From 34b50afe5047e1337e19c30046920ba07d53562e Mon Sep 17 00:00:00 2001 From: William Bezuidenhout Date: Tue, 6 Feb 2024 16:31:44 +0000 Subject: [PATCH] release_minor: v5.3.666 {"version":"v5.3.666","inputs":"server=v5.3.666","type":"minor"} --- base/blobstore/blobstore.Deployment.yaml | 2 +- base/cadvisor/cadvisor.DaemonSet.yaml | 2 +- .../codeinsights-db.Deployment.yaml | 6 +- base/codeintel-db/codeintel-db.ConfigMap.yaml | 248 +++++++-------- .../codeintel-db/codeintel-db.Deployment.yaml | 6 +- .../sourcegraph-frontend.Deployment.yaml | 4 +- .../sourcegraph-frontend.Ingress.yaml | 2 +- base/frontend/sourcegraph-frontend.Role.yaml | 11 +- base/gitserver/gitserver.Service.yaml | 3 +- base/gitserver/gitserver.StatefulSet.yaml | 2 +- base/grafana/grafana.StatefulSet.yaml | 2 +- .../indexed-search.IndexerService.yaml | 3 +- .../indexed-search.Service.yaml | 3 +- .../indexed-search.StatefulSet.yaml | 4 +- .../node-exporter.DaemonSet.yaml | 2 +- base/otel-collector/otel-agent.ConfigMap.yaml | 36 +-- base/otel-collector/otel-agent.DaemonSet.yaml | 2 +- .../otel-collector.ConfigMap.yaml | 1 - .../otel-collector.Deployment.yaml | 2 +- base/pgsql/pgsql.ConfigMap.yaml | 248 +++++++-------- base/pgsql/pgsql.Deployment.yaml | 6 +- .../precise-code-intel/worker.Deployment.yaml | 2 +- base/prometheus/prometheus.ConfigMap.yaml | 288 +----------------- base/prometheus/prometheus.Deployment.yaml | 2 +- base/redis/redis-cache.Deployment.yaml | 4 +- base/redis/redis-store.Deployment.yaml | 4 +- .../repo-updater/repo-updater.Deployment.yaml | 2 +- base/searcher/searcher.Deployment.yaml | 2 +- base/symbols/symbols.Deployment.yaml | 2 +- .../syntect-server.Deployment.yaml | 2 +- base/worker/worker.Deployment.yaml | 2 +- .../embeddings/embeddings.ConfigMap.yaml | 51 ++-- .../embeddings/embeddings.Deployment.yaml | 2 +- .../dind/docker-daemon.ConfigMap.yaml | 3 +- .../executors/dind/executor.Deployment.yaml | 6 +- .../executors/dind/executor.Service.yaml | 2 +- .../executors/k8s/executor.ConfigMap.yaml | 1 - .../executors/k8s/executor.Deployment.yaml | 3 +- .../k8s/executor.PersistentVolumeClaim.yaml | 3 +- configure/executors/k8s/executor.Service.yaml | 3 +- .../executors/k8s/rbac/executor.Role.yaml | 3 +- .../k8s/rbac/executor.RoleBinding.yaml | 3 +- .../k8s/rbac/executor.ServiceAccount.yaml | 3 +- ...docker-registry.PersistentVolumeClaim.yaml | 2 +- configure/ingress-nginx/cloud-generic.yaml | 1 - configure/ingress-nginx/mandatory.yaml | 13 - .../ssd/pod-tmp-gc.ClusterRoleBinding.yaml | 2 +- configure/ssd/pod-tmp-gc.DaemonSet.yaml | 14 +- overlays/bases/pvcs/kustomization.yaml | 1 - overlays/envoy/gitserver.EnvoyFilter.yaml | 2 +- overlays/envoy/kustomization.yaml | 2 +- overlays/jaeger/grafana.ConfigMap.yaml | 2 +- overlays/jaeger/jaeger.Deployment.yaml | 62 ++-- .../blobstore/blobstore.Deployment.yaml | 6 +- .../gitserver/gitserver.StatefulSet.yaml | 2 +- .../grafana/grafana.StatefulSet.yaml | 2 +- .../indexed-search.StatefulSet.yaml | 2 +- .../kustomization.yaml | 2 +- .../prometheus/prometheus.Deployment.yaml | 2 +- .../redis/redis-cache.Deployment.yaml | 2 +- .../redis/redis-store.Deployment.yaml | 2 +- .../searcher/searcher.Deployment.yaml | 2 +- .../sourcegraph-frontend.Deployment.yaml | 12 +- 63 files changed, 388 insertions(+), 735 deletions(-) diff --git a/base/blobstore/blobstore.Deployment.yaml b/base/blobstore/blobstore.Deployment.yaml index ded823bb6224..2205886155df 100644 --- a/base/blobstore/blobstore.Deployment.yaml +++ b/base/blobstore/blobstore.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: blobstore - image: index.docker.io/sourcegraph/blobstore:insiders@sha256:bd5e1e25cc4e9d6a45e8ef660821d521eb212dccda20e61f496a7baf8806c537 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/blobstore:5.3.666@sha256:bd5e1e25cc4e9d6a45e8ef660821d521eb212dccda20e61f496a7baf8806c537 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9000 diff --git a/base/cadvisor/cadvisor.DaemonSet.yaml b/base/cadvisor/cadvisor.DaemonSet.yaml index bce0a6c715a7..8e76242c231d 100644 --- a/base/cadvisor/cadvisor.DaemonSet.yaml +++ b/base/cadvisor/cadvisor.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: serviceAccountName: cadvisor containers: - name: cadvisor - image: index.docker.io/sourcegraph/cadvisor:insiders@sha256:775a22b491a9956b725c12d72841adbcd9852964f171a942118f9aa8839e47d7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/cadvisor:5.3.666@sha256:775a22b491a9956b725c12d72841adbcd9852964f171a942118f9aa8839e47d7 args: # Kubernetes-specific flags below (other flags are baked into the Docker image) # diff --git a/base/codeinsights-db/codeinsights-db.Deployment.yaml b/base/codeinsights-db/codeinsights-db.Deployment.yaml index 701436c2af78..05a680c19ff5 100644 --- a/base/codeinsights-db/codeinsights-db.Deployment.yaml +++ b/base/codeinsights-db/codeinsights-db.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.3.666@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 command: ["sh", "-c", "if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; fi"] volumeMounts: - mountPath: /var/lib/postgresql/data/ @@ -42,7 +42,7 @@ spec: memory: "50Mi" containers: - name: codeinsights - image: index.docker.io/sourcegraph/codeinsights-db:insiders@sha256:c4a1bd3908658e1c09558a638e378e5570d5f669d27f9f867eeda25fe60cb88f + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/codeinsights-db:5.3.666@sha256:c4a1bd3908658e1c09558a638e378e5570d5f669d27f9f867eeda25fe60cb88f env: - name: POSTGRES_DB value: postgres @@ -75,7 +75,7 @@ spec: value: postgres://postgres:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_insights_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.3.666@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter resources: diff --git a/base/codeintel-db/codeintel-db.ConfigMap.yaml b/base/codeintel-db/codeintel-db.ConfigMap.yaml index bc338e349733..8aac1f6cc267 100644 --- a/base/codeintel-db/codeintel-db.ConfigMap.yaml +++ b/base/codeintel-db/codeintel-db.ConfigMap.yaml @@ -42,33 +42,33 @@ data: # GB = gigabytes min = minutes # TB = terabytes h = hours # d = days - - + + #------------------------------------------------------------------------------ # FILE LOCATIONS #------------------------------------------------------------------------------ - + # The default values of these variables are driven from the -D command-line # option or PGDATA environment variable, represented here as ConfigDir. - + #data_directory = 'ConfigDir' # use data in another directory # (change requires restart) #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file # (change requires restart) #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file # (change requires restart) - + # If external_pid_file is not explicitly set, no extra PID file is written. #external_pid_file = '' # write an extra PID file # (change requires restart) - - + + #------------------------------------------------------------------------------ # CONNECTIONS AND AUTHENTICATION #------------------------------------------------------------------------------ - + # - Connection Settings - - + listen_addresses = '*' # comma-separated list of addresses; # defaults to 'localhost'; use '*' for all @@ -85,29 +85,29 @@ data: # (change requires restart) #bonjour_name = '' # defaults to the computer name # (change requires restart) - + # - TCP Keepalives - # see "man 7 tcp" for details - + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; # 0 selects the system default #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; # 0 selects the system default #tcp_keepalives_count = 0 # TCP_KEEPCNT; # 0 selects the system default - + # - Authentication - - + #authentication_timeout = 1min # 1s-600s #password_encryption = md5 # md5 or scram-sha-256 #db_user_namespace = off - + # GSSAPI using Kerberos #krb_server_keyfile = '' #krb_caseins_users = off - + # - SSL - - + #ssl = off #ssl_ca_file = '' #ssl_cert_file = 'server.crt' @@ -119,14 +119,14 @@ data: #ssl_dh_params_file = '' #ssl_passphrase_command = '' #ssl_passphrase_command_supports_reload = off - - + + #------------------------------------------------------------------------------ # RESOURCE USAGE (except WAL) #------------------------------------------------------------------------------ - + # - Memory - - + shared_buffers = 1GB # SG CUSTOM min 128kB # (change requires restart) #huge_pages = try # on, off, or try @@ -148,35 +148,35 @@ data: # mmap # use none to disable dynamic shared memory # (change requires restart) - + # - Disk - - + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space # in kB, or -1 for no limit - + # - Kernel Resources - - + #max_files_per_process = 1000 # min 25 # (change requires restart) - + # - Cost-Based Vacuum Delay - - + #vacuum_cost_delay = 0 # 0-100 milliseconds #vacuum_cost_page_hit = 1 # 0-10000 credits #vacuum_cost_page_miss = 10 # 0-10000 credits #vacuum_cost_page_dirty = 20 # 0-10000 credits #vacuum_cost_limit = 200 # 1-10000 credits - + # - Background Writer - - + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round #bgwriter_flush_after = 512kB # measured in pages, 0 disables - + # - Asynchronous Behavior - - + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching max_worker_processes = 4 # SG CUSTOM (change requires restart) max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers @@ -187,14 +187,14 @@ data: #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate # (change requires restart) #backend_flush_after = 0 # measured in pages, 0 disables - - + + #------------------------------------------------------------------------------ # WRITE-AHEAD LOG #------------------------------------------------------------------------------ - + # - Settings - - + #wal_level = replica # minimal, replica, or logical # (change requires restart) #fsync = on # flush data to disk for crash safety @@ -217,21 +217,21 @@ data: # (change requires restart) #wal_writer_delay = 200ms # 1-10000 milliseconds #wal_writer_flush_after = 1MB # measured in pages, 0 disables - + #commit_delay = 0 # range 0-100000, in microseconds #commit_siblings = 5 # range 1-1000 - + # - Checkpoints - - + #checkpoint_timeout = 5min # range 30s-1d max_wal_size = 8GB # SG CUSTOM min_wal_size = 2GB # SG CUSTOM #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 #checkpoint_flush_after = 256kB # measured in pages, 0 disables #checkpoint_warning = 30s # 0 disables - + # - Archiving - - + #archive_mode = off # enables archiving; off, on, or always # (change requires restart) #archive_command = '' # command to use to archive a logfile segment @@ -240,40 +240,40 @@ data: # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' #archive_timeout = 0 # force a logfile segment switch after this # number of seconds; 0 disables - - + + #------------------------------------------------------------------------------ # REPLICATION #------------------------------------------------------------------------------ - + # - Sending Servers - - + # Set these on the master and on any standby that will send replication data. - + #max_wal_senders = 10 # max number of walsender processes # (change requires restart) #wal_keep_segments = 0 # in logfile segments; 0 disables #wal_sender_timeout = 60s # in milliseconds; 0 disables - + #max_replication_slots = 10 # max number of replication slots # (change requires restart) #track_commit_timestamp = off # collect timestamp of transaction commit # (change requires restart) - + # - Master Server - - + # These settings are ignored on a standby server. - + #synchronous_standby_names = '' # standby servers that provide sync rep # method to choose sync standbys, number of sync standbys, # and comma-separated list of application_name # from standby(s); '*' = all #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed - + # - Standby Servers - - + # These settings are ignored on a master server. - + #hot_standby = on # "off" disallows queries during recovery # (change requires restart) #max_standby_archive_delay = 30s # max delay before canceling queries @@ -291,22 +291,22 @@ data: # in milliseconds; 0 disables #wal_retrieve_retry_interval = 5s # time to wait before retrying to # retrieve WAL after a failed attempt - + # - Subscribers - - + # These settings are ignored on a publisher. - + #max_logical_replication_workers = 4 # taken from max_worker_processes # (change requires restart) #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers - - + + #------------------------------------------------------------------------------ # QUERY TUNING #------------------------------------------------------------------------------ - + # - Planner Method Configuration - - + #enable_bitmapscan = on #enable_hashagg = on #enable_hashjoin = on @@ -323,9 +323,9 @@ data: #enable_partitionwise_aggregate = off #enable_parallel_hash = on #enable_partition_pruning = on - + # - Planner Cost Constants - - + #seq_page_cost = 1.0 # measured on an arbitrary scale random_page_cost = 1.1 # SG CUSTOM same scale as above #cpu_tuple_cost = 0.01 # same scale as above @@ -333,7 +333,7 @@ data: #cpu_operator_cost = 0.0025 # same scale as above #parallel_tuple_cost = 0.1 # same scale as above #parallel_setup_cost = 1000.0 # same scale as above - + #jit_above_cost = 100000 # perform JIT compilation if available # and query more expensive than this; # -1 disables @@ -342,13 +342,13 @@ data: #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if # query is more expensive than this; # -1 disables - + #min_parallel_table_scan_size = 8MB #min_parallel_index_scan_size = 512kB effective_cache_size = 3GB # SG CUSTOM - + # - Genetic Query Optimizer - - + #geqo = on #geqo_threshold = 12 #geqo_effort = 5 # range 1-10 @@ -356,9 +356,9 @@ data: #geqo_generations = 0 # selects default based on effort #geqo_selection_bias = 2.0 # range 1.5-2.0 #geqo_seed = 0.0 # range 0.0-1.0 - + # - Other Planner Options - - + #default_statistics_target = 100 # range 1-10000 #constraint_exclusion = partition # on, off, or partition #cursor_tuple_fraction = 0.1 # range 0.0-1.0 @@ -367,25 +367,25 @@ data: # JOIN clauses #force_parallel_mode = off #jit = off # allow JIT compilation - - + + #------------------------------------------------------------------------------ # REPORTING AND LOGGING #------------------------------------------------------------------------------ - + # - Where to Log - - + #log_destination = 'stderr' # Valid values are combinations of # stderr, csvlog, syslog, and eventlog, # depending on platform. csvlog # requires logging_collector to be on. - + # This is used when logging to stderr: #logging_collector = off # Enable capturing of stderr and csvlog # into log files. Required to be on for # csvlogs. # (change requires restart) - + # These are only used if logging_collector is on: #log_directory = 'log' # directory where log files are written, # can be absolute or relative to PGDATA @@ -406,19 +406,19 @@ data: #log_rotation_size = 10MB # Automatic rotation of logfiles will # happen after that much log output. # 0 disables. - + # These are relevant when logging to syslog: #syslog_facility = 'LOCAL0' #syslog_ident = 'postgres' #syslog_sequence_numbers = on #syslog_split_messages = on - + # This is only relevant when logging to eventlog (win32): # (change requires restart) #event_source = 'PostgreSQL' - + # - When to Log - - + #log_min_messages = warning # values in order of decreasing detail: # debug5 # debug4 @@ -432,7 +432,7 @@ data: # log # fatal # panic - + #log_min_error_statement = error # values in order of decreasing detail: # debug5 # debug4 @@ -446,15 +446,15 @@ data: # log # fatal # panic (effectively off) - + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements # and their durations, > 0 logs only # statements running at least this number # of milliseconds - - + + # - What to Log - - + #debug_print_parse = off #debug_print_rewritten = off #debug_print_plan = off @@ -493,42 +493,42 @@ data: # than the specified size in kilobytes; # -1 disables, 0 logs all temp files log_timezone = 'Etc/UTC' - + #------------------------------------------------------------------------------ # PROCESS TITLE #------------------------------------------------------------------------------ - + #cluster_name = '' # added to process titles if nonempty # (change requires restart) #update_process_title = on - - + + #------------------------------------------------------------------------------ # STATISTICS #------------------------------------------------------------------------------ - + # - Query and Index Statistics Collector - - + #track_activities = on #track_counts = on #track_io_timing = off #track_functions = none # none, pl, all #track_activity_query_size = 1024 # (change requires restart) #stats_temp_directory = 'pg_stat_tmp' - - + + # - Monitoring - - + #log_parser_stats = off #log_planner_stats = off #log_executor_stats = off #log_statement_stats = off - - + + #------------------------------------------------------------------------------ # AUTOVACUUM #------------------------------------------------------------------------------ - + #autovacuum = on # Enable autovacuum subprocess? 'on' # requires track_counts to also be on. #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and @@ -555,14 +555,14 @@ data: #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for # autovacuum, -1 means use # vacuum_cost_limit - - + + #------------------------------------------------------------------------------ # CLIENT CONNECTION DEFAULTS #------------------------------------------------------------------------------ - + # - Statement Behavior - - + #client_min_messages = notice # values in order of decreasing detail: # debug5 # debug4 @@ -598,9 +598,9 @@ data: #xmloption = 'content' #gin_fuzzy_search_limit = 0 #gin_pending_list_limit = 4MB - + # - Locale and Formatting - - + datestyle = 'iso, mdy' #intervalstyle = 'postgres' timezone = 'Etc/UTC' @@ -614,33 +614,33 @@ data: #extra_float_digits = 0 # min -15, max 3 #client_encoding = sql_ascii # actually, defaults to database # encoding - + # These settings are initialized by initdb, but they can be changed. lc_messages = 'en_US.utf8' # locale for system error message # strings lc_monetary = 'en_US.utf8' # locale for monetary formatting lc_numeric = 'en_US.utf8' # locale for number formatting lc_time = 'en_US.utf8' # locale for time formatting - + # default configuration for text search default_text_search_config = 'pg_catalog.english' - + # - Shared Library Preloading - - + #shared_preload_libraries = '' # (change requires restart) #local_preload_libraries = '' #session_preload_libraries = '' #jit_provider = 'llvmjit' # JIT library to use - + # - Other Defaults - - + #dynamic_library_path = '$libdir' - - + + #------------------------------------------------------------------------------ # LOCK MANAGEMENT #------------------------------------------------------------------------------ - + #deadlock_timeout = 1s #max_locks_per_transaction = 64 # min 10 # (change requires restart) @@ -650,14 +650,14 @@ data: # (max_pred_locks_per_transaction # / -max_pred_locks_per_relation) - 1 #max_pred_locks_per_page = 2 # min 0 - - + + #------------------------------------------------------------------------------ # VERSION AND PLATFORM COMPATIBILITY #------------------------------------------------------------------------------ - + # - Previous PostgreSQL Versions - - + #array_nulls = on #backslash_quote = safe_encoding # on, off, or safe_encoding #default_with_oids = off @@ -667,38 +667,38 @@ data: #quote_all_identifiers = off #standard_conforming_strings = on #synchronize_seqscans = on - + # - Other Platforms and Clients - - + #transform_null_equals = off - - + + #------------------------------------------------------------------------------ # ERROR HANDLING #------------------------------------------------------------------------------ - + #exit_on_error = off # terminate session on any error? #restart_after_crash = on # reinitialize after backend crash? #data_sync_retry = off # retry or panic on failure to fsync # data? # (change requires restart) - - + + #------------------------------------------------------------------------------ # CONFIG FILE INCLUDES #------------------------------------------------------------------------------ - + # These options allow settings to be loaded from files other than the # default postgresql.conf. - + #include_dir = '' # include files ending in '.conf' from # a directory, e.g., 'conf.d' #include_if_exists = '' # include file only if it exists #include = '' # include file - - + + #------------------------------------------------------------------------------ # CUSTOMIZED OPTIONS #------------------------------------------------------------------------------ - + # Add settings for extensions here diff --git a/base/codeintel-db/codeintel-db.Deployment.yaml b/base/codeintel-db/codeintel-db.Deployment.yaml index 4f120cc3aa0d..cf50a1d8c97b 100644 --- a/base/codeintel-db/codeintel-db.Deployment.yaml +++ b/base/codeintel-db/codeintel-db.Deployment.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.3.666@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -43,7 +43,7 @@ spec: memory: "50Mi" containers: - name: pgsql - image: index.docker.io/sourcegraph/codeintel-db:insiders@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/codeintel-db:5.3.666@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -80,7 +80,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/code_intel_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.3.666@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter resources: diff --git a/base/frontend/sourcegraph-frontend.Deployment.yaml b/base/frontend/sourcegraph-frontend.Deployment.yaml index bb43d666870a..3b0e9391a1e5 100644 --- a/base/frontend/sourcegraph-frontend.Deployment.yaml +++ b/base/frontend/sourcegraph-frontend.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: initContainers: - name: migrator - image: index.docker.io/sourcegraph/migrator:insiders@sha256:85d81c0833b7d5ff3d461d437eb429b2b976576765fc703c6b830805f3fc9222 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/migrator:5.3.666@sha256:0d908daa0ed40fcc00cd5b64266980c63470b76602f88df10224fa2ffb31398d args: ["up"] resources: limits: @@ -63,7 +63,7 @@ spec: value: sg containers: - name: frontend - image: index.docker.io/sourcegraph/frontend:insiders@sha256:51ca50fe119fe261a38ead2f1b94f985e3f73259a757c3f6bde37f7d6d83b7ab + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/frontend:5.3.666@sha256:d7c4674039194fcc40ceddfb0e7ffc82e44aa81e7f845da1713aa7306773e807 args: - serve env: diff --git a/base/frontend/sourcegraph-frontend.Ingress.yaml b/base/frontend/sourcegraph-frontend.Ingress.yaml index 94e7a984a449..5f6e7ae1c5b5 100644 --- a/base/frontend/sourcegraph-frontend.Ingress.yaml +++ b/base/frontend/sourcegraph-frontend.Ingress.yaml @@ -29,7 +29,7 @@ spec: backend: service: name: sourcegraph-frontend - port: + port: number: 30080 # If you're using TLS/SSL, uncomment the following line and replace 'sourcegraph.example.com' with the real # domain that you want to use for your Sourcegraph instance. diff --git a/base/frontend/sourcegraph-frontend.Role.yaml b/base/frontend/sourcegraph-frontend.Role.yaml index 8b513c8f11ed..fd928b04db27 100644 --- a/base/frontend/sourcegraph-frontend.Role.yaml +++ b/base/frontend/sourcegraph-frontend.Role.yaml @@ -19,13 +19,12 @@ rules: - get - list - watch - - apiGroups: - "apps" resources: - # necessary for resolving k8s+http://indexed-search?kind=sts URLs - - statefulsets + # necessary for resolving k8s+http://indexed-search?kind=sts URLs + - statefulsets verbs: - - get - - list - - watch + - get + - list + - watch diff --git a/base/gitserver/gitserver.Service.yaml b/base/gitserver/gitserver.Service.yaml index c59180ffa998..6dbd69dacdec 100644 --- a/base/gitserver/gitserver.Service.yaml +++ b/base/gitserver/gitserver.Service.yaml @@ -2,8 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - description: Headless service that provides a stable network identity for the - gitserver stateful set. + description: Headless service that provides a stable network identity for the gitserver stateful set. prometheus.io/port: "6060" sourcegraph.prometheus/scrape: "true" labels: diff --git a/base/gitserver/gitserver.StatefulSet.yaml b/base/gitserver/gitserver.StatefulSet.yaml index 99011686d5c8..715555d53c2b 100644 --- a/base/gitserver/gitserver.StatefulSet.yaml +++ b/base/gitserver/gitserver.StatefulSet.yaml @@ -35,7 +35,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/gitserver:insiders@sha256:67821419b390fee5ad73f55a8782baa60c34e7394a235c1c383e1ceaf025a9d9 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/gitserver:5.3.666@sha256:192e6417005fa52e176c1c4579bca5e275a9c4762b9f271f18c00db06be6e13f terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 5 diff --git a/base/grafana/grafana.StatefulSet.yaml b/base/grafana/grafana.StatefulSet.yaml index a5d1ad4e7aa0..6a8649091696 100644 --- a/base/grafana/grafana.StatefulSet.yaml +++ b/base/grafana/grafana.StatefulSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: grafana - image: index.docker.io/sourcegraph/grafana:insiders@sha256:4492ae6d8911410abacf1e9639a43491c5c82300f918a0e93ad2e225b4ac62cc + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/grafana:5.3.666@sha256:eee1c443786ef2100ec5334f97f3625aeda11e3133dc4402ca877a49af9b68fe terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3370 diff --git a/base/indexed-search/indexed-search.IndexerService.yaml b/base/indexed-search/indexed-search.IndexerService.yaml index 079bdacd22aa..ade1a4ddd0a5 100644 --- a/base/indexed-search/indexed-search.IndexerService.yaml +++ b/base/indexed-search/indexed-search.IndexerService.yaml @@ -2,8 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - description: Headless service that provides a stable network identity for the - indexed-search stateful set. + description: Headless service that provides a stable network identity for the indexed-search stateful set. sourcegraph.prometheus/scrape: "true" prometheus.io/port: "6072" labels: diff --git a/base/indexed-search/indexed-search.Service.yaml b/base/indexed-search/indexed-search.Service.yaml index 5833c8962387..9f03e222d245 100644 --- a/base/indexed-search/indexed-search.Service.yaml +++ b/base/indexed-search/indexed-search.Service.yaml @@ -2,8 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - description: Headless service that provides a stable network identity for the - indexed-search stateful set. + description: Headless service that provides a stable network identity for the indexed-search stateful set. sourcegraph.prometheus/scrape: "true" prometheus.io/port: "6070" labels: diff --git a/base/indexed-search/indexed-search.StatefulSet.yaml b/base/indexed-search/indexed-search.StatefulSet.yaml index 047bb153e7a2..f5b7634c802c 100644 --- a/base/indexed-search/indexed-search.StatefulSet.yaml +++ b/base/indexed-search/indexed-search.StatefulSet.yaml @@ -33,7 +33,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/indexed-searcher:insiders@sha256:65acfb9299957cfa667a0c4ee0345ee6752bb1333cccb2fec1a81db52ad22da0 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/indexed-searcher:5.3.666@sha256:de3d07b4026c6b0691d1f7087de6cb596b4a4fa804b193076c3cf2e5ffb1d622 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6070 @@ -67,7 +67,7 @@ spec: value: http://$(OTEL_AGENT_HOST):4317 - name: OPENTELEMETRY_DISABLED value: "false" - image: index.docker.io/sourcegraph/search-indexer:insiders@sha256:29b686369ae6012d8abc73f8a2d47401b6aba5368cc83a4d3051343825fce778 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/search-indexer:5.3.666@sha256:41e7f284a62268b0c5305ea41484fba13b895b3be1d0ed66f779d35e12be7a79 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 6072 diff --git a/base/node-exporter/node-exporter.DaemonSet.yaml b/base/node-exporter/node-exporter.DaemonSet.yaml index 23423517a361..d23a13e87be0 100644 --- a/base/node-exporter/node-exporter.DaemonSet.yaml +++ b/base/node-exporter/node-exporter.DaemonSet.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: node-exporter - image: index.docker.io/sourcegraph/node-exporter:insiders@sha256:a43c3f58201c07243e130108e1904402a086d975447794ad37b970495e46211c + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/node-exporter:5.3.666@sha256:a43c3f58201c07243e130108e1904402a086d975447794ad37b970495e46211c imagePullPolicy: IfNotPresent resources: limits: diff --git a/base/otel-collector/otel-agent.ConfigMap.yaml b/base/otel-collector/otel-agent.ConfigMap.yaml index ee00c30e3f88..352d8dcf44e0 100644 --- a/base/otel-collector/otel-agent.ConfigMap.yaml +++ b/base/otel-collector/otel-agent.ConfigMap.yaml @@ -8,38 +8,4 @@ metadata: app.kubernetes.io/component: otel-collector sourcegraph-resource-requires: no-cluster-admin data: - config.yaml: | - receivers: - otlp: - protocols: - grpc: # port 4317 - http: # port 4318 - - exporters: - otlp: - endpoint: "otel-collector:4317" - tls: - insecure: true - sending_queue: - num_consumers: 4 - queue_size: 100 - retry_on_failure: - enabled: true - - extensions: - health_check: - endpoint: ":13133" - zpages: - endpoint: "localhost:55679" - - service: - extensions: - - zpages - - health_check - pipelines: - traces: - receivers: - - otlp - exporters: - - otlp - + config.yaml: "receivers:\n otlp:\n protocols:\n grpc: # port 4317\n http: # port 4318\n\nexporters:\n otlp:\n endpoint: \"otel-collector:4317\"\n tls:\n insecure: true\n sending_queue:\n num_consumers: 4\n queue_size: 100\n retry_on_failure:\n enabled: true\n\nextensions:\n health_check:\n endpoint: \":13133\"\n zpages:\n endpoint: \"localhost:55679\"\n\nservice:\n extensions:\n - zpages\n - health_check\n pipelines:\n traces:\n receivers:\n - otlp\n exporters:\n - otlp\n \n" diff --git a/base/otel-collector/otel-agent.DaemonSet.yaml b/base/otel-collector/otel-agent.DaemonSet.yaml index bf63e47f7fd9..46110f82e78f 100644 --- a/base/otel-collector/otel-agent.DaemonSet.yaml +++ b/base/otel-collector/otel-agent.DaemonSet.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-agent - image: index.docker.io/sourcegraph/opentelemetry-collector:insiders@sha256:918f2299cbfb23588e761844c9a99328c8dffdfca943166f6d94e2a285d9c18d + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:5.3.666@sha256:918f2299cbfb23588e761844c9a99328c8dffdfca943166f6d94e2a285d9c18d command: - "/bin/otelcol-sourcegraph" - "--config=/etc/otel-agent/config.yaml" diff --git a/base/otel-collector/otel-collector.ConfigMap.yaml b/base/otel-collector/otel-collector.ConfigMap.yaml index 7a36bd5cf656..cd75b57ed40d 100644 --- a/base/otel-collector/otel-collector.ConfigMap.yaml +++ b/base/otel-collector/otel-collector.ConfigMap.yaml @@ -44,4 +44,3 @@ data: port: 13133 zpages: endpoint: "localhost:55679" - diff --git a/base/otel-collector/otel-collector.Deployment.yaml b/base/otel-collector/otel-collector.Deployment.yaml index 2d492b469be0..e1147f1770c1 100644 --- a/base/otel-collector/otel-collector.Deployment.yaml +++ b/base/otel-collector/otel-collector.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: otel-collector - image: index.docker.io/sourcegraph/opentelemetry-collector:insiders@sha256:918f2299cbfb23588e761844c9a99328c8dffdfca943166f6d94e2a285d9c18d + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/opentelemetry-collector:5.3.666@sha256:918f2299cbfb23588e761844c9a99328c8dffdfca943166f6d94e2a285d9c18d command: - "/bin/otelcol-sourcegraph" # To use a custom configuration, edit otel-collector.ConfigMap.yaml diff --git a/base/pgsql/pgsql.ConfigMap.yaml b/base/pgsql/pgsql.ConfigMap.yaml index 1ddeb472be2f..c7c65d5adcff 100644 --- a/base/pgsql/pgsql.ConfigMap.yaml +++ b/base/pgsql/pgsql.ConfigMap.yaml @@ -42,33 +42,33 @@ data: # GB = gigabytes min = minutes # TB = terabytes h = hours # d = days - - + + #------------------------------------------------------------------------------ # FILE LOCATIONS #------------------------------------------------------------------------------ - + # The default values of these variables are driven from the -D command-line # option or PGDATA environment variable, represented here as ConfigDir. - + #data_directory = 'ConfigDir' # use data in another directory # (change requires restart) #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file # (change requires restart) #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file # (change requires restart) - + # If external_pid_file is not explicitly set, no extra PID file is written. #external_pid_file = '' # write an extra PID file # (change requires restart) - - + + #------------------------------------------------------------------------------ # CONNECTIONS AND AUTHENTICATION #------------------------------------------------------------------------------ - + # - Connection Settings - - + listen_addresses = '*' # comma-separated list of addresses; # defaults to 'localhost'; use '*' for all @@ -85,29 +85,29 @@ data: # (change requires restart) #bonjour_name = '' # defaults to the computer name # (change requires restart) - + # - TCP Keepalives - # see "man 7 tcp" for details - + #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; # 0 selects the system default #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; # 0 selects the system default #tcp_keepalives_count = 0 # TCP_KEEPCNT; # 0 selects the system default - + # - Authentication - - + #authentication_timeout = 1min # 1s-600s #password_encryption = md5 # md5 or scram-sha-256 #db_user_namespace = off - + # GSSAPI using Kerberos #krb_server_keyfile = '' #krb_caseins_users = off - + # - SSL - - + #ssl = off #ssl_ca_file = '' #ssl_cert_file = 'server.crt' @@ -119,14 +119,14 @@ data: #ssl_dh_params_file = '' #ssl_passphrase_command = '' #ssl_passphrase_command_supports_reload = off - - + + #------------------------------------------------------------------------------ # RESOURCE USAGE (except WAL) #------------------------------------------------------------------------------ - + # - Memory - - + shared_buffers = 1GB # SG CUSTOM min 128kB # (change requires restart) #huge_pages = try # on, off, or try @@ -148,35 +148,35 @@ data: # mmap # use none to disable dynamic shared memory # (change requires restart) - + # - Disk - - + temp_file_limit = 20GB # SG CUSTOM limits per-process temp file space # in kB, or -1 for no limit - + # - Kernel Resources - - + #max_files_per_process = 1000 # min 25 # (change requires restart) - + # - Cost-Based Vacuum Delay - - + #vacuum_cost_delay = 0 # 0-100 milliseconds #vacuum_cost_page_hit = 1 # 0-10000 credits #vacuum_cost_page_miss = 10 # 0-10000 credits #vacuum_cost_page_dirty = 20 # 0-10000 credits #vacuum_cost_limit = 200 # 1-10000 credits - + # - Background Writer - - + bgwriter_delay = 50ms # SG CUSTOM 10-10000ms between rounds bgwriter_lru_maxpages = 200 # SG CUSTOM max buffers written/round, 0 disables #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round #bgwriter_flush_after = 512kB # measured in pages, 0 disables - + # - Asynchronous Behavior - - + effective_io_concurrency = 200 # 1-1000; 0 disables prefetching max_worker_processes = 4 # SG CUSTOM (change requires restart) max_parallel_maintenance_workers = 4 # SG CUSTOM taken from max_parallel_workers @@ -187,14 +187,14 @@ data: #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate # (change requires restart) #backend_flush_after = 0 # measured in pages, 0 disables - - + + #------------------------------------------------------------------------------ # WRITE-AHEAD LOG #------------------------------------------------------------------------------ - + # - Settings - - + #wal_level = replica # minimal, replica, or logical # (change requires restart) #fsync = on # flush data to disk for crash safety @@ -217,21 +217,21 @@ data: # (change requires restart) #wal_writer_delay = 200ms # 1-10000 milliseconds #wal_writer_flush_after = 1MB # measured in pages, 0 disables - + #commit_delay = 0 # range 0-100000, in microseconds #commit_siblings = 5 # range 1-1000 - + # - Checkpoints - - + #checkpoint_timeout = 5min # range 30s-1d max_wal_size = 8GB # SG CUSTOM min_wal_size = 2GB # SG CUSTOM #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 #checkpoint_flush_after = 256kB # measured in pages, 0 disables #checkpoint_warning = 30s # 0 disables - + # - Archiving - - + #archive_mode = off # enables archiving; off, on, or always # (change requires restart) #archive_command = '' # command to use to archive a logfile segment @@ -240,40 +240,40 @@ data: # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' #archive_timeout = 0 # force a logfile segment switch after this # number of seconds; 0 disables - - + + #------------------------------------------------------------------------------ # REPLICATION #------------------------------------------------------------------------------ - + # - Sending Servers - - + # Set these on the master and on any standby that will send replication data. - + #max_wal_senders = 10 # max number of walsender processes # (change requires restart) #wal_keep_segments = 0 # in logfile segments; 0 disables #wal_sender_timeout = 60s # in milliseconds; 0 disables - + #max_replication_slots = 10 # max number of replication slots # (change requires restart) #track_commit_timestamp = off # collect timestamp of transaction commit # (change requires restart) - + # - Master Server - - + # These settings are ignored on a standby server. - + #synchronous_standby_names = '' # standby servers that provide sync rep # method to choose sync standbys, number of sync standbys, # and comma-separated list of application_name # from standby(s); '*' = all #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed - + # - Standby Servers - - + # These settings are ignored on a master server. - + #hot_standby = on # "off" disallows queries during recovery # (change requires restart) #max_standby_archive_delay = 30s # max delay before canceling queries @@ -291,22 +291,22 @@ data: # in milliseconds; 0 disables #wal_retrieve_retry_interval = 5s # time to wait before retrying to # retrieve WAL after a failed attempt - + # - Subscribers - - + # These settings are ignored on a publisher. - + #max_logical_replication_workers = 4 # taken from max_worker_processes # (change requires restart) #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers - - + + #------------------------------------------------------------------------------ # QUERY TUNING #------------------------------------------------------------------------------ - + # - Planner Method Configuration - - + #enable_bitmapscan = on #enable_hashagg = on #enable_hashjoin = on @@ -323,9 +323,9 @@ data: #enable_partitionwise_aggregate = off #enable_parallel_hash = on #enable_partition_pruning = on - + # - Planner Cost Constants - - + #seq_page_cost = 1.0 # measured on an arbitrary scale random_page_cost = 1.1 # SG CUSTOM same scale as above #cpu_tuple_cost = 0.01 # same scale as above @@ -333,7 +333,7 @@ data: #cpu_operator_cost = 0.0025 # same scale as above #parallel_tuple_cost = 0.1 # same scale as above #parallel_setup_cost = 1000.0 # same scale as above - + #jit_above_cost = 100000 # perform JIT compilation if available # and query more expensive than this; # -1 disables @@ -342,13 +342,13 @@ data: #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if # query is more expensive than this; # -1 disables - + #min_parallel_table_scan_size = 8MB #min_parallel_index_scan_size = 512kB effective_cache_size = 3GB # SG CUSTOM - + # - Genetic Query Optimizer - - + #geqo = on #geqo_threshold = 12 #geqo_effort = 5 # range 1-10 @@ -356,9 +356,9 @@ data: #geqo_generations = 0 # selects default based on effort #geqo_selection_bias = 2.0 # range 1.5-2.0 #geqo_seed = 0.0 # range 0.0-1.0 - + # - Other Planner Options - - + #default_statistics_target = 100 # range 1-10000 #constraint_exclusion = partition # on, off, or partition #cursor_tuple_fraction = 0.1 # range 0.0-1.0 @@ -367,25 +367,25 @@ data: # JOIN clauses #force_parallel_mode = off #jit = off # allow JIT compilation - - + + #------------------------------------------------------------------------------ # REPORTING AND LOGGING #------------------------------------------------------------------------------ - + # - Where to Log - - + #log_destination = 'stderr' # Valid values are combinations of # stderr, csvlog, syslog, and eventlog, # depending on platform. csvlog # requires logging_collector to be on. - + # This is used when logging to stderr: #logging_collector = off # Enable capturing of stderr and csvlog # into log files. Required to be on for # csvlogs. # (change requires restart) - + # These are only used if logging_collector is on: #log_directory = 'log' # directory where log files are written, # can be absolute or relative to PGDATA @@ -406,19 +406,19 @@ data: #log_rotation_size = 10MB # Automatic rotation of logfiles will # happen after that much log output. # 0 disables. - + # These are relevant when logging to syslog: #syslog_facility = 'LOCAL0' #syslog_ident = 'postgres' #syslog_sequence_numbers = on #syslog_split_messages = on - + # This is only relevant when logging to eventlog (win32): # (change requires restart) #event_source = 'PostgreSQL' - + # - When to Log - - + #log_min_messages = warning # values in order of decreasing detail: # debug5 # debug4 @@ -432,7 +432,7 @@ data: # log # fatal # panic - + #log_min_error_statement = error # values in order of decreasing detail: # debug5 # debug4 @@ -446,15 +446,15 @@ data: # log # fatal # panic (effectively off) - + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements # and their durations, > 0 logs only # statements running at least this number # of milliseconds - - + + # - What to Log - - + #debug_print_parse = off #debug_print_rewritten = off #debug_print_plan = off @@ -493,42 +493,42 @@ data: # than the specified size in kilobytes; # -1 disables, 0 logs all temp files log_timezone = 'Etc/UTC' - + #------------------------------------------------------------------------------ # PROCESS TITLE #------------------------------------------------------------------------------ - + #cluster_name = '' # added to process titles if nonempty # (change requires restart) #update_process_title = on - - + + #------------------------------------------------------------------------------ # STATISTICS #------------------------------------------------------------------------------ - + # - Query and Index Statistics Collector - - + #track_activities = on #track_counts = on #track_io_timing = off #track_functions = none # none, pl, all #track_activity_query_size = 1024 # (change requires restart) #stats_temp_directory = 'pg_stat_tmp' - - + + # - Monitoring - - + #log_parser_stats = off #log_planner_stats = off #log_executor_stats = off #log_statement_stats = off - - + + #------------------------------------------------------------------------------ # AUTOVACUUM #------------------------------------------------------------------------------ - + #autovacuum = on # Enable autovacuum subprocess? 'on' # requires track_counts to also be on. #log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and @@ -555,14 +555,14 @@ data: #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for # autovacuum, -1 means use # vacuum_cost_limit - - + + #------------------------------------------------------------------------------ # CLIENT CONNECTION DEFAULTS #------------------------------------------------------------------------------ - + # - Statement Behavior - - + #client_min_messages = notice # values in order of decreasing detail: # debug5 # debug4 @@ -598,9 +598,9 @@ data: #xmloption = 'content' #gin_fuzzy_search_limit = 0 #gin_pending_list_limit = 4MB - + # - Locale and Formatting - - + datestyle = 'iso, mdy' #intervalstyle = 'postgres' timezone = 'Etc/UTC' @@ -614,33 +614,33 @@ data: #extra_float_digits = 0 # min -15, max 3 #client_encoding = sql_ascii # actually, defaults to database # encoding - + # These settings are initialized by initdb, but they can be changed. lc_messages = 'en_US.utf8' # locale for system error message # strings lc_monetary = 'en_US.utf8' # locale for monetary formatting lc_numeric = 'en_US.utf8' # locale for number formatting lc_time = 'en_US.utf8' # locale for time formatting - + # default configuration for text search default_text_search_config = 'pg_catalog.english' - + # - Shared Library Preloading - - + #shared_preload_libraries = '' # (change requires restart) #local_preload_libraries = '' #session_preload_libraries = '' #jit_provider = 'llvmjit' # JIT library to use - + # - Other Defaults - - + #dynamic_library_path = '$libdir' - - + + #------------------------------------------------------------------------------ # LOCK MANAGEMENT #------------------------------------------------------------------------------ - + #deadlock_timeout = 1s #max_locks_per_transaction = 64 # min 10 # (change requires restart) @@ -650,14 +650,14 @@ data: # (max_pred_locks_per_transaction # / -max_pred_locks_per_relation) - 1 #max_pred_locks_per_page = 2 # min 0 - - + + #------------------------------------------------------------------------------ # VERSION AND PLATFORM COMPATIBILITY #------------------------------------------------------------------------------ - + # - Previous PostgreSQL Versions - - + #array_nulls = on #backslash_quote = safe_encoding # on, off, or safe_encoding #default_with_oids = off @@ -667,38 +667,38 @@ data: #quote_all_identifiers = off #standard_conforming_strings = on #synchronize_seqscans = on - + # - Other Platforms and Clients - - + #transform_null_equals = off - - + + #------------------------------------------------------------------------------ # ERROR HANDLING #------------------------------------------------------------------------------ - + #exit_on_error = off # terminate session on any error? #restart_after_crash = on # reinitialize after backend crash? #data_sync_retry = off # retry or panic on failure to fsync # data? # (change requires restart) - - + + #------------------------------------------------------------------------------ # CONFIG FILE INCLUDES #------------------------------------------------------------------------------ - + # These options allow settings to be loaded from files other than the # default postgresql.conf. - + #include_dir = '' # include files ending in '.conf' from # a directory, e.g., 'conf.d' #include_if_exists = '' # include file only if it exists #include = '' # include file - - + + #------------------------------------------------------------------------------ # CUSTOMIZED OPTIONS #------------------------------------------------------------------------------ - + # Add settings for extensions here diff --git a/base/pgsql/pgsql.Deployment.yaml b/base/pgsql/pgsql.Deployment.yaml index 348f0ea7485b..23f75faebedd 100644 --- a/base/pgsql/pgsql.Deployment.yaml +++ b/base/pgsql/pgsql.Deployment.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: correct-data-dir-permissions - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/alpine-3.14:5.3.666@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 command: ["sh", "-c", "if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi"] volumeMounts: - mountPath: /data @@ -43,7 +43,7 @@ spec: memory: "50Mi" containers: - env: - image: index.docker.io/sourcegraph/postgres-12-alpine:insiders@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres-12-alpine:5.3.666@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: exec: @@ -83,7 +83,7 @@ spec: value: postgres://sg:@localhost:5432/?sslmode=disable - name: PG_EXPORTER_EXTEND_QUERY_PATH value: /config/queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:insiders@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/postgres_exporter:5.3.666@sha256:7bc727119bc5b0900a9c3d7c0a79e3b548de93bc55df9da864244b3971168294 terminationMessagePolicy: FallbackToLogsOnError name: pgsql-exporter resources: diff --git a/base/precise-code-intel/worker.Deployment.yaml b/base/precise-code-intel/worker.Deployment.yaml index 1673535197d2..fba2beb0fb00 100644 --- a/base/precise-code-intel/worker.Deployment.yaml +++ b/base/precise-code-intel/worker.Deployment.yaml @@ -46,7 +46,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:insiders@sha256:049d91cfcf468f292ed018646e69e0328f71597626920fa3f8588cd674f43933 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/precise-code-intel-worker:5.3.666@sha256:cdf94c74afd0abe39bf7ba0d3a14b36f267837678455b36881fe645d0493abdb terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/prometheus/prometheus.ConfigMap.yaml b/base/prometheus/prometheus.ConfigMap.yaml index 1b0bf1745bcb..c57846a5d79a 100644 --- a/base/prometheus/prometheus.ConfigMap.yaml +++ b/base/prometheus/prometheus.ConfigMap.yaml @@ -1,292 +1,6 @@ apiVersion: v1 data: - prometheus.yml: | - global: - scrape_interval: 30s - evaluation_interval: 30s - - alerting: - alertmanagers: - # Bundled Alertmanager, started by prom-wrapper - - static_configs: - - targets: ['127.0.0.1:9093'] - path_prefix: /alertmanager - # Uncomment the following to have alerts delivered to additional Alertmanagers discovered - # in the cluster. This configuration is not required if you use Sourcegraph's built-in alerting: - # https://docs.sourcegraph.com/admin/observability/alerting - # - kubernetes_sd_configs: - # - role: endpoints - # relabel_configs: - # - source_labels: [__meta_kubernetes_service_name] - # regex: alertmanager - # action: keep - - rule_files: - - '*_rules.yml' - - "/sg_config_prometheus/*_rules.yml" - - "/sg_prometheus_add_ons/*_rules.yml" - - # A scrape configuration for running Prometheus on a Kubernetes cluster. - # This uses separate scrape configs for cluster components (i.e. API server, node) - # and services to allow each to use different authentication configs. - # - # Kubernetes labels will be added as Prometheus labels on metrics via the - # `labelmap` relabeling action. - - # Scrape config for API servers. - # - # Kubernetes exposes API servers as endpoints to the default/kubernetes - # service so this uses `endpoints` role and uses relabelling to only keep - # the endpoints associated with the default/kubernetes service using the - # default named port `https`. This works for single API server deployments as - # well as HA API server deployments. - scrape_configs: - - job_name: 'kubernetes-apiservers' - - kubernetes_sd_configs: - - role: endpoints - - # Default to scraping over https. If required, just disable this or change to - # `http`. - scheme: https - - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then disable certificate verification below. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # disable certificate verification by uncommenting the line below. - # - # insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - # Keep only the default/kubernetes service endpoints for the https port. This - # will add targets for each API server which Kubernetes adds an endpoint to - # the default/kubernetes service. - relabel_configs: - - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: default;kubernetes;https - - - job_name: 'kubernetes-nodes' - - # Default to scraping over https. If required, just disable this or change to - # `http`. - scheme: https - - # This TLS & bearer token file config is used to connect to the actual scrape - # endpoints for cluster components. This is separate to discovery auth - # configuration because discovery & scraping are two separate concerns in - # Prometheus. The discovery auth config is automatic if Prometheus runs inside - # the cluster. Otherwise, more config options have to be provided within the - # . - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - # If your node certificates are self-signed or use a different CA to the - # master CA, then disable certificate verification below. Note that - # certificate verification is an integral part of a secure infrastructure - # so this should only be disabled in a controlled environment. You can - # disable certificate verification by uncommenting the line below. - # - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - kubernetes_sd_configs: - - role: node - - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - # Scrape config for service endpoints. - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `sourcegraph.prometheus/scrape`: Only scrape services that have a value of `true` - # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need - # to set this to `https` & most likely set the `tls_config` of the scrape config. - # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. - # * `prometheus.io/port`: If the metrics are exposed on a different port to the - # service then set this appropriately. - - job_name: 'kubernetes-service-endpoints' - - kubernetes_sd_configs: - - role: endpoints - - relabel_configs: - # Sourcegraph specific customization, only scrape pods with our annotation - - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: (.+)(?::\d+);(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - # Sourcegraph specific customization. We want a more convenient to type label. - # target_label: kubernetes_namespace - target_label: ns - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: kubernetes_name - # Sourcegraph specific customization. We want a nicer name for job - - source_labels: [app] - action: replace - target_label: job - # Sourcegraph specific customization. We want a nicer name for instance - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: instance - # Sourcegraph specific customization. We want to add a label to every - # metric that indicates the node it came from. - - source_labels: [__meta_kubernetes_endpoint_node_name] - action: replace - target_label: nodename - metric_relabel_configs: - # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API - - source_labels: [nodename] - regex: ^$ - action: drop - - # Example scrape config for probing services via the Blackbox Exporter. - # - # The relabeling allows the actual service scrape endpoint to be configured - # via the following annotations: - # - # * `prometheus.io/probe`: Only probe services that have a value of `true` - - job_name: 'kubernetes-services' - - metrics_path: /probe - params: - module: [http_2xx] - - kubernetes_sd_configs: - - role: service - - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] - action: keep - regex: true - - source_labels: [__address__] - target_label: __param_target - - target_label: __address__ - replacement: blackbox - - source_labels: [__param_target] - target_label: instance - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_service_namespace] - # Sourcegraph specific customization. We want a more convenient to type label. - # target_label: kubernetes_namespace - target_label: ns - - source_labels: [__meta_kubernetes_service_name] - target_label: kubernetes_name - - # Example scrape config for pods - # - # The relabeling allows the actual pod scrape endpoint to be configured via the - # following annotations: - # - # * `sourcegraph.prometheus/scrape`: Only scrape pods that have a value of `true` - # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. - # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. - - job_name: 'kubernetes-pods' - - kubernetes_sd_configs: - - role: pod - - relabel_configs: - # Sourcegraph specific customization, only scrape pods with our annotation - - source_labels: [__meta_kubernetes_pod_annotation_sourcegraph_prometheus_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: (.+):(?:\d+);(\d+) - replacement: ${1}:${2} - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name - # Sourcegraph specific customization. We want a more convenient to type label. - # target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: ns - # Sourcegraph specific customization. We want to add a label to every - # metric that indicates the node it came from. - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: nodename - - metric_relabel_configs: - # cAdvisor-specific customization. Drop container metrics exported by cAdvisor - # not in the same namespace as Sourcegraph. - # Uncomment this if you have problems with certain dashboards or cAdvisor itself - # picking up non-Sourcegraph services. Ensure all Sourcegraph services are running - # within the Sourcegraph namespace you have defined. - # The regex must keep matches on '^$' (empty string) to ensure other metrics do not - # get dropped. - # - source_labels: [container_label_io_kubernetes_pod_namespace] - # regex: ^$|ns-sourcegraph # ensure this matches with namespace declarations - # action: keep - # cAdvisor-specific customization. We want container metrics to be named after their container name label. - # Note that 'io.kubernetes.container.name' and 'io.kubernetes.pod.name' must be provided in cAdvisor - # '--whitelisted_container_labels' (see cadvisor.DaemonSet.yaml) - - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] - regex: (.+) - action: replace - target_label: name - separator: '-' - # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API - - source_labels: [nodename] - regex: ^$ - action: drop - - # Scrape prometheus itself for metrics. - - job_name: 'builtin-prometheus' - static_configs: - - targets: ['127.0.0.1:9092'] - labels: - app: prometheus - - job_name: 'builtin-alertmanager' - metrics_path: /alertmanager/metrics - static_configs: - - targets: ['127.0.0.1:9093'] - labels: - app: alertmanager + prometheus.yml: "global:\n scrape_interval: 30s\n evaluation_interval: 30s\n\nalerting:\n alertmanagers:\n # Bundled Alertmanager, started by prom-wrapper\n - static_configs:\n - targets: ['127.0.0.1:9093']\n path_prefix: /alertmanager\n # Uncomment the following to have alerts delivered to additional Alertmanagers discovered\n # in the cluster. This configuration is not required if you use Sourcegraph's built-in alerting:\n # https://docs.sourcegraph.com/admin/observability/alerting\n # - kubernetes_sd_configs:\n # - role: endpoints\n # relabel_configs:\n # - source_labels: [__meta_kubernetes_service_name]\n # regex: alertmanager\n # action: keep\n\nrule_files:\n - '*_rules.yml'\n - \"/sg_config_prometheus/*_rules.yml\"\n - \"/sg_prometheus_add_ons/*_rules.yml\"\n\n# A scrape configuration for running Prometheus on a Kubernetes cluster.\n# This uses separate scrape configs for cluster components (i.e. API server, node)\n# and services to allow each to use different authentication configs.\n#\n# Kubernetes labels will be added as Prometheus labels on metrics via the\n# `labelmap` relabeling action.\n\n# Scrape config for API servers.\n#\n# Kubernetes exposes API servers as endpoints to the default/kubernetes\n# service so this uses `endpoints` role and uses relabelling to only keep\n# the endpoints associated with the default/kubernetes service using the\n# default named port `https`. This works for single API server deployments as\n# well as HA API server deployments.\nscrape_configs:\n- job_name: 'kubernetes-apiservers'\n\n kubernetes_sd_configs:\n - role: endpoints\n\n # Default to scraping over https. If required, just disable this or change to\n # `http`.\n scheme: https\n\n # This TLS & bearer token file config is used to connect to the actual scrape\n # endpoints for cluster components. This is separate to discovery auth\n # configuration because discovery & scraping are two separate concerns in\n # Prometheus. The discovery auth config is automatic if Prometheus runs inside\n # the cluster. Otherwise, more config options have to be provided within the\n # .\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n # If your node certificates are self-signed or use a different CA to the\n # master CA, then disable certificate verification below. Note that\n # certificate verification is an integral part of a secure infrastructure\n # so this should only be disabled in a controlled environment. You can\n # disable certificate verification by uncommenting the line below.\n #\n # insecure_skip_verify: true\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n # Keep only the default/kubernetes service endpoints for the https port. This\n # will add targets for each API server which Kubernetes adds an endpoint to\n # the default/kubernetes service.\n relabel_configs:\n - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n action: keep\n regex: default;kubernetes;https\n\n- job_name: 'kubernetes-nodes'\n\n # Default to scraping over https. If required, just disable this or change to\n # `http`.\n scheme: https\n\n # This TLS & bearer token file config is used to connect to the actual scrape\n # endpoints for cluster components. This is separate to discovery auth\n # configuration because discovery & scraping are two separate concerns in\n # Prometheus. The discovery auth config is automatic if Prometheus runs inside\n # the cluster. Otherwise, more config options have to be provided within the\n # .\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n # If your node certificates are self-signed or use a different CA to the\n # master CA, then disable certificate verification below. Note that\n # certificate verification is an integral part of a secure infrastructure\n # so this should only be disabled in a controlled environment. You can\n # disable certificate verification by uncommenting the line below.\n #\n insecure_skip_verify: true\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n kubernetes_sd_configs:\n - role: node\n\n relabel_configs:\n - action: labelmap\n regex: __meta_kubernetes_node_label_(.+)\n - target_label: __address__\n replacement: kubernetes.default.svc:443\n - source_labels: [__meta_kubernetes_node_name]\n regex: (.+)\n target_label: __metrics_path__\n replacement: /api/v1/nodes/${1}/proxy/metrics\n\n# Scrape config for service endpoints.\n#\n# The relabeling allows the actual service scrape endpoint to be configured\n# via the following annotations:\n#\n# * `sourcegraph.prometheus/scrape`: Only scrape services that have a value of `true`\n# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need\n# to set this to `https` & most likely set the `tls_config` of the scrape config.\n# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.\n# * `prometheus.io/port`: If the metrics are exposed on a different port to the\n# service then set this appropriately.\n- job_name: 'kubernetes-service-endpoints'\n\n kubernetes_sd_configs:\n - role: endpoints\n\n relabel_configs:\n # Sourcegraph specific customization, only scrape pods with our annotation\n - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape]\n action: keep\n regex: true\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]\n action: replace\n target_label: __scheme__\n regex: (https?)\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: (.+)\n - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]\n action: replace\n target_label: __address__\n regex: (.+)(?::\\d+);(\\d+)\n replacement: $1:$2\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n action: replace\n # Sourcegraph specific customization. We want a more convenient to type label.\n # target_label: kubernetes_namespace\n target_label: ns\n - source_labels: [__meta_kubernetes_service_name]\n action: replace\n target_label: kubernetes_name\n # Sourcegraph specific customization. We want a nicer name for job\n - source_labels: [app]\n action: replace\n target_label: job\n # Sourcegraph specific customization. We want a nicer name for instance\n - source_labels: [__meta_kubernetes_pod_name]\n action: replace\n target_label: instance\n # Sourcegraph specific customization. We want to add a label to every \n # metric that indicates the node it came from.\n - source_labels: [__meta_kubernetes_endpoint_node_name]\n action: replace\n target_label: nodename\n metric_relabel_configs:\n # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API\n - source_labels: [nodename]\n regex: ^$\n action: drop\n\n# Example scrape config for probing services via the Blackbox Exporter.\n#\n# The relabeling allows the actual service scrape endpoint to be configured\n# via the following annotations:\n#\n# * `prometheus.io/probe`: Only probe services that have a value of `true`\n- job_name: 'kubernetes-services'\n\n metrics_path: /probe\n params:\n module: [http_2xx]\n\n kubernetes_sd_configs:\n - role: service\n\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]\n action: keep\n regex: true\n - source_labels: [__address__]\n target_label: __param_target\n - target_label: __address__\n replacement: blackbox\n - source_labels: [__param_target]\n target_label: instance\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_service_namespace]\n # Sourcegraph specific customization. We want a more convenient to type label.\n # target_label: kubernetes_namespace\n target_label: ns\n - source_labels: [__meta_kubernetes_service_name]\n target_label: kubernetes_name\n\n# Example scrape config for pods\n#\n# The relabeling allows the actual pod scrape endpoint to be configured via the\n# following annotations:\n#\n# * `sourcegraph.prometheus/scrape`: Only scrape pods that have a value of `true`\n# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.\n# * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.\n- job_name: 'kubernetes-pods'\n\n kubernetes_sd_configs:\n - role: pod\n\n relabel_configs:\n # Sourcegraph specific customization, only scrape pods with our annotation\n - source_labels: [__meta_kubernetes_pod_annotation_sourcegraph_prometheus_scrape]\n action: keep\n regex: true\n - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: (.+)\n - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]\n action: replace\n regex: (.+):(?:\\d+);(\\d+)\n replacement: ${1}:${2}\n target_label: __address__\n - action: labelmap\n regex: __meta_kubernetes_pod_label_(.+)\n - source_labels: [__meta_kubernetes_pod_name]\n action: replace\n target_label: kubernetes_pod_name\n # Sourcegraph specific customization. We want a more convenient to type label.\n # target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_namespace]\n action: replace\n target_label: ns\n # Sourcegraph specific customization. We want to add a label to every \n # metric that indicates the node it came from.\n - source_labels: [__meta_kubernetes_pod_node_name]\n action: replace\n target_label: nodename\n\n metric_relabel_configs:\n # cAdvisor-specific customization. Drop container metrics exported by cAdvisor\n # not in the same namespace as Sourcegraph.\n # Uncomment this if you have problems with certain dashboards or cAdvisor itself\n # picking up non-Sourcegraph services. Ensure all Sourcegraph services are running\n # within the Sourcegraph namespace you have defined.\n # The regex must keep matches on '^$' (empty string) to ensure other metrics do not\n # get dropped.\n # - source_labels: [container_label_io_kubernetes_pod_namespace]\n # regex: ^$|ns-sourcegraph # ensure this matches with namespace declarations\n # action: keep\n # cAdvisor-specific customization. We want container metrics to be named after their container name label.\n # Note that 'io.kubernetes.container.name' and 'io.kubernetes.pod.name' must be provided in cAdvisor\n # '--whitelisted_container_labels' (see cadvisor.DaemonSet.yaml)\n - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name]\n regex: (.+)\n action: replace\n target_label: name\n separator: '-'\n # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API\n - source_labels: [nodename]\n regex: ^$\n action: drop\n\n# Scrape prometheus itself for metrics.\n- job_name: 'builtin-prometheus'\n static_configs:\n - targets: ['127.0.0.1:9092']\n labels:\n app: prometheus\n- job_name: 'builtin-alertmanager'\n metrics_path: /alertmanager/metrics\n static_configs:\n - targets: ['127.0.0.1:9093']\n labels:\n app: alertmanager\n" extra_rules.yml: "" kind: ConfigMap metadata: diff --git a/base/prometheus/prometheus.Deployment.yaml b/base/prometheus/prometheus.Deployment.yaml index 7ee437dd670c..48fb0dd62951 100644 --- a/base/prometheus/prometheus.Deployment.yaml +++ b/base/prometheus/prometheus.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: prometheus - image: index.docker.io/sourcegraph/prometheus:insiders@sha256:b51607c8b348c2150193dff0a2656a97ba591b935d4c08e03f49bd21a7b58f5c + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/prometheus:5.3.666@sha256:d1e7fe593e3daf3165c6ac4e5812758e9761ccc8f46da74a8723f668dede1904 terminationMessagePolicy: FallbackToLogsOnError readinessProbe: httpGet: diff --git a/base/redis/redis-cache.Deployment.yaml b/base/redis/redis-cache.Deployment.yaml index 2393958015bb..a384fa02edcc 100644 --- a/base/redis/redis-cache.Deployment.yaml +++ b/base/redis/redis-cache.Deployment.yaml @@ -26,7 +26,7 @@ spec: spec: containers: - name: redis-cache - image: index.docker.io/sourcegraph/redis-cache:insiders@sha256:7b5f4501ec28696b9c842def4217f03e21e687c824c277623425f9acddf1def8 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-cache:5.3.666@sha256:7b5f4501ec28696b9c842def4217f03e21e687c824c277623425f9acddf1def8 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -50,7 +50,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:insiders@sha256:e5c30856d511423b655c7e3c524f6118336845a0f9a339fc92738f5282a67c35 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:5.3.666@sha256:e5c30856d511423b655c7e3c524f6118336845a0f9a339fc92738f5282a67c35 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/redis/redis-store.Deployment.yaml b/base/redis/redis-store.Deployment.yaml index 3874131f60f1..69551e92c155 100644 --- a/base/redis/redis-store.Deployment.yaml +++ b/base/redis/redis-store.Deployment.yaml @@ -25,7 +25,7 @@ spec: spec: containers: - name: redis-store - image: index.docker.io/sourcegraph/redis-store:insiders@sha256:be2c0f4caff00d545a4cec70baee710040f2adb71df255665661142147820065 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis-store:5.3.666@sha256:be2c0f4caff00d545a4cec70baee710040f2adb71df255665661142147820065 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: initialDelaySeconds: 30 @@ -49,7 +49,7 @@ spec: - mountPath: /redis-data name: redis-data - name: redis-exporter - image: index.docker.io/sourcegraph/redis_exporter:insiders@sha256:e5c30856d511423b655c7e3c524f6118336845a0f9a339fc92738f5282a67c35 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/redis_exporter:5.3.666@sha256:e5c30856d511423b655c7e3c524f6118336845a0f9a339fc92738f5282a67c35 terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 9121 diff --git a/base/repo-updater/repo-updater.Deployment.yaml b/base/repo-updater/repo-updater.Deployment.yaml index cb285498e693..d7a8005d0dee 100644 --- a/base/repo-updater/repo-updater.Deployment.yaml +++ b/base/repo-updater/repo-updater.Deployment.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: repo-updater - image: index.docker.io/sourcegraph/repo-updater:insiders@sha256:7b23c97ddb91bc354b3fee6f5a87fb3221936208e6d9b07acc7d7c1916247fff + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/repo-updater:5.3.666@sha256:405ee49a212e96592445cac0c66694a70d10dc5f04a6dfa9b72db9ab7ef69b70 env: # OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable - name: OTEL_AGENT_HOST diff --git a/base/searcher/searcher.Deployment.yaml b/base/searcher/searcher.Deployment.yaml index fc996cbf6c5d..e36aff951a02 100644 --- a/base/searcher/searcher.Deployment.yaml +++ b/base/searcher/searcher.Deployment.yaml @@ -49,7 +49,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/searcher:insiders@sha256:fd43bdc2480a0cb7f649ceb865284e7194bf63f084de76bfccd0e9c5da08ad7e + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/searcher:5.3.666@sha256:4aef2e37c39aa77697ab5629907acf279025001a481982fac42531ddff84be7f terminationMessagePolicy: FallbackToLogsOnError ports: - containerPort: 3181 diff --git a/base/symbols/symbols.Deployment.yaml b/base/symbols/symbols.Deployment.yaml index 619c5e7d1bbe..2f9055ed736f 100644 --- a/base/symbols/symbols.Deployment.yaml +++ b/base/symbols/symbols.Deployment.yaml @@ -49,7 +49,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:insiders@sha256:c36923fe32ac832a6af8ed20bb34b9dd131c04bd96741ccbd548537b9f3886d5 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/symbols:5.3.666@sha256:84011c78ecf15a688aa3b432fe9357d6e13f82fbe030fac25dfc2e464b07ffb2 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/syntect-server/syntect-server.Deployment.yaml b/base/syntect-server/syntect-server.Deployment.yaml index 5be4574e58c0..0748749c7fa9 100644 --- a/base/syntect-server/syntect-server.Deployment.yaml +++ b/base/syntect-server/syntect-server.Deployment.yaml @@ -29,7 +29,7 @@ spec: containers: - name: syntect-server env: - image: index.docker.io/sourcegraph/syntax-highlighter:insiders@sha256:13a3d617ea5e970af18278c679bbbedeed2bf232e1884616ad30e1e3939296e4 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/syntax-highlighter:5.3.666@sha256:860a653cdaca532d6d3dfce006753d655d3d5aa681eded10ed6e10ff1b56ee14 terminationMessagePolicy: FallbackToLogsOnError livenessProbe: httpGet: diff --git a/base/worker/worker.Deployment.yaml b/base/worker/worker.Deployment.yaml index 00f8156a6fb1..929cd11ea4dd 100644 --- a/base/worker/worker.Deployment.yaml +++ b/base/worker/worker.Deployment.yaml @@ -44,7 +44,7 @@ spec: fieldPath: status.hostIP - name: OTEL_EXPORTER_OTLP_ENDPOINT value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/worker:insiders@sha256:fcdb7037ce979ef58a5925e1a9341be8fded6282e21d3301a9914646a54ebd7c + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/worker:5.3.666@sha256:a47a966cc2920b533f9fac7ac7cadcd706e4a8e63e76a61f87c368e4bd985744 envFrom: - configMapRef: name: embeddings-backend diff --git a/configure/embeddings/embeddings.ConfigMap.yaml b/configure/embeddings/embeddings.ConfigMap.yaml index b8dd14fe8228..6c4a15a3c23e 100644 --- a/configure/embeddings/embeddings.ConfigMap.yaml +++ b/configure/embeddings/embeddings.ConfigMap.yaml @@ -8,30 +8,31 @@ metadata: sourcegraph-resource-requires: no-cluster-admin name: embeddings-backend data: - # EMBEDDINGS_UPLOAD_BACKEND: blobstore - # EMBEDDINGS_UPLOAD_AWS_ENDPOINT: http://blobstore:9000 - # Add env vars for `embeddings`, `worker` services below - # See [storing-embeddings-indexes](https://docs.sourcegraph.com/cody/explanations/code_graph_context#storing-embedding-indexes) for more details - # EMBEDDINGS_UPLOAD_MANAGE_BUCKET: "true" - # EMBEDDINGS_REPO_INDEX_CACHE_SIZE: "5" - ############ - ## S3 ## - ############ - # EMBEDDINGS_UPLOAD_BACKEND: S3 - # EMBEDDINGS_UPLOAD_BUCKET: - # EMBEDDINGS_UPLOAD_AWS_ENDPOINT: https://s3.us-east-1.amazonaws.com - # EMBEDDINGS_UPLOAD_AWS_ACCESS_KEY_ID: - # EMBEDDINGS_UPLOAD_AWS_SECRET_ACCESS_KEY: - # EMBEDDINGS_UPLOAD_AWS_SESSION_TOKEN: # (optional) - # EMBEDDINGS_UPLOAD_AWS_USE_EC2_ROLE_CREDENTIALS: "true" # (optional; set to use EC2 metadata API over static credentials) - # EMBEDDINGS_UPLOAD_AWS_REGION: us-east-1 +# EMBEDDINGS_UPLOAD_BACKEND: blobstore +# EMBEDDINGS_UPLOAD_AWS_ENDPOINT: http://blobstore:9000 +# Add env vars for `embeddings`, `worker` services below +# See [storing-embeddings-indexes](https://docs.sourcegraph.com/cody/explanations/code_graph_context#storing-embedding-indexes) for more details +# EMBEDDINGS_UPLOAD_MANAGE_BUCKET: "true" +# EMBEDDINGS_REPO_INDEX_CACHE_SIZE: "5" - ############# - ## GCS ## - ############# - # EMBEDDINGS_UPLOAD_BACKEND: GCS - # EMBEDDINGS_UPLOAD_BUCKET: - # EMBEDDINGS_UPLOAD_GCP_PROJECT_ID: - # EMBEDDINGS_UPLOAD_GOOGLE_APPLICATION_CREDENTIALS_FILE: - # EMBEDDINGS_UPLOAD_GOOGLE_APPLICATION_CREDENTIALS_FILE_CONTENT: <{"my": "content"}> +############ +## S3 ## +############ +# EMBEDDINGS_UPLOAD_BACKEND: S3 +# EMBEDDINGS_UPLOAD_BUCKET: +# EMBEDDINGS_UPLOAD_AWS_ENDPOINT: https://s3.us-east-1.amazonaws.com +# EMBEDDINGS_UPLOAD_AWS_ACCESS_KEY_ID: +# EMBEDDINGS_UPLOAD_AWS_SECRET_ACCESS_KEY: +# EMBEDDINGS_UPLOAD_AWS_SESSION_TOKEN: # (optional) +# EMBEDDINGS_UPLOAD_AWS_USE_EC2_ROLE_CREDENTIALS: "true" # (optional; set to use EC2 metadata API over static credentials) +# EMBEDDINGS_UPLOAD_AWS_REGION: us-east-1 + +############# +## GCS ## +############# +# EMBEDDINGS_UPLOAD_BACKEND: GCS +# EMBEDDINGS_UPLOAD_BUCKET: +# EMBEDDINGS_UPLOAD_GCP_PROJECT_ID: +# EMBEDDINGS_UPLOAD_GOOGLE_APPLICATION_CREDENTIALS_FILE: +# EMBEDDINGS_UPLOAD_GOOGLE_APPLICATION_CREDENTIALS_FILE_CONTENT: <{"my": "content"}> diff --git a/configure/embeddings/embeddings.Deployment.yaml b/configure/embeddings/embeddings.Deployment.yaml index 7584f45a13a5..834f5fb9d184 100644 --- a/configure/embeddings/embeddings.Deployment.yaml +++ b/configure/embeddings/embeddings.Deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: embeddings - image: index.docker.io/sourcegraph/embeddings:insiders@sha256:a6feb02746694671b084b86b7aa14e70341869cdcf913ccb2ec66aeaef1a488b + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/embeddings:5.3.666@sha256:88b4dbacc06c7695493be32b291a0e96fbc201213808d477dc0335b0341002a4 env: - name: POD_NAME valueFrom: diff --git a/configure/executors/dind/docker-daemon.ConfigMap.yaml b/configure/executors/dind/docker-daemon.ConfigMap.yaml index 9bdc0b7e82c3..5479a74f26c4 100644 --- a/configure/executors/dind/docker-daemon.ConfigMap.yaml +++ b/configure/executors/dind/docker-daemon.ConfigMap.yaml @@ -2,12 +2,11 @@ apiVersion: v1 data: daemon.json: | { "insecure-registries":["private-docker-registry:5000"] } - kind: ConfigMap metadata: labels: app: executor deploy: sourcegraph sourcegraph-resource-requires: no-cluster-admin - app.kubernetes.io/component: executor + app.kubernetes.io/component: executor name: docker-config diff --git a/configure/executors/dind/executor.Deployment.yaml b/configure/executors/dind/executor.Deployment.yaml index a37cd4090c3a..4c2915f03322 100644 --- a/configure/executors/dind/executor.Deployment.yaml +++ b/configure/executors/dind/executor.Deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: executor - image: index.docker.io/sourcegraph/executor:insiders@sha256:da6653e0cd6f95d60a0db2f0342c4d77d652d786112dbb8d66752e68f1e0609d + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/executor:5.3.666@sha256:1d843715b35a3028e45143a1a602cdfe16c5bfc890477df1c31aafa1c3ca5914 imagePullPolicy: Always livenessProbe: exec: @@ -67,7 +67,7 @@ spec: - mountPath: /scratch name: executor-scratch - name: dind - image: index.docker.io/sourcegraph/dind:insiders@sha256:da2ab73a8e22ff7873bb671ee44fb7b940adac304f36ce4f93df3b6c11838556 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/dind:5.3.666@sha256:31b848f6e755ee0d9690b0411ccf29772574c7c31dba72faa87aa9302090ff77 imagePullPolicy: Always securityContext: privileged: true @@ -79,7 +79,7 @@ spec: - '--host=tcp://0.0.0.0:2375' livenessProbe: tcpSocket: - port: 2375 + port: 2375 initialDelaySeconds: 5 periodSeconds: 5 failureThreshold: 5 diff --git a/configure/executors/dind/executor.Service.yaml b/configure/executors/dind/executor.Service.yaml index bc79ab4d6db3..64472da82bc7 100644 --- a/configure/executors/dind/executor.Service.yaml +++ b/configure/executors/dind/executor.Service.yaml @@ -17,4 +17,4 @@ spec: targetPort: debug selector: app: executor - type: ClusterIP \ No newline at end of file + type: ClusterIP diff --git a/configure/executors/k8s/executor.ConfigMap.yaml b/configure/executors/k8s/executor.ConfigMap.yaml index ea82ef56b734..e794044ec418 100644 --- a/configure/executors/k8s/executor.ConfigMap.yaml +++ b/configure/executors/k8s/executor.ConfigMap.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: ConfigMap metadata: diff --git a/configure/executors/k8s/executor.Deployment.yaml b/configure/executors/k8s/executor.Deployment.yaml index a60e14410762..9eb4c4089f06 100644 --- a/configure/executors/k8s/executor.Deployment.yaml +++ b/configure/executors/k8s/executor.Deployment.yaml @@ -1,4 +1,3 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -30,7 +29,7 @@ spec: serviceAccountName: executor containers: - name: executor - image: index.docker.io/sourcegraph/executor-kubernetes:insiders@sha256:42951c79924af8c633aed2f6e9cbcb2cce6e363366d8aee9c6e45b2e6c99fcfa + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/executor-kubernetes:5.3.666@sha256:5ff645f26d32a6d2906e4087fc32813a58d5d0402f12c5dd171d83bda37d763c imagePullPolicy: Always livenessProbe: exec: diff --git a/configure/executors/k8s/executor.PersistentVolumeClaim.yaml b/configure/executors/k8s/executor.PersistentVolumeClaim.yaml index 34d89da8245f..219017fbb230 100644 --- a/configure/executors/k8s/executor.PersistentVolumeClaim.yaml +++ b/configure/executors/k8s/executor.PersistentVolumeClaim.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -12,4 +11,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 100Gi \ No newline at end of file + storage: 100Gi diff --git a/configure/executors/k8s/executor.Service.yaml b/configure/executors/k8s/executor.Service.yaml index 12667f66d8da..f4db7b3311a2 100644 --- a/configure/executors/k8s/executor.Service.yaml +++ b/configure/executors/k8s/executor.Service.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: Service metadata: @@ -18,4 +17,4 @@ spec: targetPort: debug selector: app: executor - type: ClusterIP \ No newline at end of file + type: ClusterIP diff --git a/configure/executors/k8s/rbac/executor.Role.yaml b/configure/executors/k8s/rbac/executor.Role.yaml index ce47770dc453..6df066703537 100644 --- a/configure/executors/k8s/rbac/executor.Role.yaml +++ b/configure/executors/k8s/rbac/executor.Role.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -26,4 +25,4 @@ rules: verbs: - get - list - - watch \ No newline at end of file + - watch diff --git a/configure/executors/k8s/rbac/executor.RoleBinding.yaml b/configure/executors/k8s/rbac/executor.RoleBinding.yaml index 7f611e6daa1b..d54874faf10a 100644 --- a/configure/executors/k8s/rbac/executor.RoleBinding.yaml +++ b/configure/executors/k8s/rbac/executor.RoleBinding.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -15,4 +14,4 @@ subjects: roleRef: apiGroup: "rbac.authorization.k8s.io" kind: Role - name: executor \ No newline at end of file + name: executor diff --git a/configure/executors/k8s/rbac/executor.ServiceAccount.yaml b/configure/executors/k8s/rbac/executor.ServiceAccount.yaml index d9994e9e0bf5..b0c97d1d9cc6 100644 --- a/configure/executors/k8s/rbac/executor.ServiceAccount.yaml +++ b/configure/executors/k8s/rbac/executor.ServiceAccount.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: ServiceAccount metadata: @@ -7,4 +6,4 @@ metadata: category: rbac deploy: sourcegraph sourcegraph-resource-requires: cluster-admin - app.kubernetes.io/component: executor \ No newline at end of file + app.kubernetes.io/component: executor diff --git a/configure/executors/private-docker-registry/private-docker-registry.PersistentVolumeClaim.yaml b/configure/executors/private-docker-registry/private-docker-registry.PersistentVolumeClaim.yaml index ebc03984ef27..5f34dd25b40a 100644 --- a/configure/executors/private-docker-registry/private-docker-registry.PersistentVolumeClaim.yaml +++ b/configure/executors/private-docker-registry/private-docker-registry.PersistentVolumeClaim.yaml @@ -5,7 +5,7 @@ metadata: labels: deploy: sourcegraph sourcegraph-resource-requires: no-cluster-admin - app.kubernetes.io/component: private-docker-registry + app.kubernetes.io/component: private-docker-registry spec: accessModes: - ReadWriteOnce diff --git a/configure/ingress-nginx/cloud-generic.yaml b/configure/ingress-nginx/cloud-generic.yaml index 90af2955b725..9eb9cbe510c9 100644 --- a/configure/ingress-nginx/cloud-generic.yaml +++ b/configure/ingress-nginx/cloud-generic.yaml @@ -22,4 +22,3 @@ spec: protocol: TCP targetPort: https # loadBalancerIP: xxx.xxx.xxx.xxx ---- diff --git a/configure/ingress-nginx/mandatory.yaml b/configure/ingress-nginx/mandatory.yaml index 6fe138a25f95..8f46ee8a0e29 100644 --- a/configure/ingress-nginx/mandatory.yaml +++ b/configure/ingress-nginx/mandatory.yaml @@ -5,9 +5,7 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- - kind: ConfigMap apiVersion: v1 metadata: @@ -16,7 +14,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- kind: ConfigMap apiVersion: v1 @@ -26,7 +23,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- kind: ConfigMap apiVersion: v1 @@ -36,7 +32,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- apiVersion: v1 kind: ServiceAccount @@ -46,7 +41,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -104,7 +98,6 @@ rules: - ingresses/status verbs: - update - --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -149,7 +142,6 @@ rules: - endpoints verbs: - get - --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -167,7 +159,6 @@ subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -184,9 +175,7 @@ subjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginx - --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -275,9 +264,7 @@ spec: exec: command: - /wait-shutdown - --- - apiVersion: v1 kind: LimitRange metadata: diff --git a/configure/ssd/pod-tmp-gc.ClusterRoleBinding.yaml b/configure/ssd/pod-tmp-gc.ClusterRoleBinding.yaml index 4deec37288d9..a4cf99e5362a 100644 --- a/configure/ssd/pod-tmp-gc.ClusterRoleBinding.yaml +++ b/configure/ssd/pod-tmp-gc.ClusterRoleBinding.yaml @@ -3,7 +3,7 @@ kind: ClusterRoleBinding metadata: labels: category: rbac - deploy: pod-tmp-gc + deploy: pod-tmp-gc name: pod-tmp-gc roleRef: apiGroup: "" diff --git a/configure/ssd/pod-tmp-gc.DaemonSet.yaml b/configure/ssd/pod-tmp-gc.DaemonSet.yaml index 49ee79a3b726..c833e6d817fb 100644 --- a/configure/ssd/pod-tmp-gc.DaemonSet.yaml +++ b/configure/ssd/pod-tmp-gc.DaemonSet.yaml @@ -30,12 +30,12 @@ spec: limits: cpu: 10m memory: 20M - # Replace ${SSD_MOUNT_PATH} with the with the absolute directory path - # on the node where the local SSD is mounted. - # See ../README.md for more information. - # - # volumeMounts: - # - mountPath: ${SSD_MOUNT_PATH}/pod-tmp - # name: pod-tmp + # Replace ${SSD_MOUNT_PATH} with the with the absolute directory path + # on the node where the local SSD is mounted. + # See ../README.md for more information. + # + # volumeMounts: + # - mountPath: ${SSD_MOUNT_PATH}/pod-tmp + # name: pod-tmp serviceAccountName: pod-tmp-gc updateStrategy: {} diff --git a/overlays/bases/pvcs/kustomization.yaml b/overlays/bases/pvcs/kustomization.yaml index 0471734f0b22..e4b442ab224f 100644 --- a/overlays/bases/pvcs/kustomization.yaml +++ b/overlays/bases/pvcs/kustomization.yaml @@ -8,4 +8,3 @@ resources: - base/codeintel-db/codeintel-db.PersistentVolumeClaim.yaml - base/blobstore/blobstore.PersistentVolumeClaim.yaml - base/codeinsights-db/codeinsights-db.PersistentVolumeClaim.yaml - diff --git a/overlays/envoy/gitserver.EnvoyFilter.yaml b/overlays/envoy/gitserver.EnvoyFilter.yaml index 3336f96cd245..eb9239afdb2e 100644 --- a/overlays/envoy/gitserver.EnvoyFilter.yaml +++ b/overlays/envoy/gitserver.EnvoyFilter.yaml @@ -33,4 +33,4 @@ spec: "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions explicit_http_config: http_protocol_options: - enable_trailers: true \ No newline at end of file + enable_trailers: true diff --git a/overlays/envoy/kustomization.yaml b/overlays/envoy/kustomization.yaml index 8ba225e1d557..7e990458b613 100644 --- a/overlays/envoy/kustomization.yaml +++ b/overlays/envoy/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ../bases/deployments - ../bases/rbac-roles - ../bases/pvcs - - gitserver.EnvoyFilter.yaml \ No newline at end of file + - gitserver.EnvoyFilter.yaml diff --git a/overlays/jaeger/grafana.ConfigMap.yaml b/overlays/jaeger/grafana.ConfigMap.yaml index 43dd15c4ad42..fc1022d0be71 100644 --- a/overlays/jaeger/grafana.ConfigMap.yaml +++ b/overlays/jaeger/grafana.ConfigMap.yaml @@ -5,7 +5,7 @@ metadata: data: datasources.yml: | apiVersion: 1 - + datasources: - name: Prometheus type: prometheus diff --git a/overlays/jaeger/jaeger.Deployment.yaml b/overlays/jaeger/jaeger.Deployment.yaml index 56762414ab96..0d7d6cbf9e60 100644 --- a/overlays/jaeger/jaeger.Deployment.yaml +++ b/overlays/jaeger/jaeger.Deployment.yaml @@ -28,34 +28,34 @@ spec: prometheus.io/scrape: "true" prometheus.io/port: "16686" spec: - containers: - - name: jaeger - image: index.docker.io/sourcegraph/jaeger-all-in-one:insiders@sha256:3b7d972994ba6ae3b58575db3249478e2d9393e8b7f1d5c952523aaf0fdd10cf - args: ["--memory.max-traces=20000"] - ports: - - containerPort: 5775 - protocol: UDP - - containerPort: 6831 - protocol: UDP - - containerPort: 6832 - protocol: UDP - - containerPort: 5778 - protocol: TCP - - containerPort: 16686 - protocol: TCP - - containerPort: 14250 - protocol: TCP - readinessProbe: - httpGet: - path: "/" - port: 14269 - initialDelaySeconds: 5 - resources: - limits: - cpu: "1" - memory: 1G - requests: - cpu: 500m - memory: 500M - securityContext: - runAsUser: 0 + containers: + - name: jaeger + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/jaeger-all-in-one:5.3.666@sha256:9c84bf86249b404f6a7ecb30b5f30201b3ec17449aad275e4ad192d8e4d970eb + args: ["--memory.max-traces=20000"] + ports: + - containerPort: 5775 + protocol: UDP + - containerPort: 6831 + protocol: UDP + - containerPort: 6832 + protocol: UDP + - containerPort: 5778 + protocol: TCP + - containerPort: 16686 + protocol: TCP + - containerPort: 14250 + protocol: TCP + readinessProbe: + httpGet: + path: "/" + port: 14269 + initialDelaySeconds: 5 + resources: + limits: + cpu: "1" + memory: 1G + requests: + cpu: 500m + memory: 500M + securityContext: + runAsUser: 0 diff --git a/overlays/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml b/overlays/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml index 7ad588b38a4d..fcab3151421b 100644 --- a/overlays/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/blobstore/blobstore.Deployment.yaml @@ -7,10 +7,10 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.666@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 100:101 /data"] volumeMounts: - - mountPath: /data - name: blobstore-data + - mountPath: /data + name: blobstore-data securityContext: runAsUser: 0 diff --git a/overlays/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml b/overlays/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml index b2f3c76b7a6d..efd1e042ab98 100644 --- a/overlays/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml +++ b/overlays/migrate-to-nonprivileged/gitserver/gitserver.StatefulSet.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.666@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "if [[ \"$(stat -c '%u' /data/repos)\" -ne 100 ]]; then chown -R 100:101 /data/repos; fi"] volumeMounts: - mountPath: /data/repos diff --git a/overlays/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml b/overlays/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml index baed3900cc17..18419c7e8bb2 100644 --- a/overlays/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml +++ b/overlays/migrate-to-nonprivileged/grafana/grafana.StatefulSet.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.666@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 472:472 /var/lib/grafana"] volumeMounts: - mountPath: /var/lib/grafana diff --git a/overlays/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml b/overlays/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml index 30f2ca8da9c6..48a84ea8b786 100644 --- a/overlays/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml +++ b/overlays/migrate-to-nonprivileged/indexed-search/indexed-search.StatefulSet.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.666@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 100:101 /data"] volumeMounts: - mountPath: /data diff --git a/overlays/migrate-to-nonprivileged/kustomization.yaml b/overlays/migrate-to-nonprivileged/kustomization.yaml index aef3a5395e3e..65e9ec06c6d5 100644 --- a/overlays/migrate-to-nonprivileged/kustomization.yaml +++ b/overlays/migrate-to-nonprivileged/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization # If you have used an alternative namespace, please change the default value below before generating your overlays. -namespace: default +namespace: default resources: - ../non-privileged patchesStrategicMerge: diff --git a/overlays/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml b/overlays/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml index ad2789a788ff..b7b7124ae7ab 100644 --- a/overlays/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/prometheus/prometheus.Deployment.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.666@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 100:100 /prometheus"] volumeMounts: - mountPath: /prometheus diff --git a/overlays/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml b/overlays/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml index c99754068ea4..9b84ec2a40b5 100644 --- a/overlays/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/redis/redis-cache.Deployment.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.666@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 999:1000 /redis-data"] volumeMounts: - mountPath: /redis-data diff --git a/overlays/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml b/overlays/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml index fbab628bf00c..2e8903b4c9fe 100644 --- a/overlays/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/redis/redis-store.Deployment.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-file-ownership - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.666@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "chown -R 999:1000 /redis-data"] volumeMounts: - mountPath: /redis-data diff --git a/overlays/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml b/overlays/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml index fbaaa7cd6143..951f95b7ca2b 100644 --- a/overlays/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml +++ b/overlays/migrate-to-nonprivileged/searcher/searcher.Deployment.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: transfer-cache - image: index.docker.io/sourcegraph/alpine-3.14:insiders@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-public/alpine-3.14:5.3.666@sha256:0de2a485bf3be6b5a92bea8f46a134196ed22aea6e906525f9f8f63d0616db7d command: ["sh", "-c", "if [[ \"$(stat -c '%u' /mnt/cache)\" -ne 100 ]]; then chown -R 100:101 /mnt/cache; fi"] volumeMounts: - mountPath: /mnt/cache diff --git a/overlays/non-privileged/frontend/sourcegraph-frontend.Deployment.yaml b/overlays/non-privileged/frontend/sourcegraph-frontend.Deployment.yaml index 6ad2e718ca5f..9de0d242672f 100644 --- a/overlays/non-privileged/frontend/sourcegraph-frontend.Deployment.yaml +++ b/overlays/non-privileged/frontend/sourcegraph-frontend.Deployment.yaml @@ -12,9 +12,9 @@ spec: runAsUser: 100 runAsGroup: 101 containers: - - name: frontend - securityContext: - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - runAsUser: 100 - runAsGroup: 101 + - name: frontend + securityContext: + # Required to prevent escalations to root. + allowPrivilegeEscalation: false + runAsUser: 100 + runAsGroup: 101