---
apiVersion: v1
kind: Service
metadata:
  name: gerrit-http
  namespace: mulk
  labels:
    name: gerrit-http
    k8s-app: gerrit
spec:
  selector:
    name: gerrit
  type: ClusterIP
  ports:
   - name: http
     port: 80
     targetPort: http
     protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: gerrit-ssh
  namespace: mulk
  labels:
    name: gerrit-ssh
    k8s-app: gerrit
spec:
  selector:
    name: gerrit
  type: NodePort
  ports:
   - name: ssh
     port: 22
     targetPort: ssh
     protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gerrit
  namespace: mulk
  labels:
    name: gerrit
    k8s-app: gerrit
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: gerrit.benkard.de
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: gerrit-http
            port:
              number: 80
  tls:
  - hosts:
    - gerrit.benkard.de
    secretName: gerrit-tls
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gerrit
  namespace: mulk
  labels:
    name: gerrit
    k8s-app: gerrit
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      k8s-app: gerrit
      name: gerrit
  template:
    metadata:
      labels:
        name: gerrit
        k8s-app: gerrit
    spec:
      imagePullSecrets:
        - name: portus-token
      volumes:
        - name: index-data
          persistentVolumeClaim:
            claimName: gerrit-index-data
        - name: git-data
          persistentVolumeClaim:
            claimName: gerrit-git-data
        - name: cache-data
          emptyDir: {}
        - name: etc-data
          persistentVolumeClaim:
            claimName: gerrit-etc-data
        - name: config
          configMap:
            name: gerrit-config
        - name: secure-config
          secret:
            secretName: gerrit-secrets
        - name: github-secrets
          secret:
            secretName: github-secrets
            defaultMode: 0444
      #initContainers:
      #  - name: reindex
      #    image: docker.benkard.de/mulk/gerrit:3.4.1-4
      #    command:
      #      - java
      #      - -jar
      #      - /var/gerrit/bin/gerrit.war
      #      - reindex
      #      - -d
      #      - /var/gerrit
      #    env:
      #      - name: _JAVA_OPTIONS
      #        value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
      #    volumeMounts:
      #      - name: index-data
      #        mountPath: /var/gerrit/index
      #      - name: git-data
      #        mountPath: /var/gerrit/git
      #      - name: cache-data
      #        mountPath: /var/gerrit/cache
      #      - name: etc-data
      #        mountPath: /var/gerrit/etc
      #      - name: secure-config
      #        mountPath: /var/gerrit/etc/secure.config
      #        readOnly: true
      #        subPath: secure.config
      #      - name: config
      #        mountPath: /var/gerrit/etc/gerrit.config
      #        readOnly: true
      #        subPath: gerrit.config
      containers:
        - name: master
          image: docker.benkard.de/mulk/gerrit:3.4.1-2

          # for running `init`:
          #
          #   java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit
          #
          # or the H2 console:
          #
          #   cd
          #   curl -O https://repo1.maven.org/maven2/com/h2database/h2/1.4.200/h2-1.4.200.jar
          #   java -jar h2-1.4.200.jar -url jdbc:h2:/var/gerrit/db/account_patch_reviews
          #
          #tty: true
          #stdin: true
          #command:
          #  - /bin/cat

          resources:
            limits:
              cpu: 2000m
              memory: 600Mi
            requests:
              cpu: 10m
              memory: 300Mi
          env:
            - name: _JAVA_OPTIONS
              value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
            - name: CANONICAL_WEB_URL
              value: https://gerrit.benkard.de/
          volumeMounts:
            - name: index-data
              mountPath: /var/gerrit/index
            - name: git-data
              mountPath: /var/gerrit/git
            - name: cache-data
              mountPath: /var/gerrit/cache
            - name: etc-data
              mountPath: /var/gerrit/etc
            - name: secure-config
              mountPath: /var/gerrit/etc/secure.config
              readOnly: true
              subPath: secure.config
            - name: github-secrets
              mountPath: /var/gerrit/.ssh
              readOnly: true
            #- name: config
            #  mountPath: /var/gerrit/etc/gerrit.config
            #  readOnly: true
            #  subPath: gerrit.config
          ports:
            - containerPort: 8080
              name: http
              protocol: TCP
            - containerPort: 29418
              name: ssh
              protocol: TCP
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: gerrit-config
  namespace: mulk
  labels:
    name: gerrit
    k8s-app: gerrit
data:
  gerrit.config: |
    [gerrit]
      basePath = git
      canonicalWebUrl = https://gerrit.benkard.de/
      serverId = 4f1749e7-9b7f-449e-acf9-5e80b87f8173
    
    [user]
      email = gerrit@benkard.de

    [database]
      type = postgresql
      hostname = postgresql.system
      database = gerrit
      username = gerrit
    
    [index]
      type = LUCENE
    
    [auth]
      type = OAUTH
      gitBasicAuth = false
      gitBasicAuthPolicy = HTTP
    
    [oauth]
      allowRegisterNewEmail = true

    [plugin "gerrit-oauth-provider-keycloak-oauth"]
      root-url = https://login.benkard.de
      client-id = gerrit
      realm = master

    [receiveemail]
      protocol = imap
      host = mail.benkard.de
      encryption = tls
      username = gerrit@benkard.de
      fetchInterval = 1m
      enableImapIdle = true
    
    [sendemail]
      smtpServer = mail.benkard.de
      smtpServerPort = 587
      from = MIXED
      smtpUser = gerrit@benkard.de
      importance = low
      replyToAddress = gerrit@benkard.de
      smtpEncryption = tls
    
    [sshd]
      listenAddress = *:29418
    
    [httpd]
      listenUrl = proxy-https://*:8080/
    
    [cache]
      directory = cache
    
    [container]
      user = root

    [receive]
      enableSignedPush = false

    [noteDb "changes"]
      autoMigrate = true

    [github]
      url = https://github.com
      apiUrl = https://api.github.com
      clientId = 062b430799c664e10928
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gerrit-git-data
  namespace: mulk
  labels:
    name: gerrit
    k8s-app: gerrit
  annotations:
    volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Mi
  storageClassName: local-path
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gerrit-etc-data
  namespace: mulk
  labels:
    name: gerrit
    k8s-app: gerrit
  annotations:
    volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Mi
  storageClassName: local-path
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gerrit-index-data
  namespace: mulk
  labels:
    name: gerrit
    k8s-app: gerrit
  annotations:
    volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Mi
  storageClassName: local-path
---