Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 20643dbc6a57e759b83d5fda4f61391080dba49c / . / gerrit / gerrit-k8s.yaml
blob: 92d5966be6678952f42f112ba3fcb14c39069b69 [file] [log] [blame]
Matthias Andreas Benkard68034de2021-09-05 11:25:35 +0200[diff] [blame]1---
2apiVersion: v1
3kind: Service
4metadata:
5 name: gerrit-http
6 namespace: mulk
7 labels:
8 name: gerrit-http
9 k8s-app: gerrit
10spec:
11 selector:
12 name: gerrit
13 type: ClusterIP
14 ports:
15 - name: http
16 port: 80
17 targetPort: http
18 protocol: TCP
19---
20apiVersion: v1
21kind: Service
22metadata:
23 name: gerrit-ssh
24 namespace: mulk
25 labels:
26 name: gerrit-ssh
27 k8s-app: gerrit
28spec:
29 selector:
30 name: gerrit
31 type: NodePort
32 ports:
33 - name: ssh
34 port: 22
35 targetPort: ssh
36 protocol: TCP
37---
38apiVersion: networking.k8s.io/v1
39kind: Ingress
40metadata:
41 name: gerrit
42 namespace: mulk
43 labels:
44 name: gerrit
45 k8s-app: gerrit
46 annotations:
47 cert-manager.io/cluster-issuer: letsencrypt-prod
48 kubernetes.io/ingress.class: nginx
49spec:
50 rules:
51 - host: gerrit.benkard.de
52 http:
53 paths:
54 - path: /
55 pathType: ImplementationSpecific
56 backend:
57 service:
58 name: gerrit-http
59 port:
60 number: 80
61 tls:
62 - hosts:
63 - gerrit.benkard.de
64 secretName: gerrit-tls
65---
66apiVersion: apps/v1
67kind: Deployment
68metadata:
69 name: gerrit
70 namespace: mulk
71 labels:
72 name: gerrit
73 k8s-app: gerrit
74spec:
75 replicas: 1
76 strategy:
77 type: Recreate
78 selector:
79 matchLabels:
80 k8s-app: gerrit
81 name: gerrit
82 template:
83 metadata:
84 labels:
85 name: gerrit
86 k8s-app: gerrit
87 spec:
88 imagePullSecrets:
89 - name: portus-token
90 volumes:
91 - name: index-data
92 persistentVolumeClaim:
93 claimName: gerrit-index-data
94 - name: git-data
95 persistentVolumeClaim:
96 claimName: gerrit-git-data
97 - name: cache-data
98 emptyDir: {}
99 - name: etc-data
100 persistentVolumeClaim:
101 claimName: gerrit-etc-data
102 - name: config
103 configMap:
104 name: gerrit-config
105 - name: secure-config
106 secret:
107 secretName: gerrit-secrets
108 - name: github-secrets
109 secret:
110 secretName: github-secrets
111 defaultMode: 0444
112 #initContainers:
113 # - name: reindex
114 # image: docker.benkard.de/mulk/gerrit:3.4.1-4
115 # command:
116 # - java
117 # - -jar
118 # - /var/gerrit/bin/gerrit.war
119 # - reindex
120 # - -d
121 # - /var/gerrit
122 # env:
123 # - name: _JAVA_OPTIONS
124 # value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
125 # volumeMounts:
126 # - name: index-data
127 # mountPath: /var/gerrit/index
128 # - name: git-data
129 # mountPath: /var/gerrit/git
130 # - name: cache-data
131 # mountPath: /var/gerrit/cache
132 # - name: etc-data
133 # mountPath: /var/gerrit/etc
134 # - name: secure-config
135 # mountPath: /var/gerrit/etc/secure.config
136 # readOnly: true
137 # subPath: secure.config
138 # - name: config
139 # mountPath: /var/gerrit/etc/gerrit.config
140 # readOnly: true
141 # subPath: gerrit.config
142 containers:
143 - name: master
144 image: docker.benkard.de/mulk/gerrit:3.4.1-2
145
146 # for running `init`:
147 #
148 # java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit
149 #
150 # or the H2 console:
151 #
152 # cd
153 # curl -O https://repo1.maven.org/maven2/com/h2database/h2/1.4.200/h2-1.4.200.jar
154 # java -jar h2-1.4.200.jar -url jdbc:h2:/var/gerrit/db/account_patch_reviews
155 #
156 #tty: true
157 #stdin: true
158 #command:
159 # - /bin/cat
160
161 resources:
162 limits:
163 cpu: 2000m
164 memory: 600Mi
165 requests:
166 cpu: 10m
167 memory: 300Mi
168 env:
169 - name: _JAVA_OPTIONS
170 value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC
171 - name: CANONICAL_WEB_URL
172 value: https://gerrit.benkard.de/
173 volumeMounts:
174 - name: index-data
175 mountPath: /var/gerrit/index
176 - name: git-data
177 mountPath: /var/gerrit/git
178 - name: cache-data
179 mountPath: /var/gerrit/cache
180 - name: etc-data
181 mountPath: /var/gerrit/etc
182 - name: secure-config
183 mountPath: /var/gerrit/etc/secure.config
184 readOnly: true
185 subPath: secure.config
186 - name: github-secrets
187 mountPath: /var/gerrit/.ssh
188 readOnly: true
189 #- name: config
190 # mountPath: /var/gerrit/etc/gerrit.config
191 # readOnly: true
192 # subPath: gerrit.config
193 ports:
194 - containerPort: 8080
195 name: http
196 protocol: TCP
197 - containerPort: 29418
198 name: ssh
199 protocol: TCP
200---
201kind: ConfigMap
202apiVersion: v1
203metadata:
204 name: gerrit-config
205 namespace: mulk
206 labels:
207 name: gerrit
208 k8s-app: gerrit
209data:
210 gerrit.config: |
211 [gerrit]
212 basePath = git
213 canonicalWebUrl = https://gerrit.benkard.de/
214 serverId = 4f1749e7-9b7f-449e-acf9-5e80b87f8173
215
216 [user]
217 email = gerrit@benkard.de
218
219 [database]
220 type = postgresql
221 hostname = postgresql.system
222 database = gerrit
223 username = gerrit
224
225 [index]
226 type = LUCENE
227
228 [auth]
229 type = OAUTH
230 gitBasicAuth = false
231 gitBasicAuthPolicy = HTTP
232
233 [oauth]
234 allowRegisterNewEmail = true
235
236 [plugin "gerrit-oauth-provider-keycloak-oauth"]
237 root-url = https://login.benkard.de
238 client-id = gerrit
239 realm = master
240
241 [receiveemail]
242 protocol = imap
243 host = mail.benkard.de
244 encryption = tls
245 username = gerrit@benkard.de
246 fetchInterval = 1m
247 enableImapIdle = true
248
249 [sendemail]
250 smtpServer = mail.benkard.de
251 smtpServerPort = 587
252 from = MIXED
253 smtpUser = gerrit@benkard.de
254 importance = low
255 replyToAddress = gerrit@benkard.de
256 smtpEncryption = tls
257
258 [sshd]
259 listenAddress = *:29418
260
261 [httpd]
262 listenUrl = proxy-https://*:8080/
263
264 [cache]
265 directory = cache
266
267 [container]
268 user = root
269
270 [receive]
271 enableSignedPush = false
272
273 [noteDb "changes"]
274 autoMigrate = true
275
276 [github]
277 url = https://github.com
278 apiUrl = https://api.github.com
279 clientId = 062b430799c664e10928
280---
281apiVersion: v1
282kind: PersistentVolumeClaim
283metadata:
284 name: gerrit-git-data
285 namespace: mulk
286 labels:
287 name: gerrit
288 k8s-app: gerrit
289 annotations:
290 volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
291spec:
292 accessModes:
293 - ReadWriteOnce
294 resources:
295 requests:
296 storage: 20Mi
297 storageClassName: local-path
298---
299apiVersion: v1
300kind: PersistentVolumeClaim
301metadata:
302 name: gerrit-etc-data
303 namespace: mulk
304 labels:
305 name: gerrit
306 k8s-app: gerrit
307 annotations:
308 volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
309spec:
310 accessModes:
311 - ReadWriteOnce
312 resources:
313 requests:
314 storage: 20Mi
315 storageClassName: local-path
316---
317apiVersion: v1
318kind: PersistentVolumeClaim
319metadata:
320 name: gerrit-index-data
321 namespace: mulk
322 labels:
323 name: gerrit
324 k8s-app: gerrit
325 annotations:
326 volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
327spec:
328 accessModes:
329 - ReadWriteOnce
330 resources:
331 requests:
332 storage: 20Mi
333 storageClassName: local-path
334---