From 35a6a452162757c93d8cda36ff8f6ee55d50e6f8 Mon Sep 17 00:00:00 2001 From: Jacob Pleiness Date: Mon, 13 Jan 2025 09:55:33 -0500 Subject: [PATCH 1/3] chore(rel): update image tags to latest release 5.11.4013 Update image tags to latest release, 5.11.4013 --- charts/sourcegraph-executor/dind/values.yaml | 2 +- charts/sourcegraph-executor/k8s/values.yaml | 2 +- charts/sourcegraph-migrator/values.yaml | 2 +- charts/sourcegraph/values.yaml | 54 ++++++++++---------- override.yaml | 11 ++++ 5 files changed, 41 insertions(+), 30 deletions(-) create mode 100644 override.yaml diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml index ece0b177..0d397fb9 100644 --- a/charts/sourcegraph-executor/dind/values.yaml +++ b/charts/sourcegraph-executor/dind/values.yaml @@ -55,7 +55,7 @@ storageClass: executor: enabled: true image: - defaultTag: 5.11.3601@sha256:6c390a31eed7810fb2b86e869f3885acc82002322f88e457f562c8343934484e + defaultTag: 5.11.4013@sha256:eabe0d22caa8298d064f9a2596c05bef39ddcf220fec968e760918d9194994fb name: "executor" replicaCount: 1 env: diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml index b4ccdaf9..5f8305c9 100644 --- a/charts/sourcegraph-executor/k8s/values.yaml +++ b/charts/sourcegraph-executor/k8s/values.yaml @@ -57,7 +57,7 @@ executor: configureRbac: true replicas: 1 image: - defaultTag: 5.11.3601@sha256:f2aaa1dab005e1cf24ccf4222aa44a7b2d16e6dd31c2347822b0a16dbee8ef91 + defaultTag: 5.11.4013@sha256:160b70d044f786759137afdb19ac88a47e7145a103af9cd2a341874b487656b6 name: "executor-kubernetes" # -- The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). # This will avoid unnecessary network charges as traffic will stay within the local network. diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml index a3968dd2..a15211e3 100644 --- a/charts/sourcegraph-migrator/values.yaml +++ b/charts/sourcegraph-migrator/values.yaml @@ -102,7 +102,7 @@ pgsql: migrator: image: # -- Docker image tag for the `migrator` image - defaultTag: 5.11.3601@sha256:e35c4794890e83d4028c8c24baa87e5a857f3bf10c814277d0ee04807f895a25 + defaultTag: 5.11.4013@sha256:6df430235b5589d0af3b86aab82205897c9422045c4c63bb3698553c624f8bf9 # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 4eebdbb2..80129e97 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -86,7 +86,7 @@ sourcegraph: alpine: # Used in init containers image: # -- Docker image tag for the `alpine` image - defaultTag: 5.11.3601@sha256:5346ab9d2b36154f55567c516d1e904c9c77557af91e4a543ebdec7f45cc8431 + defaultTag: 5.11.4013@sha256:7dfdde795861878a0e9580a79619a5f560521afbce9085b88e47ee292a4029d5 # -- Docker image name for the `alpine` image name: "alpine-3.14" # -- Security context for the `alpine` initContainer, @@ -111,7 +111,7 @@ cadvisor: enabled: true image: # -- Docker image tag for the `cadvisor` image - defaultTag: 5.11.3601@sha256:2c74f9842b68893e992d7ad44b316a417bf12257f7eef0312534d421036203c4 + defaultTag: 5.11.4013@sha256:efc2b4fe867b27e633f5e638bfda82ed63839efd76b6c03cd56541f907f387fa # -- Docker image name for the `cadvisor` image name: "cadvisor" # -- Name used by resources. Does not affect service names or PVCs. @@ -174,7 +174,7 @@ codeInsightsDB: additionalConfig: "" image: # -- Docker image tag for the `codeinsights-db` image - defaultTag: 5.11.3601@sha256:40f19182ac1246d3c99f59fcb113c6a5046156f070fa1b1302db0e71cecf216b + defaultTag: 5.11.4013@sha256:fae0e171a4a9cc7c183f50c01d2a0087b15ded2f96fcd2358369fb9f186b9728 # -- Docker image name for the `codeinsights-db` image name: "postgresql-16-codeinsights" # -- Security context for the `codeinsights-db` container, @@ -245,7 +245,7 @@ codeIntelDB: additionalConfig: "" image: # -- Docker image tag for the `codeintel-db` image - defaultTag: 5.11.3601@sha256:fc9097989290ac83d2c2b188a2648a68c3858aefd1a636369a48107ee4b8bfd2 + defaultTag: 5.11.4013@sha256:c12f7b65e46152aee6462f9e3b5613d0c0d5af6f3ea01210c371d0c05cbbac9f # -- Docker image name for the `codeintel-db` image name: "postgresql-16" # -- Security context for the `codeintel-db` container, @@ -296,7 +296,7 @@ frontend: value: http://prometheus:30090 image: # -- Docker image tag for the `frontend` image - defaultTag: 5.11.3601@sha256:0f36c801a291b04c28e169e5e5f5b1fc9d1ee18ef0c1a804a65c6ec810faedad + defaultTag: 5.11.4013@sha256:982bd32f943cab3eba6cc0adb5d8ad5abd29680c1bdb2fe32dcaff5cbc8c318f # -- Docker image name for the `frontend` image name: "frontend" ingress: @@ -354,7 +354,7 @@ migrator: enabled: true image: # -- Docker image tag for the `migrator` image - defaultTag: 5.11.3601@sha256:e35c4794890e83d4028c8c24baa87e5a857f3bf10c814277d0ee04807f895a25 + defaultTag: 5.11.4013@sha256:6df430235b5589d0af3b86aab82205897c9422045c4c63bb3698553c624f8bf9 # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container @@ -379,7 +379,7 @@ migrator: gitserver: image: # -- Docker image tag for the `gitserver` image - defaultTag: 5.11.3601@sha256:09819869f64c1c2b68f632dbe3b50d00bd59e0994f721a81df9dc8cda18bb1a4 + defaultTag: 5.11.4013@sha256:8154d44d9b845081fecb7581d6b03038d81d57544446924244429d7931dfae32 # -- Docker image name for the `gitserver` image name: "gitserver" # -- Name of existing Secret that contains SSH credentials to clone repositories. @@ -447,7 +447,7 @@ grafana: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `grafana` image - defaultTag: 5.11.3601@sha256:df2024058530cbd33cbc69e92438e0c42db82a7237296f8cdbfb1a3eefe957c6 + defaultTag: 5.11.4013@sha256:fc3cad4d59db3c92c57899f0c2afc93d0846f739c2af6dea58ef2a52e2ebe240 # -- Docker image name for the `grafana` image name: "grafana" # -- Security context for the `grafana` container, @@ -486,7 +486,7 @@ grafana: indexedSearch: image: # -- Docker image tag for the `zoekt-webserver` image - defaultTag: 5.11.3601@sha256:d5ef78da4d65a9bb98868ff3c7713beb6681356920babd6d042af988bbf17df4 + defaultTag: 5.11.4013@sha256:26afc9b0f58aacb433cbb2cb584ad37da6ff96d9d1edab59dc9445715523d9b3 # -- Docker image name for the `zoekt-webserver` image name: "indexed-searcher" # -- Security context for the `zoekt-webserver` container, @@ -527,7 +527,7 @@ indexedSearch: indexedSearchIndexer: image: # -- Docker image tag for the `zoekt-indexserver` image - defaultTag: 5.11.3601@sha256:f939d694396223bc3d1a7bcc27db589a132b797fba8f8df13b08dccf55f36079 + defaultTag: 5.11.4013@sha256:f9a6bb1f8116fb1f0c422842950abdfb7184ecde0d41cf8c22a9f61336072099 # -- Docker image name for the `zoekt-indexserver` image name: "search-indexer" # -- Security context for the `zoekt-indexserver` container, @@ -554,7 +554,7 @@ blobstore: enabled: true image: # -- Docker image tag for the `blobstore` image - defaultTag: 5.11.3601@sha256:1d66b75544b75ee56f64d97c08acf47e6d6838c2de20678975461a399d875578 + defaultTag: 5.11.4013@sha256:5027f2b2982101687c6b0767bed4e59d9a71c4b83f434d494860e76998359d5b # -- Docker image name for the `blobstore` image name: "blobstore" # -- Security context for the `blobstore` container, @@ -593,7 +593,7 @@ openTelemetry: enabled: true image: # -- Docker image tag for the `otel-collector` image - defaultTag: 5.11.3601@sha256:dc1406eacedc93bff2d2fefbe330bc1b9d6278804f7cf29ea79a395dafb5d1ae + defaultTag: 5.11.4013@sha256:05cf6fbaea888d91d87a8c2edd257fc9903630072671f4b677df11af185c8302 # -- Docker image name for the `otel-collector` image name: "opentelemetry-collector" gateway: @@ -660,7 +660,7 @@ nodeExporter: enabled: true image: # -- Docker image tag for the `node-exporter` image - defaultTag: 5.11.3601@sha256:3c10b8e27107a4cd4eb2cbdd638a159a5e9ff95bee01c01dcc2ece9455ce390a + defaultTag: 5.11.4013@sha256:84e29f0aa25078d07daf631950a6b4d0bf64484d80f1ae88a3582f6d2a6ac680 # -- Docker image name for the `node-exporter` image name: "node-exporter" # -- Name used by resources. Does not affect service names or PVCs. @@ -729,7 +729,7 @@ pgsql: additionalConfig: "" image: # -- Docker image tag for the `pgsql` image - defaultTag: 5.11.3601@sha256:fc9097989290ac83d2c2b188a2648a68c3858aefd1a636369a48107ee4b8bfd2 + defaultTag: 5.11.4013@sha256:c12f7b65e46152aee6462f9e3b5613d0c0d5af6f3ea01210c371d0c05cbbac9f # -- Docker image name for the `pgsql` image name: "postgresql-16" # -- Security context for the `pgsql` container, @@ -771,7 +771,7 @@ pgsql: postgresExporter: image: # -- Docker image tag for the `pgsql-exporter` image - defaultTag: 5.11.3601@sha256:c2a21d6c51adaecfbc6a4a994bbe15acf3187b764a051e6bb9941e0e064aa708 + defaultTag: 5.11.4013@sha256:c5e20d5083ee827a05f48bf4faa303f696bcc3a6b8eb10f05fc7272bc8e56c22 # -- Docker image name for the `pgsql-exporter` image name: "postgres_exporter" # -- Resource requests & limits for the `pgsql-exporter` sidecar container, @@ -791,7 +791,7 @@ syntacticCodeIntel: workerPort: 3188 image: # -- Docker image tag for the `syntactic-code-intel-worker` image - defaultTag: 5.11.3601@sha256:6ea86ab77399f034a725b3e08d3010777a27d91e8f145dbdd54f9e9751cc0f23 + defaultTag: 5.11.4013@sha256:e753272a8cea4fe0fba82ebfd4228dda4b217f3bd5d12911b6e2b3418ff586b2 # -- Docker image name for the `syntactic-code-intel-worker` image name: "syntactic-code-intel-worker" # -- Security context for the `syntactic-code-intel-worker` container, @@ -830,7 +830,7 @@ preciseCodeIntel: value: "4" image: # -- Docker image tag for the `precise-code-intel-worker` image - defaultTag: 5.11.3601@sha256:7907a4a12c95d7a157731dd7084f7dfed90bc98f401c71c094fa14642e402a0d + defaultTag: 5.11.4013@sha256:a33c2966a4d5c1343cbe780b9483236594157be56aa66fd08174b6ef2c0623f2 # -- Docker image name for the `precise-code-intel-worker` image name: "precise-code-intel-worker" # -- Security context for the `precise-code-intel-worker` container, @@ -869,7 +869,7 @@ prometheus: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `prometheus` image - defaultTag: 5.11.3601@sha256:db829a66d15fd54f3cf90059518eca77f43b4edcb8caa583658d8954711b19b2 + defaultTag: 5.11.4013@sha256:e08e33354c46c03bdebb7c001213ee7c4c99f2bc51a8f7d3e603f0f382bf45e8 # -- Docker image name for the `prometheus` image name: "prometheus" # -- Security context for the `prometheus` container, @@ -919,7 +919,7 @@ redisCache: enabled: true image: # -- Docker image tag for the `redis-cache` image - defaultTag: 5.11.3601@sha256:f7b29bd64490761aea08cc072e17a58d6c5746efb3925b6aa6d6bbb27e5c8102 + defaultTag: 5.11.4013@sha256:a1811bb363ec880c3fd1211de857b82f1628376e0ba26bb481a7cbb2ed67a901 # -- Docker image name for the `redis-cache` image name: "redis-cache" connection: @@ -963,7 +963,7 @@ redisCache: redisExporter: image: # -- Docker image tag for the `redis-exporter` image - defaultTag: 5.11.3601@sha256:4240f7c4aeb3b03ea971f78df3f2acee02b24c16e112f5ec07e2b3d6ecca37f9 + defaultTag: 5.11.4013@sha256:5b1b57ca2e8e6732e36e927cb9fa17766a82f7ab83ef0e74c0f1ff69b70f520a # -- Docker image name for the `redis-exporter` image name: "redis_exporter" # -- Security context for the `redis-exporter` sidecar container, @@ -995,7 +995,7 @@ redisStore: endpoint: "redis-store:6379" image: # -- Docker image tag for the `redis-store` image - defaultTag: 5.11.3601@sha256:12ea9958e6749cdd8becac44c491429514fcc295823906d13920caca45c1fff8 + defaultTag: 5.11.4013@sha256:ac0ba847ca491d52e9737c0604b6bbc8396e057465afbd1095eca943760192d2 # -- Docker image name for the `redis-store` image name: "redis-store" # -- Security context for the `redis-store` container, @@ -1032,7 +1032,7 @@ redisStore: repoUpdater: image: # -- Docker image tag for the `repo-updater` image - defaultTag: 5.11.3601@sha256:e6f18c9bf03d59344892ac919220bdbad372890e59bb9a1f6664eb7e5d2d0899 + defaultTag: 5.11.4013@sha256:aeece36e8693cbb3772c7649b6ae820971ccd70d0cb6f14125d879fd3464fa5b # -- Docker image name for the `repo-updater` image name: "repo-updater" # -- Security context for the `repo-updater` container, @@ -1065,7 +1065,7 @@ repoUpdater: searcher: image: # -- Docker image tag for the `searcher` image - defaultTag: 5.11.3601@sha256:d82769450769a2a7a50f80d53b59e79ef87f50f915b7e9b42da70604d313c85a + defaultTag: 5.11.4013@sha256:57409a7f05eafacec0ac0d8f1502de531cc10ca688d5f25de10f4f18fd42f9c2 # -- Docker image name for the `searcher` image name: "searcher" # -- Security context for the `searcher` container, @@ -1126,7 +1126,7 @@ storageClass: symbols: image: # -- Docker image tag for the `symbols` image - defaultTag: 5.11.3601@sha256:1e50ffd79a6704fdb8862142310aa0c31bc6114636845ff5bb747a12336af2d3 + defaultTag: 5.11.4013@sha256:2747e155ca2200c6fd153217133574d03dfd5e810c75c00fd988bb64263d4183 # -- Docker image name for the `symbols` image name: "symbols" # -- Security context for the `symbols` container, @@ -1166,7 +1166,7 @@ symbols: syntectServer: image: # -- Docker image tag for the `syntect-server` image - defaultTag: 5.11.3601@sha256:4fc1ee61ea6d3124b9a6e84acee949d95de65b7fe29befaedf4dc577267e239c + defaultTag: 5.11.4013@sha256:abafd0499c35e885aff06898ca946c1d1cb6a467183fc49f71339f8acb916845 # -- Docker image name for the `syntect-server` image name: "syntax-highlighter" # -- Security context for the `syntect-server` container, @@ -1214,7 +1214,7 @@ jaeger: enabled: false image: # -- Docker image tag for the `jaeger` image - defaultTag: 5.11.3601@sha256:1e904cd091cfc63fd8c5a92cc45e400f8fe500e7020f7968513cf34ec4a98b8d + defaultTag: 5.11.4013@sha256:6eeaa0d18df812dfd4197c96fa675b98d07b5ef3022e7ba5b4da73e6a4e09f2b # -- Docker image name for the `jaeger` image name: "jaeger-all-in-one" # -- Name used by resources. Does not affect service names or PVCs. @@ -1269,7 +1269,7 @@ jaeger: worker: image: # -- Docker image tag for the `worker` image - defaultTag: 5.11.3601@sha256:8e21dd7dda6acb3ea836a091c3364f730dd58d3dc35b373b4b458ac4aedaa338 + defaultTag: 5.11.4013@sha256:b29453a9096842dd50ec95ef0378d579371b2e8a1a97da8868753e3bdbf09291 # -- Docker image name for the `worker` image name: "worker" # -- Security context for the `worker` container, diff --git a/override.yaml b/override.yaml new file mode 100644 index 00000000..69b59e0f --- /dev/null +++ b/override.yaml @@ -0,0 +1,11 @@ + # Disable SC creation +storageClass: + create: false + name: standard + # provisioner: docker.io/hostpath + +# Disable resources requests/limits +sourcegraph: + localDevMode: true + +# More values to be added in order to test your change From ecb70789b250bae3c9ee87a5f8bb3ee4a05f27c1 Mon Sep 17 00:00:00 2001 From: Jacob Pleiness Date: Mon, 13 Jan 2025 09:57:21 -0500 Subject: [PATCH 2/3] remove accidental commit --- override.yaml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 override.yaml diff --git a/override.yaml b/override.yaml deleted file mode 100644 index 69b59e0f..00000000 --- a/override.yaml +++ /dev/null @@ -1,11 +0,0 @@ - # Disable SC creation -storageClass: - create: false - name: standard - # provisioner: docker.io/hostpath - -# Disable resources requests/limits -sourcegraph: - localDevMode: true - -# More values to be added in order to test your change From eb2090bbfeba8cfa7590bcee09562e876efd4a5f Mon Sep 17 00:00:00 2001 From: Jacob Pleiness Date: Mon, 13 Jan 2025 09:59:00 -0500 Subject: [PATCH 3/3] update helm docs --- charts/sourcegraph-executor/dind/README.md | 2 +- charts/sourcegraph-executor/k8s/README.md | 2 +- charts/sourcegraph-migrator/README.md | 2 +- charts/sourcegraph/README.md | 54 +++++++++++----------- 4 files changed, 30 insertions(+), 30 deletions(-) diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md index 491dcae7..a2f161f2 100644 --- a/charts/sourcegraph-executor/dind/README.md +++ b/charts/sourcegraph-executor/dind/README.md @@ -60,7 +60,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.env.EXECUTOR_FRONTEND_URL | object | `{"value":""}` | The external URL of the Sourcegraph instance. Required. | | executor.env.EXECUTOR_QUEUE_NAME | object | `{"value":""}` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAMES is required.** | | executor.env.EXECUTOR_QUEUE_NAMES | object | `{"value":""}` | The comma-separated list of names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAME is required.** | -| executor.image.defaultTag | string | `"5.11.3601@sha256:6c390a31eed7810fb2b86e869f3885acc82002322f88e457f562c8343934484e"` | | +| executor.image.defaultTag | string | `"5.11.4013@sha256:eabe0d22caa8298d064f9a2596c05bef39ddcf220fec968e760918d9194994fb"` | | | executor.image.name | string | `"executor"` | | | executor.replicaCount | int | `1` | | | privateDockerRegistry.enabled | bool | `true` | Whether to deploy the private registry. Only one registry is needed when deploying multiple executors. More information: https://docs.sourcegraph.com/admin/executors/deploy_executors#using-private-registries | diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md index 0431e41b..39072136 100644 --- a/charts/sourcegraph-executor/k8s/README.md +++ b/charts/sourcegraph-executor/k8s/README.md @@ -61,7 +61,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. | | executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. | | executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. | -| executor.image.defaultTag | string | `"5.11.3601@sha256:f2aaa1dab005e1cf24ccf4222aa44a7b2d16e6dd31c2347822b0a16dbee8ef91"` | | +| executor.image.defaultTag | string | `"5.11.4013@sha256:160b70d044f786759137afdb19ac88a47e7145a103af9cd2a341874b487656b6"` | | | executor.image.name | string | `"executor-kubernetes"` | | | executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. | | executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. | diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md index bfcb040e..2a748bb3 100644 --- a/charts/sourcegraph-migrator/README.md +++ b/charts/sourcegraph-migrator/README.md @@ -80,7 +80,7 @@ In addition to the documented values, the `migrator` service also supports the f | migrator.args | list | `["up","-db=all"]` | Override default `migrator` container args Available commands can be found at https://docs.sourcegraph.com/admin/how-to/manual_database_migrations | | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"5.11.3601@sha256:e35c4794890e83d4028c8c24baa87e5a857f3bf10c814277d0ee04807f895a25"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"5.11.4013@sha256:6df430235b5589d0af3b86aab82205897c9422045c4c63bb3698553c624f8bf9"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | pgsql.auth.existingSecret | string | `""` | Name of existing secret to use for pgsql credentials This should match the setting in the sourcegraph chart values | diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 6be72bc5..15e26eb2 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -28,12 +28,12 @@ In addition to the documented values, all services also support the following va | Key | Type | Default | Description | |-----|------|---------|-------------| | alpine.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| alpine.image.defaultTag | string | `"5.11.3601@sha256:5346ab9d2b36154f55567c516d1e904c9c77557af91e4a543ebdec7f45cc8431"` | Docker image tag for the `alpine` image | +| alpine.image.defaultTag | string | `"5.11.4013@sha256:7dfdde795861878a0e9580a79619a5f560521afbce9085b88e47ee292a4029d5"` | Docker image tag for the `alpine` image | | alpine.image.name | string | `"alpine-3.14"` | Docker image name for the `alpine` image | | alpine.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | blobstore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | blobstore.enabled | bool | `true` | Enable `blobstore` (S3 compatible storage) | -| blobstore.image.defaultTag | string | `"5.11.3601@sha256:1d66b75544b75ee56f64d97c08acf47e6d6838c2de20678975461a399d875578"` | Docker image tag for the `blobstore` image | +| blobstore.image.defaultTag | string | `"5.11.4013@sha256:5027f2b2982101687c6b0767bed4e59d9a71c4b83f434d494860e76998359d5b"` | Docker image tag for the `blobstore` image | | blobstore.image.name | string | `"blobstore"` | Docker image name for the `blobstore` image | | blobstore.name | string | `"blobstore"` | Name used by resources. Does not affect service names or PVCs. | | blobstore.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -43,7 +43,7 @@ In addition to the documented values, all services also support the following va | blobstore.storageSize | string | `"100Gi"` | PVC Storage Request for `blobstore` data volume | | cadvisor.containerSecurityContext | object | `{"privileged":true}` | Security context for the `cadvisor` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | cadvisor.enabled | bool | `true` | Enable `cadvisor` | -| cadvisor.image.defaultTag | string | `"5.11.3601@sha256:2c74f9842b68893e992d7ad44b316a417bf12257f7eef0312534d421036203c4"` | Docker image tag for the `cadvisor` image | +| cadvisor.image.defaultTag | string | `"5.11.4013@sha256:efc2b4fe867b27e633f5e638bfda82ed63839efd76b6c03cd56541f907f387fa"` | Docker image tag for the `cadvisor` image | | cadvisor.image.name | string | `"cadvisor"` | Docker image name for the `cadvisor` image | | cadvisor.name | string | `"cadvisor"` | Name used by resources. Does not affect service names or PVCs. | | cadvisor.podSecurityPolicy.enabled | bool | `false` | Enable [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for `cadvisor` pods | @@ -61,7 +61,7 @@ In addition to the documented values, all services also support the following va | codeInsightsDB.enabled | bool | `true` | Enable `codeinsights-db` PostgreSQL server | | codeInsightsDB.env | object | `{}` | Environment variables for the `codeinsights-db` container | | codeInsightsDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeinsights-db`. It must contain a `postgresql.conf` key. | -| codeInsightsDB.image.defaultTag | string | `"5.11.3601@sha256:40f19182ac1246d3c99f59fcb113c6a5046156f070fa1b1302db0e71cecf216b"` | Docker image tag for the `codeinsights-db` image | +| codeInsightsDB.image.defaultTag | string | `"5.11.4013@sha256:fae0e171a4a9cc7c183f50c01d2a0087b15ded2f96fcd2358369fb9f186b9728"` | Docker image tag for the `codeinsights-db` image | | codeInsightsDB.image.name | string | `"postgresql-16-codeinsights"` | Docker image name for the `codeinsights-db` image | | codeInsightsDB.init.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeInsightsDB.name | string | `"codeinsights-db"` | Name used by resources. Does not affect service names or PVCs. | @@ -81,7 +81,7 @@ In addition to the documented values, all services also support the following va | codeIntelDB.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `codeintel-db` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeIntelDB.enabled | bool | `true` | Enable `codeintel-db` PostgreSQL server | | codeIntelDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeintel-db`. It must contain a `postgresql.conf` key | -| codeIntelDB.image.defaultTag | string | `"5.11.3601@sha256:fc9097989290ac83d2c2b188a2648a68c3858aefd1a636369a48107ee4b8bfd2"` | Docker image tag for the `codeintel-db` image | +| codeIntelDB.image.defaultTag | string | `"5.11.4013@sha256:c12f7b65e46152aee6462f9e3b5613d0c0d5af6f3ea01210c371d0c05cbbac9f"` | Docker image tag for the `codeintel-db` image | | codeIntelDB.image.name | string | `"postgresql-16"` | Docker image name for the `codeintel-db` image | | codeIntelDB.name | string | `"codeintel-db"` | Name used by resources. Does not affect service names or PVCs. | | codeIntelDB.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999}` | Security context for the `codeintel-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -93,7 +93,7 @@ In addition to the documented values, all services also support the following va | extraResources | list | `[]` | Additional resources to include in the rendered manifest. Templates are supported. | | frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container | -| frontend.image.defaultTag | string | `"5.11.3601@sha256:0f36c801a291b04c28e169e5e5f5b1fc9d1ee18ef0c1a804a65c6ec810faedad"` | Docker image tag for the `frontend` image | +| frontend.image.defaultTag | string | `"5.11.4013@sha256:982bd32f943cab3eba6cc0adb5d8ad5abd29680c1bdb2fe32dcaff5cbc8c318f"` | Docker image tag for the `frontend` image | | frontend.image.name | string | `"frontend"` | Docker image name for the `frontend` image | | frontend.ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"}` | Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by [cert-manager](https://cert-manager.io/docs/usage/ingress/) | | frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | [Deprecated annotation](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use `ingressClassName` instead and set an override value of `null` for this annotation. | @@ -109,7 +109,7 @@ In addition to the documented values, all services also support the following va | frontend.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for `frontend` | | frontend.serviceAccount.name | string | `"sourcegraph-frontend"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | gitserver.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| gitserver.image.defaultTag | string | `"5.11.3601@sha256:09819869f64c1c2b68f632dbe3b50d00bd59e0994f721a81df9dc8cda18bb1a4"` | Docker image tag for the `gitserver` image | +| gitserver.image.defaultTag | string | `"5.11.4013@sha256:8154d44d9b845081fecb7581d6b03038d81d57544446924244429d7931dfae32"` | Docker image tag for the `gitserver` image | | gitserver.image.name | string | `"gitserver"` | Docker image name for the `gitserver` image | | gitserver.name | string | `"gitserver"` | Name used by resources. Does not affect service names or PVCs. | | gitserver.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -130,7 +130,7 @@ In addition to the documented values, all services also support the following va | grafana.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | grafana.enabled | bool | `true` | Enable `grafana` dashboard (recommended) | | grafana.existingConfig | string | `""` | Name of existing ConfigMap for `grafana`. It must contain a `datasources.yml` key. | -| grafana.image.defaultTag | string | `"5.11.3601@sha256:df2024058530cbd33cbc69e92438e0c42db82a7237296f8cdbfb1a3eefe957c6"` | Docker image tag for the `grafana` image | +| grafana.image.defaultTag | string | `"5.11.4013@sha256:fc3cad4d59db3c92c57899f0c2afc93d0846f739c2af6dea58ef2a52e2ebe240"` | Docker image tag for the `grafana` image | | grafana.image.name | string | `"grafana"` | Docker image name for the `grafana` image | | grafana.name | string | `"grafana"` | Name used by resources. Does not affect service names or PVCs. | | grafana.podSecurityContext | object | `{"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -139,7 +139,7 @@ In addition to the documented values, all services also support the following va | grafana.serviceAccount.name | string | `"grafana"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | grafana.storageSize | string | `"2Gi"` | PVC Storage Request for `grafana` data volume | | indexedSearch.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-webserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearch.image.defaultTag | string | `"5.11.3601@sha256:d5ef78da4d65a9bb98868ff3c7713beb6681356920babd6d042af988bbf17df4"` | Docker image tag for the `zoekt-webserver` image | +| indexedSearch.image.defaultTag | string | `"5.11.4013@sha256:26afc9b0f58aacb433cbb2cb584ad37da6ff96d9d1edab59dc9445715523d9b3"` | Docker image tag for the `zoekt-webserver` image | | indexedSearch.image.name | string | `"indexed-searcher"` | Docker image name for the `zoekt-webserver` image | | indexedSearch.name | string | `"indexed-search"` | Name used by resources. Does not affect service names or PVCs. | | indexedSearch.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `indexed-search` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -149,7 +149,7 @@ In addition to the documented values, all services also support the following va | indexedSearch.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | indexedSearch.storageSize | string | `"200Gi"` | PVC Storage Request for `indexed-search` data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. | | indexedSearchIndexer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearchIndexer.image.defaultTag | string | `"5.11.3601@sha256:f939d694396223bc3d1a7bcc27db589a132b797fba8f8df13b08dccf55f36079"` | Docker image tag for the `zoekt-indexserver` image | +| indexedSearchIndexer.image.defaultTag | string | `"5.11.4013@sha256:f9a6bb1f8116fb1f0c422842950abdfb7184ecde0d41cf8c22a9f61336072099"` | Docker image tag for the `zoekt-indexserver` image | | indexedSearchIndexer.image.name | string | `"search-indexer"` | Docker image name for the `zoekt-indexserver` image | | indexedSearchIndexer.resources | object | `{"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}}` | Resource requests & limits for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. | | jaeger.args | list | `["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"]` | Default args passed to the `jaeger` binary | @@ -159,7 +159,7 @@ In addition to the documented values, all services also support the following va | jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger `collector` service, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | | jaeger.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `jaeger` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | jaeger.enabled | bool | `false` | Enable `jaeger` | -| jaeger.image.defaultTag | string | `"5.11.3601@sha256:1e904cd091cfc63fd8c5a92cc45e400f8fe500e7020f7968513cf34ec4a98b8d"` | Docker image tag for the `jaeger` image | +| jaeger.image.defaultTag | string | `"5.11.4013@sha256:6eeaa0d18df812dfd4197c96fa675b98d07b5ef3022e7ba5b4da73e6a4e09f2b"` | Docker image tag for the `jaeger` image | | jaeger.image.name | string | `"jaeger-all-in-one"` | Docker image name for the `jaeger` image | | jaeger.name | string | `"jaeger"` | Name used by resources. Does not affect service names or PVCs. | | jaeger.podSecurityContext | object | `{}` | Security context for the `jaeger` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -174,14 +174,14 @@ In addition to the documented values, all services also support the following va | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.enabled | bool | `true` | Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in `frontend` deployment to perform database migration | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"5.11.3601@sha256:e35c4794890e83d4028c8c24baa87e5a857f3bf10c814277d0ee04807f895a25"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"5.11.4013@sha256:6df430235b5589d0af3b86aab82205897c9422045c4c63bb3698553c624f8bf9"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | nodeExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534}` | Security context for the `node-exporter` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | nodeExporter.enabled | bool | `true` | Enable `node-exporter` | | nodeExporter.extraArgs | list | `[]` | | | nodeExporter.hostPID | bool | `true` | | -| nodeExporter.image.defaultTag | string | `"5.11.3601@sha256:3c10b8e27107a4cd4eb2cbdd638a159a5e9ff95bee01c01dcc2ece9455ce390a"` | Docker image tag for the `node-exporter` image | +| nodeExporter.image.defaultTag | string | `"5.11.4013@sha256:84e29f0aa25078d07daf631950a6b4d0bf64484d80f1ae88a3582f6d2a6ac680"` | Docker image tag for the `node-exporter` image | | nodeExporter.image.name | string | `"node-exporter"` | Docker image name for the `node-exporter` image | | nodeExporter.name | string | `"node-exporter"` | Name used by resources. Does not affect service names or PVCs. | | nodeExporter.podSecurityContext | object | `{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}` | Security context for the `node-exporter` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -211,7 +211,7 @@ In addition to the documented values, all services also support the following va | openTelemetry.gateway.resources | object | `{"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}}` | Resource requests & limits for the `otel-collector` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | openTelemetry.gateway.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `otel-collector` | | openTelemetry.gateway.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| openTelemetry.image.defaultTag | string | `"5.11.3601@sha256:dc1406eacedc93bff2d2fefbe330bc1b9d6278804f7cf29ea79a395dafb5d1ae"` | Docker image tag for the `otel-collector` image | +| openTelemetry.image.defaultTag | string | `"5.11.4013@sha256:05cf6fbaea888d91d87a8c2edd257fc9903630072671f4b677df11af185c8302"` | Docker image tag for the `otel-collector` image | | openTelemetry.image.name | string | `"opentelemetry-collector"` | Docker image name for the `otel-collector` image | | pgsql.additionalConfig | string | `""` | Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our [recommended PostgreSQL configuration](https://docs.sourcegraph.com/admin/config/postgres-conf) and [PostgreSQL documentation](https://www.postgresql.org/docs/12/config-setting.html) | | pgsql.auth.database | string | `"sg"` | Sets postgres database name | @@ -223,7 +223,7 @@ In addition to the documented values, all services also support the following va | pgsql.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | pgsql.enabled | bool | `true` | Enable `pgsql` PostgreSQL server | | pgsql.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `postgresql.conf` key | -| pgsql.image.defaultTag | string | `"5.11.3601@sha256:fc9097989290ac83d2c2b188a2648a68c3858aefd1a636369a48107ee4b8bfd2"` | Docker image tag for the `pgsql` image | +| pgsql.image.defaultTag | string | `"5.11.4013@sha256:c12f7b65e46152aee6462f9e3b5613d0c0d5af6f3ea01210c371d0c05cbbac9f"` | Docker image tag for the `pgsql` image | | pgsql.image.name | string | `"postgresql-16"` | Docker image name for the `pgsql` image | | pgsql.name | string | `"pgsql"` | Name used by resources. Does not affect service names or PVCs. | | pgsql.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -232,12 +232,12 @@ In addition to the documented values, all services also support the following va | pgsql.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `pgsql` | | pgsql.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | pgsql.storageSize | string | `"200Gi"` | PVC Storage Request for `pgsql` data volume | -| postgresExporter.image.defaultTag | string | `"5.11.3601@sha256:c2a21d6c51adaecfbc6a4a994bbe15acf3187b764a051e6bb9941e0e064aa708"` | Docker image tag for the `pgsql-exporter` image | +| postgresExporter.image.defaultTag | string | `"5.11.4013@sha256:c5e20d5083ee827a05f48bf4faa303f696bcc3a6b8eb10f05fc7272bc8e56c22"` | Docker image tag for the `pgsql-exporter` image | | postgresExporter.image.name | string | `"postgres_exporter"` | Docker image name for the `pgsql-exporter` image | | postgresExporter.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `pgsql-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | preciseCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | preciseCodeIntel.env | object | `{"NUM_WORKERS":{"value":"4"}}` | Environment variables for the `precise-code-intel-worker` container | -| preciseCodeIntel.image.defaultTag | string | `"5.11.3601@sha256:7907a4a12c95d7a157731dd7084f7dfed90bc98f401c71c094fa14642e402a0d"` | Docker image tag for the `precise-code-intel-worker` image | +| preciseCodeIntel.image.defaultTag | string | `"5.11.4013@sha256:a33c2966a4d5c1343cbe780b9483236594157be56aa66fd08174b6ef2c0623f2"` | Docker image tag for the `precise-code-intel-worker` image | | preciseCodeIntel.image.name | string | `"precise-code-intel-worker"` | Docker image name for the `precise-code-intel-worker` image | | preciseCodeIntel.name | string | `"precise-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | preciseCodeIntel.podSecurityContext | object | `{}` | Security context for the `precise-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -249,7 +249,7 @@ In addition to the documented values, all services also support the following va | prometheus.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":false,"runAsGroup":100,"runAsUser":100}` | Security context for the `prometheus` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) | | prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key | -| prometheus.image.defaultTag | string | `"5.11.3601@sha256:db829a66d15fd54f3cf90059518eca77f43b4edcb8caa583658d8954711b19b2"` | Docker image tag for the `prometheus` image | +| prometheus.image.defaultTag | string | `"5.11.4013@sha256:e08e33354c46c03bdebb7c001213ee7c4c99f2bc51a8f7d3e603f0f382bf45e8"` | Docker image tag for the `prometheus` image | | prometheus.image.name | string | `"prometheus"` | Docker image name for the `prometheus` image | | prometheus.name | string | `"prometheus"` | Name used by resources. Does not affect service names or PVCs. | | prometheus.podSecurityContext | object | `{"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `prometheus` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -262,7 +262,7 @@ In addition to the documented values, all services also support the following va | redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisCache.enabled | bool | `true` | Enable `redis-cache` Redis server | -| redisCache.image.defaultTag | string | `"5.11.3601@sha256:f7b29bd64490761aea08cc072e17a58d6c5746efb3925b6aa6d6bbb27e5c8102"` | Docker image tag for the `redis-cache` image | +| redisCache.image.defaultTag | string | `"5.11.4013@sha256:a1811bb363ec880c3fd1211de857b82f1628376e0ba26bb481a7cbb2ed67a901"` | Docker image tag for the `redis-cache` image | | redisCache.image.name | string | `"redis-cache"` | Docker image name for the `redis-cache` image | | redisCache.name | string | `"redis-cache"` | Name used by resources. Does not affect service names or PVCs. | | redisCache.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-cache` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -271,14 +271,14 @@ In addition to the documented values, all services also support the following va | redisCache.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisCache.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-cache` data volume | | redisExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| redisExporter.image.defaultTag | string | `"5.11.3601@sha256:4240f7c4aeb3b03ea971f78df3f2acee02b24c16e112f5ec07e2b3d6ecca37f9"` | Docker image tag for the `redis-exporter` image | +| redisExporter.image.defaultTag | string | `"5.11.4013@sha256:5b1b57ca2e8e6732e36e927cb9fa17766a82f7ab83ef0e74c0f1ff69b70f520a"` | Docker image tag for the `redis-exporter` image | | redisExporter.image.name | string | `"redis_exporter"` | Docker image name for the `redis-exporter` image | | redisExporter.resources | object | `{"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}}` | Resource requests & limits for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | redisStore.connection.endpoint | string | `"redis-store:6379"` | Endpoint to use for redis-store. Supports either host:port or IANA specification | | redisStore.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisStore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-store` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisStore.enabled | bool | `true` | Enable `redis-store` Redis server | -| redisStore.image.defaultTag | string | `"5.11.3601@sha256:12ea9958e6749cdd8becac44c491429514fcc295823906d13920caca45c1fff8"` | Docker image tag for the `redis-store` image | +| redisStore.image.defaultTag | string | `"5.11.4013@sha256:ac0ba847ca491d52e9737c0604b6bbc8396e057465afbd1095eca943760192d2"` | Docker image tag for the `redis-store` image | | redisStore.image.name | string | `"redis-store"` | Docker image name for the `redis-store` image | | redisStore.name | string | `"redis-store"` | Name used by resources. Does not affect service names or PVCs. | | redisStore.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-store` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -287,7 +287,7 @@ In addition to the documented values, all services also support the following va | redisStore.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisStore.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-store` data volume | | repoUpdater.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `repo-updater` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| repoUpdater.image.defaultTag | string | `"5.11.3601@sha256:e6f18c9bf03d59344892ac919220bdbad372890e59bb9a1f6664eb7e5d2d0899"` | Docker image tag for the `repo-updater` image | +| repoUpdater.image.defaultTag | string | `"5.11.4013@sha256:aeece36e8693cbb3772c7649b6ae820971ccd70d0cb6f14125d879fd3464fa5b"` | Docker image tag for the `repo-updater` image | | repoUpdater.image.name | string | `"repo-updater"` | Docker image name for the `repo-updater` image | | repoUpdater.name | string | `"repo-updater"` | Name used by resources. Does not affect service names or PVCs. | | repoUpdater.podSecurityContext | object | `{}` | Security context for the `repo-updater` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -295,7 +295,7 @@ In addition to the documented values, all services also support the following va | repoUpdater.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `repo-updater` | | repoUpdater.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | searcher.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| searcher.image.defaultTag | string | `"5.11.3601@sha256:d82769450769a2a7a50f80d53b59e79ef87f50f915b7e9b42da70604d313c85a"` | Docker image tag for the `searcher` image | +| searcher.image.defaultTag | string | `"5.11.4013@sha256:57409a7f05eafacec0ac0d8f1502de531cc10ca688d5f25de10f4f18fd42f9c2"` | Docker image tag for the `searcher` image | | searcher.image.name | string | `"searcher"` | Docker image name for the `searcher` image | | searcher.name | string | `"searcher"` | Name used by resources. Does not affect service names or PVCs. | | searcher.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `searcher` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -326,7 +326,7 @@ In addition to the documented values, all services also support the following va | storageClass.provisioner | string | `"kubernetes.io/gce-pd"` | Name of the storageClass provisioner, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner) and consult your cloud provider persistent storage documentation | | storageClass.type | string | `"pd-ssd"` | Value of `type` key in storageClass `parameters`, consult your cloud provider persistent storage documentation | | symbols.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `symbols` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| symbols.image.defaultTag | string | `"5.11.3601@sha256:1e50ffd79a6704fdb8862142310aa0c31bc6114636845ff5bb747a12336af2d3"` | Docker image tag for the `symbols` image | +| symbols.image.defaultTag | string | `"5.11.4013@sha256:2747e155ca2200c6fd153217133574d03dfd5e810c75c00fd988bb64263d4183"` | Docker image tag for the `symbols` image | | symbols.image.name | string | `"symbols"` | Docker image name for the `symbols` image | | symbols.name | string | `"symbols"` | Name used by resources. Does not affect service names or PVCs. | | symbols.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `symbols` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -337,7 +337,7 @@ In addition to the documented values, all services also support the following va | symbols.storageSize | string | `"12Gi"` | Size of the PVC for symbols pods to store cache data | | syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | syntacticCodeIntel.enabled | bool | `false` | | -| syntacticCodeIntel.image.defaultTag | string | `"5.11.3601@sha256:6ea86ab77399f034a725b3e08d3010777a27d91e8f145dbdd54f9e9751cc0f23"` | Docker image tag for the `syntactic-code-intel-worker` image | +| syntacticCodeIntel.image.defaultTag | string | `"5.11.4013@sha256:e753272a8cea4fe0fba82ebfd4228dda4b217f3bd5d12911b6e2b3418ff586b2"` | Docker image tag for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.image.name | string | `"syntactic-code-intel-worker"` | Docker image name for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.name | string | `"syntactic-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | syntacticCodeIntel.podSecurityContext | object | `{}` | Security context for the `syntactic-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -347,7 +347,7 @@ In addition to the documented values, all services also support the following va | syntacticCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntactic-code-intel-worker` | | syntacticCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | syntectServer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntect-server` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| syntectServer.image.defaultTag | string | `"5.11.3601@sha256:4fc1ee61ea6d3124b9a6e84acee949d95de65b7fe29befaedf4dc577267e239c"` | Docker image tag for the `syntect-server` image | +| syntectServer.image.defaultTag | string | `"5.11.4013@sha256:abafd0499c35e885aff06898ca946c1d1cb6a467183fc49f71339f8acb916845"` | Docker image tag for the `syntect-server` image | | syntectServer.image.name | string | `"syntax-highlighter"` | Docker image name for the `syntect-server` image | | syntectServer.name | string | `"syntect-server"` | Name used by resources. Does not affect service names or PVCs. | | syntectServer.podSecurityContext | object | `{}` | Security context for the `syntect-server` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -358,7 +358,7 @@ In addition to the documented values, all services also support the following va | worker.blocklist | list | `[]` | List of jobs to block globally If replicas are configured, use this values to block jobs instead of manually setting WORKER_JOB_BLOCKLIST | | worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | worker.env | object | `{}` | Environment variables for the `worker` container | -| worker.image.defaultTag | string | `"5.11.3601@sha256:8e21dd7dda6acb3ea836a091c3364f730dd58d3dc35b373b4b458ac4aedaa338"` | Docker image tag for the `worker` image | +| worker.image.defaultTag | string | `"5.11.4013@sha256:b29453a9096842dd50ec95ef0378d579371b2e8a1a97da8868753e3bdbf09291"` | Docker image tag for the `worker` image | | worker.image.name | string | `"worker"` | Docker image name for the `worker` image | | worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. | | worker.podSecurityContext | object | `{}` | Security context for the `worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |