From 6bb8209ff45c8c47a1c4a57ca04aa9ca777d8c9d Mon Sep 17 00:00:00 2001 From: Craig Furman Date: Fri, 24 May 2024 10:26:30 +0100 Subject: [PATCH] appliance: deploy prometheus (#62876) * New YAML package to hold yaml-related utilities First function: ConvertYAMLStringsToMultilineLiterals. * appliance: add Prometheus config element Disable it in all current golden tests. * appliance: deploy Prometheus * appliance: preserve multiline literals in golden fixtures * appliance: compare-helm: normalize yaml Standardize indentation and represent multiline strings as literals. This makes diffs of large nested documents easier to read (e.g. the prometheus configmap). * appliance: compare-helm: allow cleanup to run when diff exits non-zero * appliance: prometheus privileged config Optionally provision RBAC with cluster-level privileges, and corresponding scrape config. Due to kubernetes rules around namespaced objects not owning namespaced ones, our ConfigMap cannot own the ClusterRole(Binding)s provisioned by this config. As such, they will not be garbage-collected when the ConfigMap is deleted. These cluster-scoped resources are given a qualified metadata.name, in order to minimise the risk of clashing with existing non-namespaced resources. * appliance: prometheus can optionally reference an existing configmap Rather than creating one. * slices: new common utilities package I thought a generic map function was added to the Go stdlib recently, but I was wrong. --- internal/appliance/config/BUILD.bazel | 1 + internal/appliance/config/defaults.go | 4 + internal/appliance/config/embed.go | 12 +- .../config/prometheus/default.yml.gotmpl | 292 ++++++ internal/appliance/config/spec.go | 10 + .../appliance/dev/compare-helm/BUILD.bazel | 2 + .../dev/compare-helm/compare-helm.go | 35 +- internal/appliance/reconciler/BUILD.bazel | 8 + internal/appliance/reconciler/golden_test.go | 74 +- internal/appliance/reconciler/kubernetes.go | 22 +- internal/appliance/reconciler/prometheus.go | 263 +++++ .../appliance/reconciler/prometheus_test.go | 40 + internal/appliance/reconciler/reconcile.go | 3 + internal/appliance/reconciler/redis.go | 2 +- .../golden-fixtures/blobstore/default.yaml | 399 +++---- .../golden-fixtures/codeintel/default.yaml | 897 ++++++++-------- .../golden-fixtures/gitserver/default.yaml | 481 ++++----- .../gitserver/with-storage.yaml | 483 ++++----- .../golden-fixtures/pgsql/default.yaml | 909 ++++++++-------- .../golden-fixtures/pgsql/with-storage.yaml | 911 ++++++++-------- .../precise-code-intel/default.yaml | 453 ++++---- .../precise-code-intel/with-blobstore.yaml | 761 +++++++------- .../precise-code-intel/with-num-workers.yaml | 455 ++++---- .../precise-code-intel/with-replicas.yaml | 455 ++++---- .../golden-fixtures/prometheus/default.yaml | 564 ++++++++++ .../prometheus/privileged.yaml | 630 +++++++++++ .../prometheus/subsequent-disable.yaml | 161 +++ .../prometheus/with-existing-configmap.yaml | 321 ++++++ .../prometheus/with-storage.yaml | 565 ++++++++++ .../golden-fixtures/redis/default.yaml | 971 ++++++++--------- .../golden-fixtures/redis/with-storage.yaml | 975 +++++++++--------- .../golden-fixtures/repo-updater/default.yaml | 441 ++++---- .../blobstore-subsequent-disable.yaml | 161 +-- .../blobstore-with-named-storage-class.yaml | 405 ++++---- .../precise-code-intel-with-env-vars.yaml | 471 ++++----- .../redis-with-multiple-custom-images.yaml | 545 +++++----- .../repo-updater-with-no-resources.yaml | 435 ++++---- ...repo-updater-with-pod-template-config.yaml | 515 ++++----- .../standard/repo-updater-with-resources.yaml | 483 ++++----- .../repo-updater-with-sa-annotations.yaml | 447 ++++---- .../standard/symbols-with-custom-image.yaml | 543 +++++----- .../golden-fixtures/symbols/default.yaml | 535 +++++----- .../golden-fixtures/symbols/with-storage.yaml | 537 +++++----- .../golden-fixtures/syntect/default.yaml | 397 +++---- .../syntect/with-replicas.yaml | 399 +++---- .../testdata/sg/blobstore/default.yaml | 3 + .../testdata/sg/codeintel/default.yaml | 3 + .../testdata/sg/gitserver/default.yaml | 3 + .../testdata/sg/gitserver/with-storage.yaml | 3 + .../reconciler/testdata/sg/pgsql/default.yaml | 3 + .../testdata/sg/pgsql/with-storage.yaml | 3 + .../sg/precise-code-intel/default.yaml | 3 + .../sg/precise-code-intel/with-blobstore.yaml | 3 + .../precise-code-intel/with-num-workers.yaml | 3 + .../sg/precise-code-intel/with-replicas.yaml | 3 + .../testdata/sg/prometheus/default.yaml | 55 + .../testdata/sg/prometheus/privileged.yaml | 56 + .../prometheus/with-existing-configmap.yaml | 56 + .../testdata/sg/prometheus/with-storage.yaml | 56 + .../reconciler/testdata/sg/redis/default.yaml | 3 + .../testdata/sg/redis/with-storage.yaml | 3 + .../testdata/sg/repo-updater/default.yaml | 3 + .../blobstore-with-named-storage-class.yaml | 3 + .../sg/standard/everything-disabled.yaml | 3 + .../precise-code-intel-with-env-vars.yaml | 3 + .../redis-with-multiple-custom-images.yaml | 3 + .../repo-updater-with-no-resources.yaml | 3 + ...repo-updater-with-pod-template-config.yaml | 3 + .../standard/repo-updater-with-resources.yaml | 3 + .../repo-updater-with-sa-annotations.yaml | 3 + .../standard/symbols-with-custom-image.yaml | 3 + .../testdata/sg/symbols/default.yaml | 3 + .../testdata/sg/symbols/with-storage.yaml | 3 + .../testdata/sg/syntect/default.yaml | 3 + .../testdata/sg/syntect/with-replicas.yaml | 3 + internal/appliance/yaml/BUILD.bazel | 19 + internal/appliance/yaml/yaml.go | 58 ++ internal/appliance/yaml/yaml_test.go | 55 + internal/k8s/resource/pod/pod.go | 14 + internal/k8s/resource/role/role.go | 13 + .../k8s/resource/rolebinding/rolebinding.go | 12 + internal/slices/BUILD.bazel | 18 + internal/slices/sliceutils.go | 9 + internal/slices/sliceutils_test.go | 17 + 84 files changed, 10797 insertions(+), 7192 deletions(-) create mode 100644 internal/appliance/config/prometheus/default.yml.gotmpl create mode 100644 internal/appliance/reconciler/prometheus.go create mode 100644 internal/appliance/reconciler/prometheus_test.go create mode 100644 internal/appliance/reconciler/testdata/golden-fixtures/prometheus/default.yaml create mode 100644 internal/appliance/reconciler/testdata/golden-fixtures/prometheus/privileged.yaml create mode 100644 internal/appliance/reconciler/testdata/golden-fixtures/prometheus/subsequent-disable.yaml create mode 100644 internal/appliance/reconciler/testdata/golden-fixtures/prometheus/with-existing-configmap.yaml create mode 100644 internal/appliance/reconciler/testdata/golden-fixtures/prometheus/with-storage.yaml create mode 100644 internal/appliance/reconciler/testdata/sg/prometheus/default.yaml create mode 100644 internal/appliance/reconciler/testdata/sg/prometheus/privileged.yaml create mode 100644 internal/appliance/reconciler/testdata/sg/prometheus/with-existing-configmap.yaml create mode 100644 internal/appliance/reconciler/testdata/sg/prometheus/with-storage.yaml create mode 100644 internal/appliance/yaml/BUILD.bazel create mode 100644 internal/appliance/yaml/yaml.go create mode 100644 internal/appliance/yaml/yaml_test.go create mode 100644 internal/slices/BUILD.bazel create mode 100644 internal/slices/sliceutils.go create mode 100644 internal/slices/sliceutils_test.go diff --git a/internal/appliance/config/BUILD.bazel b/internal/appliance/config/BUILD.bazel index e014ceb6a6a..7b47b0c5e3a 100644 --- a/internal/appliance/config/BUILD.bazel +++ b/internal/appliance/config/BUILD.bazel @@ -14,6 +14,7 @@ go_library( embedsrcs = [ "postgres/codeintel.conf", "postgres/pgsql.conf", + "prometheus/default.yml.gotmpl", ], importpath = "github.com/sourcegraph/sourcegraph/internal/appliance/config", visibility = ["//:__subpackages__"], diff --git a/internal/appliance/config/defaults.go b/internal/appliance/config/defaults.go index 8555cca336f..f81c663e0e3 100644 --- a/internal/appliance/config/defaults.go +++ b/internal/appliance/config/defaults.go @@ -93,6 +93,9 @@ func NewDefaultConfig() Sourcegraph { Database: "sg", }, }, + Prometheus: PrometheusSpec{ + StorageSize: "200Gi", + }, }, } } @@ -112,6 +115,7 @@ var defaultImagesForVersion_5_3_9104 = map[string]string{ "pgsql": "postgres-12-alpine:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79", "pgsql-exporter": "postgres_exporter:5.3.2@sha256:b9fa66fbcb4cc2d466487259db4ae2deacd7651dac4a9e28c9c7fc36523699d0", "precise-code-intel-worker": "precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6", + "prometheus": "prometheus:5.3.2@sha256:1b5c003fb39628f79e7655ba33f9ca119ddc4be021602ede3cc1674ef99fcdad", "redis-cache": "redis-cache:5.3.2@sha256:ed79dada4d1a2bd85fb8450dffe227283ab6ae0e7ce56dc5056fbb8202d95624", "redis-exporter": "redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786", "redis-store": "redis-store:5.3.2@sha256:0e3270a5eb293c158093f41145810eb5a154f61a74c9a896690dfdecd1b98b39", diff --git a/internal/appliance/config/embed.go b/internal/appliance/config/embed.go index 90283036eae..49af7353868 100644 --- a/internal/appliance/config/embed.go +++ b/internal/appliance/config/embed.go @@ -6,16 +6,16 @@ import ( var ( //go:embed postgres/* + //go:embed prometheus/default.yml.gotmpl fs embed.FS - PgsqlConfig []byte - CodeIntelConfig []byte + PgsqlConfig []byte + PrometheusDefaultConfigTemplate []byte + CodeIntelConfig []byte ) -func init() { - PgsqlConfig, _ = fs.ReadFile("postgres/pgsql.conf") -} - func init() { CodeIntelConfig, _ = fs.ReadFile("postgres/codeintel.conf") + PgsqlConfig, _ = fs.ReadFile("postgres/pgsql.conf") + PrometheusDefaultConfigTemplate, _ = fs.ReadFile("prometheus/default.yml.gotmpl") } diff --git a/internal/appliance/config/prometheus/default.yml.gotmpl b/internal/appliance/config/prometheus/default.yml.gotmpl new file mode 100644 index 00000000000..9c9ee5130df --- /dev/null +++ b/internal/appliance/config/prometheus/default.yml.gotmpl @@ -0,0 +1,292 @@ +global: + scrape_interval: 30s + evaluation_interval: 30s + +alerting: + alertmanagers: + # Bundled Alertmanager, started by prom-wrapper + - static_configs: + - targets: ['127.0.0.1:9093'] + path_prefix: /alertmanager + # Uncomment the following to have alerts delivered to additional Alertmanagers discovered + # in the cluster. This configuration is not required if you use Sourcegraph's built-in alerting: + # https://docs.sourcegraph.com/admin/observability/alerting + # - kubernetes_sd_configs: + # - role: endpoints + # relabel_configs: + # - source_labels: [__meta_kubernetes_service_name] + # regex: alertmanager + # action: keep + +rule_files: + - '*_rules.yml' + - "/sg_config_prometheus/*_rules.yml" + - "/sg_prometheus_add_ons/*_rules.yml" + +# A scrape configuration for running Prometheus on a Kubernetes cluster. +# This uses separate scrape configs for cluster components (i.e. API server, node) +# and services to allow each to use different authentication configs. +# +# Kubernetes labels will be added as Prometheus labels on metrics via the +# `labelmap` relabeling action. + +# Scrape config for API servers. +# +# Kubernetes exposes API servers as endpoints to the default/kubernetes +# service so this uses `endpoints` role and uses relabelling to only keep +# the endpoints associated with the default/kubernetes service using the +# default named port `https`. This works for single API server deployments as +# well as HA API server deployments. +scrape_configs: +{{- if .Spec.Prometheus.Privileged }} +- job_name: 'kubernetes-apiservers' + + kubernetes_sd_configs: + - role: endpoints + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + # insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + # Keep only the default/kubernetes service endpoints for the https port. This + # will add targets for each API server which Kubernetes adds an endpoint to + # the default/kubernetes service. + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: default;kubernetes;https + +- job_name: 'kubernetes-nodes' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics +{{- end }} # End of privileged config + +# Scrape config for service endpoints. +# +# The relabeling allows the actual service scrape endpoint to be configured +# via the following annotations: +# +# * `prometheus.io/scrape`: Only scrape services that have a value of `true` +# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need +# to set this to `https` & most likely set the `tls_config` of the scrape config. +# * `prometheus.io/path`: If the metrics path is not `/metrics` override this. +# * `prometheus.io/port`: If the metrics are exposed on a different port to the +# service then set this appropriately. +- job_name: 'kubernetes-service-endpoints' + + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - {{ .Namespace }} + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_container_name] + action: drop + regex: jaeger-agent + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+)(?::\d+);(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + # Sourcegraph specific customization. We want a nicer name for job + - source_labels: [app] + action: replace + target_label: job + # Sourcegraph specific customization. We want a nicer name for instance + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: instance + # Sourcegraph specific customization. We want to add a label to every + # metric that indicates the node it came from. + - source_labels: [__meta_kubernetes_endpoint_node_name] + action: replace + target_label: nodename + metric_relabel_configs: + # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API + - source_labels: [nodename] + regex: ^$ + action: drop + +# Example scrape config for probing services via the Blackbox Exporter. +# +# The relabeling allows the actual service scrape endpoint to be configured +# via the following annotations: +# +# * `prometheus.io/probe`: Only probe services that have a value of `true` +- job_name: 'kubernetes-services' + + metrics_path: /probe + params: + module: [http_2xx] + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_service_namespace] + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + target_label: kubernetes_name + +# Example scrape config for pods +# +# The relabeling allows the actual pod scrape endpoint to be configured via the +# following annotations: +# +# * `prometheus.io/scrape`: Only scrape pods that have a value of `true` +# * `prometheus.io/path`: If the metrics path is not `/metrics` override this. +# * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. +- job_name: 'kubernetes-pods' + + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: (.+):(?:\d+);(\d+) + replacement: ${1}:${2} + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: ns + # Sourcegraph specific customization. We want to add a label to every + # metric that indicates the node it came from. + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: nodename + + metric_relabel_configs: + # cAdvisor-specific customization. Drop container metrics exported by cAdvisor + # not in the same namespace as Sourcegraph. + # Uncomment this if you have problems with certain dashboards or cAdvisor itself + # picking up non-Sourcegraph services. Ensure all Sourcegraph services are running + # within the Sourcegraph namespace you have defined. + # The regex must keep matches on '^$' (empty string) to ensure other metrics do not + # get dropped. + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: ^$|{{ .Namespace }} + action: keep + # cAdvisor-specific customization. We want container metrics to be named after their container name label. + # Note that 'io.kubernetes.container.name' and 'io.kubernetes.pod.name' must be provided in cAdvisor + # '--whitelisted_container_labels' (see cadvisor.DaemonSet.yaml) + - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] + regex: (.+) + action: replace + target_label: name + separator: '-' + # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API + - source_labels: [nodename] + regex: ^$ + action: drop + +# Scrape prometheus itself for metrics. +- job_name: 'builtin-prometheus' + static_configs: + - targets: ['127.0.0.1:9092'] + labels: + app: prometheus +- job_name: 'builtin-alertmanager' + metrics_path: /alertmanager/metrics + static_configs: + - targets: ['127.0.0.1:9093'] + labels: + app: alertmanager diff --git a/internal/appliance/config/spec.go b/internal/appliance/config/spec.go index 54367525760..5ee2d238bf1 100644 --- a/internal/appliance/config/spec.go +++ b/internal/appliance/config/spec.go @@ -154,6 +154,14 @@ type PreciseCodeIntelSpec struct { Replicas int32 `json:"replicas,omitempty"` } +type PrometheusSpec struct { + StandardConfig + + ExistingConfigMap string `json:"existingConfigMap,omitempty"` + Privileged bool `json:"privileged,omitempty"` + StorageSize string `json:"storageSize,omitempty"` +} + // RedisSpec defines the desired state of a Redis-based service. type RedisSpec struct { StandardConfig @@ -284,6 +292,8 @@ type SourcegraphSpec struct { // PreciseCodeIntel defines the desired state of the Precise Code Intel service. PreciseCodeIntel PreciseCodeIntelSpec `json:"preciseCodeIntel,omitempty"` + Prometheus PrometheusSpec `json:"prometheus,omitempty"` + // RedisCache defines the desired state of the Redis cache service. RedisCache RedisSpec `json:"redisCache,omitempty"` diff --git a/internal/appliance/dev/compare-helm/BUILD.bazel b/internal/appliance/dev/compare-helm/BUILD.bazel index dba2ecb13b4..6338c8dd9bf 100644 --- a/internal/appliance/dev/compare-helm/BUILD.bazel +++ b/internal/appliance/dev/compare-helm/BUILD.bazel @@ -6,6 +6,8 @@ go_library( importpath = "github.com/sourcegraph/sourcegraph/internal/appliance/dev/compare-helm", visibility = ["//visibility:private"], deps = [ + "//internal/appliance/yaml", + "//lib/errors", "@io_k8s_apimachinery//pkg/apis/meta/v1/unstructured", "@io_k8s_apimachinery//pkg/util/yaml", "@io_k8s_sigs_yaml//:yaml", diff --git a/internal/appliance/dev/compare-helm/compare-helm.go b/internal/appliance/dev/compare-helm/compare-helm.go index d89265d00d5..a979bce266a 100644 --- a/internal/appliance/dev/compare-helm/compare-helm.go +++ b/internal/appliance/dev/compare-helm/compare-helm.go @@ -14,7 +14,10 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" k8syamlapi "k8s.io/apimachinery/pkg/util/yaml" - "sigs.k8s.io/yaml" + k8syaml "sigs.k8s.io/yaml" + + applianceyaml "github.com/sourcegraph/sourcegraph/internal/appliance/yaml" + "github.com/sourcegraph/sourcegraph/lib/errors" ) func main() { @@ -63,8 +66,7 @@ func main() { fmt.Fprintln(sortedGoldenFile, "---") fmt.Fprintf(sortedHelmResourceFile, "# helm: %s/%s\n", helmObj.GetKind(), helmObj.GetName()) - helmObjBytes, err := yaml.Marshal(helmObj) - must(err) + helmObjBytes := marshalYAMLNormalized(helmObj) _, err = sortedHelmResourceFile.Write(helmObjBytes) must(err) @@ -74,8 +76,7 @@ func main() { helmObj.GetKind() == goldenObj.GetKind() { fmt.Fprintf(sortedGoldenFile, "# golden: %s/%s\n", helmObj.GetKind(), helmObj.GetName()) - goldenBytes, err := yaml.Marshal(goldenObj) - must(err) + goldenBytes := marshalYAMLNormalized(goldenObj) _, err = sortedGoldenFile.Write(goldenBytes) must(err) @@ -93,8 +94,7 @@ func main() { for _, unmatchedGolden := range goldenResources.Resources { fmt.Fprintln(sortedGoldenFile, "---") fmt.Fprintf(sortedGoldenFile, "# golden: %s/%s\n", unmatchedGolden.GetKind(), unmatchedGolden.GetName()) - goldenBytes, err := yaml.Marshal(unmatchedGolden) - must(err) + goldenBytes := marshalYAMLNormalized(unmatchedGolden) _, err = sortedGoldenFile.Write(goldenBytes) must(err) } @@ -110,7 +110,26 @@ func main() { diffCmd := exec.Command("diff", diffCmdArgs...) diffCmd.Stdout = os.Stdout diffCmd.Stderr = os.Stderr - must(diffCmd.Run()) + if err := diffCmd.Run(); err != nil { + // diff exitting non-zero is business as usual. In this case, we want to + // allow the deferred cleanup to run. + if errors.Is(err, &exec.ExitError{}) { + return + } + } +} + +// First, marshal a k8s object using the k8s yaml library. We have to use this +// library because it uses jsonToYaml under the hood, and the k8s client-go +// objects are json-tagged, not yaml-tagged. Then, convert multiline strings to +// literals (so that large nested documents can be diffed line-by-line), and +// normalize the indentation used (to avoid spurious whitespace diffs). +func marshalYAMLNormalized(obj any) []byte { + yml, err := k8syaml.Marshal(obj) + must(err) + yml, err = applianceyaml.ConvertYAMLStringsToMultilineLiterals(yml) + must(err) + return yml } func parseHelmResources(helmTemplateExtraArgs, helmRepoRoot string, components []string) []*unstructured.Unstructured { diff --git a/internal/appliance/reconciler/BUILD.bazel b/internal/appliance/reconciler/BUILD.bazel index bcd7028be59..71d538ab90f 100644 --- a/internal/appliance/reconciler/BUILD.bazel +++ b/internal/appliance/reconciler/BUILD.bazel @@ -10,6 +10,7 @@ go_library( "kubernetes.go", "pgsql.go", "precise_code_intel.go", + "prometheus.go", "reconcile.go", "redis.go", "repo_updater.go", @@ -25,6 +26,8 @@ go_library( "//internal/k8s/resource/deployment", "//internal/k8s/resource/pod", "//internal/k8s/resource/pvc", + "//internal/k8s/resource/role", + "//internal/k8s/resource/rolebinding", "//internal/k8s/resource/secret", "//internal/k8s/resource/service", "//internal/k8s/resource/serviceaccount", @@ -33,6 +36,7 @@ go_library( "//lib/pointers", "@io_k8s_api//apps/v1:apps", "@io_k8s_api//core/v1:core", + "@io_k8s_api//rbac/v1:rbac", "@io_k8s_apimachinery//pkg/api/errors", "@io_k8s_apimachinery//pkg/api/resource", "@io_k8s_apimachinery//pkg/runtime", @@ -63,6 +67,7 @@ go_test( "helpers_test.go", "pgsql_test.go", "precise_code_intel_test.go", + "prometheus_test.go", "redis_test.go", "repo_updater_test.go", "standard_config_test.go", @@ -79,11 +84,14 @@ go_test( }, deps = [ "//internal/appliance/config", + "//internal/appliance/yaml", + "//internal/slices", "@com_github_go_logr_stdr//:stdr", "@com_github_stretchr_testify//require", "@com_github_stretchr_testify//suite", "@io_bazel_rules_go//go/runfiles:go_default_library", "@io_k8s_api//core/v1:core", + "@io_k8s_api//rbac/v1:rbac", "@io_k8s_apimachinery//pkg/apis/meta/v1:meta", "@io_k8s_apimachinery//pkg/runtime/schema", "@io_k8s_client_go//kubernetes", diff --git a/internal/appliance/reconciler/golden_test.go b/internal/appliance/reconciler/golden_test.go index 1373dbfed77..205c4b4d011 100644 --- a/internal/appliance/reconciler/golden_test.go +++ b/internal/appliance/reconciler/golden_test.go @@ -3,12 +3,17 @@ package reconciler import ( "os" "path/filepath" + "regexp" "time" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/yaml" + k8syaml "sigs.k8s.io/yaml" + + applianceyaml "github.com/sourcegraph/sourcegraph/internal/appliance/yaml" + "github.com/sourcegraph/sourcegraph/internal/slices" ) // Test helpers @@ -16,6 +21,8 @@ import ( // creationTimestamp and uid need to be normalized var magicTime = metav1.NewTime(time.Date(2024, time.April, 19, 0, 0, 0, 0, time.UTC)) +var namespaceRegexp = regexp.MustCompile(`test\-appliance\-\w+`) + const normalizedString = "NORMALIZED_FOR_TESTING" type goldenFile struct { @@ -27,8 +34,11 @@ func (suite *ApplianceTestSuite) makeGoldenAssertions(namespace, goldenFileName goldenFilePath := filepath.Join("testdata", "golden-fixtures", goldenFileName+".yaml") obtainedResources := goldenFile{Resources: suite.gatherResources(namespace)} - obtainedBytes, err := yaml.Marshal(obtainedResources) + obtainedBytes, err := k8syaml.Marshal(obtainedResources) require.NoError(err) + obtainedBytes, err = applianceyaml.ConvertYAMLStringsToMultilineLiterals(obtainedBytes) + require.NoError(err) + if len(os.Args) > 0 && os.Args[len(os.Args)-1] == "appliance-update-golden-files" { err := os.MkdirAll(filepath.Dir(goldenFilePath), 0700) require.NoError(err) @@ -75,10 +85,50 @@ func (suite *ApplianceTestSuite) gatherResources(namespace string) []client.Obje normalizeObj(&obj) objs = append(objs, &obj) } + + // Cluster-scoped resources have to be qualified by something other than + // metadata.namespace. + clusterRoles, err := suite.k8sClient.RbacV1().ClusterRoles().List(suite.ctx, metav1.ListOptions{ + LabelSelector: "for-namespace=" + namespace, + }) + suite.Require().NoError(err) + for _, obj := range clusterRoles.Items { + obj := obj + obj.SetName(namespaceRegexp.ReplaceAllString(obj.Name, normalizedString)) + obj.Labels["for-namespace"] = normalizedString + obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "ClusterRole"}) + normalizeObj(&obj) + objs = append(objs, &obj) + } + clusterRoleBindings, err := suite.k8sClient.RbacV1().ClusterRoleBindings().List(suite.ctx, metav1.ListOptions{ + LabelSelector: "for-namespace=" + namespace, + }) + suite.Require().NoError(err) + for _, obj := range clusterRoleBindings.Items { + obj := obj + obj.SetName(namespaceRegexp.ReplaceAllString(obj.Name, normalizedString)) + obj.Labels["for-namespace"] = normalizedString + obj.RoleRef.Name = namespaceRegexp.ReplaceAllString(obj.RoleRef.Name, normalizedString) + obj.Subjects = slices.Map(obj.Subjects, func(s rbacv1.Subject) rbacv1.Subject { + s.Namespace = normalizedString + return s + }) + obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "ClusterRoleBinding"}) + normalizeObj(&obj) + objs = append(objs, &obj) + } + cmaps, err := suite.k8sClient.CoreV1().ConfigMaps(namespace).List(suite.ctx, metav1.ListOptions{}) suite.Require().NoError(err) for _, obj := range cmaps.Items { obj := obj + + // Find and replace all instances of the randomly-namd namespace in + // configmap data. Crude, but necessary for Prometheus config. + for file, content := range obj.Data { + obj.Data[file] = namespaceRegexp.ReplaceAllString(content, normalizedString) + } + obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "", Version: "v1", Kind: "ConfigMap"}) normalizeObj(&obj) objs = append(objs, &obj) @@ -102,6 +152,26 @@ func (suite *ApplianceTestSuite) gatherResources(namespace string) []client.Obje normalizeObj(&obj) objs = append(objs, &obj) } + roles, err := suite.k8sClient.RbacV1().Roles(namespace).List(suite.ctx, metav1.ListOptions{}) + suite.Require().NoError(err) + for _, obj := range roles.Items { + obj := obj + obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "Role"}) + normalizeObj(&obj) + objs = append(objs, &obj) + } + roleBindings, err := suite.k8sClient.RbacV1().RoleBindings(namespace).List(suite.ctx, metav1.ListOptions{}) + suite.Require().NoError(err) + for _, obj := range roleBindings.Items { + obj := obj + obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "RoleBinding"}) + obj.Subjects = slices.Map(obj.Subjects, func(s rbacv1.Subject) rbacv1.Subject { + s.Namespace = normalizedString + return s + }) + normalizeObj(&obj) + objs = append(objs, &obj) + } // These are just test secrets, nothing truly sensitive should end up in the // golden files. diff --git a/internal/appliance/reconciler/kubernetes.go b/internal/appliance/reconciler/kubernetes.go index 047ac72c60c..d570e9a1b01 100644 --- a/internal/appliance/reconciler/kubernetes.go +++ b/internal/appliance/reconciler/kubernetes.go @@ -6,6 +6,7 @@ import ( "encoding/hex" "encoding/json" + rbacv1 "k8s.io/api/rbac/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" @@ -75,8 +76,15 @@ func createOrUpdateObject[R client.Object]( annotations[config.AnnotationKeyConfigHash] = cfgHash obj.SetAnnotations(annotations) - if err := ctrl.SetControllerReference(owner, obj, r.Scheme); err != nil { - return errors.Newf("setting controller reference: %w", err) + // Namespaced objects can't own non-namespaced objects. Trying to + // SetControllerReference on cluster-scoped resources gives the following + // error: "cluster-scoped resource must not have a namespace-scoped owner". + // non-namespaced resources will therefore not be garbage-collected when the + // ConfigMap is deleted. + if !isNamespaced(obj) { + if err := ctrl.SetControllerReference(owner, obj, r.Scheme); err != nil { + return errors.Newf("setting controller reference: %w", err) + } } existingRes := objKind @@ -107,6 +115,16 @@ func createOrUpdateObject[R client.Object]( return nil } +func isNamespaced(obj client.Object) bool { + if _, ok := obj.(*rbacv1.ClusterRole); ok { + return true + } + if _, ok := obj.(*rbacv1.ClusterRoleBinding); ok { + return true + } + return false +} + func (r *Reconciler) ensureObjectDeleted(ctx context.Context, obj client.Object) error { logger := log.FromContext(ctx).WithValues("kind", obj.GetObjectKind().GroupVersionKind(), "namespace", obj.GetNamespace(), "name", obj.GetName()) if err := r.Client.Delete(ctx, obj); err != nil { diff --git a/internal/appliance/reconciler/prometheus.go b/internal/appliance/reconciler/prometheus.go new file mode 100644 index 00000000000..1abe6c07db4 --- /dev/null +++ b/internal/appliance/reconciler/prometheus.go @@ -0,0 +1,263 @@ +package reconciler + +import ( + "bytes" + "context" + "fmt" + "text/template" + + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/apimachinery/pkg/util/intstr" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/sourcegraph/sourcegraph/internal/appliance/config" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/configmap" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/container" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/deployment" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/pod" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/pvc" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/role" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/rolebinding" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/service" + "github.com/sourcegraph/sourcegraph/internal/k8s/resource/serviceaccount" + "github.com/sourcegraph/sourcegraph/lib/errors" +) + +func (r *Reconciler) reconcilePrometheus(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + if err := r.reconcilePrometheusDeployment(ctx, sg, owner); err != nil { + return errors.Wrap(err, "reconciling Deployment") + } + if err := r.reconcilePrometheusService(ctx, sg, owner); err != nil { + return errors.Wrap(err, "reconciling Service") + } + if err := r.reconcilePrometheusServiceAccount(ctx, sg, owner); err != nil { + return errors.Wrap(err, "reconciling ServiceAccount") + } + if err := r.reconcilePrometheusConfigMap(ctx, sg, owner); err != nil { + return errors.Wrap(err, "reconciling ConfigMap") + } + if err := r.reconcilePrometheusRole(ctx, sg, owner); err != nil { + return errors.Wrap(err, "reconciling Role") + } + if err := r.reconcilePrometheusPVC(ctx, sg, owner); err != nil { + return errors.Wrap(err, "reconciling PVC") + } + + if sg.Spec.Prometheus.Privileged { + if err := r.reconcilePrometheusClusterRoleBinding(ctx, sg, owner); err != nil { + return errors.Wrap(err, "reconciling ClusterRoleBinding") + } + } else { + if err := r.reconcilePrometheusRoleBinding(ctx, sg, owner); err != nil { + return errors.Wrap(err, "reconciling RoleBinding") + } + } + return nil +} + +func (r *Reconciler) reconcilePrometheusDeployment(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + name := "prometheus" + cfg := sg.Spec.Prometheus + + defaultImage, err := config.GetDefaultImage(sg, name) + if err != nil { + return err + } + ctr := container.NewContainer(name, cfg, config.ContainerConfig{ + Image: defaultImage, + Resources: &corev1.ResourceRequirements{ + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("6G"), + }, + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("2"), + corev1.ResourceMemory: resource.MustParse("6G"), + }, + }, + }) + ctr.Ports = []corev1.ContainerPort{ + {Name: "http", ContainerPort: 9090}, + } + ctr.ReadinessProbe = &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/-/ready", + Port: intstr.FromString("http"), + }, + }, + TimeoutSeconds: 3, + FailureThreshold: 120, + PeriodSeconds: 5, + } + ctr.VolumeMounts = []corev1.VolumeMount{ + {Name: "data", MountPath: "/prometheus"}, + {Name: "config", MountPath: "/sg_prometheus_add_ons"}, + } + + podTemplate := pod.NewPodTemplate(name, cfg) + podTemplate.Template.Spec.Containers = []corev1.Container{ctr} + + cfgMapName := name + if cfg.ExistingConfigMap != "" { + cfgMapName = cfg.ExistingConfigMap + } + podTemplate.Template.Spec.Volumes = []corev1.Volume{ + pod.NewVolumeFromPVC("data", name), + pod.NewVolumeFromConfigMap("config", cfgMapName), + } + podTemplate.Template.Spec.ServiceAccountName = name + + dep := deployment.NewDeployment(name, sg.Namespace, sg.Spec.RequestedVersion) + dep.Spec.Strategy = appsv1.DeploymentStrategy{ + Type: appsv1.RecreateDeploymentStrategyType, + } + dep.Spec.Template = podTemplate.Template + + return reconcileObject(ctx, r, cfg, &dep, &appsv1.Deployment{}, sg, owner) +} + +func (r *Reconciler) reconcilePrometheusService(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + name := "prometheus" + cfg := sg.Spec.Prometheus + + svc := service.NewService(name, sg.Namespace, cfg) + svc.Spec.Ports = []corev1.ServicePort{ + {Name: "http", Port: 30090, TargetPort: intstr.FromString("http")}, + } + svc.Spec.Selector = map[string]string{ + "app": "syntect-server", + } + + return reconcileObject(ctx, r, cfg, &svc, &corev1.Service{}, sg, owner) +} + +func (r *Reconciler) reconcilePrometheusServiceAccount(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + cfg := sg.Spec.Prometheus + sa := serviceaccount.NewServiceAccount("prometheus", sg.Namespace, cfg) + return reconcileObject(ctx, r, cfg, &sa, &corev1.ServiceAccount{}, sg, owner) +} + +func (r *Reconciler) reconcilePrometheusConfigMap(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + cfg := sg.Spec.Prometheus + if cfg.ExistingConfigMap != "" { + return nil + } + + tmpl, err := template.New("prometheus-config").Parse(string(config.PrometheusDefaultConfigTemplate)) + if err != nil { + return errors.Wrap(err, "parsing default prometheus config template") + } + var defaultConfig bytes.Buffer + if err := tmpl.Execute(&defaultConfig, sg); err != nil { + return errors.Wrap(err, "rendering default prometheus config template") + } + + name := "prometheus" + cm := configmap.NewConfigMap(name, sg.Namespace) + cm.Data = map[string]string{ + "prometheus.yml": defaultConfig.String(), + "extra_rules.yml": "", + } + + return reconcileObject(ctx, r, cfg, &cm, &corev1.ConfigMap{}, sg, owner) +} + +func (r *Reconciler) reconcilePrometheusRole(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + name := "prometheus" + cfg := sg.Spec.Prometheus + + resources := []string{ + "endpoints", + "pods", + "services", + } + if cfg.Privileged { + resources = append( + resources, + "namespaces", + "nodes", + "nodes/metrics", + "nodes/proxy", + ) + } + rules := []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: resources, + Verbs: []string{"get", "list", "watch"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"configmap"}, + Verbs: []string{"get"}, + }, + } + if cfg.Privileged { + rules = append(rules, rbacv1.PolicyRule{ + NonResourceURLs: []string{"/metrics"}, + Verbs: []string{"get"}, + }) + + // Make resource name sg-specific since this is a non-namespaced + // (cluster-scoped) object + name := fmt.Sprintf("%s-%s", sg.Namespace, "prometheus") + role := role.NewClusterRole(name, sg.Namespace) + role.Rules = rules + return reconcileObject(ctx, r, cfg, &role, &rbacv1.ClusterRole{}, sg, owner) + } + + role := role.NewRole(name, sg.Namespace) + role.Rules = rules + return reconcileObject(ctx, r, cfg, &role, &rbacv1.Role{}, sg, owner) +} + +func (r *Reconciler) reconcilePrometheusRoleBinding(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + name := "prometheus" + binding := rolebinding.NewRoleBinding(name, sg.Namespace) + binding.RoleRef = rbacv1.RoleRef{ + Kind: "Role", + Name: name, + } + binding.Subjects = []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: "prometheus", + Namespace: sg.Namespace, + }, + } + return reconcileObject(ctx, r, sg.Spec.Prometheus, &binding, &rbacv1.RoleBinding{}, sg, owner) +} + +func (r *Reconciler) reconcilePrometheusClusterRoleBinding(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + // Make resource name sg-specific since this is a non-namespaced + // (cluster-scoped) object + name := fmt.Sprintf("%s-%s", sg.Namespace, "prometheus") + binding := rolebinding.NewClusterRoleBinding(name, sg.Namespace) + binding.RoleRef = rbacv1.RoleRef{ + Kind: "ClusterRole", + Name: name, + } + binding.Subjects = []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: "prometheus", + Namespace: sg.Namespace, + }, + } + return reconcileObject(ctx, r, sg.Spec.Prometheus, &binding, &rbacv1.ClusterRoleBinding{}, sg, owner) +} + +func (r *Reconciler) reconcilePrometheusPVC(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error { + name := "prometheus" + cfg := sg.Spec.Prometheus + storageSize, err := resource.ParseQuantity(cfg.StorageSize) + if err != nil { + return errors.Wrap(err, "parsing storage size") + } + pvc := pvc.NewPersistentVolumeClaim(name, sg.Namespace, storageSize, sg.Spec.StorageClass.Name) + return reconcileObject(ctx, r, cfg, &pvc, &corev1.PersistentVolumeClaim{}, sg, owner) +} diff --git a/internal/appliance/reconciler/prometheus_test.go b/internal/appliance/reconciler/prometheus_test.go new file mode 100644 index 00000000000..ba58a9a9a8f --- /dev/null +++ b/internal/appliance/reconciler/prometheus_test.go @@ -0,0 +1,40 @@ +package reconciler + +import "time" + +func (suite *ApplianceTestSuite) TestDeployPrometheus() { + for _, tc := range []struct { + name string + }{ + {name: "prometheus/default"}, + {name: "prometheus/privileged"}, + {name: "prometheus/with-existing-configmap"}, + {name: "prometheus/with-storage"}, + } { + suite.Run(tc.name, func() { + namespace := suite.createConfigMap(tc.name) + + // Wait for reconciliation to be finished. + suite.Require().Eventually(func() bool { + return suite.getConfigMapReconcileEventCount(namespace) > 0 + }, time.Second*10, time.Millisecond*200) + + suite.makeGoldenAssertions(namespace, tc.name) + }) + } +} + +func (suite *ApplianceTestSuite) TestNonNamespacedResourcesRemainWhenDisabled() { + namespace := suite.createConfigMap("prometheus/privileged") + suite.Require().Eventually(func() bool { + return suite.getConfigMapReconcileEventCount(namespace) > 0 + }, time.Second*10, time.Millisecond*200) + + eventsSeenSoFar := suite.getConfigMapReconcileEventCount(namespace) + suite.updateConfigMap(namespace, "standard/everything-disabled") + suite.Require().Eventually(func() bool { + return suite.getConfigMapReconcileEventCount(namespace) > eventsSeenSoFar + }, time.Second*10, time.Millisecond*200) + + suite.makeGoldenAssertions(namespace, "prometheus/subsequent-disable") +} diff --git a/internal/appliance/reconciler/reconcile.go b/internal/appliance/reconciler/reconcile.go index 20b836748db..cf916208268 100644 --- a/internal/appliance/reconciler/reconcile.go +++ b/internal/appliance/reconciler/reconcile.go @@ -99,6 +99,9 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu if err := r.reconcileCodeIntel(ctx, &sourcegraph, &applianceSpec); err != nil { return ctrl.Result{}, errors.Newf("failed to reconcile precise code intel: %w", err) } + if err := r.reconcilePrometheus(ctx, &sourcegraph, &applianceSpec); err != nil { + return ctrl.Result{}, errors.Newf("failed to reconcile prometheus: %w", err) + } // Set the current version annotation in case migration logic depends on it. applianceSpec.Annotations[config.AnnotationKeyCurrentVersion] = sourcegraph.Spec.RequestedVersion diff --git a/internal/appliance/reconciler/redis.go b/internal/appliance/reconciler/redis.go index 9a68600f9b6..6109b311c49 100644 --- a/internal/appliance/reconciler/redis.go +++ b/internal/appliance/reconciler/redis.go @@ -97,7 +97,7 @@ if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi - `, +`, }, }, }, diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/blobstore/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/blobstore/default.yaml index 10f49ffeaea..787b792e819 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/blobstore/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/blobstore/default.yaml @@ -1,225 +1,228 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: blobstore - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: blobstore + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: blobstore - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: blobstore - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: blobstore - deploy: sourcegraph - name: blobstore - spec: - containers: - - image: index.docker.io/sourcegraph/blobstore:5.3.2@sha256:d625be1eefe61cc42f94498e3c588bf212c4159c8b20c519db84eae4ff715efa - imagePullPolicy: IfNotPresent + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: blobstore + creationTimestamp: null + labels: + app: blobstore + deploy: sourcegraph name: blobstore - ports: - - containerPort: 9000 - name: blobstore - protocol: TCP - resources: - limits: - cpu: "1" - memory: 500M - requests: - cpu: "1" - memory: 500M + spec: + containers: + - image: index.docker.io/sourcegraph/blobstore:5.3.2@sha256:d625be1eefe61cc42f94498e3c588bf212c4159c8b20c519db84eae4ff715efa + imagePullPolicy: IfNotPresent + name: blobstore + ports: + - containerPort: 9000 + name: blobstore + protocol: TCP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: "1" + memory: 500M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /blobstore + name: blobstore + - mountPath: /data + name: blobstore-data + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /blobstore - name: blobstore - - mountPath: /data - name: blobstore-data - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: blobstore - - name: blobstore-data - persistentVolumeClaim: - claimName: blobstore - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: blobstore + - name: blobstore-data + persistentVolumeClaim: + claimName: blobstore + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: {} + blobstore: {} - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: blobstore - app.kubernetes.io/component: blobstore - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: blobstore - port: 9000 - protocol: TCP - targetPort: blobstore - selector: - app: blobstore - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: blobstore + app.kubernetes.io/component: blobstore + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: blobstore + port: 9000 + protocol: TCP + targetPort: blobstore + selector: + app: blobstore + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/codeintel/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/codeintel/default.yaml index 26b442ea9e5..6fa9853f22b 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/codeintel/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/codeintel/default.yaml @@ -1,487 +1,490 @@ resources: -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - annotations: - appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: codeintel-db - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: codeintel-db - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: + appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: codeintel-db + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: codeintel-db + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: codeintel-db - serviceName: codeintel-db - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: codeintel-db - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: codeintel-db - deploy: sourcegraph - name: codeintel-db - spec: - containers: - - env: - - name: POSTGRES_DATABASE - valueFrom: - secretKeyRef: - key: database - name: codeintel-db-auth - - name: POSTGRES_HOST - valueFrom: - secretKeyRef: - key: host - name: codeintel-db-auth - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: codeintel-db-auth - - name: POSTGRES_PORT - valueFrom: - secretKeyRef: - key: port - name: codeintel-db-auth - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - key: user - name: codeintel-db-auth - - name: POSTGRES_DB - value: $(POSTGRES_DATABASE) - image: index.docker.io/sourcegraph/codeintel-db:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /liveness.sh - failureThreshold: 3 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 + serviceName: codeintel-db + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: codeintel-db + creationTimestamp: null + labels: + app: codeintel-db + deploy: sourcegraph name: codeintel-db - ports: - - containerPort: 5432 - name: pgsql - protocol: TCP - readinessProbe: - exec: - command: - - /ready.sh - failureThreshold: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "4" - memory: 4Gi + spec: + containers: + - env: + - name: POSTGRES_DATABASE + valueFrom: + secretKeyRef: + key: database + name: codeintel-db-auth + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + key: host + name: codeintel-db-auth + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: codeintel-db-auth + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: codeintel-db-auth + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: user + name: codeintel-db-auth + - name: POSTGRES_DB + value: $(POSTGRES_DATABASE) + image: index.docker.io/sourcegraph/codeintel-db:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /liveness.sh + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: codeintel-db + ports: + - containerPort: 5432 + name: pgsql + protocol: TCP + readinessProbe: + exec: + command: + - /ready.sh + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "4" + memory: 4Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - mountPath: /var/run/postgresql + name: lockdir + - env: + - name: DATA_SOURCE_DB + valueFrom: + secretKeyRef: + key: database + name: codeintel-db-auth + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + key: password + name: codeintel-db-auth + - name: DATA_SOURCE_PORT + valueFrom: + secretKeyRef: + key: port + name: codeintel-db-auth + - name: DATA_SOURCE_USER + valueFrom: + secretKeyRef: + key: user + name: codeintel-db-auth + - name: DATA_SOURCE_URI + value: 127.0.0.1:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/code_intel_queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:5.3.2@sha256:b9fa66fbcb4cc2d466487259db4ae2deacd7651dac4a9e28c9c7fc36523699d0 + imagePullPolicy: IfNotPresent + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50M + requests: + cpu: 10m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:5.3.2@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + imagePullPolicy: IfNotPresent + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50M + requests: + cpu: 10m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 999 runAsUser: 999 - startupProbe: - exec: - command: - - /liveness.sh - failureThreshold: 360 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /data - name: disk - - mountPath: /conf - name: pgsql-conf - - mountPath: /var/run/postgresql - name: lockdir - - env: - - name: DATA_SOURCE_DB - valueFrom: - secretKeyRef: - key: database - name: codeintel-db-auth - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - key: password - name: codeintel-db-auth - - name: DATA_SOURCE_PORT - valueFrom: - secretKeyRef: - key: port - name: codeintel-db-auth - - name: DATA_SOURCE_USER - valueFrom: - secretKeyRef: - key: user - name: codeintel-db-auth - - name: DATA_SOURCE_URI - value: 127.0.0.1:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable - - name: PG_EXPORTER_EXTEND_QUERY_PATH - value: /config/code_intel_queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.3.2@sha256:b9fa66fbcb4cc2d466487259db4ae2deacd7651dac4a9e28c9c7fc36523699d0 - imagePullPolicy: IfNotPresent - name: pgsql-exporter - resources: - limits: - cpu: 10m - memory: 50M - requests: - cpu: 10m - memory: 50M - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 999 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - initContainers: - - command: - - sh - - -c - - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi - image: index.docker.io/sourcegraph/alpine-3.14:5.3.2@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 - imagePullPolicy: IfNotPresent - name: correct-data-dir-permissions - resources: - limits: - cpu: 10m - memory: 50M - requests: - cpu: 10m - memory: 50M - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 999 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /data - name: disk - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 999 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 999 - runAsUser: 999 - serviceAccount: codeintel-db - serviceAccountName: codeintel-db - terminationGracePeriodSeconds: 120 - volumes: - - emptyDir: {} - name: lockdir - - name: disk - persistentVolumeClaim: - claimName: codeintel-db - - configMap: - defaultMode: 511 - name: codeintel-db-conf - name: pgsql-conf - updateStrategy: - type: RollingUpdate - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: v1 - data: - postgresql.conf: | - #------------------------------------------------------------------------------ - # POSTGRESQL DEFAULT CONFIGURATION - #------------------------------------------------------------------------------ + serviceAccount: codeintel-db + serviceAccountName: codeintel-db + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: lockdir + - name: disk + persistentVolumeClaim: + claimName: codeintel-db + - configMap: + defaultMode: 511 + name: codeintel-db-conf + name: pgsql-conf + updateStrategy: + type: RollingUpdate + status: + availableReplicas: 0 + replicas: 0 + - apiVersion: v1 + data: + postgresql.conf: | + #------------------------------------------------------------------------------ + # POSTGRESQL DEFAULT CONFIGURATION + #------------------------------------------------------------------------------ - # Below is PostgreSQL default configuration. - # You should apply your own customization in the CUSTOMIZED OPTIONS section below - # to avoid merge conflict in the future. + # Below is PostgreSQL default configuration. + # You should apply your own customization in the CUSTOMIZED OPTIONS section below + # to avoid merge conflict in the future. - listen_addresses = '*' - max_connections = 100 - shared_buffers = 128MB - dynamic_shared_memory_type = posix - max_wal_size = 1GB - min_wal_size = 80MB - log_timezone = 'UTC' - datestyle = 'iso, mdy' - timezone = 'UTC' - lc_messages = 'en_US.utf8' - lc_monetary = 'en_US.utf8' - lc_numeric = 'en_US.utf8' - lc_time = 'en_US.utf8' - default_text_search_config = 'pg_catalog.english' + listen_addresses = '*' + max_connections = 100 + shared_buffers = 128MB + dynamic_shared_memory_type = posix + max_wal_size = 1GB + min_wal_size = 80MB + log_timezone = 'UTC' + datestyle = 'iso, mdy' + timezone = 'UTC' + lc_messages = 'en_US.utf8' + lc_monetary = 'en_US.utf8' + lc_numeric = 'en_US.utf8' + lc_time = 'en_US.utf8' + default_text_search_config = 'pg_catalog.english' - #------------------------------------------------------------------------------ - # SOURCEGRAPH RECOMMENDED OPTIONS - #------------------------------------------------------------------------------ + #------------------------------------------------------------------------------ + # SOURCEGRAPH RECOMMENDED OPTIONS + #------------------------------------------------------------------------------ - # Below is Sourcegraph recommended Postgres configuration based on the default resource configuration. - # You should apply your own customization in the CUSTOMIZED OPTIONS section below - # to avoid merge conflict in the future. + # Below is Sourcegraph recommended Postgres configuration based on the default resource configuration. + # You should apply your own customization in the CUSTOMIZED OPTIONS section below + # to avoid merge conflict in the future. - shared_buffers = 1GB - work_mem = 5MB - maintenance_work_mem = 250MB - temp_file_limit = 20GB - bgwriter_delay = 50ms - bgwriter_lru_maxpages = 200 - effective_io_concurrency = 200 - max_worker_processes = 4 - max_parallel_maintenance_workers = 4 - max_parallel_workers_per_gather = 2 - max_parallel_workers = 4 - wal_buffers = 16MB - max_wal_size = 8GB - min_wal_size = 2GB - random_page_cost = 1.1 - effective_cache_size = 3GB + shared_buffers = 1GB + work_mem = 5MB + maintenance_work_mem = 250MB + temp_file_limit = 20GB + bgwriter_delay = 50ms + bgwriter_lru_maxpages = 200 + effective_io_concurrency = 200 + max_worker_processes = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers_per_gather = 2 + max_parallel_workers = 4 + wal_buffers = 16MB + max_wal_size = 8GB + min_wal_size = 2GB + random_page_cost = 1.1 + effective_cache_size = 3GB - #------------------------------------------------------------------------------ - # CUSTOMIZED OPTIONS - #------------------------------------------------------------------------------ + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ - # Add your customization by using 'codeIntelDB.additionalConfig' in your override file. - # Learn more: https://docs.sourcegraph.com/admin/config/postgres-conf - immutable: false - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: codeintel-db-conf - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + # Add your customization by using 'codeIntelDB.additionalConfig' in your override file. + # Learn more: https://docs.sourcegraph.com/admin/config/postgres-conf + immutable: false + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: codeintel-db-conf + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: {} + codeIntel: {} - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisExporter: - disabled: true + redisExporter: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: codeintel-db - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 200Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - data: - database: c2c= - host: Y29kZWludGVsLWRi - password: cGFzc3dvcmQ= - port: NTQzMg== - user: c2c= - kind: Secret - metadata: - annotations: - appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app.kubernetes.io/component: codeintel-db-auth - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: codeintel-db-auth - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: codeintel-db + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - type: Opaque -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: codeintel - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + data: + database: c2c= + host: Y29kZWludGVsLWRi + password: cGFzc3dvcmQ= + port: NTQzMg== + user: c2c= + kind: Secret + metadata: + annotations: + appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app.kubernetes.io/component: codeintel-db-auth + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: codeintel-db-auth + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df - prometheus.io/port: "9187" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: codeintel-db - app.kubernetes.io/component: codeintel-db - deploy: sourcegraph - name: codeintel-db - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + type: Opaque + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: codeintel + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: pgsql - port: 5432 - protocol: TCP - targetPort: pgsql - selector: - app: codeintel-db - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 08a9f89fce0d5a0784d40c635aac4b63182af3bcf52068f2e8bc5941aa9706df + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: codeintel-db + app.kubernetes.io/component: codeintel-db + deploy: sourcegraph + name: codeintel-db + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: pgsql + port: 5432 + protocol: TCP + targetPort: pgsql + selector: + app: codeintel-db + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/gitserver/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/gitserver/default.yaml index 3af38ee0ea6..4b2a4f5c872 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/gitserver/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/gitserver/default.yaml @@ -1,267 +1,270 @@ resources: -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - annotations: - appliance.sourcegraph.com/configHash: 83479964f6f3f84d669035db9422f03b10c7543d344f6c222c1d1698eb3acb6a - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: gitserver - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: gitserver - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: + appliance.sourcegraph.com/configHash: 83479964f6f3f84d669035db9422f03b10c7543d344f6c222c1d1698eb3acb6a + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: gitserver + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: gitserver + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: gitserver - serviceName: gitserver - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: gitserver - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: gitserver - deploy: sourcegraph - name: gitserver - spec: - containers: - - args: - - run - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/gitserver:5.3.2@sha256:6c6042cf3e5f3f16de9b82e3d4ab1647f8bb924cd315245bd7a3162f5489e8c4 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: rpc - timeoutSeconds: 5 + serviceName: gitserver + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: gitserver + creationTimestamp: null + labels: + app: gitserver + deploy: sourcegraph name: gitserver - ports: - - containerPort: 3178 - name: rpc - protocol: TCP - resources: - limits: - cpu: "4" - memory: 8Gi - requests: - cpu: "4" - memory: 8Gi + spec: + containers: + - args: + - run + env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/gitserver:5.3.2@sha256:6c6042cf3e5f3f16de9b82e3d4ab1647f8bb924cd315245bd7a3162f5489e8c4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: rpc + timeoutSeconds: 5 + name: gitserver + ports: + - containerPort: 3178 + name: rpc + protocol: TCP + resources: + limits: + cpu: "4" + memory: 8Gi + requests: + cpu: "4" + memory: 8Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmpdir + - mountPath: /data/repos + name: repos + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp - name: tmpdir - - mountPath: /data/repos + serviceAccount: gitserver + serviceAccountName: gitserver + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: repos + - emptyDir: {} + name: tmpdir + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + creationTimestamp: null + labels: + deploy: sourcegraph name: repos - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: gitserver - serviceAccountName: gitserver - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: repos - - emptyDir: {} - name: tmpdir - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - creationTimestamp: null - labels: - deploy: sourcegraph - name: repos - namespace: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 200Gi - volumeMode: Filesystem - status: - phase: Pending - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + namespace: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + volumeMode: Filesystem + status: + phase: Pending + status: + availableReplicas: 0 + replicas: 0 + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: {} + gitServer: {} - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 83479964f6f3f84d669035db9422f03b10c7543d344f6c222c1d1698eb3acb6a - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: gitserver - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 83479964f6f3f84d669035db9422f03b10c7543d344f6c222c1d1698eb3acb6a - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: gitserver - app.kubernetes.io/component: gitserver - deploy: sourcegraph - name: gitserver - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 83479964f6f3f84d669035db9422f03b10c7543d344f6c222c1d1698eb3acb6a + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: gitserver + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: unused - port: 10811 - protocol: TCP - targetPort: 10811 - selector: - app: gitserver - type: gitserver - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 83479964f6f3f84d669035db9422f03b10c7543d344f6c222c1d1698eb3acb6a + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: gitserver + app.kubernetes.io/component: gitserver + deploy: sourcegraph + name: gitserver + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: unused + port: 10811 + protocol: TCP + targetPort: 10811 + selector: + app: gitserver + type: gitserver + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/gitserver/with-storage.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/gitserver/with-storage.yaml index d4017d050fd..8c07bcfa466 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/gitserver/with-storage.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/gitserver/with-storage.yaml @@ -1,268 +1,271 @@ resources: -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - annotations: - appliance.sourcegraph.com/configHash: ab677ca3d3c1faf2f802c3a7a01b81b35c553394c3ec9a548543908453c6e57f - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: gitserver - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: gitserver - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: + appliance.sourcegraph.com/configHash: ab677ca3d3c1faf2f802c3a7a01b81b35c553394c3ec9a548543908453c6e57f + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: gitserver + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: gitserver + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: gitserver - serviceName: gitserver - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: gitserver - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: gitserver - deploy: sourcegraph - name: gitserver - spec: - containers: - - args: - - run - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/gitserver:5.3.2@sha256:6c6042cf3e5f3f16de9b82e3d4ab1647f8bb924cd315245bd7a3162f5489e8c4 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: rpc - timeoutSeconds: 5 + serviceName: gitserver + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: gitserver + creationTimestamp: null + labels: + app: gitserver + deploy: sourcegraph name: gitserver - ports: - - containerPort: 3178 - name: rpc - protocol: TCP - resources: - limits: - cpu: "4" - memory: 8Gi - requests: - cpu: "4" - memory: 8Gi + spec: + containers: + - args: + - run + env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/gitserver:5.3.2@sha256:6c6042cf3e5f3f16de9b82e3d4ab1647f8bb924cd315245bd7a3162f5489e8c4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: rpc + timeoutSeconds: 5 + name: gitserver + ports: + - containerPort: 3178 + name: rpc + protocol: TCP + resources: + limits: + cpu: "4" + memory: 8Gi + requests: + cpu: "4" + memory: 8Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmpdir + - mountPath: /data/repos + name: repos + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp - name: tmpdir - - mountPath: /data/repos + serviceAccount: gitserver + serviceAccountName: gitserver + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: repos + - emptyDir: {} + name: tmpdir + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + creationTimestamp: null + labels: + deploy: sourcegraph name: repos - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: gitserver - serviceAccountName: gitserver - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: repos - - emptyDir: {} - name: tmpdir - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - creationTimestamp: null - labels: - deploy: sourcegraph - name: repos - namespace: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 500Gi - volumeMode: Filesystem - status: - phase: Pending - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + namespace: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + volumeMode: Filesystem + status: + phase: Pending + status: + availableReplicas: 0 + replicas: 0 + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - storageSize: "500Gi" + gitServer: + storageSize: "500Gi" - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: ab677ca3d3c1faf2f802c3a7a01b81b35c553394c3ec9a548543908453c6e57f - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: gitserver - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: ab677ca3d3c1faf2f802c3a7a01b81b35c553394c3ec9a548543908453c6e57f - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: gitserver - app.kubernetes.io/component: gitserver - deploy: sourcegraph - name: gitserver - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: ab677ca3d3c1faf2f802c3a7a01b81b35c553394c3ec9a548543908453c6e57f + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: gitserver + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: unused - port: 10811 - protocol: TCP - targetPort: 10811 - selector: - app: gitserver - type: gitserver - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: ab677ca3d3c1faf2f802c3a7a01b81b35c553394c3ec9a548543908453c6e57f + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: gitserver + app.kubernetes.io/component: gitserver + deploy: sourcegraph + name: gitserver + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: unused + port: 10811 + protocol: TCP + targetPort: 10811 + selector: + app: gitserver + type: gitserver + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/pgsql/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/pgsql/default.yaml index 85abfb4b5f2..4997c4ef0af 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/pgsql/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/pgsql/default.yaml @@ -1,493 +1,496 @@ resources: -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - annotations: - appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: pgsql - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: pgsql - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: + appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: pgsql + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: pgsql + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: pgsql - serviceName: pgsql - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: pgsql - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: pgsql - deploy: sourcegraph - name: pgsql - spec: - containers: - - env: - - name: POSTGRES_DATABASE - valueFrom: - secretKeyRef: - key: database - name: pgsql-auth - - name: POSTGRES_HOST - valueFrom: - secretKeyRef: - key: host - name: pgsql-auth - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: pgsql-auth - - name: POSTGRES_PORT - valueFrom: - secretKeyRef: - key: port - name: pgsql-auth - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - key: user - name: pgsql-auth - - name: POSTGRES_DB - value: $(POSTGRES_DATABASE) - image: index.docker.io/sourcegraph/postgres-12-alpine:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /liveness.sh - failureThreshold: 3 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 + serviceName: pgsql + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: pgsql + creationTimestamp: null + labels: + app: pgsql + deploy: sourcegraph name: pgsql - ports: - - containerPort: 5432 - name: pgsql - protocol: TCP - readinessProbe: - exec: - command: - - /ready.sh - failureThreshold: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "4" - memory: 4Gi + spec: + containers: + - env: + - name: POSTGRES_DATABASE + valueFrom: + secretKeyRef: + key: database + name: pgsql-auth + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + key: host + name: pgsql-auth + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: pgsql-auth + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: pgsql-auth + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: user + name: pgsql-auth + - name: POSTGRES_DB + value: $(POSTGRES_DATABASE) + image: index.docker.io/sourcegraph/postgres-12-alpine:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /liveness.sh + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + protocol: TCP + readinessProbe: + exec: + command: + - /ready.sh + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "4" + memory: 4Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - mountPath: /dev/shm + name: dshm + - mountPath: /var/run/postgresql + name: lockdir + - env: + - name: DATA_SOURCE_DB + valueFrom: + secretKeyRef: + key: database + name: pgsql-auth + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + key: password + name: pgsql-auth + - name: DATA_SOURCE_PORT + valueFrom: + secretKeyRef: + key: port + name: pgsql-auth + - name: DATA_SOURCE_USER + valueFrom: + secretKeyRef: + key: user + name: pgsql-auth + - name: DATA_SOURCE_URI + value: 127.0.0.1:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:5.3.2@sha256:b9fa66fbcb4cc2d466487259db4ae2deacd7651dac4a9e28c9c7fc36523699d0 + imagePullPolicy: IfNotPresent + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50M + requests: + cpu: 10m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:5.3.2@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + imagePullPolicy: IfNotPresent + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50M + requests: + cpu: 10m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 999 runAsUser: 999 - startupProbe: - exec: - command: - - /liveness.sh - failureThreshold: 360 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /data - name: disk - - mountPath: /conf - name: pgsql-conf - - mountPath: /dev/shm - name: dshm - - mountPath: /var/run/postgresql - name: lockdir - - env: - - name: DATA_SOURCE_DB - valueFrom: - secretKeyRef: - key: database - name: pgsql-auth - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - key: password - name: pgsql-auth - - name: DATA_SOURCE_PORT - valueFrom: - secretKeyRef: - key: port - name: pgsql-auth - - name: DATA_SOURCE_USER - valueFrom: - secretKeyRef: - key: user - name: pgsql-auth - - name: DATA_SOURCE_URI - value: 127.0.0.1:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable - - name: PG_EXPORTER_EXTEND_QUERY_PATH - value: /config/queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.3.2@sha256:b9fa66fbcb4cc2d466487259db4ae2deacd7651dac4a9e28c9c7fc36523699d0 - imagePullPolicy: IfNotPresent - name: pgsql-exporter - resources: - limits: - cpu: 10m - memory: 50M - requests: - cpu: 10m - memory: 50M - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 999 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - initContainers: - - command: - - sh - - -c - - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi - image: index.docker.io/sourcegraph/alpine-3.14:5.3.2@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 - imagePullPolicy: IfNotPresent - name: correct-data-dir-permissions - resources: - limits: - cpu: 10m - memory: 50M - requests: - cpu: 10m - memory: 50M - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 999 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /data - name: disk - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 999 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 999 - runAsUser: 999 - serviceAccount: pgsql - serviceAccountName: pgsql - terminationGracePeriodSeconds: 120 - volumes: - - emptyDir: {} - name: lockdir - - emptyDir: - medium: Memory - sizeLimit: 1Gi - name: dshm - - name: disk - persistentVolumeClaim: - claimName: pgsql - - configMap: - defaultMode: 511 - name: pgsql-conf - name: pgsql-conf - updateStrategy: - type: RollingUpdate - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: v1 - data: - postgresql.conf: | - #------------------------------------------------------------------------------ - # POSTGRESQL DEFAULT CONFIGURATION - #------------------------------------------------------------------------------ + serviceAccount: pgsql + serviceAccountName: pgsql + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: lockdir + - emptyDir: + medium: Memory + sizeLimit: 1Gi + name: dshm + - name: disk + persistentVolumeClaim: + claimName: pgsql + - configMap: + defaultMode: 511 + name: pgsql-conf + name: pgsql-conf + updateStrategy: + type: RollingUpdate + status: + availableReplicas: 0 + replicas: 0 + - apiVersion: v1 + data: + postgresql.conf: | + #------------------------------------------------------------------------------ + # POSTGRESQL DEFAULT CONFIGURATION + #------------------------------------------------------------------------------ - # Below is PostgreSQL default configuration. - # You should apply your own customization in the CUSTOMIZED OPTIONS section below - # to avoid merge conflict in the future. + # Below is PostgreSQL default configuration. + # You should apply your own customization in the CUSTOMIZED OPTIONS section below + # to avoid merge conflict in the future. - listen_addresses = '*' - max_connections = 100 - shared_buffers = 128MB - dynamic_shared_memory_type = posix - max_wal_size = 1GB - min_wal_size = 80MB - log_timezone = 'UTC' - datestyle = 'iso, mdy' - timezone = 'UTC' - lc_messages = 'en_US.utf8' - lc_monetary = 'en_US.utf8' - lc_numeric = 'en_US.utf8' - lc_time = 'en_US.utf8' - default_text_search_config = 'pg_catalog.english' + listen_addresses = '*' + max_connections = 100 + shared_buffers = 128MB + dynamic_shared_memory_type = posix + max_wal_size = 1GB + min_wal_size = 80MB + log_timezone = 'UTC' + datestyle = 'iso, mdy' + timezone = 'UTC' + lc_messages = 'en_US.utf8' + lc_monetary = 'en_US.utf8' + lc_numeric = 'en_US.utf8' + lc_time = 'en_US.utf8' + default_text_search_config = 'pg_catalog.english' - #------------------------------------------------------------------------------ - # SOURCEGRAPH RECOMMENDED OPTIONS - #------------------------------------------------------------------------------ + #------------------------------------------------------------------------------ + # SOURCEGRAPH RECOMMENDED OPTIONS + #------------------------------------------------------------------------------ - # Below is Sourcegraph recommended Postgres configuration based on the default resource configuration. - # You should apply your own customization in the CUSTOMIZED OPTIONS section below - # to avoid merge conflict in the future. + # Below is Sourcegraph recommended Postgres configuration based on the default resource configuration. + # You should apply your own customization in the CUSTOMIZED OPTIONS section below + # to avoid merge conflict in the future. - shared_buffers = 1GB - work_mem = 5MB - maintenance_work_mem = 250MB - temp_file_limit = 20GB - bgwriter_delay = 50ms - bgwriter_lru_maxpages = 200 - effective_io_concurrency = 200 - max_worker_processes = 4 - max_parallel_maintenance_workers = 4 - max_parallel_workers_per_gather = 2 - max_parallel_workers = 4 - wal_buffers = 16MB - max_wal_size = 8GB - min_wal_size = 2GB - random_page_cost = 1.1 - effective_cache_size = 3GB + shared_buffers = 1GB + work_mem = 5MB + maintenance_work_mem = 250MB + temp_file_limit = 20GB + bgwriter_delay = 50ms + bgwriter_lru_maxpages = 200 + effective_io_concurrency = 200 + max_worker_processes = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers_per_gather = 2 + max_parallel_workers = 4 + wal_buffers = 16MB + max_wal_size = 8GB + min_wal_size = 2GB + random_page_cost = 1.1 + effective_cache_size = 3GB - #------------------------------------------------------------------------------ - # CUSTOMIZED OPTIONS - #------------------------------------------------------------------------------ + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ - # Add your customization by using 'pgsql.additionalConfig' in your override file. - # Learn more: https://docs.sourcegraph.com/admin/config/postgres-conf - immutable: false - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: pgsql-conf - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + # Add your customization by using 'pgsql.additionalConfig' in your override file. + # Learn more: https://docs.sourcegraph.com/admin/config/postgres-conf + immutable: false + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: pgsql-conf + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: {} + pgsql: {} - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisExporter: - disabled: true + redisExporter: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: pgsql - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 200Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - data: - database: c2c= - host: cGdzcWw= - password: cGFzc3dvcmQ= - port: NTQzMg== - user: c2c= - kind: Secret - metadata: - annotations: - appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app.kubernetes.io/component: pgsql-auth - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: pgsql-auth - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: pgsql + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - type: Opaque -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: pgsql - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + data: + database: c2c= + host: cGdzcWw= + password: cGFzc3dvcmQ= + port: NTQzMg== + user: c2c= + kind: Secret + metadata: + annotations: + appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app.kubernetes.io/component: pgsql-auth + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: pgsql-auth + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b - prometheus.io/port: "9187" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: pgsql - app.kubernetes.io/component: pgsql - deploy: sourcegraph - name: pgsql - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + type: Opaque + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: pgsql + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: pgsql - port: 5432 - protocol: TCP - targetPort: pgsql - selector: - app: pgsql - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 1a699c66e173ecb90aba090427b165f1eb257dcaf67627d48b11d21460a8475b + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: pgsql + app.kubernetes.io/component: pgsql + deploy: sourcegraph + name: pgsql + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: pgsql + port: 5432 + protocol: TCP + targetPort: pgsql + selector: + app: pgsql + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/pgsql/with-storage.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/pgsql/with-storage.yaml index 262f5d2318b..cef0648d989 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/pgsql/with-storage.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/pgsql/with-storage.yaml @@ -1,494 +1,497 @@ resources: -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - annotations: - appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: pgsql - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: pgsql - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: + appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: pgsql + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: pgsql + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: pgsql - serviceName: pgsql - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: pgsql - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: pgsql - deploy: sourcegraph - name: pgsql - spec: - containers: - - env: - - name: POSTGRES_DATABASE - valueFrom: - secretKeyRef: - key: database - name: pgsql-auth - - name: POSTGRES_HOST - valueFrom: - secretKeyRef: - key: host - name: pgsql-auth - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: pgsql-auth - - name: POSTGRES_PORT - valueFrom: - secretKeyRef: - key: port - name: pgsql-auth - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - key: user - name: pgsql-auth - - name: POSTGRES_DB - value: $(POSTGRES_DATABASE) - image: index.docker.io/sourcegraph/postgres-12-alpine:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /liveness.sh - failureThreshold: 3 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 + serviceName: pgsql + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: pgsql + creationTimestamp: null + labels: + app: pgsql + deploy: sourcegraph name: pgsql - ports: - - containerPort: 5432 - name: pgsql - protocol: TCP - readinessProbe: - exec: - command: - - /ready.sh - failureThreshold: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "4" - memory: 4Gi + spec: + containers: + - env: + - name: POSTGRES_DATABASE + valueFrom: + secretKeyRef: + key: database + name: pgsql-auth + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + key: host + name: pgsql-auth + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: pgsql-auth + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: pgsql-auth + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: user + name: pgsql-auth + - name: POSTGRES_DB + value: $(POSTGRES_DATABASE) + image: index.docker.io/sourcegraph/postgres-12-alpine:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /liveness.sh + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: pgsql + ports: + - containerPort: 5432 + name: pgsql + protocol: TCP + readinessProbe: + exec: + command: + - /ready.sh + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "4" + memory: 4Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + startupProbe: + exec: + command: + - /liveness.sh + failureThreshold: 360 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + - mountPath: /conf + name: pgsql-conf + - mountPath: /dev/shm + name: dshm + - mountPath: /var/run/postgresql + name: lockdir + - env: + - name: DATA_SOURCE_DB + valueFrom: + secretKeyRef: + key: database + name: pgsql-auth + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + key: password + name: pgsql-auth + - name: DATA_SOURCE_PORT + valueFrom: + secretKeyRef: + key: port + name: pgsql-auth + - name: DATA_SOURCE_USER + valueFrom: + secretKeyRef: + key: user + name: pgsql-auth + - name: DATA_SOURCE_URI + value: 127.0.0.1:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable + - name: PG_EXPORTER_EXTEND_QUERY_PATH + value: /config/queries.yaml + image: index.docker.io/sourcegraph/postgres_exporter:5.3.2@sha256:b9fa66fbcb4cc2d466487259db4ae2deacd7651dac4a9e28c9c7fc36523699d0 + imagePullPolicy: IfNotPresent + name: pgsql-exporter + resources: + limits: + cpu: 10m + memory: 50M + requests: + cpu: 10m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + initContainers: + - command: + - sh + - -c + - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi + image: index.docker.io/sourcegraph/alpine-3.14:5.3.2@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 + imagePullPolicy: IfNotPresent + name: correct-data-dir-permissions + resources: + limits: + cpu: 10m + memory: 50M + requests: + cpu: 10m + memory: 50M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /data + name: disk + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 999 runAsUser: 999 - startupProbe: - exec: - command: - - /liveness.sh - failureThreshold: 360 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /data - name: disk - - mountPath: /conf - name: pgsql-conf - - mountPath: /dev/shm - name: dshm - - mountPath: /var/run/postgresql - name: lockdir - - env: - - name: DATA_SOURCE_DB - valueFrom: - secretKeyRef: - key: database - name: pgsql-auth - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - key: password - name: pgsql-auth - - name: DATA_SOURCE_PORT - valueFrom: - secretKeyRef: - key: port - name: pgsql-auth - - name: DATA_SOURCE_USER - valueFrom: - secretKeyRef: - key: user - name: pgsql-auth - - name: DATA_SOURCE_URI - value: 127.0.0.1:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable - - name: PG_EXPORTER_EXTEND_QUERY_PATH - value: /config/queries.yaml - image: index.docker.io/sourcegraph/postgres_exporter:5.3.2@sha256:b9fa66fbcb4cc2d466487259db4ae2deacd7651dac4a9e28c9c7fc36523699d0 - imagePullPolicy: IfNotPresent - name: pgsql-exporter - resources: - limits: - cpu: 10m - memory: 50M - requests: - cpu: 10m - memory: 50M - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 999 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - initContainers: - - command: - - sh - - -c - - if [ -d /data/pgdata-12 ]; then chmod 750 /data/pgdata-12; fi - image: index.docker.io/sourcegraph/alpine-3.14:5.3.2@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7 - imagePullPolicy: IfNotPresent - name: correct-data-dir-permissions - resources: - limits: - cpu: 10m - memory: 50M - requests: - cpu: 10m - memory: 50M - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 999 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /data - name: disk - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 999 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 999 - runAsUser: 999 - serviceAccount: pgsql - serviceAccountName: pgsql - terminationGracePeriodSeconds: 120 - volumes: - - emptyDir: {} - name: lockdir - - emptyDir: - medium: Memory - sizeLimit: 1Gi - name: dshm - - name: disk - persistentVolumeClaim: - claimName: pgsql - - configMap: - defaultMode: 511 - name: pgsql-conf - name: pgsql-conf - updateStrategy: - type: RollingUpdate - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: v1 - data: - postgresql.conf: | - #------------------------------------------------------------------------------ - # POSTGRESQL DEFAULT CONFIGURATION - #------------------------------------------------------------------------------ + serviceAccount: pgsql + serviceAccountName: pgsql + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: {} + name: lockdir + - emptyDir: + medium: Memory + sizeLimit: 1Gi + name: dshm + - name: disk + persistentVolumeClaim: + claimName: pgsql + - configMap: + defaultMode: 511 + name: pgsql-conf + name: pgsql-conf + updateStrategy: + type: RollingUpdate + status: + availableReplicas: 0 + replicas: 0 + - apiVersion: v1 + data: + postgresql.conf: | + #------------------------------------------------------------------------------ + # POSTGRESQL DEFAULT CONFIGURATION + #------------------------------------------------------------------------------ - # Below is PostgreSQL default configuration. - # You should apply your own customization in the CUSTOMIZED OPTIONS section below - # to avoid merge conflict in the future. + # Below is PostgreSQL default configuration. + # You should apply your own customization in the CUSTOMIZED OPTIONS section below + # to avoid merge conflict in the future. - listen_addresses = '*' - max_connections = 100 - shared_buffers = 128MB - dynamic_shared_memory_type = posix - max_wal_size = 1GB - min_wal_size = 80MB - log_timezone = 'UTC' - datestyle = 'iso, mdy' - timezone = 'UTC' - lc_messages = 'en_US.utf8' - lc_monetary = 'en_US.utf8' - lc_numeric = 'en_US.utf8' - lc_time = 'en_US.utf8' - default_text_search_config = 'pg_catalog.english' + listen_addresses = '*' + max_connections = 100 + shared_buffers = 128MB + dynamic_shared_memory_type = posix + max_wal_size = 1GB + min_wal_size = 80MB + log_timezone = 'UTC' + datestyle = 'iso, mdy' + timezone = 'UTC' + lc_messages = 'en_US.utf8' + lc_monetary = 'en_US.utf8' + lc_numeric = 'en_US.utf8' + lc_time = 'en_US.utf8' + default_text_search_config = 'pg_catalog.english' - #------------------------------------------------------------------------------ - # SOURCEGRAPH RECOMMENDED OPTIONS - #------------------------------------------------------------------------------ + #------------------------------------------------------------------------------ + # SOURCEGRAPH RECOMMENDED OPTIONS + #------------------------------------------------------------------------------ - # Below is Sourcegraph recommended Postgres configuration based on the default resource configuration. - # You should apply your own customization in the CUSTOMIZED OPTIONS section below - # to avoid merge conflict in the future. + # Below is Sourcegraph recommended Postgres configuration based on the default resource configuration. + # You should apply your own customization in the CUSTOMIZED OPTIONS section below + # to avoid merge conflict in the future. - shared_buffers = 1GB - work_mem = 5MB - maintenance_work_mem = 250MB - temp_file_limit = 20GB - bgwriter_delay = 50ms - bgwriter_lru_maxpages = 200 - effective_io_concurrency = 200 - max_worker_processes = 4 - max_parallel_maintenance_workers = 4 - max_parallel_workers_per_gather = 2 - max_parallel_workers = 4 - wal_buffers = 16MB - max_wal_size = 8GB - min_wal_size = 2GB - random_page_cost = 1.1 - effective_cache_size = 3GB + shared_buffers = 1GB + work_mem = 5MB + maintenance_work_mem = 250MB + temp_file_limit = 20GB + bgwriter_delay = 50ms + bgwriter_lru_maxpages = 200 + effective_io_concurrency = 200 + max_worker_processes = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers_per_gather = 2 + max_parallel_workers = 4 + wal_buffers = 16MB + max_wal_size = 8GB + min_wal_size = 2GB + random_page_cost = 1.1 + effective_cache_size = 3GB - #------------------------------------------------------------------------------ - # CUSTOMIZED OPTIONS - #------------------------------------------------------------------------------ + #------------------------------------------------------------------------------ + # CUSTOMIZED OPTIONS + #------------------------------------------------------------------------------ - # Add your customization by using 'pgsql.additionalConfig' in your override file. - # Learn more: https://docs.sourcegraph.com/admin/config/postgres-conf - immutable: false - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: pgsql-conf - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + # Add your customization by using 'pgsql.additionalConfig' in your override file. + # Learn more: https://docs.sourcegraph.com/admin/config/postgres-conf + immutable: false + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: pgsql-conf + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - storageSize: "500Gi" + pgsql: + storageSize: "500Gi" - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisExporter: - disabled: true + redisExporter: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: pgsql - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 500Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - data: - database: c2c= - host: cGdzcWw= - password: cGFzc3dvcmQ= - port: NTQzMg== - user: c2c= - kind: Secret - metadata: - annotations: - appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app.kubernetes.io/component: pgsql-auth - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: pgsql-auth - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: pgsql + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - type: Opaque -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: pgsql - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + data: + database: c2c= + host: cGdzcWw= + password: cGFzc3dvcmQ= + port: NTQzMg== + user: c2c= + kind: Secret + metadata: + annotations: + appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app.kubernetes.io/component: pgsql-auth + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: pgsql-auth + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 - prometheus.io/port: "9187" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: pgsql - app.kubernetes.io/component: pgsql - deploy: sourcegraph - name: pgsql - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + type: Opaque + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: pgsql + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: pgsql - port: 5432 - protocol: TCP - targetPort: pgsql - selector: - app: pgsql - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 76d8bfd89d72c07b04aed10ff0e6c0a90928d82a505dd6c0d508adb7ef855dc3 + prometheus.io/port: "9187" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: pgsql + app.kubernetes.io/component: pgsql + deploy: sourcegraph + name: pgsql + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: pgsql + port: 5432 + protocol: TCP + targetPort: pgsql + selector: + app: pgsql + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/default.yaml index ce62012bb6c..1bcde74462e 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/default.yaml @@ -1,252 +1,255 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: precise-code-intel-worker - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: precise-code-intel-worker + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: precise-code-intel-worker - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: precise-code-intel-worker - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: app: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - spec: - containers: - - env: - - name: NUM_WORKERS - value: "4" - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: precise-code-intel-worker + creationTimestamp: null + labels: + app: precise-code-intel-worker + deploy: sourcegraph name: precise-code-intel-worker - ports: - - containerPort: 3188 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "2" - memory: 4G - requests: - cpu: 500m - memory: 2G + spec: + containers: + - env: + - name: NUM_WORKERS + value: "4" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 500m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmpdir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp - name: tmpdir - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: tmpdir - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmpdir + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: {} + preciseCodeIntel: {} - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: precise-code-intel-worker - app.kubernetes.io/component: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3188 - protocol: TCP - targetPort: http - - name: debug - port: 6060 - protocol: TCP - targetPort: debug - selector: - app: precise-code-intel-worker - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel-worker + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3188 + protocol: TCP + targetPort: http + - name: debug + port: 6060 + protocol: TCP + targetPort: debug + selector: + app: precise-code-intel-worker + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-blobstore.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-blobstore.yaml index 84cee583865..dd109382223 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-blobstore.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-blobstore.yaml @@ -1,414 +1,417 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: blobstore - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: blobstore + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: blobstore - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: blobstore - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: blobstore - deploy: sourcegraph - name: blobstore - spec: - containers: - - image: index.docker.io/sourcegraph/blobstore:5.3.2@sha256:d625be1eefe61cc42f94498e3c588bf212c4159c8b20c519db84eae4ff715efa - imagePullPolicy: IfNotPresent + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: blobstore + creationTimestamp: null + labels: + app: blobstore + deploy: sourcegraph name: blobstore - ports: - - containerPort: 9000 - name: blobstore - protocol: TCP - resources: - limits: - cpu: "1" - memory: 500M - requests: - cpu: "1" - memory: 500M + spec: + containers: + - image: index.docker.io/sourcegraph/blobstore:5.3.2@sha256:d625be1eefe61cc42f94498e3c588bf212c4159c8b20c519db84eae4ff715efa + imagePullPolicy: IfNotPresent + name: blobstore + ports: + - containerPort: 9000 + name: blobstore + protocol: TCP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: "1" + memory: 500M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /blobstore + name: blobstore + - mountPath: /data + name: blobstore-data + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /blobstore - name: blobstore - - mountPath: /data - name: blobstore-data - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: blobstore - - name: blobstore-data - persistentVolumeClaim: - claimName: blobstore - status: {} -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: precise-code-intel-worker - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: blobstore + - name: blobstore-data + persistentVolumeClaim: + claimName: blobstore + status: {} + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: precise-code-intel-worker + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: precise-code-intel-worker - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: precise-code-intel-worker - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: app: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - spec: - containers: - - env: - - name: NUM_WORKERS - value: "4" - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND - value: blobstore - - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT - value: http://blobstore:9000 - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: precise-code-intel-worker + creationTimestamp: null + labels: + app: precise-code-intel-worker + deploy: sourcegraph name: precise-code-intel-worker - ports: - - containerPort: 3188 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "2" - memory: 4G - requests: - cpu: 500m - memory: 2G + spec: + containers: + - env: + - name: NUM_WORKERS + value: "4" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND + value: blobstore + - name: PRECISE_CODE_INTEL_UPLOAD_AWS_ENDPOINT + value: http://blobstore:9000 + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 500m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmpdir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp - name: tmpdir - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: tmpdir - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmpdir + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: {} + blobstore: {} - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: {} + preciseCodeIntel: {} - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: blobstore - app.kubernetes.io/component: blobstore - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: blobstore - port: 9000 - protocol: TCP - targetPort: blobstore - selector: - app: blobstore - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: precise-code-intel-worker - app.kubernetes.io/component: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: blobstore + app.kubernetes.io/component: blobstore + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3188 - protocol: TCP - targetPort: http - - name: debug - port: 6060 - protocol: TCP - targetPort: debug - selector: - app: precise-code-intel-worker - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: blobstore + port: 9000 + protocol: TCP + targetPort: blobstore + selector: + app: blobstore + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 05b6b32b7f7702146178081817670b43a900fd5b2ed61dcdaa8e34d7a4e0d204 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel-worker + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3188 + protocol: TCP + targetPort: http + - name: debug + port: 6060 + protocol: TCP + targetPort: debug + selector: + app: precise-code-intel-worker + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-num-workers.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-num-workers.yaml index 5f02a7604e4..ddb55066447 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-num-workers.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-num-workers.yaml @@ -1,253 +1,256 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: ae3936b4f91f4e9c6ec5979fa4778412db0298f3fd33789ca2a652675c2a1a37 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: precise-code-intel-worker - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: ae3936b4f91f4e9c6ec5979fa4778412db0298f3fd33789ca2a652675c2a1a37 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: precise-code-intel-worker + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: precise-code-intel-worker - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: precise-code-intel-worker - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: app: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - spec: - containers: - - env: - - name: NUM_WORKERS - value: "42" - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: precise-code-intel-worker + creationTimestamp: null + labels: + app: precise-code-intel-worker + deploy: sourcegraph name: precise-code-intel-worker - ports: - - containerPort: 3188 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "2" - memory: 4G - requests: - cpu: 500m - memory: 2G + spec: + containers: + - env: + - name: NUM_WORKERS + value: "42" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 500m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmpdir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp - name: tmpdir - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: tmpdir - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmpdir + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - numWorkers: 42 + preciseCodeIntel: + numWorkers: 42 - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: ae3936b4f91f4e9c6ec5979fa4778412db0298f3fd33789ca2a652675c2a1a37 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: ae3936b4f91f4e9c6ec5979fa4778412db0298f3fd33789ca2a652675c2a1a37 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: precise-code-intel-worker - app.kubernetes.io/component: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: ae3936b4f91f4e9c6ec5979fa4778412db0298f3fd33789ca2a652675c2a1a37 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3188 - protocol: TCP - targetPort: http - - name: debug - port: 6060 - protocol: TCP - targetPort: debug - selector: - app: precise-code-intel-worker - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: ae3936b4f91f4e9c6ec5979fa4778412db0298f3fd33789ca2a652675c2a1a37 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel-worker + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3188 + protocol: TCP + targetPort: http + - name: debug + port: 6060 + protocol: TCP + targetPort: debug + selector: + app: precise-code-intel-worker + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-replicas.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-replicas.yaml index d7e0f675c41..82bfc10cb7d 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-replicas.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/precise-code-intel/with-replicas.yaml @@ -1,253 +1,256 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 75f3d926f79f73ef77502da4215fa2db8f4ebe149e367c862b1023d4bbadc115 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: precise-code-intel-worker - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 75f3d926f79f73ef77502da4215fa2db8f4ebe149e367c862b1023d4bbadc115 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: precise-code-intel-worker + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 3 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: precise-code-intel-worker - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: precise-code-intel-worker - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: app: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - spec: - containers: - - env: - - name: NUM_WORKERS - value: "4" - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: precise-code-intel-worker + creationTimestamp: null + labels: + app: precise-code-intel-worker + deploy: sourcegraph name: precise-code-intel-worker - ports: - - containerPort: 3188 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "2" - memory: 4G - requests: - cpu: 500m - memory: 2G + spec: + containers: + - env: + - name: NUM_WORKERS + value: "4" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 500m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmpdir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp - name: tmpdir - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: tmpdir - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmpdir + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - replicas: 3 + preciseCodeIntel: + replicas: 3 - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 75f3d926f79f73ef77502da4215fa2db8f4ebe149e367c862b1023d4bbadc115 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 75f3d926f79f73ef77502da4215fa2db8f4ebe149e367c862b1023d4bbadc115 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: precise-code-intel-worker - app.kubernetes.io/component: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 75f3d926f79f73ef77502da4215fa2db8f4ebe149e367c862b1023d4bbadc115 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3188 - protocol: TCP - targetPort: http - - name: debug - port: 6060 - protocol: TCP - targetPort: debug - selector: - app: precise-code-intel-worker - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 75f3d926f79f73ef77502da4215fa2db8f4ebe149e367c862b1023d4bbadc115 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel-worker + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3188 + protocol: TCP + targetPort: http + - name: debug + port: 6060 + protocol: TCP + targetPort: debug + selector: + app: precise-code-intel-worker + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/default.yaml new file mode 100644 index 00000000000..528f6cf7766 --- /dev/null +++ b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/default.yaml @@ -0,0 +1,564 @@ +resources: + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 40ddb993f0b30dff9200540c876d34e75d530d9ca00cd171e90e517a34b963c2 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: prometheus + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: prometheus + creationTimestamp: null + labels: + app: prometheus + deploy: sourcegraph + name: prometheus + spec: + containers: + - image: index.docker.io/sourcegraph/prometheus:5.3.2@sha256:1b5c003fb39628f79e7655ba33f9ca119ddc4be021602ede3cc1674ef99fcdad + imagePullPolicy: IfNotPresent + name: prometheus + ports: + - containerPort: 9090 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 120 + httpGet: + path: /-/ready + port: http + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: + limits: + cpu: "2" + memory: 6G + requests: + cpu: 500m + memory: 6G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /prometheus + name: data + - mountPath: /sg_prometheus_add_ons + name: config + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + serviceAccount: prometheus + serviceAccountName: prometheus + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: prometheus + - configMap: + defaultMode: 511 + name: prometheus + name: config + status: {} + - apiVersion: v1 + data: + extra_rules.yml: "" + prometheus.yml: | + global: + scrape_interval: 30s + evaluation_interval: 30s + + alerting: + alertmanagers: + # Bundled Alertmanager, started by prom-wrapper + - static_configs: + - targets: ['127.0.0.1:9093'] + path_prefix: /alertmanager + # Uncomment the following to have alerts delivered to additional Alertmanagers discovered + # in the cluster. This configuration is not required if you use Sourcegraph's built-in alerting: + # https://docs.sourcegraph.com/admin/observability/alerting + # - kubernetes_sd_configs: + # - role: endpoints + # relabel_configs: + # - source_labels: [__meta_kubernetes_service_name] + # regex: alertmanager + # action: keep + + rule_files: + - '*_rules.yml' + - "/sg_config_prometheus/*_rules.yml" + - "/sg_prometheus_add_ons/*_rules.yml" + + # A scrape configuration for running Prometheus on a Kubernetes cluster. + # This uses separate scrape configs for cluster components (i.e. API server, node) + # and services to allow each to use different authentication configs. + # + # Kubernetes labels will be added as Prometheus labels on metrics via the + # `labelmap` relabeling action. + + # Scrape config for API servers. + # + # Kubernetes exposes API servers as endpoints to the default/kubernetes + # service so this uses `endpoints` role and uses relabelling to only keep + # the endpoints associated with the default/kubernetes service using the + # default named port `https`. This works for single API server deployments as + # well as HA API server deployments. + scrape_configs: # End of privileged config + + # Scrape config for service endpoints. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + - job_name: 'kubernetes-service-endpoints' + + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - NORMALIZED_FOR_TESTING + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_container_name] + action: drop + regex: jaeger-agent + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+)(?::\d+);(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + # Sourcegraph specific customization. We want a nicer name for job + - source_labels: [app] + action: replace + target_label: job + # Sourcegraph specific customization. We want a nicer name for instance + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: instance + # Sourcegraph specific customization. We want to add a label to every + # metric that indicates the node it came from. + - source_labels: [__meta_kubernetes_endpoint_node_name] + action: replace + target_label: nodename + metric_relabel_configs: + # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API + - source_labels: [nodename] + regex: ^$ + action: drop + + # Example scrape config for probing services via the Blackbox Exporter. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/probe`: Only probe services that have a value of `true` + - job_name: 'kubernetes-services' + + metrics_path: /probe + params: + module: [http_2xx] + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_service_namespace] + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + target_label: kubernetes_name + + # Example scrape config for pods + # + # The relabeling allows the actual pod scrape endpoint to be configured via the + # following annotations: + # + # * `prometheus.io/scrape`: Only scrape pods that have a value of `true` + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. + - job_name: 'kubernetes-pods' + + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: (.+):(?:\d+);(\d+) + replacement: ${1}:${2} + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: ns + # Sourcegraph specific customization. We want to add a label to every + # metric that indicates the node it came from. + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: nodename + + metric_relabel_configs: + # cAdvisor-specific customization. Drop container metrics exported by cAdvisor + # not in the same namespace as Sourcegraph. + # Uncomment this if you have problems with certain dashboards or cAdvisor itself + # picking up non-Sourcegraph services. Ensure all Sourcegraph services are running + # within the Sourcegraph namespace you have defined. + # The regex must keep matches on '^$' (empty string) to ensure other metrics do not + # get dropped. + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: ^$|NORMALIZED_FOR_TESTING + action: keep + # cAdvisor-specific customization. We want container metrics to be named after their container name label. + # Note that 'io.kubernetes.container.name' and 'io.kubernetes.pod.name' must be provided in cAdvisor + # '--whitelisted_container_labels' (see cadvisor.DaemonSet.yaml) + - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] + regex: (.+) + action: replace + target_label: name + separator: '-' + # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API + - source_labels: [nodename] + regex: ^$ + action: drop + + # Scrape prometheus itself for metrics. + - job_name: 'builtin-prometheus' + static_configs: + - targets: ['127.0.0.1:9092'] + labels: + app: prometheus + - job_name: 'builtin-alertmanager' + metrics_path: /alertmanager/metrics + static_configs: + - targets: ['127.0.0.1:9093'] + labels: + app: alertmanager + immutable: false + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/configHash: 40ddb993f0b30dff9200540c876d34e75d530d9ca00cd171e90e517a34b963c2 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: {} + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: 40ddb993f0b30dff9200540c876d34e75d530d9ca00cd171e90e517a34b963c2 + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + annotations: + appliance.sourcegraph.com/configHash: 40ddb993f0b30dff9200540c876d34e75d530d9ca00cd171e90e517a34b963c2 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + rules: + - apiGroups: + - "" + resources: + - endpoints + - pods + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmap + verbs: + - get + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + annotations: + appliance.sourcegraph.com/configHash: 40ddb993f0b30dff9200540c876d34e75d530d9ca00cd171e90e517a34b963c2 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prometheus + subjects: + - kind: ServiceAccount + name: prometheus + namespace: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 40ddb993f0b30dff9200540c876d34e75d530d9ca00cd171e90e517a34b963c2 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 40ddb993f0b30dff9200540c876d34e75d530d9ca00cd171e90e517a34b963c2 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: prometheus + app.kubernetes.io/component: prometheus + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 30090 + protocol: TCP + targetPort: http + selector: + app: syntect-server + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/privileged.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/privileged.yaml new file mode 100644 index 00000000000..f6a4e07f982 --- /dev/null +++ b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/privileged.yaml @@ -0,0 +1,630 @@ +resources: + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: prometheus + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: prometheus + creationTimestamp: null + labels: + app: prometheus + deploy: sourcegraph + name: prometheus + spec: + containers: + - image: index.docker.io/sourcegraph/prometheus:5.3.2@sha256:1b5c003fb39628f79e7655ba33f9ca119ddc4be021602ede3cc1674ef99fcdad + imagePullPolicy: IfNotPresent + name: prometheus + ports: + - containerPort: 9090 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 120 + httpGet: + path: /-/ready + port: http + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: + limits: + cpu: "2" + memory: 6G + requests: + cpu: 500m + memory: 6G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /prometheus + name: data + - mountPath: /sg_prometheus_add_ons + name: config + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + serviceAccount: prometheus + serviceAccountName: prometheus + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: prometheus + - configMap: + defaultMode: 511 + name: prometheus + name: config + status: {} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + for-namespace: NORMALIZED_FOR_TESTING + name: NORMALIZED_FOR_TESTING-prometheus + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + rules: + - apiGroups: + - "" + resources: + - endpoints + - pods + - services + - namespaces + - nodes + - nodes/metrics + - nodes/proxy + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmap + verbs: + - get + - nonResourceURLs: + - /metrics + verbs: + - get + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + for-namespace: NORMALIZED_FOR_TESTING + name: NORMALIZED_FOR_TESTING-prometheus + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: NORMALIZED_FOR_TESTING-prometheus + subjects: + - kind: ServiceAccount + name: prometheus + namespace: NORMALIZED_FOR_TESTING + - apiVersion: v1 + data: + extra_rules.yml: "" + prometheus.yml: | + global: + scrape_interval: 30s + evaluation_interval: 30s + + alerting: + alertmanagers: + # Bundled Alertmanager, started by prom-wrapper + - static_configs: + - targets: ['127.0.0.1:9093'] + path_prefix: /alertmanager + # Uncomment the following to have alerts delivered to additional Alertmanagers discovered + # in the cluster. This configuration is not required if you use Sourcegraph's built-in alerting: + # https://docs.sourcegraph.com/admin/observability/alerting + # - kubernetes_sd_configs: + # - role: endpoints + # relabel_configs: + # - source_labels: [__meta_kubernetes_service_name] + # regex: alertmanager + # action: keep + + rule_files: + - '*_rules.yml' + - "/sg_config_prometheus/*_rules.yml" + - "/sg_prometheus_add_ons/*_rules.yml" + + # A scrape configuration for running Prometheus on a Kubernetes cluster. + # This uses separate scrape configs for cluster components (i.e. API server, node) + # and services to allow each to use different authentication configs. + # + # Kubernetes labels will be added as Prometheus labels on metrics via the + # `labelmap` relabeling action. + + # Scrape config for API servers. + # + # Kubernetes exposes API servers as endpoints to the default/kubernetes + # service so this uses `endpoints` role and uses relabelling to only keep + # the endpoints associated with the default/kubernetes service using the + # default named port `https`. This works for single API server deployments as + # well as HA API server deployments. + scrape_configs: + - job_name: 'kubernetes-apiservers' + + kubernetes_sd_configs: + - role: endpoints + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + # insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + # Keep only the default/kubernetes service endpoints for the https port. This + # will add targets for each API server which Kubernetes adds an endpoint to + # the default/kubernetes service. + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: default;kubernetes;https + + - job_name: 'kubernetes-nodes' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics # End of privileged config + + # Scrape config for service endpoints. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + - job_name: 'kubernetes-service-endpoints' + + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - NORMALIZED_FOR_TESTING + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_container_name] + action: drop + regex: jaeger-agent + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+)(?::\d+);(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + # Sourcegraph specific customization. We want a nicer name for job + - source_labels: [app] + action: replace + target_label: job + # Sourcegraph specific customization. We want a nicer name for instance + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: instance + # Sourcegraph specific customization. We want to add a label to every + # metric that indicates the node it came from. + - source_labels: [__meta_kubernetes_endpoint_node_name] + action: replace + target_label: nodename + metric_relabel_configs: + # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API + - source_labels: [nodename] + regex: ^$ + action: drop + + # Example scrape config for probing services via the Blackbox Exporter. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/probe`: Only probe services that have a value of `true` + - job_name: 'kubernetes-services' + + metrics_path: /probe + params: + module: [http_2xx] + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_service_namespace] + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + target_label: kubernetes_name + + # Example scrape config for pods + # + # The relabeling allows the actual pod scrape endpoint to be configured via the + # following annotations: + # + # * `prometheus.io/scrape`: Only scrape pods that have a value of `true` + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. + - job_name: 'kubernetes-pods' + + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: (.+):(?:\d+);(\d+) + replacement: ${1}:${2} + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: ns + # Sourcegraph specific customization. We want to add a label to every + # metric that indicates the node it came from. + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: nodename + + metric_relabel_configs: + # cAdvisor-specific customization. Drop container metrics exported by cAdvisor + # not in the same namespace as Sourcegraph. + # Uncomment this if you have problems with certain dashboards or cAdvisor itself + # picking up non-Sourcegraph services. Ensure all Sourcegraph services are running + # within the Sourcegraph namespace you have defined. + # The regex must keep matches on '^$' (empty string) to ensure other metrics do not + # get dropped. + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: ^$|NORMALIZED_FOR_TESTING + action: keep + # cAdvisor-specific customization. We want container metrics to be named after their container name label. + # Note that 'io.kubernetes.container.name' and 'io.kubernetes.pod.name' must be provided in cAdvisor + # '--whitelisted_container_labels' (see cadvisor.DaemonSet.yaml) + - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] + regex: (.+) + action: replace + target_label: name + separator: '-' + # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API + - source_labels: [nodename] + regex: ^$ + action: drop + + # Scrape prometheus itself for metrics. + - job_name: 'builtin-prometheus' + static_configs: + - targets: ['127.0.0.1:9092'] + labels: + app: prometheus + - job_name: 'builtin-alertmanager' + metrics_path: /alertmanager/metrics + static_configs: + - targets: ['127.0.0.1:9093'] + labels: + app: alertmanager + immutable: false + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: + privileged: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: prometheus + app.kubernetes.io/component: prometheus + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 30090 + protocol: TCP + targetPort: http + selector: + app: syntect-server + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/subsequent-disable.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/subsequent-disable.yaml new file mode 100644 index 00000000000..0b49c1fd900 --- /dev/null +++ b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/subsequent-disable.yaml @@ -0,0 +1,161 @@ +resources: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + for-namespace: NORMALIZED_FOR_TESTING + name: NORMALIZED_FOR_TESTING-prometheus + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + rules: + - apiGroups: + - "" + resources: + - endpoints + - pods + - services + - namespaces + - nodes + - nodes/metrics + - nodes/proxy + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmap + verbs: + - get + - nonResourceURLs: + - /metrics + verbs: + - get + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + for-namespace: NORMALIZED_FOR_TESTING + name: NORMALIZED_FOR_TESTING-prometheus + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: NORMALIZED_FOR_TESTING-prometheus + subjects: + - kind: ServiceAccount + name: prometheus + namespace: NORMALIZED_FOR_TESTING + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: f3552ecdd048a5aa1442524110f3648d103930c4977323d60e0832a9afbb941a + creationTimestamp: "2024-04-19T00:00:00Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + volumeMode: Filesystem + status: + phase: Pending diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/with-existing-configmap.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/with-existing-configmap.yaml new file mode 100644 index 00000000000..174470fbdad --- /dev/null +++ b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/with-existing-configmap.yaml @@ -0,0 +1,321 @@ +resources: + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: f20217f689003e9cac09c0005fcef47984f55c7df672b25fe21825d28a679cdf + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: prometheus + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: prometheus + creationTimestamp: null + labels: + app: prometheus + deploy: sourcegraph + name: prometheus + spec: + containers: + - image: index.docker.io/sourcegraph/prometheus:5.3.2@sha256:1b5c003fb39628f79e7655ba33f9ca119ddc4be021602ede3cc1674ef99fcdad + imagePullPolicy: IfNotPresent + name: prometheus + ports: + - containerPort: 9090 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 120 + httpGet: + path: /-/ready + port: http + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: + limits: + cpu: "2" + memory: 6G + requests: + cpu: 500m + memory: 6G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /prometheus + name: data + - mountPath: /sg_prometheus_add_ons + name: config + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + serviceAccount: prometheus + serviceAccountName: prometheus + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: prometheus + - configMap: + defaultMode: 511 + name: some-out-of-band-config + name: config + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: + existingConfigMap: some-out-of-band-config + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: f20217f689003e9cac09c0005fcef47984f55c7df672b25fe21825d28a679cdf + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 200Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + annotations: + appliance.sourcegraph.com/configHash: f20217f689003e9cac09c0005fcef47984f55c7df672b25fe21825d28a679cdf + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + rules: + - apiGroups: + - "" + resources: + - endpoints + - pods + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmap + verbs: + - get + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + annotations: + appliance.sourcegraph.com/configHash: f20217f689003e9cac09c0005fcef47984f55c7df672b25fe21825d28a679cdf + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prometheus + subjects: + - kind: ServiceAccount + name: prometheus + namespace: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: f20217f689003e9cac09c0005fcef47984f55c7df672b25fe21825d28a679cdf + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: f20217f689003e9cac09c0005fcef47984f55c7df672b25fe21825d28a679cdf + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: prometheus + app.kubernetes.io/component: prometheus + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 30090 + protocol: TCP + targetPort: http + selector: + app: syntect-server + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/with-storage.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/with-storage.yaml new file mode 100644 index 00000000000..e95f1b49e3b --- /dev/null +++ b/internal/appliance/reconciler/testdata/golden-fixtures/prometheus/with-storage.yaml @@ -0,0 +1,565 @@ +resources: + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3e93177a87a6b1419772658a608559612bdd0e71d369dd8c58af490fc65c6c9d + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: prometheus + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: prometheus + creationTimestamp: null + labels: + app: prometheus + deploy: sourcegraph + name: prometheus + spec: + containers: + - image: index.docker.io/sourcegraph/prometheus:5.3.2@sha256:1b5c003fb39628f79e7655ba33f9ca119ddc4be021602ede3cc1674ef99fcdad + imagePullPolicy: IfNotPresent + name: prometheus + ports: + - containerPort: 9090 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 120 + httpGet: + path: /-/ready + port: http + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: + limits: + cpu: "2" + memory: 6G + requests: + cpu: 500m + memory: 6G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /prometheus + name: data + - mountPath: /sg_prometheus_add_ons + name: config + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + serviceAccount: prometheus + serviceAccountName: prometheus + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: prometheus + - configMap: + defaultMode: 511 + name: prometheus + name: config + status: {} + - apiVersion: v1 + data: + extra_rules.yml: "" + prometheus.yml: | + global: + scrape_interval: 30s + evaluation_interval: 30s + + alerting: + alertmanagers: + # Bundled Alertmanager, started by prom-wrapper + - static_configs: + - targets: ['127.0.0.1:9093'] + path_prefix: /alertmanager + # Uncomment the following to have alerts delivered to additional Alertmanagers discovered + # in the cluster. This configuration is not required if you use Sourcegraph's built-in alerting: + # https://docs.sourcegraph.com/admin/observability/alerting + # - kubernetes_sd_configs: + # - role: endpoints + # relabel_configs: + # - source_labels: [__meta_kubernetes_service_name] + # regex: alertmanager + # action: keep + + rule_files: + - '*_rules.yml' + - "/sg_config_prometheus/*_rules.yml" + - "/sg_prometheus_add_ons/*_rules.yml" + + # A scrape configuration for running Prometheus on a Kubernetes cluster. + # This uses separate scrape configs for cluster components (i.e. API server, node) + # and services to allow each to use different authentication configs. + # + # Kubernetes labels will be added as Prometheus labels on metrics via the + # `labelmap` relabeling action. + + # Scrape config for API servers. + # + # Kubernetes exposes API servers as endpoints to the default/kubernetes + # service so this uses `endpoints` role and uses relabelling to only keep + # the endpoints associated with the default/kubernetes service using the + # default named port `https`. This works for single API server deployments as + # well as HA API server deployments. + scrape_configs: # End of privileged config + + # Scrape config for service endpoints. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + - job_name: 'kubernetes-service-endpoints' + + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - NORMALIZED_FOR_TESTING + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_container_name] + action: drop + regex: jaeger-agent + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+)(?::\d+);(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + # Sourcegraph specific customization. We want a nicer name for job + - source_labels: [app] + action: replace + target_label: job + # Sourcegraph specific customization. We want a nicer name for instance + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: instance + # Sourcegraph specific customization. We want to add a label to every + # metric that indicates the node it came from. + - source_labels: [__meta_kubernetes_endpoint_node_name] + action: replace + target_label: nodename + metric_relabel_configs: + # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API + - source_labels: [nodename] + regex: ^$ + action: drop + + # Example scrape config for probing services via the Blackbox Exporter. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/probe`: Only probe services that have a value of `true` + - job_name: 'kubernetes-services' + + metrics_path: /probe + params: + module: [http_2xx] + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_service_namespace] + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + target_label: ns + - source_labels: [__meta_kubernetes_service_name] + target_label: kubernetes_name + + # Example scrape config for pods + # + # The relabeling allows the actual pod scrape endpoint to be configured via the + # following annotations: + # + # * `prometheus.io/scrape`: Only scrape pods that have a value of `true` + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. + - job_name: 'kubernetes-pods' + + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_sourcegraph_prometheus_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: (.+):(?:\d+);(\d+) + replacement: ${1}:${2} + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name + # Sourcegraph specific customization. We want a more convenient to type label. + # target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: ns + # Sourcegraph specific customization. We want to add a label to every + # metric that indicates the node it came from. + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: nodename + + metric_relabel_configs: + # cAdvisor-specific customization. Drop container metrics exported by cAdvisor + # not in the same namespace as Sourcegraph. + # Uncomment this if you have problems with certain dashboards or cAdvisor itself + # picking up non-Sourcegraph services. Ensure all Sourcegraph services are running + # within the Sourcegraph namespace you have defined. + # The regex must keep matches on '^$' (empty string) to ensure other metrics do not + # get dropped. + - source_labels: [container_label_io_kubernetes_pod_namespace] + regex: ^$|NORMALIZED_FOR_TESTING + action: keep + # cAdvisor-specific customization. We want container metrics to be named after their container name label. + # Note that 'io.kubernetes.container.name' and 'io.kubernetes.pod.name' must be provided in cAdvisor + # '--whitelisted_container_labels' (see cadvisor.DaemonSet.yaml) + - source_labels: [container_label_io_kubernetes_container_name, container_label_io_kubernetes_pod_name] + regex: (.+) + action: replace + target_label: name + separator: '-' + # Sourcegraph specific customization. Drop metrics with empty nodename responses from the k8s API + - source_labels: [nodename] + regex: ^$ + action: drop + + # Scrape prometheus itself for metrics. + - job_name: 'builtin-prometheus' + static_configs: + - targets: ['127.0.0.1:9092'] + labels: + app: prometheus + - job_name: 'builtin-alertmanager' + metrics_path: /alertmanager/metrics + static_configs: + - targets: ['127.0.0.1:9093'] + labels: + app: alertmanager + immutable: false + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3e93177a87a6b1419772658a608559612bdd0e71d369dd8c58af490fc65c6c9d + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: + storageSize: 123Gi + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3e93177a87a6b1419772658a608559612bdd0e71d369dd8c58af490fc65c6c9d + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 123Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3e93177a87a6b1419772658a608559612bdd0e71d369dd8c58af490fc65c6c9d + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + rules: + - apiGroups: + - "" + resources: + - endpoints + - pods + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmap + verbs: + - get + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3e93177a87a6b1419772658a608559612bdd0e71d369dd8c58af490fc65c6c9d + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prometheus + subjects: + - kind: ServiceAccount + name: prometheus + namespace: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3e93177a87a6b1419772658a608559612bdd0e71d369dd8c58af490fc65c6c9d + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3e93177a87a6b1419772658a608559612bdd0e71d369dd8c58af490fc65c6c9d + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: prometheus + app.kubernetes.io/component: prometheus + deploy: sourcegraph + name: prometheus + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 30090 + protocol: TCP + targetPort: http + selector: + app: syntect-server + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/redis/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/redis/default.yaml index 00dc5144575..952dcd99aa2 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/redis/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/redis/default.yaml @@ -1,509 +1,528 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: redis-cache - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: redis-cache + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: redis-cache - strategy: - type: Recreate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: redis-cache - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: redis-cache - deploy: sourcegraph - name: redis-cache - spec: - containers: - - image: index.docker.io/sourcegraph/redis-cache:5.3.2@sha256:ed79dada4d1a2bd85fb8450dffe227283ab6ae0e7ce56dc5056fbb8202d95624 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 2 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - tcpSocket: - port: redis - timeoutSeconds: 5 + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: redis-cache + creationTimestamp: null + labels: + app: redis-cache + deploy: sourcegraph name: redis-cache - ports: - - containerPort: 6379 - name: redis - protocol: TCP - readinessProbe: - exec: - command: - - /bin/sh - - -c - - "\n#!/bin/bash\nif [ -f /etc/redis/redis.conf ]; then\n REDISCLI_AUTH=$(grep - -h \"requirepass\" /etc/redis/redis.conf | cut -d ' ' -f 2)\nfi\nresponse=$(\n - \ redis-cli ping\n)\nif [ \"$response\" != \"PONG\" ]; then\n echo - \"$response\"\n exit 1\nfi\n\t\t\t\t\t" - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "1" - memory: 7Gi - requests: - cpu: "1" - memory: 7Gi + spec: + containers: + - image: index.docker.io/sourcegraph/redis-cache:5.3.2@sha256:ed79dada4d1a2bd85fb8450dffe227283ab6ae0e7ce56dc5056fbb8202d95624 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 2 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + tcpSocket: + port: redis + timeoutSeconds: 5 + name: redis-cache + ports: + - containerPort: 6379 + name: redis + protocol: TCP + readinessProbe: + exec: + command: + - /bin/sh + - -c + - |2 + #!/bin/bash + if [ -f /etc/redis/redis.conf ]; then + REDISCLI_AUTH=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 7Gi + requests: + cpu: "1" + memory: 7Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786 + imagePullPolicy: IfNotPresent + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + protocol: TCP + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /redis-data - name: redis-data - - image: index.docker.io/sourcegraph/redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786 - imagePullPolicy: IfNotPresent - name: redis-exporter - ports: - - containerPort: 9121 - name: redisexp - protocol: TCP - resources: - limits: - cpu: 10m - memory: 100Mi - requests: - cpu: 10m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - name: redis-data - persistentVolumeClaim: - claimName: redis-cache - status: {} -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: redis-store - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-store - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + terminationGracePeriodSeconds: 30 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-cache + status: {} + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: redis-store + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-store + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: redis-store - strategy: - type: Recreate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: redis-store - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: redis-store - deploy: sourcegraph - name: redis-store - spec: - containers: - - image: index.docker.io/sourcegraph/redis-store:5.3.2@sha256:0e3270a5eb293c158093f41145810eb5a154f61a74c9a896690dfdecd1b98b39 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 2 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - tcpSocket: - port: redis - timeoutSeconds: 5 + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: redis-store + creationTimestamp: null + labels: + app: redis-store + deploy: sourcegraph name: redis-store - ports: - - containerPort: 6379 - name: redis - protocol: TCP - readinessProbe: - exec: - command: - - /bin/sh - - -c - - "\n#!/bin/bash\nif [ -f /etc/redis/redis.conf ]; then\n REDISCLI_AUTH=$(grep - -h \"requirepass\" /etc/redis/redis.conf | cut -d ' ' -f 2)\nfi\nresponse=$(\n - \ redis-cli ping\n)\nif [ \"$response\" != \"PONG\" ]; then\n echo - \"$response\"\n exit 1\nfi\n\t\t\t\t\t" - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "1" - memory: 7Gi - requests: - cpu: "1" - memory: 7Gi + spec: + containers: + - image: index.docker.io/sourcegraph/redis-store:5.3.2@sha256:0e3270a5eb293c158093f41145810eb5a154f61a74c9a896690dfdecd1b98b39 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 2 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + tcpSocket: + port: redis + timeoutSeconds: 5 + name: redis-store + ports: + - containerPort: 6379 + name: redis + protocol: TCP + readinessProbe: + exec: + command: + - /bin/sh + - -c + - |2 + #!/bin/bash + if [ -f /etc/redis/redis.conf ]; then + REDISCLI_AUTH=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 7Gi + requests: + cpu: "1" + memory: 7Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786 + imagePullPolicy: IfNotPresent + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + protocol: TCP + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /redis-data - name: redis-data - - image: index.docker.io/sourcegraph/redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786 - imagePullPolicy: IfNotPresent - name: redis-exporter - ports: - - containerPort: 9121 - name: redisexp - protocol: TCP - resources: - limits: - cpu: 10m - memory: 100Mi - requests: - cpu: 10m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - name: redis-data - persistentVolumeClaim: - claimName: redis-store - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + terminationGracePeriodSeconds: 30 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-store + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: {} + redisCache: {} - redisStore: {} + redisStore: {} - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: redis-store - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - data: - endpoint: cmVkaXMtY2FjaGU6NjM3OQ== - kind: Secret - metadata: - annotations: - appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app.kubernetes.io/component: redis-cache - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: redis-store + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - type: Opaque -- apiVersion: v1 - data: - endpoint: cmVkaXMtc3RvcmU6NjM3OQ== - kind: Secret - metadata: - annotations: - appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app.kubernetes.io/component: redis-store - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-store - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + data: + endpoint: cmVkaXMtY2FjaGU6NjM3OQ== + kind: Secret + metadata: + annotations: + appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app.kubernetes.io/component: redis-cache + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - type: Opaque -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf - prometheus.io/port: "9121" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: redis-cache - app.kubernetes.io/component: redis-cache - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + type: Opaque + - apiVersion: v1 + data: + endpoint: cmVkaXMtc3RvcmU6NjM3OQ== + kind: Secret + metadata: + annotations: + appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app.kubernetes.io/component: redis-store + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-store + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: redis - port: 6379 - protocol: TCP - targetPort: redis - selector: - app: redis-cache - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf - prometheus.io/port: "9121" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: redis-store - app.kubernetes.io/component: redis-store - deploy: sourcegraph - name: redis-store - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + type: Opaque + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: redis-cache + app.kubernetes.io/component: redis-cache + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: redis - port: 6379 - protocol: TCP - targetPort: redis - selector: - app: redis-store - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis + selector: + app: redis-cache + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 142c00ae31a1d919c6bebf39a02cfd56ecf57e219dc5427b0fbeba316a831ebf + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: redis-store + app.kubernetes.io/component: redis-store + deploy: sourcegraph + name: redis-store + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis + selector: + app: redis-store + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/redis/with-storage.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/redis/with-storage.yaml index e8ed98d9aa2..ff667b6f680 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/redis/with-storage.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/redis/with-storage.yaml @@ -1,511 +1,530 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: redis-cache - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: redis-cache + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: redis-cache - strategy: - type: Recreate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: redis-cache - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: redis-cache - deploy: sourcegraph - name: redis-cache - spec: - containers: - - image: index.docker.io/sourcegraph/redis-cache:5.3.2@sha256:ed79dada4d1a2bd85fb8450dffe227283ab6ae0e7ce56dc5056fbb8202d95624 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 2 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - tcpSocket: - port: redis - timeoutSeconds: 5 + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: redis-cache + creationTimestamp: null + labels: + app: redis-cache + deploy: sourcegraph name: redis-cache - ports: - - containerPort: 6379 - name: redis - protocol: TCP - readinessProbe: - exec: - command: - - /bin/sh - - -c - - "\n#!/bin/bash\nif [ -f /etc/redis/redis.conf ]; then\n REDISCLI_AUTH=$(grep - -h \"requirepass\" /etc/redis/redis.conf | cut -d ' ' -f 2)\nfi\nresponse=$(\n - \ redis-cli ping\n)\nif [ \"$response\" != \"PONG\" ]; then\n echo - \"$response\"\n exit 1\nfi\n\t\t\t\t\t" - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "1" - memory: 7Gi - requests: - cpu: "1" - memory: 7Gi + spec: + containers: + - image: index.docker.io/sourcegraph/redis-cache:5.3.2@sha256:ed79dada4d1a2bd85fb8450dffe227283ab6ae0e7ce56dc5056fbb8202d95624 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 2 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + tcpSocket: + port: redis + timeoutSeconds: 5 + name: redis-cache + ports: + - containerPort: 6379 + name: redis + protocol: TCP + readinessProbe: + exec: + command: + - /bin/sh + - -c + - |2 + #!/bin/bash + if [ -f /etc/redis/redis.conf ]; then + REDISCLI_AUTH=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 7Gi + requests: + cpu: "1" + memory: 7Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786 + imagePullPolicy: IfNotPresent + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + protocol: TCP + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /redis-data - name: redis-data - - image: index.docker.io/sourcegraph/redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786 - imagePullPolicy: IfNotPresent - name: redis-exporter - ports: - - containerPort: 9121 - name: redisexp - protocol: TCP - resources: - limits: - cpu: 10m - memory: 100Mi - requests: - cpu: 10m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - name: redis-data - persistentVolumeClaim: - claimName: redis-cache - status: {} -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: redis-store - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-store - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + terminationGracePeriodSeconds: 30 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-cache + status: {} + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: redis-store + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-store + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: redis-store - strategy: - type: Recreate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: redis-store - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: redis-store - deploy: sourcegraph - name: redis-store - spec: - containers: - - image: index.docker.io/sourcegraph/redis-store:5.3.2@sha256:0e3270a5eb293c158093f41145810eb5a154f61a74c9a896690dfdecd1b98b39 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 2 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - tcpSocket: - port: redis - timeoutSeconds: 5 + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: redis-store + creationTimestamp: null + labels: + app: redis-store + deploy: sourcegraph name: redis-store - ports: - - containerPort: 6379 - name: redis - protocol: TCP - readinessProbe: - exec: - command: - - /bin/sh - - -c - - "\n#!/bin/bash\nif [ -f /etc/redis/redis.conf ]; then\n REDISCLI_AUTH=$(grep - -h \"requirepass\" /etc/redis/redis.conf | cut -d ' ' -f 2)\nfi\nresponse=$(\n - \ redis-cli ping\n)\nif [ \"$response\" != \"PONG\" ]; then\n echo - \"$response\"\n exit 1\nfi\n\t\t\t\t\t" - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "1" - memory: 7Gi - requests: - cpu: "1" - memory: 7Gi + spec: + containers: + - image: index.docker.io/sourcegraph/redis-store:5.3.2@sha256:0e3270a5eb293c158093f41145810eb5a154f61a74c9a896690dfdecd1b98b39 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 2 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + tcpSocket: + port: redis + timeoutSeconds: 5 + name: redis-store + ports: + - containerPort: 6379 + name: redis + protocol: TCP + readinessProbe: + exec: + command: + - /bin/sh + - -c + - |2 + #!/bin/bash + if [ -f /etc/redis/redis.conf ]; then + REDISCLI_AUTH=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 7Gi + requests: + cpu: "1" + memory: 7Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786 + imagePullPolicy: IfNotPresent + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + protocol: TCP + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /redis-data - name: redis-data - - image: index.docker.io/sourcegraph/redis_exporter:5.3.2@sha256:21a9dd9214483a42b11d58bf99e4f268f44257a4f67acd436d458797a31b7786 - imagePullPolicy: IfNotPresent - name: redis-exporter - ports: - - containerPort: 9121 - name: redisexp - protocol: TCP - resources: - limits: - cpu: 10m - memory: 100Mi - requests: - cpu: 10m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - name: redis-data - persistentVolumeClaim: - claimName: redis-store - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + terminationGracePeriodSeconds: 30 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-store + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - storageSize: 123Gi + redisCache: + storageSize: 123Gi - redisStore: - storageSize: 123Gi + redisStore: + storageSize: 123Gi - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 123Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: redis-store - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 123Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - data: - endpoint: cmVkaXMtY2FjaGU6NjM3OQ== - kind: Secret - metadata: - annotations: - appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app.kubernetes.io/component: redis-cache - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 123Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: redis-store + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - type: Opaque -- apiVersion: v1 - data: - endpoint: cmVkaXMtc3RvcmU6NjM3OQ== - kind: Secret - metadata: - annotations: - appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app.kubernetes.io/component: redis-store - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-store - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 123Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + data: + endpoint: cmVkaXMtY2FjaGU6NjM3OQ== + kind: Secret + metadata: + annotations: + appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app.kubernetes.io/component: redis-cache + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - type: Opaque -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c - prometheus.io/port: "9121" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: redis-cache - app.kubernetes.io/component: redis-cache - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + type: Opaque + - apiVersion: v1 + data: + endpoint: cmVkaXMtc3RvcmU6NjM3OQ== + kind: Secret + metadata: + annotations: + appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app.kubernetes.io/component: redis-store + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-store + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: redis - port: 6379 - protocol: TCP - targetPort: redis - selector: - app: redis-cache - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c - prometheus.io/port: "9121" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: redis-store - app.kubernetes.io/component: redis-store - deploy: sourcegraph - name: redis-store - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + type: Opaque + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: redis-cache + app.kubernetes.io/component: redis-cache + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: redis - port: 6379 - protocol: TCP - targetPort: redis - selector: - app: redis-store - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis + selector: + app: redis-cache + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: dcf04ea0a83980da871d47b3c8a1b6270dd967bb34163ae59384fdfd9ff5eb1c + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: redis-store + app.kubernetes.io/component: redis-store + deploy: sourcegraph + name: redis-store + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis + selector: + app: redis-store + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/repo-updater/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/repo-updater/default.yaml index c57f2a89329..7fc2259d9ea 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/repo-updater/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/repo-updater/default.yaml @@ -1,246 +1,249 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 3faa37df52522509224800ad0dec835c442830666395c449e98bfe72eb739ac3 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: repo-updater - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3faa37df52522509224800ad0dec835c442830666395c449e98bfe72eb739ac3 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: repo-updater + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: repo-updater - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: repo-updater - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: repo-updater - deploy: sourcegraph - name: repo-updater - spec: - containers: - - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: repo-updater + creationTimestamp: null + labels: + app: repo-updater + deploy: sourcegraph name: repo-updater - ports: - - containerPort: 3182 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "1" - memory: 2Gi - requests: - cpu: "1" - memory: 500Mi + spec: + containers: + - env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: repo-updater - serviceAccountName: repo-updater - terminationGracePeriodSeconds: 30 - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + serviceAccount: repo-updater + serviceAccountName: repo-updater + terminationGracePeriodSeconds: 30 + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: {} + repoUpdater: {} - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 3faa37df52522509224800ad0dec835c442830666395c449e98bfe72eb739ac3 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 3faa37df52522509224800ad0dec835c442830666395c449e98bfe72eb739ac3 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: repo-updater - app.kubernetes.io/component: repo-updater - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3faa37df52522509224800ad0dec835c442830666395c449e98bfe72eb739ac3 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3182 - protocol: TCP - targetPort: http - selector: - app: repo-updater - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 3faa37df52522509224800ad0dec835c442830666395c449e98bfe72eb739ac3 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3182 + protocol: TCP + targetPort: http + selector: + app: repo-updater + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/blobstore-subsequent-disable.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/blobstore-subsequent-disable.yaml index 347caaaf83f..94df815468b 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/blobstore-subsequent-disable.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/blobstore-subsequent-disable.yaml @@ -1,99 +1,102 @@ resources: -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - volumeMode: Filesystem - status: - phase: Pending + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeMode: Filesystem + status: + phase: Pending diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/blobstore-with-named-storage-class.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/blobstore-with-named-storage-class.yaml index b18820864c8..82e86ae08cf 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/blobstore-with-named-storage-class.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/blobstore-with-named-storage-class.yaml @@ -1,229 +1,232 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: blobstore - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: blobstore + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: blobstore - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: blobstore - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: blobstore - deploy: sourcegraph - name: blobstore - spec: - containers: - - image: index.docker.io/sourcegraph/blobstore:5.3.2@sha256:d625be1eefe61cc42f94498e3c588bf212c4159c8b20c519db84eae4ff715efa - imagePullPolicy: IfNotPresent + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: blobstore + creationTimestamp: null + labels: + app: blobstore + deploy: sourcegraph name: blobstore - ports: - - containerPort: 9000 - name: blobstore - protocol: TCP - resources: - limits: - cpu: "1" - memory: 500M - requests: - cpu: "1" - memory: 500M + spec: + containers: + - image: index.docker.io/sourcegraph/blobstore:5.3.2@sha256:d625be1eefe61cc42f94498e3c588bf212c4159c8b20c519db84eae4ff715efa + imagePullPolicy: IfNotPresent + name: blobstore + ports: + - containerPort: 9000 + name: blobstore + protocol: TCP + resources: + limits: + cpu: "1" + memory: 500M + requests: + cpu: "1" + memory: 500M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /blobstore + name: blobstore + - mountPath: /data + name: blobstore-data + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /blobstore - name: blobstore - - mountPath: /data - name: blobstore-data - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: blobstore - - name: blobstore-data - persistentVolumeClaim: - claimName: blobstore - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: blobstore + - name: blobstore-data + persistentVolumeClaim: + claimName: blobstore + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: {} + blobstore: {} - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true + worker: + disabled: true - storageClass: - name: sourcegraph - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + storageClass: + name: sourcegraph + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: sourcegraph - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: blobstore - app.kubernetes.io/component: blobstore - deploy: sourcegraph - name: blobstore - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: blobstore - port: 9000 - protocol: TCP - targetPort: blobstore - selector: - app: blobstore - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: sourcegraph + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: d33e42f7a0651e109c1a55ae881f9e3000e194cb5257dad1714cf26d5a370b3c + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: blobstore + app.kubernetes.io/component: blobstore + deploy: sourcegraph + name: blobstore + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: blobstore + port: 9000 + protocol: TCP + targetPort: blobstore + selector: + app: blobstore + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/precise-code-intel-with-env-vars.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/precise-code-intel-with-env-vars.yaml index 741bfa81ce8..9eea632ea7c 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/precise-code-intel-with-env-vars.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/precise-code-intel-with-env-vars.yaml @@ -1,261 +1,264 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 83689326f712d087a04bc450648847ed22cf610bc94aa0fc9437cff54b7bcf8b - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: precise-code-intel-worker - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 83689326f712d087a04bc450648847ed22cf610bc94aa0fc9437cff54b7bcf8b + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: precise-code-intel-worker + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: precise-code-intel-worker - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: precise-code-intel-worker - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: app: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - spec: - containers: - - env: - - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND - value: S3 - - name: PRECISE_CODE_INTEL_WORKER_POLL_INTERVAL - value: 30s - - name: NUM_WORKERS - value: "4" - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: precise-code-intel-worker + creationTimestamp: null + labels: + app: precise-code-intel-worker + deploy: sourcegraph name: precise-code-intel-worker - ports: - - containerPort: 3188 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "2" - memory: 4G - requests: - cpu: 500m - memory: 2G + spec: + containers: + - env: + - name: PRECISE_CODE_INTEL_UPLOAD_BACKEND + value: S3 + - name: PRECISE_CODE_INTEL_WORKER_POLL_INTERVAL + value: 30s + - name: NUM_WORKERS + value: "4" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/precise-code-intel-worker:5.3.2@sha256:6142093097f5757afe772cffd131c1be54bb77335232011254733f51ffb2d6c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: precise-code-intel-worker + ports: + - containerPort: 3188 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "2" + memory: 4G + requests: + cpu: 500m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmpdir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp - name: tmpdir - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: tmpdir - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmpdir + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - containerConfig: - precise-code-intel-worker: - envVars: - PRECISE_CODE_INTEL_WORKER_POLL_INTERVAL: 30s - PRECISE_CODE_INTEL_UPLOAD_BACKEND: S3 + preciseCodeIntel: + containerConfig: + precise-code-intel-worker: + envVars: + PRECISE_CODE_INTEL_WORKER_POLL_INTERVAL: 30s + PRECISE_CODE_INTEL_UPLOAD_BACKEND: S3 - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 83689326f712d087a04bc450648847ed22cf610bc94aa0fc9437cff54b7bcf8b - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 83689326f712d087a04bc450648847ed22cf610bc94aa0fc9437cff54b7bcf8b - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: precise-code-intel-worker - app.kubernetes.io/component: precise-code-intel-worker - deploy: sourcegraph - name: precise-code-intel-worker - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 83689326f712d087a04bc450648847ed22cf610bc94aa0fc9437cff54b7bcf8b + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3188 - protocol: TCP - targetPort: http - - name: debug - port: 6060 - protocol: TCP - targetPort: debug - selector: - app: precise-code-intel-worker - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 83689326f712d087a04bc450648847ed22cf610bc94aa0fc9437cff54b7bcf8b + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: precise-code-intel-worker + app.kubernetes.io/component: precise-code-intel-worker + deploy: sourcegraph + name: precise-code-intel-worker + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3188 + protocol: TCP + targetPort: http + - name: debug + port: 6060 + protocol: TCP + targetPort: debug + selector: + app: precise-code-intel-worker + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/redis-with-multiple-custom-images.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/redis-with-multiple-custom-images.yaml index 0bdc52f8a9a..67bf62a2824 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/redis-with-multiple-custom-images.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/redis-with-multiple-custom-images.yaml @@ -1,293 +1,304 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 47d66a78b1de65fcfbf8ab61f1629a4e0eaec6b84314237799f4e7cb02ac1d2f - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: redis-cache - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 47d66a78b1de65fcfbf8ab61f1629a4e0eaec6b84314237799f4e7cb02ac1d2f + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: redis-cache + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: redis-cache - strategy: - type: Recreate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: redis-cache - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: redis-cache - deploy: sourcegraph - name: redis-cache - spec: - containers: - - image: index.docker.io/sourcegraph/redis-custom-image:default - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 2 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - tcpSocket: - port: redis - timeoutSeconds: 5 + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: redis-cache + creationTimestamp: null + labels: + app: redis-cache + deploy: sourcegraph name: redis-cache - ports: - - containerPort: 6379 - name: redis - protocol: TCP - readinessProbe: - exec: - command: - - /bin/sh - - -c - - "\n#!/bin/bash\nif [ -f /etc/redis/redis.conf ]; then\n REDISCLI_AUTH=$(grep - -h \"requirepass\" /etc/redis/redis.conf | cut -d ' ' -f 2)\nfi\nresponse=$(\n - \ redis-cli ping\n)\nif [ \"$response\" != \"PONG\" ]; then\n echo - \"$response\"\n exit 1\nfi\n\t\t\t\t\t" - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "1" - memory: 7Gi - requests: - cpu: "1" - memory: 7Gi + spec: + containers: + - image: index.docker.io/sourcegraph/redis-custom-image:default + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 2 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + tcpSocket: + port: redis + timeoutSeconds: 5 + name: redis-cache + ports: + - containerPort: 6379 + name: redis + protocol: TCP + readinessProbe: + exec: + command: + - /bin/sh + - -c + - |2 + #!/bin/bash + if [ -f /etc/redis/redis.conf ]; then + REDISCLI_AUTH=$(grep -h "requirepass" /etc/redis/redis.conf | cut -d ' ' -f 2) + fi + response=$( + redis-cli ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "1" + memory: 7Gi + requests: + cpu: "1" + memory: 7Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /redis-data + name: redis-data + - image: index.docker.io/sourcegraph/redis-exporter-custom-image:default + imagePullPolicy: IfNotPresent + name: redis-exporter + ports: + - containerPort: 9121 + name: redisexp + protocol: TCP + resources: + limits: + cpu: 10m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /redis-data - name: redis-data - - image: index.docker.io/sourcegraph/redis-exporter-custom-image:default - imagePullPolicy: IfNotPresent - name: redis-exporter - ports: - - containerPort: 9121 - name: redisexp - protocol: TCP - resources: - limits: - cpu: 10m - memory: 100Mi - requests: - cpu: 10m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsUser: 999 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - terminationGracePeriodSeconds: 30 - volumes: - - name: redis-data - persistentVolumeClaim: - claimName: redis-cache - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + terminationGracePeriodSeconds: 30 + volumes: + - name: redis-data + persistentVolumeClaim: + claimName: redis-cache + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - containerConfig: - redis-cache: - image: redis-custom-image:default - redis-exporter: - image: redis-exporter-custom-image:default + redisCache: + containerConfig: + redis-cache: + image: redis-custom-image:default + redis-exporter: + image: redis-exporter-custom-image:default - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - annotations: - appliance.sourcegraph.com/configHash: 47d66a78b1de65fcfbf8ab61f1629a4e0eaec6b84314237799f4e7cb02ac1d2f - creationTimestamp: "2024-04-19T00:00:00Z" - finalizers: - - kubernetes.io/pvc-protection - labels: - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - volumeMode: Filesystem - status: - phase: Pending -- apiVersion: v1 - data: - endpoint: cmVkaXMtY2FjaGU6NjM3OQ== - kind: Secret - metadata: - annotations: - appliance.sourcegraph.com/configHash: 47d66a78b1de65fcfbf8ab61f1629a4e0eaec6b84314237799f4e7cb02ac1d2f - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app.kubernetes.io/component: redis-cache - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + annotations: + appliance.sourcegraph.com/configHash: 47d66a78b1de65fcfbf8ab61f1629a4e0eaec6b84314237799f4e7cb02ac1d2f + creationTimestamp: "2024-04-19T00:00:00Z" + finalizers: + - kubernetes.io/pvc-protection + labels: + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - type: Opaque -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 47d66a78b1de65fcfbf8ab61f1629a4e0eaec6b84314237799f4e7cb02ac1d2f - prometheus.io/port: "9121" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: redis-cache - app.kubernetes.io/component: redis-cache - deploy: sourcegraph - name: redis-cache - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeMode: Filesystem + status: + phase: Pending + - apiVersion: v1 + data: + endpoint: cmVkaXMtY2FjaGU6NjM3OQ== + kind: Secret + metadata: + annotations: + appliance.sourcegraph.com/configHash: 47d66a78b1de65fcfbf8ab61f1629a4e0eaec6b84314237799f4e7cb02ac1d2f + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app.kubernetes.io/component: redis-cache + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: redis - port: 6379 - protocol: TCP - targetPort: redis - selector: - app: redis-cache - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + type: Opaque + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 47d66a78b1de65fcfbf8ab61f1629a4e0eaec6b84314237799f4e7cb02ac1d2f + prometheus.io/port: "9121" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: redis-cache + app.kubernetes.io/component: redis-cache + deploy: sourcegraph + name: redis-cache + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis + selector: + app: redis-cache + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-no-resources.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-no-resources.yaml index 9910b360fb2..095c864f44d 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-no-resources.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-no-resources.yaml @@ -1,243 +1,246 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: db60986dc2fa6300a59d62fe32fccd74d3974c69bc88550270eb14ce4f2831ac - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: repo-updater - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: db60986dc2fa6300a59d62fe32fccd74d3974c69bc88550270eb14ce4f2831ac + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: repo-updater + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: repo-updater - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: repo-updater - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: repo-updater - deploy: sourcegraph - name: repo-updater - spec: - containers: - - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: repo-updater + creationTimestamp: null + labels: + app: repo-updater + deploy: sourcegraph name: repo-updater - ports: - - containerPort: 3182 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} + spec: + containers: + - env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: repo-updater - serviceAccountName: repo-updater - terminationGracePeriodSeconds: 30 - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + serviceAccount: repo-updater + serviceAccountName: repo-updater + terminationGracePeriodSeconds: 30 + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - containerConfig: - repo-updater: - bestEffortQOS: true + repoUpdater: + containerConfig: + repo-updater: + bestEffortQOS: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: db60986dc2fa6300a59d62fe32fccd74d3974c69bc88550270eb14ce4f2831ac - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: db60986dc2fa6300a59d62fe32fccd74d3974c69bc88550270eb14ce4f2831ac - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: repo-updater - app.kubernetes.io/component: repo-updater - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: db60986dc2fa6300a59d62fe32fccd74d3974c69bc88550270eb14ce4f2831ac + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3182 - protocol: TCP - targetPort: http - selector: - app: repo-updater - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: db60986dc2fa6300a59d62fe32fccd74d3974c69bc88550270eb14ce4f2831ac + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3182 + protocol: TCP + targetPort: http + selector: + app: repo-updater + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-pod-template-config.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-pod-template-config.yaml index 476a71f4d28..822373cb4e2 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-pod-template-config.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-pod-template-config.yaml @@ -1,283 +1,286 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 22be172d47714de247ecfb86dd3692c0dfcff8382c02f80c6ba4df3fb3935104 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: repo-updater - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 22be172d47714de247ecfb86dd3692c0dfcff8382c02f80c6ba4df3fb3935104 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: repo-updater + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: repo-updater - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: repo-updater - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: repo-updater - deploy: sourcegraph - name: repo-updater - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: disktype - operator: In - values: - - ssd - containers: - - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: repo-updater + creationTimestamp: null + labels: + app: repo-updater + deploy: sourcegraph name: repo-updater - ports: - - containerPort: 3182 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "1" - memory: 2Gi - requests: - cpu: "1" - memory: 500Mi + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + containers: + - env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: myPrivateRegistrySecret + nodeSelector: + my-node-label: some-value + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - imagePullSecrets: - - name: myPrivateRegistrySecret - nodeSelector: - my-node-label: some-value - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: repo-updater - serviceAccountName: repo-updater - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoSchedule - key: key1 - operator: Equal - value: value1 - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + serviceAccount: repo-updater + serviceAccountName: repo-updater + terminationGracePeriodSeconds: 30 + tolerations: + - effect: NoSchedule + key: key1 + operator: Equal + value: value1 + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - podTemplateConfig: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: disktype - operator: In - values: - - ssd - imagePullSecrets: - - name: myPrivateRegistrySecret - nodeSelector: - my-node-label: some-value - tolerations: - - key: "key1" - operator: "Equal" - value: "value1" - effect: "NoSchedule" + repoUpdater: + podTemplateConfig: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd + imagePullSecrets: + - name: myPrivateRegistrySecret + nodeSelector: + my-node-label: some-value + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 22be172d47714de247ecfb86dd3692c0dfcff8382c02f80c6ba4df3fb3935104 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 22be172d47714de247ecfb86dd3692c0dfcff8382c02f80c6ba4df3fb3935104 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: repo-updater - app.kubernetes.io/component: repo-updater - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 22be172d47714de247ecfb86dd3692c0dfcff8382c02f80c6ba4df3fb3935104 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3182 - protocol: TCP - targetPort: http - selector: - app: repo-updater - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 22be172d47714de247ecfb86dd3692c0dfcff8382c02f80c6ba4df3fb3935104 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3182 + protocol: TCP + targetPort: http + selector: + app: repo-updater + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-resources.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-resources.yaml index d33efa64772..9c08a95a8ac 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-resources.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-resources.yaml @@ -1,255 +1,258 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: ef7e879dd6941a6e3549b796700a532ce0069f41b2a7ecd3dc6dfcce79811954 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: repo-updater - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: ef7e879dd6941a6e3549b796700a532ce0069f41b2a7ecd3dc6dfcce79811954 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: repo-updater + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: repo-updater - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: repo-updater - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: repo-updater - deploy: sourcegraph - name: repo-updater - spec: - containers: - - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: repo-updater + creationTimestamp: null + labels: + app: repo-updater + deploy: sourcegraph name: repo-updater - ports: - - containerPort: 3182 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: 1500m - memory: 2Gi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 101 - runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: repo-updater - serviceAccountName: repo-updater - terminationGracePeriodSeconds: 30 - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" - - blobstore: - disabled: true - - codeInsights: - disabled: true - - codeIntel: - disabled: true - - frontend: - disabled: true - - gitServer: - disabled: true - - indexedSearch: - disabled: true - - indexedSearchIndexer: - disabled: true - - pgsql: - disabled: true - - postgresExporter: - disabled: true - - preciseCodeIntel: - disabled: true - - redisCache: - disabled: true - - redisStore: - disabled: true - - repoUpdater: - containerConfig: - repo-updater: + spec: + containers: + - env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 resources: - requests: - cpu: 1500m - memory: 2Gi limits: cpu: "4" memory: 4Gi + requests: + cpu: 1500m + memory: 2Gi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 101 + runAsUser: 100 + serviceAccount: repo-updater + serviceAccountName: repo-updater + terminationGracePeriodSeconds: 30 + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - searcher: - disabled: true + blobstore: + disabled: true - symbols: - disabled: true + codeInsights: + disabled: true - syntectServer: - disabled: true + codeIntel: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: ef7e879dd6941a6e3549b796700a532ce0069f41b2a7ecd3dc6dfcce79811954 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + containerConfig: + repo-updater: + resources: + requests: + cpu: 1500m + memory: 2Gi + limits: + cpu: "4" + memory: 4Gi + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: ef7e879dd6941a6e3549b796700a532ce0069f41b2a7ecd3dc6dfcce79811954 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: repo-updater - app.kubernetes.io/component: repo-updater - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: ef7e879dd6941a6e3549b796700a532ce0069f41b2a7ecd3dc6dfcce79811954 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3182 - protocol: TCP - targetPort: http - selector: - app: repo-updater - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: ef7e879dd6941a6e3549b796700a532ce0069f41b2a7ecd3dc6dfcce79811954 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3182 + protocol: TCP + targetPort: http + selector: + app: repo-updater + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-sa-annotations.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-sa-annotations.yaml index 8890a2a2605..5ad82bcacd8 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-sa-annotations.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-sa-annotations.yaml @@ -1,249 +1,252 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: a446ffe150f9de1af3394264d4882819edd6416fe720c32ae309f834c940f83a - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: repo-updater - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: a446ffe150f9de1af3394264d4882819edd6416fe720c32ae309f834c940f83a + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: repo-updater + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: repo-updater - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: repo-updater - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: repo-updater - deploy: sourcegraph - name: repo-updater - spec: - containers: - - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: repo-updater + creationTimestamp: null + labels: + app: repo-updater + deploy: sourcegraph name: repo-updater - ports: - - containerPort: 3182 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: debug - scheme: HTTP - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "1" - memory: 2Gi - requests: - cpu: "1" - memory: 500Mi + spec: + containers: + - env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + name: repo-updater + ports: + - containerPort: 3182 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: debug + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: repo-updater - serviceAccountName: repo-updater - terminationGracePeriodSeconds: 30 - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + serviceAccount: repo-updater + serviceAccountName: repo-updater + terminationGracePeriodSeconds: 30 + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - serviceAccountAnnotations: - foo: bar + repoUpdater: + serviceAccountAnnotations: + foo: bar - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: a446ffe150f9de1af3394264d4882819edd6416fe720c32ae309f834c940f83a - foo: bar - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: a446ffe150f9de1af3394264d4882819edd6416fe720c32ae309f834c940f83a - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: repo-updater - app.kubernetes.io/component: repo-updater - deploy: sourcegraph - name: repo-updater - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: a446ffe150f9de1af3394264d4882819edd6416fe720c32ae309f834c940f83a + foo: bar + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3182 - protocol: TCP - targetPort: http - selector: - app: repo-updater - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: a446ffe150f9de1af3394264d4882819edd6416fe720c32ae309f834c940f83a + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: repo-updater + app.kubernetes.io/component: repo-updater + deploy: sourcegraph + name: repo-updater + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3182 + protocol: TCP + targetPort: http + selector: + app: repo-updater + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/standard/symbols-with-custom-image.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/standard/symbols-with-custom-image.yaml index 4dd4317f819..f91e7b6c1d9 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/standard/symbols-with-custom-image.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/standard/symbols-with-custom-image.yaml @@ -1,298 +1,301 @@ resources: -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - annotations: - appliance.sourcegraph.com/configHash: 4310746eaab789e0d69f900836e6a3cea2979fe2e00be351e44120eb9cc43f29 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: symbols - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: + appliance.sourcegraph.com/configHash: 4310746eaab789e0d69f900836e6a3cea2979fe2e00be351e44120eb9cc43f29 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: symbols + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: symbols - serviceName: symbols - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: symbols - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: symbols - deploy: sourcegraph - name: symbols - spec: - containers: - - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: SYMBOLS_CACHE_SIZE_MB - value: "11059" - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: SYMBOLS_CACHE_DIR - value: /mnt/cache/$(POD_NAME) - - name: TMPDIR - value: /mnt/tmp - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: my-custom-image-repository.info/sourcegraph-images/some-image:some-tag - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: http - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + serviceName: symbols + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: symbols + creationTimestamp: null + labels: + app: symbols + deploy: sourcegraph name: symbols - ports: - - containerPort: 3184 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: http - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "2" - memory: 2G - requests: - cpu: 500m - memory: 500M + spec: + containers: + - env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: SYMBOLS_CACHE_SIZE_MB + value: "11059" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SYMBOLS_CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: TMPDIR + value: /mnt/tmp + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: my-custom-image-repository.info/sourcegraph-images/some-image:some-tag + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: symbols + ports: + - containerPort: 3184 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "2" + memory: 2G + requests: + cpu: 500m + memory: 500M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + - mountPath: /mnt/tmp + name: tmp + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /mnt/cache + serviceAccount: symbols + serviceAccountName: symbols + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: cache + - emptyDir: {} + name: tmp + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + creationTimestamp: null + labels: + deploy: sourcegraph name: cache - - mountPath: /mnt/tmp - name: tmp - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: symbols - serviceAccountName: symbols - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: cache - - emptyDir: {} - name: tmp - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - creationTimestamp: null - labels: - deploy: sourcegraph - name: cache - namespace: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 12Gi - volumeMode: Filesystem - status: - phase: Pending - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" - imageRepository: my-custom-image-repository.info/sourcegraph-images + namespace: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 12Gi + volumeMode: Filesystem + status: + phase: Pending + status: + availableReplicas: 0 + replicas: 0 + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" + imageRepository: my-custom-image-repository.info/sourcegraph-images - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - containerConfig: - symbols: - image: some-image:some-tag + symbols: + containerConfig: + symbols: + image: some-image:some-tag - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 4310746eaab789e0d69f900836e6a3cea2979fe2e00be351e44120eb9cc43f29 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 4310746eaab789e0d69f900836e6a3cea2979fe2e00be351e44120eb9cc43f29 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: symbols - app.kubernetes.io/component: symbols - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 4310746eaab789e0d69f900836e6a3cea2979fe2e00be351e44120eb9cc43f29 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3184 - protocol: TCP - targetPort: http - - name: debug - port: 6060 - protocol: TCP - targetPort: debug - selector: - app: symbols - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 4310746eaab789e0d69f900836e6a3cea2979fe2e00be351e44120eb9cc43f29 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: symbols + app.kubernetes.io/component: symbols + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3184 + protocol: TCP + targetPort: http + - name: debug + port: 6060 + protocol: TCP + targetPort: debug + selector: + app: symbols + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/symbols/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/symbols/default.yaml index 6775b5faf5d..07b6c235917 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/symbols/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/symbols/default.yaml @@ -1,294 +1,297 @@ resources: -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - annotations: - appliance.sourcegraph.com/configHash: 42254bee5b26f7bae4341b4f5ed9af950f2238e8c139dc720feb15078a4b6cfd - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: symbols - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: + appliance.sourcegraph.com/configHash: 42254bee5b26f7bae4341b4f5ed9af950f2238e8c139dc720feb15078a4b6cfd + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: symbols + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: symbols - serviceName: symbols - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: symbols - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: symbols - deploy: sourcegraph - name: symbols - spec: - containers: - - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: SYMBOLS_CACHE_SIZE_MB - value: "11059" - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: SYMBOLS_CACHE_DIR - value: /mnt/cache/$(POD_NAME) - - name: TMPDIR - value: /mnt/tmp - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:5.3.2@sha256:dd7f923bdbd5dbd231b749a7483110d40d59159084477b9fff84afaf58aad98e - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: http - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + serviceName: symbols + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: symbols + creationTimestamp: null + labels: + app: symbols + deploy: sourcegraph name: symbols - ports: - - containerPort: 3184 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: http - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "2" - memory: 2G - requests: - cpu: 500m - memory: 500M + spec: + containers: + - env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: SYMBOLS_CACHE_SIZE_MB + value: "11059" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SYMBOLS_CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: TMPDIR + value: /mnt/tmp + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/symbols:5.3.2@sha256:dd7f923bdbd5dbd231b749a7483110d40d59159084477b9fff84afaf58aad98e + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: symbols + ports: + - containerPort: 3184 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "2" + memory: 2G + requests: + cpu: 500m + memory: 500M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + - mountPath: /mnt/tmp + name: tmp + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /mnt/cache + serviceAccount: symbols + serviceAccountName: symbols + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: cache + - emptyDir: {} + name: tmp + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + creationTimestamp: null + labels: + deploy: sourcegraph name: cache - - mountPath: /mnt/tmp - name: tmp - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: symbols - serviceAccountName: symbols - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: cache - - emptyDir: {} - name: tmp - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - creationTimestamp: null - labels: - deploy: sourcegraph - name: cache - namespace: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 12Gi - volumeMode: Filesystem - status: - phase: Pending - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + namespace: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 12Gi + volumeMode: Filesystem + status: + phase: Pending + status: + availableReplicas: 0 + replicas: 0 + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: {} + symbols: {} - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 42254bee5b26f7bae4341b4f5ed9af950f2238e8c139dc720feb15078a4b6cfd - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 42254bee5b26f7bae4341b4f5ed9af950f2238e8c139dc720feb15078a4b6cfd - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: symbols - app.kubernetes.io/component: symbols - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 42254bee5b26f7bae4341b4f5ed9af950f2238e8c139dc720feb15078a4b6cfd + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3184 - protocol: TCP - targetPort: http - - name: debug - port: 6060 - protocol: TCP - targetPort: debug - selector: - app: symbols - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 42254bee5b26f7bae4341b4f5ed9af950f2238e8c139dc720feb15078a4b6cfd + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: symbols + app.kubernetes.io/component: symbols + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3184 + protocol: TCP + targetPort: http + - name: debug + port: 6060 + protocol: TCP + targetPort: debug + selector: + app: symbols + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/symbols/with-storage.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/symbols/with-storage.yaml index 9af4b7c95d2..efe3d7d44e7 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/symbols/with-storage.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/symbols/with-storage.yaml @@ -1,295 +1,298 @@ resources: -- apiVersion: apps/v1 - kind: StatefulSet - metadata: - annotations: - appliance.sourcegraph.com/configHash: c5a3d0a6ba37246cf3f9a5b26c0a98c5742e6024a9dffa6836d70eae7de13412 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: symbols - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: + appliance.sourcegraph.com/configHash: c5a3d0a6ba37246cf3f9a5b26c0a98c5742e6024a9dffa6836d70eae7de13412 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: symbols + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: symbols - serviceName: symbols - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: symbols - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: symbols - deploy: sourcegraph - name: symbols - spec: - containers: - - env: - - name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-cache - - name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: redis-store - - name: SYMBOLS_CACHE_SIZE_MB - value: "92160" - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: SYMBOLS_CACHE_DIR - value: /mnt/cache/$(POD_NAME) - - name: TMPDIR - value: /mnt/tmp - - name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):4317 - image: index.docker.io/sourcegraph/symbols:5.3.2@sha256:dd7f923bdbd5dbd231b749a7483110d40d59159084477b9fff84afaf58aad98e - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: http - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + serviceName: symbols + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: symbols + creationTimestamp: null + labels: + app: symbols + deploy: sourcegraph name: symbols - ports: - - containerPort: 3184 - name: http - protocol: TCP - - containerPort: 6060 - name: debug - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: http - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: "2" - memory: 2G - requests: - cpu: 500m - memory: 500M + spec: + containers: + - env: + - name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-cache + - name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: redis-store + - name: SYMBOLS_CACHE_SIZE_MB + value: "92160" + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SYMBOLS_CACHE_DIR + value: /mnt/cache/$(POD_NAME) + - name: TMPDIR + value: /mnt/tmp + - name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):4317 + image: index.docker.io/sourcegraph/symbols:5.3.2@sha256:dd7f923bdbd5dbd231b749a7483110d40d59159084477b9fff84afaf58aad98e + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: symbols + ports: + - containerPort: 3184 + name: http + protocol: TCP + - containerPort: 6060 + name: debug + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: http + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: "2" + memory: 2G + requests: + cpu: 500m + memory: 500M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /mnt/cache + name: cache + - mountPath: /mnt/tmp + name: tmp + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /mnt/cache + serviceAccount: symbols + serviceAccountName: symbols + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: cache + - emptyDir: {} + name: tmp + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + creationTimestamp: null + labels: + deploy: sourcegraph name: cache - - mountPath: /mnt/tmp - name: tmp - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: symbols - serviceAccountName: symbols - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: cache - - emptyDir: {} - name: tmp - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - creationTimestamp: null - labels: - deploy: sourcegraph - name: cache - namespace: NORMALIZED_FOR_TESTING - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - volumeMode: Filesystem - status: - phase: Pending - status: - availableReplicas: 0 - replicas: 0 -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + namespace: NORMALIZED_FOR_TESTING + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + volumeMode: Filesystem + status: + phase: Pending + status: + availableReplicas: 0 + replicas: 0 + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - storageSize: "100Gi" + symbols: + storageSize: "100Gi" - syntectServer: - disabled: true + syntectServer: + disabled: true - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: c5a3d0a6ba37246cf3f9a5b26c0a98c5742e6024a9dffa6836d70eae7de13412 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: c5a3d0a6ba37246cf3f9a5b26c0a98c5742e6024a9dffa6836d70eae7de13412 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: symbols - app.kubernetes.io/component: symbols - deploy: sourcegraph - name: symbols - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: c5a3d0a6ba37246cf3f9a5b26c0a98c5742e6024a9dffa6836d70eae7de13412 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3184 - protocol: TCP - targetPort: http - - name: debug - port: 6060 - protocol: TCP - targetPort: debug - selector: - app: symbols - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: c5a3d0a6ba37246cf3f9a5b26c0a98c5742e6024a9dffa6836d70eae7de13412 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: symbols + app.kubernetes.io/component: symbols + deploy: sourcegraph + name: symbols + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 3184 + protocol: TCP + targetPort: http + - name: debug + port: 6060 + protocol: TCP + targetPort: debug + selector: + app: symbols + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/syntect/default.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/syntect/default.yaml index 28461ee456d..54394251607 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/syntect/default.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/syntect/default.yaml @@ -1,224 +1,227 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 9ede95ea4e7966c44b553ccf3bb3edbb1e4811c9a554051f842b643a6c5e63e2 - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: syntect-server - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: syntect-server - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 9ede95ea4e7966c44b553ccf3bb3edbb1e4811c9a554051f842b643a6c5e63e2 + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: syntect-server + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: syntect-server + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: syntect-server - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: syntect-server - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: app: syntect-server - deploy: sourcegraph - name: syntect-server - spec: - containers: - - image: index.docker.io/sourcegraph/syntax-highlighter:5.3.2@sha256:3d16ab2a0203fea85063dcfe2e9d476540ef3274c28881dc4bbd5ca77933d8e8 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: http - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: syntect-server + creationTimestamp: null + labels: + app: syntect-server + deploy: sourcegraph name: syntect-server - ports: - - containerPort: 9238 - name: http - protocol: TCP - readinessProbe: - failureThreshold: 3 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: http - timeoutSeconds: 1 - resources: - limits: - cpu: "4" - memory: 6G - requests: - cpu: 250m - memory: 2G + spec: + containers: + - image: index.docker.io/sourcegraph/syntax-highlighter:5.3.2@sha256:3d16ab2a0203fea85063dcfe2e9d476540ef3274c28881dc4bbd5ca77933d8e8 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: syntect-server + ports: + - containerPort: 9238 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: http + timeoutSeconds: 1 + resources: + limits: + cpu: "4" + memory: 6G + requests: + cpu: 250m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: syntect-server - serviceAccountName: syntect-server - terminationGracePeriodSeconds: 30 - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + serviceAccount: syntect-server + serviceAccountName: syntect-server + terminationGracePeriodSeconds: 30 + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: {} + syntectServer: {} - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 9ede95ea4e7966c44b553ccf3bb3edbb1e4811c9a554051f842b643a6c5e63e2 - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: syntect-server - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 9ede95ea4e7966c44b553ccf3bb3edbb1e4811c9a554051f842b643a6c5e63e2 - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: syntect-server - app.kubernetes.io/component: syntect-server - deploy: sourcegraph - name: syntect-server - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 9ede95ea4e7966c44b553ccf3bb3edbb1e4811c9a554051f842b643a6c5e63e2 + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: syntect-server + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 9238 - protocol: TCP - targetPort: http - selector: - app: syntect-server - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 9ede95ea4e7966c44b553ccf3bb3edbb1e4811c9a554051f842b643a6c5e63e2 + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: syntect-server + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + name: syntect-server + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 9238 + protocol: TCP + targetPort: http + selector: + app: syntect-server + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/golden-fixtures/syntect/with-replicas.yaml b/internal/appliance/reconciler/testdata/golden-fixtures/syntect/with-replicas.yaml index 7c92045de02..6352a278a1a 100644 --- a/internal/appliance/reconciler/testdata/golden-fixtures/syntect/with-replicas.yaml +++ b/internal/appliance/reconciler/testdata/golden-fixtures/syntect/with-replicas.yaml @@ -1,225 +1,228 @@ resources: -- apiVersion: apps/v1 - kind: Deployment - metadata: - annotations: - appliance.sourcegraph.com/configHash: 9f8414122e2a51cef31478f6b33d5808e9c413a1f62955f3cdb644c65a8f778b - creationTimestamp: "2024-04-19T00:00:00Z" - generation: 1 - labels: - app.kubernetes.io/component: syntect-server - app.kubernetes.io/name: sourcegraph - app.kubernetes.io/version: 5.3.9104 - deploy: sourcegraph - name: syntect-server - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: apps/v1 + kind: Deployment + metadata: + annotations: + appliance.sourcegraph.com/configHash: 9f8414122e2a51cef31478f6b33d5808e9c413a1f62955f3cdb644c65a8f778b + creationTimestamp: "2024-04-19T00:00:00Z" + generation: 1 + labels: + app.kubernetes.io/component: syntect-server + app.kubernetes.io/name: sourcegraph + app.kubernetes.io/version: 5.3.9104 + deploy: sourcegraph + name: syntect-server + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - minReadySeconds: 10 - progressDeadlineSeconds: 600 - replicas: 3 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: syntect-server - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: syntect-server - creationTimestamp: null - labels: + spec: + minReadySeconds: 10 + progressDeadlineSeconds: 600 + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: app: syntect-server - deploy: sourcegraph - name: syntect-server - spec: - containers: - - image: index.docker.io/sourcegraph/syntax-highlighter:5.3.2@sha256:3d16ab2a0203fea85063dcfe2e9d476540ef3274c28881dc4bbd5ca77933d8e8 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: http - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: syntect-server + creationTimestamp: null + labels: + app: syntect-server + deploy: sourcegraph name: syntect-server - ports: - - containerPort: 9238 - name: http - protocol: TCP - readinessProbe: - failureThreshold: 3 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: http - timeoutSeconds: 1 - resources: - limits: - cpu: "4" - memory: 6G - requests: - cpu: 250m - memory: 2G + spec: + containers: + - image: index.docker.io/sourcegraph/syntax-highlighter:5.3.2@sha256:3d16ab2a0203fea85063dcfe2e9d476540ef3274c28881dc4bbd5ca77933d8e8 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: syntect-server + ports: + - containerPort: 9238 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: http + timeoutSeconds: 1 + resources: + limits: + cpu: "4" + memory: 6G + requests: + cpu: 250m + memory: 2G + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsUser: 100 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + fsGroup: 101 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 101 runAsUser: 100 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 101 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 101 - runAsUser: 100 - serviceAccount: syntect-server - serviceAccountName: syntect-server - terminationGracePeriodSeconds: 30 - status: {} -- apiVersion: v1 - data: - spec: | - spec: - requestedVersion: "5.3.9104" + serviceAccount: syntect-server + serviceAccountName: syntect-server + terminationGracePeriodSeconds: 30 + status: {} + - apiVersion: v1 + data: + spec: | + spec: + requestedVersion: "5.3.9104" - blobstore: - disabled: true + blobstore: + disabled: true - codeInsights: - disabled: true + codeInsights: + disabled: true - codeIntel: - disabled: true + codeIntel: + disabled: true - frontend: - disabled: true + frontend: + disabled: true - gitServer: - disabled: true + gitServer: + disabled: true - indexedSearch: - disabled: true + indexedSearch: + disabled: true - indexedSearchIndexer: - disabled: true + indexedSearchIndexer: + disabled: true - pgsql: - disabled: true + pgsql: + disabled: true - postgresExporter: - disabled: true + postgresExporter: + disabled: true - preciseCodeIntel: - disabled: true + preciseCodeIntel: + disabled: true - redisCache: - disabled: true + redisCache: + disabled: true - redisStore: - disabled: true + redisStore: + disabled: true - repoUpdater: - disabled: true + repoUpdater: + disabled: true - searcher: - disabled: true + searcher: + disabled: true - symbols: - disabled: true + symbols: + disabled: true - syntectServer: - replicas: 3 + syntectServer: + replicas: 3 - worker: - disabled: true - kind: ConfigMap - metadata: - annotations: - appliance.sourcegraph.com/currentVersion: 5.3.9104 - appliance.sourcegraph.com/managed: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - name: sg - namespace: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: - appliance.sourcegraph.com/configHash: 9f8414122e2a51cef31478f6b33d5808e9c413a1f62955f3cdb644c65a8f778b - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - deploy: sourcegraph - name: syntect-server - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap + worker: + disabled: true + + prometheus: + disabled: true + kind: ConfigMap + metadata: + annotations: + appliance.sourcegraph.com/currentVersion: 5.3.9104 + appliance.sourcegraph.com/managed: "true" + creationTimestamp: "2024-04-19T00:00:00Z" name: sg + namespace: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING -- apiVersion: v1 - kind: Service - metadata: - annotations: - appliance.sourcegraph.com/configHash: 9f8414122e2a51cef31478f6b33d5808e9c413a1f62955f3cdb644c65a8f778b - prometheus.io/port: "6060" - sourcegraph.prometheus/scrape: "true" - creationTimestamp: "2024-04-19T00:00:00Z" - labels: - app: syntect-server - app.kubernetes.io/component: syntect-server - deploy: sourcegraph - name: syntect-server - namespace: NORMALIZED_FOR_TESTING - ownerReferences: - - apiVersion: v1 - blockOwnerDeletion: true - controller: true - kind: ConfigMap - name: sg + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + appliance.sourcegraph.com/configHash: 9f8414122e2a51cef31478f6b33d5808e9c413a1f62955f3cdb644c65a8f778b + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + deploy: sourcegraph + name: syntect-server + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING uid: NORMALIZED_FOR_TESTING - resourceVersion: NORMALIZED_FOR_TESTING - uid: NORMALIZED_FOR_TESTING - spec: - clusterIP: NORMALIZED_FOR_TESTING - clusterIPs: - - NORMALIZED_FOR_TESTING - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 9238 - protocol: TCP - targetPort: http - selector: - app: syntect-server - sessionAffinity: None - type: ClusterIP - status: - loadBalancer: {} + - apiVersion: v1 + kind: Service + metadata: + annotations: + appliance.sourcegraph.com/configHash: 9f8414122e2a51cef31478f6b33d5808e9c413a1f62955f3cdb644c65a8f778b + prometheus.io/port: "6060" + sourcegraph.prometheus/scrape: "true" + creationTimestamp: "2024-04-19T00:00:00Z" + labels: + app: syntect-server + app.kubernetes.io/component: syntect-server + deploy: sourcegraph + name: syntect-server + namespace: NORMALIZED_FOR_TESTING + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: true + controller: true + kind: ConfigMap + name: sg + uid: NORMALIZED_FOR_TESTING + resourceVersion: NORMALIZED_FOR_TESTING + uid: NORMALIZED_FOR_TESTING + spec: + clusterIP: NORMALIZED_FOR_TESTING + clusterIPs: + - NORMALIZED_FOR_TESTING + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 9238 + protocol: TCP + targetPort: http + selector: + app: syntect-server + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} diff --git a/internal/appliance/reconciler/testdata/sg/blobstore/default.yaml b/internal/appliance/reconciler/testdata/sg/blobstore/default.yaml index 37cdea29971..79a0e48fcea 100644 --- a/internal/appliance/reconciler/testdata/sg/blobstore/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/blobstore/default.yaml @@ -50,3 +50,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/codeintel/default.yaml b/internal/appliance/reconciler/testdata/sg/codeintel/default.yaml index b82abf1624b..4f9b560e5ec 100644 --- a/internal/appliance/reconciler/testdata/sg/codeintel/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/codeintel/default.yaml @@ -53,3 +53,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/gitserver/default.yaml b/internal/appliance/reconciler/testdata/sg/gitserver/default.yaml index 06999daf428..2af0b488e93 100644 --- a/internal/appliance/reconciler/testdata/sg/gitserver/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/gitserver/default.yaml @@ -50,3 +50,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/gitserver/with-storage.yaml b/internal/appliance/reconciler/testdata/sg/gitserver/with-storage.yaml index d8e0b2ed327..73b14e668a1 100644 --- a/internal/appliance/reconciler/testdata/sg/gitserver/with-storage.yaml +++ b/internal/appliance/reconciler/testdata/sg/gitserver/with-storage.yaml @@ -51,3 +51,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/pgsql/default.yaml b/internal/appliance/reconciler/testdata/sg/pgsql/default.yaml index e7818a15832..02da97cc2ed 100644 --- a/internal/appliance/reconciler/testdata/sg/pgsql/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/pgsql/default.yaml @@ -53,3 +53,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/pgsql/with-storage.yaml b/internal/appliance/reconciler/testdata/sg/pgsql/with-storage.yaml index 0cfd4fc1847..e2238017f1e 100644 --- a/internal/appliance/reconciler/testdata/sg/pgsql/with-storage.yaml +++ b/internal/appliance/reconciler/testdata/sg/pgsql/with-storage.yaml @@ -54,3 +54,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/precise-code-intel/default.yaml b/internal/appliance/reconciler/testdata/sg/precise-code-intel/default.yaml index 282c7d9c83a..931528dda5c 100644 --- a/internal/appliance/reconciler/testdata/sg/precise-code-intel/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/precise-code-intel/default.yaml @@ -50,3 +50,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-blobstore.yaml b/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-blobstore.yaml index 2e53e818cc0..0973ed7950b 100644 --- a/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-blobstore.yaml +++ b/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-blobstore.yaml @@ -49,3 +49,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-num-workers.yaml b/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-num-workers.yaml index 095dfb76ef2..e9ef72a0586 100644 --- a/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-num-workers.yaml +++ b/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-num-workers.yaml @@ -51,3 +51,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-replicas.yaml b/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-replicas.yaml index 24c3fe3fa8f..b186d115e32 100644 --- a/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-replicas.yaml +++ b/internal/appliance/reconciler/testdata/sg/precise-code-intel/with-replicas.yaml @@ -51,3 +51,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/prometheus/default.yaml b/internal/appliance/reconciler/testdata/sg/prometheus/default.yaml new file mode 100644 index 00000000000..fced52ca462 --- /dev/null +++ b/internal/appliance/reconciler/testdata/sg/prometheus/default.yaml @@ -0,0 +1,55 @@ +spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: {} diff --git a/internal/appliance/reconciler/testdata/sg/prometheus/privileged.yaml b/internal/appliance/reconciler/testdata/sg/prometheus/privileged.yaml new file mode 100644 index 00000000000..ce06c0643eb --- /dev/null +++ b/internal/appliance/reconciler/testdata/sg/prometheus/privileged.yaml @@ -0,0 +1,56 @@ +spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: + privileged: true diff --git a/internal/appliance/reconciler/testdata/sg/prometheus/with-existing-configmap.yaml b/internal/appliance/reconciler/testdata/sg/prometheus/with-existing-configmap.yaml new file mode 100644 index 00000000000..7804ede1456 --- /dev/null +++ b/internal/appliance/reconciler/testdata/sg/prometheus/with-existing-configmap.yaml @@ -0,0 +1,56 @@ +spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: + existingConfigMap: some-out-of-band-config diff --git a/internal/appliance/reconciler/testdata/sg/prometheus/with-storage.yaml b/internal/appliance/reconciler/testdata/sg/prometheus/with-storage.yaml new file mode 100644 index 00000000000..fb3f9be9c28 --- /dev/null +++ b/internal/appliance/reconciler/testdata/sg/prometheus/with-storage.yaml @@ -0,0 +1,56 @@ +spec: + requestedVersion: "5.3.9104" + + blobstore: + disabled: true + + codeInsights: + disabled: true + + codeIntel: + disabled: true + + frontend: + disabled: true + + gitServer: + disabled: true + + indexedSearch: + disabled: true + + indexedSearchIndexer: + disabled: true + + pgsql: + disabled: true + + postgresExporter: + disabled: true + + preciseCodeIntel: + disabled: true + + redisCache: + disabled: true + + redisStore: + disabled: true + + repoUpdater: + disabled: true + + searcher: + disabled: true + + symbols: + disabled: true + + syntectServer: + disabled: true + + worker: + disabled: true + + prometheus: + storageSize: 123Gi diff --git a/internal/appliance/reconciler/testdata/sg/redis/default.yaml b/internal/appliance/reconciler/testdata/sg/redis/default.yaml index 116c77cd8d4..05d71b42dc2 100644 --- a/internal/appliance/reconciler/testdata/sg/redis/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/redis/default.yaml @@ -49,3 +49,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/redis/with-storage.yaml b/internal/appliance/reconciler/testdata/sg/redis/with-storage.yaml index bc8403bb19b..b9f6c80d753 100644 --- a/internal/appliance/reconciler/testdata/sg/redis/with-storage.yaml +++ b/internal/appliance/reconciler/testdata/sg/redis/with-storage.yaml @@ -51,3 +51,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/repo-updater/default.yaml b/internal/appliance/reconciler/testdata/sg/repo-updater/default.yaml index 2e72b418bc6..40c507b09b9 100644 --- a/internal/appliance/reconciler/testdata/sg/repo-updater/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/repo-updater/default.yaml @@ -50,3 +50,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/blobstore-with-named-storage-class.yaml b/internal/appliance/reconciler/testdata/sg/standard/blobstore-with-named-storage-class.yaml index 3a1733a9654..e04993b6699 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/blobstore-with-named-storage-class.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/blobstore-with-named-storage-class.yaml @@ -53,3 +53,6 @@ spec: storageClass: name: sourcegraph + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/everything-disabled.yaml b/internal/appliance/reconciler/testdata/sg/standard/everything-disabled.yaml index 770618ce473..bb415b7bb9e 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/everything-disabled.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/everything-disabled.yaml @@ -51,3 +51,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/precise-code-intel-with-env-vars.yaml b/internal/appliance/reconciler/testdata/sg/standard/precise-code-intel-with-env-vars.yaml index 478c2805357..ae142e3510c 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/precise-code-intel-with-env-vars.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/precise-code-intel-with-env-vars.yaml @@ -55,3 +55,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/redis-with-multiple-custom-images.yaml b/internal/appliance/reconciler/testdata/sg/standard/redis-with-multiple-custom-images.yaml index 7db3c21bb5f..8298737bf45 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/redis-with-multiple-custom-images.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/redis-with-multiple-custom-images.yaml @@ -55,3 +55,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-no-resources.yaml b/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-no-resources.yaml index afcd827a3fd..28f87293f43 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-no-resources.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-no-resources.yaml @@ -53,3 +53,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-pod-template-config.yaml b/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-pod-template-config.yaml index f46a3fdd3d7..1c6600309d6 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-pod-template-config.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-pod-template-config.yaml @@ -69,3 +69,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-resources.yaml b/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-resources.yaml index 650f3e52181..d5ebf95d0ed 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-resources.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-resources.yaml @@ -59,3 +59,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-sa-annotations.yaml b/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-sa-annotations.yaml index 468ed7419e8..4bb1ed11960 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-sa-annotations.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/repo-updater-with-sa-annotations.yaml @@ -52,3 +52,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/standard/symbols-with-custom-image.yaml b/internal/appliance/reconciler/testdata/sg/standard/symbols-with-custom-image.yaml index e60b5647ee7..2da4d407f82 100644 --- a/internal/appliance/reconciler/testdata/sg/standard/symbols-with-custom-image.yaml +++ b/internal/appliance/reconciler/testdata/sg/standard/symbols-with-custom-image.yaml @@ -54,3 +54,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/symbols/default.yaml b/internal/appliance/reconciler/testdata/sg/symbols/default.yaml index ac2ec7a7d7a..ffc4ea4a766 100644 --- a/internal/appliance/reconciler/testdata/sg/symbols/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/symbols/default.yaml @@ -50,3 +50,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/symbols/with-storage.yaml b/internal/appliance/reconciler/testdata/sg/symbols/with-storage.yaml index c28e840e207..224b6ba0310 100644 --- a/internal/appliance/reconciler/testdata/sg/symbols/with-storage.yaml +++ b/internal/appliance/reconciler/testdata/sg/symbols/with-storage.yaml @@ -51,3 +51,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/syntect/default.yaml b/internal/appliance/reconciler/testdata/sg/syntect/default.yaml index cd0beffabc8..7d7dbb15616 100644 --- a/internal/appliance/reconciler/testdata/sg/syntect/default.yaml +++ b/internal/appliance/reconciler/testdata/sg/syntect/default.yaml @@ -50,3 +50,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/reconciler/testdata/sg/syntect/with-replicas.yaml b/internal/appliance/reconciler/testdata/sg/syntect/with-replicas.yaml index afb59ab6d59..893be02cb3c 100644 --- a/internal/appliance/reconciler/testdata/sg/syntect/with-replicas.yaml +++ b/internal/appliance/reconciler/testdata/sg/syntect/with-replicas.yaml @@ -51,3 +51,6 @@ spec: worker: disabled: true + + prometheus: + disabled: true diff --git a/internal/appliance/yaml/BUILD.bazel b/internal/appliance/yaml/BUILD.bazel new file mode 100644 index 00000000000..40d9ea039d7 --- /dev/null +++ b/internal/appliance/yaml/BUILD.bazel @@ -0,0 +1,19 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("//dev:go_defs.bzl", "go_test") + +go_library( + name = "yaml", + srcs = ["yaml.go"], + importpath = "github.com/sourcegraph/sourcegraph/internal/appliance/yaml", + visibility = ["//:__subpackages__"], + deps = ["@in_gopkg_yaml_v3//:yaml_v3"], +) + +go_test( + name = "yaml_test", + srcs = ["yaml_test.go"], + deps = [ + ":yaml", + "@com_github_stretchr_testify//require", + ], +) diff --git a/internal/appliance/yaml/yaml.go b/internal/appliance/yaml/yaml.go new file mode 100644 index 00000000000..9c674bd9fff --- /dev/null +++ b/internal/appliance/yaml/yaml.go @@ -0,0 +1,58 @@ +package yaml + +import ( + "bytes" + "strings" + "unicode" + + "gopkg.in/yaml.v3" +) + +// ConvertYAMLStringsToMultilineLiterals is intended to make large nested yaml +// strings more human-readable, and diffable (so mainly useful for tests). Note +// that in order to do this reliably, it removed trailing whitespace from all +// lines in multiline string fields. +// +// Do not use this function in contexts where that is problematic! +func ConvertYAMLStringsToMultilineLiterals(doc []byte) ([]byte, error) { + var rootNode yaml.Node + if err := yaml.Unmarshal(doc, &rootNode); err != nil { + return nil, err + } + convertYAMLNodeToMultilineStringLiterals(&rootNode) + + var out bytes.Buffer + encoder := yaml.NewEncoder(&out) + encoder.SetIndent(2) + if err := encoder.Encode(&rootNode); err != nil { + return nil, err + } + return out.Bytes(), nil +} + +func convertYAMLNodeToMultilineStringLiterals(node *yaml.Node) { + if node.Kind == yaml.ScalarNode && strings.Contains(node.Value, "\n") { + node.Style = yaml.LiteralStyle + + // See comment on convertYAMLNodeToMultilineStringLiterals - if we + // don't do this, string fields containing trailing space will not be + // represented literal-style, presumably to avoid ambiguity with yaml + // parsers. + node.Value = trimTrailingSpaceLines(node.Value) + + return + } + + // We have a non-scalar node, recurse over its children + for _, childNode := range node.Content { + convertYAMLNodeToMultilineStringLiterals(childNode) + } +} + +func trimTrailingSpaceLines(s string) string { + lines := strings.Split(s, "\n") + for i := range lines { + lines[i] = strings.TrimRightFunc(lines[i], unicode.IsSpace) + } + return strings.Join(lines, "\n") +} diff --git a/internal/appliance/yaml/yaml_test.go b/internal/appliance/yaml/yaml_test.go new file mode 100644 index 00000000000..153b3bbd15f --- /dev/null +++ b/internal/appliance/yaml/yaml_test.go @@ -0,0 +1,55 @@ +package yaml_test + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/sourcegraph/sourcegraph/internal/appliance/yaml" +) + +func TestConvertsStringsToMultilineLiterals(t *testing.T) { + doc := `regular_string: "a string" +multiline_string: "a\nmultiline\nstring" +number: 3 +obj: + foo: bar +` + out, err := yaml.ConvertYAMLStringsToMultilineLiterals([]byte(doc)) + require.NoError(t, err) + + expected := `regular_string: "a string" +multiline_string: |- + a + multiline + string +number: 3 +obj: + foo: bar +` + + require.Equal(t, expected, string(out)) +} + +func TestConvertsStringsContainingTrailingSpaceLinesToMultilineLiterals(t *testing.T) { + doc := `regular_string: "a string" +multiline_string: "a\nmultiline \nstring " +number: 3 +obj: + foo: bar +` + out, err := yaml.ConvertYAMLStringsToMultilineLiterals([]byte(doc)) + require.NoError(t, err) + + expected := `regular_string: "a string" +multiline_string: |- + a + multiline + string +number: 3 +obj: + foo: bar +` + + require.Equal(t, expected, string(out)) +} diff --git a/internal/k8s/resource/pod/pod.go b/internal/k8s/resource/pod/pod.go index a66d8bbc123..db6f6344fdf 100644 --- a/internal/k8s/resource/pod/pod.go +++ b/internal/k8s/resource/pod/pod.go @@ -54,6 +54,20 @@ func NewVolumeFromPVC(name, claimName string) corev1.Volume { } } +func NewVolumeFromConfigMap(name, configMapName string) corev1.Volume { + return corev1.Volume{ + Name: name, + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: configMapName, + }, + DefaultMode: pointers.Ptr[int32](0777), + }, + }, + } +} + func NewVolumeEmptyDir(name string) corev1.Volume { return corev1.Volume{ Name: name, diff --git a/internal/k8s/resource/role/role.go b/internal/k8s/resource/role/role.go index 9e98cd7654f..606217201a6 100644 --- a/internal/k8s/resource/role/role.go +++ b/internal/k8s/resource/role/role.go @@ -18,3 +18,16 @@ func NewRole(name, namespace string) rbacv1.Role { } } + +func NewClusterRole(name, namespace string) rbacv1.ClusterRole { + return rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Labels: map[string]string{ + "for-namespace": namespace, + "deploy": "sourcegraph", + }, + }, + } + +} diff --git a/internal/k8s/resource/rolebinding/rolebinding.go b/internal/k8s/resource/rolebinding/rolebinding.go index 678e0882be0..ce92fa91ac6 100644 --- a/internal/k8s/resource/rolebinding/rolebinding.go +++ b/internal/k8s/resource/rolebinding/rolebinding.go @@ -17,3 +17,15 @@ func NewRoleBinding(name, namespace string) rbacv1.RoleBinding { }, } } + +func NewClusterRoleBinding(name, namespace string) rbacv1.ClusterRoleBinding { + return rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Labels: map[string]string{ + "for-namespace": namespace, + "deploy": "sourcegraph", + }, + }, + } +} diff --git a/internal/slices/BUILD.bazel b/internal/slices/BUILD.bazel new file mode 100644 index 00000000000..dbfcc2c67f6 --- /dev/null +++ b/internal/slices/BUILD.bazel @@ -0,0 +1,18 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("//dev:go_defs.bzl", "go_test") + +go_library( + name = "slices", + srcs = ["sliceutils.go"], + importpath = "github.com/sourcegraph/sourcegraph/internal/slices", + visibility = ["//:__subpackages__"], +) + +go_test( + name = "slices_test", + srcs = ["sliceutils_test.go"], + deps = [ + ":slices", + "@com_github_stretchr_testify//assert", + ], +) diff --git a/internal/slices/sliceutils.go b/internal/slices/sliceutils.go new file mode 100644 index 00000000000..396d6d1d830 --- /dev/null +++ b/internal/slices/sliceutils.go @@ -0,0 +1,9 @@ +package slices + +func Map[S, T any](list []S, f func(S) T) []T { + ret := make([]T, len(list)) + for i, e := range list { + ret[i] = f(e) + } + return ret +} diff --git a/internal/slices/sliceutils_test.go b/internal/slices/sliceutils_test.go new file mode 100644 index 00000000000..5f5b033f241 --- /dev/null +++ b/internal/slices/sliceutils_test.go @@ -0,0 +1,17 @@ +package slices_test + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/sourcegraph/sourcegraph/internal/slices" +) + +func TestMap(t *testing.T) { + input := []int{1, 2, 3} + + res := slices.Map(input, func(i int) int { return i + 1 }) + expected := []int{2, 3, 4} + assert.Equal(t, expected, res) +}