Visit the Helm docs for guidance on using this chart.
Reference the below chart for all available configuration parameters.
The full values.yaml file can be also be generated by running:
helm show values sourcegraph/sourcegraph
In addition to the documented values, all services also support the following values
<serviceName>.affinity- learn more<serviceName>.nodeSelector- learn more<serviceName>.tolerations- learn more<serviceName>.podSecurityContext- learn more<serviceName>.args- override default container args<serviceName>.env- consultvalues.yamlfile<serviceName>.serivceAccount.create- create service account for service<serviceName>.serviceAccount.annotations- Annotations for the service-specific service account
| Key | Type | Default | Description |
|---|---|---|---|
| alpine.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999} |
Security context for the alpine initContainer, learn more from the Kubernetes documentation |
| alpine.image.defaultTag | string | "6.12.2541@sha256:2c5fa721175472dd5467c2163e101a6605f4b485caa86edf1b5fdb0d7e575bee" |
Docker image tag for the alpine image |
| alpine.image.name | string | "alpine-3.14" |
Docker image name for the alpine image |
| alpine.resources | object | {"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}} |
Resource requests & limits for the alpine initContainer, learn more from the Kubernetes documentation |
| blobstore.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"runAsGroup":101,"runAsUser":100} |
Security context for the blobstore container, learn more from the Kubernetes documentation |
| blobstore.enabled | bool | true |
Enable blobstore (S3 compatible storage) |
| blobstore.image.defaultTag | string | "6.12.2541@sha256:22fd8c612502cdbc5e0b63045d584829baabd0bdeb395403236763b8a1881fd7" |
Docker image tag for the blobstore image |
| blobstore.image.name | string | "blobstore" |
Docker image name for the blobstore image |
| blobstore.name | string | "blobstore" |
Name used by resources. Does not affect service names or PVCs. |
| blobstore.podSecurityContext | object | {"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100} |
Security context for the blobstore pod, learn more from the Kubernetes documentation |
| blobstore.resources | object | {"limits":{"cpu":"1","memory":"500M"},"requests":{"cpu":"1","memory":"500M"}} |
Resource requests & limits for the blobstore container, learn more from the Kubernetes documentation |
| blobstore.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for blobstore |
| blobstore.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| blobstore.storageSize | string | "100Gi" |
PVC Storage Request for blobstore data volume |
| cadvisor.containerSecurityContext | object | {"privileged":true} |
Security context for the cadvisor container, learn more from the Kubernetes documentation |
| cadvisor.enabled | bool | true |
Enable cadvisor |
| cadvisor.image.defaultTag | string | "6.12.2541@sha256:6184e85a89de47e308bab15e2198faf094ba0148ec3bcac4d4ae89b249300fbc" |
Docker image tag for the cadvisor image |
| cadvisor.image.name | string | "cadvisor" |
Docker image name for the cadvisor image |
| cadvisor.name | string | "cadvisor" |
Name used by resources. Does not affect service names or PVCs. |
| cadvisor.podSecurityPolicy.enabled | bool | false |
Enable PodSecurityPolicy for cadvisor pods |
| cadvisor.resources | object | {"limits":{"cpu":"300m","memory":"2000Mi"},"requests":{"cpu":"150m","memory":"200Mi"}} |
Resource requests & limits for the cadvisor container, learn more from the Kubernetes documentation |
| cadvisor.serviceAccount.create | bool | true |
Enable creation of ServiceAccount for cadvisor |
| cadvisor.serviceAccount.name | string | "cadvisor" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| codeInsightsDB.additionalConfig | string | "" |
Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our recommended PostgreSQL configuration and PostgreSQL documentation |
| codeInsightsDB.auth.database | string | "postgres" |
Sets codeinsights-db database name |
| codeInsightsDB.auth.existingSecret | string | "" |
Name of existing secret to use for Code Insights credentials The secret must contain the keys user, password, database, host and port. auth.user, auth.password, etc. are ignored if this is enabled |
| codeInsightsDB.auth.host | string | "codeinsights-db" |
Sets codeinsights-db host |
| codeInsightsDB.auth.password | string | "password" |
Sets codeinsights-db password |
| codeInsightsDB.auth.port | string | "5432" |
Sets codeinsights-db port |
| codeInsightsDB.auth.sslmode | string | "disable" |
Sets codeinsights-db SSL mode |
| codeInsightsDB.auth.user | string | "postgres" |
Sets codeinsights-db username |
| codeInsightsDB.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70} |
Security context for the codeinsights-db container, learn more from the Kubernetes documentation |
| codeInsightsDB.enabled | bool | true |
Enable codeinsights-db PostgreSQL server |
| codeInsightsDB.env | object | {} |
Environment variables for the codeinsights-db container |
| codeInsightsDB.existingConfig | string | "" |
Name of existing ConfigMap for codeinsights-db. It must contain a postgresql.conf key. |
| codeInsightsDB.image.defaultTag | string | "6.12.2541@sha256:0d2de7e731a666a298969e7bb67464a2cca8a170bfd360f1c6fb68d83e70dc46" |
Docker image tag for the codeinsights-db image |
| codeInsightsDB.image.name | string | "postgresql-16-codeinsights" |
Docker image name for the codeinsights-db image |
| codeInsightsDB.init.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":70,"runAsUser":70} |
Security context for the alpine initContainer, learn more from the Kubernetes documentation |
| codeInsightsDB.name | string | "codeinsights-db" |
Name used by resources. Does not affect service names or PVCs. |
| codeInsightsDB.podSecurityContext | object | {"fsGroup":70,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":70} |
Security context for the codeinsights-db pod, learn more from the Kubernetes documentation |
| codeInsightsDB.postgresExporter | object | {} |
Configuration for the pgsql-exporter sidecar container |
| codeInsightsDB.resources | object | {"limits":{"cpu":"4","memory":"2Gi"},"requests":{"cpu":"4","memory":"2Gi"}} |
Resource requests & limits for the codeinsights-db container, learn more from the Kubernetes documentation |
| codeInsightsDB.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for codeinsights-db |
| codeInsightsDB.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| codeInsightsDB.storageSize | string | "200Gi" |
PVC Storage Request for codeinsights-db data volume |
| codeIntelDB.additionalConfig | string | "" |
Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our recommended PostgreSQL configuration and PostgreSQL documentation |
| codeIntelDB.auth.database | string | "sg" |
Sets codeintel-db database name |
| codeIntelDB.auth.existingSecret | string | "" |
Name of existing secret to use for CodeIntel credentials The secret must contain the keys user, password, database, host and port. auth.user, auth.password, etc. are ignored if this is enabled |
| codeIntelDB.auth.host | string | "codeintel-db" |
Sets codeintel-db host |
| codeIntelDB.auth.password | string | "password" |
Sets codeintel-db password |
| codeIntelDB.auth.port | string | "5432" |
Sets codeintel-db port |
| codeIntelDB.auth.sslmode | string | "disable" |
Sets codeintel-db SSL mode |
| codeIntelDB.auth.user | string | "sg" |
Sets codeintel-db username |
| codeIntelDB.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999} |
Security context for the codeintel-db container, learn more from the Kubernetes documentation |
| codeIntelDB.enabled | bool | true |
Enable codeintel-db PostgreSQL server |
| codeIntelDB.existingConfig | string | "" |
Name of existing ConfigMap for codeintel-db. It must contain a postgresql.conf key |
| codeIntelDB.image.defaultTag | string | "6.12.2541@sha256:6e22185786a0dab1b14480b424e13395b26e681c18b9fc3044770e945fc9e09a" |
Docker image tag for the codeintel-db image |
| codeIntelDB.image.name | string | "postgresql-16" |
Docker image name for the codeintel-db image |
| codeIntelDB.name | string | "codeintel-db" |
Name used by resources. Does not affect service names or PVCs. |
| codeIntelDB.podSecurityContext | object | {"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":999} |
Security context for the codeintel-db pod, learn more from the Kubernetes documentation |
| codeIntelDB.postgresExporter | object | {} |
Configuration for the pgsql-exporter sidecar container |
| codeIntelDB.resources | object | {"limits":{"cpu":"4","memory":"4Gi"},"requests":{"cpu":"4","memory":"4Gi"}} |
Resource requests & limits for the codeintel-db container, learn more from the Kubernetes documentation |
| codeIntelDB.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for codeintel-db |
| codeIntelDB.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| codeIntelDB.storageSize | string | "200Gi" |
PVC Storage Request for codeintel-db data volume |
| extraResources | list | [] |
Additional resources to include in the rendered manifest. Templates are supported. |
| frontend.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the frontend container, learn more from the Kubernetes documentation |
| frontend.createRoleBinding | bool | true |
Disable the roleBinding resource for deployment environments blocking RBAC, ex. OpenShift's default "secure" SCC |
| frontend.env | object | the chart will add some default environment values | Environment variables for the frontend container |
| frontend.image.defaultTag | string | "6.12.2541@sha256:436c711f6a443074869082a88977d864ec37fce86a94b8a97c210a0518e05c6b" |
Docker image tag for the frontend image |
| frontend.image.name | string | "frontend" |
Docker image name for the frontend image |
| frontend.ingress.annotations | object | {"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/proxy-body-size":"150m"} |
Annotations for the Sourcegraph server ingress. For example, securing ingress with TLS provided by cert-manager |
| frontend.ingress.annotations."kubernetes.io/ingress.class" | string | "nginx" |
Deprecated annotation for specifing the IngressClass in Kubernetes 1.17 and earlier. If you are using Kubernetes 1.18+, use ingressClassName instead and set an override value of null for this annotation. |
| frontend.ingress.enabled | bool | true |
Enable ingress for the Sourcegraph server |
| frontend.ingress.host | string | "" |
External hostname for the Sourcegraph server ingress (SSL) |
| frontend.ingress.ingressClassName | string | nil |
IngressClassName for the Ingress (Available in Kubernetes 1.18+) If you set this field, set the annotation frontend.ingress.annotations."kubernetes.io/ingress.class" to null |
| frontend.ingress.tlsSecret | string | "" |
Secret containing SSL cert |
| frontend.name | string | "sourcegraph-frontend" |
Name used by resources. Does not affect service names or PVCs. |
| frontend.podSecurityContext | object | {} |
Security context for the frontend pod, learn more from the Kubernetes documentation |
| frontend.privileged | bool | true |
Enable creation of Role and RoleBinding (RBAC). Uses view ClusterRole if set to false |
| frontend.replicaCount | int | 2 |
Number of frontend pod |
| frontend.resources | object | {"limits":{"cpu":"2","ephemeral-storage":"8Gi","memory":"4G"},"requests":{"cpu":"2","ephemeral-storage":"4Gi","memory":"2G"}} |
Resource requests & limits for the frontend container, learn more from the Kubernetes documentation |
| frontend.serviceAccount.create | bool | true |
Enable creation of ServiceAccount for frontend |
| frontend.serviceAccount.name | string | "sourcegraph-frontend" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| gitserver.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the gitserver container, learn more from the Kubernetes documentation |
| gitserver.image.defaultTag | string | "6.12.2541@sha256:47fb47c0f4ac32bb5b3df31bb96e37cb38ffbf72c3872738d03ab5fcd8bee7c3" |
Docker image tag for the gitserver image |
| gitserver.image.name | string | "gitserver" |
Docker image name for the gitserver image |
| gitserver.name | string | "gitserver" |
Name used by resources. Does not affect service names or PVCs. |
| gitserver.podSecurityContext | object | {"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":101,"runAsUser":100} |
Security context for the gitserver pod, learn more from the Kubernetes documentation |
| gitserver.replicaCount | int | 1 |
Number of gitserver pod |
| gitserver.resources | object | {"limits":{"cpu":"4","memory":"8G"},"requests":{"cpu":"4","memory":"8G"}} |
Resource requests & limits for the gitserver container, learn more from the Kubernetes documentation |
| gitserver.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for gitserver |
| gitserver.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| gitserver.sshSecret | string | "" |
Name of existing Secret that contains SSH credentials to clone repositories. It usually contains keys, such as id_rsa (private key) and known_hosts. Learn more from documentation |
| gitserver.storageSize | string | "200Gi" |
PVC Storage Request for gitserver data volume |
| grafana.auth | object | {"database":"","existingSecret":"","host":"","password":"","port":"","sslmode":"","user":""} |
NOTE: Create a separate user in the pgsql database with read-only perms on the minimum set of tables |
| grafana.auth.database | string | "" |
Sets postgres database name |
| grafana.auth.existingSecret | string | "" |
Name of existing secret to for Grafana to use to connect to the pgsql database The secret must contain the keys user, password, database, host and port. auth.user, auth.password, etc. are ignored if this is enabled |
| grafana.auth.host | string | "" |
Sets postgres host |
| grafana.auth.password | string | "" |
Sets postgres password |
| grafana.auth.port | string | "" |
Sets postgres port |
| grafana.auth.sslmode | string | "" |
Sets postgres sslmode |
| grafana.auth.user | string | "" |
Sets postgres username |
| grafana.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":472,"runAsUser":472} |
Security context for the grafana container, learn more from the Kubernetes documentation |
| grafana.enabled | bool | true |
Enable grafana dashboard (recommended) |
| grafana.existingConfig | string | "" |
Name of existing ConfigMap for grafana. It must contain a datasources.yml key. |
| grafana.image.defaultTag | string | "6.12.2541@sha256:8ee9ed48de2202d29edebf89bd92b8c0a55fe02e0fa9cc2e2f7b1bc1c6ef8f3a" |
Docker image tag for the grafana image |
| grafana.image.name | string | "grafana" |
Docker image name for the grafana image |
| grafana.name | string | "grafana" |
Name used by resources. Does not affect service names or PVCs. |
| grafana.podSecurityContext | object | {"fsGroup":472,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":472,"runAsUser":472} |
Security context for the grafana pod, learn more from the Kubernetes documentation |
| grafana.resources | object | {"limits":{"cpu":"1","memory":"512Mi"},"requests":{"cpu":"100m","memory":"512Mi"}} |
Resource requests & limits for the grafana container, learn more from the Kubernetes documentation |
| grafana.serviceAccount.create | bool | true |
Enable creation of ServiceAccount for grafana |
| grafana.serviceAccount.name | string | "grafana" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| grafana.storageSize | string | "2Gi" |
PVC Storage Request for grafana data volume |
| indexedSearch.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the zoekt-webserver container, learn more from the Kubernetes documentation |
| indexedSearch.image.defaultTag | string | "6.12.2541@sha256:86d7f688582ca048c4bfba79ac28a28a3c630a446272e671d6ee51076efb08e7" |
Docker image tag for the zoekt-webserver image |
| indexedSearch.image.name | string | "indexed-searcher" |
Docker image name for the zoekt-webserver image |
| indexedSearch.name | string | "indexed-search" |
Name used by resources. Does not affect service names or PVCs. |
| indexedSearch.podSecurityContext | object | {"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch"} |
Security context for the indexed-search pod, learn more from the Kubernetes documentation |
| indexedSearch.replicaCount | int | 1 |
Number of indexed-search pod |
| indexedSearch.resources | object | {"limits":{"cpu":"2","memory":"4G"},"requests":{"cpu":"500m","memory":"2G"}} |
Resource requests & limits for the zoekt-webserver container, learn more from the Kubernetes documentation |
| indexedSearch.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for indexed-search |
| indexedSearch.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| indexedSearch.storageSize | string | "200Gi" |
PVC Storage Request for indexed-search data volume The size of disk to used for search indexes. This should typically be gitserver disk size multipled by the number of gitserver shards. |
| indexedSearchIndexer.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the zoekt-indexserver container, learn more from the Kubernetes documentation |
| indexedSearchIndexer.image.defaultTag | string | "6.12.2541@sha256:d14e9b9cab3ec7fba6661b9ee0946f3c709322a124666ca986b5d59a948a3d59" |
Docker image tag for the zoekt-indexserver image |
| indexedSearchIndexer.image.name | string | "search-indexer" |
Docker image name for the zoekt-indexserver image |
| indexedSearchIndexer.resources | object | {"limits":{"cpu":"8","memory":"8G"},"requests":{"cpu":"4","memory":"4G"}} |
Resource requests & limits for the zoekt-indexserver container, learn more from the Kubernetes documentation zoekt-indexserver is CPU bound. The more CPU you allocate to it, the lower lag between a new commit and it being indexed for search. |
| jaeger.args | list | ["--memory.max-traces=20000","--sampling.strategies-file=/etc/jaeger/sampling_strategies.json","--collector.otlp.enabled","--collector.otlp.grpc.host-port=:4320","--collector.otlp.http.host-port=:4321"] |
Default args passed to the jaeger binary |
| jaeger.collector.name | string | "" |
Name of jaeger collector service |
| jaeger.collector.serviceAnnotations | object | {} |
Add extra annotations to jaeger collector service |
| jaeger.collector.serviceLabels | object | {} |
Add extra labels to jaeger collector service |
| jaeger.collector.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger collector service, learn more from the Kubernetes documentation |
| jaeger.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the jaeger container, learn more from the Kubernetes documentation |
| jaeger.enabled | bool | false |
Enable jaeger |
| jaeger.image.defaultTag | string | "6.12.2541@sha256:98eb4e705e1095c94329d3d9e2bbd47cfb1d40645ec48b9a86d3a7a80144634a" |
Docker image tag for the jaeger image |
| jaeger.image.name | string | "jaeger-all-in-one" |
Docker image name for the jaeger image |
| jaeger.name | string | "jaeger" |
Name used by resources. Does not affect service names or PVCs. |
| jaeger.podSecurityContext | object | {} |
Security context for the jaeger pod, learn more from the Kubernetes documentation |
| jaeger.query.name | string | "" |
Name of jaeger query service |
| jaeger.query.serviceAnnotations | object | {} |
Add extra annotations to jaeger query service |
| jaeger.query.serviceLabels | object | {} |
Add extra labels to jaeger query service |
| jaeger.query.serviceType | string | "ClusterIP" | Kubernetes service type of jaeger query service, learn more from the Kubernetes documentation |
| jaeger.replicaCount | int | 1 |
Number of jaeger pod |
| jaeger.resources | object | {"limits":{"cpu":"1","memory":"1G"},"requests":{"cpu":"500m","memory":"500M"}} |
Resource requests & limits for the jaeger container, learn more from the Kubernetes documentation |
| jaeger.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for jaeger |
| jaeger.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| migrator.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the migrator container, learn more from the Kubernetes documentation |
| migrator.enabled | bool | true |
Enable migrator initContainer in frontend deployment to perform database migration |
| migrator.env | object | {} |
Environment variables for the migrator container |
| migrator.image.defaultTag | string | "6.12.2541@sha256:902d6d2529a8257cedbd53e282061c2bb23683e90e44be05b567631f7cdce0ff" |
Docker image tag for the migrator image |
| migrator.image.name | string | "migrator" |
Docker image name for the migrator image |
| migrator.resources | object | {"limits":{"cpu":"500m","memory":"100M"},"requests":{"cpu":"100m","memory":"50M"}} |
Resource requests & limits for the migrator container, learn more from the Kubernetes documentation |
| nodeExporter.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsUser":65534} |
Security context for the node-exporter container, learn more from the Kubernetes documentation |
| nodeExporter.enabled | bool | true |
Enable node-exporter |
| nodeExporter.extraArgs | list | [] |
|
| nodeExporter.hostPID | bool | true |
|
| nodeExporter.image.defaultTag | string | "6.12.2541@sha256:51ba625cd651d8268a3d76ad677a56bb7f4603ae68c3b7b2e95c459cc42865e6" |
Docker image tag for the node-exporter image |
| nodeExporter.image.name | string | "node-exporter" |
Docker image name for the node-exporter image |
| nodeExporter.name | string | "node-exporter" |
Name used by resources. Does not affect service names or PVCs. |
| nodeExporter.podSecurityContext | object | {"fsGroup":65534,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534} |
Security context for the node-exporter pod, learn more from the Kubernetes documentation |
| nodeExporter.podSecurityPolicy.enabled | bool | false |
Enable PodSecurityPolicy for node-exporter pods |
| nodeExporter.resources | object | {"limits":{"cpu":"1","memory":"1Gi"},"requests":{"cpu":".2","memory":"100Mi"}} |
Resource requests & limits for the node-exporter container, learn more from the Kubernetes documentation |
| nodeExporter.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for node-exporter |
| nodeExporter.serviceAccount.name | string | "node-exporter" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| openTelemetry.agent.containerSecurityContext.allowPrivilegeEscalation | bool | false |
|
| openTelemetry.agent.containerSecurityContext.runAsGroup | int | 101 |
|
| openTelemetry.agent.containerSecurityContext.runAsUser | int | 100 |
|
| openTelemetry.agent.hostPorts | object | {"grpcOtlp":4317,"httpOtlp":4318,"httpZpages":55679} |
Resource requests & limits for the otel-agent container, learn more from the Kubernetes documentation |
| openTelemetry.agent.name | string | "otel-agent" |
Name used by resources. Does not affect service names or PVCs. |
| openTelemetry.agent.resources.limits.cpu | string | "500m" |
|
| openTelemetry.agent.resources.limits.memory | string | "500Mi" |
|
| openTelemetry.agent.resources.requests.cpu | string | "100m" |
|
| openTelemetry.agent.resources.requests.memory | string | "100Mi" |
|
| openTelemetry.agent.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for otel-agent |
| openTelemetry.agent.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| openTelemetry.enabled | bool | true |
|
| openTelemetry.gateway.config.traces.exporters | object | {} |
Define where traces should be exported to. Read how to configure different backends in the OpenTelemetry documentation |
| openTelemetry.gateway.config.traces.exportersTlsSecretName | string | "" |
Define the name of a preexisting secret containing TLS certificates for exporters, which will be mounted under "/tls". Read more about TLS configuration of exporters in the OpenTelemetry Collector documentation |
| openTelemetry.gateway.config.traces.processors | object | {} |
Define trace processors. Read how to configure sampling in the OpenTelemetry documentation |
| openTelemetry.gateway.containerSecurityContext.allowPrivilegeEscalation | bool | false |
|
| openTelemetry.gateway.containerSecurityContext.runAsGroup | int | 101 |
|
| openTelemetry.gateway.containerSecurityContext.runAsUser | int | 100 |
|
| openTelemetry.gateway.name | string | "otel-collector" |
Name used by resources. Does not affect service names or PVCs. |
| openTelemetry.gateway.resources | object | {"limits":{"cpu":"3","memory":"3Gi"},"requests":{"cpu":"1","memory":"1Gi"}} |
Resource requests & limits for the otel-collector container, learn more from the Kubernetes documentation |
| openTelemetry.gateway.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for otel-collector |
| openTelemetry.gateway.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| openTelemetry.image.defaultTag | string | "6.12.2541@sha256:cad5c25982dfddea4890949685ffcc10ba277b3f53068a121b2d07a5cc851ed5" |
Docker image tag for the otel-collector image |
| openTelemetry.image.name | string | "opentelemetry-collector" |
Docker image name for the otel-collector image |
| pgsql.additionalConfig | string | "" |
Additional PostgreSQL configuration. This will override or extend our default configuration. Notes: This is expecting a multiline string. Learn more from our recommended PostgreSQL configuration and PostgreSQL documentation |
| pgsql.auth.database | string | "sg" |
Sets postgres database name |
| pgsql.auth.existingSecret | string | "" |
Name of existing secret to use for Postgres credentials The secret must contain the keys user, password, database, host and port. auth.user, auth.password, etc. are ignored if this is enabled |
| pgsql.auth.host | string | "pgsql" |
Sets postgres host |
| pgsql.auth.password | string | "password" |
Sets postgres password |
| pgsql.auth.port | string | "5432" |
Sets postgres port |
| pgsql.auth.sslmode | string | "disable" |
Sets postgres SSL mode |
| pgsql.auth.user | string | "sg" |
Sets postgres username |
| pgsql.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":999,"runAsUser":999} |
Security context for the pgsql container, learn more from the Kubernetes documentation |
| pgsql.enabled | bool | true |
Enable pgsql PostgreSQL server |
| pgsql.existingConfig | string | "" |
Name of existing ConfigMap for pgsql. It must contain a postgresql.conf key |
| pgsql.image.defaultTag | string | "6.12.2541@sha256:6e22185786a0dab1b14480b424e13395b26e681c18b9fc3044770e945fc9e09a" |
Docker image tag for the pgsql image |
| pgsql.image.name | string | "postgresql-16" |
Docker image name for the pgsql image |
| pgsql.name | string | "pgsql" |
Name used by resources. Does not affect service names or PVCs. |
| pgsql.podSecurityContext | object | {"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":999,"runAsUser":999} |
Security context for the pgsql pod, learn more from the Kubernetes documentation |
| pgsql.postgresExporter | object | {} |
Configuration for the pgsql-exporter sidecar container |
| pgsql.resources | object | {"limits":{"cpu":"4","memory":"4Gi"},"requests":{"cpu":"4","memory":"4Gi"}} |
Resource requests & limits for the pgsql container, learn more from the Kubernetes documentation |
| pgsql.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for pgsql |
| pgsql.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| pgsql.storageSize | string | "200Gi" |
PVC Storage Request for pgsql data volume |
| postgresExporter.image.defaultTag | string | "6.12.2541@sha256:2196ab3a39264cc1c4b80347aeabeaed5dafb76f811c32ec63a5d0783798e24f" |
Docker image tag for the pgsql-exporter image |
| postgresExporter.image.name | string | "postgres_exporter" |
Docker image name for the pgsql-exporter image |
| postgresExporter.resources | object | {"limits":{"cpu":"10m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"50Mi"}} |
Resource requests & limits for the pgsql-exporter sidecar container, learn more from the Kubernetes documentation |
| preciseCodeIntel.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the precise-code-intel-worker container, learn more from the Kubernetes documentation |
| preciseCodeIntel.env | object | {"NUM_WORKERS":{"value":"4"}} |
Environment variables for the precise-code-intel-worker container |
| preciseCodeIntel.image.defaultTag | string | "6.12.2541@sha256:80c6b9f44e41d4e7a701ecd1884a4b9c2140a966678389ea9b28e3d391633e10" |
Docker image tag for the precise-code-intel-worker image |
| preciseCodeIntel.image.name | string | "precise-code-intel-worker" |
Docker image name for the precise-code-intel-worker image |
| preciseCodeIntel.name | string | "precise-code-intel-worker" |
Name used by resources. Does not affect service names or PVCs. |
| preciseCodeIntel.podSecurityContext | object | {} |
Security context for the precise-code-intel-worker pod, learn more from the Kubernetes documentation |
| preciseCodeIntel.replicaCount | int | 2 |
Number of precise-code-intel-worker pod |
| preciseCodeIntel.resources | object | {"limits":{"cpu":"2","memory":"4G"},"requests":{"cpu":"500m","memory":"2G"}} |
Resource requests & limits for the precise-code-intel-worker container, learn more from the Kubernetes documentation |
| preciseCodeIntel.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for precise-code-intel-worker |
| preciseCodeIntel.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| priorityClasses | list | [] |
Additional priorityClasses minimize re-scheduling downtime for StatefulSets. Each StatefulSets might use different priority class. learn more from the Kubernetes documentation Sample class definition: - name: gitserver-class value: 100 preemptionPolicy: Never description: "gitserver priority class" |
| prometheus.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":false,"runAsGroup":100,"runAsUser":100} |
Security context for the prometheus container, learn more from the Kubernetes documentation |
| prometheus.createRoleBinding | bool | true |
Disable the creation of a RoleBinding object, for customers who block all RBAC resource creation |
| prometheus.enabled | bool | true |
Enable prometheus (recommended) |
| prometheus.existingConfig | string | "" |
Name of existing ConfigMap for pgsql. It must contain a prometheus.yml key |
| prometheus.image.defaultTag | string | "6.12.2541@sha256:e74c19d4e8a2289765881e5d2233c20eef5004f081b41df28f2ac48c81602a81" |
Docker image tag for the prometheus image |
| prometheus.image.name | string | "prometheus" |
Docker image name for the prometheus image |
| prometheus.name | string | "prometheus" |
Name used by resources. Does not affect service names or PVCs. |
| prometheus.podSecurityContext | object | {"fsGroup":100,"fsGroupChangePolicy":"OnRootMismatch"} |
Security context for the prometheus pod, learn more from the Kubernetes documentation |
| prometheus.privileged | bool | true |
Enable RBAC for prometheus |
| prometheus.resources | object | {"limits":{"cpu":"2","memory":"6G"},"requests":{"cpu":"500m","memory":"6G"}} |
Resource requests & limits for the prometheus container, learn more from the Kubernetes documentation Prometheus is relied upon to monitor services for sending alerts to site admins when something is wrong with Sourcegraph, thus its memory requests and limits are the same to guarantee it has enough memory to perform its job reliably and prevent conflicts with other pods on the same host node. The limit chosen here is based on what works reliably on Sourcegraph.com with lots of traffic. |
| prometheus.serviceAccount.create | bool | true |
Enable creation of ServiceAccount |
| prometheus.serviceAccount.name | string | "prometheus" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| prometheus.storageSize | string | "200Gi" |
PVC Storage Request for prometheus data volume |
| redisCache.connection.endpoint | string | "redis-cache:6379" |
Endpoint to use for redis-cache. Supports either host:port or IANA specification |
| redisCache.connection.existingSecret | string | "" |
Name of existing secret to use for Redis endpoint The secret must contain the key endpoint and should follow IANA specification learn more from the Helm docs |
| redisCache.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999} |
Security context for the redis-cache container, learn more from the Kubernetes documentation |
| redisCache.enabled | bool | true |
Enable redis-cache Redis server |
| redisCache.image.defaultTag | string | "6.12.2541@sha256:dcf95b420d250977549b4c149838086d98fb519ea2aab51a18f4dc22fc3fd454" |
Docker image tag for the redis-cache image |
| redisCache.image.name | string | "redis-cache" |
Docker image name for the redis-cache image |
| redisCache.name | string | "redis-cache" |
Name used by resources. Does not affect service names or PVCs. |
| redisCache.podSecurityContext | object | {"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"} |
Security context for the redis-cache pod, learn more from the Kubernetes documentation |
| redisCache.resources | object | {"limits":{"cpu":"1","memory":"7Gi"},"requests":{"cpu":"1","memory":"7Gi"}} |
Resource requests & limits for the redis-cache container, learn more from the Kubernetes documentation |
| redisCache.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for redis-cache |
| redisCache.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| redisCache.storageSize | string | "100Gi" |
PVC Storage Request for redis-cache data volume |
| redisExporter.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999} |
Security context for the redis-exporter sidecar container, learn more from the Kubernetes documentation |
| redisExporter.image.defaultTag | string | "6.12.2541@sha256:45aede1f0e5a1a9ff6c2e4a62b92e2bf3df7e22cd1fa7fa16831d76612af1518" |
Docker image tag for the redis-exporter image |
| redisExporter.image.name | string | "redis_exporter" |
Docker image name for the redis-exporter image |
| redisExporter.resources | object | {"limits":{"cpu":"10m","memory":"100Mi"},"requests":{"cpu":"10m","memory":"100Mi"}} |
Resource requests & limits for the redis-exporter sidecar container, learn more from the Kubernetes documentation |
| redisStore.connection.endpoint | string | "redis-store:6379" |
Endpoint to use for redis-store. Supports either host:port or IANA specification |
| redisStore.connection.existingSecret | string | "" |
Name of existing secret to use for Redis endpoint The secret must contain the key endpoint and should follow IANA specification learn more from the Helm docs |
| redisStore.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":999} |
Security context for the redis-store container, learn more from the Kubernetes documentation |
| redisStore.enabled | bool | true |
Enable redis-store Redis server |
| redisStore.image.defaultTag | string | "6.12.2541@sha256:acfd48ace1226953db87e26b7282fe9668d23d589b7c9d640e7c8695e0db5d56" |
Docker image tag for the redis-store image |
| redisStore.image.name | string | "redis-store" |
Docker image name for the redis-store image |
| redisStore.name | string | "redis-store" |
Name used by resources. Does not affect service names or PVCs. |
| redisStore.podSecurityContext | object | {"fsGroup":1000,"fsGroupChangePolicy":"OnRootMismatch"} |
Security context for the redis-store pod, learn more from the Kubernetes documentation |
| redisStore.resources | object | {"limits":{"cpu":"1","memory":"7Gi"},"requests":{"cpu":"1","memory":"7Gi"}} |
Resource requests & limits for the redis-store container, learn more from the Kubernetes documentation |
| redisStore.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for redis-store |
| redisStore.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| redisStore.storageSize | string | "100Gi" |
PVC Storage Request for redis-store data volume |
| searcher.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the searcher container, learn more from the Kubernetes documentation |
| searcher.image.defaultTag | string | "6.12.2541@sha256:073fce26d50e4b2e8b45047c782c5ce682c28026d68abb0834e912b448dbbf85" |
Docker image tag for the searcher image |
| searcher.image.name | string | "searcher" |
Docker image name for the searcher image |
| searcher.name | string | "searcher" |
Name used by resources. Does not affect service names or PVCs. |
| searcher.podSecurityContext | object | {"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":100} |
Security context for the searcher pod, learn more from the Kubernetes documentation |
| searcher.replicaCount | int | 1 |
Number of searcher pod |
| searcher.resources | object | {"limits":{"cpu":"2","memory":"2G"},"requests":{"cpu":"500m","memory":"500M"}} |
Resource requests & limits for the searcher container, learn more from the Kubernetes documentation |
| searcher.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for searcher |
| searcher.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| searcher.storageSize | string | "26Gi" |
Size of the PVC for searcher pods to store cache data |
| sgTestConnection | object | {"enabled":true} |
Enable the busybox connection test after deployment |
| sourcegraph.affinity | object | {} |
Global Affinity, learn more from the Kubernetes documentation |
| sourcegraph.disableKubernetesSecrets | bool | false |
Disable the creation of Kubernetes secrets objects |
| sourcegraph.image.defaultTag | string | "{{ .Chart.AppVersion }}" |
Global docker image tag |
| sourcegraph.image.pullPolicy | string | "IfNotPresent" |
Global docker image pull policy |
| sourcegraph.image.repository | string | "index.docker.io/sourcegraph" |
Global docker image registry or prefix |
| sourcegraph.image.useGlobalTagAsDefault | bool | false |
When set to true, sourcegraph.image.defaultTag is used as the default defaultTag for all services, instead of service-specific default defaultTags |
| sourcegraph.imagePullSecrets | list | [] |
Mount named secrets containing docker credentials |
| sourcegraph.labels | object | {} |
Add extra labels to all resources |
| sourcegraph.localDevMode | bool | false |
When true, remove all resource stanzas, allowing the scheduler to best-fit pods. Intended for local development with limited resources. |
| sourcegraph.nameOverride | string | "" |
Set a custom name for the app.kubernetes.io/name annotation |
| sourcegraph.nodeSelector | object | {} |
Global NodeSelector, learn more from the Kubernetes documentation |
| sourcegraph.podAnnotations | object | {} |
Add extra annotations to attach to all pods |
| sourcegraph.podLabels | object | {} |
Add extra labels to attach to all pods |
| sourcegraph.priorityClassName | string | "" |
Assign a priorityClass to all pods (daemonSets, deployments, and statefulSets) |
| sourcegraph.revisionHistoryLimit | int | 10 |
Global deployment clean up policy, learn more from the Kubernetes documentation |
| sourcegraph.serviceLabels | object | {} |
Add extra labels to all services |
| sourcegraph.tolerations | list | [] |
Global Tolerations, learn more from the Kubernetes documentation |
| storageClass.allowedTopologies | list | [] |
Persistent volumes topology configuration, learn more from the Kubernetes documentation |
| storageClass.create | bool | true |
Enable creation of storageClass. Disable if you have your own existing storage class |
| storageClass.name | string | "sourcegraph" |
Name of the storageClass. Use to customize to the existing storage class name |
| storageClass.parameters | object | {} |
Extra parameters of storageClass, consult your cloud provider persistent storage documentation |
| storageClass.provisioner | string | "kubernetes.io/gce-pd" |
Name of the storageClass provisioner, learn more from the Kubernetes documentation and consult your cloud provider persistent storage documentation |
| storageClass.type | string | "pd-ssd" |
Value of type key in storageClass parameters, consult your cloud provider persistent storage documentation |
| syntacticCodeIntel.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the syntactic-code-intel-worker container, learn more from the Kubernetes documentation |
| syntacticCodeIntel.enabled | bool | false |
|
| syntacticCodeIntel.image.defaultTag | string | "6.12.2541@sha256:dc8942466f5f8ba900157abda0e3eab50c50aea86a52edec96c2e0117dc99377" |
Docker image tag for the syntactic-code-intel-worker image |
| syntacticCodeIntel.image.name | string | "syntactic-code-intel-worker" |
Docker image name for the syntactic-code-intel-worker image |
| syntacticCodeIntel.name | string | "syntactic-code-intel-worker" |
Name used by resources. Does not affect service names or PVCs. |
| syntacticCodeIntel.podSecurityContext | object | {} |
Security context for the syntactic-code-intel-worker pod, learn more from the Kubernetes documentation |
| syntacticCodeIntel.properties.workerPort | int | 3188 |
port to whick worker API will bind |
| syntacticCodeIntel.replicaCount | int | 2 |
Number of syntactic-code-intel-worker pod |
| syntacticCodeIntel.resources | object | {"limits":{"cpu":"2","memory":"4G"},"requests":{"cpu":"500m","memory":"2G"}} |
Resource requests & limits for the syntactic-code-intel-worker container, learn more from the Kubernetes documentation |
| syntacticCodeIntel.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for syntactic-code-intel-worker |
| syntacticCodeIntel.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| syntectServer.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the syntect-server container, learn more from the Kubernetes documentation |
| syntectServer.image.defaultTag | string | "6.12.2541@sha256:0447cb653d8a454711ac82b99a2652cb1295c18b2fff309370a39dd2c2f98b8e" |
Docker image tag for the syntect-server image |
| syntectServer.image.name | string | "syntax-highlighter" |
Docker image name for the syntect-server image |
| syntectServer.name | string | "syntect-server" |
Name used by resources. Does not affect service names or PVCs. |
| syntectServer.podSecurityContext | object | {} |
Security context for the syntect-server pod, learn more from the Kubernetes documentation |
| syntectServer.replicaCount | int | 1 |
Number of syntect-server pod |
| syntectServer.resources | object | {"limits":{"cpu":"4","memory":"6G"},"requests":{"cpu":"250m","memory":"2G"}} |
Resource requests & limits for the syntect-server container, learn more from the Kubernetes documentation |
| syntectServer.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for syntect-server |
| syntectServer.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |
| worker.blocklist | list | [] |
List of jobs to block globally If replicas are configured, use this values to block jobs instead of manually setting WORKER_JOB_BLOCKLIST |
| worker.containerSecurityContext | object | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":101,"runAsUser":100} |
Security context for the worker container, learn more from the Kubernetes documentation |
| worker.env | object | {} |
Environment variables for the worker container |
| worker.image.defaultTag | string | "6.12.2541@sha256:4ccfa49b38b23431e593715af9584b9ce8af881e18661a8104a45c85a27a0a9c" |
Docker image tag for the worker image |
| worker.image.name | string | "worker" |
Docker image name for the worker image |
| worker.name | string | "worker" |
Name used by resources. Does not affect service names or PVCs. |
| worker.podSecurityContext | object | {} |
Security context for the worker pod, learn more from the Kubernetes documentation |
| worker.replicaCount | int | 1 |
Number of worker pod |
| worker.replicas | list | [] |
Scale worker horizontally by configuring additional replicas dedicated to specific jobs. for each replica, configure the dedicated jobs to run on this replica. learn more from https://sourcegraph.com/docs/admin/workers#3-split-jobs-and-scale-independently |
| worker.resources | object | {"limits":{"cpu":"2","memory":"4G"},"requests":{"cpu":"500m","memory":"2G"}} |
Resource requests & limits for the worker container, learn more from the Kubernetes documentation |
| worker.serviceAccount.create | bool | false |
Enable creation of ServiceAccount for worker |
| worker.serviceAccount.name | string | "" |
Name of the ServiceAccount to be created or an existing ServiceAccount |