blob: 28341e991ea0915feda16c6e5156cde3934cfe0c [file] [log] [blame]
---
apiVersion: v1
kind: Service
metadata:
name: gerrit-http
namespace: mulk
labels:
name: gerrit-http
k8s-app: gerrit
spec:
selector:
name: gerrit
type: ClusterIP
ports:
- name: http
port: 80
targetPort: http
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: gerrit-ssh
namespace: mulk
labels:
name: gerrit-ssh
k8s-app: gerrit
spec:
selector:
name: gerrit
type: NodePort
ports:
- name: ssh
port: 22
targetPort: ssh
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gerrit
namespace: mulk
labels:
name: gerrit
k8s-app: gerrit
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: gerrit.benkard.de
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: gerrit-http
port:
number: 80
tls:
- hosts:
- gerrit.benkard.de
secretName: gerrit-tls
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gerrit
namespace: mulk
labels:
name: gerrit
k8s-app: gerrit
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
k8s-app: gerrit
name: gerrit
template:
metadata:
labels:
name: gerrit
k8s-app: gerrit
spec:
imagePullSecrets:
- name: portus-token
volumes:
- name: index-data
persistentVolumeClaim:
claimName: gerrit-index-data
- name: git-data
persistentVolumeClaim:
claimName: gerrit-git-data
- name: cache-data
emptyDir: {}
- name: etc-data
persistentVolumeClaim:
claimName: gerrit-etc-data
- name: config
configMap:
name: gerrit-config
- name: secure-config
secret:
secretName: gerrit-secrets
- name: github-secrets
secret:
secretName: github-secrets
defaultMode: 0444
#initContainers:
# - name: reindex
# image: docker.benkard.de/mulk/gerrit:3.7.1-1
# command:
# - java
# - -jar
# - /var/gerrit/bin/gerrit.war
# - reindex
# - -d
# - /var/gerrit
## - --index
## - changes
# env:
# - name: _JAVA_OPTIONS
# value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
# volumeMounts:
# - name: index-data
# mountPath: /var/gerrit/index
# - name: git-data
# mountPath: /var/gerrit/git
# - name: cache-data
# mountPath: /var/gerrit/cache
# - name: etc-data
# mountPath: /var/gerrit/etc
# - name: secure-config
# mountPath: /var/gerrit/etc/secure.config
# readOnly: true
# subPath: secure.config
# - name: config
# mountPath: /var/gerrit/etc/gerrit.config
# readOnly: true
# subPath: gerrit.config
containers:
- name: master
image: docker.benkard.de/mulk/gerrit:3.7.1-1
# for running `init`:
#
# kubectl exec -ti deploy/gerrit -- java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit
#
# or the H2 console:
#
# cd
# curl -O https://repo1.maven.org/maven2/com/h2database/h2/1.4.200/h2-1.4.200.jar
# java -jar h2-1.4.200.jar -url jdbc:h2:/var/gerrit/db/account_patch_reviews
#
#tty: true
#stdin: true
#command:
# - /bin/cat
resources:
limits:
cpu: 2000m
memory: 600Mi
requests:
cpu: 10m
memory: 300Mi
env:
- name: _JAVA_OPTIONS
value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
- name: CANONICAL_WEB_URL
value: https://gerrit.benkard.de/
volumeMounts:
- name: index-data
mountPath: /var/gerrit/index
- name: git-data
mountPath: /var/gerrit/git
- name: cache-data
mountPath: /var/gerrit/cache
- name: etc-data
mountPath: /var/gerrit/etc
- name: secure-config
mountPath: /var/gerrit/etc/secure.config
readOnly: true
subPath: secure.config
- name: github-secrets
mountPath: /var/gerrit/.ssh
readOnly: true
#- name: config
# mountPath: /var/gerrit/etc/gerrit.config
# readOnly: true
# subPath: gerrit.config
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 29418
name: ssh
protocol: TCP
---
kind: ConfigMap
apiVersion: v1
metadata:
name: gerrit-config
namespace: mulk
labels:
name: gerrit
k8s-app: gerrit
data:
gerrit.config: |
[gerrit]
basePath = git
canonicalWebUrl = https://gerrit.benkard.de/
serverId = 4f1749e7-9b7f-449e-acf9-5e80b87f8173
[user]
email = gerrit@benkard.de
[database]
type = postgresql
hostname = postgresql.system
database = gerrit
username = gerrit
[index]
type = LUCENE
[auth]
type = OAUTH
gitBasicAuth = false
gitBasicAuthPolicy = HTTP
[oauth]
allowRegisterNewEmail = true
[plugin "gerrit-oauth-provider-keycloak-oauth"]
root-url = https://login.benkard.de
client-id = gerrit
realm = master
[receiveemail]
protocol = imap
host = mail.benkard.de
encryption = tls
username = gerrit@benkard.de
fetchInterval = 1m
enableImapIdle = true
[sendemail]
smtpServer = mail.benkard.de
smtpServerPort = 587
from = MIXED
smtpUser = gerrit@benkard.de
importance = low
replyToAddress = gerrit@benkard.de
smtpEncryption = tls
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-https://*:8080/
[cache]
directory = cache
[container]
user = root
[receive]
enableSignedPush = false
[noteDb "changes"]
autoMigrate = true
[github]
url = https://github.com
apiUrl = https://api.github.com
clientId = 062b430799c664e10928
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gerrit-git-data
namespace: mulk
labels:
name: gerrit
k8s-app: gerrit
annotations:
volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Mi
storageClassName: local-path
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gerrit-etc-data
namespace: mulk
labels:
name: gerrit
k8s-app: gerrit
annotations:
volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Mi
storageClassName: local-path
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gerrit-index-data
namespace: mulk
labels:
name: gerrit
k8s-app: gerrit
annotations:
volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Mi
storageClassName: local-path
---