artin/sourcegraph
1
0
Fork 0
mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 16:51:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(appliance): deploy codeinsights-db (#63042)

Browse Source 
* Add optional diff extra args to compare-helm

I wanted this to do `diff --side-by-side`, may as well commit it as a
feature.

* feat(appliance): deploy codeinsights-db
This commit is contained in:
Craig Furman 2024-06-04 11:23:29 +01:00 committed by GitHub
parent 3adcd25b76
commit 9847d67a7a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 844 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/appliance/config/BUILD.bazel
View File

@ -15,6 +15,7 @@ go_library(
"postgres/codeintel.conf",
"postgres/pgsql.conf",
"prometheus/default.yml.gotmpl",
"postgres/codeinsights.conf",
],
importpath = "github.com/sourcegraph/sourcegraph/internal/appliance/config",
tags = [TAG_INFRA_RELEASE],

18
internal/appliance/config/defaults.go
View File

@ -94,7 +94,22 @@ func NewDefaultConfig() Sourcegraph {
NumWorkers: 4,
Replicas: 2,
},
CodeIntel: CodeIntelSpec{
CodeInsights: CodeDBSpec{
StandardConfig: StandardConfig{
PrometheusPort: pointers.Ptr(9187),
PersistentVolumeConfig: PersistentVolumeConfig{
StorageSize: "200Gi",
},
},
DatabaseConnection: &DatabaseConnectionSpec{
Host: "codeinsights-db",
Port: "5432",
User: "postgres",
Password: "password",
Database: "postgres",
},
},
CodeIntel: CodeDBSpec{
StandardConfig: StandardConfig{
PrometheusPort: pointers.Ptr(9187),
PersistentVolumeConfig: PersistentVolumeConfig{
@ -144,6 +159,7 @@ var defaultImagesForVersion_5_3_9104 = map[string]string{
"alpine": "alpine-3.14:5.3.2@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7",
"blobstore": "blobstore:5.3.2@sha256:d625be1eefe61cc42f94498e3c588bf212c4159c8b20c519db84eae4ff715efa",
"cadvisor": "cadvisor:5.3.2@sha256:3860cce1f7ef0278c0d785f66baf69dd2bece19610a2fd6eaa54c03095f2f105",
"codeinsights-db": "codeinsights-db:5.3.2@sha256:c4a1bd3908658e1c09558a638e378e5570d5f669d27f9f867eeda25fe60cb88f",
"codeintel-db": "codeintel-db:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79",
"gitserver": "gitserver:5.3.2@sha256:6c6042cf3e5f3f16de9b82e3d4ab1647f8bb924cd315245bd7a3162f5489e8c4",
"pgsql": "postgres-12-alpine:5.3.2@sha256:1e0e93661a65c832b9697048c797f9894dfb502e2e1da2b8209f0018a6632b79",

2
internal/appliance/config/embed.go
View File

@ -12,10 +12,12 @@ var (
PgsqlConfig []byte
PrometheusDefaultConfigTemplate []byte
CodeIntelConfig []byte
CodeInsightsConfig []byte
)
func init() {
CodeIntelConfig, _ = fs.ReadFile("postgres/codeintel.conf")
CodeInsightsConfig, _ = fs.ReadFile("postgres/codeinsights.conf")
PgsqlConfig, _ = fs.ReadFile("postgres/pgsql.conf")
PrometheusDefaultConfigTemplate, _ = fs.ReadFile("prometheus/default.yml.gotmpl")
}

57
internal/appliance/config/postgres/codeinsights.conf Normal file
View File

@ -0,0 +1,57 @@
#------------------------------------------------------------------------------
# POSTGRESQL DEFAULT CONFIGURATION
#------------------------------------------------------------------------------
# Below is PostgreSQL default configuration.
# You should apply your own customization in the CUSTOMIZED OPTIONS section below
# to avoid merge conflict in the future.
listen_addresses = '*'
max_connections = 100
shared_buffers = 128MB
dynamic_shared_memory_type = posix
max_wal_size = 1GB
min_wal_size = 80MB
log_timezone = 'UTC'
datestyle = 'iso, mdy'
timezone = 'UTC'
lc_messages = 'en_US.utf8'
lc_monetary = 'en_US.utf8'
lc_numeric = 'en_US.utf8'
lc_time = 'en_US.utf8'
default_text_search_config = 'pg_catalog.english'
#------------------------------------------------------------------------------
# SOURCEGRAPH RECOMMENDED OPTIONS
#------------------------------------------------------------------------------
# Below is Sourcegraph recommended Postgres configuration based on the default resource configuration.
# You should apply your own customization in the CUSTOMIZED OPTIONS section below
# to avoid merge conflict in the future.
shared_buffers = 509546kB
work_mem = 3184kB
maintenance_work_mem = 254773kB
effective_io_concurrency = 200
max_worker_processes = 19
max_parallel_workers_per_gather = 4
max_parallel_workers = 8
wal_buffers = 15285kB
min_wal_size = 512MB
checkpoint_completion_target = 0.9
random_page_cost = 1.1
effective_cache_size = 1492MB
default_statistics_target = 500
autovacuum_max_workers = 10
autovacuum_naptime = 10
shared_preload_libraries = ''
max_locks_per_transaction = 64
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
# Add your customization by using 'codeInsightsDB.additionalConfig' in your override file.
# Learn more: https://docs.sourcegraph.com/admin/config/postgres-conf

23
internal/appliance/config/spec.go
View File

@ -34,24 +34,7 @@ type CadvisorSpec struct {
StandardConfig
}
// CodeInsightsDBSpec defines the desired state of Code Insights database.
type CodeInsightsDBSpec struct {
// Disabled defines if Code Insights is enabled or not.
// Default: false
Disabled bool `json:"disabled,omitempty"`
// ExistingSecret is the name of an existing secret to use for CodeInsights DB credentials.
ExistingSecret string `json:"existingSecret,omitempty"`
// Database allows for custom database connection details.
Database *DatabaseConnectionSpec `json:"database,omitempty"`
// Resources allows for custom resource limits and requests.
Resources *corev1.ResourceList `json:"resources,omitempty"`
}
// CodeIntelSpec defines the desired state of Code Intel database.
type CodeIntelSpec struct {
type CodeDBSpec struct {
StandardConfig
// Database allows for custom database connection details.
@ -235,10 +218,10 @@ type SourcegraphSpec struct {
Cadvisor CadvisorSpec `json:"cadvisor,omitempty"`
// CodeInsights defines the desired state of the Code Insights service.
CodeInsights CodeInsightsDBSpec `json:"codeInsights,omitempty"`
CodeInsights CodeDBSpec `json:"codeInsights,omitempty"`
// CodeIntel defines the desired state of the Code Intel service.
CodeIntel CodeIntelSpec `json:"codeIntel,omitempty"`
CodeIntel CodeDBSpec `json:"codeIntel,omitempty"`
Embeddings EmbeddingsSpec `json:"embeddings,omitempty"`

3
internal/appliance/dev/compare-helm/compare-helm.go
View File

@ -25,6 +25,7 @@ func main() {
helmTemplateExtraArgs := flag.String("helm-template-extra-args", "", "extra args to pass to `helm template`")
component := flag.String("component", "", "Which SG service to target (comma-separated list).")
goldenFile := flag.String("golden-file", "", "Which golden fixture to compare.")
diffArgs := flag.String("diff-args", "", "Extra arguments to pass to diff(1).")
noColor := flag.Bool("no-color", false, "Do not try to produce diffs in color. This is necessary for non-GNU diff users.")
flag.Parse()
@ -102,7 +103,7 @@ func main() {
must(sortedHelmResourceFile.Close())
must(sortedGoldenFile.Close())
var diffCmdArgs []string
diffCmdArgs := strings.Fields(*diffArgs)
if !*noColor {
diffCmdArgs = append(diffCmdArgs, "--color=auto")
}

2
internal/appliance/reconciler/BUILD.bazel
View File

@ -6,6 +6,7 @@ go_library(
srcs = [
"blobstore.go",
"cadvisor.go",
"codeinsights.go",
"codeintel.go",
"gitserver.go",
"kubernetes.go",
@ -66,6 +67,7 @@ go_test(
srcs = [
"blobstore_test.go",
"cadvisor_test.go",
"codeinsights_test.go",
"codeintel_test.go",
"gitserver_test.go",
"golden_test.go",

208
internal/appliance/reconciler/codeinsights.go Normal file
View File

@ -0,0 +1,208 @@
package reconciler
import (
"context"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
"k8s.io/apimachinery/pkg/util/intstr"
"sigs.k8s.io/controller-runtime/pkg/client"
"github.com/sourcegraph/sourcegraph/internal/appliance/config"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/configmap"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/container"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/pod"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/pvc"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/secret"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/service"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/serviceaccount"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/statefulset"
"github.com/sourcegraph/sourcegraph/lib/pointers"
)
func (r *Reconciler) reconcileCodeInsights(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
if err := r.reconcileCodeInsightsStatefulSet(ctx, sg, owner); err != nil {
return err
}
if err := r.reconcileCodeInsightsPersistentVolumeClaim(ctx, sg, owner); err != nil {
return err
}
if err := r.reconcileCodeInsightsConfigMap(ctx, sg, owner); err != nil {
return err
}
if err := r.reconcileCodeInsightsSecret(ctx, sg, owner); err != nil {
return err
}
if err := r.reconcileCodeInsightsService(ctx, sg, owner); err != nil {
return err
}
if err := r.reconcileCodeInsightsServiceAccount(ctx, sg, owner); err != nil {
return err
}
return nil
}
func (r *Reconciler) reconcileCodeInsightsStatefulSet(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
cfg := sg.Spec.CodeInsights
name := "codeinsights-db"
ctrImage, err := config.GetDefaultImage(sg, name)
if err != nil {
return err
}
ctr := container.NewContainer("codeinsights", cfg, config.ContainerConfig{
Image: ctrImage,
Resources: &corev1.ResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceCPU: resource.MustParse("4"),
corev1.ResourceMemory: resource.MustParse("2Gi"),
},
Limits: corev1.ResourceList{
corev1.ResourceCPU: resource.MustParse("4"),
corev1.ResourceMemory: resource.MustParse("2Gi"),
},
},
})
ctr.SecurityContext = &corev1.SecurityContext{
RunAsUser: pointers.Ptr[int64](70),
RunAsGroup: pointers.Ptr[int64](70),
AllowPrivilegeEscalation: pointers.Ptr(false),
ReadOnlyRootFilesystem: pointers.Ptr(true),
}
databaseSecretName := "codeinsights-db-auth"
ctr.Env = append(ctr.Env, container.EnvVarsPostgres(databaseSecretName)...)
ctr.Env = append(
ctr.Env,
corev1.EnvVar{Name: "PGDATA", Value: "/var/lib/postgresql/data/pgdata"},
corev1.EnvVar{Name: "POSTGRESQL_CONF_DIR", Value: "/conf"},
)
ctr.Ports = []corev1.ContainerPort{{Name: name, ContainerPort: 5432}}
ctr.VolumeMounts = []corev1.VolumeMount{
{Name: "disk", MountPath: "/var/lib/postgresql/data/"},
{Name: "codeinsights-conf", MountPath: "/conf"},
{Name: "lockdir", MountPath: "/var/run/postgresql"},
}
initCtrImage, err := config.GetDefaultImage(sg, "alpine")
if err != nil {
return err
}
initCtr := container.NewContainer("correct-data-dir-permissions", cfg, config.ContainerConfig{
Image: initCtrImage,
Resources: &corev1.ResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceCPU: resource.MustParse("10m"),
corev1.ResourceMemory: resource.MustParse("50Mi"),
},
Limits: corev1.ResourceList{
corev1.ResourceCPU: resource.MustParse("10m"),
corev1.ResourceMemory: resource.MustParse("50Mi"),
},
},
})
initCtr.SecurityContext = &corev1.SecurityContext{
RunAsUser: pointers.Ptr[int64](70),
RunAsGroup: pointers.Ptr[int64](70),
AllowPrivilegeEscalation: pointers.Ptr(false),
ReadOnlyRootFilesystem: pointers.Ptr(true),
}
initCtr.VolumeMounts = []corev1.VolumeMount{{Name: "disk", MountPath: "/var/lib/postgresql/data"}}
initCtr.Command = []string{"sh", "-c", "if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; fi"}
pgExpCtrImage, err := config.GetDefaultImage(sg, "pgsql-exporter")
if err != nil {
return err
}
pgExpCtr := container.NewContainer("pgsql-exporter", cfg, config.ContainerConfig{
Image: pgExpCtrImage,
Resources: &corev1.ResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceCPU: resource.MustParse("10m"),
corev1.ResourceMemory: resource.MustParse("50Mi"),
},
Limits: corev1.ResourceList{
corev1.ResourceCPU: resource.MustParse("10m"),
corev1.ResourceMemory: resource.MustParse("50Mi"),
},
},
})
pgExpCtr.Env = append(pgExpCtr.Env, container.EnvVarsPostgresExporter(databaseSecretName)...)
pgExpCtr.Env = append(pgExpCtr.Env, corev1.EnvVar{
Name: "PG_EXPORTER_EXTEND_QUERY_PATH", Value: "/config/code_insights_queries.yaml",
})
podVolumes := []corev1.Volume{
pod.NewVolumeFromPVC("disk", name),
pod.NewVolumeFromConfigMap("codeinsights-conf", "codeinsights-db-conf"),
pod.NewVolumeEmptyDir("lockdir"),
}
podTemplate := pod.NewPodTemplate(name, cfg)
podTemplate.Template.Spec.TerminationGracePeriodSeconds = pointers.Ptr[int64](120)
podTemplate.Template.Spec.InitContainers = []corev1.Container{initCtr}
podTemplate.Template.Spec.Containers = []corev1.Container{ctr, pgExpCtr}
podTemplate.Template.Spec.ServiceAccountName = name
podTemplate.Template.Spec.Volumes = podVolumes
podTemplate.Template.Spec.SecurityContext = &corev1.PodSecurityContext{
FSGroup: pointers.Ptr[int64](70),
RunAsUser: pointers.Ptr[int64](70),
RunAsGroup: pointers.Ptr[int64](70),
FSGroupChangePolicy: pointers.Ptr(corev1.FSGroupChangeOnRootMismatch),
}
sset := statefulset.NewStatefulSet(name, sg.Namespace, sg.Spec.RequestedVersion)
sset.Spec.Template = podTemplate.Template
return reconcileObject(ctx, r, sg.Spec.CodeInsights, &sset, &appsv1.StatefulSet{}, sg, owner)
}
func (r *Reconciler) reconcileCodeInsightsPersistentVolumeClaim(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
cfg := sg.Spec.CodeInsights
p, err := pvc.NewPersistentVolumeClaim("codeinsights-db", sg.Namespace, cfg)
if err != nil {
return err
}
return reconcileObject(ctx, r, sg.Spec.CodeInsights, &p, &corev1.PersistentVolumeClaim{}, sg, owner)
}
func (r *Reconciler) reconcileCodeInsightsConfigMap(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
cm := configmap.NewConfigMap("codeinsights-db-conf", sg.Namespace)
cm.Data = map[string]string{"postgresql.conf": string(config.CodeInsightsConfig)}
return reconcileObject(ctx, r, sg.Spec.CodeInsights, &cm, &corev1.ConfigMap{}, sg, owner)
}
func (r *Reconciler) reconcileCodeInsightsSecret(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
scrt := secret.NewSecret("codeinsights-db-auth", sg.Namespace, sg.Spec.RequestedVersion)
cn := sg.Spec.CodeInsights.DatabaseConnection
scrt.Data = map[string][]byte{
"host": []byte(cn.Host),
"port": []byte(cn.Port),
"user": []byte(cn.User),
"password": []byte(cn.Password),
"database": []byte(cn.Database),
}
return reconcileObject(ctx, r, sg.Spec.CodeInsights, &scrt, &corev1.Secret{}, sg, owner)
}
func (r *Reconciler) reconcileCodeInsightsService(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
name := "codeinsights-db"
svc := service.NewService(name, sg.Namespace, sg.Spec.CodeInsights)
svc.Spec.Ports = []corev1.ServicePort{{Name: name, TargetPort: intstr.FromString(name), Port: 5432}}
svc.Spec.Selector = map[string]string{"app": name}
return reconcileObject(ctx, r, sg.Spec.CodeInsights, &svc, &corev1.Service{}, sg, owner)
}
func (r *Reconciler) reconcileCodeInsightsServiceAccount(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
cfg := sg.Spec.CodeInsights
sa := serviceaccount.NewServiceAccount("codeinsights-db", sg.Namespace, cfg)
return reconcileObject(ctx, r, sg.Spec.CodeInsights, &sa, &corev1.ServiceAccount{}, sg, owner)
}

14
internal/appliance/reconciler/codeinsights_test.go Normal file
View File

@ -0,0 +1,14 @@
package reconciler
func (suite *ApplianceTestSuite) TestDeployCodeInsights() {
for _, tc := range []struct {
name string
}{
{name: "codeinsights/default"},
} {
suite.Run(tc.name, func() {
namespace := suite.createConfigMapAndAwaitReconciliation(tc.name)
suite.makeGoldenAssertions(namespace, tc.name)
})
}
}

5
internal/appliance/reconciler/reconcile.go
View File

@ -96,8 +96,11 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
if err := r.reconcilePreciseCodeIntel(ctx, &sourcegraph, &applianceSpec); err != nil {
return ctrl.Result{}, errors.Newf("failed to reconcile precise code intel: %w", err)
}
if err := r.reconcileCodeInsights(ctx, &sourcegraph, &applianceSpec); err != nil {
return ctrl.Result{}, errors.Newf("failed to reconcile code insights DB: %w", err)
}
if err := r.reconcileCodeIntel(ctx, &sourcegraph, &applianceSpec); err != nil {
return ctrl.Result{}, errors.Newf("failed to reconcile precise code intel: %w", err)
return ctrl.Result{}, errors.Newf("failed to reconcile code intel DB: %w", err)
}
if err := r.reconcilePrometheus(ctx, &sourcegraph, &applianceSpec); err != nil {
return ctrl.Result{}, errors.Newf("failed to reconcile prometheus: %w", err)

473
internal/appliance/reconciler/testdata/golden-fixtures/codeinsights/default.yaml vendored Normal file
View File

@ -0,0 +1,473 @@
resources:
- apiVersion: apps/v1
kind: StatefulSet
metadata:
annotations:
appliance.sourcegraph.com/configHash: 18dd4e4e970066ab9a3dab34f8ed6fc75edf971b75e13f569abcf7a31ec1a330
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 1
labels:
app.kubernetes.io/component: codeinsights-db
app.kubernetes.io/name: sourcegraph
app.kubernetes.io/version: 5.3.9104
deploy: sourcegraph
name: codeinsights-db
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
minReadySeconds: 10
persistentVolumeClaimRetentionPolicy:
whenDeleted: Retain
whenScaled: Retain
podManagementPolicy: OrderedReady
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: codeinsights-db
serviceName: codeinsights-db
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: codeinsights-db
creationTimestamp: null
labels:
app: codeinsights-db
deploy: sourcegraph
name: codeinsights-db
spec:
containers:
- env:
- name: POSTGRES_DATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
- name: POSTGRES_DB
value: $(POSTGRES_DATABASE)
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRESQL_CONF_DIR
value: /conf
image: index.docker.io/sourcegraph/codeinsights-db:5.3.2@sha256:c4a1bd3908658e1c09558a638e378e5570d5f669d27f9f867eeda25fe60cb88f
imagePullPolicy: IfNotPresent
name: codeinsights
ports:
- containerPort: 5432
name: codeinsights-db
protocol: TCP
resources:
limits:
cpu: "4"
memory: 2Gi
requests:
cpu: "4"
memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 70
runAsUser: 70
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/lib/postgresql/data/
name: disk
- mountPath: /conf
name: codeinsights-conf
- mountPath: /var/run/postgresql
name: lockdir
- env:
- name: DATA_SOURCE_DB
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: DATA_SOURCE_PASS
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: DATA_SOURCE_PORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: DATA_SOURCE_USER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
- name: DATA_SOURCE_URI
value: 127.0.0.1:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable
- name: PG_EXPORTER_EXTEND_QUERY_PATH
value: /config/code_insights_queries.yaml
image: index.docker.io/sourcegraph/postgres_exporter:5.3.2@sha256:b9fa66fbcb4cc2d466487259db4ae2deacd7651dac4a9e28c9c7fc36523699d0
imagePullPolicy: IfNotPresent
name: pgsql-exporter
resources:
limits:
cpu: 10m
memory: 50Mi
requests:
cpu: 10m
memory: 50Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
dnsPolicy: ClusterFirst
initContainers:
- command:
- sh
- -c
- if [ -d /var/lib/postgresql/data/pgdata ]; then chmod 750 /var/lib/postgresql/data/pgdata; fi
image: index.docker.io/sourcegraph/alpine-3.14:5.3.2@sha256:982220e0fd8ce55a73798fa7e814a482c4807c412f054c8440c5970b610239b7
imagePullPolicy: IfNotPresent
name: correct-data-dir-permissions
resources:
limits:
cpu: 10m
memory: 50Mi
requests:
cpu: 10m
memory: 50Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 70
runAsUser: 70
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: disk
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 70
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 70
runAsUser: 70
serviceAccount: codeinsights-db
serviceAccountName: codeinsights-db
terminationGracePeriodSeconds: 120
volumes:
- name: disk
persistentVolumeClaim:
claimName: codeinsights-db
- configMap:
defaultMode: 511
name: codeinsights-db-conf
name: codeinsights-conf
- emptyDir: {}
name: lockdir
updateStrategy:
type: RollingUpdate
status:
availableReplicas: 0
replicas: 0
- apiVersion: v1
data:
postgresql.conf: |
#------------------------------------------------------------------------------
# POSTGRESQL DEFAULT CONFIGURATION
#------------------------------------------------------------------------------
# Below is PostgreSQL default configuration.
# You should apply your own customization in the CUSTOMIZED OPTIONS section below
# to avoid merge conflict in the future.
listen_addresses = '*'
max_connections = 100
shared_buffers = 128MB
dynamic_shared_memory_type = posix
max_wal_size = 1GB
min_wal_size = 80MB
log_timezone = 'UTC'
datestyle = 'iso, mdy'
timezone = 'UTC'
lc_messages = 'en_US.utf8'
lc_monetary = 'en_US.utf8'
lc_numeric = 'en_US.utf8'
lc_time = 'en_US.utf8'
default_text_search_config = 'pg_catalog.english'
#------------------------------------------------------------------------------
# SOURCEGRAPH RECOMMENDED OPTIONS
#------------------------------------------------------------------------------
# Below is Sourcegraph recommended Postgres configuration based on the default resource configuration.
# You should apply your own customization in the CUSTOMIZED OPTIONS section below
# to avoid merge conflict in the future.
shared_buffers = 509546kB
work_mem = 3184kB
maintenance_work_mem = 254773kB
effective_io_concurrency = 200
max_worker_processes = 19
max_parallel_workers_per_gather = 4
max_parallel_workers = 8
wal_buffers = 15285kB
min_wal_size = 512MB
checkpoint_completion_target = 0.9
random_page_cost = 1.1
effective_cache_size = 1492MB
default_statistics_target = 500
autovacuum_max_workers = 10
autovacuum_naptime = 10
shared_preload_libraries = ''
max_locks_per_transaction = 64
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
# Add your customization by using 'codeInsightsDB.additionalConfig' in your override file.
# Learn more: https://docs.sourcegraph.com/admin/config/postgres-conf
immutable: false
kind: ConfigMap
metadata:
annotations:
appliance.sourcegraph.com/configHash: 18dd4e4e970066ab9a3dab34f8ed6fc75edf971b75e13f569abcf7a31ec1a330
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: codeinsights-db-conf
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: v1
data:
spec: |
spec:
requestedVersion: "5.3.9104"
blobstore:
disabled: true
codeInsights: {}
codeIntel:
disabled: true
frontend:
disabled: true
gitServer:
disabled: true
indexedSearch:
disabled: true
indexedSearchIndexer:
disabled: true
pgsql:
disabled: true
postgresExporter:
disabled: true
preciseCodeIntel:
disabled: true
redisCache:
disabled: true
redisExporter:
disabled: true
redisStore:
disabled: true
repoUpdater:
disabled: true
searcher:
disabled: true
symbols:
disabled: true
syntectServer:
disabled: true
worker:
disabled: true
prometheus:
disabled: true
embeddings:
disabled: true
kind: ConfigMap
metadata:
annotations:
appliance.sourcegraph.com/currentVersion: 5.3.9104
appliance.sourcegraph.com/managed: "true"
creationTimestamp: "2024-04-19T00:00:00Z"
name: sg
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
appliance.sourcegraph.com/configHash: 18dd4e4e970066ab9a3dab34f8ed6fc75edf971b75e13f569abcf7a31ec1a330
creationTimestamp: "2024-04-19T00:00:00Z"
finalizers:
- kubernetes.io/pvc-protection
labels:
deploy: sourcegraph
name: codeinsights-db
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
volumeMode: Filesystem
status:
phase: Pending
- apiVersion: v1
data:
database: cG9zdGdyZXM=
host: Y29kZWluc2lnaHRzLWRi
password: cGFzc3dvcmQ=
port: NTQzMg==
user: cG9zdGdyZXM=
kind: Secret
metadata:
annotations:
appliance.sourcegraph.com/configHash: 18dd4e4e970066ab9a3dab34f8ed6fc75edf971b75e13f569abcf7a31ec1a330
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app.kubernetes.io/component: codeinsights-db-auth
app.kubernetes.io/name: sourcegraph
app.kubernetes.io/version: 5.3.9104
deploy: sourcegraph
name: codeinsights-db-auth
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
type: Opaque
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
appliance.sourcegraph.com/configHash: 18dd4e4e970066ab9a3dab34f8ed6fc75edf971b75e13f569abcf7a31ec1a330
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: codeinsights-db
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: 18dd4e4e970066ab9a3dab34f8ed6fc75edf971b75e13f569abcf7a31ec1a330
prometheus.io/port: "9187"
sourcegraph.prometheus/scrape: "true"
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: codeinsights-db
app.kubernetes.io/component: codeinsights-db
deploy: sourcegraph
name: codeinsights-db
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: codeinsights-db
port: 5432
protocol: TCP
targetPort: codeinsights-db
selector:
app: codeinsights-db
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}

61
internal/appliance/reconciler/testdata/sg/codeinsights/default.yaml vendored Normal file
View File

@ -0,0 +1,61 @@
spec:
requestedVersion: "5.3.9104"
blobstore:
disabled: true
codeInsights: {}
codeIntel:
disabled: true
frontend:
disabled: true
gitServer:
disabled: true
indexedSearch:
disabled: true
indexedSearchIndexer:
disabled: true
pgsql:
disabled: true
postgresExporter:
disabled: true
preciseCodeIntel:
disabled: true
redisCache:
disabled: true
redisExporter:
disabled: true
redisStore:
disabled: true
repoUpdater:
disabled: true
searcher:
disabled: true
symbols:
disabled: true
syntectServer:
disabled: true
worker:
disabled: true
prometheus:
disabled: true
embeddings:
disabled: true