artin/sourcegraph
1
0
Fork 0
mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 11:01:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(appliance): redeploy various services when pg/redis config changes (#63954)

Browse Source 
Builds on
https://github.com/sourcegraph/sourcegraph/pull/63845, and closes
https://linear.app/sourcegraph/issue/REL-14/ensure-pods-roll-when-referenced-secret-changes.

When one of the 3 DB configs changes, an annotation "checksum/auth" on
frontend's deployment's spec.template.metadata should change on next
reconcile. This will cause pods to roll, picking up the new secret
values. It should also cause the top-level annotation configHash to
change, which indicates to the appliance that the kubernetes resource
should be updated.

A similar mechanism is implemented for "checksum/redis", on every
service that uses redis (obtained by grepping the helm chart for the
same annotation).
This commit is contained in:
Craig Furman 2024-07-22 09:44:12 +01:00 committed by GitHub
parent 5a52cbc106
commit e81c39a834
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
35 changed files with 2595 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/appliance/reconciler/BUILD.bazel
View File

@ -21,6 +21,7 @@ go_library(
"redis.go",
"repo_updater.go",
"searcher.go",
"secret_management.go",
"symbols.go",
"syntect.go",
"worker.go",

73
internal/appliance/reconciler/frontend.go
View File

@ -7,12 +7,9 @@ import (
corev1 "k8s.io/api/core/v1"
netv1 "k8s.io/api/networking/v1"
rbacv1 "k8s.io/api/rbac/v1"
kerrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/resource"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/intstr"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/log"
"github.com/sourcegraph/sourcegraph/internal/appliance/config"
"github.com/sourcegraph/sourcegraph/internal/k8s/resource/container"
@ -27,12 +24,6 @@ import (
"github.com/sourcegraph/sourcegraph/lib/pointers"
)
const (
pgsqlSecretName = "pgsql-auth"
codeInsightsDBSecretName = "codeinsights-db-auth"
codeIntelDBSecretName = "codeintel-db-auth"
)
func (r *Reconciler) reconcileFrontend(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
if err := r.reconcileFrontendDeployment(ctx, sg, owner); err != nil {
return errors.Wrap(err, "reconciling Deployment")
@ -116,24 +107,31 @@ func (r *Reconciler) reconcileFrontendDeployment(ctx context.Context, sg *config
{Name: "home-dir", MountPath: "/home/sourcegraph"},
}
dbConnSpec, err := r.getDBSecret(ctx, sg, pgsqlSecretName)
template := pod.NewPodTemplate("sourcegraph-frontend", cfg)
dbConnSpecs, err := r.getDBSecrets(ctx, sg)
if err != nil {
return err
}
dbConnHash, err := configHash(dbConnSpecs)
if err != nil {
return err
}
template.Template.ObjectMeta.Annotations["checksum/auth"] = dbConnHash
redisConnSpecs, err := r.getRedisSecrets(ctx, sg)
if err != nil {
return err
}
redisConnHash, err := configHash(redisConnSpecs)
if err != nil {
return err
}
template.Template.ObjectMeta.Annotations["checksum/redis"] = redisConnHash
template := pod.NewPodTemplate("sourcegraph-frontend", cfg)
template.Template.Spec.Containers = []corev1.Container{ctr}
template.Template.Spec.Volumes = []corev1.Volume{pod.NewVolumeEmptyDir("home-dir")}
template.Template.Spec.ServiceAccountName = "sourcegraph-frontend"
if dbConnSpec != nil {
dbConnHash, err := configHash(dbConnSpec)
if err != nil {
return err
}
template.Template.ObjectMeta.Annotations["checksum/auth"] = dbConnHash
}
if cfg.Migrator {
migratorImage := config.GetDefaultImage(sg, "migrator")
migratorCtr := container.NewContainer("migrator", cfg, config.ContainerConfig{
@ -165,44 +163,17 @@ func (r *Reconciler) reconcileFrontendDeployment(ctx context.Context, sg *config
ifChanged := struct {
config.FrontendSpec
PG *config.DatabaseConnectionSpec `json:"pg,omitempty"`
DBConnSpecs
RedisConnSpecs
}{
FrontendSpec: cfg,
PG: dbConnSpec,
FrontendSpec: cfg,
DBConnSpecs: dbConnSpecs,
RedisConnSpecs: redisConnSpecs,
}
return reconcileObject(ctx, r, ifChanged, &dep, &appsv1.Deployment{}, sg, owner)
}
func (r *Reconciler) getDBSecret(ctx context.Context, sg *config.Sourcegraph, secretName string) (*config.DatabaseConnectionSpec, error) {
var dbSecret corev1.Secret
dbSecretName := types.NamespacedName{Name: secretName, Namespace: sg.Namespace}
if err := r.Client.Get(ctx, dbSecretName, &dbSecret); err != nil {
if !kerrors.IsNotFound(err) {
return nil, errors.Wrapf(err, "getting DB secret %s", secretName)
}
// If we cannot find the secret, return nil but also no error. We can
// still serialize an ifChanged object in reconcileFrontendDeployment().
// We should do this rather than fail the reconcile loop here, because
// Kubernetes does not have inter-service dependencies, so it is
// idiomatic to finish the loop even if the desired global final state
// has not been reached. The next reconciliation after the secret exists
// will yield a different result, which will cause deployed pods to roll
// (since the spec.template.metadata.annotations changes).
log.FromContext(ctx).Info("could not find database secret", "secretName", secretName, "err", err)
return nil, nil
}
return &config.DatabaseConnectionSpec{
Host: string(dbSecret.Data["host"]),
Port: string(dbSecret.Data["port"]),
User: string(dbSecret.Data["user"]),
Password: string(dbSecret.Data["password"]),
Database: string(dbSecret.Data["database"]),
}, nil
}
func (r *Reconciler) reconcileFrontendService(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {
name := "sourcegraph-frontend"
cfg := sg.Spec.Frontend

111
internal/appliance/reconciler/frontend_test.go
View File

@ -1,6 +1,8 @@
package reconciler
import (
"fmt"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@ -22,36 +24,85 @@ func (suite *ApplianceTestSuite) TestDeployFrontend() {
}
}
func (suite *ApplianceTestSuite) TestFrontendDeploymentRollsWhenPGSecretChanges() {
// Create the frontend before the PGSQL secret exists. In general, this
// might happen, depending on the order of the reconcile loop. If we
// introducce concurrency to this, we'll have little control over what
// happens first.
namespace := suite.createConfigMapAndAwaitReconciliation("frontend/default")
func (suite *ApplianceTestSuite) TestFrontendDeploymentRollsWhenPGSecretsChange() {
for _, tc := range []struct {
secret string
}{
{secret: pgsqlSecretName},
{secret: codeInsightsDBSecretName},
{secret: codeIntelDBSecretName},
} {
suite.Run(tc.secret, func() {
// Create the frontend before the PGSQL secret exists. In general, this
// might happen, depending on the order of the reconcile loop. If we
// introducce concurrency to this, we'll have little control over what
// happens first.
namespace := suite.createConfigMapAndAwaitReconciliation("frontend/default")
// Create the PGSQL secret.
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: pgsqlSecretName,
},
StringData: map[string]string{
"host": "example.com",
"port": "5432",
"user": "alice",
"password": "letmein",
"database": "sg",
},
// Create the PGSQL secret.
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: tc.secret,
},
StringData: map[string]string{
"host": "example.com",
"port": "5432",
"user": "alice",
"password": "letmein",
"database": "sg",
},
}
_, err := suite.k8sClient.CoreV1().Secrets(namespace).Create(suite.ctx, secret, metav1.CreateOptions{})
suite.Require().NoError(err)
// We have to make a config change to trigger the reconcile loop
suite.awaitReconciliation(namespace, func() {
cfgMap := suite.newConfigMap(namespace, "frontend/default")
cfgMap.GetAnnotations()["force-reconcile"] = "1"
_, err := suite.k8sClient.CoreV1().ConfigMaps(namespace).Update(suite.ctx, cfgMap, metav1.UpdateOptions{})
suite.Require().NoError(err)
})
suite.makeGoldenAssertions(namespace, fmt.Sprintf("frontend/after-create-%s-secret", tc.secret))
})
}
}
func (suite *ApplianceTestSuite) TestFrontendDeploymentRollsWhenRedisSecretsChange() {
for _, tc := range []struct {
secret string
}{
{secret: redisCacheSecretName},
{secret: redisStoreSecretName},
} {
suite.Run(tc.secret, func() {
// Create the frontend before the PGSQL secret exists. In general, this
// might happen, depending on the order of the reconcile loop. If we
// introducce concurrency to this, we'll have little control over what
// happens first.
namespace := suite.createConfigMapAndAwaitReconciliation("frontend/default")
// Create the PGSQL secret.
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: tc.secret,
},
StringData: map[string]string{
"endpoint": "example.com",
},
}
_, err := suite.k8sClient.CoreV1().Secrets(namespace).Create(suite.ctx, secret, metav1.CreateOptions{})
suite.Require().NoError(err)
// We have to make a config change to trigger the reconcile loop
suite.awaitReconciliation(namespace, func() {
cfgMap := suite.newConfigMap(namespace, "frontend/default")
cfgMap.GetAnnotations()["force-reconcile"] = "1"
_, err := suite.k8sClient.CoreV1().ConfigMaps(namespace).Update(suite.ctx, cfgMap, metav1.UpdateOptions{})
suite.Require().NoError(err)
})
suite.makeGoldenAssertions(namespace, fmt.Sprintf("frontend/after-create-%s-secret", tc.secret))
})
}
_, err := suite.k8sClient.CoreV1().Secrets(namespace).Create(suite.ctx, secret, metav1.CreateOptions{})
suite.Require().NoError(err)
// We have to make a config change to trigger the reconcile loop
suite.awaitReconciliation(namespace, func() {
cfgMap := suite.newConfigMap(namespace, "frontend/default")
cfgMap.GetAnnotations()["force-reconcile"] = "1"
_, err := suite.k8sClient.CoreV1().ConfigMaps(namespace).Update(suite.ctx, cfgMap, metav1.UpdateOptions{})
suite.Require().NoError(err)
})
suite.makeGoldenAssertions(namespace, "frontend/after-create-pg-secret")
}

19
internal/appliance/reconciler/gitserver.go
View File

@ -92,6 +92,16 @@ func (r *Reconciler) reconcileGitServerStatefulSet(ctx context.Context, sg *conf
}
podTemplate := pod.NewPodTemplate(name, cfg)
redisConnSpecs, err := r.getRedisSecrets(ctx, sg)
if err != nil {
return err
}
redisConnHash, err := configHash(redisConnSpecs)
if err != nil {
return err
}
podTemplate.Template.ObjectMeta.Annotations["checksum/redis"] = redisConnHash
podTemplate.Template.Spec.Containers = []corev1.Container{ctr}
podTemplate.Template.Spec.ServiceAccountName = name
podTemplate.Template.Spec.Volumes = podVolumes
@ -105,7 +115,14 @@ func (r *Reconciler) reconcileGitServerStatefulSet(ctx context.Context, sg *conf
sset.Spec.Template = podTemplate.Template
sset.Spec.VolumeClaimTemplates = []corev1.PersistentVolumeClaim{pvc}
return reconcileObject(ctx, r, sg.Spec.GitServer, &sset, &appsv1.StatefulSet{}, sg, owner)
ifChanged := struct {
config.GitServerSpec
RedisConnSpecs
}{
GitServerSpec: cfg,
RedisConnSpecs: redisConnSpecs,
}
return reconcileObject(ctx, r, ifChanged, &sset, &appsv1.StatefulSet{}, sg, owner)
}
func (r *Reconciler) reconcileGitServerService(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {

19
internal/appliance/reconciler/repo_updater.go
View File

@ -95,13 +95,30 @@ func (r *Reconciler) reconcileRepoUpdaterDeployment(ctx context.Context, sg *con
}
podTemplate := pod.NewPodTemplate(name, cfg)
redisConnSpecs, err := r.getRedisSecrets(ctx, sg)
if err != nil {
return err
}
redisConnHash, err := configHash(redisConnSpecs)
if err != nil {
return err
}
podTemplate.Template.ObjectMeta.Annotations["checksum/redis"] = redisConnHash
podTemplate.Template.Spec.Containers = []corev1.Container{ctr}
dep := deployment.NewDeployment(name, sg.Namespace, sg.Spec.RequestedVersion)
dep.Spec.Template = podTemplate.Template
dep.Spec.Template.Spec.ServiceAccountName = name
return reconcileObject(ctx, r, sg.Spec.RepoUpdater, &dep, &appsv1.Deployment{}, sg, owner)
ifChanged := struct {
config.RepoUpdaterSpec
RedisConnSpecs
}{
RepoUpdaterSpec: cfg,
RedisConnSpecs: redisConnSpecs,
}
return reconcileObject(ctx, r, ifChanged, &dep, &appsv1.Deployment{}, sg, owner)
}
func (r *Reconciler) reconcileRepoUpdaterServiceAccount(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {

19
internal/appliance/reconciler/searcher.go
View File

@ -91,6 +91,16 @@ func (r *Reconciler) reconcileSearcherStatefulSet(ctx context.Context, sg *confi
}
podTemplate := pod.NewPodTemplate(name, cfg)
redisConnSpecs, err := r.getRedisSecrets(ctx, sg)
if err != nil {
return err
}
redisConnHash, err := configHash(redisConnSpecs)
if err != nil {
return err
}
podTemplate.Template.ObjectMeta.Annotations["checksum/redis"] = redisConnHash
podTemplate.Template.Spec.Containers = []corev1.Container{ctr}
podTemplate.Template.Spec.Volumes = []corev1.Volume{
{Name: "cache"},
@ -108,7 +118,14 @@ func (r *Reconciler) reconcileSearcherStatefulSet(ctx context.Context, sg *confi
sset.Spec.Replicas = &cfg.Replicas
sset.Spec.VolumeClaimTemplates = []corev1.PersistentVolumeClaim{pvc}
return reconcileObject(ctx, r, cfg, &sset, &appsv1.StatefulSet{}, sg, owner)
ifChanged := struct {
config.SearcherSpec
RedisConnSpecs
}{
SearcherSpec: cfg,
RedisConnSpecs: redisConnSpecs,
}
return reconcileObject(ctx, r, ifChanged, &sset, &appsv1.StatefulSet{}, sg, owner)
}
func (r *Reconciler) reconcileSearcherService(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {

122
internal/appliance/reconciler/secret_management.go Normal file
View File

@ -0,0 +1,122 @@
package reconciler
import (
"context"
corev1 "k8s.io/api/core/v1"
kerrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/log"
"github.com/sourcegraph/sourcegraph/internal/appliance/config"
"github.com/sourcegraph/sourcegraph/lib/errors"
)
// Utilities to cause rolling deployments when secrets change live here.
// Indirectly tested through service-definition-specific golden tests.
const (
pgsqlSecretName = "pgsql-auth"
codeInsightsDBSecretName = "codeinsights-db-auth"
codeIntelDBSecretName = "codeintel-db-auth"
redisCacheSecretName = "redis-cache"
redisStoreSecretName = "redis-store"
)
type DBConnSpecs struct {
PG *config.DatabaseConnectionSpec `json:"pg,omitempty"`
CodeIntel *config.DatabaseConnectionSpec `json:"codeintel,omitempty"`
CodeInsights *config.DatabaseConnectionSpec `json:"codeinsights,omitempty"`
}
type RedisConnSpecs struct {
Cache string `json:"cache,omitempty"`
Store string `json:"store,omitempty"`
}
func (r *Reconciler) getDBSecrets(ctx context.Context, sg *config.Sourcegraph) (DBConnSpecs, error) {
dbConnSpec, err := r.getDBSecret(ctx, sg, pgsqlSecretName)
if err != nil {
return DBConnSpecs{}, err
}
codeIntelConnSpec, err := r.getDBSecret(ctx, sg, codeIntelDBSecretName)
if err != nil {
return DBConnSpecs{}, err
}
codeInsightsConnSpec, err := r.getDBSecret(ctx, sg, codeInsightsDBSecretName)
if err != nil {
return DBConnSpecs{}, err
}
return DBConnSpecs{
PG: dbConnSpec,
CodeIntel: codeIntelConnSpec,
CodeInsights: codeInsightsConnSpec,
}, nil
}
func (r *Reconciler) getRedisSecrets(ctx context.Context, sg *config.Sourcegraph) (RedisConnSpecs, error) {
redisCacheEndpoint, err := r.getRedisSecret(ctx, sg, redisCacheSecretName)
if err != nil {
return RedisConnSpecs{}, err
}
redisStoreEndpoint, err := r.getRedisSecret(ctx, sg, redisStoreSecretName)
if err != nil {
return RedisConnSpecs{}, err
}
return RedisConnSpecs{
Cache: redisCacheEndpoint,
Store: redisStoreEndpoint,
}, nil
}
func (r *Reconciler) getDBSecret(ctx context.Context, sg *config.Sourcegraph, secretName string) (*config.DatabaseConnectionSpec, error) {
dbSecret, err := r.getSecret(ctx, sg, secretName)
if err != nil {
return nil, err
}
return &config.DatabaseConnectionSpec{
Host: string(dbSecret.Data["host"]),
Port: string(dbSecret.Data["port"]),
User: string(dbSecret.Data["user"]),
Password: string(dbSecret.Data["password"]),
Database: string(dbSecret.Data["database"]),
}, nil
}
func (r *Reconciler) getRedisSecret(ctx context.Context, sg *config.Sourcegraph, secretName string) (string, error) {
redisSecret, err := r.getSecret(ctx, sg, secretName)
if err != nil {
return "", err
}
return string(redisSecret.Data["endpoint"]), nil
}
func (r *Reconciler) getSecret(ctx context.Context, sg *config.Sourcegraph, secretName string) (*corev1.Secret, error) {
var secret corev1.Secret
secretNsName := types.NamespacedName{Name: secretName, Namespace: sg.Namespace}
if err := r.Client.Get(ctx, secretNsName, &secret); err != nil {
if !kerrors.IsNotFound(err) {
return nil, errors.Wrapf(err, "getting secret %s", secretName)
}
// If we cannot find the secret, return nil but also no error. We can
// still serialize an ifChanged object in reconcileFrontendDeployment().
// We should do this rather than fail the reconcile loop here, because
// Kubernetes does not have inter-service dependencies, so it is
// idiomatic to finish the loop even if the desired global final state
// has not been reached. The next reconciliation after the secret exists
// will yield a different result, which will cause deployed pods to roll
// (since the spec.template.metadata.annotations changes).
//
// We return a zero-valued secret to avoid nil pointer explosions. All
// data fields will be empty. Currently, all callers only use this
// function to hash the data to see if its changed, so this seems ok to
// do.
log.FromContext(ctx).Info("could not find secret", "secretName", secretName, "err", err)
return &corev1.Secret{}, nil
}
return &secret, nil
}

19
internal/appliance/reconciler/symbols.go
View File

@ -106,6 +106,16 @@ func (r *Reconciler) reconcileSymbolsStatefulSet(ctx context.Context, sg *config
}
podTemplate := pod.NewPodTemplate(name, cfg)
redisConnSpecs, err := r.getRedisSecrets(ctx, sg)
if err != nil {
return err
}
redisConnHash, err := configHash(redisConnSpecs)
if err != nil {
return err
}
podTemplate.Template.ObjectMeta.Annotations["checksum/redis"] = redisConnHash
podTemplate.Template.Spec.Containers = []corev1.Container{ctr}
podTemplate.Template.Spec.ServiceAccountName = name
podTemplate.Template.Spec.Volumes = []corev1.Volume{
@ -122,7 +132,14 @@ func (r *Reconciler) reconcileSymbolsStatefulSet(ctx context.Context, sg *config
sset.Spec.Template = podTemplate.Template
sset.Spec.VolumeClaimTemplates = []corev1.PersistentVolumeClaim{pvc}
return reconcileObject(ctx, r, sg.Spec.Symbols, &sset, &appsv1.StatefulSet{}, sg, owner)
ifChanged := struct {
config.SymbolsSpec
RedisConnSpecs
}{
SymbolsSpec: cfg,
RedisConnSpecs: redisConnSpecs,
}
return reconcileObject(ctx, r, ifChanged, &sset, &appsv1.StatefulSet{}, sg, owner)
}
func (r *Reconciler) reconcileSymbolsService(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {

563
internal/appliance/reconciler/testdata/golden-fixtures/frontend/after-create-codeinsights-db-auth-secret.yaml vendored Normal file
View File

@ -0,0 +1,563 @@
resources:
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: 8ba33f0d5cd3a002002cb645199a3566f6848bb71563df8d3fc5ba0d44f4b2ba
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 2
labels:
app.kubernetes.io/component: sourcegraph-frontend
app.kubernetes.io/name: sourcegraph
app.kubernetes.io/version: 5.3.9104
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
minReadySeconds: 10
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: sourcegraph-frontend
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
checksum/auth: 34304350e7a9487e6da52204b791f199519537b3e12598c3f81427228002f026
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:
app: sourcegraph-frontend
deploy: sourcegraph
name: sourcegraph-frontend
spec:
containers:
- args:
- serve
env:
- name: DEPLOY_TYPE
value: appliance
- name: PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: pgsql-auth
- name: PGHOST
valueFrom:
secretKeyRef:
key: host
name: pgsql-auth
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgsql-auth
- name: PGPORT
valueFrom:
secretKeyRef:
key: port
name: pgsql-auth
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: pgsql-auth
- name: CODEINTEL_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeintel-db-auth
- name: CODEINTEL_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeintel-db-auth
- name: CODEINTEL_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeintel-db-auth
- name: CODEINTEL_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeintel-db-auth
- name: CODEINTEL_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeintel-db-auth
- name: CODEINSIGHTS_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
- name: REDIS_CACHE_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: redis-cache
- name: REDIS_STORE_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: redis-store
- name: OTEL_AGENT_HOST
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: http://$(OTEL_AGENT_HOST):4317
image: index.docker.io/sourcegraph/frontend:5.3.9104
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: debug
scheme: HTTP
initialDelaySeconds: 300
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: frontend
ports:
- containerPort: 3080
name: http
protocol: TCP
- containerPort: 3090
name: http-internal
protocol: TCP
- containerPort: 6060
name: debug
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: debug
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: "2"
ephemeral-storage: 8Gi
memory: 4G
requests:
cpu: "2"
ephemeral-storage: 4Gi
memory: 2G
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /home/sourcegraph
name: home-dir
dnsPolicy: ClusterFirst
initContainers:
- args:
- up
env:
- name: DEPLOY_TYPE
value: appliance
- name: PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: pgsql-auth
- name: PGHOST
valueFrom:
secretKeyRef:
key: host
name: pgsql-auth
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgsql-auth
- name: PGPORT
valueFrom:
secretKeyRef:
key: port
name: pgsql-auth
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: pgsql-auth
- name: CODEINTEL_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeintel-db-auth
- name: CODEINTEL_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeintel-db-auth
- name: CODEINTEL_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeintel-db-auth
- name: CODEINTEL_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeintel-db-auth
- name: CODEINTEL_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeintel-db-auth
- name: CODEINSIGHTS_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
image: index.docker.io/sourcegraph/migrator:5.3.9104
imagePullPolicy: IfNotPresent
name: migrator
resources:
limits:
cpu: 500m
memory: 100M
requests:
cpu: 100m
memory: 50M
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 101
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 101
runAsUser: 100
serviceAccount: sourcegraph-frontend
serviceAccountName: sourcegraph-frontend
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: home-dir
status: {}
- apiVersion: v1
data:
spec: |
spec:
requestedVersion: "5.3.9104"
blobstore:
disabled: true
codeInsights:
disabled: true
codeIntel:
disabled: true
frontend: {}
grafana:
disabled: true
gitServer:
disabled: true
indexedSearch:
disabled: true
openTelemetry:
disabled: true
pgsql:
disabled: true
postgresExporter:
disabled: true
preciseCodeIntel:
disabled: true
redisCache:
disabled: true
redisStore:
disabled: true
repoUpdater:
disabled: true
searcher:
disabled: true
symbols:
disabled: true
syntectServer:
disabled: true
worker:
disabled: true
prometheus:
disabled: true
kind: ConfigMap
metadata:
annotations:
appliance.sourcegraph.com/currentVersion: 5.3.9104
appliance.sourcegraph.com/managed: "true"
force-reconcile: "1"
creationTimestamp: "2024-04-19T00:00:00Z"
name: sg
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sourcegraph-frontend
subjects:
- kind: ServiceAccount
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
- apiVersion: v1
data:
database: c2c=
host: ZXhhbXBsZS5jb20=
password: bGV0bWVpbg==
port: NTQzMg==
user: YWxpY2U=
kind: Secret
metadata:
creationTimestamp: "2024-04-19T00:00:00Z"
name: codeinsights-db-auth
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
type: Opaque
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
prometheus.io/port: "6060"
sourcegraph.prometheus/scrape: "true"
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: sourcegraph-frontend
app.kubernetes.io/component: sourcegraph-frontend
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 30080
protocol: TCP
targetPort: http
selector:
app: sourcegraph-frontend
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: sourcegraph-frontend-internal
app.kubernetes.io/component: sourcegraph-frontend-internal
deploy: sourcegraph
name: sourcegraph-frontend-internal
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http-internal
port: 80
protocol: TCP
targetPort: http-internal
selector:
app: sourcegraph-frontend
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}

563
internal/appliance/reconciler/testdata/golden-fixtures/frontend/after-create-codeintel-db-auth-secret.yaml vendored Normal file
View File

@ -0,0 +1,563 @@
resources:
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: 9749a17bd6b4982408effad39834fd1b74760e0518af90e920e9a418904cb792
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 2
labels:
app.kubernetes.io/component: sourcegraph-frontend
app.kubernetes.io/name: sourcegraph
app.kubernetes.io/version: 5.3.9104
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
minReadySeconds: 10
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: sourcegraph-frontend
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
checksum/auth: 42a16845bd61ad6619bcd81416e81c6e1761497b10b0c3082b04e459b8f75364
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:
app: sourcegraph-frontend
deploy: sourcegraph
name: sourcegraph-frontend
spec:
containers:
- args:
- serve
env:
- name: DEPLOY_TYPE
value: appliance
- name: PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: pgsql-auth
- name: PGHOST
valueFrom:
secretKeyRef:
key: host
name: pgsql-auth
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgsql-auth
- name: PGPORT
valueFrom:
secretKeyRef:
key: port
name: pgsql-auth
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: pgsql-auth
- name: CODEINTEL_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeintel-db-auth
- name: CODEINTEL_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeintel-db-auth
- name: CODEINTEL_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeintel-db-auth
- name: CODEINTEL_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeintel-db-auth
- name: CODEINTEL_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeintel-db-auth
- name: CODEINSIGHTS_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
- name: REDIS_CACHE_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: redis-cache
- name: REDIS_STORE_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: redis-store
- name: OTEL_AGENT_HOST
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: http://$(OTEL_AGENT_HOST):4317
image: index.docker.io/sourcegraph/frontend:5.3.9104
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: debug
scheme: HTTP
initialDelaySeconds: 300
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: frontend
ports:
- containerPort: 3080
name: http
protocol: TCP
- containerPort: 3090
name: http-internal
protocol: TCP
- containerPort: 6060
name: debug
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: debug
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: "2"
ephemeral-storage: 8Gi
memory: 4G
requests:
cpu: "2"
ephemeral-storage: 4Gi
memory: 2G
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /home/sourcegraph
name: home-dir
dnsPolicy: ClusterFirst
initContainers:
- args:
- up
env:
- name: DEPLOY_TYPE
value: appliance
- name: PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: pgsql-auth
- name: PGHOST
valueFrom:
secretKeyRef:
key: host
name: pgsql-auth
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgsql-auth
- name: PGPORT
valueFrom:
secretKeyRef:
key: port
name: pgsql-auth
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: pgsql-auth
- name: CODEINTEL_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeintel-db-auth
- name: CODEINTEL_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeintel-db-auth
- name: CODEINTEL_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeintel-db-auth
- name: CODEINTEL_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeintel-db-auth
- name: CODEINTEL_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeintel-db-auth
- name: CODEINSIGHTS_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
image: index.docker.io/sourcegraph/migrator:5.3.9104
imagePullPolicy: IfNotPresent
name: migrator
resources:
limits:
cpu: 500m
memory: 100M
requests:
cpu: 100m
memory: 50M
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 101
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 101
runAsUser: 100
serviceAccount: sourcegraph-frontend
serviceAccountName: sourcegraph-frontend
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: home-dir
status: {}
- apiVersion: v1
data:
spec: |
spec:
requestedVersion: "5.3.9104"
blobstore:
disabled: true
codeInsights:
disabled: true
codeIntel:
disabled: true
frontend: {}
grafana:
disabled: true
gitServer:
disabled: true
indexedSearch:
disabled: true
openTelemetry:
disabled: true
pgsql:
disabled: true
postgresExporter:
disabled: true
preciseCodeIntel:
disabled: true
redisCache:
disabled: true
redisStore:
disabled: true
repoUpdater:
disabled: true
searcher:
disabled: true
symbols:
disabled: true
syntectServer:
disabled: true
worker:
disabled: true
prometheus:
disabled: true
kind: ConfigMap
metadata:
annotations:
appliance.sourcegraph.com/currentVersion: 5.3.9104
appliance.sourcegraph.com/managed: "true"
force-reconcile: "1"
creationTimestamp: "2024-04-19T00:00:00Z"
name: sg
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sourcegraph-frontend
subjects:
- kind: ServiceAccount
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
- apiVersion: v1
data:
database: c2c=
host: ZXhhbXBsZS5jb20=
password: bGV0bWVpbg==
port: NTQzMg==
user: YWxpY2U=
kind: Secret
metadata:
creationTimestamp: "2024-04-19T00:00:00Z"
name: codeintel-db-auth
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
type: Opaque
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
prometheus.io/port: "6060"
sourcegraph.prometheus/scrape: "true"
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: sourcegraph-frontend
app.kubernetes.io/component: sourcegraph-frontend
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 30080
protocol: TCP
targetPort: http
selector:
app: sourcegraph-frontend
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: sourcegraph-frontend-internal
app.kubernetes.io/component: sourcegraph-frontend-internal
deploy: sourcegraph
name: sourcegraph-frontend-internal
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http-internal
port: 80
protocol: TCP
targetPort: http-internal
selector:
app: sourcegraph-frontend
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}

5
internal/appliance/reconciler/testdata/golden-fixtures/frontend/after-create-pg-secret.yaml → internal/appliance/reconciler/testdata/golden-fixtures/frontend/after-create-pgsql-auth-secret.yaml vendored
View File

@ -3,7 +3,7 @@ resources:
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: e32d95c60ed3e814ce53f11507d1c894ae3b417b653a9f307379b9252d6d5785
appliance.sourcegraph.com/configHash: 95c83c46bf588f45d3a2cc4b56b5d16ee8469f734f967ab0080702f7f8a11a9d
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 2
labels:
@ -38,7 +38,8 @@ resources:
template:
metadata:
annotations:
checksum/auth: 4e19711e205ab5b68efbd2490090e332c5309e36c925c97ca8d103722e3125a9
checksum/auth: a9aa88b6e9c7d8a774279a6a7afe96c66e6522533ca99f1b1eb7e80bb40bc3ff
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:

559
internal/appliance/reconciler/testdata/golden-fixtures/frontend/after-create-redis-cache-secret.yaml vendored Normal file
View File

@ -0,0 +1,559 @@
resources:
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: 830582994b55681116d55839f588157f1cfa9f35d2f3144c0dbfdebaa20e6cb5
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 2
labels:
app.kubernetes.io/component: sourcegraph-frontend
app.kubernetes.io/name: sourcegraph
app.kubernetes.io/version: 5.3.9104
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
minReadySeconds: 10
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: sourcegraph-frontend
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
checksum/auth: 64bb092df26e6c62383322ffa1cedee5083dbd8bfeba3e4a2f29492c1d8abfa4
checksum/redis: e548b6ad5e1acfcdc6b6071ca1ec718a97484e185109d353a2a9903c1820e8d1
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:
app: sourcegraph-frontend
deploy: sourcegraph
name: sourcegraph-frontend
spec:
containers:
- args:
- serve
env:
- name: DEPLOY_TYPE
value: appliance
- name: PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: pgsql-auth
- name: PGHOST
valueFrom:
secretKeyRef:
key: host
name: pgsql-auth
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgsql-auth
- name: PGPORT
valueFrom:
secretKeyRef:
key: port
name: pgsql-auth
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: pgsql-auth
- name: CODEINTEL_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeintel-db-auth
- name: CODEINTEL_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeintel-db-auth
- name: CODEINTEL_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeintel-db-auth
- name: CODEINTEL_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeintel-db-auth
- name: CODEINTEL_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeintel-db-auth
- name: CODEINSIGHTS_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
- name: REDIS_CACHE_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: redis-cache
- name: REDIS_STORE_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: redis-store
- name: OTEL_AGENT_HOST
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: http://$(OTEL_AGENT_HOST):4317
image: index.docker.io/sourcegraph/frontend:5.3.9104
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: debug
scheme: HTTP
initialDelaySeconds: 300
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: frontend
ports:
- containerPort: 3080
name: http
protocol: TCP
- containerPort: 3090
name: http-internal
protocol: TCP
- containerPort: 6060
name: debug
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: debug
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: "2"
ephemeral-storage: 8Gi
memory: 4G
requests:
cpu: "2"
ephemeral-storage: 4Gi
memory: 2G
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /home/sourcegraph
name: home-dir
dnsPolicy: ClusterFirst
initContainers:
- args:
- up
env:
- name: DEPLOY_TYPE
value: appliance
- name: PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: pgsql-auth
- name: PGHOST
valueFrom:
secretKeyRef:
key: host
name: pgsql-auth
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgsql-auth
- name: PGPORT
valueFrom:
secretKeyRef:
key: port
name: pgsql-auth
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: pgsql-auth
- name: CODEINTEL_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeintel-db-auth
- name: CODEINTEL_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeintel-db-auth
- name: CODEINTEL_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeintel-db-auth
- name: CODEINTEL_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeintel-db-auth
- name: CODEINTEL_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeintel-db-auth
- name: CODEINSIGHTS_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
image: index.docker.io/sourcegraph/migrator:5.3.9104
imagePullPolicy: IfNotPresent
name: migrator
resources:
limits:
cpu: 500m
memory: 100M
requests:
cpu: 100m
memory: 50M
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 101
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 101
runAsUser: 100
serviceAccount: sourcegraph-frontend
serviceAccountName: sourcegraph-frontend
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: home-dir
status: {}
- apiVersion: v1
data:
spec: |
spec:
requestedVersion: "5.3.9104"
blobstore:
disabled: true
codeInsights:
disabled: true
codeIntel:
disabled: true
frontend: {}
grafana:
disabled: true
gitServer:
disabled: true
indexedSearch:
disabled: true
openTelemetry:
disabled: true
pgsql:
disabled: true
postgresExporter:
disabled: true
preciseCodeIntel:
disabled: true
redisCache:
disabled: true
redisStore:
disabled: true
repoUpdater:
disabled: true
searcher:
disabled: true
symbols:
disabled: true
syntectServer:
disabled: true
worker:
disabled: true
prometheus:
disabled: true
kind: ConfigMap
metadata:
annotations:
appliance.sourcegraph.com/currentVersion: 5.3.9104
appliance.sourcegraph.com/managed: "true"
force-reconcile: "1"
creationTimestamp: "2024-04-19T00:00:00Z"
name: sg
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sourcegraph-frontend
subjects:
- kind: ServiceAccount
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
- apiVersion: v1
data:
endpoint: ZXhhbXBsZS5jb20=
kind: Secret
metadata:
creationTimestamp: "2024-04-19T00:00:00Z"
name: redis-cache
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
type: Opaque
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
prometheus.io/port: "6060"
sourcegraph.prometheus/scrape: "true"
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: sourcegraph-frontend
app.kubernetes.io/component: sourcegraph-frontend
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 30080
protocol: TCP
targetPort: http
selector:
app: sourcegraph-frontend
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: sourcegraph-frontend-internal
app.kubernetes.io/component: sourcegraph-frontend-internal
deploy: sourcegraph
name: sourcegraph-frontend-internal
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http-internal
port: 80
protocol: TCP
targetPort: http-internal
selector:
app: sourcegraph-frontend
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}

559
internal/appliance/reconciler/testdata/golden-fixtures/frontend/after-create-redis-store-secret.yaml vendored Normal file
View File

@ -0,0 +1,559 @@
resources:
- apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: a05c531887e44fa312cc6727d257e59a8454d8355d4fad78c6d699d20cad9821
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 2
labels:
app.kubernetes.io/component: sourcegraph-frontend
app.kubernetes.io/name: sourcegraph
app.kubernetes.io/version: 5.3.9104
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
minReadySeconds: 10
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: sourcegraph-frontend
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
checksum/auth: 64bb092df26e6c62383322ffa1cedee5083dbd8bfeba3e4a2f29492c1d8abfa4
checksum/redis: b704bb5cf2d3a4cc9bfd6893c54ea5e941031731458500d509acfc5f894afd3e
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:
app: sourcegraph-frontend
deploy: sourcegraph
name: sourcegraph-frontend
spec:
containers:
- args:
- serve
env:
- name: DEPLOY_TYPE
value: appliance
- name: PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: pgsql-auth
- name: PGHOST
valueFrom:
secretKeyRef:
key: host
name: pgsql-auth
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgsql-auth
- name: PGPORT
valueFrom:
secretKeyRef:
key: port
name: pgsql-auth
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: pgsql-auth
- name: CODEINTEL_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeintel-db-auth
- name: CODEINTEL_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeintel-db-auth
- name: CODEINTEL_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeintel-db-auth
- name: CODEINTEL_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeintel-db-auth
- name: CODEINTEL_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeintel-db-auth
- name: CODEINSIGHTS_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
- name: REDIS_CACHE_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: redis-cache
- name: REDIS_STORE_ENDPOINT
valueFrom:
secretKeyRef:
key: endpoint
name: redis-store
- name: OTEL_AGENT_HOST
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: http://$(OTEL_AGENT_HOST):4317
image: index.docker.io/sourcegraph/frontend:5.3.9104
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: debug
scheme: HTTP
initialDelaySeconds: 300
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: frontend
ports:
- containerPort: 3080
name: http
protocol: TCP
- containerPort: 3090
name: http-internal
protocol: TCP
- containerPort: 6060
name: debug
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: debug
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: "2"
ephemeral-storage: 8Gi
memory: 4G
requests:
cpu: "2"
ephemeral-storage: 4Gi
memory: 2G
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /home/sourcegraph
name: home-dir
dnsPolicy: ClusterFirst
initContainers:
- args:
- up
env:
- name: DEPLOY_TYPE
value: appliance
- name: PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: pgsql-auth
- name: PGHOST
valueFrom:
secretKeyRef:
key: host
name: pgsql-auth
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgsql-auth
- name: PGPORT
valueFrom:
secretKeyRef:
key: port
name: pgsql-auth
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: pgsql-auth
- name: CODEINTEL_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeintel-db-auth
- name: CODEINTEL_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeintel-db-auth
- name: CODEINTEL_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeintel-db-auth
- name: CODEINTEL_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeintel-db-auth
- name: CODEINTEL_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeintel-db-auth
- name: CODEINSIGHTS_PGDATABASE
valueFrom:
secretKeyRef:
key: database
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGHOST
valueFrom:
secretKeyRef:
key: host
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGPORT
valueFrom:
secretKeyRef:
key: port
name: codeinsights-db-auth
- name: CODEINSIGHTS_PGUSER
valueFrom:
secretKeyRef:
key: user
name: codeinsights-db-auth
image: index.docker.io/sourcegraph/migrator:5.3.9104
imagePullPolicy: IfNotPresent
name: migrator
resources:
limits:
cpu: 500m
memory: 100M
requests:
cpu: 100m
memory: 50M
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsUser: 100
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 101
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 101
runAsUser: 100
serviceAccount: sourcegraph-frontend
serviceAccountName: sourcegraph-frontend
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: home-dir
status: {}
- apiVersion: v1
data:
spec: |
spec:
requestedVersion: "5.3.9104"
blobstore:
disabled: true
codeInsights:
disabled: true
codeIntel:
disabled: true
frontend: {}
grafana:
disabled: true
gitServer:
disabled: true
indexedSearch:
disabled: true
openTelemetry:
disabled: true
pgsql:
disabled: true
postgresExporter:
disabled: true
preciseCodeIntel:
disabled: true
redisCache:
disabled: true
redisStore:
disabled: true
repoUpdater:
disabled: true
searcher:
disabled: true
symbols:
disabled: true
syntectServer:
disabled: true
worker:
disabled: true
prometheus:
disabled: true
kind: ConfigMap
metadata:
annotations:
appliance.sourcegraph.com/currentVersion: 5.3.9104
appliance.sourcegraph.com/managed: "true"
force-reconcile: "1"
creationTimestamp: "2024-04-19T00:00:00Z"
name: sg
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sourcegraph-frontend
subjects:
- kind: ServiceAccount
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
- apiVersion: v1
data:
endpoint: ZXhhbXBsZS5jb20=
kind: Secret
metadata:
creationTimestamp: "2024-04-19T00:00:00Z"
name: redis-store
namespace: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
type: Opaque
- apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
prometheus.io/port: "6060"
sourcegraph.prometheus/scrape: "true"
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: sourcegraph-frontend
app.kubernetes.io/component: sourcegraph-frontend
deploy: sourcegraph
name: sourcegraph-frontend
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 30080
protocol: TCP
targetPort: http
selector:
app: sourcegraph-frontend
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
- apiVersion: v1
kind: Service
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
creationTimestamp: "2024-04-19T00:00:00Z"
labels:
app: sourcegraph-frontend-internal
app.kubernetes.io/component: sourcegraph-frontend-internal
deploy: sourcegraph
name: sourcegraph-frontend-internal
namespace: NORMALIZED_FOR_TESTING
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: ConfigMap
name: sg
uid: NORMALIZED_FOR_TESTING
resourceVersion: NORMALIZED_FOR_TESTING
uid: NORMALIZED_FOR_TESTING
spec:
clusterIP: NORMALIZED_FOR_TESTING
clusterIPs:
- NORMALIZED_FOR_TESTING
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http-internal
port: 80
protocol: TCP
targetPort: http-internal
selector:
app: sourcegraph-frontend
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}

4
internal/appliance/reconciler/testdata/golden-fixtures/frontend/default.yaml vendored
View File

@ -3,7 +3,7 @@ resources:
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
appliance.sourcegraph.com/configHash: 8f6b44deb3ec355b4074331d35e5b9d4e87c47388f3a8325a3fc50619bddc76d
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 1
labels:
@ -38,6 +38,8 @@ resources:
template:
metadata:
annotations:
checksum/auth: 64bb092df26e6c62383322ffa1cedee5083dbd8bfeba3e4a2f29492c1d8abfa4
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:

4
internal/appliance/reconciler/testdata/golden-fixtures/frontend/with-blobstore.yaml vendored
View File

@ -92,7 +92,7 @@ resources:
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: b5dce290e22d1afb4c9102ac4c245490ab01dd3be13653de391536cfe0e323b0
appliance.sourcegraph.com/configHash: 8f6b44deb3ec355b4074331d35e5b9d4e87c47388f3a8325a3fc50619bddc76d
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 1
labels:
@ -127,6 +127,8 @@ resources:
template:
metadata:
annotations:
checksum/auth: 64bb092df26e6c62383322ffa1cedee5083dbd8bfeba3e4a2f29492c1d8abfa4
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:

4
internal/appliance/reconciler/testdata/golden-fixtures/frontend/with-ingress-optional-fields.yaml vendored
View File

@ -3,7 +3,7 @@ resources:
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: 7caff941f7756c1a8aa77fb1604c7c1d191868889bbe1ca514eac63a4c1aafc8
appliance.sourcegraph.com/configHash: c0cbf7fe1f7e4042a42aefd275ab15334b25954c53cb531eaa11f65e28a5d8f7
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 1
labels:
@ -38,6 +38,8 @@ resources:
template:
metadata:
annotations:
checksum/auth: 64bb092df26e6c62383322ffa1cedee5083dbd8bfeba3e4a2f29492c1d8abfa4
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:

4
internal/appliance/reconciler/testdata/golden-fixtures/frontend/with-ingress.yaml vendored
View File

@ -3,7 +3,7 @@ resources:
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: d3eb623947fedba566dfc56adc4733ff5ef1b2887a5cb63d75dbc1df452b0b5c
appliance.sourcegraph.com/configHash: eca9597d0eccefd3eb40039ed5d5afaf1b81989733f82692b933206540242d93
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 1
labels:
@ -38,6 +38,8 @@ resources:
template:
metadata:
annotations:
checksum/auth: 64bb092df26e6c62383322ffa1cedee5083dbd8bfeba3e4a2f29492c1d8abfa4
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:

4
internal/appliance/reconciler/testdata/golden-fixtures/frontend/with-overrides.yaml vendored
View File

@ -3,7 +3,7 @@ resources:
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: f6325ffd3262b0ff8bdb406ba80aabad2daea7ecc342353fabd7bbda7ea1f4a9
appliance.sourcegraph.com/configHash: 555e852dff2a146934b0802c149b41ab07a0cf2f8890c33f7205344b3b9e6861
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 1
labels:
@ -38,6 +38,8 @@ resources:
template:
metadata:
annotations:
checksum/auth: 64bb092df26e6c62383322ffa1cedee5083dbd8bfeba3e4a2f29492c1d8abfa4
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/gitserver/default.yaml vendored
View File

@ -37,6 +37,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: gitserver
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/repo-updater/default.yaml vendored
View File

@ -38,6 +38,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: repo-updater
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/searcher/default.yaml vendored
View File

@ -37,6 +37,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: searcher
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/searcher/with-replicas.yaml vendored
View File

@ -37,6 +37,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: searcher
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/searcher/with-storage.yaml vendored
View File

@ -37,6 +37,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: searcher
creationTimestamp: null
labels:

4
internal/appliance/reconciler/testdata/golden-fixtures/standard/frontend-with-no-cpu-memory-resources.yaml vendored
View File

@ -3,7 +3,7 @@ resources:
kind: Deployment
metadata:
annotations:
appliance.sourcegraph.com/configHash: e9e0837cc01eaabff90d9772835de8fbf79f814f32b58b2bac75ef8bfbc1d93d
appliance.sourcegraph.com/configHash: ee9f46b5b3822109e7eb4903d5cacba5f88db2d2c3481fdc93114346e92279c3
creationTimestamp: "2024-04-19T00:00:00Z"
generation: 1
labels:
@ -38,6 +38,8 @@ resources:
template:
metadata:
annotations:
checksum/auth: 64bb092df26e6c62383322ffa1cedee5083dbd8bfeba3e4a2f29492c1d8abfa4
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: sourcegraph-frontend
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-no-resources.yaml vendored
View File

@ -38,6 +38,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: repo-updater
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-pod-template-config.yaml vendored
View File

@ -38,6 +38,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: repo-updater
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-resources.yaml vendored
View File

@ -38,6 +38,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: repo-updater
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/standard/repo-updater-with-sa-annotations.yaml vendored
View File

@ -38,6 +38,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: repo-updater
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/standard/symbols-with-custom-image.yaml vendored
View File

@ -37,6 +37,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: symbols
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/symbols/default.yaml vendored
View File

@ -37,6 +37,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: symbols
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/symbols/with-storage.yaml vendored
View File

@ -37,6 +37,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: symbols
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/worker/default.yaml vendored
View File

@ -38,6 +38,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: worker
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/worker/with-blobstore.yaml vendored
View File

@ -127,6 +127,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: worker
creationTimestamp: null
labels:

1
internal/appliance/reconciler/testdata/golden-fixtures/worker/with-replicas.yaml vendored
View File

@ -38,6 +38,7 @@ resources:
template:
metadata:
annotations:
checksum/redis: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
kubectl.kubernetes.io/default-container: worker
creationTimestamp: null
labels:

18
internal/appliance/reconciler/worker.go
View File

@ -90,6 +90,15 @@ func (r *Reconciler) reconcileWorkerDeployment(ctx context.Context, sg *config.S
podTemplate := pod.NewPodTemplate(name, cfg)
podTemplate.Template.Spec.Containers = []corev1.Container{ctr}
redisConnSpecs, err := r.getRedisSecrets(ctx, sg)
if err != nil {
return err
}
redisConnHash, err := configHash(redisConnSpecs)
if err != nil {
return err
}
podTemplate.Template.ObjectMeta.Annotations["checksum/redis"] = redisConnHash
dep := deployment.NewDeployment(name, sg.Namespace, sg.Spec.RequestedVersion)
dep.Spec.Replicas = pointers.Ptr(cfg.Replicas)
@ -99,7 +108,14 @@ func (r *Reconciler) reconcileWorkerDeployment(ctx context.Context, sg *config.S
}
dep.Spec.Template = podTemplate.Template
return reconcileObject(ctx, r, cfg, &dep, &appsv1.Deployment{}, sg, owner)
ifChanged := struct {
config.WorkerSpec
RedisConnSpecs
}{
WorkerSpec: cfg,
RedisConnSpecs: redisConnSpecs,
}
return reconcileObject(ctx, r, ifChanged, &dep, &appsv1.Deployment{}, sg, owner)
}
func (r *Reconciler) reconcileWorkerService(ctx context.Context, sg *config.Sourcegraph, owner client.Object) error {