Merge "Use package structure for gerrit init scripts"
diff --git a/helm-charts/gerrit-replica/README.md b/helm-charts/gerrit-replica/README.md
index 06c0e2c..9693bd7 100644
--- a/helm-charts/gerrit-replica/README.md
+++ b/helm-charts/gerrit-replica/README.md
@@ -349,6 +349,7 @@
| `gerritReplica.maxUnavailable` | Max. percentage or number of pods allowed to be unavailable at a time | `100%` |
| `gerritReplica.livenessProbe` | Configuration of the liveness probe timings | `{initialDelaySeconds: 60, periodSeconds: 5}` |
| `gerritReplica.readinessProbe` | Configuration of the readiness probe timings | `{initialDelaySeconds: 10, periodSeconds: 10}` |
+| `gerritReplica.startupProbe` | Configuration of the startup probe timings | `{initialDelaySeconds: 10, periodSeconds: 5}` |
| `gerritReplica.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
| | | `requests.memory: 5Gi` |
| | | `limits.cpu: 1` |
diff --git a/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml b/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
index 6a2ece8..a0ab62d 100644
--- a/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
+++ b/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
@@ -213,6 +213,11 @@
path: /config/server/healthcheck~status
port: http
{{ toYaml .Values.gerritReplica.readinessProbe | indent 10 }}
+ startupProbe:
+ httpGet:
+ path: /config/server/healthcheck~status
+ port: http
+{{ toYaml .Values.gerritReplica.startupProbe | indent 10 }}
resources:
{{ toYaml .Values.gerritReplica.resources | indent 10 }}
{{ if .Values.promtailSidecar.enabled -}}
@@ -301,11 +306,6 @@
secret:
secretName: {{ .Release.Name }}-tls-ca
{{- end }}
- {{ if .Values.gerritReplica.service.ssh.enabled -}}
- - name: gerrit-replica-ssh
- secret:
- secretName: {{ .Release.Name }}-gerrit-replica-ssh-secret
- {{- end }}
{{ if .Values.promtailSidecar.enabled -}}
- name: promtail-config
configMap:
diff --git a/helm-charts/gerrit-replica/values.yaml b/helm-charts/gerrit-replica/values.yaml
index 06a790f..40dbfd7 100644
--- a/helm-charts/gerrit-replica/values.yaml
+++ b/helm-charts/gerrit-replica/values.yaml
@@ -228,6 +228,10 @@
initialDelaySeconds: 10
periodSeconds: 10
+ startupProbe:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+
# The memory limit has to be higher than the configures heap-size for Java!
resources:
requests:
diff --git a/helm-charts/gerrit/README.md b/helm-charts/gerrit/README.md
index 4b0ba8a..dc12a04 100644
--- a/helm-charts/gerrit/README.md
+++ b/helm-charts/gerrit/README.md
@@ -232,35 +232,39 @@
future.
***
-| Parameter | Description | Default |
-|----------------------------------------|-----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
-| `gerrit.images.gerritInit` | Image name of the Gerrit init container image | `k8s-gerrit/gerrit-init` |
-| `gerrit.images.gerrit` | Image name of the Gerrit container image | `k8s-gerrit/gerrit` |
-| `gerrit.replicas` | Number of replica pods to deploy | `1` |
-| `gerrit.updatePartition` | Number of pods to update simultaneously | `1` |
-| `gerrit.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
-| | | `requests.memory: 5Gi` |
-| | | `limits.cpu: 1` |
-| | | `limits.memory: 6Gi` |
-| `gerrit.persistence.enabled` | Whether to persist the Gerrit site | `true` |
-| `gerrit.persistence.size` | Storage size for persisted Gerrit site | `10Gi` |
-| `gerrit.livenessProbe` | Configuration of the liveness probe timings | `{initialDelaySeconds: 30, periodSeconds: 5}` |
-| `gerrit.readinessProbe` | Configuration of the readiness probe timings | `{initialDelaySeconds: 5, periodSeconds: 1}` |
-| `gerrit.networkPolicy.ingress` | Custom ingress-network policy for gerrit pods | `nil` |
-| `gerrit.networkPolicy.egress` | Custom egress-network policy for gerrit pods | `nil` |
-| `gerrit.service.type` | Which kind of Service to deploy | `NodePort` |
-| `gerrit.service.http.port` | Port over which to expose HTTP | `80` |
-| `gerrit.keystore` | base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit, when using SSL | `nil` |
-| `gerrit.index.type` | Index type used by Gerrit (either `lucene` or `elasticsearch`) | `lucene` |
-| `gerrit.plugins.packaged` | List of Gerrit plugins that are packaged into the Gerrit-war-file to install | `["commit-message-length-validator", "download-commands", "replication", "reviewnotes"]` |
-| `gerrit.plugins.downloaded` | List of Gerrit plugins that will be downloaded | `nil` |
-| `gerrit.plugins.downloaded[0].name` | Name of plugin | `nil` |
-| `gerrit.plugins.downloaded[0].url` | Download url of plugin | `nil` |
-| `gerrit.plugins.downloaded[0].sha1` | SHA1 sum of plugin jar used to ensure file integrity and version (optional) | `nil` |
-| `gerrit.plugins.cache.enabled` | Whether to cache downloaded plugins | `false` |
-| `gerrit.plugins.cache.size` | Size of the volume used to store cached plugins | `1Gi` |
-| `gerrit.etc.config` | Map of config files (e.g. `gerrit.config`) that will be mounted to `$GERRIT_SITE/etc`by a ConfigMap | `{gerrit.config: ..., replication.config: ...}`[see here](#Gerrit-config-files) |
-| `gerrit.etc.secret` | Map of config files (e.g. `secure.config`) that will be mounted to `$GERRIT_SITE/etc`by a Secret | `{secure.config: ...}` [see here](#Gerrit-config-files) |
+| Parameter | Description | Default |
+|-------------------------------------|-----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
+| `gerrit.images.gerritInit` | Image name of the Gerrit init container image | `k8s-gerrit/gerrit-init` |
+| `gerrit.images.gerrit` | Image name of the Gerrit container image | `k8s-gerrit/gerrit` |
+| `gerrit.replicas` | Number of replica pods to deploy | `1` |
+| `gerrit.updatePartition` | Number of pods to update simultaneously | `1` |
+| `gerrit.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
+| | | `requests.memory: 5Gi` |
+| | | `limits.cpu: 1` |
+| | | `limits.memory: 6Gi` |
+| `gerrit.persistence.enabled` | Whether to persist the Gerrit site | `true` |
+| `gerrit.persistence.size` | Storage size for persisted Gerrit site | `10Gi` |
+| `gerrit.livenessProbe` | Configuration of the liveness probe timings | `{initialDelaySeconds: 30, periodSeconds: 5}` |
+| `gerrit.readinessProbe` | Configuration of the readiness probe timings | `{initialDelaySeconds: 5, periodSeconds: 1}` |
+| `gerrit.startupProbe` | Configuration of the startup probe timings | `{initialDelaySeconds: 10, periodSeconds: 5}` |
+| `gerrit.networkPolicy.ingress` | Custom ingress-network policy for gerrit pods | `nil` |
+| `gerrit.networkPolicy.egress` | Custom egress-network policy for gerrit pods | `nil` |
+| `gerrit.service.type` | Which kind of Service to deploy | `NodePort` |
+| `gerrit.service.http.port` | Port over which to expose HTTP | `80` |
+| `gerrit.service.ssh.enabled` | Whether to enable SSH | `false` |
+| `gerrit.service.ssh.port` | Port over which to expose SSH | `29418` |
+| `gerrit.service.ssh.rsaKey` | Private SSH key in RSA format | `-----BEGIN RSA PRIVATE KEY-----` |
+| `gerrit.keystore` | base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit, when using SSL | `nil` |
+| `gerrit.index.type` | Index type used by Gerrit (either `lucene` or `elasticsearch`) | `lucene` |
+| `gerrit.plugins.packaged` | List of Gerrit plugins that are packaged into the Gerrit-war-file to install | `["commit-message-length-validator", "download-commands", "replication", "reviewnotes"]` |
+| `gerrit.plugins.downloaded` | List of Gerrit plugins that will be downloaded | `nil` |
+| `gerrit.plugins.downloaded[0].name` | Name of plugin | `nil` |
+| `gerrit.plugins.downloaded[0].url` | Download url of plugin | `nil` |
+| `gerrit.plugins.downloaded[0].sha1` | SHA1 sum of plugin jar used to ensure file integrity and version (optional) | `nil` |
+| `gerrit.plugins.cache.enabled` | Whether to cache downloaded plugins | `false` |
+| `gerrit.plugins.cache.size` | Size of the volume used to store cached plugins | `1Gi` |
+| `gerrit.etc.config` | Map of config files (e.g. `gerrit.config`) that will be mounted to `$GERRIT_SITE/etc`by a ConfigMap | `{gerrit.config: ..., replication.config: ...}`[see here](#Gerrit-config-files) |
+| `gerrit.etc.secret` | Map of config files (e.g. `secure.config`) that will be mounted to `$GERRIT_SITE/etc`by a Secret | `{secure.config: ...}` [see here](#Gerrit-config-files) |
### Gerrit config files
diff --git a/helm-charts/gerrit/templates/gerrit.secrets.yaml b/helm-charts/gerrit/templates/gerrit.secrets.yaml
index 4d67840..9ccb233 100644
--- a/helm-charts/gerrit/templates/gerrit.secrets.yaml
+++ b/helm-charts/gerrit/templates/gerrit.secrets.yaml
@@ -11,6 +11,9 @@
{{ if .Values.gerrit.keystore -}}
keystore: {{ .Values.gerrit.keystore }}
{{- end }}
+ {{ if .Values.gerrit.service.ssh.enabled -}}
+ ssh_host_rsa_key: {{ .Values.gerrit.service.ssh.rsaKey | b64enc }}
+ {{- end }}
{{- range $key, $value := .Values.gerrit.etc.secret }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
diff --git a/helm-charts/gerrit/templates/gerrit.service.yaml b/helm-charts/gerrit/templates/gerrit.service.yaml
index 4fab1ef..dc51f8e 100644
--- a/helm-charts/gerrit/templates/gerrit.service.yaml
+++ b/helm-charts/gerrit/templates/gerrit.service.yaml
@@ -13,6 +13,11 @@
- name: http
port: {{ .http.port }}
targetPort: 8080
+ {{- if .ssh.enabled }}
+ - name: ssh
+ port: {{ .ssh.port }}
+ targetPort: 29418
+ {{- end }}
selector:
app: gerrit
type: {{ .type }}
diff --git a/helm-charts/gerrit/templates/gerrit.stateful-set.yaml b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
index e38533f..e22c71b 100644
--- a/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
+++ b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
@@ -80,6 +80,10 @@
-s /var/gerrit \
init
+ {{ if .Values.gerrit.service.ssh.enabled -}}
+ rm -f /var/gerrit/etc/ssh_host*key*
+ {{- end }}
+
symlink_config_to_site
{{ if not .Values.gerrit.persistence.enabled -}}
@@ -126,6 +130,10 @@
ports:
- name: gerrit-port
containerPort: 8080
+ {{- if .Values.gerrit.service.ssh.enabled }}
+ - name: gerrit-ssh
+ containerPort: 29418
+ {{- end }}
volumeMounts:
- name: gerrit-site
mountPath: "/var/gerrit"
@@ -151,6 +159,11 @@
path: /config/server/healthcheck~status
port: gerrit-port
{{ toYaml .Values.gerrit.readinessProbe | indent 10 }}
+ startupProbe:
+ httpGet:
+ path: /config/server/healthcheck~status
+ port: gerrit-port
+{{ toYaml .Values.gerrit.startupProbe | indent 10 }}
volumes:
{{ if not .Values.gerrit.persistence.enabled -}}
- name: gerrit-site
diff --git a/helm-charts/gerrit/values.yaml b/helm-charts/gerrit/values.yaml
index 506227a..a61b777 100644
--- a/helm-charts/gerrit/values.yaml
+++ b/helm-charts/gerrit/values.yaml
@@ -134,6 +134,10 @@
initialDelaySeconds: 5
periodSeconds: 1
+ startupProbe:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+
# The general NetworkPolicy rules implemented by this chart may be too restrictive
# for some setups, e.g. when trying to replicate to a Gerrit replica. Here
# custom rules may be added to whitelist some additional connections.
@@ -154,6 +158,13 @@
type: NodePort
http:
port: 80
+ ssh:
+ enabled: false
+ port: 29418
+ rsaKey: |-
+ -----BEGIN RSA PRIVATE KEY-----
+
+ -----END RSA PRIVATE KEY-----
# `gerrit.keystore` expects a base64-encoded Java-keystore
# Since Java keystores are binary files, adding the unencoded content and