local mirko = import "../../kube/mirko.libsonnet"; local kube = import "../../kube/kube.libsonnet"; // Deploy SourceGraph, a code serach tool. Its configuration is fully managed // within sourcegraph itself, including user accounts. { cfg:: { image: "sourcegraph/server:3.17.1", publicFQDN: error "public FQDN must be set", storageClassName: "waw-hdd-redundant-3", }, component(cfg, env):: mirko.Component(env, "sourcegraph") { local sourcegraph = self, cfg+: { image: cfg.image, volumes+: { data: kube.PersistentVolumeClaimVolume(sourcegraph.pvc.data), etc: kube.PersistentVolumeClaimVolume(sourcegraph.pvc.etc), }, securityContext: { runAsUser: 0, fsGroup: 0, }, // This container fixes some permissions that Kubernetes volume mounts break. initContainer: sourcegraph.Container("fixperms") { image: "alpine:3", volumeMounts_+: { data: { mountPath: "/var/opt/sourcegraph" }, }, ports_: {}, command: [ "sh", "-c", "chmod 755 /var/opt/sourcegraph; chmod -R 700 /var/opt/sourcegraph/postgresql", ], }, container: sourcegraph.Container("main") { volumeMounts_+: { data: { mountPath: "/var/opt/sourcegraph" }, etc: { mountPath: "/etc/sourcegraph" }, }, resources: { requests: { cpu: "100m", memory: "1Gi", }, limits: { cpu: "1", memory: "2Gi", }, }, }, ports+: { publicHTTP: { public: { port: 7080, dns: cfg.publicFQDN, // Authenticate as 'Anonymous' user by default. This is done in tandem // with Sourcegraphs authenticate-by-http-header feature, and is a // workaround for the lack of a public view in the self-hosted free // version of Sourcegraph. // https://twitter.com/sqs/status/1272659451292422144 setHeaders: ["X-Forwarded-User Anonymous"], }, }, }, extraPaths: [ { // Redirect anonymous user settings to a service that doesn't // have any endpoints/backends. path: "/users/Anonymous/settings", backend: { serviceName: sourcegraph.blocksvc.metadata.name, servicePort: 8080 }, }, ], }, blocksvc: kube.Service(sourcegraph.makeName("blocksvc")) { metadata+: sourcegraph.metadata, spec+: { selector: null, ports: [{ port: 2137, targetPort: 2137 }], }, }, pvc: { data: kube.PersistentVolumeClaim(sourcegraph.makeName("data")) { metadata+: sourcegraph.metadata, spec+: { storageClassName: cfg.storageClassName, accessModes: [ "ReadWriteOnce" ], resources: { requests: { storage: "40Gi", }, }, }, }, etc: kube.PersistentVolumeClaim(sourcegraph.makeName("etc")) { metadata+: sourcegraph.metadata, spec+: { storageClassName: cfg.storageClassName, accessModes: [ "ReadWriteOnce" ], resources: { requests: { storage: "4Gi", }, }, }, }, }, } }