Gerrit: Import.
Change-Id: I5f80029e0215194d49f497a93b1adb778bb376cb
diff --git a/gerrit/.gitignore b/gerrit/.gitignore
new file mode 100644
index 0000000..dc67b26
--- /dev/null
+++ b/gerrit/.gitignore
@@ -0,0 +1 @@
+/secure.config
\ No newline at end of file
diff --git a/gerrit/Dockerfile b/gerrit/Dockerfile
new file mode 100644
index 0000000..943aa5f
--- /dev/null
+++ b/gerrit/Dockerfile
@@ -0,0 +1,22 @@
+FROM gerritcodereview/gerrit:3.4.1
+
+USER root
+
+#ADD https://github.com/davido/gerrit-oauth-provider/releases/download/v3.0.0/gerrit-oauth-provider.jar /var/gerrit/plugins/gerrit-oauth-provider.jar
+ADD https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-stable-3.4/lastSuccessfulBuild/artifact/bazel-bin/plugins/oauth/oauth.jar /var/gerrit/plugins/gerrit-oauth-provider.jar
+#ADD https://gerrit-ci.gerritforge.com/job/plugin-gitblit-bazel-master/8/artifact/bazel-bin/plugins/gitblit/gitblit.jar /var/gerrit/plugins/gitblit.jar
+ADD https://github.com/tomaswolf/gerrit-gitblit-plugin/releases/download/v3.2.171.0/gitblit-plugin-3.2.171.0.jar /var/gerrit/plugins/gitblit.jar
+#ADD https://gerrit-ci.gerritforge.com/job/plugin-its-phabricator-bazel-stable-2.15/14/artifact/bazel-genfiles/plugins/its-phabricator/its-phabricator.jar /var/gerrit/plugins/its-phabricator.jar
+ADD https://gerrit-ci.gerritforge.com/job/plugin-serviceuser-bazel-master-stable-3.4/lastSuccessfulBuild/artifact/bazel-bin/plugins/serviceuser/serviceuser.jar /var/gerrit/plugins/serviceuser.jar
+ADD https://gerrit-ci.gerritforge.com/job/plugin-lfs-bazel-master-stable-3.4/lastSuccessfulBuild/artifact/bazel-bin/plugins/lfs/lfs.jar /var/gerrit/plugins/lfs.jar
+ADD https://gerrit-ci.gerritforge.com/job/plugin-ref-protection-bazel-master-stable-3.4/lastSuccessfulBuild/artifact/bazel-bin/plugins/ref-protection/ref-protection.jar /var/gerrit/plugins/ref-protection.jar
+#ADD https://gerrit-ci.gerritforge.com/job/plugin-x-docs-bazel-stable-2.15/8/artifact/bazel-genfiles/plugins/x-docs/x-docs.jar /var/gerrit/plugins/x-docs.jar
+ADD https://gerrit-ci.gerritforge.com/job/plugin-rename-project-bazel-master-stable-3.4/lastSuccessfulBuild/artifact/bazel-bin/plugins/rename-project/rename-project.jar /var/gerrit/plugins/rename-project.jar
+ADD https://gerrit-ci.gerritforge.com/job/plugin-admin-console-bazel-master-stable-3.4/lastSuccessfulBuild/artifact/bazel-bin/plugins/admin-console/admin-console.jar /var/gerrit/plugins/admin-console.jar
+ADD https://gerrit-ci.gerritforge.com/job/plugin-github-mvn-stable-3.4/lastSuccessfulBuild/artifact/github-plugin/target/github-plugin-3.4.0-rc0.jar /var/gerrit/plugins/github.jar
+ADD https://gerrit-ci.gerritforge.com/job/plugin-github-mvn-stable-3.4/lastSuccessfulBuild/artifact/github-oauth/target/github-oauth-3.4.0-rc0.jar /var/gerrit/lib/github-oauth.jar
+
+RUN chown gerrit /var/gerrit/plugins/* /var/gerrit/lib/*
+
+USER gerrit
+CMD /var/gerrit/bin/gerrit.sh run
diff --git a/gerrit/gerrit-k8s.yaml b/gerrit/gerrit-k8s.yaml
new file mode 100644
index 0000000..92d5966
--- /dev/null
+++ b/gerrit/gerrit-k8s.yaml
@@ -0,0 +1,334 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: gerrit-http
+ namespace: mulk
+ labels:
+ name: gerrit-http
+ k8s-app: gerrit
+spec:
+ selector:
+ name: gerrit
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 80
+ targetPort: http
+ protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: gerrit-ssh
+ namespace: mulk
+ labels:
+ name: gerrit-ssh
+ k8s-app: gerrit
+spec:
+ selector:
+ name: gerrit
+ type: NodePort
+ ports:
+ - name: ssh
+ port: 22
+ targetPort: ssh
+ protocol: TCP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: gerrit
+ namespace: mulk
+ labels:
+ name: gerrit
+ k8s-app: gerrit
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-prod
+ kubernetes.io/ingress.class: nginx
+spec:
+ rules:
+ - host: gerrit.benkard.de
+ http:
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: gerrit-http
+ port:
+ number: 80
+ tls:
+ - hosts:
+ - gerrit.benkard.de
+ secretName: gerrit-tls
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gerrit
+ namespace: mulk
+ labels:
+ name: gerrit
+ k8s-app: gerrit
+spec:
+ replicas: 1
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ k8s-app: gerrit
+ name: gerrit
+ template:
+ metadata:
+ labels:
+ name: gerrit
+ k8s-app: gerrit
+ spec:
+ imagePullSecrets:
+ - name: portus-token
+ volumes:
+ - name: index-data
+ persistentVolumeClaim:
+ claimName: gerrit-index-data
+ - name: git-data
+ persistentVolumeClaim:
+ claimName: gerrit-git-data
+ - name: cache-data
+ emptyDir: {}
+ - name: etc-data
+ persistentVolumeClaim:
+ claimName: gerrit-etc-data
+ - name: config
+ configMap:
+ name: gerrit-config
+ - name: secure-config
+ secret:
+ secretName: gerrit-secrets
+ - name: github-secrets
+ secret:
+ secretName: github-secrets
+ defaultMode: 0444
+ #initContainers:
+ # - name: reindex
+ # image: docker.benkard.de/mulk/gerrit:3.4.1-4
+ # command:
+ # - java
+ # - -jar
+ # - /var/gerrit/bin/gerrit.war
+ # - reindex
+ # - -d
+ # - /var/gerrit
+ # env:
+ # - name: _JAVA_OPTIONS
+ # value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
+ # volumeMounts:
+ # - name: index-data
+ # mountPath: /var/gerrit/index
+ # - name: git-data
+ # mountPath: /var/gerrit/git
+ # - name: cache-data
+ # mountPath: /var/gerrit/cache
+ # - name: etc-data
+ # mountPath: /var/gerrit/etc
+ # - name: secure-config
+ # mountPath: /var/gerrit/etc/secure.config
+ # readOnly: true
+ # subPath: secure.config
+ # - name: config
+ # mountPath: /var/gerrit/etc/gerrit.config
+ # readOnly: true
+ # subPath: gerrit.config
+ containers:
+ - name: master
+ image: docker.benkard.de/mulk/gerrit:3.4.1-2
+
+ # for running `init`:
+ #
+ # java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit
+ #
+ # or the H2 console:
+ #
+ # cd
+ # curl -O https://repo1.maven.org/maven2/com/h2database/h2/1.4.200/h2-1.4.200.jar
+ # java -jar h2-1.4.200.jar -url jdbc:h2:/var/gerrit/db/account_patch_reviews
+ #
+ #tty: true
+ #stdin: true
+ #command:
+ # - /bin/cat
+
+ resources:
+ limits:
+ cpu: 2000m
+ memory: 600Mi
+ requests:
+ cpu: 10m
+ memory: 300Mi
+ env:
+ - name: _JAVA_OPTIONS
+ value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
+ - name: CANONICAL_WEB_URL
+ value: https://gerrit.benkard.de/
+ volumeMounts:
+ - name: index-data
+ mountPath: /var/gerrit/index
+ - name: git-data
+ mountPath: /var/gerrit/git
+ - name: cache-data
+ mountPath: /var/gerrit/cache
+ - name: etc-data
+ mountPath: /var/gerrit/etc
+ - name: secure-config
+ mountPath: /var/gerrit/etc/secure.config
+ readOnly: true
+ subPath: secure.config
+ - name: github-secrets
+ mountPath: /var/gerrit/.ssh
+ readOnly: true
+ #- name: config
+ # mountPath: /var/gerrit/etc/gerrit.config
+ # readOnly: true
+ # subPath: gerrit.config
+ ports:
+ - containerPort: 8080
+ name: http
+ protocol: TCP
+ - containerPort: 29418
+ name: ssh
+ protocol: TCP
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: gerrit-config
+ namespace: mulk
+ labels:
+ name: gerrit
+ k8s-app: gerrit
+data:
+ gerrit.config: |
+ [gerrit]
+ basePath = git
+ canonicalWebUrl = https://gerrit.benkard.de/
+ serverId = 4f1749e7-9b7f-449e-acf9-5e80b87f8173
+
+ [user]
+ email = gerrit@benkard.de
+
+ [database]
+ type = postgresql
+ hostname = postgresql.system
+ database = gerrit
+ username = gerrit
+
+ [index]
+ type = LUCENE
+
+ [auth]
+ type = OAUTH
+ gitBasicAuth = false
+ gitBasicAuthPolicy = HTTP
+
+ [oauth]
+ allowRegisterNewEmail = true
+
+ [plugin "gerrit-oauth-provider-keycloak-oauth"]
+ root-url = https://login.benkard.de
+ client-id = gerrit
+ realm = master
+
+ [receiveemail]
+ protocol = imap
+ host = mail.benkard.de
+ encryption = tls
+ username = gerrit@benkard.de
+ fetchInterval = 1m
+ enableImapIdle = true
+
+ [sendemail]
+ smtpServer = mail.benkard.de
+ smtpServerPort = 587
+ from = MIXED
+ smtpUser = gerrit@benkard.de
+ importance = low
+ replyToAddress = gerrit@benkard.de
+ smtpEncryption = tls
+
+ [sshd]
+ listenAddress = *:29418
+
+ [httpd]
+ listenUrl = proxy-https://*:8080/
+
+ [cache]
+ directory = cache
+
+ [container]
+ user = root
+
+ [receive]
+ enableSignedPush = false
+
+ [noteDb "changes"]
+ autoMigrate = true
+
+ [github]
+ url = https://github.com
+ apiUrl = https://api.github.com
+ clientId = 062b430799c664e10928
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: gerrit-git-data
+ namespace: mulk
+ labels:
+ name: gerrit
+ k8s-app: gerrit
+ annotations:
+ volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Mi
+ storageClassName: local-path
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: gerrit-etc-data
+ namespace: mulk
+ labels:
+ name: gerrit
+ k8s-app: gerrit
+ annotations:
+ volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Mi
+ storageClassName: local-path
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: gerrit-index-data
+ namespace: mulk
+ labels:
+ name: gerrit
+ k8s-app: gerrit
+ annotations:
+ volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 20Mi
+ storageClassName: local-path
+---