| Matthias Andreas Benkard | 68034de | 2021-09-05 11:25:35 +0200 | [diff] [blame] | 1 | --- |
| 2 | apiVersion: v1 |
| 3 | kind: Service |
| 4 | metadata: |
| 5 | name: gerrit-http |
| 6 | namespace: mulk |
| 7 | labels: |
| 8 | name: gerrit-http |
| 9 | k8s-app: gerrit |
| 10 | spec: |
| 11 | selector: |
| 12 | name: gerrit |
| 13 | type: ClusterIP |
| 14 | ports: |
| 15 | - name: http |
| 16 | port: 80 |
| 17 | targetPort: http |
| 18 | protocol: TCP |
| 19 | --- |
| 20 | apiVersion: v1 |
| 21 | kind: Service |
| 22 | metadata: |
| 23 | name: gerrit-ssh |
| 24 | namespace: mulk |
| 25 | labels: |
| 26 | name: gerrit-ssh |
| 27 | k8s-app: gerrit |
| 28 | spec: |
| 29 | selector: |
| 30 | name: gerrit |
| 31 | type: NodePort |
| 32 | ports: |
| 33 | - name: ssh |
| 34 | port: 22 |
| 35 | targetPort: ssh |
| 36 | protocol: TCP |
| 37 | --- |
| 38 | apiVersion: networking.k8s.io/v1 |
| 39 | kind: Ingress |
| 40 | metadata: |
| 41 | name: gerrit |
| 42 | namespace: mulk |
| 43 | labels: |
| 44 | name: gerrit |
| 45 | k8s-app: gerrit |
| 46 | annotations: |
| 47 | cert-manager.io/cluster-issuer: letsencrypt-prod |
| 48 | kubernetes.io/ingress.class: nginx |
| 49 | spec: |
| 50 | rules: |
| 51 | - host: gerrit.benkard.de |
| 52 | http: |
| 53 | paths: |
| 54 | - path: / |
| 55 | pathType: ImplementationSpecific |
| 56 | backend: |
| 57 | service: |
| 58 | name: gerrit-http |
| 59 | port: |
| 60 | number: 80 |
| 61 | tls: |
| 62 | - hosts: |
| 63 | - gerrit.benkard.de |
| 64 | secretName: gerrit-tls |
| 65 | --- |
| 66 | apiVersion: apps/v1 |
| 67 | kind: Deployment |
| 68 | metadata: |
| 69 | name: gerrit |
| 70 | namespace: mulk |
| 71 | labels: |
| 72 | name: gerrit |
| 73 | k8s-app: gerrit |
| 74 | spec: |
| 75 | replicas: 1 |
| 76 | strategy: |
| 77 | type: Recreate |
| 78 | selector: |
| 79 | matchLabels: |
| 80 | k8s-app: gerrit |
| 81 | name: gerrit |
| 82 | template: |
| 83 | metadata: |
| 84 | labels: |
| 85 | name: gerrit |
| 86 | k8s-app: gerrit |
| 87 | spec: |
| 88 | imagePullSecrets: |
| 89 | - name: portus-token |
| 90 | volumes: |
| 91 | - name: index-data |
| 92 | persistentVolumeClaim: |
| 93 | claimName: gerrit-index-data |
| 94 | - name: git-data |
| 95 | persistentVolumeClaim: |
| 96 | claimName: gerrit-git-data |
| 97 | - name: cache-data |
| 98 | emptyDir: {} |
| 99 | - name: etc-data |
| 100 | persistentVolumeClaim: |
| 101 | claimName: gerrit-etc-data |
| 102 | - name: config |
| 103 | configMap: |
| 104 | name: gerrit-config |
| 105 | - name: secure-config |
| 106 | secret: |
| 107 | secretName: gerrit-secrets |
| 108 | - name: github-secrets |
| 109 | secret: |
| 110 | secretName: github-secrets |
| 111 | defaultMode: 0444 |
| 112 | #initContainers: |
| 113 | # - name: reindex |
| Matthias Andreas Benkard | afbaf69 | 2023-03-12 13:14:09 +0100 | [diff] [blame^] | 114 | # image: docker.benkard.de/mulk/gerrit:3.7.1-1 |
| Matthias Andreas Benkard | 68034de | 2021-09-05 11:25:35 +0200 | [diff] [blame] | 115 | # command: |
| 116 | # - java |
| 117 | # - -jar |
| 118 | # - /var/gerrit/bin/gerrit.war |
| 119 | # - reindex |
| 120 | # - -d |
| 121 | # - /var/gerrit |
| Matthias Andreas Benkard | afbaf69 | 2023-03-12 13:14:09 +0100 | [diff] [blame^] | 122 | ## - --index |
| 123 | ## - changes |
| Matthias Andreas Benkard | 68034de | 2021-09-05 11:25:35 +0200 | [diff] [blame] | 124 | # env: |
| 125 | # - name: _JAVA_OPTIONS |
| 126 | # value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC |
| 127 | # volumeMounts: |
| 128 | # - name: index-data |
| 129 | # mountPath: /var/gerrit/index |
| 130 | # - name: git-data |
| 131 | # mountPath: /var/gerrit/git |
| 132 | # - name: cache-data |
| 133 | # mountPath: /var/gerrit/cache |
| 134 | # - name: etc-data |
| 135 | # mountPath: /var/gerrit/etc |
| 136 | # - name: secure-config |
| 137 | # mountPath: /var/gerrit/etc/secure.config |
| 138 | # readOnly: true |
| 139 | # subPath: secure.config |
| 140 | # - name: config |
| 141 | # mountPath: /var/gerrit/etc/gerrit.config |
| 142 | # readOnly: true |
| 143 | # subPath: gerrit.config |
| 144 | containers: |
| 145 | - name: master |
| Matthias Andreas Benkard | afbaf69 | 2023-03-12 13:14:09 +0100 | [diff] [blame^] | 146 | image: docker.benkard.de/mulk/gerrit:3.7.1-1 |
| Matthias Andreas Benkard | 68034de | 2021-09-05 11:25:35 +0200 | [diff] [blame] | 147 | |
| 148 | # for running `init`: |
| 149 | # |
| Matthias Andreas Benkard | afbaf69 | 2023-03-12 13:14:09 +0100 | [diff] [blame^] | 150 | # kubectl exec -ti deploy/gerrit -- java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit |
| Matthias Andreas Benkard | 68034de | 2021-09-05 11:25:35 +0200 | [diff] [blame] | 151 | # |
| 152 | # or the H2 console: |
| 153 | # |
| 154 | # cd |
| 155 | # curl -O https://repo1.maven.org/maven2/com/h2database/h2/1.4.200/h2-1.4.200.jar |
| 156 | # java -jar h2-1.4.200.jar -url jdbc:h2:/var/gerrit/db/account_patch_reviews |
| 157 | # |
| 158 | #tty: true |
| 159 | #stdin: true |
| 160 | #command: |
| 161 | # - /bin/cat |
| 162 | |
| 163 | resources: |
| 164 | limits: |
| 165 | cpu: 2000m |
| 166 | memory: 600Mi |
| 167 | requests: |
| 168 | cpu: 10m |
| 169 | memory: 300Mi |
| 170 | env: |
| 171 | - name: _JAVA_OPTIONS |
| 172 | value: -Xmx300m -XX:MaxMetaspaceSize=150m -XX:+CMSClassUnloadingEnabled -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true -XX:+UnlockExperimentalVMOptions -XX:+UseSerialGC -XX:+UseCompressedOops -XX:+AlwaysPreTouch -XX:+ScavengeBeforeFullGC -XX:+DisableExplicitGC |
| 173 | - name: CANONICAL_WEB_URL |
| 174 | value: https://gerrit.benkard.de/ |
| 175 | volumeMounts: |
| 176 | - name: index-data |
| 177 | mountPath: /var/gerrit/index |
| 178 | - name: git-data |
| 179 | mountPath: /var/gerrit/git |
| 180 | - name: cache-data |
| 181 | mountPath: /var/gerrit/cache |
| 182 | - name: etc-data |
| 183 | mountPath: /var/gerrit/etc |
| 184 | - name: secure-config |
| 185 | mountPath: /var/gerrit/etc/secure.config |
| 186 | readOnly: true |
| 187 | subPath: secure.config |
| 188 | - name: github-secrets |
| 189 | mountPath: /var/gerrit/.ssh |
| 190 | readOnly: true |
| 191 | #- name: config |
| 192 | # mountPath: /var/gerrit/etc/gerrit.config |
| 193 | # readOnly: true |
| 194 | # subPath: gerrit.config |
| 195 | ports: |
| 196 | - containerPort: 8080 |
| 197 | name: http |
| 198 | protocol: TCP |
| 199 | - containerPort: 29418 |
| 200 | name: ssh |
| 201 | protocol: TCP |
| 202 | --- |
| 203 | kind: ConfigMap |
| 204 | apiVersion: v1 |
| 205 | metadata: |
| 206 | name: gerrit-config |
| 207 | namespace: mulk |
| 208 | labels: |
| 209 | name: gerrit |
| 210 | k8s-app: gerrit |
| 211 | data: |
| 212 | gerrit.config: | |
| 213 | [gerrit] |
| 214 | basePath = git |
| 215 | canonicalWebUrl = https://gerrit.benkard.de/ |
| 216 | serverId = 4f1749e7-9b7f-449e-acf9-5e80b87f8173 |
| 217 | |
| 218 | [user] |
| 219 | email = gerrit@benkard.de |
| 220 | |
| 221 | [database] |
| 222 | type = postgresql |
| 223 | hostname = postgresql.system |
| 224 | database = gerrit |
| 225 | username = gerrit |
| 226 | |
| 227 | [index] |
| 228 | type = LUCENE |
| 229 | |
| 230 | [auth] |
| 231 | type = OAUTH |
| 232 | gitBasicAuth = false |
| 233 | gitBasicAuthPolicy = HTTP |
| 234 | |
| 235 | [oauth] |
| 236 | allowRegisterNewEmail = true |
| 237 | |
| 238 | [plugin "gerrit-oauth-provider-keycloak-oauth"] |
| 239 | root-url = https://login.benkard.de |
| 240 | client-id = gerrit |
| 241 | realm = master |
| 242 | |
| 243 | [receiveemail] |
| 244 | protocol = imap |
| 245 | host = mail.benkard.de |
| 246 | encryption = tls |
| 247 | username = gerrit@benkard.de |
| 248 | fetchInterval = 1m |
| 249 | enableImapIdle = true |
| 250 | |
| 251 | [sendemail] |
| 252 | smtpServer = mail.benkard.de |
| 253 | smtpServerPort = 587 |
| 254 | from = MIXED |
| 255 | smtpUser = gerrit@benkard.de |
| 256 | importance = low |
| 257 | replyToAddress = gerrit@benkard.de |
| 258 | smtpEncryption = tls |
| 259 | |
| 260 | [sshd] |
| 261 | listenAddress = *:29418 |
| 262 | |
| 263 | [httpd] |
| 264 | listenUrl = proxy-https://*:8080/ |
| 265 | |
| 266 | [cache] |
| 267 | directory = cache |
| 268 | |
| 269 | [container] |
| 270 | user = root |
| 271 | |
| 272 | [receive] |
| 273 | enableSignedPush = false |
| 274 | |
| 275 | [noteDb "changes"] |
| 276 | autoMigrate = true |
| 277 | |
| 278 | [github] |
| 279 | url = https://github.com |
| 280 | apiUrl = https://api.github.com |
| 281 | clientId = 062b430799c664e10928 |
| 282 | --- |
| 283 | apiVersion: v1 |
| 284 | kind: PersistentVolumeClaim |
| 285 | metadata: |
| 286 | name: gerrit-git-data |
| 287 | namespace: mulk |
| 288 | labels: |
| 289 | name: gerrit |
| 290 | k8s-app: gerrit |
| 291 | annotations: |
| 292 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path |
| 293 | spec: |
| 294 | accessModes: |
| 295 | - ReadWriteOnce |
| 296 | resources: |
| 297 | requests: |
| 298 | storage: 20Mi |
| 299 | storageClassName: local-path |
| 300 | --- |
| 301 | apiVersion: v1 |
| 302 | kind: PersistentVolumeClaim |
| 303 | metadata: |
| 304 | name: gerrit-etc-data |
| 305 | namespace: mulk |
| 306 | labels: |
| 307 | name: gerrit |
| 308 | k8s-app: gerrit |
| 309 | annotations: |
| 310 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path |
| 311 | spec: |
| 312 | accessModes: |
| 313 | - ReadWriteOnce |
| 314 | resources: |
| 315 | requests: |
| 316 | storage: 20Mi |
| 317 | storageClassName: local-path |
| 318 | --- |
| 319 | apiVersion: v1 |
| 320 | kind: PersistentVolumeClaim |
| 321 | metadata: |
| 322 | name: gerrit-index-data |
| 323 | namespace: mulk |
| 324 | labels: |
| 325 | name: gerrit |
| 326 | k8s-app: gerrit |
| 327 | annotations: |
| 328 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path |
| 329 | spec: |
| 330 | accessModes: |
| 331 | - ReadWriteOnce |
| 332 | resources: |
| 333 | requests: |
| 334 | storage: 20Mi |
| 335 | storageClassName: local-path |
| 336 | --- |