From 1bcdc1823d7c0d1c4f87232d1c9e6f84a3a93b0b Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Fri, 23 May 2025 02:06:37 +0000 Subject: [PATCH] promote-release: v6.3.4167 {"version":"v6.3.4167","inputs":"server=v6.3.4167","type":"patch"} --- charts/sourcegraph-executor/dind/README.md | 4 +- charts/sourcegraph-executor/dind/values.yaml | 4 +- charts/sourcegraph-executor/k8s/README.md | 4 +- charts/sourcegraph-executor/k8s/values.yaml | 4 +- charts/sourcegraph-migrator/README.md | 4 +- charts/sourcegraph-migrator/values.yaml | 4 +- charts/sourcegraph/README.md | 52 ++++++++++---------- charts/sourcegraph/values.yaml | 52 ++++++++++---------- 8 files changed, 64 insertions(+), 64 deletions(-) diff --git a/charts/sourcegraph-executor/dind/README.md b/charts/sourcegraph-executor/dind/README.md index ec62748a..4aa830d4 100644 --- a/charts/sourcegraph-executor/dind/README.md +++ b/charts/sourcegraph-executor/dind/README.md @@ -60,7 +60,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.env.EXECUTOR_FRONTEND_URL | object | `{"value":""}` | The external URL of the Sourcegraph instance. Required. | | executor.env.EXECUTOR_QUEUE_NAME | object | `{"value":""}` | The name of the queue to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAMES is required.** | | executor.env.EXECUTOR_QUEUE_NAMES | object | `{"value":""}` | The comma-separated list of names of multiple queues to pull jobs from to. Possible values: batches and codeintel. **Either this or EXECUTOR_QUEUE_NAME is required.** | -| executor.image.defaultTag | string | `"6.3.4167@sha256:046b2e9cc42f897b13b9d3a009fbb841db97bcbbb3c03d06f436f35c3b33287e"` | | +| executor.image.defaultTag | string | `"6.3.4167@sha256:5837a9a68efd9662447e3353e93391644fea3be389479244cfa0c140b6b84e2c"` | | | executor.image.name | string | `"executor"` | | | executor.replicaCount | int | `1` | | | privateDockerRegistry.enabled | bool | `true` | Whether to deploy the private registry. Only one registry is needed when deploying multiple executors. More information: https://docs.sourcegraph.com/admin/executors/deploy_executors#using-private-registries | @@ -71,7 +71,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-executor/dind/values.yaml b/charts/sourcegraph-executor/dind/values.yaml index 51399565..91d96ad0 100644 --- a/charts/sourcegraph-executor/dind/values.yaml +++ b/charts/sourcegraph-executor/dind/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -55,7 +55,7 @@ storageClass: executor: enabled: true image: - defaultTag: 6.3.4167@sha256:046b2e9cc42f897b13b9d3a009fbb841db97bcbbb3c03d06f436f35c3b33287e + defaultTag: 6.3.4167@sha256:5837a9a68efd9662447e3353e93391644fea3be389479244cfa0c140b6b84e2c name: "executor" replicaCount: 1 env: diff --git a/charts/sourcegraph-executor/k8s/README.md b/charts/sourcegraph-executor/k8s/README.md index f86d8298..07c7f755 100644 --- a/charts/sourcegraph-executor/k8s/README.md +++ b/charts/sourcegraph-executor/k8s/README.md @@ -61,7 +61,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | executor.frontendExistingSecret | string | `""` | Name of existing k8s Secret to use for frontend password The name of the secret must match `executor.name`, i.e., the name of the helm release used to deploy the helm chart. The k8s Secret must contain the key `EXECUTOR_FRONTEND_PASSWORD` matching the site config `executors.accessToken` value. `executor.frontendPassword` is ignored if this is enabled. | | executor.frontendPassword | string | `""` | The shared secret configured in the Sourcegraph instance site config under executors.accessToken. Required if `executor.frontendExistingSecret`` is not configured. | | executor.frontendUrl | string | `""` | The external URL of the Sourcegraph instance. Required. **Recommended:** set to the internal service endpoint (e.g. `http://sourcegraph-frontend.sourcegraph.svc.cluster.local:30080` if Sourcegraph is deployed in the `sourcegraph` namespace). This will avoid unnecessary network charges as traffic will stay within the local network. | -| executor.image.defaultTag | string | `"6.3.4167@sha256:0a1ff0ef77ab82588dd0aadeec6623989e94c16617ce2bdb6862f1152fd323c8"` | | +| executor.image.defaultTag | string | `"6.3.4167@sha256:d4c96ce599be16fd85ecf9e5af9144e8f6c41a1caa8f1dac14aaf338f1ba6c61"` | | | executor.image.name | string | `"executor-kubernetes"` | | | executor.kubeconfigPath | string | `""` | The path to the kubeconfig file. If not specified, the in-cluster config is used. | | executor.kubernetesJob.deadline | string | `"1200"` | The number of seconds after which a Kubernetes job will be terminated. | @@ -99,7 +99,7 @@ In addition to the documented values, the `executor` and `private-docker-registr | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-executor/k8s/values.yaml b/charts/sourcegraph-executor/k8s/values.yaml index 3cb0a74f..8fc54c1e 100644 --- a/charts/sourcegraph-executor/k8s/values.yaml +++ b/charts/sourcegraph-executor/k8s/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -59,7 +59,7 @@ executor: configureRbac: true replicas: 1 image: - defaultTag: 6.3.4167@sha256:0a1ff0ef77ab82588dd0aadeec6623989e94c16617ce2bdb6862f1152fd323c8 + defaultTag: 6.3.4167@sha256:d4c96ce599be16fd85ecf9e5af9144e8f6c41a1caa8f1dac14aaf338f1ba6c61 name: "executor-kubernetes" resources: limits: diff --git a/charts/sourcegraph-migrator/README.md b/charts/sourcegraph-migrator/README.md index 4b6d6418..d6d0f957 100644 --- a/charts/sourcegraph-migrator/README.md +++ b/charts/sourcegraph-migrator/README.md @@ -80,7 +80,7 @@ In addition to the documented values, the `migrator` service also supports the f | migrator.args | list | `["up","-db=all"]` | Override default `migrator` container args Available commands can be found at https://docs.sourcegraph.com/admin/how-to/manual_database_migrations | | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"6.3.4167@sha256:7ba9a4c054317677fa29386ece143a7b598cae79e4366fb64264e162c9328a0e"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"6.3.4167@sha256:b85ffffd61f65daba4d5be075d97f6b5f2a9a0d74922a18dce144d1e0e02ef25"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | pgsql.auth.existingSecret | string | `""` | Name of existing secret to use for pgsql credentials This should match the setting in the sourcegraph chart values | @@ -88,7 +88,7 @@ In addition to the documented values, the `migrator` service also supports the f | sourcegraph.affinity | object | `{}` | Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add a global label to all resources | diff --git a/charts/sourcegraph-migrator/values.yaml b/charts/sourcegraph-migrator/values.yaml index e39d79d4..181d846f 100644 --- a/charts/sourcegraph-migrator/values.yaml +++ b/charts/sourcegraph-migrator/values.yaml @@ -8,7 +8,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -102,7 +102,7 @@ pgsql: migrator: image: # -- Docker image tag for the `migrator` image - defaultTag: 6.3.4167@sha256:7ba9a4c054317677fa29386ece143a7b598cae79e4366fb64264e162c9328a0e + defaultTag: 6.3.4167@sha256:b85ffffd61f65daba4d5be075d97f6b5f2a9a0d74922a18dce144d1e0e02ef25 # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 942031d4..315f40f2 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -28,12 +28,12 @@ In addition to the documented values, all services also support the following va | Key | Type | Default | Description | |-----|------|---------|-------------| | alpine.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| alpine.image.defaultTag | string | `"6.3.4167@sha256:e2490916e251ee42c59582f77366534f5688b6a12b7ed08b700edf1bd4503bd6"` | Docker image tag for the `alpine` image | +| alpine.image.defaultTag | string | `"6.3.4167@sha256:0d58edb60edfc5875e160f2a29944adf2f17ce1db93e3cfbf9db02bfd10d34b5"` | Docker image tag for the `alpine` image | | alpine.image.name | string | `"alpine-3.14"` | Docker image name for the `alpine` image | | alpine.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | blobstore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | blobstore.enabled | bool | `true` | Enable `blobstore` (S3 compatible storage) | -| blobstore.image.defaultTag | string | `"6.3.4167@sha256:fb0a7dacd88170e29a95ad6475dc45bc482dd6a0f66b54e7004ac45910c0fd9c"` | Docker image tag for the `blobstore` image | +| blobstore.image.defaultTag | string | `"6.3.4167@sha256:e275bcc4ae8c4c48dd2de71ee0bcc31af5a0c9fe1a8f2705e0135127162bcb65"` | Docker image tag for the `blobstore` image | | blobstore.image.name | string | `"blobstore"` | Docker image name for the `blobstore` image | | blobstore.name | string | `"blobstore"` | Name used by resources. Does not affect service names or PVCs. | | blobstore.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `blobstore` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -43,7 +43,7 @@ In addition to the documented values, all services also support the following va | blobstore.storageSize | string | `"100Gi"` | PVC Storage Request for `blobstore` data volume | | cadvisor.containerSecurityContext | object | `{"privileged":true}` | Security context for the `cadvisor` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | cadvisor.enabled | bool | `true` | Enable `cadvisor` | -| cadvisor.image.defaultTag | string | `"6.3.4167@sha256:bf0b44eb36821f242bd0e8b8d033ea88ea6933ec32a16cdd3157d1ee93fbf38b"` | Docker image tag for the `cadvisor` image | +| cadvisor.image.defaultTag | string | `"6.3.4167@sha256:0ba41b64eb4c07c06a0aeff899731a56a22bbac71c06b1401f45a06fa917cd54"` | Docker image tag for the `cadvisor` image | | cadvisor.image.name | string | `"cadvisor"` | Docker image name for the `cadvisor` image | | cadvisor.name | string | `"cadvisor"` | Name used by resources. Does not affect service names or PVCs. | | cadvisor.podSecurityPolicy.enabled | bool | `false` | Enable [PodSecurityPolicy](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) for `cadvisor` pods | @@ -62,7 +62,7 @@ In addition to the documented values, all services also support the following va | codeInsightsDB.enabled | bool | `true` | Enable `codeinsights-db` PostgreSQL server | | codeInsightsDB.env | object | `{}` | Environment variables for the `codeinsights-db` container | | codeInsightsDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeinsights-db`. It must contain a `postgresql.conf` key. | -| codeInsightsDB.image.defaultTag | string | `"6.3.4167@sha256:65df37c2ac210a0fd354021a27535347f5486cc75dfa9447b86f71dc920d83c8"` | Docker image tag for the `codeinsights-db` image | +| codeInsightsDB.image.defaultTag | string | `"6.3.4167@sha256:4dc49a20fc4bb0477e32f550e33d55cdab28c853fd59605de96c77bb1de4d1d2"` | Docker image tag for the `codeinsights-db` image | | codeInsightsDB.image.name | string | `"postgresql-16-codeinsights"` | Docker image name for the `codeinsights-db` image | | codeInsightsDB.init.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70}` | Security context for the `alpine` initContainer, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeInsightsDB.name | string | `"codeinsights-db"` | Name used by resources. Does not affect service names or PVCs. | @@ -83,7 +83,7 @@ In addition to the documented values, all services also support the following va | codeIntelDB.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `codeintel-db` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | codeIntelDB.enabled | bool | `true` | Enable `codeintel-db` PostgreSQL server | | codeIntelDB.existingConfig | string | `""` | Name of existing ConfigMap for `codeintel-db`. It must contain a `postgresql.conf` key | -| codeIntelDB.image.defaultTag | string | `"6.3.4167@sha256:41a6074fa74dcde19b670a42f22654d4fb2b16a7708f7f6b460f8fc5d8d3f348"` | Docker image tag for the `codeintel-db` image | +| codeIntelDB.image.defaultTag | string | `"6.3.4167@sha256:84daef869df4a5fb429651dbc711ae4b6d35845ad437e1f29f7ff5fda772d8c7"` | Docker image tag for the `codeintel-db` image | | codeIntelDB.image.name | string | `"postgresql-16"` | Docker image name for the `codeintel-db` image | | codeIntelDB.name | string | `"codeintel-db"` | Name used by resources. Does not affect service names or PVCs. | | codeIntelDB.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999}` | Security context for the `codeintel-db` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -95,7 +95,7 @@ In addition to the documented values, all services also support the following va | extraResources | list | `[]` | Additional resources to include in the rendered manifest. Templates are supported. | | frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `frontend` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | frontend.env | object | the chart will add some default environment values | Environment variables for the `frontend` container | -| frontend.image.defaultTag | string | `"6.3.4167@sha256:b8cda0b3c141690c12fc27afaafe2bbb88077d51f1e34c6bdf73746a751e5498"` | Docker image tag for the `frontend` image | +| frontend.image.defaultTag | string | `"6.3.4167@sha256:036945a7c9be19213d510d311a346b06a6f19a4af802da0ded3915eed6b40cc0"` | Docker image tag for the `frontend` image | | frontend.image.name | string | `"frontend"` | Docker image name for the `frontend` image | | frontend.ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"}` | Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by [cert-manager](https://cert-manager.io/docs/usage/ingress/) | | frontend.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | [Deprecated annotation](https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation) for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use `ingressClassName` instead and set an override value of `null` for this annotation. | @@ -111,7 +111,7 @@ In addition to the documented values, all services also support the following va | frontend.serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for `frontend` | | frontend.serviceAccount.name | string | `"sourcegraph-frontend"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | gitserver.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| gitserver.image.defaultTag | string | `"6.3.4167@sha256:2df07f9790e1f5dbc22531cfa6d45b83a74ce38b0a339917853e8761bdf43c4d"` | Docker image tag for the `gitserver` image | +| gitserver.image.defaultTag | string | `"6.3.4167@sha256:8e9fb61fda27e53c96ddf9b589dea4493dc2667ece8dd176041f97dd6768c823"` | Docker image tag for the `gitserver` image | | gitserver.image.name | string | `"gitserver"` | Docker image name for the `gitserver` image | | gitserver.name | string | `"gitserver"` | Name used by resources. Does not affect service names or PVCs. | | gitserver.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100}` | Security context for the `gitserver` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -132,7 +132,7 @@ In addition to the documented values, all services also support the following va | grafana.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | grafana.enabled | bool | `true` | Enable `grafana` dashboard (recommended) | | grafana.existingConfig | string | `""` | Name of existing ConfigMap for `grafana`. It must contain a `datasources.yml` key. | -| grafana.image.defaultTag | string | `"6.3.4167@sha256:9d3d5ba37aea208eb0f07e5bff3e2cefe649945c7f849e311795c7014279c0bf"` | Docker image tag for the `grafana` image | +| grafana.image.defaultTag | string | `"6.3.4167@sha256:7bc78883be6c259110ae26849a3b4a59e1b5f1c4b3747d9223561268602fbc10"` | Docker image tag for the `grafana` image | | grafana.image.name | string | `"grafana"` | Docker image name for the `grafana` image | | grafana.name | string | `"grafana"` | Name used by resources. Does not affect service names or PVCs. | | grafana.podSecurityContext | object | `{"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472}` | Security context for the `grafana` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -141,7 +141,7 @@ In addition to the documented values, all services also support the following va | grafana.serviceAccount.name | string | `"grafana"` | Name of the ServiceAccount to be created or an existing ServiceAccount | | grafana.storageSize | string | `"2Gi"` | PVC Storage Request for `grafana` data volume | | indexedSearch.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-webserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearch.image.defaultTag | string | `"6.3.4167@sha256:5251e562299e67ec45d9ca47bb3dc9f6fbe5e72571f52b8f492a51a9ddb90d74"` | Docker image tag for the `zoekt-webserver` image | +| indexedSearch.image.defaultTag | string | `"6.3.4167@sha256:c79e80d10c09552baeeb064124eafe985d6b771dc4b11550480ef03cd320711b"` | Docker image tag for the `zoekt-webserver` image | | indexedSearch.image.name | string | `"indexed-searcher"` | Docker image name for the `zoekt-webserver` image | | indexedSearch.name | string | `"indexed-search"` | Name used by resources. Does not affect service names or PVCs. | | indexedSearch.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `indexed-search` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -151,7 +151,7 @@ In addition to the documented values, all services also support the following va | indexedSearch.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | indexedSearch.storageSize | string | `"200Gi"` | PVC Storage Request for `indexed-search` data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. | | indexedSearchIndexer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| indexedSearchIndexer.image.defaultTag | string | `"6.3.4167@sha256:a24290636f0e209b471a8903d48f809727f916b4ac902e92a492437a13c395e3"` | Docker image tag for the `zoekt-indexserver` image | +| indexedSearchIndexer.image.defaultTag | string | `"6.3.4167@sha256:09c7893041250cdaba4b6d2843dbc2486b70d2b019422a39f16eb7cf6de69c05"` | Docker image tag for the `zoekt-indexserver` image | | indexedSearchIndexer.image.name | string | `"search-indexer"` | Docker image name for the `zoekt-indexserver` image | | indexedSearchIndexer.resources | object | `{"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}}` | Resource requests & limits for the `zoekt-indexserver` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. | | jaeger.args | list | `["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"]` | Default args passed to the `jaeger` binary | @@ -161,7 +161,7 @@ In addition to the documented values, all services also support the following va | jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger `collector` service, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | | jaeger.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `jaeger` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | jaeger.enabled | bool | `false` | Enable `jaeger` | -| jaeger.image.defaultTag | string | `"6.3.4167@sha256:48cf0af81f2ad9e98053a0afc6bc27c0f5e0adacdbc18417053983b07c84442e"` | Docker image tag for the `jaeger` image | +| jaeger.image.defaultTag | string | `"6.3.4167@sha256:1c24b73392866579f44c46659a4c3c25e3c5a7613253c69b898203cf2de99d6c"` | Docker image tag for the `jaeger` image | | jaeger.image.name | string | `"jaeger-all-in-one"` | Docker image name for the `jaeger` image | | jaeger.name | string | `"jaeger"` | Name used by resources. Does not affect service names or PVCs. | | jaeger.podSecurityContext | object | `{}` | Security context for the `jaeger` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -176,14 +176,14 @@ In addition to the documented values, all services also support the following va | migrator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | migrator.enabled | bool | `true` | Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in `frontend` deployment to perform database migration | | migrator.env | object | `{}` | Environment variables for the `migrator` container | -| migrator.image.defaultTag | string | `"6.3.4167@sha256:7ba9a4c054317677fa29386ece143a7b598cae79e4366fb64264e162c9328a0e"` | Docker image tag for the `migrator` image | +| migrator.image.defaultTag | string | `"6.3.4167@sha256:b85ffffd61f65daba4d5be075d97f6b5f2a9a0d74922a18dce144d1e0e02ef25"` | Docker image tag for the `migrator` image | | migrator.image.name | string | `"migrator"` | Docker image name for the `migrator` image | | migrator.resources | object | `{"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}}` | Resource requests & limits for the `migrator` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | nodeExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534}` | Security context for the `node-exporter` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | nodeExporter.enabled | bool | `true` | Enable `node-exporter` | | nodeExporter.extraArgs | list | `[]` | | | nodeExporter.hostPID | bool | `true` | | -| nodeExporter.image.defaultTag | string | `"6.3.4167@sha256:5e3291d5cadca7f3b637d90aeeeaeda2a592d2868c8d1de6a423de066138adc9"` | Docker image tag for the `node-exporter` image | +| nodeExporter.image.defaultTag | string | `"6.3.4167@sha256:3988a053cc59460fb6661832bd343b6f64b4c7da5fc19baa6c30868d59455847"` | Docker image tag for the `node-exporter` image | | nodeExporter.image.name | string | `"node-exporter"` | Docker image name for the `node-exporter` image | | nodeExporter.name | string | `"node-exporter"` | Name used by resources. Does not affect service names or PVCs. | | nodeExporter.podSecurityContext | object | `{"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534}` | Security context for the `node-exporter` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -213,7 +213,7 @@ In addition to the documented values, all services also support the following va | openTelemetry.gateway.resources | object | `{"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}}` | Resource requests & limits for the `otel-collector` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | openTelemetry.gateway.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `otel-collector` | | openTelemetry.gateway.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | -| openTelemetry.image.defaultTag | string | `"6.3.4167@sha256:0115ee968abf849b00347ce30cd3bc2292c5da4a300c9fe432389e89a64e1b0c"` | Docker image tag for the `otel-collector` image | +| openTelemetry.image.defaultTag | string | `"6.3.4167@sha256:0626fdf5d8fab21546bf8e2cf31cc5b66bf7121fd98e7c8c08bdbfaf187ee450"` | Docker image tag for the `otel-collector` image | | openTelemetry.image.name | string | `"opentelemetry-collector"` | Docker image name for the `otel-collector` image | | pgsql.additionalConfig | string | `""` | Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our [recommended PostgreSQL configuration](https://docs.sourcegraph.com/admin/config/postgres-conf) and [PostgreSQL documentation](https://www.postgresql.org/docs/12/config-setting.html) | | pgsql.auth.database | string | `"sg"` | Sets postgres database name | @@ -226,7 +226,7 @@ In addition to the documented values, all services also support the following va | pgsql.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | pgsql.enabled | bool | `true` | Enable `pgsql` PostgreSQL server | | pgsql.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `postgresql.conf` key | -| pgsql.image.defaultTag | string | `"6.3.4167@sha256:41a6074fa74dcde19b670a42f22654d4fb2b16a7708f7f6b460f8fc5d8d3f348"` | Docker image tag for the `pgsql` image | +| pgsql.image.defaultTag | string | `"6.3.4167@sha256:84daef869df4a5fb429651dbc711ae4b6d35845ad437e1f29f7ff5fda772d8c7"` | Docker image tag for the `pgsql` image | | pgsql.image.name | string | `"postgresql-16"` | Docker image name for the `pgsql` image | | pgsql.name | string | `"pgsql"` | Name used by resources. Does not affect service names or PVCs. | | pgsql.podSecurityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999}` | Security context for the `pgsql` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -235,12 +235,12 @@ In addition to the documented values, all services also support the following va | pgsql.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `pgsql` | | pgsql.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | pgsql.storageSize | string | `"200Gi"` | PVC Storage Request for `pgsql` data volume | -| postgresExporter.image.defaultTag | string | `"6.3.4167@sha256:44568bbeb551681572be116a74fc1a150aff9c2a1eba5c93e4c524e0d85c9730"` | Docker image tag for the `pgsql-exporter` image | +| postgresExporter.image.defaultTag | string | `"6.3.4167@sha256:3d85cb66abccc74bd73e76a4a7ecfea8b16e07d9493365da0da7a7e9f2f5ae72"` | Docker image tag for the `pgsql-exporter` image | | postgresExporter.image.name | string | `"postgres_exporter"` | Docker image name for the `pgsql-exporter` image | | postgresExporter.resources | object | `{"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}}` | Resource requests & limits for the `pgsql-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | preciseCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `precise-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | preciseCodeIntel.env | object | `{"NUM_WORKERS":{"value":"4"}}` | Environment variables for the `precise-code-intel-worker` container | -| preciseCodeIntel.image.defaultTag | string | `"6.3.4167@sha256:d1a6e9e30e8811b20e0ea1de80945e5bc8dd0b3d8674165ea4829a16ac922176"` | Docker image tag for the `precise-code-intel-worker` image | +| preciseCodeIntel.image.defaultTag | string | `"6.3.4167@sha256:735a4adf258b67ae12a5f08c71f912f9fdd9a14d33f0615b1d57cc641e224a5f"` | Docker image tag for the `precise-code-intel-worker` image | | preciseCodeIntel.image.name | string | `"precise-code-intel-worker"` | Docker image name for the `precise-code-intel-worker` image | | preciseCodeIntel.name | string | `"precise-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | preciseCodeIntel.podSecurityContext | object | `{}` | Security context for the `precise-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -252,7 +252,7 @@ In addition to the documented values, all services also support the following va | prometheus.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":false,"runAsGroup":100,"runAsUser":100}` | Security context for the `prometheus` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | prometheus.enabled | bool | `true` | Enable `prometheus` (recommended) | | prometheus.existingConfig | string | `""` | Name of existing ConfigMap for `pgsql`. It must contain a `prometheus.yml` key | -| prometheus.image.defaultTag | string | `"6.3.4167@sha256:cff5fb515a283c5ebb5804997878e4752a4329e930b5f2f9b818f55217757ed2"` | Docker image tag for the `prometheus` image | +| prometheus.image.defaultTag | string | `"6.3.4167@sha256:bbfc191f3981e50f8acef8b0355ba47f9f4d37191f4e61fc6638ebd9c22019d4"` | Docker image tag for the `prometheus` image | | prometheus.image.name | string | `"prometheus"` | Docker image name for the `prometheus` image | | prometheus.name | string | `"prometheus"` | Name used by resources. Does not affect service names or PVCs. | | prometheus.podSecurityContext | object | `{"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `prometheus` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -265,7 +265,7 @@ In addition to the documented values, all services also support the following va | redisCache.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisCache.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-cache` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisCache.enabled | bool | `true` | Enable `redis-cache` Redis server | -| redisCache.image.defaultTag | string | `"6.3.4167@sha256:d9096d881d28efb1d2e73944ed2ac4dcd676eeb79649791316b8090b5667ae95"` | Docker image tag for the `redis-cache` image | +| redisCache.image.defaultTag | string | `"6.3.4167@sha256:2ae230211c828c12552b498c00709b96a63b696c1a98a13878fd5bcb29659d1f"` | Docker image tag for the `redis-cache` image | | redisCache.image.name | string | `"redis-cache"` | Docker image name for the `redis-cache` image | | redisCache.name | string | `"redis-cache"` | Name used by resources. Does not affect service names or PVCs. | | redisCache.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-cache` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -274,14 +274,14 @@ In addition to the documented values, all services also support the following va | redisCache.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | redisCache.storageSize | string | `"100Gi"` | PVC Storage Request for `redis-cache` data volume | | redisExporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| redisExporter.image.defaultTag | string | `"6.3.4167@sha256:b61c24412af226ad0a5cc64d31edce0cb59b3ee54de07c54863cb22fbdcc6e10"` | Docker image tag for the `redis-exporter` image | +| redisExporter.image.defaultTag | string | `"6.3.4167@sha256:dbd8dbee20ce84d214150ed6f0ca9afcd238695cf64c4eb8d651a1b24522269c"` | Docker image tag for the `redis-exporter` image | | redisExporter.image.name | string | `"redis_exporter"` | Docker image name for the `redis-exporter` image | | redisExporter.resources | object | `{"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}}` | Resource requests & limits for the `redis-exporter` sidecar container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | redisStore.connection.endpoint | string | `"redis-store:6379"` | Endpoint to use for redis-store. Supports either host:port or IANA specification | | redisStore.connection.existingSecret | string | `""` | Name of existing secret to use for Redis endpoint The secret must contain the key `endpoint` and should follow IANA specification learn more from the [Helm docs](https://docs.sourcegraph.com/admin/install/kubernetes/helm#using-external-redis-instances) | | redisStore.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999}` | Security context for the `redis-store` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | redisStore.enabled | bool | `true` | Enable `redis-store` Redis server | -| redisStore.image.defaultTag | string | `"6.3.4167@sha256:74e5a24222b446b94342bad163db44c86e9734ced315816aa0afd497bfd7c935"` | Docker image tag for the `redis-store` image | +| redisStore.image.defaultTag | string | `"6.3.4167@sha256:7ed009549e7f658e35a8d5bc072d3f49a2711501297f5fddcacd935c782fd007"` | Docker image tag for the `redis-store` image | | redisStore.image.name | string | `"redis-store"` | Docker image name for the `redis-store` image | | redisStore.name | string | `"redis-store"` | Name used by resources. Does not affect service names or PVCs. | | redisStore.podSecurityContext | object | `{"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"}` | Security context for the `redis-store` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -298,7 +298,7 @@ In addition to the documented values, all services also support the following va | repoUpdater.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `repo-updater` | | repoUpdater.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | searcher.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `searcher` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| searcher.image.defaultTag | string | `"6.3.4167@sha256:298a78a456dcfd4926fa52e4eca600d22d317a9b3adc1316976ba95293d1bf28"` | Docker image tag for the `searcher` image | +| searcher.image.defaultTag | string | `"6.3.4167@sha256:f61f14afd4cb95368c1f7de151e96a8136c7231412bb49948cc7d50434ac4c79"` | Docker image tag for the `searcher` image | | searcher.image.name | string | `"searcher"` | Docker image name for the `searcher` image | | searcher.name | string | `"searcher"` | Name used by resources. Does not affect service names or PVCs. | | searcher.podSecurityContext | object | `{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100}` | Security context for the `searcher` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -310,7 +310,7 @@ In addition to the documented values, all services also support the following va | sourcegraph.affinity | object | `{}` | Global Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | -| sourcegraph.image.repository | string | `"us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal"` | Global docker image registry or prefix | +| sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | | sourcegraph.image.useGlobalTagAsDefault | bool | `false` | When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags | | sourcegraph.imagePullSecrets | list | `[]` | Mount named secrets containing docker credentials | | sourcegraph.labels | object | `{}` | Add extra labels to all resources | @@ -340,7 +340,7 @@ In addition to the documented values, all services also support the following va | symbols.storageSize | string | `"12Gi"` | Size of the PVC for symbols pods to store cache data | | syntacticCodeIntel.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntactic-code-intel-worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | syntacticCodeIntel.enabled | bool | `false` | | -| syntacticCodeIntel.image.defaultTag | string | `"6.3.4167@sha256:fc9cb6d0bf21e548f7026cfd53297fe9d774d7c31eb1d8c92a9563a783f5e74f"` | Docker image tag for the `syntactic-code-intel-worker` image | +| syntacticCodeIntel.image.defaultTag | string | `"6.3.4167@sha256:6362fe7a783878a340fdaf4d59f1b0da023ae9eae8e0e352850891fc79821aeb"` | Docker image tag for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.image.name | string | `"syntactic-code-intel-worker"` | Docker image name for the `syntactic-code-intel-worker` image | | syntacticCodeIntel.name | string | `"syntactic-code-intel-worker"` | Name used by resources. Does not affect service names or PVCs. | | syntacticCodeIntel.podSecurityContext | object | `{}` | Security context for the `syntactic-code-intel-worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -350,7 +350,7 @@ In addition to the documented values, all services also support the following va | syntacticCodeIntel.serviceAccount.create | bool | `false` | Enable creation of ServiceAccount for `syntactic-code-intel-worker` | | syntacticCodeIntel.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | syntectServer.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `syntect-server` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| syntectServer.image.defaultTag | string | `"6.3.4167@sha256:d04b28f256a1fe0c9a1c0071debf6299384e0b704a36d8d24cf527a9236789f6"` | Docker image tag for the `syntect-server` image | +| syntectServer.image.defaultTag | string | `"6.3.4167@sha256:17f54738fa09a93a792e99c9489b39ffdaef4435f5b88839a034c871261cdeb3"` | Docker image tag for the `syntect-server` image | | syntectServer.image.name | string | `"syntax-highlighter"` | Docker image name for the `syntect-server` image | | syntectServer.name | string | `"syntect-server"` | Name used by resources. Does not affect service names or PVCs. | | syntectServer.podSecurityContext | object | `{}` | Security context for the `syntect-server` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | @@ -361,7 +361,7 @@ In addition to the documented values, all services also support the following va | worker.blocklist | list | `[]` | List of jobs to block globally If replicas are configured, use this values to block jobs instead of manually setting WORKER_JOB_BLOCKLIST | | worker.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100}` | Security context for the `worker` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | worker.env | object | `{}` | Environment variables for the `worker` container | -| worker.image.defaultTag | string | `"6.3.4167@sha256:d8f4feeb85b12f68ec552758a3d64799ffe46651d6a2b8538893d071594ee9e4"` | Docker image tag for the `worker` image | +| worker.image.defaultTag | string | `"6.3.4167@sha256:8dd554cd0ce049ced1da1ae9009c6cce45ccf42f0a1445593e7872fc8ec79414"` | Docker image tag for the `worker` image | | worker.image.name | string | `"worker"` | Docker image name for the `worker` image | | worker.name | string | `"worker"` | Name used by resources. Does not affect service names or PVCs. | | worker.podSecurityContext | object | `{}` | Security context for the `worker` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index bc7e872c..dff1c330 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -9,7 +9,7 @@ sourcegraph: # -- Global docker image pull policy pullPolicy: IfNotPresent # -- Global docker image registry or prefix - repository: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal + repository: index.docker.io/sourcegraph # -- When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags useGlobalTagAsDefault: false # -- Mount named secrets containing docker credentials @@ -86,7 +86,7 @@ sourcegraph: alpine: # Used in init containers image: # -- Docker image tag for the `alpine` image - defaultTag: 6.3.4167@sha256:e2490916e251ee42c59582f77366534f5688b6a12b7ed08b700edf1bd4503bd6 + defaultTag: 6.3.4167@sha256:0d58edb60edfc5875e160f2a29944adf2f17ce1db93e3cfbf9db02bfd10d34b5 # -- Docker image name for the `alpine` image name: "alpine-3.14" # -- Security context for the `alpine` initContainer, @@ -111,7 +111,7 @@ cadvisor: enabled: true image: # -- Docker image tag for the `cadvisor` image - defaultTag: 6.3.4167@sha256:bf0b44eb36821f242bd0e8b8d033ea88ea6933ec32a16cdd3157d1ee93fbf38b + defaultTag: 6.3.4167@sha256:0ba41b64eb4c07c06a0aeff899731a56a22bbac71c06b1401f45a06fa917cd54 # -- Docker image name for the `cadvisor` image name: "cadvisor" # -- Name used by resources. Does not affect service names or PVCs. @@ -176,7 +176,7 @@ codeInsightsDB: additionalConfig: "" image: # -- Docker image tag for the `codeinsights-db` image - defaultTag: 6.3.4167@sha256:65df37c2ac210a0fd354021a27535347f5486cc75dfa9447b86f71dc920d83c8 + defaultTag: 6.3.4167@sha256:4dc49a20fc4bb0477e32f550e33d55cdab28c853fd59605de96c77bb1de4d1d2 # -- Docker image name for the `codeinsights-db` image name: "postgresql-16-codeinsights" # -- Security context for the `codeinsights-db` container, @@ -249,7 +249,7 @@ codeIntelDB: additionalConfig: "" image: # -- Docker image tag for the `codeintel-db` image - defaultTag: 6.3.4167@sha256:41a6074fa74dcde19b670a42f22654d4fb2b16a7708f7f6b460f8fc5d8d3f348 + defaultTag: 6.3.4167@sha256:84daef869df4a5fb429651dbc711ae4b6d35845ad437e1f29f7ff5fda772d8c7 # -- Docker image name for the `codeintel-db` image name: "postgresql-16" # -- Security context for the `codeintel-db` container, @@ -300,7 +300,7 @@ frontend: value: http://prometheus:30090 image: # -- Docker image tag for the `frontend` image - defaultTag: 6.3.4167@sha256:b8cda0b3c141690c12fc27afaafe2bbb88077d51f1e34c6bdf73746a751e5498 + defaultTag: 6.3.4167@sha256:036945a7c9be19213d510d311a346b06a6f19a4af802da0ded3915eed6b40cc0 # -- Docker image name for the `frontend` image name: "frontend" ingress: @@ -358,7 +358,7 @@ migrator: enabled: true image: # -- Docker image tag for the `migrator` image - defaultTag: 6.3.4167@sha256:7ba9a4c054317677fa29386ece143a7b598cae79e4366fb64264e162c9328a0e + defaultTag: 6.3.4167@sha256:b85ffffd61f65daba4d5be075d97f6b5f2a9a0d74922a18dce144d1e0e02ef25 # -- Docker image name for the `migrator` image name: "migrator" # -- Environment variables for the `migrator` container @@ -383,7 +383,7 @@ migrator: gitserver: image: # -- Docker image tag for the `gitserver` image - defaultTag: 6.3.4167@sha256:2df07f9790e1f5dbc22531cfa6d45b83a74ce38b0a339917853e8761bdf43c4d + defaultTag: 6.3.4167@sha256:8e9fb61fda27e53c96ddf9b589dea4493dc2667ece8dd176041f97dd6768c823 # -- Docker image name for the `gitserver` image name: "gitserver" # -- Name of existing Secret that contains SSH credentials to clone repositories. @@ -451,7 +451,7 @@ grafana: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `grafana` image - defaultTag: 6.3.4167@sha256:9d3d5ba37aea208eb0f07e5bff3e2cefe649945c7f849e311795c7014279c0bf + defaultTag: 6.3.4167@sha256:7bc78883be6c259110ae26849a3b4a59e1b5f1c4b3747d9223561268602fbc10 # -- Docker image name for the `grafana` image name: "grafana" # -- Security context for the `grafana` container, @@ -490,7 +490,7 @@ grafana: indexedSearch: image: # -- Docker image tag for the `zoekt-webserver` image - defaultTag: 6.3.4167@sha256:5251e562299e67ec45d9ca47bb3dc9f6fbe5e72571f52b8f492a51a9ddb90d74 + defaultTag: 6.3.4167@sha256:c79e80d10c09552baeeb064124eafe985d6b771dc4b11550480ef03cd320711b # -- Docker image name for the `zoekt-webserver` image name: "indexed-searcher" # -- Security context for the `zoekt-webserver` container, @@ -531,7 +531,7 @@ indexedSearch: indexedSearchIndexer: image: # -- Docker image tag for the `zoekt-indexserver` image - defaultTag: 6.3.4167@sha256:a24290636f0e209b471a8903d48f809727f916b4ac902e92a492437a13c395e3 + defaultTag: 6.3.4167@sha256:09c7893041250cdaba4b6d2843dbc2486b70d2b019422a39f16eb7cf6de69c05 # -- Docker image name for the `zoekt-indexserver` image name: "search-indexer" # -- Security context for the `zoekt-indexserver` container, @@ -558,7 +558,7 @@ blobstore: enabled: true image: # -- Docker image tag for the `blobstore` image - defaultTag: 6.3.4167@sha256:fb0a7dacd88170e29a95ad6475dc45bc482dd6a0f66b54e7004ac45910c0fd9c + defaultTag: 6.3.4167@sha256:e275bcc4ae8c4c48dd2de71ee0bcc31af5a0c9fe1a8f2705e0135127162bcb65 # -- Docker image name for the `blobstore` image name: "blobstore" # -- Security context for the `blobstore` container, @@ -597,7 +597,7 @@ openTelemetry: enabled: true image: # -- Docker image tag for the `otel-collector` image - defaultTag: 6.3.4167@sha256:0115ee968abf849b00347ce30cd3bc2292c5da4a300c9fe432389e89a64e1b0c + defaultTag: 6.3.4167@sha256:0626fdf5d8fab21546bf8e2cf31cc5b66bf7121fd98e7c8c08bdbfaf187ee450 # -- Docker image name for the `otel-collector` image name: "opentelemetry-collector" gateway: @@ -664,7 +664,7 @@ nodeExporter: enabled: true image: # -- Docker image tag for the `node-exporter` image - defaultTag: 6.3.4167@sha256:5e3291d5cadca7f3b637d90aeeeaeda2a592d2868c8d1de6a423de066138adc9 + defaultTag: 6.3.4167@sha256:3988a053cc59460fb6661832bd343b6f64b4c7da5fc19baa6c30868d59455847 # -- Docker image name for the `node-exporter` image name: "node-exporter" # -- Name used by resources. Does not affect service names or PVCs. @@ -735,7 +735,7 @@ pgsql: additionalConfig: "" image: # -- Docker image tag for the `pgsql` image - defaultTag: 6.3.4167@sha256:41a6074fa74dcde19b670a42f22654d4fb2b16a7708f7f6b460f8fc5d8d3f348 + defaultTag: 6.3.4167@sha256:84daef869df4a5fb429651dbc711ae4b6d35845ad437e1f29f7ff5fda772d8c7 # -- Docker image name for the `pgsql` image name: "postgresql-16" # -- Security context for the `pgsql` container, @@ -777,7 +777,7 @@ pgsql: postgresExporter: image: # -- Docker image tag for the `pgsql-exporter` image - defaultTag: 6.3.4167@sha256:44568bbeb551681572be116a74fc1a150aff9c2a1eba5c93e4c524e0d85c9730 + defaultTag: 6.3.4167@sha256:3d85cb66abccc74bd73e76a4a7ecfea8b16e07d9493365da0da7a7e9f2f5ae72 # -- Docker image name for the `pgsql-exporter` image name: "postgres_exporter" # -- Resource requests & limits for the `pgsql-exporter` sidecar container, @@ -797,7 +797,7 @@ syntacticCodeIntel: workerPort: 3188 image: # -- Docker image tag for the `syntactic-code-intel-worker` image - defaultTag: 6.3.4167@sha256:fc9cb6d0bf21e548f7026cfd53297fe9d774d7c31eb1d8c92a9563a783f5e74f + defaultTag: 6.3.4167@sha256:6362fe7a783878a340fdaf4d59f1b0da023ae9eae8e0e352850891fc79821aeb # -- Docker image name for the `syntactic-code-intel-worker` image name: "syntactic-code-intel-worker" # -- Security context for the `syntactic-code-intel-worker` container, @@ -836,7 +836,7 @@ preciseCodeIntel: value: "4" image: # -- Docker image tag for the `precise-code-intel-worker` image - defaultTag: 6.3.4167@sha256:d1a6e9e30e8811b20e0ea1de80945e5bc8dd0b3d8674165ea4829a16ac922176 + defaultTag: 6.3.4167@sha256:735a4adf258b67ae12a5f08c71f912f9fdd9a14d33f0615b1d57cc641e224a5f # -- Docker image name for the `precise-code-intel-worker` image name: "precise-code-intel-worker" # -- Security context for the `precise-code-intel-worker` container, @@ -875,7 +875,7 @@ prometheus: existingConfig: "" # Name of an existing configmap image: # -- Docker image tag for the `prometheus` image - defaultTag: 6.3.4167@sha256:cff5fb515a283c5ebb5804997878e4752a4329e930b5f2f9b818f55217757ed2 + defaultTag: 6.3.4167@sha256:bbfc191f3981e50f8acef8b0355ba47f9f4d37191f4e61fc6638ebd9c22019d4 # -- Docker image name for the `prometheus` image name: "prometheus" # -- Security context for the `prometheus` container, @@ -925,7 +925,7 @@ redisCache: enabled: true image: # -- Docker image tag for the `redis-cache` image - defaultTag: 6.3.4167@sha256:d9096d881d28efb1d2e73944ed2ac4dcd676eeb79649791316b8090b5667ae95 + defaultTag: 6.3.4167@sha256:2ae230211c828c12552b498c00709b96a63b696c1a98a13878fd5bcb29659d1f # -- Docker image name for the `redis-cache` image name: "redis-cache" connection: @@ -969,7 +969,7 @@ redisCache: redisExporter: image: # -- Docker image tag for the `redis-exporter` image - defaultTag: 6.3.4167@sha256:b61c24412af226ad0a5cc64d31edce0cb59b3ee54de07c54863cb22fbdcc6e10 + defaultTag: 6.3.4167@sha256:dbd8dbee20ce84d214150ed6f0ca9afcd238695cf64c4eb8d651a1b24522269c # -- Docker image name for the `redis-exporter` image name: "redis_exporter" # -- Security context for the `redis-exporter` sidecar container, @@ -1001,7 +1001,7 @@ redisStore: endpoint: "redis-store:6379" image: # -- Docker image tag for the `redis-store` image - defaultTag: 6.3.4167@sha256:74e5a24222b446b94342bad163db44c86e9734ced315816aa0afd497bfd7c935 + defaultTag: 6.3.4167@sha256:7ed009549e7f658e35a8d5bc072d3f49a2711501297f5fddcacd935c782fd007 # -- Docker image name for the `redis-store` image name: "redis-store" # -- Security context for the `redis-store` container, @@ -1071,7 +1071,7 @@ repoUpdater: searcher: image: # -- Docker image tag for the `searcher` image - defaultTag: 6.3.4167@sha256:298a78a456dcfd4926fa52e4eca600d22d317a9b3adc1316976ba95293d1bf28 + defaultTag: 6.3.4167@sha256:f61f14afd4cb95368c1f7de151e96a8136c7231412bb49948cc7d50434ac4c79 # -- Docker image name for the `searcher` image name: "searcher" # -- Security context for the `searcher` container, @@ -1172,7 +1172,7 @@ symbols: syntectServer: image: # -- Docker image tag for the `syntect-server` image - defaultTag: 6.3.4167@sha256:d04b28f256a1fe0c9a1c0071debf6299384e0b704a36d8d24cf527a9236789f6 + defaultTag: 6.3.4167@sha256:17f54738fa09a93a792e99c9489b39ffdaef4435f5b88839a034c871261cdeb3 # -- Docker image name for the `syntect-server` image name: "syntax-highlighter" # -- Security context for the `syntect-server` container, @@ -1220,7 +1220,7 @@ jaeger: enabled: false image: # -- Docker image tag for the `jaeger` image - defaultTag: 6.3.4167@sha256:48cf0af81f2ad9e98053a0afc6bc27c0f5e0adacdbc18417053983b07c84442e + defaultTag: 6.3.4167@sha256:1c24b73392866579f44c46659a4c3c25e3c5a7613253c69b898203cf2de99d6c # -- Docker image name for the `jaeger` image name: "jaeger-all-in-one" # -- Name used by resources. Does not affect service names or PVCs. @@ -1275,7 +1275,7 @@ jaeger: worker: image: # -- Docker image tag for the `worker` image - defaultTag: 6.3.4167@sha256:d8f4feeb85b12f68ec552758a3d64799ffe46651d6a2b8538893d071594ee9e4 + defaultTag: 6.3.4167@sha256:8dd554cd0ce049ced1da1ae9009c6cce45ccf42f0a1445593e7872fc8ec79414 # -- Docker image name for the `worker` image name: "worker" # -- Security context for the `worker` container,