From c4a54edbacfe214b51c39321d8d35e7127d18a66 Mon Sep 17 00:00:00 2001 From: Marc LeBlanc Date: Wed, 1 Oct 2025 15:06:21 -0600 Subject: [PATCH 1/8] Add logic to disable the creation of secrets --- .../templates/codeinsights-db/codeinsights-db.Secret.yaml | 2 +- .../sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml | 2 +- charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml | 2 +- charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml | 2 +- charts/sourcegraph/templates/redis/redis-cache.Secret.yaml | 2 +- charts/sourcegraph/templates/redis/redis-store.Secret.yaml | 2 +- charts/sourcegraph/values.yaml | 2 ++ 7 files changed, 8 insertions(+), 6 deletions(-) diff --git a/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.Secret.yaml b/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.Secret.yaml index 251eeddf..9ead3852 100644 --- a/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.Secret.yaml +++ b/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.Secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.codeInsightsDB.auth.existingSecret }} +{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.codeInsightsDB.auth.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml b/charts/sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml index 68878d30..c82e1390 100644 --- a/charts/sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml +++ b/charts/sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.codeIntelDB.auth.existingSecret }} +{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.codeIntelDB.auth.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml b/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml index 7b3484d3..7538ec1a 100644 --- a/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml +++ b/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.grafana.auth (not .Values.grafana.auth.existingSecret) }} +{{- if and .Values.sourcegraph.createKubernetesSecrets .Values.grafana.auth (not .Values.grafana.auth.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml b/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml index 4f1757bd..83a73a3c 100644 --- a/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml +++ b/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.pgsql.auth.existingSecret }} +{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.pgsql.auth.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml b/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml index c6cf9dfc..8f4d3af7 100644 --- a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml +++ b/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.redisCache.connection.existingSecret }} +{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.redisCache.connection.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml b/charts/sourcegraph/templates/redis/redis-store.Secret.yaml index 7d0d313e..165d4817 100644 --- a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml +++ b/charts/sourcegraph/templates/redis/redis-store.Secret.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.redisStore.connection.existingSecret }} +{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.redisStore.connection.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 780f882f..3d02d3ec 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -38,6 +38,8 @@ sourcegraph: revisionHistoryLimit: 10 # -- Add extra labels to all services serviceLabels: {} + # -- Create Kubernetes secrets objects + createKubernetesSecrets: true # Generic application configuration options, used by most applications below # app: # Generally matches directory name From db4973a30dfcbc64c10134e135b8aff8964c02ca Mon Sep 17 00:00:00 2001 From: Marc LeBlanc Date: Wed, 1 Oct 2025 15:31:26 -0600 Subject: [PATCH 2/8] Add config values for Redis endpoint env vars without secrets --- charts/sourcegraph/templates/_helpers.tpl | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/sourcegraph/templates/_helpers.tpl b/charts/sourcegraph/templates/_helpers.tpl index 87c18720..fd55b31c 100644 --- a/charts/sourcegraph/templates/_helpers.tpl +++ b/charts/sourcegraph/templates/_helpers.tpl @@ -249,6 +249,7 @@ app.kubernetes.io/name: jaeger {{- end }} {{- define "sourcegraph.redisConnection" -}} +{{- if .Values.sourcegraph.createKubernetesSecrets -}} - name: REDIS_CACHE_ENDPOINT valueFrom: secretKeyRef: @@ -259,7 +260,13 @@ app.kubernetes.io/name: jaeger secretKeyRef: key: endpoint name: {{ default .Values.redisStore.name .Values.redisStore.connection.existingSecret }} -{{- end }} +{{- else -}} +- name: REDIS_CACHE_ENDPOINT + value: {{ .Values.sourcegraph.redisCacheEndpoint }} +- name: REDIS_STORE_ENDPOINT + value: {{ .Values.sourcegraph.redisStoreEndpoint }} +{{- end -}} +{{- end -}} {{- define "sourcegraph.authChecksum" -}} {{- $checksum := list .Values.codeInsightsDB.auth -}} From 311f182313b56c0e58c2f0fe5f5682450fb51224 Mon Sep 17 00:00:00 2001 From: Marc LeBlanc Date: Wed, 1 Oct 2025 16:20:55 -0600 Subject: [PATCH 3/8] Inverting createKubernetesSecrets -> disableKubernetesSecrets --- charts/sourcegraph/templates/_helpers.tpl | 14 +++++++------- .../codeinsights-db/codeinsights-db.Secret.yaml | 2 +- .../codeintel-db/codeintel-db.Secret.yaml | 2 +- .../frontend/sourcegraph-frontend.Deployment.yaml | 4 +++- .../templates/grafana/grafana.StatefulSet.yaml | 2 ++ .../templates/grafana/grafana.pgsql.Secret.yaml | 2 +- .../sourcegraph/templates/pgsql/pgsql.Secret.yaml | 2 +- .../templates/redis/redis-cache.Secret.yaml | 2 +- .../templates/redis/redis-store.Secret.yaml | 2 +- charts/sourcegraph/values.yaml | 4 ++-- 10 files changed, 20 insertions(+), 16 deletions(-) diff --git a/charts/sourcegraph/templates/_helpers.tpl b/charts/sourcegraph/templates/_helpers.tpl index fd55b31c..71cf7812 100644 --- a/charts/sourcegraph/templates/_helpers.tpl +++ b/charts/sourcegraph/templates/_helpers.tpl @@ -45,7 +45,7 @@ For top-level services, pass in the top-level values: {{ include "sourcegraph.serviceAccountName" (list . "frontend") }} frontend: - serivceAccount: + serviceAccount: create: false For nested services, pass in the nested values: @@ -249,7 +249,12 @@ app.kubernetes.io/name: jaeger {{- end }} {{- define "sourcegraph.redisConnection" -}} -{{- if .Values.sourcegraph.createKubernetesSecrets -}} +{{- if .Values.sourcegraph.disableKubernetesSecrets -}} +- name: REDIS_CACHE_ENDPOINT + value: {{ .Values.sourcegraph.redisCacheEndpoint }} +- name: REDIS_STORE_ENDPOINT + value: {{ .Values.sourcegraph.redisStoreEndpoint }} +{{- else -}} - name: REDIS_CACHE_ENDPOINT valueFrom: secretKeyRef: @@ -260,11 +265,6 @@ app.kubernetes.io/name: jaeger secretKeyRef: key: endpoint name: {{ default .Values.redisStore.name .Values.redisStore.connection.existingSecret }} -{{- else -}} -- name: REDIS_CACHE_ENDPOINT - value: {{ .Values.sourcegraph.redisCacheEndpoint }} -- name: REDIS_STORE_ENDPOINT - value: {{ .Values.sourcegraph.redisStoreEndpoint }} {{- end -}} {{- end -}} diff --git a/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.Secret.yaml b/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.Secret.yaml index 9ead3852..650c58e8 100644 --- a/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.Secret.yaml +++ b/charts/sourcegraph/templates/codeinsights-db/codeinsights-db.Secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.codeInsightsDB.auth.existingSecret) -}} +{{- if and (not .Values.sourcegraph.disableKubernetesSecrets) (not .Values.codeInsightsDB.auth.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml b/charts/sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml index c82e1390..021a54f0 100644 --- a/charts/sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml +++ b/charts/sourcegraph/templates/codeintel-db/codeintel-db.Secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.codeIntelDB.auth.existingSecret) -}} +{{- if and (not .Values.sourcegraph.disableKubernetesSecrets) (not .Values.codeIntelDB.auth.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml index 187a5c6d..f55cea61 100644 --- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml +++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml @@ -54,7 +54,7 @@ spec: imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} args: {{- default (list "up") .Values.migrator.args | toYaml | nindent 8 }} env: - {{- if not .Values.migrator.databaseAuthOverrideEnvVars }} + {{- if and (not .Values.migrator.databaseAuthOverrideEnvVars) (not .Values.sourcegraph.disableKubernetesSecrets) }} {{- include "sourcegraph.databaseAuth" (list . "pgsql" "PG") | nindent 8 }} {{- include "sourcegraph.databaseAuth" (list . "codeIntelDB" "CODEINTEL_PG") | nindent 8 }} {{- include "sourcegraph.databaseAuth" (list . "codeInsightsDB" "CODEINSIGHTS_PG") | nindent 8 }} @@ -80,9 +80,11 @@ spec: imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} args: {{- default (list "serve") .Values.frontend.args | toYaml | nindent 8 }} env: + {{- if not .Values.sourcegraph.disableKubernetesSecrets }} {{- include "sourcegraph.databaseAuth" (list . "pgsql" "PG") | nindent 8 }} {{- include "sourcegraph.databaseAuth" (list . "codeIntelDB" "CODEINTEL_PG") | nindent 8 }} {{- include "sourcegraph.databaseAuth" (list . "codeInsightsDB" "CODEINSIGHTS_PG") | nindent 8 }} + {{- end }} {{- range $name, $item := .Values.frontend.env}} - name: {{ $name }} {{- $item | toYaml | nindent 10 }} diff --git a/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml b/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml index da3cb0e4..4d748bd0 100644 --- a/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml +++ b/charts/sourcegraph/templates/grafana/grafana.StatefulSet.yaml @@ -52,7 +52,9 @@ spec: {{- end }} terminationMessagePolicy: FallbackToLogsOnError env: + {{- if not .Values.sourcegraph.disableKubernetesSecrets -}} {{- include "sourcegraph.databaseAuth" (list . "grafana" "GRAFANA_PGSQL_") | nindent 8 }} + {{- end -}} {{- range $name, $item := .Values.grafana.env}} - name: {{ $name }} {{- $item | toYaml | nindent 10 }} diff --git a/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml b/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml index 7538ec1a..a96fcb44 100644 --- a/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml +++ b/charts/sourcegraph/templates/grafana/grafana.pgsql.Secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.sourcegraph.createKubernetesSecrets .Values.grafana.auth (not .Values.grafana.auth.existingSecret) -}} +{{- if and (not .Values.sourcegraph.disableKubernetesSecrets) .Values.grafana.auth (not .Values.grafana.auth.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml b/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml index 83a73a3c..73280504 100644 --- a/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml +++ b/charts/sourcegraph/templates/pgsql/pgsql.Secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.pgsql.auth.existingSecret) -}} +{{- if and (not .Values.sourcegraph.disableKubernetesSecrets) (not .Values.pgsql.auth.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml b/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml index 8f4d3af7..ac24267c 100644 --- a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml +++ b/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.redisCache.connection.existingSecret) -}} +{{- if and (not .Values.sourcegraph.disableKubernetesSecrets) (not .Values.redisCache.connection.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml b/charts/sourcegraph/templates/redis/redis-store.Secret.yaml index 165d4817..ab3124ee 100644 --- a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml +++ b/charts/sourcegraph/templates/redis/redis-store.Secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.sourcegraph.createKubernetesSecrets (not .Values.redisStore.connection.existingSecret) -}} +{{- if and (not .Values.sourcegraph.disableKubernetesSecrets) (not .Values.redisStore.connection.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 3d02d3ec..7211e4d1 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -38,8 +38,8 @@ sourcegraph: revisionHistoryLimit: 10 # -- Add extra labels to all services serviceLabels: {} - # -- Create Kubernetes secrets objects - createKubernetesSecrets: true + # -- Disable the creation of Kubernetes secrets objects + disableKubernetesSecrets: false # Generic application configuration options, used by most applications below # app: # Generally matches directory name From d1483a4ea90bffcd7b191ce95e372744ae07fca3 Mon Sep 17 00:00:00 2001 From: Marc LeBlanc Date: Wed, 1 Oct 2025 16:38:41 -0600 Subject: [PATCH 4/8] Add overrides for migrator and frontend container entrypoints --- .../templates/frontend/sourcegraph-frontend.Deployment.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml index f55cea61..e2dad382 100644 --- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml +++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml @@ -52,6 +52,9 @@ spec: - name: migrator image: {{ include "sourcegraph.image" (list . "migrator") }} imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} + {{- if .Values.migrator.command }} + command: {{ .Values.migrator.command }} + {{- end }} args: {{- default (list "up") .Values.migrator.args | toYaml | nindent 8 }} env: {{- if and (not .Values.migrator.databaseAuthOverrideEnvVars) (not .Values.sourcegraph.disableKubernetesSecrets) }} @@ -78,6 +81,9 @@ spec: - name: frontend image: {{ include "sourcegraph.image" (list . "frontend") }} imagePullPolicy: {{ .Values.sourcegraph.image.pullPolicy }} + {{- if .Values.frontend.command }} + command: {{ .Values.frontend.command }} + {{- end }} args: {{- default (list "serve") .Values.frontend.args | toYaml | nindent 8 }} env: {{- if not .Values.sourcegraph.disableKubernetesSecrets }} From 1706dea338de8d79f34025b6d8e567e1805079cb Mon Sep 17 00:00:00 2001 From: Marc LeBlanc Date: Wed, 1 Oct 2025 17:03:27 -0600 Subject: [PATCH 5/8] Ran scripts/helm-docs.sh to update charts/sourcegraph/README.md --- charts/sourcegraph/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index b2574e9c..f9bca022 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -302,6 +302,7 @@ In addition to the documented values, all services also support the following va | searcher.storageSize | string | `"26Gi"` | Size of the PVC for searcher pods to store cache data | | sgTestConnection | object | `{"enabled":true}` | Enable the busybox connection test after deployment | | sourcegraph.affinity | object | `{}` | Global Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | +| sourcegraph.disableKubernetesSecrets | bool | `false` | Disable the creation of Kubernetes secrets objects | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | | sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | From ab9ecb42ecfb5e69e8a20b2f8ebee187fecea2e8 Mon Sep 17 00:00:00 2001 From: Marc LeBlanc Date: Wed, 1 Oct 2025 17:40:25 -0600 Subject: [PATCH 6/8] Add .Values.prometheus.createRoleBinding to disable role binding --- .../templates/prometheus/prometheus.ClusterRoleBinding.yaml | 2 +- .../templates/prometheus/prometheus.RoleBinding.yaml | 2 +- charts/sourcegraph/values.yaml | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml b/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml index bdd4352f..d6ab69ab 100644 --- a/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml +++ b/charts/sourcegraph/templates/prometheus/prometheus.ClusterRoleBinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.privileged -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.privileged .Values.prometheus.createRoleBinding -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml b/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml index c7345da9..4fa1376d 100644 --- a/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml +++ b/charts/sourcegraph/templates/prometheus/prometheus.RoleBinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheus.enabled (not .Values.prometheus.privileged) -}} +{{- if and .Values.prometheus.enabled (not .Values.prometheus.privileged) .Values.prometheus.createRoleBinding -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 7211e4d1..aeb62857 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -895,6 +895,7 @@ prometheus: name: "prometheus" # -- Enable RBAC for `prometheus` privileged: true + createRoleBinding: true # -- Resource requests & limits for the `prometheus` container, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) # Prometheus is relied upon to monitor services for sending alerts to site admins when @@ -1260,7 +1261,7 @@ worker: # -- Additional resources to include in the rendered manifest. Templates are supported. extraResources: [] -# -- Additional priorityClasses minimise re-scheduling downtime for StatefulSets. Each StatefulSets might use different priority class. +# -- Additional priorityClasses minimize re-scheduling downtime for StatefulSets. Each StatefulSets might use different priority class. # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) # Sample class definition: # - name: gitserver-class From 8359633586cfbbd3f15190f627967233a830788f Mon Sep 17 00:00:00 2001 From: Marc LeBlanc Date: Wed, 1 Oct 2025 18:58:47 -0600 Subject: [PATCH 7/8] Add createRoleBinding to disable the creation of Prometheus' RoleBinding object, for customers who block all RBAC resource creation --- charts/sourcegraph/README.md | 3 ++- charts/sourcegraph/values.yaml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index f9bca022..db5893e6 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -249,8 +249,9 @@ In addition to the documented values, all services also support the following va | preciseCodeIntel.resources | object | `{"limits":{"cpu":"2","memory":"4G"},"requests":{"cpu":"500m","memory":"2G"}}` | Resource requests & limits for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | preciseCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `precise-code-intel-worker` | | preciseCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| priorityClasses | list | `[]` | Additional priorityClasses minimise re-scheduling downtime for StatefulSets. Each StatefulSets might use different priority class. learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) Sample class definition: - name: gitserver-class value: 100 preemptionPolicy: Never description: "gitserver priority class" | +| priorityClasses | list | `[]` | Additional priorityClasses minimize re-scheduling downtime for StatefulSets. Each StatefulSets might use different priority class. learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) Sample class definition: - name: gitserver-class value: 100 preemptionPolicy: Never description: "gitserver priority class" | | prometheus.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":false,"runAsGroup":100,"runAsUser":100}` | Security context for the `prometheus` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | +| prometheus.createRoleBinding | bool | `true` | Disable the creation of a RoleBinding object, for customers who block all RBAC resource creation | | prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) | | prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key | | prometheus.image.defaultTag | string | `"6.7.2720@sha256:7ce99c850c379b77c1f037efee67fd1cf59bb3dc847704c87a8f89dfb25b83a6"` | Docker image tag for the `prometheus` image | diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index aeb62857..7a1af25e 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -895,6 +895,7 @@ prometheus: name: "prometheus" # -- Enable RBAC for `prometheus` privileged: true + # -- Disable the creation of a RoleBinding object, for customers who block all RBAC resource creation createRoleBinding: true # -- Resource requests & limits for the `prometheus` container, # learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) From 8500b2c4f026e4ae158a1bdddc1aee95f6061af7 Mon Sep 17 00:00:00 2001 From: Marc LeBlanc Date: Wed, 1 Oct 2025 19:09:12 -0600 Subject: [PATCH 8/8] Add docs for Redis env var configs --- charts/sourcegraph/README.md | 2 ++ charts/sourcegraph/values.yaml | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index db5893e6..f4142928 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -315,6 +315,8 @@ In addition to the documented values, all services also support the following va | sourcegraph.nodeSelector | object | `{}` | Global NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | | sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods | | sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods | +| sourcegraph.redisCacheEndpoint | string | `""` | Set the value of the REDIS_CACHE_ENDPOINT environment variable on the needed containers, when Kubernetes secrets are disabled | +| sourcegraph.redisStoreEndpoint | string | `""` | Set the value of the REDIS_STORE_ENDPOINT environment variable on the needed containers, when Kubernetes secrets are disabled | | sourcegraph.revisionHistoryLimit | int | `10` | Global deployment clean up policy, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) | | sourcegraph.serviceLabels | object | `{}` | Add extra labels to all services | | sourcegraph.tolerations | list | `[]` | Global Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index 7a1af25e..64c71db7 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -40,6 +40,10 @@ sourcegraph: serviceLabels: {} # -- Disable the creation of Kubernetes secrets objects disableKubernetesSecrets: false + # -- Set the value of the REDIS_CACHE_ENDPOINT environment variable on the needed containers, when Kubernetes secrets are disabled + redisCacheEndpoint: "" + # -- Set the value of the REDIS_STORE_ENDPOINT environment variable on the needed containers, when Kubernetes secrets are disabled + redisStoreEndpoint: "" # Generic application configuration options, used by most applications below # app: # Generally matches directory name