Operations guides for Sourcegraph on Kubernetes
Operations guides specific to managing Sourcegraph on Kubernetes installations.
Featured guides
Configure your Sourcegraph deployment with our deployment reference. Upgrade
Upgrade your deployment to the latest Sourcegraph release. Troubleshoot
Troubleshoot common issues with your Sourcegraph instance.
Trying to deploy Sourcegraph on Kubernetes? Refer to our installation guide.
Configure
We strongly recommend referring to our Configuration guide to learn about how to configure your Sourcegraph with Kubernetes instance.
Deploy
Refer to our installation guide for details on how to deploy Sourcegraph.
Migrating from another deployment type? Refer to our migration guides.
Deploy with Kustomize
In order to deploy Sourcegraph that is configured for your cluster:
Building manifests
Build a new set of manifests using an overlay you've created following our configuration guide for Kustomize:
$ kubectl kustomize $PATH_TO_OVERLAY -o cluster.yaml
Reviewing manifests
Review the manifests generated in the previous step:
$ less cluster.yaml
Applying manifests
Run the command below to apply the manifests from the ouput file cluster.yaml to the connected cluster:
$ kubectl apply --prune -l deploy=sourcegraph -f cluster.yaml
Once you have applied your changes:
-
Watch - verify your deployment has started:
$ kubectl get pods -A -o wide --watch -
Port-foward - verify Sourcegraph is running by temporarily making the frontend port accessible:
$ kubectl port-forward svc/sourcegraph-frontend 3080:30080 -
Log in - browse to your Sourcegraph deployment, login, and verify the instance is working as expected.
Compare overlays
Below are the commands that will output the differences between the two overlays, allowing you to review and compare the changes and ensure that the new overlay produces similar resources as the ones currently being used by the active cluster or another overlay you want to compare with, before applying the new overlay.
Between two overlays
To compare resources between two different Kustomize overlays:
$ diff \ <(kubectl kustomize $PATH_TO_OVERLAY_1) \ <(kubectl kustomize $PATH_TO_OVERLAY_2) |\ more
Example 1: compare diff between resources generated by the k3s overlay for size xs instance and the k3s overlay for size xl instance:
$ diff \ <(kubectl kustomize examples/k3s/xs) \ <(kubectl kustomize examples/k3s/xl) |\ more
Example 2: compare diff between the new base cluster and the old cluster:
$ diff \ <(kubectl kustomize examples/base) \ <(kubectl kustomize examples/old-cluster) |\ more
Example 3: compare diff between the output files from two different overlay builds:
$ kubectl kustomize examples/old-cluster -o old-cluster.yaml $ kubectl kustomize examples/base -o new-cluster.yaml $ diff old-cluster.yaml new-cluster.yaml
Between an overlay and a running cluster
To compare the difference between the manifests generated by an overlay and the resources that are being used by the running cluster connected to the kubectl tool:
$ kubectl kustomize $PATH_TO_OVERLAY | kubectl diff -f -
The command will output the differences between the customizations specified in the overlay and the resources currently running in the cluster, allowing you to review the changes and ensure that the overlay produces similar resources to the ones currently being used by the active cluster before applying the new overlay.
Example: compare diff between the k3s overlay for size xl instance and the instance that is connected with kubectl:
$ kubectl kustomize examples/k3s/xl | kubectl diff -f -
List pods in cluster
List all pods in your cluster and the corresponding health status of each pod:
$ kubectl get pods -o=wide
Tail logs for specific pod
Tail the logs for the specified pod:
$ kubectl logs -f $POD_NAME
If Sourcegraph is unavailable and the sourcegraph-frontend-* pod(s) are not in status Running, then view their logs with $ kubectl logs -f sourcegraph-frontend-$POD_ID (filling in $POD_ID from the $ kubectl get pods output). Inspect both the log messages printed at startup (at the beginning of the log output) and recent log messages.
Retrieving resource information
Display detailed information about the status of a single pod:
$ kubectl describe $POD_NAME
List all Persistent Volume Claims (PVCs) and their statuses:
$ kubectl get pvc
List all Persistent Volumes (PVs) that have been provisioned. In a healthy cluster, there should be a one-to-one mapping between PVs and PVCs:
$ kubectl get pv
List all events in the cluster's history:
$ kubectl get events
Delete failing pod so it gets recreated, possibly on a different node:
$ kubectl delete pod $POD_NAME
Remove all pods from a node and mark it as unschedulable to prevent new pods from arriving
$ kubectl drain --force --ignore-daemonsets --delete-local-data $NODE
Restarting Sourcegraph Instance:
$ kubectl rollout restart deployment sourcegraph-frontend
Access the database
Get the id of one pgsql Pod:
$ kubectl get pods -l app=pgsql NAME READY STATUS RESTARTS AGE pgsql-76a4bfcd64-rt4cn 2/2 Running 0 19m
Make sure you are operating under the correct namespace (i.e. add -n prod if your pod is under the prod namespace).
Open a PostgreSQL interactive terminal:
$ kubectl exec -it pgsql-76a4bfcd64-rt4cn -- psql -U sg
Run your SQL query:
SELECT * FROM users;
Backup and restore
The following instructions are specific to backing up and restoring the sourcegraph databases in a Kubernetes deployment. These do not apply to other deployment types.
Back up Sourcegraph databases
These instructions will back up the primary sourcegraph database and the codeintel database.
A. Verify deployment running
$ kubectl get pods -A
B. Stop all connections to the database by removing the frontend deployment
$ kubectl scale --replicas=0 deployment/sourcegraph-frontend # or $ kubectl delete deployment sourcegraph-frontend
C. Check for corrupt database indexes. If amcheck returns errors, please reach out to [email protected]
create extension amcheck; select bt_index_parent_check(c.oid, true), c.relname, c.relpages from pg_index i join pg_opclass op ON i.indclass[0] = op.oid join pg_am am ON op.opcmethod = am.oid join pg_class c ON i.indexrelid = c.oid join pg_namespace n ON c.relnamespace = n.oid where am.amname = 'btree' -- Don't check temp tables, which may be from another session: and c.relpersistence != 't' -- Function may throw an error when this is omitted: and i.indisready AND i.indisvalid;
D. Generate the database dumps
$ kubectl exec -it $pgsql_POD_NAME -- bash -c 'pg_dump -C --clean --if-exists --username sg sg' > sourcegraph_db.out $ kubectl exec -it $codeintel-db_POD_NAME -- bash -c 'pg_dump -C --clean --if-exists --username sg sg' > codeintel_db.out $ kubectl exec -it $codeinsights-db_POD_NAME -- bash -c 'pg_dump -C --clean --if-exists --username postgres postgres' > codeinsights_db.out
Ensure the sourcegraph_db.out, codeintel_db.out and codeinsights_db.out files are moved to a safe and secure location.
Restore Sourcegraph databases
Restoring Sourcegraph databases into a new environment
The following instructions apply only if you are restoring your databases into a new deployment of Sourcegraph ie: a new virtual machine
If you are restoring a previously running environment, see the instructions for restoring a previously running deployment
A. Copy the database dump files (eg. sourcegraph_db.out, codeintel_db.out and codeinsights_db.out) into the root of the deploy-sourcegraph directory
B. Start the database services by running the following command from the root of the deploy-sourcegraph directory
$ kubectl rollout restart deployment pgsql $ kubectl rollout restart deployment codeintel-db $ kubectl rollout restart deployment codeinsights-db
C. Copy the database files into the pods by running the following command from the root of the deploy-sourcegraph directory
$ kubectl cp sourcegraph_db.out $NAMESPACE/$pgsql_POD_NAME:/tmp/sourcegraph_db.out $ kubectl cp codeintel_db.out $NAMESPACE/$codeintel-db_POD_NAME:/tmp/codeintel_db.out $ kubectl cp codeinsights_db.out $NAMESPACE/$codeinsights-db_POD_NAME:/tmp/codeinsights_db.out
D. Restore the databases
$ kubectl exec -it $pgsql_POD_NAME -- bash -c 'psql -v ERROR_ON_STOP=1 --username sg -f /tmp/sourcegraph_db.out sg' $ kubectl exec -it $codeintel-db_POD_NAME -- bash -c 'psql -v ERROR_ON_STOP=1 --username sg -f /tmp/condeintel_db.out sg' $ kubectl exec -it $codeinsights-db_POD_NAME -- bash -c 'psql -v ERROR_ON_STOP=1 --username postgres -f /tmp/codeinsights_db.out postgres'
E. Check for corrupt database indexes. If amcheck returns errors, please reach out to [email protected]
create extension amcheck; select bt_index_parent_check(c.oid, true), c.relname, c.relpages from pg_index i join pg_opclass op ON i.indclass[0] = op.oid join pg_am am ON op.opcmethod = am.oid join pg_class c ON i.indexrelid = c.oid join pg_namespace n ON c.relnamespace = n.oid where am.amname = 'btree' -- Don't check temp tables, which may be from another session: and c.relpersistence != 't' -- Function may throw an error when this is omitted: and i.indisready AND i.indisvalid;
F. Start the remaining Sourcegraph services by following the steps in applying manifests.
Restoring Sourcegraph databases into an existing environment
A. Stop the existing deployment by removing the frontend deployment
$ kubectl scale --replicas=0 deployment/sourcegraph-frontend # or $ kubectl delete deployment sourcegraph-frontend
B. Remove any existing volumes for the databases in the existing deployment
$ kubectl delete pvc pgsql $ kubectl delete pvc codeintel-db $ kubectl delete pvc codeinsights-db $ kubectl delete pv $pgsql_PV_NAME --force $ kubectl delete pv $codeintel-db_PV_NAME --force $ kubectl delete pv $codeinsights-db_PV_NAME --force
C. Copy the database dump files (eg. sourcegraph_db.out, codeintel_db.out and codeinsights_db.out) into the root of the deploy-sourcegraph directory
D. Start the database services only
$ kubectl rollout restart deployment pgsql $ kubectl rollout restart deployment codeintel-db $ kubectl rollout restart deployment codeinsights-db
E. Copy the database files into the pods by running the following command from the root of the deploy-sourcegraph directory
$ kubectl cp sourcegraph_db.out $NAMESPACE/$pgsql_POD_NAME:/tmp/sourcegraph_db.out $ kubectl cp codeintel_db.out $NAMESPACE/$codeintel-db_POD_NAME:/tmp/codeintel_db.out $ kubectl cp codeinsights_db.out $NAMESPACE/$codeinsights-db_POD_NAME:/tmp/codeinsights_db.out
F. Restore the databases
$ kubectl exec -it $pgsql_POD_NAME -- bash -c 'psql -v ERROR_ON_STOP=1 --username sg -f /tmp/sourcegraph_db.out sg' $ kubectl exec -it $codeintel-db_POD_NAME -- bash -c 'psql -v ERROR_ON_STOP=1 --username sg -f /tmp/condeintel_db.out sg' $ kubectl exec -it $codeinsights-db_POD_NAME -- bash -c 'psql -v ERROR_ON_STOP=1 --username postgres -f /tmp/codeinsights_db.out postgres'
G. Check for corrupt database indexes. If amcheck returns errors, please reach out to [email protected]
create extension amcheck; select bt_index_parent_check(c.oid, true), c.relname, c.relpages from pg_index i join pg_opclass op ON i.indclass[0] = op.oid join pg_am am ON op.opcmethod = am.oid join pg_class c ON i.indexrelid = c.oid join pg_namespace n ON c.relnamespace = n.oid where am.amname = 'btree' -- Don't check temp tables, which may be from another session: and c.relpersistence != 't' -- Function may throw an error when this is omitted: and i.indisready AND i.indisvalid;
H. Start the remaining Sourcegraph services by following the steps in applying manifests.
List of ports
To see a list of ports that are currently being used by your Sourcegraph instance:
$ kubectl get services
Example output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE blobstore ClusterIP 10.72.3.144 <none> 9000/TCP 25h cadvisor ClusterIP 10.72.14.130 <none> 48080/TCP 23h codeinsights-db ClusterIP 10.72.6.240 <none> 5432/TCP,9187/TCP 25h codeintel-db ClusterIP 10.72.5.10 <none> 5432/TCP,9187/TCP 25h gitserver ClusterIP None <none> 10811/TCP 25h grafana ClusterIP 10.72.6.245 <none> 30070/TCP 25h indexed-search ClusterIP None <none> 6070/TCP 25h indexed-search-indexer ClusterIP None <none> 6072/TCP 25h kubernetes ClusterIP 10.72.0.1 <none> 443/TCP 25h node-exporter ClusterIP 10.72.5.60 <none> 9100/TCP 25h otel-collector ClusterIP 10.72.9.221 <none> 4317/TCP,4318/TCP,8888/TCP 25h pgsql ClusterIP 10.72.6.23 <none> 5432/TCP,9187/TCP 25h precise-code-intel-worker ClusterIP 10.72.11.102 <none> 3188/TCP,6060/TCP 25h prometheus ClusterIP 10.72.12.201 <none> 30090/TCP 25h redis-cache ClusterIP 10.72.15.138 <none> 6379/TCP,9121/TCP 25h redis-store ClusterIP 10.72.4.162 <none> 6379/TCP,9121/TCP 25h repo-updater ClusterIP 10.72.11.176 <none> 3182/TCP,6060/TCP 25h searcher ClusterIP None <none> 3181/TCP,6060/TCP 23h sourcegraph-frontend ClusterIP 10.72.12.103 <none> 30080/TCP,6060/TCP 25h sourcegraph-frontend-internal ClusterIP 10.72.9.155 <none> 80/TCP 25h symbols ClusterIP None <none> 3184/TCP,6060/TCP 23h syntect-server ClusterIP 10.72.14.49 <none> 9238/TCP,6060/TCP 25h worker ClusterIP 10.72.7.72 <none> 3189/TCP,6060/TCP 25h
Migrate to Kustomize
See the migration docs for Kustomize for more information.
Upgrade
- See the Updating Sourcegraph docs on how to upgrade.
- See the Updating a Kubernetes Sourcegraph instance docs for details on changes in each version to determine if manual migration steps are necessary.
Troubleshoot
See the Troubleshooting docs.