From 40814d72d1f92fbb581f0bd1336195a69e0446f9 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 22 May 2026 15:30:54 +0000 Subject: [PATCH 1/2] Add conditional internal registry port (5000) to frontend service Adds configuration option `frontend.internalRegistry.enabled` to conditionally expose port 5000 as a named port "registry" on the frontend service and deployment. This supports the internal OCI image registry backed by blobstore for batch changes. https://claude.ai/code/session_016dk2KH5aCME6dzGTuyQzoG --- charts/sourcegraph/README.md | 1 + .../templates/frontend/sourcegraph-frontend.Deployment.yaml | 4 ++++ .../templates/frontend/sourcegraph-frontend.Service.yaml | 5 +++++ charts/sourcegraph/values.yaml | 4 ++++ 4 files changed, 14 insertions(+) diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index 6d7cc78a6..df5f21cba 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -112,6 +112,7 @@ In addition to the documented values, all services also support the following va | frontend.ingress.ingressClassName | string | `nil` | IngressClassName for the Ingress (Available in Kubernetes 1.18+) If you set this field, set the annotation `frontend.ingress.annotations."kubernetes.io/ingress.class"` to `null` | | frontend.ingress.tls | list | `[]` | Full TLS configuration for the ingress. Supersedes `tlsSecret` if set. Cannot be set together with `tlsSecret`. Omit `secretName` for controllers that manage certificates themselves (e.g. Tailscale). Example: tls: - hosts: - sourcegraph.example.com secretName: sourcegraph-tls # optional | | frontend.ingress.tlsSecret | string | `""` | Secret containing TLS cert. Cannot be set together with `tls`. | +| frontend.internalRegistry.enabled | bool | `false` | Enable internal OCI registry port (5000) on frontend service | | frontend.name | string | `"sourcegraph-frontend"` | Name used by resources. Does not affect service names or PVCs. | | frontend.podSecurityContext | object | `{}` | Security context for the `frontend` pod, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | | frontend.privileged | bool | `true` | Enable creation of Role and RoleBinding (RBAC). Uses [view](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) ClusterRole if set to false | diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml index 1696644e5..8e696bc66 100644 --- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml +++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml @@ -125,6 +125,10 @@ spec: containerPort: 3080 - name: http-debug containerPort: 6060 + {{- if .Values.frontend.internalRegistry.enabled }} + - name: registry + containerPort: 5000 + {{- end }} {{- if not .Values.sourcegraph.localDevMode }} resources: {{- toYaml .Values.frontend.resources | nindent 10 }} diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Service.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Service.yaml index 1d64e7f2a..7912e4fd5 100644 --- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Service.yaml +++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Service.yaml @@ -23,6 +23,11 @@ spec: - name: http-debug port: 6060 targetPort: http-debug + {{- if .Values.frontend.internalRegistry.enabled }} + - name: registry + port: 5000 + targetPort: registry + {{- end }} selector: {{- include "sourcegraph.selectorLabels" . | nindent 4 }} app: sourcegraph-frontend diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index aa3a04c46..24398cfa8 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -381,6 +381,10 @@ frontend: create: true # -- Name of the ServiceAccount to be created or an existing ServiceAccount name: sourcegraph-frontend + # Internal registry configuration + internalRegistry: + # -- Enable internal OCI registry port (5000) on frontend service + enabled: false migrator: # -- Enable [migrator](https://docs.sourcegraph.com/admin/how-to/manual_database_migrations) initContainer in From 67ca6c55bd97025c988b8608c402502ee403bc80 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 22 May 2026 15:45:34 +0000 Subject: [PATCH 2/2] Rename registry port to http-registry Follows naming convention of other HTTP ports in the chart. https://claude.ai/code/session_016dk2KH5aCME6dzGTuyQzoG --- .../templates/frontend/sourcegraph-frontend.Deployment.yaml | 2 +- .../templates/frontend/sourcegraph-frontend.Service.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml index 8e696bc66..002a8de07 100644 --- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml +++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Deployment.yaml @@ -126,7 +126,7 @@ spec: - name: http-debug containerPort: 6060 {{- if .Values.frontend.internalRegistry.enabled }} - - name: registry + - name: http-registry containerPort: 5000 {{- end }} {{- if not .Values.sourcegraph.localDevMode }} diff --git a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Service.yaml b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Service.yaml index 7912e4fd5..4ea05bd82 100644 --- a/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Service.yaml +++ b/charts/sourcegraph/templates/frontend/sourcegraph-frontend.Service.yaml @@ -24,9 +24,9 @@ spec: port: 6060 targetPort: http-debug {{- if .Values.frontend.internalRegistry.enabled }} - - name: registry + - name: http-registry port: 5000 - targetPort: registry + targetPort: http-registry {{- end }} selector: {{- include "sourcegraph.selectorLabels" . | nindent 4 }}