Allow an arbitrary number of config-files for Gerrit
So far all possible configuration files were hard-coded into the helm
chart. This was not practical since some plugins require their own
config-file. Having always all configuration files, even without the
respective plugin installed, is impractical.
Now a map of configuration files, encoded or not, can be defined in the
values.yaml file and will be mounted to the $GERRIT_SITE/etc-directory.
Change-Id: I61534e7f8e2eb86c15456fee0a5699a98954b680
diff --git a/container-images/gerrit-replica/tools/start b/container-images/gerrit-replica/tools/start
index 9dfb11c..5433086 100755
--- a/container-images/gerrit-replica/tools/start
+++ b/container-images/gerrit-replica/tools/start
@@ -2,15 +2,14 @@
symlink_config_to_site(){
mkdir -p /var/gerrit/etc
- for file in keystore gerrit.config secure.config; do
- test -f /var/config/$file && \
- ln -sf /var/config/$file /var/gerrit/etc/$file
+ for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do
+ ln -sf $file /var/gerrit/etc/$(basename $file)
done
}
-# Ensure that configuration provided at /var/config is symlinked to the Gerrit
-# site. This is necessary, because mounting files from secrets/configmaps in
-# Kubernetes make the containing directory read-only.
+# Ensure that configuration provided at /var/mnt/config and /var/mnt/secret
+# is symlinked to the Gerrit site. This is necessary, because mounting files
+# from secrets/configmaps in Kubernetes make the containing directory read-only.
symlink_config_to_site
# workaround gerrit.sh does not start httpd
diff --git a/container-images/gerrit/tools/start b/container-images/gerrit/tools/start
index eddc1fd..05b76ba 100755
--- a/container-images/gerrit/tools/start
+++ b/container-images/gerrit/tools/start
@@ -2,15 +2,14 @@
symlink_config_to_site(){
mkdir -p /var/gerrit/etc
- for file in keystore gerrit.config secure.config replication.config; do
- test -f /var/config/$file && \
- ln -sf /var/config/$file /var/gerrit/etc/$file
+ for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do
+ ln -sf $file /var/gerrit/etc/$(basename $file)
done
}
-# Ensure that configuration provided at /var/config is symlinked to the Gerrit
-# site. This is necessary, because mounting files from secrets/configmaps in
-# Kubernetes make the containing directory read-only.
+# Ensure that configuration provided at /var/mnt/config and /var/mnt/secret
+# is symlinked to the Gerrit site. This is necessary, because mounting files
+# from secrets/configmaps in Kubernetes make the containing directory read-only.
symlink_config_to_site
java -jar /var/gerrit/bin/gerrit.war reindex \
diff --git a/helm-charts/gerrit-replica/README.md b/helm-charts/gerrit-replica/README.md
index 7c4d31a..c6939b2 100644
--- a/helm-charts/gerrit-replica/README.md
+++ b/helm-charts/gerrit-replica/README.md
@@ -254,45 +254,49 @@
is mandatory, if access to the Gerrit replica is required!
***
-| Parameter | Description | Default |
-|-----------------------------------------------|-------------------------------------------------------------------------------------------------|-----------------------------------|
-| `gerritReplica.images.gerritInit` | Image name of the Gerrit init container image | `k8s-gerrit/gerrit-init` |
-| `gerritReplica.images.gerritReplica` | Image name of the Gerrit replica container image | `k8s-gerrit/gerrit-replica` |
-| `gerritReplica.replicas` | Number of pod replicas to deploy | `1` |
-| `gerritReplica.maxSurge` | Max. percentage or number of pods allowed to be scheduled above the desired number | `25%` |
-| `gerritReplica.maxUnavailable` | Max. percentage or number of pods allowed to be unavailable at a time | `100%` |
-| `gerritReplica.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
-| | | `requests.memory: 5Gi` |
-| | | `limits.cpu: 1` |
-| | | `limits.memory: 6Gi` |
-| `gerritReplica.persistence.enabled` | Whether to persist the Gerrit site | `true` |
-| `gerritReplica.persistence.size` | Storage size for persisted Gerrit site | `10Gi` |
-| `gerritReplica.service.type` | Which kind of Service to deploy | `NodePort` |
-| `gerritReplica.service.http.port` | Port over which to expose HTTP | `80` |
-| `gerritReplica.service.ssh.enabled` | Whether to enable SSH for the Gerrit replica | `false` |
-| `gerritReplica.service.ssh.port` | Port for SSH | `29418` |
-| `gerritReplica.service.ssh.rsaKey` | Private SSH key in RSA format | `-----BEGIN RSA PRIVATE KEY-----` |
-| `gerritReplica.ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
-| `gerritReplica.ingress.additionalAnnotations` | Additional annotations for the Ingress | `nil` |
-| `gerritReplica.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
-| `gerritReplica.ingress.tls.secret.create` | Whether to create a TLS-secret | `true` |
-| `gerritReplica.ingress.tls.secret.name` | Name of an external secret that will be used as a TLS-secret | `nil` |
-| `gerritReplica.ingress.tls.secret.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
-| `gerritReplica.ingress.tls.secret.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
-| `gerritReplica.keystore` | base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit, when using SSL | `nil` |
-| `gerritReplica.config.gerrit` | The contents of the gerrit.config | [see here](#Gerrit-config-files) |
-| `gerritReplica.config.secure` | The contents of the secure.config | [see here](#Gerrit-config-files) |
+| Parameter | Description | Default |
+|-----------------------------------------------|-----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
+| `gerritReplica.images.gerritInit` | Image name of the Gerrit init container image | `k8s-gerrit/gerrit-init` |
+| `gerritReplica.images.gerritReplica` | Image name of the Gerrit replica container image | `k8s-gerrit/gerrit-replica` |
+| `gerritReplica.replicas` | Number of pod replicas to deploy | `1` |
+| `gerritReplica.maxSurge` | Max. percentage or number of pods allowed to be scheduled above the desired number | `25%` |
+| `gerritReplica.maxUnavailable` | Max. percentage or number of pods allowed to be unavailable at a time | `100%` |
+| `gerritReplica.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
+| | | `requests.memory: 5Gi` |
+| | | `limits.cpu: 1` |
+| | | `limits.memory: 6Gi` |
+| `gerritReplica.persistence.enabled` | Whether to persist the Gerrit site | `true` |
+| `gerritReplica.persistence.size` | Storage size for persisted Gerrit site | `10Gi` |
+| `gerritReplica.service.type` | Which kind of Service to deploy | `NodePort` |
+| `gerritReplica.service.http.port` | Port over which to expose HTTP | `80` |
+| `gerritReplica.service.ssh.enabled` | Whether to enable SSH for the Gerrit replica | `false` |
+| `gerritReplica.service.ssh.port` | Port for SSH | `29418` |
+| `gerritReplica.service.ssh.rsaKey` | Private SSH key in RSA format | `-----BEGIN RSA PRIVATE KEY-----` |
+| `gerritReplica.ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
+| `gerritReplica.ingress.additionalAnnotations` | Additional annotations for the Ingress | `nil` |
+| `gerritReplica.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
+| `gerritReplica.ingress.tls.secret.create` | Whether to create a TLS-secret | `true` |
+| `gerritReplica.ingress.tls.secret.name` | Name of an external secret that will be used as a TLS-secret | `nil` |
+| `gerritReplica.ingress.tls.secret.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
+| `gerritReplica.ingress.tls.secret.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+| `gerritReplica.keystore` | base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit, when using SSL | `nil` |
+| `gerritReplica.etc.config` | Map of config files (e.g. `gerrit.config`) that will be mounted to `$GERRIT_SITE/etc`by a ConfigMap | `{gerrit.config: ..., replication.config: ...}`[see here](#Gerrit-config-files) |
+| `gerritReplica.etc.secret` | Map of config files (e.g. `secure.config`) that will be mounted to `$GERRIT_SITE/etc`by a Secret | `{secure.config: ...}` [see here](#Gerrit-config-files) |
### Gerrit config files
-The gerrit-replica chart provides a ConfigMap containing the `gerrit.config` and a
-Secret containing the `secure.config` to configure the Gerrit installation in the
-Gerrit replica component. The content of the `gerrit.config` and `secure.config`
-can be set in the `values.yaml` under the keys `gerritReplica.config.gerrit` and
-`gerritReplica.config.secure` respectively. All configuration options are described
-in detail in the [official documentation of Gerrit](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html).
-Some options however have to be set in a specified way for the Gerrit replica to
-work as intended:
+The gerrit-replica chart provides a ConfigMap containing the configuration files
+used by Gerrit, e.g. `gerrit.config` and a Secret containing sensitive configuration
+like the `secure.config` to configure the Gerrit installation in the Gerrit
+component. The content of the config files can be set in the `values.yaml` under
+the keys `gerritReplica.etc.config` and `gerritReplica.etc.secret` respectively.
+The key has to be the filename (eg. `gerrit.config`) and the file's contents
+the value. This way an arbitrary number of configuration files can be loaded into
+the `$GERRIT_SITE/etc`-directory, e.g. for plugins.
+All configuration options for Gerrit are described in detail in the
+[official documentation of Gerrit](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html).
+Some options however have to be set in a specified way for Gerrit to work as
+intended with the chart:
- `gerrit.basePath`
diff --git a/helm-charts/gerrit-replica/templates/gerrit-replica.configmap.yaml b/helm-charts/gerrit-replica/templates/gerrit-replica.configmap.yaml
index 7929ef0..5e98f01 100644
--- a/helm-charts/gerrit-replica/templates/gerrit-replica.configmap.yaml
+++ b/helm-charts/gerrit-replica/templates/gerrit-replica.configmap.yaml
@@ -8,8 +8,10 @@
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
- gerrit.config: |-
-{{ .Values.gerritReplica.config.gerrit | indent 4 }}
+ {{- range $key, $value := .Values.gerritReplica.etc.config }}
+ {{ $key }}:
+{{ toYaml $value | indent 4 }}
+ {{- end }}
---
apiVersion: v1
kind: ConfigMap
diff --git a/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml b/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
index 41afd75..6aff31d 100644
--- a/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
+++ b/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
@@ -87,14 +87,9 @@
args:
- |
symlink_config_to_site(){
- {{ if .Values.gerritReplica.keystore -}}
- ln -s /var/config/keystore /var/gerrit/etc/keystore
- {{- end }}
- ln -sf /var/config/gerrit.config /var/gerrit/etc/gerrit.config
- ln -sf /var/config/secure.config /var/gerrit/etc/secure.config
- {{ if .Values.gerritReplica.service.ssh.enabled -}}
- ln -sf /var/config/ssh_host_rsa_key /var/gerrit/etc/ssh_host_rsa_key
- {{- end }}
+ for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do
+ ln -sf $file /var/gerrit/etc/$(basename $file)
+ done
}
mkdir -p /var/gerrit/etc
@@ -123,21 +118,9 @@
mountPath: "/var/mnt/plugins"
{{- end }}
- name: gerrit-config
- mountPath: "/var/config/gerrit.config"
- subPath: gerrit.config
+ mountPath: "/var/mnt/etc/config"
- name: gerrit-replica-secure-config
- mountPath: "/var/config/secure.config"
- subPath: secure.config
- {{ if .Values.gerritReplica.keystore -}}
- - name: gerrit-replica-secure-config
- mountPath: "/var/config/keystore"
- subPath: keystore
- {{- end }}
- {{ if .Values.gerritReplica.service.ssh.enabled -}}
- - name: gerrit-replica-ssh
- mountPath: "/var/config/ssh_host_rsa_key"
- subPath: ssh_host_rsa_key
- {{- end }}
+ mountPath: "/var/mnt/etc/secret"
containers:
- name: gerrit-replica
image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritReplica }}:{{ .Values.images.version }}
@@ -162,21 +145,9 @@
mountPath: "/var/mnt/plugins"
{{- end }}
- name: gerrit-config
- mountPath: "/var/config/gerrit.config"
- subPath: gerrit.config
+ mountPath: "/var/mnt/etc/config"
- name: gerrit-replica-secure-config
- mountPath: "/var/config/secure.config"
- subPath: secure.config
- {{ if .Values.gerritReplica.keystore -}}
- - name: gerrit-replica-secure-config
- mountPath: "/var/config/keystore"
- subPath: keystore
- {{- end }}
- {{ if .Values.gerritReplica.service.ssh.enabled -}}
- - name: gerrit-replica-ssh
- mountPath: "/var/config/ssh_host_rsa_key"
- subPath: ssh_host_rsa_key
- {{- end }}
+ mountPath: "/var/mnt/etc/secret"
resources:
{{ toYaml .Values.gerritReplica.resources | indent 10 }}
{{ if .Values.promtailSidecar.enabled -}}
diff --git a/helm-charts/gerrit-replica/templates/gerrit-replica.secrets.yaml b/helm-charts/gerrit-replica/templates/gerrit-replica.secrets.yaml
index 0b7fa9f..85ae449 100644
--- a/helm-charts/gerrit-replica/templates/gerrit-replica.secrets.yaml
+++ b/helm-charts/gerrit-replica/templates/gerrit-replica.secrets.yaml
@@ -11,7 +11,12 @@
{{ if .Values.gerritReplica.keystore -}}
keystore: {{ .Values.gerritReplica.keystore }}
{{- end }}
- secure.config: {{ .Values.gerritReplica.config.secure | b64enc }}
+ {{ if .Values.gerritReplica.service.ssh.enabled -}}
+ ssh_host_rsa_key: {{ .Values.gerritReplica.service.ssh.rsaKey | b64enc }}
+ {{- end }}
+ {{- range $key, $value := .Values.gerritReplica.etc.secret }}
+ {{ $key }}: {{ $value | b64enc }}
+ {{- end }}
type: Opaque
---
{{ if and (and .Values.gerritReplica.ingress.tls.enabled .Values.gerritReplica.ingress.tls.secret.create) (not .Values.istio.enabled) -}}
@@ -31,18 +36,3 @@
tls.key: {{ .key | b64enc }}
{{- end }}
{{- end }}
----
-{{ if .Values.gerritReplica.service.ssh.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Release.Name }}-gerrit-replica-ssh-secret
- labels:
- app: gerrit-replica
- chart: {{ template "gerrit-replica.chart" . }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
-type: Opaque
-data:
- ssh_host_rsa_key: {{ .Values.gerritReplica.service.ssh.rsaKey | b64enc }}
-{{- end }}
diff --git a/helm-charts/gerrit-replica/values.yaml b/helm-charts/gerrit-replica/values.yaml
index e93f6f1..be5094d 100644
--- a/helm-charts/gerrit-replica/values.yaml
+++ b/helm-charts/gerrit-replica/values.yaml
@@ -272,51 +272,53 @@
enabled: false
size: 1Gi
- config:
+ etc:
# Some values are expected to have a specific value for the deployment installed
# by this chart to work. These are marked with `# FIXED`.
# Do not change them!
- gerrit: |-
- [gerrit]
- basePath = git # FIXED
- serverId = gerrit-replica-1
- # The canonical web URL has to be set to the Ingress host, if an Ingress
- # is used. If a LoadBalancer-service is used, this should be set to the
- # LoadBalancer's external IP. This can only be done manually after installing
- # the chart, when you know the external IP the LoadBalancer got from the
- # cluster.
- canonicalWebUrl = http://example.com/
- disableReverseDnsLookup = true
- [index]
- type = LUCENE
- [auth]
- type = DEVELOPMENT_BECOME_ANY_ACCOUNT
- [httpd]
- # If using an ingress use proxy-http or proxy-https
- listenUrl = proxy-http://*:8080/
- requestLog = true
- [sshd]
- listenAddress = *:29418
- [transfer]
- timeout = 120 s
- [user]
- name = Gerrit Code Review
- email = gerrit@example.com
- anonymousCoward = Unnamed User
- [cache]
- directory = cache
- [container]
- user = gerrit # FIXED
- replica = true # FIXED
- javaHome = /usr/lib/jvm/java-1.8-openjdk # FIXED
- javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
- javaOptions = -Xms200m
- # Has to be lower than 'gerritReplica.resources.limits.memory'. Also
- # consider memories used by other applications in the container.
- javaOptions = -Xmx4g
+ config:
+ gerrit.config: |-
+ [gerrit]
+ basePath = git # FIXED
+ serverId = gerrit-replica-1
+ # The canonical web URL has to be set to the Ingress host, if an Ingress
+ # is used. If a LoadBalancer-service is used, this should be set to the
+ # LoadBalancer's external IP. This can only be done manually after installing
+ # the chart, when you know the external IP the LoadBalancer got from the
+ # cluster.
+ canonicalWebUrl = http://example.com/
+ disableReverseDnsLookup = true
+ [index]
+ type = LUCENE
+ [auth]
+ type = DEVELOPMENT_BECOME_ANY_ACCOUNT
+ [httpd]
+ # If using an ingress use proxy-http or proxy-https
+ listenUrl = proxy-http://*:8080/
+ requestLog = true
+ [sshd]
+ listenAddress = *:29418
+ [transfer]
+ timeout = 120 s
+ [user]
+ name = Gerrit Code Review
+ email = gerrit@example.com
+ anonymousCoward = Unnamed User
+ [cache]
+ directory = cache
+ [container]
+ user = gerrit # FIXED
+ replica = true # FIXED
+ javaHome = /usr/lib/jvm/java-1.8-openjdk # FIXED
+ javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
+ javaOptions = -Xms200m
+ # Has to be lower than 'gerritReplica.resources.limits.memory'. Also
+ # consider memories used by other applications in the container.
+ javaOptions = -Xmx4g
- secure: |-
- # Password for the keystore added as value for 'gerritReplica.keystore'
- # Only needed, if SSL is enabled.
- #[httpd]
- # sslKeyPassword = gerrit
+ secret:
+ secure.config: |-
+ # Password for the keystore added as value for 'gerritReplica.keystore'
+ # Only needed, if SSL is enabled.
+ #[httpd]
+ # sslKeyPassword = gerrit
diff --git a/helm-charts/gerrit/README.md b/helm-charts/gerrit/README.md
index f843f1b..081b5a3 100644
--- a/helm-charts/gerrit/README.md
+++ b/helm-charts/gerrit/README.md
@@ -146,47 +146,49 @@
is mandatory, if access to Gerrit is required!
***
-| Parameter | Description | Default |
-|----------------------------------------|-------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
-| `gerrit.images.gerritInit` | Image name of the Gerrit init container image | `k8s-gerrit/gerrit-init` |
-| `gerrit.images.gerrit` | Image name of the Gerrit container image | `k8s-gerrit/gerrit` |
-| `gerrit.replicas` | Number of replica pods to deploy | `1` |
-| `gerrit.updatePartition` | Number of pods to update simultaneously | `1` |
-| `gerrit.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
-| | | `requests.memory: 5Gi` |
-| | | `limits.cpu: 1` |
-| | | `limits.memory: 6Gi` |
-| `gerrit.persistence.enabled` | Whether to persist the Gerrit site | `true` |
-| `gerrit.persistence.size` | Storage size for persisted Gerrit site | `10Gi` |
-| `gerrit.service.type` | Which kind of Service to deploy | `NodePort` |
-| `gerrit.service.http.port` | Port over which to expose HTTP | `80` |
-| `gerrit.ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
-| `gerrit.ingress.additionalAnnotations` | Additional annotations for the Ingress | `nil` |
-| `gerrit.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
-| `gerrit.ingress.tls.secret.create` | Whether to create a TLS-secret | `true` |
-| `gerrit.ingress.tls.secret.name` | Name of an external secret that will be used as a TLS-secret | `nil` |
-| `gerrit.ingress.tls.secret.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
-| `gerrit.ingress.tls.secret.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
-| `gerrit.keystore` | base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit, when using SSL | `nil` |
-| `gerrit.plugins.packaged` | List of Gerrit plugins that are packaged into the Gerrit-war-file to install | `["commit-message-length-validator", "download-commands", "replication", "reviewnotes"]` |
-| `gerrit.plugins.downloaded` | List of Gerrit plugins that will be downloaded | `nil` |
-| `gerrit.plugins.downloaded[0].name` | Name of plugin | `nil` |
-| `gerrit.plugins.downloaded[0].url` | Download url of plugin | `nil` |
-| `gerrit.plugins.downloaded[0].sha1` | SHA1 sum of plugin jar used to ensure file integrity and version (optional) | `nil` |
-| `gerrit.plugins.cache.enabled` | Whether to cache downloaded plugins | `false` |
-| `gerrit.plugins.cache.size` | Size of the volume used to store cached plugins | `1Gi` |
-| `gerrit.config.gerrit` | The contents of the gerrit.config | [see here](#Gerrit-config-files) |
-| `gerrit.config.secure` | The contents of the secure.config | [see here](#Gerrit-config-files) |
-| `gerrit.config.replication` | The contents of the replication.config | [see here](#Gerrit-config-files) |
+| Parameter | Description | Default |
+|----------------------------------------|-----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
+| `gerrit.images.gerritInit` | Image name of the Gerrit init container image | `k8s-gerrit/gerrit-init` |
+| `gerrit.images.gerrit` | Image name of the Gerrit container image | `k8s-gerrit/gerrit` |
+| `gerrit.replicas` | Number of replica pods to deploy | `1` |
+| `gerrit.updatePartition` | Number of pods to update simultaneously | `1` |
+| `gerrit.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
+| | | `requests.memory: 5Gi` |
+| | | `limits.cpu: 1` |
+| | | `limits.memory: 6Gi` |
+| `gerrit.persistence.enabled` | Whether to persist the Gerrit site | `true` |
+| `gerrit.persistence.size` | Storage size for persisted Gerrit site | `10Gi` |
+| `gerrit.service.type` | Which kind of Service to deploy | `NodePort` |
+| `gerrit.service.http.port` | Port over which to expose HTTP | `80` |
+| `gerrit.ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
+| `gerrit.ingress.additionalAnnotations` | Additional annotations for the Ingress | `nil` |
+| `gerrit.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
+| `gerrit.ingress.tls.secret.create` | Whether to create a TLS-secret | `true` |
+| `gerrit.ingress.tls.secret.name` | Name of an external secret that will be used as a TLS-secret | `nil` |
+| `gerrit.ingress.tls.secret.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
+| `gerrit.ingress.tls.secret.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+| `gerrit.keystore` | base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit, when using SSL | `nil` |
+| `gerrit.plugins.packaged` | List of Gerrit plugins that are packaged into the Gerrit-war-file to install | `["commit-message-length-validator", "download-commands", "replication", "reviewnotes"]` |
+| `gerrit.plugins.downloaded` | List of Gerrit plugins that will be downloaded | `nil` |
+| `gerrit.plugins.downloaded[0].name` | Name of plugin | `nil` |
+| `gerrit.plugins.downloaded[0].url` | Download url of plugin | `nil` |
+| `gerrit.plugins.downloaded[0].sha1` | SHA1 sum of plugin jar used to ensure file integrity and version (optional) | `nil` |
+| `gerrit.plugins.cache.enabled` | Whether to cache downloaded plugins | `false` |
+| `gerrit.plugins.cache.size` | Size of the volume used to store cached plugins | `1Gi` |
+| `gerrit.etc.config` | Map of config files (e.g. `gerrit.config`) that will be mounted to `$GERRIT_SITE/etc`by a ConfigMap | `{gerrit.config: ..., replication.config: ...}`[see here](#Gerrit-config-files) |
+| `gerrit.etc.secret` | Map of config files (e.g. `secure.config`) that will be mounted to `$GERRIT_SITE/etc`by a Secret | `{secure.config: ...}` [see here](#Gerrit-config-files) |
### Gerrit config files
-The gerrit chart provides a ConfigMap containing the `gerrit.config` as well
-as `replication.config` and a Secret containing the `secure.config` to configure
-the Gerrit installation in the Gerrit component. The content of the config files
-can be set in the `values.yaml` under the keys `gerrit.config.gerrit`,
-`gerrit.config.replication` and `gerrit.config.secure` respectively.
-All configuration options are described in detail in the
+The gerrit chart provides a ConfigMap containing the configuration files
+used by Gerrit, e.g. `gerrit.config` and a Secret containing sensitive configuration
+like the `secure.config` to configure the Gerrit installation in the Gerrit
+component. The content of the config files can be set in the `values.yaml` under
+the keys `gerrit.etc.config` and `gerrit.etc.secret` respectively.
+The key has to be the filename (eg. `gerrit.config`) and the file's contents
+the value. This way an arbitrary number of configuration files can be loaded into
+the `$GERRIT_SITE/etc`-directory, e.g. for plugins.
+All configuration options for Gerrit are described in detail in the
[official documentation of Gerrit](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html).
Some options however have to be set in a specified way for Gerrit to work as
intended with the chart:
diff --git a/helm-charts/gerrit/templates/gerrit.configmap.yaml b/helm-charts/gerrit/templates/gerrit.configmap.yaml
index b14bd30..a2c440b 100644
--- a/helm-charts/gerrit/templates/gerrit.configmap.yaml
+++ b/helm-charts/gerrit/templates/gerrit.configmap.yaml
@@ -8,10 +8,10 @@
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
- gerrit.config: |-
-{{ .Values.gerrit.config.gerrit | indent 4 }}
- replication.config: |-
-{{ .Values.gerrit.config.replication | indent 4 }}
+ {{- range $key, $value := .Values.gerrit.etc.config }}
+ {{ $key }}:
+{{ toYaml $value | indent 4 }}
+ {{- end }}
---
apiVersion: v1
kind: ConfigMap
diff --git a/helm-charts/gerrit/templates/gerrit.secrets.yaml b/helm-charts/gerrit/templates/gerrit.secrets.yaml
index 897c8a9..77c0445 100644
--- a/helm-charts/gerrit/templates/gerrit.secrets.yaml
+++ b/helm-charts/gerrit/templates/gerrit.secrets.yaml
@@ -11,7 +11,9 @@
{{ if .Values.gerrit.keystore -}}
keystore: {{ .Values.gerrit.keystore }}
{{- end }}
- secure.config: {{ .Values.gerrit.config.secure | b64enc }}
+ {{- range $key, $value := .Values.gerrit.etc.secret }}
+ {{ $key }}: {{ $value | b64enc }}
+ {{- end }}
type: Opaque
---
{{ if and .Values.gerrit.ingress.tls.enabled .Values.gerrit.ingress.tls.secret.create -}}
diff --git a/helm-charts/gerrit/templates/gerrit.stateful-set.yaml b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
index 432330f..6432eb8 100644
--- a/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
+++ b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
@@ -59,11 +59,9 @@
args:
- |
symlink_config_to_site(){
- {{ if .Values.gerrit.keystore -}}
- ln -s /var/config/keystore /var/gerrit/etc/keystore
- {{- end }}
- ln -sf /var/config/gerrit.config /var/gerrit/etc/gerrit.config
- ln -sf /var/config/secure.config /var/gerrit/etc/secure.config
+ for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do
+ ln -sf $file /var/gerrit/etc/$(basename $file)
+ done
}
mkdir -p /var/gerrit/etc
@@ -91,16 +89,9 @@
mountPath: "/var/mnt/plugins"
{{- end }}
- name: gerrit-config
- mountPath: "/var/config/gerrit.config"
- subPath: gerrit.config
+ mountPath: "/var/mnt/etc/config"
- name: gerrit-secure-config
- mountPath: "/var/config/secure.config"
- subPath: secure.config
- {{ if .Values.gerrit.keystore -}}
- - name: gerrit--secure-config
- mountPath: "/var/config/keystore"
- subPath: keystore
- {{- end }}
+ mountPath: "/var/mnt/etc/secret"
containers:
- name: gerrit
image: {{ template "registry" . }}{{ .Values.gerrit.images.gerrit }}:{{ .Values.images.version }}
@@ -114,19 +105,9 @@
- name: git-filesystem
mountPath: "/var/mnt/git"
- name: gerrit-config
- mountPath: "/var/config/gerrit.config"
- subPath: gerrit.config
- - name: gerrit-config
- mountPath: "/var/config/replication.config"
- subPath: replication.config
+ mountPath: "/var/mnt/etc/config"
- name: gerrit-secure-config
- mountPath: "/var/config/secure.config"
- subPath: secure.config
- {{ if .Values.gerrit.keystore -}}
- - name: gerrit-secure-config
- mountPath: "/var/config/keystore"
- subPath: keystore
- {{- end }}
+ mountPath: "/var/mnt/etc/secret"
resources:
{{ toYaml .Values.gerrit.resources | indent 10 }}
livenessProbe:
diff --git a/helm-charts/gerrit/values.yaml b/helm-charts/gerrit/values.yaml
index 592c256..226b6d6 100644
--- a/helm-charts/gerrit/values.yaml
+++ b/helm-charts/gerrit/values.yaml
@@ -151,66 +151,68 @@
enabled: false
size: 1Gi
- config:
+ etc:
# Some values are expected to have a specific value for the deployment installed
# by this chart to work. These are marked with `# FIXED`.
# Do not change them!
- gerrit: |-
- [gerrit]
- basePath = git # FIXED
- serverId = gerrit-1
- # The canonical web URL has to be set to the Ingress host, if an Ingress
- # is used. If a LoadBalancer-service is used, this should be set to the
- # LoadBalancer's external IP. This can only be done manually after installing
- # the chart, when you know the external IP the LoadBalancer got from the
- # cluster.
- canonicalWebUrl = http://example.com/
- disableReverseDnsLookup = true
- [index]
- type = LUCENE
- [auth]
- type = DEVELOPMENT_BECOME_ANY_ACCOUNT
- [httpd]
- # If using an ingress use proxy-http or proxy-https
- listenUrl = proxy-http://*:8080/
- requestLog = true
- [sshd]
- listenAddress = off
- [transfer]
- timeout = 120 s
- [user]
- name = Gerrit Code Review
- email = gerrit@example.com
- anonymousCoward = Unnamed User
- [cache]
- directory = cache
- [container]
- user = gerrit # FIXED
- javaHome = /usr/lib/jvm/java-1.8-openjdk # FIXED
- javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
- javaOptions = -Xms200m
- # Has to be lower than 'gerrit.resources.limits.memory'. Also
- # consider memories used by other applications in the container.
- javaOptions = -Xmx4g
+ config:
+ gerrit.config: |-
+ [gerrit]
+ basePath = git # FIXED
+ serverId = gerrit-1
+ # The canonical web URL has to be set to the Ingress host, if an Ingress
+ # is used. If a LoadBalancer-service is used, this should be set to the
+ # LoadBalancer's external IP. This can only be done manually after installing
+ # the chart, when you know the external IP the LoadBalancer got from the
+ # cluster.
+ canonicalWebUrl = http://example.com/
+ disableReverseDnsLookup = true
+ [index]
+ type = LUCENE
+ [auth]
+ type = DEVELOPMENT_BECOME_ANY_ACCOUNT
+ [httpd]
+ # If using an ingress use proxy-http or proxy-https
+ listenUrl = proxy-http://*:8080/
+ requestLog = true
+ [sshd]
+ listenAddress = off
+ [transfer]
+ timeout = 120 s
+ [user]
+ name = Gerrit Code Review
+ email = gerrit@example.com
+ anonymousCoward = Unnamed User
+ [cache]
+ directory = cache
+ [container]
+ user = gerrit # FIXED
+ javaHome = /usr/lib/jvm/java-1.8-openjdk # FIXED
+ javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
+ javaOptions = -Xms200m
+ # Has to be lower than 'gerrit.resources.limits.memory'. Also
+ # consider memories used by other applications in the container.
+ javaOptions = -Xmx4g
- secure: |-
- # Password for the keystore added as value for 'gerritReplica.keystore'
- # Only needed, if SSL is enabled.
- #[httpd]
- # sslKeyPassword = gerrit
+ replication.config: |-
+ [gerrit]
+ autoReload = false
+ replicateOnStartup = true
+ defaultForceUpdate = true
- # Credentials for replication targets
- # [remote "replica"]
- # username = git
- # password = secret
+ # [remote "replica"]
+ # url = http://gerrit-replica.example.com/git/${name}.git
+ # replicationDelay = 0
+ # timeout = 30
- replication: |-
- [gerrit]
- autoReload = false
- replicateOnStartup = true
- defaultForceUpdate = true
+ secret:
+ secure.config: |-
+ # Password for the keystore added as value for 'gerritReplica.keystore'
+ # Only needed, if SSL is enabled.
+ #[httpd]
+ # sslKeyPassword = gerrit
- # [remote "replica"]
- # url = http://gerrit-replica.example.com/git/${name}.git
- # replicationDelay = 0
- # timeout = 30
+ # Credentials for replication targets
+ # [remote "replica"]
+ # username = git
+ # password = secret
diff --git a/tests/container-images/conftest.py b/tests/container-images/conftest.py
index 88f4151..2290565 100644
--- a/tests/container-images/conftest.py
+++ b/tests/container-images/conftest.py
@@ -42,7 +42,7 @@
def _define_volume_mounts(self):
volumes = {
- v: {"bind": "/var/config/%s" % k, "mode": "rw"}
+ v: {"bind": "/var/mnt/etc/config/%s" % k, "mode": "rw"}
for (k, v) in self._create_config_files().items()
}
volumes[os.path.join(self.tmp_dir, "lib")] = {