Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appliance: deploy repo-updater #62200

Merged
merged 3 commits into from
Apr 29, 2024
Merged

appliance: deploy repo-updater #62200

merged 3 commits into from
Apr 29, 2024
+1,156 −5

Conversation

craigfurman
Copy link
Member

@craigfurman craigfurman commented Apr 26, 2024
edited

Closes https://github.com/sourcegraph/sourcegraph-operator/issues/44

Test plan

Golden tests included.

@cla-bot cla-bot bot added the cla-signed label Apr 26, 2024
@craigfurman Graphite App
Copy link
Member Author

craigfurman commented Apr 26, 2024
edited

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @craigfurman and the rest of your teammates on Graphite Graphite

@craigfurman craigfurman changed the title context: handle qualified symbol names (#62142) appliance: deploy repo-updater Apr 26, 2024
@craigfurman craigfurman changed the title appliance: deploy repo-updater context: handle qualified symbol names (#62142) Apr 26, 2024
@craigfurman craigfurman changed the title context: handle qualified symbol names (#62142) appliance: deploy repo-updater Apr 26, 2024
@craigfurman craigfurman marked this pull request as ready for review April 26, 2024 11:29
@craigfurman craigfurman mentioned this pull request Apr 26, 2024
Merged
@craigfurman craigfurman requested a review from a team April 26, 2024 11:37
@craigfurman
Copy link
Member Author

go run ./internal/appliance/dev/compare-helm -component repo-updater -golden-file internal/appliance/testdata/golden-fixtures/repo-updater-default.yaml -helm-template-extra-args '--set repoUpdater.serviceAccount.create=true' output:

2c2
< # helm: ServiceAccount/repo-updater
---
> # golden: ServiceAccount/repo-updater
5a6,8
>   annotations:
>     appliance.sourcegraph.com/configHash: bd6ab558ec98ed6b2607b80469bb9f209b485fa44a6dd5beaf18c37011340afc
>   creationTimestamp: "2024-04-19T00:00:00Z"
7,8d9
<     app.kubernetes.io/component: repo-updater
<     category: rbac
10a12,14
>   namespace: NORMALIZED_FOR_TESTING
>   resourceVersion: NORMALIZED_FOR_TESTING
>   uid: NORMALIZED_FOR_TESTING
12c16
< # helm: Service/repo-updater
---
> # golden: Service/repo-updater
16a21
>     appliance.sourcegraph.com/configHash: bd6ab558ec98ed6b2607b80469bb9f209b485fa44a6dd5beaf18c37011340afc
18a24
>   creationTimestamp: "2024-04-19T00:00:00Z"
23a30,32
>   namespace: NORMALIZED_FOR_TESTING
>   resourceVersion: NORMALIZED_FOR_TESTING
>   uid: NORMALIZED_FOR_TESTING
24a34,40
>   clusterIP: NORMALIZED_FOR_TESTING
>   clusterIPs:
>   - NORMALIZED_FOR_TESTING
>   internalTrafficPolicy: Cluster
>   ipFamilies:
>   - IPv4
>   ipFamilyPolicy: SingleStack
27a44
>     protocol: TCP
31,32c48
<     app.kubernetes.io/instance: release-name
<     app.kubernetes.io/name: sourcegraph
---
>   sessionAffinity: None
33a50,51
> status:
>   loadBalancer: {}
35c53
< # helm: Deployment/repo-updater
---
> # golden: Deployment/repo-updater
40,41c58,60
<     description: Handles repository metadata (not Git data) lookups and updates from
<       external code hosts and other similar services.
---
>     appliance.sourcegraph.com/configHash: bd6ab558ec98ed6b2607b80469bb9f209b485fa44a6dd5beaf18c37011340afc
>   creationTimestamp: "2024-04-19T00:00:00Z"
>   generation: 1
44,45d62
<     app.kubernetes.io/instance: release-name
<     app.kubernetes.io/managed-by: Helm
47c64
<     app.kubernetes.io/version: 5.3.12303
---
>     app.kubernetes.io/version: 5.3.9104
49d65
<     helm.sh/chart: sourcegraph-5.3.12303
50a67,69
>   namespace: NORMALIZED_FOR_TESTING
>   resourceVersion: NORMALIZED_FOR_TESTING
>   uid: NORMALIZED_FOR_TESTING
52a72
>   progressDeadlineSeconds: 600
58,59d77
<       app.kubernetes.io/instance: release-name
<       app.kubernetes.io/name: sourcegraph
61,64c79
<     rollingUpdate:
<       maxSurge: 1
<       maxUnavailable: 0
<     type: RollingUpdate
---
>     type: Recreate
68d82
<         checksum/redis: 63b58e05a2640417d599c4aee6d866cb9063e3a9aa452dc08dbfff836b7781b7
69a84
>       creationTimestamp: null
72,73d86
<         app.kubernetes.io/instance: release-name
<         app.kubernetes.io/name: sourcegraph
74a88
>       name: repo-updater
76d89
<       affinity: null
91a105
>               apiVersion: v1
95c109
<         image: us-central1-docker.pkg.dev/sourcegraph-ci/rfc795-internal/repo-updater:5.3.12303@sha256:efd5a951c91b0501a6c383e67b71a8532c4be15a8a69b18cbc6cc9a9a1535970
---
>         image: index.docker.io/sourcegraph/repo-updater:5.3.2@sha256:5a414aa030c7e0922700664a43b449ee5f3fafa68834abef93988c5992c747c6
103a118
>           successThreshold: 1
108a124
>           protocol: TCP
110a127
>           protocol: TCP
117a135
>           successThreshold: 1
119,125c137
<         resources:
<           limits:
<             cpu: "1"
<             memory: 2Gi
<           requests:
<             cpu: "1"
<             memory: 500Mi
---
>         resources: {}
130a143
>         terminationMessagePath: /dev/termination-log
132,134c145,153
<         volumeMounts: null
<       nodeSelector: null
<       securityContext: {}
---
>       dnsPolicy: ClusterFirst
>       restartPolicy: Always
>       schedulerName: default-scheduler
>       securityContext:
>         fsGroup: 101
>         fsGroupChangePolicy: OnRootMismatch
>         runAsGroup: 101
>         runAsUser: 100
>       serviceAccount: repo-updater
136,137c155,226
<       tolerations: null
<       volumes: null
---
>       terminationGracePeriodSeconds: 30
> status: {}
> ---
> # golden: ConfigMap/sg
> apiVersion: v1
> data:
>   spec: |
>     spec:
>       requestedVersion: "5.3.9104"
> 
>       blobstore:
>         disabled: true
> 
>       codeInsights:
>         disabled: true
> 
>       codeIntel:
>         disabled: true
> 
>       frontend:
>         disabled: true
> 
>       gitServer:
>         disabled: true
> 
>       indexedSearch:
>         disabled: true
> 
>       indexedSearchIndexer:
>         disabled: true
> 
>       pgsql:
>         disabled: true
> 
>       postgresExporter:
>         disabled: true
> 
>       preciseCodeIntel:
>         disabled: true
> 
>       redisCache:
>         disabled: true
> 
>       redisExporter:
>         disabled: true
> 
>       redisStore:
>         disabled: true
> 
>       repoUpdater: {}
> 
>       searcher:
>         disabled: true
> 
>       symbols:
>         disabled: true
> 
>       syntectServer:
>         disabled: true
> 
>       worker:
>         disabled: true
> kind: ConfigMap
> metadata:
>   annotations:
>     appliance.sourcegraph.com/currentVersion: 5.3.9104
>     appliance.sourcegraph.com/managed: "true"
>   creationTimestamp: "2024-04-19T00:00:00Z"
>   name: sg
>   namespace: NORMALIZED_FOR_TESTING
>   resourceVersion: NORMALIZED_FOR_TESTING
>   uid: NORMALIZED_FOR_TESTING

The only part of this that stands out to me is checksum/redis. AFAICT, the redis config is injected via secrets. I can't see why that checksum changes if the underlying redis config changes, since the secretKeyRef remains the same. I want to look a little deeper at this and open a follow-on issue to explore how best to ensure that deployments roll when referenced config (e.g. secrets) changes, and make sure I've understood how it currently works in helm (I might have missed the point). WDYT @jdpleiness?

jdpleiness
jdpleiness approved these changes Apr 26, 2024
View reviewed changes
internal/appliance/spec.go Show resolved Hide resolved
internal/appliance/testdata/golden-fixtures/repo-updater-default.yaml Outdated Show resolved Hide resolved
internal/k8s/resource/container/container.go
Comment on lines +68 to +91
func NewEnvVarSecretKeyRef(name, secretName, secretKey string) corev1.EnvVar {
return corev1.EnvVar{
Name: name,
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: secretName,
},
Key: secretKey,
},
},
}
}

func NewEnvVarFieldRef(name, fieldPath string) corev1.EnvVar {
return corev1.EnvVar{
Name: name,
ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: fieldPath,
},
},
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Re: lines 68 to 92]

 Nice 🚀

See this comment inline on Graphite.

@craigfurman
appliance: use default deployment RollingUpdate strategy
dff269e 
Rather than always overriding to recreate. If any Deployment actually
needs this, they can set it!
@craigfurman
Copy link
Member Author

@jdpleiness I split out #62227, re: the redis secret checksum. Let's take that conversation there.

@craigfurman craigfurman enabled auto-merge (squash) April 29, 2024 09:09
@craigfurman craigfurman merged commit a72cc39 into main Apr 29, 2024
12 checks passed
@craigfurman craigfurman deleted the appliance-repo-updater branch April 29, 2024 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdpleiness jdpleiness jdpleiness approved these changes

Assignees
No one assigned
Labels
cla-signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@craigfurman @jdpleiness