gerrit/gerrit-k8s.yaml - kubeia - Gitiles

 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: gerrit-http
   namespace: mulk
   labels:
     name: gerrit-http
     k8s-app: gerrit
 spec:
   selector:
     name: gerrit
   type: ClusterIP
   ports:
    - name: http
      port: 80
      targetPort: http
      protocol: TCP
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: gerrit-ssh
   namespace: mulk
   labels:
     name: gerrit-ssh
     k8s-app: gerrit
 spec:
   selector:
     name: gerrit
   type: NodePort
   ports:
    - name: ssh
      port: 22
      targetPort: ssh
      protocol: TCP
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: gerrit
   namespace: mulk
   labels:
     name: gerrit
     k8s-app: gerrit
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     kubernetes.io/ingress.class: nginx
 spec:
   rules:
   - host: gerrit.benkard.de
     http:
       paths:
       - path: /
         pathType: ImplementationSpecific
         backend:
           service:
             name: gerrit-http
             port:
               number: 80
   tls:
   - hosts:
     - gerrit.benkard.de
     secretName: gerrit-tls
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: gerrit
   namespace: mulk
   labels:
     name: gerrit
     k8s-app: gerrit
 spec:
   replicas: 1
   strategy:
     type: Recreate
   selector:
     matchLabels:
       k8s-app: gerrit
       name: gerrit
   template:
     metadata:
       labels:
         name: gerrit
         k8s-app: gerrit
     spec:
       imagePullSecrets:
         - name: portus-token
       volumes:
         - name: index-data
           persistentVolumeClaim:
             claimName: gerrit-index-data
         - name: git-data
           persistentVolumeClaim:
             claimName: gerrit-git-data
         - name: cache-data
           emptyDir: {}
         - name: etc-data
           persistentVolumeClaim:
             claimName: gerrit-etc-data
         - name: config
           configMap:
             name: gerrit-config
         - name: secure-config
           secret:
             secretName: gerrit-secrets
         - name: github-secrets
           secret:
             secretName: github-secrets
             defaultMode: 0444
       #initContainers:
       #  - name: reindex
       #    image: docker.benkard.de/mulk/gerrit:3.4.1-4
       #    command:
       #      - java
       #      - -jar
       #      - /var/gerrit/bin/gerrit.war
       #      - reindex
       #      - -d
       #      - /var/gerrit
       #    env:
       #      - name: _JAVA_OPTIONS
       #        value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
       #    volumeMounts:
       #      - name: index-data
       #        mountPath: /var/gerrit/index
       #      - name: git-data
       #        mountPath: /var/gerrit/git
       #      - name: cache-data
       #        mountPath: /var/gerrit/cache
       #      - name: etc-data
       #        mountPath: /var/gerrit/etc
       #      - name: secure-config
       #        mountPath: /var/gerrit/etc/secure.config
       #        readOnly: true
       #        subPath: secure.config
       #      - name: config
       #        mountPath: /var/gerrit/etc/gerrit.config
       #        readOnly: true
       #        subPath: gerrit.config
       containers:
         - name: master
           image: docker.benkard.de/mulk/gerrit:3.4.1-2

           # for running `init`:
           #
           #   java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit
           #
           # or the H2 console:
           #
           #   cd
           #   curl -O https://repo1.maven.org/maven2/com/h2database/h2/1.4.200/h2-1.4.200.jar
           #   java -jar h2-1.4.200.jar -url jdbc:h2:/var/gerrit/db/account_patch_reviews
           #
           #tty: true
           #stdin: true
           #command:
           #  - /bin/cat

           resources:
             limits:
               cpu: 2000m
               memory: 600Mi
             requests:
               cpu: 10m
               memory: 300Mi
           env:
             - name: _JAVA_OPTIONS
               value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
             - name: CANONICAL_WEB_URL
               value: https://gerrit.benkard.de/
           volumeMounts:
             - name: index-data
               mountPath: /var/gerrit/index
             - name: git-data
               mountPath: /var/gerrit/git
             - name: cache-data
               mountPath: /var/gerrit/cache
             - name: etc-data
               mountPath: /var/gerrit/etc
             - name: secure-config
               mountPath: /var/gerrit/etc/secure.config
               readOnly: true
               subPath: secure.config
             - name: github-secrets
               mountPath: /var/gerrit/.ssh
               readOnly: true
             #- name: config
             #  mountPath: /var/gerrit/etc/gerrit.config
             #  readOnly: true
             #  subPath: gerrit.config
           ports:
             - containerPort: 8080
               name: http
               protocol: TCP
             - containerPort: 29418
               name: ssh
               protocol: TCP
 ---
 kind: ConfigMap
 apiVersion: v1
 metadata:
   name: gerrit-config
   namespace: mulk
   labels:
     name: gerrit
     k8s-app: gerrit
 data:
   gerrit.config: |
     [gerrit]
       basePath = git
       canonicalWebUrl = https://gerrit.benkard.de/
       serverId = 4f1749e7-9b7f-449e-acf9-5e80b87f8173

     [user]
       email = gerrit@benkard.de

     [database]
       type = postgresql
       hostname = postgresql.system
       database = gerrit
       username = gerrit

     [index]
       type = LUCENE

     [auth]
       type = OAUTH
       gitBasicAuth = false
       gitBasicAuthPolicy = HTTP

     [oauth]
       allowRegisterNewEmail = true

     [plugin "gerrit-oauth-provider-keycloak-oauth"]
       root-url = https://login.benkard.de
       client-id = gerrit
       realm = master

     [receiveemail]
       protocol = imap
       host = mail.benkard.de
       encryption = tls
       username = gerrit@benkard.de
       fetchInterval = 1m
       enableImapIdle = true

     [sendemail]
       smtpServer = mail.benkard.de
       smtpServerPort = 587
       from = MIXED
       smtpUser = gerrit@benkard.de
       importance = low
       replyToAddress = gerrit@benkard.de
       smtpEncryption = tls

     [sshd]
       listenAddress = *:29418

     [httpd]
       listenUrl = proxy-https://*:8080/

     [cache]
       directory = cache

     [container]
       user = root

     [receive]
       enableSignedPush = false

     [noteDb "changes"]
       autoMigrate = true

     [github]
       url = https://github.com
       apiUrl = https://api.github.com
       clientId = 062b430799c664e10928
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: gerrit-git-data
   namespace: mulk
   labels:
     name: gerrit
     k8s-app: gerrit
   annotations:
     volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
 spec:
   accessModes:
   - ReadWriteOnce
   resources:
     requests:
       storage: 20Mi
   storageClassName: local-path
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: gerrit-etc-data
   namespace: mulk
   labels:
     name: gerrit
     k8s-app: gerrit
   annotations:
     volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
 spec:
   accessModes:
   - ReadWriteOnce
   resources:
     requests:
       storage: 20Mi
   storageClassName: local-path
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: gerrit-index-data
   namespace: mulk
   labels:
     name: gerrit
     k8s-app: gerrit
   annotations:
     volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
 spec:
   accessModes:
   - ReadWriteOnce
   resources:
     requests:
       storage: 20Mi
   storageClassName: local-path
 ---
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: gerrit-http
	namespace: mulk
	labels:
	name: gerrit-http
	k8s-app: gerrit
	spec:
	selector:
	name: gerrit
	type: ClusterIP
	ports:
	- name: http
	port: 80
	targetPort: http
	protocol: TCP
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: gerrit-ssh
	namespace: mulk
	labels:
	name: gerrit-ssh
	k8s-app: gerrit
	spec:
	selector:
	name: gerrit
	type: NodePort
	ports:
	- name: ssh
	port: 22
	targetPort: ssh
	protocol: TCP
	---
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: gerrit
	namespace: mulk
	labels:
	name: gerrit
	k8s-app: gerrit
	annotations:
	cert-manager.io/cluster-issuer: letsencrypt-prod
	kubernetes.io/ingress.class: nginx
	spec:
	rules:
	- host: gerrit.benkard.de
	http:
	paths:
	- path: /
	pathType: ImplementationSpecific
	backend:
	service:
	name: gerrit-http
	port:
	number: 80
	tls:
	- hosts:
	- gerrit.benkard.de
	secretName: gerrit-tls
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: gerrit
	namespace: mulk
	labels:
	name: gerrit
	k8s-app: gerrit
	spec:
	replicas: 1
	strategy:
	type: Recreate
	selector:
	matchLabels:
	k8s-app: gerrit
	name: gerrit
	template:
	metadata:
	labels:
	name: gerrit
	k8s-app: gerrit
	spec:
	imagePullSecrets:
	- name: portus-token
	volumes:
	- name: index-data
	persistentVolumeClaim:
	claimName: gerrit-index-data
	- name: git-data
	persistentVolumeClaim:
	claimName: gerrit-git-data
	- name: cache-data
	emptyDir: {}
	- name: etc-data
	persistentVolumeClaim:
	claimName: gerrit-etc-data
	- name: config
	configMap:
	name: gerrit-config
	- name: secure-config
	secret:
	secretName: gerrit-secrets
	- name: github-secrets
	secret:
	secretName: github-secrets
	defaultMode: 0444
	#initContainers:
	# - name: reindex
	# image: docker.benkard.de/mulk/gerrit:3.4.1-4
	# command:
	# - java
	# - -jar
	# - /var/gerrit/bin/gerrit.war
	# - reindex
	# - -d
	# - /var/gerrit
	# env:
	# - name: _JAVA_OPTIONS
	# value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
	# volumeMounts:
	# - name: index-data
	# mountPath: /var/gerrit/index
	# - name: git-data
	# mountPath: /var/gerrit/git
	# - name: cache-data
	# mountPath: /var/gerrit/cache
	# - name: etc-data
	# mountPath: /var/gerrit/etc
	# - name: secure-config
	# mountPath: /var/gerrit/etc/secure.config
	# readOnly: true
	# subPath: secure.config
	# - name: config
	# mountPath: /var/gerrit/etc/gerrit.config
	# readOnly: true
	# subPath: gerrit.config
	containers:
	- name: master
	image: docker.benkard.de/mulk/gerrit:3.4.1-2

	# for running `init`:
	#
	# java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit
	#
	# or the H2 console:
	#
	# cd
	# curl -O https://repo1.maven.org/maven2/com/h2database/h2/1.4.200/h2-1.4.200.jar
	# java -jar h2-1.4.200.jar -url jdbc:h2:/var/gerrit/db/account_patch_reviews
	#
	#tty: true
	#stdin: true
	#command:
	# - /bin/cat

	resources:
	limits:
	cpu: 2000m
	memory: 600Mi
	requests:
	cpu: 10m
	memory: 300Mi
	env:
	- name: _JAVA_OPTIONS
	value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
	- name: CANONICAL_WEB_URL
	value: https://gerrit.benkard.de/
	volumeMounts:
	- name: index-data
	mountPath: /var/gerrit/index
	- name: git-data
	mountPath: /var/gerrit/git
	- name: cache-data
	mountPath: /var/gerrit/cache
	- name: etc-data
	mountPath: /var/gerrit/etc
	- name: secure-config
	mountPath: /var/gerrit/etc/secure.config
	readOnly: true
	subPath: secure.config
	- name: github-secrets
	mountPath: /var/gerrit/.ssh
	readOnly: true
	#- name: config
	# mountPath: /var/gerrit/etc/gerrit.config
	# readOnly: true
	# subPath: gerrit.config
	ports:
	- containerPort: 8080
	name: http
	protocol: TCP
	- containerPort: 29418
	name: ssh
	protocol: TCP
	---
	kind: ConfigMap
	apiVersion: v1
	metadata:
	name: gerrit-config
	namespace: mulk
	labels:
	name: gerrit
	k8s-app: gerrit
	data:
	gerrit.config: \|
	[gerrit]
	basePath = git
	canonicalWebUrl = https://gerrit.benkard.de/
	serverId = 4f1749e7-9b7f-449e-acf9-5e80b87f8173

	[user]
	email = gerrit@benkard.de

	[database]
	type = postgresql
	hostname = postgresql.system
	database = gerrit
	username = gerrit

	[index]
	type = LUCENE

	[auth]
	type = OAUTH
	gitBasicAuth = false
	gitBasicAuthPolicy = HTTP

	[oauth]
	allowRegisterNewEmail = true

	[plugin "gerrit-oauth-provider-keycloak-oauth"]
	root-url = https://login.benkard.de
	client-id = gerrit
	realm = master

	[receiveemail]
	protocol = imap
	host = mail.benkard.de
	encryption = tls
	username = gerrit@benkard.de
	fetchInterval = 1m
	enableImapIdle = true

	[sendemail]
	smtpServer = mail.benkard.de
	smtpServerPort = 587
	from = MIXED
	smtpUser = gerrit@benkard.de
	importance = low
	replyToAddress = gerrit@benkard.de
	smtpEncryption = tls

	[sshd]
	listenAddress = *:29418

	[httpd]
	listenUrl = proxy-https://*:8080/

	[cache]
	directory = cache

	[container]
	user = root

	[receive]
	enableSignedPush = false

	[noteDb "changes"]
	autoMigrate = true

	[github]
	url = https://github.com
	apiUrl = https://api.github.com
	clientId = 062b430799c664e10928
	---
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	name: gerrit-git-data
	namespace: mulk
	labels:
	name: gerrit
	k8s-app: gerrit
	annotations:
	volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
	spec:
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 20Mi
	storageClassName: local-path
	---
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	name: gerrit-etc-data
	namespace: mulk
	labels:
	name: gerrit
	k8s-app: gerrit
	annotations:
	volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
	spec:
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 20Mi
	storageClassName: local-path
	---
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	name: gerrit-index-data
	namespace: mulk
	labels:
	name: gerrit
	k8s-app: gerrit
	annotations:
	volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
	spec:
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 20Mi
	storageClassName: local-path
	---