 -# fsGroup: 70 diff --git a/components/custom/security-context/configs/sourcegraph/codeinsights-db.Deployment.yaml b/components/patches/security-context/sourcegraph/codeinsights-db.StatefulSet.yaml similarity index 96% rename from components/custom/security-context/configs/sourcegraph/codeinsights-db.Deployment.yaml rename to components/patches/security-context/sourcegraph/codeinsights-db.StatefulSet.yaml index c33f1b57..34395b00 100644 --- a/components/custom/security-context/configs/sourcegraph/codeinsights-db.Deployment.yaml +++ b/components/patches/security-context/sourcegraph/codeinsights-db.StatefulSet.yaml @@ -1,5 +1,5 @@ # apiVersion: apps/v1 -# kind: Deployment +# kind: StatefulSet # metadata: # name: codeinsights-db # spec: diff --git a/components/patches/security-context/sourcegraph/codeintel-db.Deployment.yaml b/components/patches/security-context/sourcegraph/codeintel-db.StatefulSet.yaml similarity index 96% rename from components/patches/security-context/sourcegraph/codeintel-db.Deployment.yaml rename to components/patches/security-context/sourcegraph/codeintel-db.StatefulSet.yaml index e043aa43..5ca9671e 100644 --- a/components/patches/security-context/sourcegraph/codeintel-db.Deployment.yaml +++ b/components/patches/security-context/sourcegraph/codeintel-db.StatefulSet.yaml @@ -1,5 +1,5 @@ # apiVersion: apps/v1 -# kind: Deployment +# kind: StatefulSet # metadata: # name: codeintel-db # spec: diff --git a/components/patches/security-context/sourcegraph/pgsql.Deployment.yaml b/components/patches/security-context/sourcegraph/pgsql.StatefulSet.yaml similarity index 96% rename from components/patches/security-context/sourcegraph/pgsql.Deployment.yaml rename to components/patches/security-context/sourcegraph/pgsql.StatefulSet.yaml index 6ec31ff0..faccf09c 100644 --- a/components/patches/security-context/sourcegraph/pgsql.Deployment.yaml +++ b/components/patches/security-context/sourcegraph/pgsql.StatefulSet.yaml @@ -1,5 +1,5 @@ # apiVersion: apps/v1 -# kind: Deployment +# kind: StatefulSet # metadata: # name: pgsql # spec: diff --git a/components/privileged/kustomization.yaml b/components/privileged/kustomization.yaml index aba20782..5c4f3a17 100644 --- a/components/privileged/kustomization.yaml +++ b/components/privileged/kustomization.yaml @@ -2,13 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component patchesStrategicMerge: - patches/blobstore/blobstore.Deployment.yaml - - patches/codeinsights-db/codeinsights-db.Deployment.yaml - - patches/codeintel-db/codeintel-db.Deployment.yaml - patches/frontend/sourcegraph-frontend.Deployment.yaml - patches/github-proxy/github-proxy.Deployment.yaml - patches/gitserver/gitserver.StatefulSet.yaml - patches/indexed-search/indexed-search.StatefulSet.yaml - - patches/pgsql/pgsql.Deployment.yaml - patches/precise-code-intel/worker.Deployment.yaml - patches/redis/redis-cache.Deployment.yaml - patches/redis/redis-store.Deployment.yaml @@ -29,3 +26,9 @@ patchesJson6902: group: apps version: v1 path: patches/symbols/symbols.yaml + - target: + kind: StatefulSet|Deployment + name: codeinsights-db|codeintel-db|pgsql + group: apps + version: v1 + path: patches/databases/securityContext.yaml diff --git a/components/privileged/patches/codeinsights-db/codeinsights-db.Deployment.yaml b/components/privileged/patches/codeinsights-db/codeinsights-db.Deployment.yaml deleted file mode 100644 index a78bf09e..00000000 --- a/components/privileged/patches/codeinsights-db/codeinsights-db.Deployment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeinsights-db -spec: - template: - spec: - initContainers: - - name: correct-data-dir-permissions - securityContext: - allowPrivilegeEscalation: true - runAsGroup: 0 - runAsUser: 0 - containers: - - name: codeinsights - securityContext: - allowPrivilegeEscalation: true - runAsGroup: 0 - runAsUser: 0 - securityContext: - runAsUser: 0 - fsGroup: 0 - volumes: - - name: codeinsights-conf - configMap: - defaultMode: 0777 - name: codeinsights-db-conf diff --git a/components/privileged/patches/codeintel-db/codeintel-db.Deployment.yaml b/components/privileged/patches/codeintel-db/codeintel-db.Deployment.yaml deleted file mode 100644 index ef85254f..00000000 --- a/components/privileged/patches/codeintel-db/codeintel-db.Deployment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeintel-db -spec: - template: - spec: - initContainers: - - name: correct-data-dir-permissions - securityContext: - allowPrivilegeEscalation: true - runAsUser: 0 - runAsGroup: 0 - containers: - - name: pgsql - securityContext: - allowPrivilegeEscalation: true - runAsUser: 0 - runAsGroup: 0 - securityContext: - fsGroup: 0 - runAsUser: 0 - volumes: - - name: pgsql-conf - configMap: - defaultMode: 0777 - name: codeintel-db-conf diff --git a/components/privileged/patches/databases/securityContext.yaml b/components/privileged/patches/databases/securityContext.yaml new file mode 100644 index 00000000..f5f00a8e --- /dev/null +++ b/components/privileged/patches/databases/securityContext.yaml @@ -0,0 +1,17 @@ +- op: replace + path: /spec/template/spec/containers/0/securityContext + value: + allowPrivilegeEscalation: true + runAsGroup: 0 + runAsUser: 0 +- op: replace + path: /spec/template/spec/initContainers/0/securityContext + value: + allowPrivilegeEscalation: true + runAsGroup: 0 + runAsUser: 0 +- op: replace + path: /spec/template/spec/securityContext + value: + runAsUser: 0 + fsGroup: 0 diff --git a/components/privileged/patches/pgsql/pgsql.Deployment.yaml b/components/privileged/patches/pgsql/pgsql.Deployment.yaml deleted file mode 100644 index 47fb8cfc..00000000 --- a/components/privileged/patches/pgsql/pgsql.Deployment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pgsql -spec: - template: - spec: - initContainers: - - name: correct-data-dir-permissions - securityContext: - allowPrivilegeEscalation: true - runAsUser: 0 - runAsGroup: 0 - containers: - - name: pgsql - securityContext: - allowPrivilegeEscalation: true - runAsUser: 0 - runAsGroup: 0 - securityContext: - runAsUser: 0 - fsGroup: 0 - volumes: - - name: pgsql-conf - configMap: - defaultMode: 0777 - name: pgsql-conf \ No newline at end of file diff --git a/components/remove/codeinsights-db/kustomization.yaml b/components/remove/codeinsights-db/deployment/kustomization.yaml similarity index 100% rename from components/remove/codeinsights-db/kustomization.yaml rename to components/remove/codeinsights-db/deployment/kustomization.yaml diff --git a/components/remove/codeinsights-db/statefulset/kustomization.yaml b/components/remove/codeinsights-db/statefulset/kustomization.yaml new file mode 100644 index 00000000..1f0f42e8 --- /dev/null +++ b/components/remove/codeinsights-db/statefulset/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patchesStrategicMerge: + - |- + $patch: delete + apiVersion: v1 + kind: ConfigMap + metadata: + name: codeinsights-db-conf + - |- + $patch: delete + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: codeinsights-db + - |- + $patch: delete + apiVersion: v1 + kind: Service + metadata: + name: codeinsights-db diff --git a/components/remove/codeintel-db/kustomization.yaml b/components/remove/codeintel-db/deployment/kustomization.yaml similarity index 100% rename from components/remove/codeintel-db/kustomization.yaml rename to components/remove/codeintel-db/deployment/kustomization.yaml diff --git a/components/remove/codeintel-db/statefulset/kustomization.yaml b/components/remove/codeintel-db/statefulset/kustomization.yaml new file mode 100644 index 00000000..bf8ce68c --- /dev/null +++ b/components/remove/codeintel-db/statefulset/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patchesStrategicMerge: + - |- + $patch: delete + apiVersion: v1 + kind: ConfigMap + metadata: + name: codeintel-db-conf + - |- + $patch: delete + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: codeintel-db + - |- + $patch: delete + apiVersion: v1 + kind: Service + metadata: + name: codeintel-db diff --git a/components/remove/pgsql/kustomization.yaml b/components/remove/pgsql/deployment/kustomization.yaml similarity index 100% rename from components/remove/pgsql/kustomization.yaml rename to components/remove/pgsql/deployment/kustomization.yaml diff --git a/components/remove/pgsql/statefulset/kustomization.yaml b/components/remove/pgsql/statefulset/kustomization.yaml new file mode 100644 index 00000000..efb8ba77 --- /dev/null +++ b/components/remove/pgsql/statefulset/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patchesStrategicMerge: + - |- + $patch: delete + apiVersion: v1 + kind: ConfigMap + metadata: + name: pgsql-conf + - |- + $patch: delete + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: pgsql + - |- + $patch: delete + apiVersion: v1 + kind: Service + metadata: + name: pgsql diff --git a/components/remove/pvcs/kustomization.yaml b/components/remove/pvcs/kustomization.yaml index d62a0fcf..b8881440 100644 --- a/components/remove/pvcs/kustomization.yaml +++ b/components/remove/pvcs/kustomization.yaml @@ -2,47 +2,53 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component patchesJson6902: - target: - kind: Deployment - name: blobstore|codeinsights-db|codeintel-db|pgsql|redis-cache|redis-store + kind: StatefulSet|Deployment + name: blobstore|codeinsights-db|codeintel-db|pgsql|redis-cache|redis-store|prometheus version: v1 patch: |- - - op: replace + - op: remove path: /spec/template/spec/volumes/0/persistentVolumeClaim - value: null + - target: + kind: PersistentVolumeClaim + name: .* + version: v1 + patch: |- + - op: remove + path: /spec patchesStrategicMerge: -- |- - $patch: delete - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: blobstore -- |- - $patch: delete - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: codeinsights-db -- |- - $patch: delete - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: codeintel-db -- |- - $patch: delete - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: pgsql -- |- - $patch: delete - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: redis-cache -- |- - $patch: delete - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: redis-store \ No newline at end of file + - |- + $patch: delete + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: blobstore + - |- + $patch: delete + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: codeinsights-db + - |- + $patch: delete + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: codeintel-db + - |- + $patch: delete + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: pgsql + - |- + $patch: delete + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: redis-cache + - |- + $patch: delete + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: redis-store diff --git a/components/remove/requests/kustomization.yaml b/components/remove/requests/kustomization.yaml index 7801cddb..0a612036 100644 --- a/components/remove/requests/kustomization.yaml +++ b/components/remove/requests/kustomization.yaml @@ -2,9 +2,23 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component patchesJson6902: - target: - kind: Deployment|StatefulSet + kind: Deployment|StatefulSet|DaemonSet name: .* version: v1 patch: |- - op: remove path: /spec/template/spec/containers/0/resources/requests + - target: + kind: StatefulSet|Deployment + name: pgsql|codeinsights-db|codeintel-db|indexed-search|redis-cache|redis-store + version: v1 + patch: |- + - op: remove + path: /spec/template/spec/containers/1/resources/requests + - target: + kind: StatefulSet|Deployment + name: pgsql|codeinsights-db|codeintel-db|sourcegraph-frontend + version: v1 + patch: |- + - op: remove + path: /spec/template/spec/initContainers/0/resources/requests diff --git a/components/remove/resources/kustomization.yaml b/components/remove/resources/kustomization.yaml index e7b924dd..5c7504cf 100644 --- a/components/remove/resources/kustomization.yaml +++ b/components/remove/resources/kustomization.yaml @@ -2,18 +2,18 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component patchesJson6902: - target: - kind: Deployment|StatefulSet + kind: Deployment|StatefulSet|DaemonSet name: .* group: apps version: v1 path: patches/container-0.yaml - target: - kind: StatefulSet - name: indexed-search + kind: StatefulSet|Deployment + name: pgsql|codeinsights-db|codeintel-db|indexed-search|redis-cache|redis-store version: v1 path: patches/container-1.yaml - target: - kind: Deployment + kind: StatefulSet|Deployment name: pgsql|codeinsights-db|codeintel-db|sourcegraph-frontend version: v1 path: patches/container-init.yaml diff --git a/components/remove/security-context/kustomization.yaml b/components/remove/security-context/kustomization.yaml index f9c78040..abce6631 100644 --- a/components/remove/security-context/kustomization.yaml +++ b/components/remove/security-context/kustomization.yaml @@ -14,13 +14,13 @@ patchesJson6902: version: v1 path: patches/securityContext-daemonset.yaml - target: - kind: Deployment + kind: Deployment|StatefulSet name: codeinsights-db|codeintel-db|pgsql|sourcegraph-frontend group: apps version: v1 path: patches/securityContext-databases.yaml - target: - kind: Deployment + kind: Deployment|StatefulSet name: codeinsights-db|codeintel-db|pgsql|sourcegraph-frontend group: apps version: v1 diff --git a/components/services/codeinsights-db/kustomization.yaml b/components/services/codeinsights-db/kustomization.yaml new file mode 100644 index 00000000..850ea8e8 --- /dev/null +++ b/components/services/codeinsights-db/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patches: + - path: patches/codeinsights-db.Deployment.yaml + target: + kind: StatefulSet + name: codeinsights-db + options: + allowKindChange: true diff --git a/components/services/codeinsights-db/patches/codeinsights-db.Deployment.yaml b/components/services/codeinsights-db/patches/codeinsights-db.Deployment.yaml new file mode 100644 index 00000000..c1d92d6a --- /dev/null +++ b/components/services/codeinsights-db/patches/codeinsights-db.Deployment.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: codeinsights-db +spec: + updateStrategy: + $patch: delete + strategy: + type: Recreate + volumeClaimTemplates: + serviceName: diff --git a/components/services/codeintel-db/kustomization.yaml b/components/services/codeintel-db/kustomization.yaml new file mode 100644 index 00000000..58ac926d --- /dev/null +++ b/components/services/codeintel-db/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patches: + - path: patches/codeintel-db.Deployment.yaml + target: + kind: StatefulSet + name: codeintel-db + options: + allowKindChange: true diff --git a/components/services/codeintel-db/patches/codeintel-db.Deployment.yaml b/components/services/codeintel-db/patches/codeintel-db.Deployment.yaml new file mode 100644 index 00000000..c1d92d6a --- /dev/null +++ b/components/services/codeintel-db/patches/codeintel-db.Deployment.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: codeinsights-db +spec: + updateStrategy: + $patch: delete + strategy: + type: Recreate + volumeClaimTemplates: + serviceName: diff --git a/components/services/pgsql/kustomization.yaml b/components/services/pgsql/kustomization.yaml new file mode 100644 index 00000000..17044213 --- /dev/null +++ b/components/services/pgsql/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patches: + - path: patches/pgsql.Deployment.yaml + target: + kind: StatefulSet + name: pgsql + options: + allowKindChange: true diff --git a/components/services/pgsql/patches/pgsql.Deployment.yaml b/components/services/pgsql/patches/pgsql.Deployment.yaml new file mode 100644 index 00000000..c1d92d6a --- /dev/null +++ b/components/services/pgsql/patches/pgsql.Deployment.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: codeinsights-db +spec: + updateStrategy: + $patch: delete + strategy: + type: Recreate + volumeClaimTemplates: + serviceName: diff --git a/components/services/searcher/deployment/patches/searcher.Deployment.yaml b/components/services/searcher/deployment/patches/searcher.Deployment.yaml index 80a984f5..4dbed061 100644 --- a/components/services/searcher/deployment/patches/searcher.Deployment.yaml +++ b/components/services/searcher/deployment/patches/searcher.Deployment.yaml @@ -3,6 +3,12 @@ kind: Deployment metadata: name: searcher spec: + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + replica: 2 template: spec: containers: @@ -48,3 +54,5 @@ spec: name: cache-ssd updateStrategy: $patch: delete + volumeClaimTemplates: + serviceName: diff --git a/components/services/symbols/deployment/patches/symbols.Deployment.yaml b/components/services/symbols/deployment/patches/symbols.Deployment.yaml index 5f01bceb..4e77085e 100644 --- a/components/services/symbols/deployment/patches/symbols.Deployment.yaml +++ b/components/services/symbols/deployment/patches/symbols.Deployment.yaml @@ -3,6 +3,11 @@ kind: Deployment metadata: name: symbols spec: + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate template: spec: containers: @@ -48,3 +53,5 @@ spec: name: cache-ssd updateStrategy: $patch: delete + volumeClaimTemplates: + serviceName: diff --git a/components/sizes/l/kustomization.yaml b/components/sizes/l/kustomization.yaml index adee7a5e..76dbb168 100644 --- a/components/sizes/l/kustomization.yaml +++ b/components/sizes/l/kustomization.yaml @@ -19,3 +19,21 @@ patchesJson6902: group: apps version: v1 path: patches/symbols.yaml + - target: + kind: StatefulSet|Deployment + name: pgsql + group: apps + version: v1 + path: patches/pgsql.yaml + - target: + kind: StatefulSet|Deployment + name: codeinsights-db + group: apps + version: v1 + path: patches/codeinsights-db.yaml + - target: + kind: StatefulSet|Deployment + name: codeintel-db + group: apps + version: v1 + path: patches/codeintel-db.yaml diff --git a/components/sizes/l/patches/codeinsights-db.yaml b/components/sizes/l/patches/codeinsights-db.yaml new file mode 100644 index 00000000..807c9beb --- /dev/null +++ b/components/sizes/l/patches/codeinsights-db.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 2G diff --git a/components/sizes/l/patches/codeintel-db.yaml b/components/sizes/l/patches/codeintel-db.yaml new file mode 100644 index 00000000..423bc7c6 --- /dev/null +++ b/components/sizes/l/patches/codeintel-db.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 4G diff --git a/components/sizes/l/patches/pgsql.yaml b/components/sizes/l/patches/pgsql.yaml new file mode 100644 index 00000000..95e3af60 --- /dev/null +++ b/components/sizes/l/patches/pgsql.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 6G diff --git a/components/sizes/l/patches/resources.yaml b/components/sizes/l/patches/resources.yaml index 03e54f6e..e7cff5ed 100644 --- a/components/sizes/l/patches/resources.yaml +++ b/components/sizes/l/patches/resources.yaml @@ -6,39 +6,11 @@ spec: template: spec: containers: - - name: blobstore - resources: - limits: - cpu: "2" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeinsights-db -spec: - template: - spec: - containers: - - name: codeinsights - resources: - limits: - cpu: "4" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeintel-db -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 4Gi + - name: blobstore + resources: + limits: + cpu: "2" + memory: 2Gi --- apiVersion: apps/v1 kind: Deployment @@ -48,25 +20,11 @@ spec: template: spec: containers: - - name: github-proxy - resources: - limits: - cpu: "1" - memory: 1G ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pgsql -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 6Gi + - name: github-proxy + resources: + limits: + cpu: "1" + memory: 1G --- apiVersion: apps/v1 kind: Deployment @@ -77,11 +35,11 @@ spec: template: spec: containers: - - name: precise-code-intel-worker - resources: - limits: - cpu: "2" - memory: 50G + - name: precise-code-intel-worker + resources: + limits: + cpu: "2" + memory: 50G --- apiVersion: apps/v1 kind: Deployment @@ -91,11 +49,11 @@ spec: template: spec: containers: - - name: redis-cache - resources: - limits: - cpu: "1" - memory: 5Gi + - name: redis-cache + resources: + limits: + cpu: "1" + memory: 5Gi --- apiVersion: apps/v1 kind: Deployment @@ -105,11 +63,11 @@ spec: template: spec: containers: - - name: redis-store - resources: - limits: - cpu: "1" - memory: 6Gi + - name: redis-store + resources: + limits: + cpu: "1" + memory: 6Gi --- apiVersion: apps/v1 kind: Deployment @@ -119,11 +77,11 @@ spec: template: spec: containers: - - name: repo-updater - resources: - limits: - cpu: "4" - memory: 4Gi + - name: repo-updater + resources: + limits: + cpu: "4" + memory: 4Gi --- apiVersion: apps/v1 kind: Deployment @@ -134,12 +92,12 @@ spec: template: spec: containers: - - name: frontend - resources: - limits: - cpu: "6" - memory: 6G - ephemeral-storage: 8Gi + - name: frontend + resources: + limits: + cpu: "6" + memory: 6G + ephemeral-storage: 8Gi --- apiVersion: apps/v1 kind: StatefulSet @@ -150,18 +108,18 @@ spec: template: spec: containers: - - name: symbols - resources: - limits: - cpu: "4" - memory: 4G - env: - # Enables Rockskip - - name: USE_ROCKSKIP - value: "true" - # Uses Rockskip for all repositories over 1GB - - name: ROCKSKIP_MIN_REPO_SIZE_MB - value: "1000" + - name: symbols + resources: + limits: + cpu: "4" + memory: 4G + env: + # Enables Rockskip + - name: USE_ROCKSKIP + value: "true" + # Uses Rockskip for all repositories over 1GB + - name: ROCKSKIP_MIN_REPO_SIZE_MB + value: "1000" --- apiVersion: apps/v1 kind: Deployment @@ -172,11 +130,11 @@ spec: template: spec: containers: - - name: syntect-server - resources: - limits: - cpu: "4" - memory: 6G + - name: syntect-server + resources: + limits: + cpu: "4" + memory: 6G --- apiVersion: apps/v1 kind: Deployment @@ -187,11 +145,11 @@ spec: template: spec: containers: - - name: worker - resources: - limits: - cpu: "4" - memory: 4G + - name: worker + resources: + limits: + cpu: "4" + memory: 4G --- apiVersion: apps/v1 kind: StatefulSet @@ -202,11 +160,11 @@ spec: template: spec: containers: - - name: gitserver - resources: - limits: - cpu: "8" - memory: 26G + - name: gitserver + resources: + limits: + cpu: "8" + memory: 26G --- apiVersion: apps/v1 kind: StatefulSet @@ -217,13 +175,13 @@ spec: template: spec: containers: - - name: zoekt-webserver - resources: - limits: - cpu: "8" - memory: 16G - - name: zoekt-indexserver - resources: - limits: - cpu: "4" - memory: 16G + - name: zoekt-webserver + resources: + limits: + cpu: "8" + memory: 16G + - name: zoekt-indexserver + resources: + limits: + cpu: "4" + memory: 16G diff --git a/components/sizes/m/kustomization.yaml b/components/sizes/m/kustomization.yaml index adee7a5e..76dbb168 100644 --- a/components/sizes/m/kustomization.yaml +++ b/components/sizes/m/kustomization.yaml @@ -19,3 +19,21 @@ patchesJson6902: group: apps version: v1 path: patches/symbols.yaml + - target: + kind: StatefulSet|Deployment + name: pgsql + group: apps + version: v1 + path: patches/pgsql.yaml + - target: + kind: StatefulSet|Deployment + name: codeinsights-db + group: apps + version: v1 + path: patches/codeinsights-db.yaml + - target: + kind: StatefulSet|Deployment + name: codeintel-db + group: apps + version: v1 + path: patches/codeintel-db.yaml diff --git a/components/sizes/m/patches/codeinsights-db.yaml b/components/sizes/m/patches/codeinsights-db.yaml new file mode 100644 index 00000000..807c9beb --- /dev/null +++ b/components/sizes/m/patches/codeinsights-db.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 2G diff --git a/components/sizes/m/patches/codeintel-db.yaml b/components/sizes/m/patches/codeintel-db.yaml new file mode 100644 index 00000000..423bc7c6 --- /dev/null +++ b/components/sizes/m/patches/codeintel-db.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 4G diff --git a/components/sizes/m/patches/pgsql.yaml b/components/sizes/m/patches/pgsql.yaml new file mode 100644 index 00000000..95e3af60 --- /dev/null +++ b/components/sizes/m/patches/pgsql.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 6G diff --git a/components/sizes/m/patches/resources.yaml b/components/sizes/m/patches/resources.yaml index 5b39cd95..76476777 100644 --- a/components/sizes/m/patches/resources.yaml +++ b/components/sizes/m/patches/resources.yaml @@ -6,39 +6,11 @@ spec: template: spec: containers: - - name: blobstore - resources: - limits: - cpu: "2" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeinsights-db -spec: - template: - spec: - containers: - - name: codeinsights - resources: - limits: - cpu: "4" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeintel-db -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 4Gi + - name: blobstore + resources: + limits: + cpu: "2" + memory: 2Gi --- apiVersion: apps/v1 kind: Deployment @@ -48,25 +20,11 @@ spec: template: spec: containers: - - name: github-proxy - resources: - limits: - cpu: "1" - memory: 1G ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pgsql -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 6Gi + - name: github-proxy + resources: + limits: + cpu: "1" + memory: 1G --- apiVersion: apps/v1 kind: Deployment @@ -77,11 +35,11 @@ spec: template: spec: containers: - - name: precise-code-intel-worker - resources: - limits: - cpu: "2" - memory: 50G + - name: precise-code-intel-worker + resources: + limits: + cpu: "2" + memory: 50G --- apiVersion: apps/v1 kind: Deployment @@ -91,11 +49,11 @@ spec: template: spec: containers: - - name: redis-cache - resources: - limits: - cpu: "1" - memory: 5Gi + - name: redis-cache + resources: + limits: + cpu: "1" + memory: 5Gi --- apiVersion: apps/v1 kind: Deployment @@ -105,11 +63,11 @@ spec: template: spec: containers: - - name: redis-store - resources: - limits: - cpu: "1" - memory: 5Gi + - name: redis-store + resources: + limits: + cpu: "1" + memory: 5Gi --- apiVersion: apps/v1 kind: Deployment @@ -119,11 +77,11 @@ spec: template: spec: containers: - - name: repo-updater - resources: - limits: - cpu: "4" - memory: 4Gi + - name: repo-updater + resources: + limits: + cpu: "4" + memory: 4Gi --- apiVersion: apps/v1 kind: Deployment @@ -134,12 +92,12 @@ spec: template: spec: containers: - - name: frontend - resources: - limits: - cpu: "4" - memory: 8G - ephemeral-storage: 8Gi + - name: frontend + resources: + limits: + cpu: "4" + memory: 8G + ephemeral-storage: 8Gi --- apiVersion: apps/v1 kind: Deployment @@ -150,11 +108,11 @@ spec: template: spec: containers: - - name: syntect-server - resources: - limits: - cpu: "4" - memory: 6G + - name: syntect-server + resources: + limits: + cpu: "4" + memory: 6G --- apiVersion: apps/v1 kind: Deployment @@ -165,11 +123,11 @@ spec: template: spec: containers: - - name: worker - resources: - limits: - cpu: "4" - memory: 4G + - name: worker + resources: + limits: + cpu: "4" + memory: 4G --- apiVersion: apps/v1 kind: StatefulSet @@ -180,11 +138,11 @@ spec: template: spec: containers: - - name: gitserver - resources: - limits: - cpu: "6" - memory: 26G + - name: gitserver + resources: + limits: + cpu: "6" + memory: 26G --- apiVersion: apps/v1 kind: StatefulSet @@ -195,13 +153,13 @@ spec: template: spec: containers: - - name: zoekt-webserver - resources: - limits: - cpu: "6" - memory: 12G - - name: zoekt-indexserver - resources: - limits: - cpu: "4" - memory: 12G + - name: zoekt-webserver + resources: + limits: + cpu: "6" + memory: 12G + - name: zoekt-indexserver + resources: + limits: + cpu: "4" + memory: 12G diff --git a/components/sizes/s/kustomization.yaml b/components/sizes/s/kustomization.yaml index adee7a5e..76dbb168 100644 --- a/components/sizes/s/kustomization.yaml +++ b/components/sizes/s/kustomization.yaml @@ -19,3 +19,21 @@ patchesJson6902: group: apps version: v1 path: patches/symbols.yaml + - target: + kind: StatefulSet|Deployment + name: pgsql + group: apps + version: v1 + path: patches/pgsql.yaml + - target: + kind: StatefulSet|Deployment + name: codeinsights-db + group: apps + version: v1 + path: patches/codeinsights-db.yaml + - target: + kind: StatefulSet|Deployment + name: codeintel-db + group: apps + version: v1 + path: patches/codeintel-db.yaml diff --git a/components/sizes/s/patches/codeinsights-db.yaml b/components/sizes/s/patches/codeinsights-db.yaml new file mode 100644 index 00000000..807c9beb --- /dev/null +++ b/components/sizes/s/patches/codeinsights-db.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 2G diff --git a/components/sizes/s/patches/codeintel-db.yaml b/components/sizes/s/patches/codeintel-db.yaml new file mode 100644 index 00000000..423bc7c6 --- /dev/null +++ b/components/sizes/s/patches/codeintel-db.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 4G diff --git a/components/sizes/s/patches/pgsql.yaml b/components/sizes/s/patches/pgsql.yaml new file mode 100644 index 00000000..95e3af60 --- /dev/null +++ b/components/sizes/s/patches/pgsql.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 6G diff --git a/components/sizes/s/patches/resources.yaml b/components/sizes/s/patches/resources.yaml index 909d7b51..63f398ec 100644 --- a/components/sizes/s/patches/resources.yaml +++ b/components/sizes/s/patches/resources.yaml @@ -6,39 +6,11 @@ spec: template: spec: containers: - - name: blobstore - resources: - limits: - cpu: "2" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeinsights-db -spec: - template: - spec: - containers: - - name: codeinsights - resources: - limits: - cpu: "4" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeintel-db -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 4Gi + - name: blobstore + resources: + limits: + cpu: "2" + memory: 2Gi --- apiVersion: apps/v1 kind: Deployment @@ -48,25 +20,11 @@ spec: template: spec: containers: - - name: github-proxy - resources: - limits: - cpu: "1" - memory: 1G ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pgsql -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 6Gi + - name: github-proxy + resources: + limits: + cpu: "1" + memory: 1G --- apiVersion: apps/v1 kind: Deployment @@ -77,11 +35,11 @@ spec: template: spec: containers: - - name: precise-code-intel-worker - resources: - limits: - cpu: "2" - memory: 50G + - name: precise-code-intel-worker + resources: + limits: + cpu: "2" + memory: 50G --- apiVersion: apps/v1 kind: Deployment @@ -91,11 +49,11 @@ spec: template: spec: containers: - - name: redis-cache - resources: - limits: - cpu: "1" - memory: 2Gi + - name: redis-cache + resources: + limits: + cpu: "1" + memory: 2Gi --- apiVersion: apps/v1 kind: Deployment @@ -105,11 +63,11 @@ spec: template: spec: containers: - - name: redis-store - resources: - limits: - cpu: "1" - memory: 4Gi + - name: redis-store + resources: + limits: + cpu: "1" + memory: 4Gi --- apiVersion: apps/v1 kind: Deployment @@ -119,11 +77,11 @@ spec: template: spec: containers: - - name: repo-updater - resources: - limits: - cpu: "4" - memory: 4Gi + - name: repo-updater + resources: + limits: + cpu: "4" + memory: 4Gi --- apiVersion: apps/v1 kind: Deployment @@ -134,12 +92,12 @@ spec: template: spec: containers: - - name: frontend - resources: - limits: - cpu: "4" - memory: 8G - ephemeral-storage: 8Gi + - name: frontend + resources: + limits: + cpu: "4" + memory: 8G + ephemeral-storage: 8Gi --- apiVersion: apps/v1 kind: Deployment @@ -150,11 +108,11 @@ spec: template: spec: containers: - - name: syntect-server - resources: - limits: - cpu: "4" - memory: 6G + - name: syntect-server + resources: + limits: + cpu: "4" + memory: 6G --- apiVersion: apps/v1 kind: Deployment @@ -165,11 +123,11 @@ spec: template: spec: containers: - - name: worker - resources: - limits: - cpu: "4" - memory: 4G + - name: worker + resources: + limits: + cpu: "4" + memory: 4G --- apiVersion: apps/v1 kind: StatefulSet @@ -180,11 +138,11 @@ spec: template: spec: containers: - - name: gitserver - resources: - limits: - cpu: "6" - memory: 26G + - name: gitserver + resources: + limits: + cpu: "6" + memory: 26G --- apiVersion: apps/v1 kind: StatefulSet @@ -195,13 +153,13 @@ spec: template: spec: containers: - - name: zoekt-webserver - resources: - limits: - cpu: "4" - memory: 12G - - name: zoekt-indexserver - resources: - limits: - cpu: "4" - memory: 12G + - name: zoekt-webserver + resources: + limits: + cpu: "4" + memory: 12G + - name: zoekt-indexserver + resources: + limits: + cpu: "4" + memory: 12G diff --git a/components/sizes/xl/kustomization.yaml b/components/sizes/xl/kustomization.yaml index ecb279c4..7d863540 100644 --- a/components/sizes/xl/kustomization.yaml +++ b/components/sizes/xl/kustomization.yaml @@ -20,3 +20,21 @@ patchesJson6902: group: apps version: v1 path: patches/symbols.yaml + - target: + kind: StatefulSet|Deployment + name: pgsql + group: apps + version: v1 + path: patches/pgsql.yaml + - target: + kind: StatefulSet|Deployment + name: codeinsights-db + group: apps + version: v1 + path: patches/codeinsights-db.yaml + - target: + kind: StatefulSet|Deployment + name: codeintel-db + group: apps + version: v1 + path: patches/codeintel-db.yaml diff --git a/components/sizes/xl/patches/codeinsights-db.yaml b/components/sizes/xl/patches/codeinsights-db.yaml new file mode 100644 index 00000000..807c9beb --- /dev/null +++ b/components/sizes/xl/patches/codeinsights-db.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 2G diff --git a/components/sizes/xl/patches/codeintel-db.yaml b/components/sizes/xl/patches/codeintel-db.yaml new file mode 100644 index 00000000..423bc7c6 --- /dev/null +++ b/components/sizes/xl/patches/codeintel-db.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 4G diff --git a/components/sizes/xl/patches/pgsql.yaml b/components/sizes/xl/patches/pgsql.yaml new file mode 100644 index 00000000..97ef2952 --- /dev/null +++ b/components/sizes/xl/patches/pgsql.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "8" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 32G diff --git a/components/sizes/xl/patches/resources.yaml b/components/sizes/xl/patches/resources.yaml index 9e3fe644..1231d1c5 100644 --- a/components/sizes/xl/patches/resources.yaml +++ b/components/sizes/xl/patches/resources.yaml @@ -6,39 +6,11 @@ spec: template: spec: containers: - - name: blobstore - resources: - limits: - cpu: "2" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeinsights-db -spec: - template: - spec: - containers: - - name: codeinsights - resources: - limits: - cpu: "4" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeintel-db -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 4Gi + - name: blobstore + resources: + limits: + cpu: "2" + memory: 2Gi --- apiVersion: apps/v1 kind: Deployment @@ -48,25 +20,11 @@ spec: template: spec: containers: - - name: github-proxy - resources: - limits: - cpu: "1" - memory: 1G ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pgsql -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "8" - memory: 32Gi + - name: github-proxy + resources: + limits: + cpu: "1" + memory: 1G --- apiVersion: apps/v1 kind: Deployment @@ -77,11 +35,11 @@ spec: template: spec: containers: - - name: precise-code-intel-worker - resources: - limits: - cpu: "2" - memory: 50G + - name: precise-code-intel-worker + resources: + limits: + cpu: "2" + memory: 50G --- apiVersion: apps/v1 kind: Deployment @@ -91,11 +49,11 @@ spec: template: spec: containers: - - name: redis-cache - resources: - limits: - cpu: "1" - memory: 5Gi + - name: redis-cache + resources: + limits: + cpu: "1" + memory: 5Gi --- apiVersion: apps/v1 kind: Deployment @@ -105,11 +63,11 @@ spec: template: spec: containers: - - name: redis-store - resources: - limits: - cpu: "1" - memory: 8Gi + - name: redis-store + resources: + limits: + cpu: "1" + memory: 8Gi --- apiVersion: apps/v1 kind: Deployment @@ -119,11 +77,11 @@ spec: template: spec: containers: - - name: repo-updater - resources: - limits: - cpu: "4" - memory: 4Gi + - name: repo-updater + resources: + limits: + cpu: "4" + memory: 4Gi --- apiVersion: apps/v1 kind: Deployment @@ -134,12 +92,12 @@ spec: template: spec: containers: - - name: frontend - resources: - limits: - cpu: "9" - memory: 24G - ephemeral-storage: 12Gi + - name: frontend + resources: + limits: + cpu: "9" + memory: 24G + ephemeral-storage: 12Gi --- apiVersion: apps/v1 kind: Deployment @@ -150,11 +108,11 @@ spec: template: spec: containers: - - name: syntect-server - resources: - limits: - cpu: "4" - memory: 6G + - name: syntect-server + resources: + limits: + cpu: "4" + memory: 6G --- apiVersion: apps/v1 kind: Deployment @@ -165,11 +123,11 @@ spec: template: spec: containers: - - name: worker - resources: - limits: - cpu: "4" - memory: 4G + - name: worker + resources: + limits: + cpu: "4" + memory: 4G --- apiVersion: apps/v1 kind: StatefulSet @@ -180,11 +138,11 @@ spec: template: spec: containers: - - name: gitserver - resources: - limits: - cpu: "12" - memory: 20G + - name: gitserver + resources: + limits: + cpu: "12" + memory: 20G --- apiVersion: apps/v1 kind: StatefulSet @@ -195,13 +153,13 @@ spec: template: spec: containers: - - name: zoekt-webserver - resources: - limits: - cpu: "12" - memory: 16G - - name: zoekt-indexserver - resources: - limits: - cpu: "5" - memory: 10G + - name: zoekt-webserver + resources: + limits: + cpu: "12" + memory: 16G + - name: zoekt-indexserver + resources: + limits: + cpu: "5" + memory: 10G diff --git a/components/sizes/xs/kustomization.yaml b/components/sizes/xs/kustomization.yaml index adee7a5e..fd36a155 100644 --- a/components/sizes/xs/kustomization.yaml +++ b/components/sizes/xs/kustomization.yaml @@ -19,3 +19,9 @@ patchesJson6902: group: apps version: v1 path: patches/symbols.yaml + - target: + kind: StatefulSet|Deployment + name: pgsql|codeinsights-db|codeintel-db + group: apps + version: v1 + path: patches/databases.yaml diff --git a/components/sizes/xs/patches/databases.yaml b/components/sizes/xs/patches/databases.yaml new file mode 100644 index 00000000..423bc7c6 --- /dev/null +++ b/components/sizes/xs/patches/databases.yaml @@ -0,0 +1,6 @@ +- op: replace + path: /spec/template/spec/containers/0/resources/limits/cpu + value: "4" +- op: replace + path: /spec/template/spec/containers/0/resources/limits/memory + value: 4G diff --git a/components/sizes/xs/patches/resources.yaml b/components/sizes/xs/patches/resources.yaml index 3d0b381b..50ef7fa8 100644 --- a/components/sizes/xs/patches/resources.yaml +++ b/components/sizes/xs/patches/resources.yaml @@ -6,39 +6,11 @@ spec: template: spec: containers: - - name: blobstore - resources: - limits: - cpu: "1" - memory: 500M ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeinsights-db -spec: - template: - spec: - containers: - - name: codeinsights - resources: - limits: - cpu: "4" - memory: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeintel-db -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 4Gi + - name: blobstore + resources: + limits: + cpu: "1" + memory: 500M --- apiVersion: apps/v1 kind: Deployment @@ -48,25 +20,11 @@ spec: template: spec: containers: - - name: github-proxy - resources: - limits: - cpu: "1" - memory: 1G ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pgsql -spec: - template: - spec: - containers: - - name: pgsql - resources: - limits: - cpu: "4" - memory: 4Gi + - name: github-proxy + resources: + limits: + cpu: "1" + memory: 1G --- apiVersion: apps/v1 kind: Deployment @@ -77,11 +35,11 @@ spec: template: spec: containers: - - name: precise-code-intel-worker - resources: - limits: - cpu: "2" - memory: 4G + - name: precise-code-intel-worker + resources: + limits: + cpu: "2" + memory: 4G --- apiVersion: apps/v1 kind: Deployment @@ -91,11 +49,11 @@ spec: template: spec: containers: - - name: redis-cache - resources: - limits: - cpu: "1" - memory: 3Gi + - name: redis-cache + resources: + limits: + cpu: "1" + memory: 3Gi --- apiVersion: apps/v1 kind: Deployment @@ -105,11 +63,11 @@ spec: template: spec: containers: - - name: redis-store - resources: - limits: - cpu: "1" - memory: 3Gi + - name: redis-store + resources: + limits: + cpu: "1" + memory: 3Gi --- apiVersion: apps/v1 kind: Deployment @@ -119,11 +77,11 @@ spec: template: spec: containers: - - name: repo-updater - resources: - limits: - cpu: "1" - memory: 2Gi + - name: repo-updater + resources: + limits: + cpu: "1" + memory: 2Gi --- apiVersion: apps/v1 kind: Deployment @@ -134,12 +92,12 @@ spec: template: spec: containers: - - name: frontend - resources: - limits: - cpu: "4" - memory: 8G - ephemeral-storage: 8Gi + - name: frontend + resources: + limits: + cpu: "4" + memory: 8G + ephemeral-storage: 8Gi --- apiVersion: apps/v1 kind: Deployment @@ -150,11 +108,11 @@ spec: template: spec: containers: - - name: syntect-server - resources: - limits: - cpu: "4" - memory: 6G + - name: syntect-server + resources: + limits: + cpu: "4" + memory: 6G --- apiVersion: apps/v1 kind: Deployment @@ -165,11 +123,11 @@ spec: template: spec: containers: - - name: worker - resources: - limits: - cpu: "4" - memory: 4G + - name: worker + resources: + limits: + cpu: "4" + memory: 4G --- apiVersion: apps/v1 kind: StatefulSet @@ -180,11 +138,11 @@ spec: template: spec: containers: - - name: gitserver - resources: - limits: - cpu: "4" - memory: 8G + - name: gitserver + resources: + limits: + cpu: "4" + memory: 8G --- apiVersion: apps/v1 kind: StatefulSet @@ -195,13 +153,13 @@ spec: template: spec: containers: - - name: zoekt-webserver - resources: - limits: - cpu: "8" - memory: 50G - - name: zoekt-indexserver - resources: - limits: - cpu: "8" - memory: 8G + - name: zoekt-webserver + resources: + limits: + cpu: "8" + memory: 50G + - name: zoekt-indexserver + resources: + limits: + cpu: "8" + memory: 8G diff --git a/components/storage-class/aws/ebs-csi/kustomization.yaml b/components/storage-class/aws/ebs-csi/kustomization.yaml index 8f050639..7d4bc5f9 100644 --- a/components/storage-class/aws/ebs-csi/kustomization.yaml +++ b/components/storage-class/aws/ebs-csi/kustomization.yaml @@ -5,7 +5,7 @@ resources: patchesJson6902: - target: kind: StatefulSet - name: .* + name: searcher|symbols|indexed-search|grafana|gitserver group: apps version: v1 patch: |- diff --git a/components/storage-class/aws/eks-ebs/kustomization.yaml b/components/storage-class/aws/eks-ebs/kustomization.yaml index 8f050639..7d4bc5f9 100644 --- a/components/storage-class/aws/eks-ebs/kustomization.yaml +++ b/components/storage-class/aws/eks-ebs/kustomization.yaml @@ -5,7 +5,7 @@ resources: patchesJson6902: - target: kind: StatefulSet - name: .* + name: searcher|symbols|indexed-search|grafana|gitserver group: apps version: v1 patch: |- diff --git a/components/storage-class/azure/kustomization.yaml b/components/storage-class/azure/kustomization.yaml index 8f050639..7d4bc5f9 100644 --- a/components/storage-class/azure/kustomization.yaml +++ b/components/storage-class/azure/kustomization.yaml @@ -5,7 +5,7 @@ resources: patchesJson6902: - target: kind: StatefulSet - name: .* + name: searcher|symbols|indexed-search|grafana|gitserver group: apps version: v1 patch: |- diff --git a/components/storage-class/cloud/kustomization.yaml b/components/storage-class/cloud/kustomization.yaml index cf253d13..4ca71018 100644 --- a/components/storage-class/cloud/kustomization.yaml +++ b/components/storage-class/cloud/kustomization.yaml @@ -12,7 +12,7 @@ configMapGenerator: patchesJson6902: - target: kind: StatefulSet - name: .* + name: searcher|symbols|indexed-search|grafana|gitserver group: apps version: v1 patch: |- @@ -29,7 +29,7 @@ patchesJson6902: value: sourcegraph - target: kind: StatefulSet - name: .* + name: searcher|symbols|indexed-search|grafana|gitserver group: apps version: v1 path: patches/replace-storageclass-name-sts.yaml diff --git a/components/storage-class/gcp/kustomization.yaml b/components/storage-class/gcp/kustomization.yaml index 8f050639..7d4bc5f9 100644 --- a/components/storage-class/gcp/kustomization.yaml +++ b/components/storage-class/gcp/kustomization.yaml @@ -5,7 +5,7 @@ resources: patchesJson6902: - target: kind: StatefulSet - name: .* + name: searcher|symbols|indexed-search|grafana|gitserver group: apps version: v1 patch: |- diff --git a/components/storage-class/k3s/kustomization.yaml b/components/storage-class/k3s/kustomization.yaml index 9624508a..59d2b7ad 100644 --- a/components/storage-class/k3s/kustomization.yaml +++ b/components/storage-class/k3s/kustomization.yaml @@ -3,7 +3,7 @@ kind: Component patchesJson6902: - target: kind: StatefulSet - name: .* + name: searcher|symbols|indexed-search|grafana|gitserver group: apps version: v1 path: patches/replace-storageclass-name-sts.yaml diff --git a/components/storage-class/minikube/kustomization.yaml b/components/storage-class/minikube/kustomization.yaml new file mode 100644 index 00000000..574c616a --- /dev/null +++ b/components/storage-class/minikube/kustomization.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patches: + - target: + kind: StatefulSet + name: searcher|symbols|indexed-search|grafana|gitserver + group: apps + version: v1 + patch: |- + - op: replace + path: /spec/volumeClaimTemplates/0/spec/storageClassName + # This is the default storage class for minikube + value: standard + - target: + kind: PersistentVolumeClaim + patch: |- + - op: replace + path: /spec/storageClassName + # This is the default storage class for minikube + value: standard + - target: + kind: PersistentVolumeClaim + patch: |- + - op: replace + path: /spec/resources/requests/storage + value: 10Gi diff --git a/components/storage-class/sourcegraph/kustomization.yaml b/components/storage-class/sourcegraph/kustomization.yaml index e2b4d336..5c7a1744 100644 --- a/components/storage-class/sourcegraph/kustomization.yaml +++ b/components/storage-class/sourcegraph/kustomization.yaml @@ -3,7 +3,7 @@ kind: Component patchesJson6902: - target: kind: StatefulSet - name: .* + name: searcher|symbols|indexed-search|grafana|gitserver group: apps version: v1 patch: |- diff --git a/components/storage-class/update-class-name/kustomization.yaml b/components/storage-class/update-class-name/kustomization.yaml index 7d6518f0..85e72467 100644 --- a/components/storage-class/update-class-name/kustomization.yaml +++ b/components/storage-class/update-class-name/kustomization.yaml @@ -8,19 +8,7 @@ configMapGenerator: patchesJson6902: - target: kind: StatefulSet - name: .* - group: apps - version: v1 - path: patches/replace-storageclass-name-sts.yaml - - target: - kind: StatefulSet|Deployment - name: searcher - group: apps - version: v1 - path: patches/replace-storageclass-name-sts.yaml - - target: - kind: StatefulSet|Deployment - name: symbols + name: indexed-search|grafana|gitserver|searcher|symbols group: apps version: v1 path: patches/replace-storageclass-name-sts.yaml diff --git a/components/utils/migrate-to-nonprivileged/README.md b/components/utils/migrate-to-nonprivileged/README.md new file mode 100644 index 00000000..3f90d7ae --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/README.md @@ -0,0 +1,2 @@ +This kustomization injects initContainers in all pods with persistent volumes to transfer ownership of directories to +specified non-root users. It is used for migrating existing installations to a non-root environment. diff --git a/components/utils/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml b/components/utils/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml new file mode 100644 index 00000000..15a013ab --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: blobstore +spec: + template: + spec: + initContainers: + - name: transfer-file-ownership + image: index.docker.io/sourcegraph/alpine-3.14 + command: ["sh", "-c", "chown -R 100:101 /data"] + volumeMounts: + - mountPath: /data + name: blobstore-data + securityContext: + runAsUser: 0 diff --git a/components/utils/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml b/components/utils/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml new file mode 100644 index 00000000..503674b1 --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: gitserver +spec: + template: + spec: + initContainers: + - name: transfer-file-ownership + image: index.docker.io/sourcegraph/alpine-3.14:insiders + command: + [ + "sh", + "-c", + 'if [[ "$(stat -c ''%u'' /data/repos)" -ne 100 ]]; then chown -R 100:101 /data/repos; fi', + ] + volumeMounts: + - mountPath: /data/repos + name: repos + securityContext: + runAsUser: 0 diff --git a/components/utils/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml b/components/utils/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml new file mode 100644 index 00000000..09b9d079 --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: grafana +spec: + template: + spec: + initContainers: + - name: transfer-file-ownership + image: index.docker.io/sourcegraph/alpine-3.14 + command: ["sh", "-c", "chown -R 472:472 /var/lib/grafana"] + volumeMounts: + - mountPath: /var/lib/grafana + name: grafana-data + securityContext: + runAsUser: 0 diff --git a/components/utils/migrate-to-nonprivileged/images-update.yaml b/components/utils/migrate-to-nonprivileged/images-update.yaml new file mode 100644 index 00000000..017a4fba --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/images-update.yaml @@ -0,0 +1,50 @@ +- source: + kind: StatefulSet + name: pgsql + fieldPath: spec.template.spec.initContainers.0.image + targets: + - select: + kind: StatefulSet + name: indexed-search + fieldPaths: + - spec.template.spec.initContainers.0.image + - select: + kind: Deployment + name: blobstore + fieldPaths: + - spec.template.spec.initContainers.0.image + - select: + kind: StatefulSet + name: gitserver + fieldPaths: + - spec.template.spec.initContainers.0.image + - select: + kind: StatefulSet + name: grafana + fieldPaths: + - spec.template.spec.initContainers.0.image + - select: + kind: Deployment + name: prometheus + fieldPaths: + - spec.template.spec.initContainers.0.image + - select: + kind: Deployment + name: redis-cache + fieldPaths: + - spec.template.spec.initContainers.0.image + - select: + kind: Deployment + name: searcher + fieldPaths: + - spec.template.spec.initContainers.0.image + - select: + kind: StatefulSet + name: searcher + fieldPaths: + - spec.template.spec.initContainers.0.image + - select: + kind: Deployment + name: redis-store + fieldPaths: + - spec.template.spec.initContainers.0.image diff --git a/components/utils/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml b/components/utils/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml new file mode 100644 index 00000000..b6f99bb7 --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: indexed-search +spec: + template: + spec: + initContainers: + - name: transfer-file-ownership + image: index.docker.io/sourcegraph/alpine-3.14 + command: ["sh", "-c", "chown -R 100:101 /data"] + volumeMounts: + - mountPath: /data + name: data + securityContext: + runAsUser: 0 diff --git a/components/utils/migrate-to-nonprivileged/kustomization.yaml b/components/utils/migrate-to-nonprivileged/kustomization.yaml new file mode 100644 index 00000000..80a9c73c --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +patchesStrategicMerge: + - gitserver/gitserver.StatefulSet.yaml + - grafana/grafana.StatefulSet.yaml + - blobstore/blobstore.Deployment.yaml + - indexed-search/indexed-search.StatefulSet.yaml + - prometheus/prometheus.Deployment.yaml + - redis/redis-cache.Deployment.yaml + - redis/redis-store.Deployment.yaml +patchesJson6902: + - target: + kind: StatefulSet|Deployment + name: searcher + group: apps + version: v1 + path: searcher/searcher.Deployment.yaml +replacements: + - path: images-update.yaml diff --git a/components/utils/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml b/components/utils/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml new file mode 100644 index 00000000..9d01d473 --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prometheus +spec: + template: + spec: + initContainers: + - name: transfer-file-ownership + image: index.docker.io/sourcegraph/alpine-3.14:insiders + command: ["sh", "-c", "chown -R 100:100 /prometheus"] + volumeMounts: + - mountPath: /prometheus + name: data + securityContext: + runAsUser: 0 diff --git a/components/utils/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml b/components/utils/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml new file mode 100644 index 00000000..434b41da --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-cache +spec: + template: + spec: + initContainers: + - name: transfer-file-ownership + image: index.docker.io/sourcegraph/alpine-3.14:insiders + command: ["sh", "-c", "chown -R 999:1000 /redis-data"] + volumeMounts: + - mountPath: /redis-data + name: redis-data + securityContext: + runAsUser: 0 diff --git a/components/utils/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml b/components/utils/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml new file mode 100644 index 00000000..5ea4044b --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-store +spec: + template: + spec: + initContainers: + - name: transfer-file-ownership + image: index.docker.io/sourcegraph/alpine-3.14:insiders + command: ["sh", "-c", "chown -R 999:1000 /redis-data"] + volumeMounts: + - mountPath: /redis-data + name: redis-data + securityContext: + runAsUser: 0 diff --git a/components/utils/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml b/components/utils/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml new file mode 100644 index 00000000..65eec845 --- /dev/null +++ b/components/utils/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml @@ -0,0 +1,16 @@ +- op: add + path: /spec/template/spec/initContainers + value: + - name: transfer-cache + image: index.docker.io/sourcegraph/alpine-3.14:insiders + command: + [ + "sh", + "-c", + 'if [[ "$(stat -c ''%u'' /mnt/cache)" -ne 100 ]]; then chown -R 100:101 /mnt/cache; fi', + ] + volumeMounts: + - mountPath: /mnt/cache + name: cache-ssd + securityContext: + runAsUser: 0 diff --git a/components/utils/uid/kustomization.yaml b/components/utils/uid/kustomization.yaml index fc97d8d8..245e4104 100644 --- a/components/utils/uid/kustomization.yaml +++ b/components/utils/uid/kustomization.yaml @@ -1,6 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -patchesStrategicMerge: - - patches/codeinsights-db.Deployment.yaml - - patches/codeintel-db.Deployment.yaml - - patches/pgsql.Deployment.yaml +patchesJson6902: + - target: + kind: StatefulSet|Deployment + name: codeinsights-db|codeintel-db|pgsql + group: apps + version: v1 + path: patches/databases.yaml diff --git a/components/utils/uid/patches/codeinsights-db.Deployment.yaml b/components/utils/uid/patches/codeinsights-db.Deployment.yaml deleted file mode 100644 index 4b2ed456..00000000 --- a/components/utils/uid/patches/codeinsights-db.Deployment.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeinsights-db -spec: - template: - spec: - containers: - - name: codeinsights - volumeMounts: - - name: passwd - mountPath: /etc/passwd - readOnly: true - initContainers: - - name: correct-data-dir-permissions - volumeMounts: - - name: passwd - mountPath: /etc/passwd - readOnly: true - volumes: - - name: passwd - hostPath: - path: /etc/passwd - # type: FileOrCreate diff --git a/components/utils/uid/patches/codeintel-db.Deployment.yaml b/components/utils/uid/patches/codeintel-db.Deployment.yaml deleted file mode 100644 index 02bdf949..00000000 --- a/components/utils/uid/patches/codeintel-db.Deployment.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codeintel-db -spec: - template: - spec: - containers: - - name: pgsql - volumeMounts: - - name: passwd - mountPath: /etc/passwd - readOnly: true - initContainers: - - name: correct-data-dir-permissions - volumeMounts: - - name: passwd - mountPath: /etc/passwd - readOnly: true - volumes: - - name: passwd - hostPath: - path: /etc/passwd - # type: FileOrCreate diff --git a/components/utils/uid/patches/databases.yaml b/components/utils/uid/patches/databases.yaml new file mode 100644 index 00000000..6ff6ac6c --- /dev/null +++ b/components/utils/uid/patches/databases.yaml @@ -0,0 +1,18 @@ +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + name: passwd + mountPath: /etc/passwd + readOnly: true +- op: add + path: /spec/template/spec/initContainers/0/volumeMounts/- + value: + name: passwd + mountPath: /etc/passwd + readOnly: true +- op: add + path: /spec/template/spec/volumes/- + value: + name: passwd + hostPath: + path: /etc/passwd diff --git a/components/utils/uid/patches/pgsql.Deployment.yaml b/components/utils/uid/patches/pgsql.Deployment.yaml deleted file mode 100644 index 5b0950c6..00000000 --- a/components/utils/uid/patches/pgsql.Deployment.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pgsql -spec: - template: - spec: - containers: - - name: pgsql - volumeMounts: - - name: passwd - mountPath: /etc/passwd - readOnly: true - initContainers: - - name: correct-data-dir-permissions - volumeMounts: - - name: passwd - mountPath: /etc/passwd - readOnly: true - volumes: - - name: passwd - hostPath: - path: /etc/passwd - # type: FileOrCreate diff --git a/instances/template/kustomization.template.yaml b/instances/template/kustomization.template.yaml index 895ffdac..50ef05e5 100644 --- a/instances/template/kustomization.template.yaml +++ b/instances/template/kustomization.template.yaml @@ -35,12 +35,13 @@ components: #--------------------------------------------------------------------------------------- # Namespace Creation #--------------------------------------------------------------------------------------- - - ../../components/resources/namespace # -- Create namespace based on NAMESPACE input above + # - ../../components/resources/namespace # -- Create namespace based on NAMESPACE input above #--------------------------------------------------------------------------------------- # Resource Allocation - Instance size based #--------------------------------------------------------------------------------------- - # Use size XS resources by default. Pick one only. + # Use size XS resources by default. Include one only. + # Find your instance size on https://docs.sourcegraph.com/admin/deploy/instance-size - ../../components/sizes/xs # -- Allocate resources for size XS instance # - ../../components/sizes/s # -- Allocate resources for size S instance # - ../../components/sizes/m # -- Allocate resources for size M instance @@ -107,11 +108,15 @@ components: #--------------------------------------------------------------------------------------- # External Services + # You must add external instances via frontend env vars if you remove the bundled instances #--------------------------------------------------------------------------------------- - # You must use external instances if you remove the bundled instances - # - ../../components/remove/pgsql # -- Remove default database instance for frontend - # - ../../components/remove/codeintel-db # -- Remove default database instance for codeintel - # - ../../components/remove/codeinsights-db # -- Remove default database instance for codeinsights + # - ../../components/remove/pgsql/deployment # -- Remove default database deployment for frontend + # - ../../components/remove/pgsql/statefulset # -- Remove default database statefulset for frontend + # - ../../components/remove/codeintel-db/deployment # -- Remove default database deployment for code-intel + # - ../../components/remove/codeintel-db/statefulset # -- Remove default database statefulset for code-intel + # - ../../components/remove/codeinsights-db/deployment # -- Remove default database deployment for code-insights + # - ../../components/remove/codeinsights-db/statefulset # -- Remove default database statefulset for code-insights + # - ../../components/remove/redis # -- Remove embedded redis instance # - ../../components/services/redis # -- Use external redis servers @@ -131,8 +136,9 @@ components: # ../../components/remove/prometheus # -- Remove prometheus # - ../../components/remove/resources # -- Remove resources (Limits, requests) from all containers # - ../../components/remove/security-context # -- Remove security context from all resources - # - ../../components/utils/multi-version-upgrade # -- Scale down non-database pods to 0 for multi-version upgrade # - ../../components/utils/uid # -- Run all Postgres database with valid users on host + # - ../../components/utils/multi-version-upgrade # -- Scale down non-database pods to 0 for multi-version upgrade + # - ../../components/utils/migrate-to-nonprivileged # -- Component for migrating from privileged to non-privileged # ------------------------------------------------------------------------ # Keep these as the LAST components @@ -140,6 +146,7 @@ components: # - ../../components/privileged # -- Run Sourcegraph with privileged and root access # Recommended for clusters with RBAC enabled. # - ../../components/enable/service-discovery # -- Enable service-discovery for frontend +# ########################################################################################## # [SECRETS GENERATOR] Turns the contents of the secret files into Kubernetes secrets # @@ -202,3 +209,11 @@ components: # - SSD_NODE_PATH=/mnt/disks/ssd0 # - AWS_MANAGED_CERT_ARN= # - GKE_MANAGED_CERT_NAME= + +########################################################################################## +# DEPLOY INSTRUCTIONS +# +# Build Manifests: kubectl kustomize instances/$CURRENT_DIR -o cluster.yaml +# Review Manifests: less cluster.yaml +# kubectl apply --prune -l deploy=sourcegraph -f cluster.yaml +##########################################################################################