helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml - k8s-gerrit - Git at Google

 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ .Release.Name }}-gerrit-replica-deployment
   labels:
     app: gerrit-replica
     chart: {{ template "gerrit-replica.chart" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
 spec:
   replicas: {{ .Values.gerritReplica.replicas | default 1 }}
   strategy:
     rollingUpdate:
       maxSurge: {{ .Values.gerritReplica.maxSurge }}
       maxUnavailable: {{ .Values.gerritReplica.maxUnavailable }}
   selector:
     matchLabels:
       app: gerrit-replica
   template:
     metadata:
       labels:
         app: gerrit-replica
         chart: {{ template "gerrit-replica.chart" . }}
         heritage: {{ .Release.Service }}
         release: {{ .Release.Name }}
       annotations:
         chartRevision: "{{ .Release.Revision }}"
     spec:
       securityContext:
         fsGroup: 100
       {{ if .Values.images.registry.ImagePullSecret.name -}}
       imagePullSecrets:
       - name: {{ .Values.images.registry.ImagePullSecret.name }}
       {{- end }}
       initContainers:
       {{- if .Values.nfsWorkaround.enabled }}
       - name: nfs-init
         image: busybox
         command:
         - sh
         - -c
         args:
         - |
           chown -R 1000:100 /var/mnt/logs
         env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         volumeMounts:
         - name: logs
           subPathExpr: "gerrit-replica/$(POD_NAME)"
           mountPath: "/var/mnt/logs"
         - name: nfs-config
           mountPath: "/etc/idmapd.conf"
           subPath: idmapd.conf
       {{- end }}
       - name: site-cleanup
         image: busybox
         securityContext:
           runAsUser: 1000
           runAsGroup: 100
         command:
         - sh
         - -c
         args:
         - |
           # Remove directories that should be mounted rather than exist with the
           # rest of the site
           [ ! -L /var/gerrit/git ] && rm -rf /var/gerrit/git
           [ ! -L /var/gerrit/logs ] && rm -rf /var/gerrit/logs
           rm -f /var/gerrit/logs/gerrit.pid
         volumeMounts:
         - name: gerrit-site
           mountPath: "/var/gerrit"
       # Initialize the volume containing the whole Gerrit-site with defaults
       # Not needed, when running in test mode, since then the configured site will
       # be initialized
       - name: populate-gerrit-site-volume
         image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritInit }}:{{ .Values.images.version }}
         imagePullPolicy: {{ .Values.images.imagePullPolicy }}
         command:
         - /bin/ash
         - -ce
         args:
         - |
           /var/tools/gerrit_init.py \
             -c /var/config/gerrit-init.yaml \
             -s /var/gerrit

           # The git repositories and logs will be mounted from a volume
           [ -L /var/gerrit/git ] || rm -rf /var/gerrit/git
           [ -L /var/gerrit/logs ] || rm -rf /var/gerrit/logs
           {{ if .Values.gerritReplica.service.ssh.enabled -}}
           rm -f /var/gerrit/etc/ssh_host*key*
           {{- end }}
         volumeMounts:
         - name: gerrit-site
           mountPath: "/var/gerrit"
         - name: gerrit-init-config
           mountPath: "/var/config/gerrit-init.yaml"
           subPath: gerrit-init.yaml
       # If configured, run initialization taking the given Gerrit configuration
       # and persisted volumes into account.
       - name: gerrit-init
         image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritInit }}:{{ .Values.images.version }}
         imagePullPolicy: {{ .Values.images.imagePullPolicy }}
         command:
         - /bin/ash
         - -ce
         args:
         - |
           symlink_config_to_site(){
             for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do
               ln -sf $file /var/gerrit/etc/$(basename $file)
             done
           }

           mkdir -p /var/gerrit/etc
           symlink_config_to_site

           if [ ! -d /var/gerrit/git ]; then
             ln -sf /var/mnt/git /var/gerrit/
           fi

           if [ ! -d /var/gerrit/logs ]; then
             ln -sf /var/mnt/logs /var/gerrit/
           fi

           /var/tools/validate_notedb.py -s /var/gerrit
         env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         volumeMounts:
         - name: gerrit-site
           mountPath: "/var/gerrit"
         - name: git-repositories
           mountPath: "/var/mnt/git"
         - name: logs
           subPathExpr: "gerrit-replica/$(POD_NAME)"
           mountPath: "/var/mnt/logs"
         {{- if .Values.nfsWorkaround.enabled }}
         - name: nfs-config
           mountPath: "/etc/idmapd.conf"
           subPath: idmapd.conf
         {{- end }}
         - name: gerrit-init-config
           mountPath: "/var/config/gerrit-init.yaml"
           subPath: gerrit-init.yaml
         {{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
         - name: gerrit-plugin-cache
           mountPath: "/var/mnt/plugins"
         {{- end }}
         - name: gerrit-config
           mountPath: "/var/mnt/etc/config"
         - name: gerrit-replica-secure-config
           mountPath: "/var/mnt/etc/secret"
       containers:
       - name: gerrit-replica
         image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritReplica }}:{{ .Values.images.version }}
         imagePullPolicy: {{ .Values.images.imagePullPolicy }}
         env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         ports:
         - name: http
           containerPort: 8080
         {{ if .Values.gerritReplica.service.ssh -}}
         - name: ssh
           containerPort: 29418
         {{- end }}
         volumeMounts:
         - name: gerrit-site
           mountPath: "/var/gerrit"
         - name: git-repositories
           mountPath: "/var/mnt/git"
         - name: logs
           subPathExpr: "gerrit-replica/$(POD_NAME)"
           mountPath: "/var/mnt/logs"
         {{- if .Values.nfsWorkaround.enabled }}
         - name: nfs-config
           mountPath: "/etc/idmapd.conf"
           subPath: idmapd.conf
         {{- end }}
         {{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
         - name: gerrit-plugin-cache
           mountPath: "/var/mnt/plugins"
         {{- end }}
         - name: gerrit-config
           mountPath: "/var/mnt/etc/config"
         - name: gerrit-replica-secure-config
           mountPath: "/var/mnt/etc/secret"
         livenessProbe:
           httpGet:
             path: /config/server/healthcheck~status
             port: http
 {{ toYaml .Values.gerritReplica.livenessProbe | indent 10 }}
         readinessProbe:
           httpGet:
             path: /config/server/healthcheck~status
             port: http
 {{ toYaml .Values.gerritReplica.readinessProbe | indent 10 }}
         resources:
 {{ toYaml .Values.gerritReplica.resources | indent 10 }}
       {{ if .Values.promtailSidecar.enabled -}}
       - name: promtail
         image: {{ .Values.promtailSidecar.image }}:v{{ .Values.promtailSidecar.version }}
         imagePullPolicy: {{ .Values.images.imagePullPolicy }}
         command:
         - sh
         - -ec
         args:
         - |-
           /usr/bin/promtail \
             -config.file=/etc/promtail/promtail.yaml \
             -client.url={{ .Values.promtailSidecar.loki.url }}/loki/api/v1/push \
             -client.external-labels=instance=$HOSTNAME
         env:
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         resources:
 {{ toYaml .Values.promtailSidecar.resources | indent 10 }}
         volumeMounts:
         - name: promtail-config
           mountPath: /etc/promtail/promtail.yaml
           subPath: promtail.yaml
         - name: promtail-secret
           mountPath: /etc/promtail/promtail.secret
           subPath: promtail.secret
         - name: promtail-secret
           mountPath: /etc/promtail/promtail.ca.crt
           subPath: promtail.ca.crt
         - name: logs
           subPathExpr: "gerrit-replica/$(POD_NAME)"
           mountPath: "/var/gerrit/logs"
         {{- if .Values.nfsWorkaround.enabled }}
         - name: nfs-config
           mountPath: "/etc/idmapd.conf"
           subPath: idmapd.conf
         {{- end }}
       {{- end }}
       volumes:
       - name: gerrit-site
         emptyDir: {}
       - name: git-repositories
         persistentVolumeClaim:
           {{- if .Values.gitRepositoryStorage.externalPVC.use }}
           claimName: {{ .Values.gitRepositoryStorage.externalPVC.name }}
           {{- else }}
           claimName: {{ .Release.Name }}-git-repositories-pvc
           {{- end }}
       - name: logs
         {{ if .Values.logStorage.enabled -}}
         persistentVolumeClaim:
           {{- if .Values.logStorage.externalPVC.use }}
           claimName: {{ .Values.logStorage.externalPVC.name }}
           {{- else }}
           claimName: {{ .Release.Name }}-log-pvc
           {{- end }}
         {{ else -}}
         emptyDir: {}
         {{- end }}
       {{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
       - name: gerrit-plugin-cache
         persistentVolumeClaim:
           claimName: {{ .Release.Name }}-plugin-cache-pvc
       {{- end }}
       {{- if .Values.nfsWorkaround.enabled }}
       - name: nfs-config
         configMap:
           name: {{ .Release.Name }}-nfs-configmap
       {{- end }}
       - name: gerrit-init-config
         configMap:
           name: {{ .Release.Name }}-gerrit-init-configmap
       - name: gerrit-config
         configMap:
           name: {{ .Release.Name }}-gerrit-replica-configmap
       - name: gerrit-replica-secure-config
         secret:
           secretName: {{ .Release.Name }}-gerrit-replica-secure-config
       {{ if .Values.gerritReplica.service.ssh.enabled -}}
       - name: gerrit-replica-ssh
         secret:
           secretName: {{ .Release.Name }}-gerrit-replica-ssh-secret
       {{- end }}
       {{ if .Values.promtailSidecar.enabled -}}
       - name: promtail-config
         configMap:
           name: {{ .Release.Name }}-promtail-gerrit-configmap
       - name: promtail-secret
         secret:
           secretName: {{ .Release.Name }}-promtail-secret
       {{- end }}
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: {{ .Release.Name }}-gerrit-replica-deployment
	labels:
	app: gerrit-replica
	chart: {{ template "gerrit-replica.chart" . }}
	heritage: {{ .Release.Service }}
	release: {{ .Release.Name }}
	spec:
	replicas: {{ .Values.gerritReplica.replicas \| default 1 }}
	strategy:
	rollingUpdate:
	maxSurge: {{ .Values.gerritReplica.maxSurge }}
	maxUnavailable: {{ .Values.gerritReplica.maxUnavailable }}
	selector:
	matchLabels:
	app: gerrit-replica
	template:
	metadata:
	labels:
	app: gerrit-replica
	chart: {{ template "gerrit-replica.chart" . }}
	heritage: {{ .Release.Service }}
	release: {{ .Release.Name }}
	annotations:
	chartRevision: "{{ .Release.Revision }}"
	spec:
	securityContext:
	fsGroup: 100
	{{ if .Values.images.registry.ImagePullSecret.name -}}
	imagePullSecrets:
	- name: {{ .Values.images.registry.ImagePullSecret.name }}
	{{- end }}
	initContainers:
	{{- if .Values.nfsWorkaround.enabled }}
	- name: nfs-init
	image: busybox
	command:
	- sh
	- -c
	args:
	- \|
	chown -R 1000:100 /var/mnt/logs
	env:
	- name: POD_NAME
	valueFrom:
	fieldRef:
	fieldPath: metadata.name
	volumeMounts:
	- name: logs
	subPathExpr: "gerrit-replica/$(POD_NAME)"
	mountPath: "/var/mnt/logs"
	- name: nfs-config
	mountPath: "/etc/idmapd.conf"
	subPath: idmapd.conf
	{{- end }}
	- name: site-cleanup
	image: busybox
	securityContext:
	runAsUser: 1000
	runAsGroup: 100
	command:
	- sh
	- -c
	args:
	- \|
	# Remove directories that should be mounted rather than exist with the
	# rest of the site
	[ ! -L /var/gerrit/git ] && rm -rf /var/gerrit/git
	[ ! -L /var/gerrit/logs ] && rm -rf /var/gerrit/logs
	rm -f /var/gerrit/logs/gerrit.pid
	volumeMounts:
	- name: gerrit-site
	mountPath: "/var/gerrit"
	# Initialize the volume containing the whole Gerrit-site with defaults
	# Not needed, when running in test mode, since then the configured site will
	# be initialized
	- name: populate-gerrit-site-volume
	image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritInit }}:{{ .Values.images.version }}
	imagePullPolicy: {{ .Values.images.imagePullPolicy }}
	command:
	- /bin/ash
	- -ce
	args:
	- \|
	/var/tools/gerrit_init.py \
	-c /var/config/gerrit-init.yaml \
	-s /var/gerrit

	# The git repositories and logs will be mounted from a volume
	[ -L /var/gerrit/git ] \|\| rm -rf /var/gerrit/git
	[ -L /var/gerrit/logs ] \|\| rm -rf /var/gerrit/logs
	{{ if .Values.gerritReplica.service.ssh.enabled -}}
	rm -f /var/gerrit/etc/ssh_hostkey
	{{- end }}
	volumeMounts:
	- name: gerrit-site
	mountPath: "/var/gerrit"
	- name: gerrit-init-config
	mountPath: "/var/config/gerrit-init.yaml"
	subPath: gerrit-init.yaml
	# If configured, run initialization taking the given Gerrit configuration
	# and persisted volumes into account.
	- name: gerrit-init
	image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritInit }}:{{ .Values.images.version }}
	imagePullPolicy: {{ .Values.images.imagePullPolicy }}
	command:
	- /bin/ash
	- -ce
	args:
	- \|
	symlink_config_to_site(){
	for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do
	ln -sf $file /var/gerrit/etc/$(basename $file)
	done
	}

	mkdir -p /var/gerrit/etc
	symlink_config_to_site

	if [ ! -d /var/gerrit/git ]; then
	ln -sf /var/mnt/git /var/gerrit/
	fi

	if [ ! -d /var/gerrit/logs ]; then
	ln -sf /var/mnt/logs /var/gerrit/
	fi

	/var/tools/validate_notedb.py -s /var/gerrit
	env:
	- name: POD_NAME
	valueFrom:
	fieldRef:
	fieldPath: metadata.name
	volumeMounts:
	- name: gerrit-site
	mountPath: "/var/gerrit"
	- name: git-repositories
	mountPath: "/var/mnt/git"
	- name: logs
	subPathExpr: "gerrit-replica/$(POD_NAME)"
	mountPath: "/var/mnt/logs"
	{{- if .Values.nfsWorkaround.enabled }}
	- name: nfs-config
	mountPath: "/etc/idmapd.conf"
	subPath: idmapd.conf
	{{- end }}
	- name: gerrit-init-config
	mountPath: "/var/config/gerrit-init.yaml"
	subPath: gerrit-init.yaml
	{{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
	- name: gerrit-plugin-cache
	mountPath: "/var/mnt/plugins"
	{{- end }}
	- name: gerrit-config
	mountPath: "/var/mnt/etc/config"
	- name: gerrit-replica-secure-config
	mountPath: "/var/mnt/etc/secret"
	containers:
	- name: gerrit-replica
	image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritReplica }}:{{ .Values.images.version }}
	imagePullPolicy: {{ .Values.images.imagePullPolicy }}
	env:
	- name: POD_NAME
	valueFrom:
	fieldRef:
	fieldPath: metadata.name
	ports:
	- name: http
	containerPort: 8080
	{{ if .Values.gerritReplica.service.ssh -}}
	- name: ssh
	containerPort: 29418
	{{- end }}
	volumeMounts:
	- name: gerrit-site
	mountPath: "/var/gerrit"
	- name: git-repositories
	mountPath: "/var/mnt/git"
	- name: logs
	subPathExpr: "gerrit-replica/$(POD_NAME)"
	mountPath: "/var/mnt/logs"
	{{- if .Values.nfsWorkaround.enabled }}
	- name: nfs-config
	mountPath: "/etc/idmapd.conf"
	subPath: idmapd.conf
	{{- end }}
	{{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
	- name: gerrit-plugin-cache
	mountPath: "/var/mnt/plugins"
	{{- end }}
	- name: gerrit-config
	mountPath: "/var/mnt/etc/config"
	- name: gerrit-replica-secure-config
	mountPath: "/var/mnt/etc/secret"
	livenessProbe:
	httpGet:
	path: /config/server/healthcheck~status
	port: http
	{{ toYaml .Values.gerritReplica.livenessProbe \| indent 10 }}
	readinessProbe:
	httpGet:
	path: /config/server/healthcheck~status
	port: http
	{{ toYaml .Values.gerritReplica.readinessProbe \| indent 10 }}
	resources:
	{{ toYaml .Values.gerritReplica.resources \| indent 10 }}
	{{ if .Values.promtailSidecar.enabled -}}
	- name: promtail
	image: {{ .Values.promtailSidecar.image }}:v{{ .Values.promtailSidecar.version }}
	imagePullPolicy: {{ .Values.images.imagePullPolicy }}
	command:
	- sh
	- -ec
	args:
	- \|-
	/usr/bin/promtail \
	-config.file=/etc/promtail/promtail.yaml \
	-client.url={{ .Values.promtailSidecar.loki.url }}/loki/api/v1/push \
	-client.external-labels=instance=$HOSTNAME
	env:
	- name: POD_NAME
	valueFrom:
	fieldRef:
	fieldPath: metadata.name
	resources:
	{{ toYaml .Values.promtailSidecar.resources \| indent 10 }}
	volumeMounts:
	- name: promtail-config
	mountPath: /etc/promtail/promtail.yaml
	subPath: promtail.yaml
	- name: promtail-secret
	mountPath: /etc/promtail/promtail.secret
	subPath: promtail.secret
	- name: promtail-secret
	mountPath: /etc/promtail/promtail.ca.crt
	subPath: promtail.ca.crt
	- name: logs
	subPathExpr: "gerrit-replica/$(POD_NAME)"
	mountPath: "/var/gerrit/logs"
	{{- if .Values.nfsWorkaround.enabled }}
	- name: nfs-config
	mountPath: "/etc/idmapd.conf"
	subPath: idmapd.conf
	{{- end }}
	{{- end }}
	volumes:
	- name: gerrit-site
	emptyDir: {}
	- name: git-repositories
	persistentVolumeClaim:
	{{- if .Values.gitRepositoryStorage.externalPVC.use }}
	claimName: {{ .Values.gitRepositoryStorage.externalPVC.name }}
	{{- else }}
	claimName: {{ .Release.Name }}-git-repositories-pvc
	{{- end }}
	- name: logs
	{{ if .Values.logStorage.enabled -}}
	persistentVolumeClaim:
	{{- if .Values.logStorage.externalPVC.use }}
	claimName: {{ .Values.logStorage.externalPVC.name }}
	{{- else }}
	claimName: {{ .Release.Name }}-log-pvc
	{{- end }}
	{{ else -}}
	emptyDir: {}
	{{- end }}
	{{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
	- name: gerrit-plugin-cache
	persistentVolumeClaim:
	claimName: {{ .Release.Name }}-plugin-cache-pvc
	{{- end }}
	{{- if .Values.nfsWorkaround.enabled }}
	- name: nfs-config
	configMap:
	name: {{ .Release.Name }}-nfs-configmap
	{{- end }}
	- name: gerrit-init-config
	configMap:
	name: {{ .Release.Name }}-gerrit-init-configmap
	- name: gerrit-config
	configMap:
	name: {{ .Release.Name }}-gerrit-replica-configmap
	- name: gerrit-replica-secure-config
	secret:
	secretName: {{ .Release.Name }}-gerrit-replica-secure-config
	{{ if .Values.gerritReplica.service.ssh.enabled -}}
	- name: gerrit-replica-ssh
	secret:
	secretName: {{ .Release.Name }}-gerrit-replica-ssh-secret
	{{- end }}
	{{ if .Values.promtailSidecar.enabled -}}
	- name: promtail-config
	configMap:
	name: {{ .Release.Name }}-promtail-gerrit-configmap
	- name: promtail-secret
	secret:
	secretName: {{ .Release.Name }}-promtail-secret
	{{- end }}