Move internal project to open source
In this change, the POC of a Gerrit-slave and Gerrit-master helm chart
developed internally at SAP is transferred into an open source project.
The project contains the code to build container images used by the helm
charts and provides scripts to ease the build process.
A helm chart to deploy a Gerrit master instance is provided. Next to
Gerrit itself it provides a CronJob for Git garbage collection and
a MySQL-database.
The helm chart to deploy a Gerrit slave provides the Gerrit slave
itself, Git garbage collection, a MySQL database and a Apache-Git-based
backend to receive replication requests for repositories from a Gerrit
master.
Currently, Gerrit 2.12 is used. Both helm charts are NOT production
ready. They only represent POCs and need further development to provide
the necessary security and stability for production.
Change-Id: I913fb196af9f734bdd8c063ae5cae284d1a628d6
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b61b82b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+*.pem
+*.crt
+/helm-charts/*/charts
+/helm-charts/*/requirements.lock
\ No newline at end of file
diff --git a/README.md b/README.md
index 3270987..a0617ad 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,140 @@
# Gerrit Deployment on Kubernetes
Container images, configurations and [Helm](https://helm.sh/) charts for installing
-[Gerrit](https://www.gerritcodereview.com/) on [Kubernetes](https://kubernetes.io/).
\ No newline at end of file
+[Gerrit](https://www.gerritcodereview.com/) on [Kubernetes](https://kubernetes.io/).
+
+# Docker images
+
+Images to run a Gerrit master and slave setup based on the latest stable-2.12 Gerrit build.
+
+## Building images
+
+To build all images, the `build`-script in the root directory of the project can
+be used:
+
+```
+./build
+```
+
+If a specific image should be build, the image name can be specified as an argument.
+Multiple images can be specified at once:
+
+```
+./build gerrit-slave git-gc
+```
+
+The build-script usually uses the `latest`-tag to tag the images. By using the
+`--tag TAG`-option, a custom tag can be defined:
+
+```
+./build --tag test
+```
+
+The build script will in addition tag the image with the output of
+`git describe --dirty`.
+
+The single component images inherit a base image. The `Dockerfile` for the base
+image can be found in the `./base`-directory. It will be
+automatically built by the `./build`-script. If the component images are built
+manually, the base image has to be built first with the target
+`base:latest`, since it is not available in a registry and thus has
+to exist locally.
+
+## Publishing images
+
+The publish script in the root directory of the project can be used to push the
+built images to the configured registry. To do so, log in first, before executing
+the script.
+
+```
+docker login <registry>
+```
+
+To configure the registry and image version, the respective values can be
+configured via env variables `REGISTRY` and `TAG`. In addition, these values can
+also be passed as command line options named `--registry` and `--tag` in which
+case they override the values from env variables:
+
+```
+./publish <component-name>
+```
+
+The `<component-name>` is one of: `apache-git-http-backend`, `git-gc`,
+`gerrit-slave`.
+
+Adding the `--update-latest`-flag will also update the images tagged `latest` in
+the repository:
+
+```
+./publish --update-latest <component-name>
+```
+
+## Running images
+
+Assuming a Gerrit site already exists, is located at `/path/to/gerrit-slave` and
+owned by the `gerrit`-user defined in the docker image (default `UID: 1000`) run
+the following command for each image in the directories containing the respective
+docker image:
+
+```
+./start /path/to/gerrit-slave <component-name>
+```
+
+The `<component-name>` is one of: `apache-git-http-backend`, `git-gc`,
+`gerrit-slave`, `gerrit-master`, `gerrit-slave-init`.
+
+If a specific version of the image should be used, the `--tag TAG`-option can be
+used to provide the image tag:
+
+```
+./start /path/to/gerrit-slave --tag d4fad48 <component-name>
+```
+
+or define the tag as an env variable:
+
+```
+export TAG=d4fad48
+./start /path/to/gerrit-slave <component-name>
+```
+
+To detach the running container from the shell, use the `--detach`-flag:
+
+```
+./start --detach /path/to/gerrit-slave <component-name>
+```
+
+## Important notes
+
+Currently, java is installed under `/usr/lib/jvm/java-8-openjdk-amd64/jre`.
+Therefore, make sure that `container.javaHome` is set to that path in the `gerrit.config`:
+```
+ javaHome = /usr/lib/jvm/java-8-openjdk-amd64/jre
+```
+
+The mysql-replication-init docker image is only required for setting up the Gerrit
+slave on Kubernetes. If deploying the Gerrit slave outside of Kubernetes, it can
+be ignored.
+
+# Helm Charts
+
+These Helm charts can be used to install a Gerrit cluster consisting of a
+Gerrit master and a Gerrit slave on a Kubernetes cluster.
+
+## File System Storage
+
+Currently this deployment uses NFS, some options:
+
+* Create an EFS volume on AWS
+* Install a NFS server on Kubernetes cluster which doesn't have read-write-many
+Persistent Volumes available using
+[NFS-provisioner](helm-charts/gerrit-master/docs/nfs-provisioner.md)
+
+## Gerrit Master
+
+* Install a [MySQL master](helm-charts/gerrit-master/docs/mysqld.md)
+* Install a [Gerrit master](helm-charts/gerrit-master/README.md)
+
+## Gerrit Slave
+
+* Install a [MySQL slave](helm-charts/gerrit-slave/docs/mysqld.md)
+* Install a [Gerrit slave](helm-charts/gerrit-slave/README.md)
diff --git a/build b/build
new file mode 100755
index 0000000..3c52353
--- /dev/null
+++ b/build
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+usage() {
+ me=`basename "$0"`
+ echo >&2 "Usage: $me [--tag TAG] [--gerrit-url URL] [IMAGE]"
+ exit 1
+}
+
+while test $# -gt 0 ; do
+ case "$1" in
+ --tag)
+ shift
+ TAG=$1
+ shift
+ ;;
+
+ --gerrit-url)
+ shift
+ GERRIT_WAR_URL=$1
+ shift
+ ;;
+
+ *)
+ break
+ esac
+done
+
+GIT_REV=$(git describe --dirty)
+
+test -z "$TAG" && TAG=latest
+
+docker_build(){
+ IMAGE=$1
+
+ if ([[ $IMAGE = "gerrit-slave" ]] && test -n "$GERRIT_WAR_URL"); then
+ BUILD_ARGS="--build-arg GERRIT_WAR_URL=$GERRIT_WAR_URL"
+ fi
+
+ docker build $BUILD_ARGS -t k8sgerrit/$IMAGE:$TAG -t k8sgerrit/$IMAGE:$GIT_REV ./container-images/$IMAGE && BUILD_SUCCESS=1
+ if test -z "$BUILD_SUCCESS"; then
+ REPORT="$REPORT Failed: k8sgerrit/$IMAGE.\n"
+ RETURN_CODE=1
+ else
+ REPORT="$REPORT Success: k8sgerrit/$IMAGE:$TAG\n Success: k8sgerrit/$IMAGE:$GIT_REV\n"
+ fi
+}
+
+REPORT="Build results: \n"
+RETURN_CODE=0
+
+docker build -t base ./container-images/base || {
+ echo -e "\n\nFailed to build base image."
+ exit 1
+ }
+
+if test $# -eq 0 ; then
+ docker build -t gerrit-base ./container-images/gerrit-base || {
+ echo -e "\n\nFailed to build gerrit-base image."
+ exit 1
+ }
+ for IMAGE in apache-git-http-backend gerrit-master gerrit-slave git-gc mysql-replication-init gerrit-slave-init; do
+ docker_build $IMAGE
+ done
+else
+ while test $# -gt 0 ; do
+ if [[ $1 = gerrit-* ]]; then
+ docker build -t gerrit-base ./container-images/gerrit-base || {
+ echo -e "\n\nFailed to build gerrit-base image."
+ exit 1
+ }
+ fi
+ docker_build $1
+ shift
+ done
+fi
+
+echo -e "\n\n$REPORT"
+exit $RETURN_CODE
diff --git a/container-images/apache-git-http-backend/Dockerfile b/container-images/apache-git-http-backend/Dockerfile
new file mode 100644
index 0000000..d341e6d
--- /dev/null
+++ b/container-images/apache-git-http-backend/Dockerfile
@@ -0,0 +1,33 @@
+FROM base:latest
+
+# Install apache2
+RUN apt-get update && apt-get -y install apache2 apache2-utils
+RUN a2enmod cgi alias env ssl
+
+# Configure git-http-backend
+COPY git-https-backend.conf /etc/apache2/sites-available/
+RUN ln -s \
+ /etc/apache2/sites-available/git-https-backend.conf \
+ /etc/apache2/sites-enabled/git-https-backend.conf
+COPY git-http-backend.conf /etc/apache2/sites-available/
+RUN ln -s \
+ /etc/apache2/sites-available/git-http-backend.conf \
+ /etc/apache2/sites-enabled/git-http-backend.conf
+RUN sed -i -e 's/APACHE_RUN_USER=www-data/APACHE_RUN_USER=gerrit/' /etc/apache2/envvars
+RUN sed -i -e 's/APACHE_RUN_GROUP=www-data/APACHE_RUN_GROUP=users/' /etc/apache2/envvars
+
+COPY tools/* /var/tools/
+COPY tools/create_repo.sh /var/cgi/create_repo.sh
+RUN rm -f /etc/apache2/sites-enabled/000-default.conf
+
+# Allow incoming traffic
+EXPOSE 80
+EXPOSE 443
+
+ARG GERRIT_UID=1000
+RUN useradd gerrit -u $GERRIT_UID -g users
+
+VOLUME ["/var/gerrit/git", "/var/apache/credentials", "/var/log/apache2"]
+
+# Start
+ENTRYPOINT ["/bin/bash", "-c", "/var/tools/verify_fs_permissions && /var/tools/start"]
diff --git a/container-images/apache-git-http-backend/git-http-backend.conf b/container-images/apache-git-http-backend/git-http-backend.conf
new file mode 100644
index 0000000..ba42d31
--- /dev/null
+++ b/container-images/apache-git-http-backend/git-http-backend.conf
@@ -0,0 +1,48 @@
+<VirtualHost *:80>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ ServerName localhost
+ ServerAdmin webmaster@localhost
+
+ UseCanonicalName On
+
+ SetEnv GIT_PROJECT_ROOT /var/gerrit/git
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
+ ScriptAliasMatch "(?i)^/new/(.*)" "/var/cgi/create_repo.sh"
+
+ Alias /git /var/gerrit/git
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ LogLevel warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+ <Files "git-http-backend">
+ AuthType Basic
+ AuthName "Restricted Content"
+ AuthUserFile /var/apache/credentials/.htpasswd
+ Require valid-user
+ </Files>
+ <Files "create_repo.sh">
+ AuthType Basic
+ AuthName "Restricted Content"
+ AuthUserFile /var/apache/credentials/.htpasswd
+ Require valid-user
+ </Files>
+</VirtualHost>
diff --git a/container-images/apache-git-http-backend/git-https-backend.conf b/container-images/apache-git-http-backend/git-https-backend.conf
new file mode 100644
index 0000000..6d1c961
--- /dev/null
+++ b/container-images/apache-git-http-backend/git-https-backend.conf
@@ -0,0 +1,52 @@
+<VirtualHost *:443>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ ServerName localhost
+ ServerAdmin webmaster@localhost
+
+ UseCanonicalName On
+
+ SetEnv GIT_PROJECT_ROOT /var/gerrit/git
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
+ ScriptAliasMatch "(?i)^/new/(.*)" "/var/cgi/create_repo.sh"
+
+ Alias /git /var/gerrit/git
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ LogLevel warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ SSLEngine on
+ SSLCertificateFile /var/apache/credentials/server.crt
+ SSLCertificateKeyFile /var/apache/credentials/server.key
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+ <Files "git-http-backend">
+ AuthType Basic
+ AuthName "Restricted Content"
+ AuthUserFile /var/apache/credentials/.htpasswd
+ Require valid-user
+ </Files>
+ <Files "create_repo.sh">
+ AuthType Basic
+ AuthName "Restricted Content"
+ AuthUserFile /var/apache/credentials/.htpasswd
+ Require valid-user
+ </Files>
+</VirtualHost>
diff --git a/container-images/apache-git-http-backend/start b/container-images/apache-git-http-backend/start
new file mode 100755
index 0000000..e25fe84
--- /dev/null
+++ b/container-images/apache-git-http-backend/start
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+MODE=$1 && shift
+NAME=$1 && shift
+SITE=$1 && shift
+ENABLE_HTTP=$1 && shift
+REGISTRY=$1 && shift
+TAG=$1 && shift
+OWNER_UID=$1 && shift
+OWNER_GID=$1 && shift
+ENV=$1 && shift
+
+create_dir "$SITE/log_apache2" $OWNER_UID $OWNER_GID
+
+docker run $MODE \
+ -h $(hostname -f) \
+ --name ${NAME} \
+ -p 8080:80 \
+ -p 8081:443 \
+ -v $SITE/git:/var/gerrit/git \
+ -v $SITE/etc:/var/apache/credentials \
+ -v $SITE/log_apache2:/var/log/apache2 \
+ $ENV \
+ $ENABLE_HTTP \
+ ${REGISTRY}k8sgerrit/${NAME}:${TAG}
diff --git a/container-images/apache-git-http-backend/tools/create_repo.sh b/container-images/apache-git-http-backend/tools/create_repo.sh
new file mode 100755
index 0000000..109e46a
--- /dev/null
+++ b/container-images/apache-git-http-backend/tools/create_repo.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+echo "Content-type: text/html"
+echo ""
+
+REPO=${REQUEST_URI##/new/}
+
+if [[ "${REPO}" != *".git" ]]; then
+ REPO="${REPO}.git"
+fi
+
+git init --bare /var/gerrit/git/${REPO} > /dev/null || \
+ {
+ echo "Status: 400 Repository could not be created."
+ exit 1
+ }
+
+if test -f /var/gerrit/git/${REPO}/HEAD; then
+ echo "Status: 201 Created repository ${REPO}"
+ exit 0
+else
+ echo "Status: 400 Repository could not be created."
+ exit 1
+fi
diff --git a/container-images/apache-git-http-backend/tools/start b/container-images/apache-git-http-backend/tools/start
new file mode 100755
index 0000000..80dd3b8
--- /dev/null
+++ b/container-images/apache-git-http-backend/tools/start
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if test ! -f /var/apache/credentials/server.crt ;then
+ openssl genrsa -des3 -passout pass:secret \
+ -out /var/apache/credentials/server.pass.key 2048
+ openssl rsa -passin pass:secret -in /var/apache/credentials/server.pass.key \
+ -out /var/apache/credentials/server.key
+ rm /var/apache/credentials/server.pass.key
+ openssl req -new -key /var/apache/credentials/server.key \
+ -out /var/apache/credentials/server.csr -subj "/C=DE/O=Gerrit/CN=localhost"
+ openssl x509 -req -days 365 -in /var/apache/credentials/server.csr \
+ -signkey /var/apache/credentials/server.key \
+ -out /var/apache/credentials/server.crt
+ echo "Created a self-signed certificate in /var/apache/credentials/server.crt"
+fi
+
+if [ -z "$ENABLE_HTTP" ] || [ "$ENABLE_HTTP" = "false" ] ;then
+ rm /etc/apache2/sites-enabled/git-http-backend.conf
+fi
+
+if test ! -f /var/apache/credentials/.htpasswd ;then
+ htpasswd -cdb /var/apache/credentials/.htpasswd gerrit secret
+fi
+
+/etc/init.d/apache2 start \
+ && tail -F -q -n +1 /var/log/apache2/*.log
\ No newline at end of file
diff --git a/container-images/apache-git-http-backend/tools/verify_fs_permissions b/container-images/apache-git-http-backend/tools/verify_fs_permissions
new file mode 100755
index 0000000..bf449c6
--- /dev/null
+++ b/container-images/apache-git-http-backend/tools/verify_fs_permissions
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+gerrit_uid=$(id -u gerrit)
+gerrit_gid=$(cut -d: -f3 < <(getent group users))
+
+for dir in /var/gerrit/* /var/apache/credentials /var/log/apache2; do
+ /var/tools/validate_site.sh $dir $gerrit_uid $gerrit_gid || exit 1
+done
\ No newline at end of file
diff --git a/container-images/base/Dockerfile b/container-images/base/Dockerfile
new file mode 100644
index 0000000..d08e8b3
--- /dev/null
+++ b/container-images/base/Dockerfile
@@ -0,0 +1,9 @@
+FROM ubuntu:18.04
+
+RUN apt-get update
+RUN apt-get -y install git
+
+# Allow remote connectivity and sudo
+RUN apt-get -y install openssh-client sudo
+
+COPY tools/* /var/tools/
\ No newline at end of file
diff --git a/container-images/base/tools/validate_site.sh b/container-images/base/tools/validate_site.sh
new file mode 100755
index 0000000..2356228
--- /dev/null
+++ b/container-images/base/tools/validate_site.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+dir=$1
+target_uid=$2
+target_gid=$3
+
+check_fs_permissions(){
+ actual_uid=$(ls -lnd $dir | tr -s ' ' | cut -d ' ' -f 3)
+ actual_gid=$(ls -lnd $dir | tr -s ' ' | cut -d ' ' -f 4)
+
+ if [ ! -d "$dir" ]; then
+ echo "The provided site seems to be invalid. Missing: $dir"
+ return 1
+ fi
+
+ if [[ "$actual_uid" != "$target_uid" ]]; then
+ echo "The provided Gerrit site is not owned by the correct UID."
+ echo "$dir should be owned by user $target_uid, but is owned by $actual_uid"
+ return 1
+ fi
+
+ if [[ "$actual_gid" != "$target_gid" ]]; then
+ echo "The provided Gerrit site is not owned by the correct GID."
+ echo "$dir should be owned by group $target_gid, but is owned by $actual_gid"
+ return 1
+ fi
+
+ if [ ! -r "$dir" ]; then
+ echo "Cannot read $dir."
+ return 1
+ fi
+
+ if [ ! -w "$dir" ]; then
+ echo "Cannot write in $dir."
+ return 1
+ fi
+
+ return 0
+}
+
+fix_fs_permissions(){
+ echo "Trying to fix file permissions"
+ chown -R $target_uid:$target_gid $dir
+ chmod -R 755 $dir
+ check_fs_permissions || {
+ echo "Failed to fix file permissions. Please fix them manually on the host system.";
+ exit 1;
+ }
+ echo "Success!"
+ echo ""
+}
+
+check_fs_permissions || {
+ [[ "$FIXFS" == "true" ]] && fix_fs_permissions
+}
diff --git a/container-images/gerrit-base/Dockerfile b/container-images/gerrit-base/Dockerfile
new file mode 100644
index 0000000..4120a10
--- /dev/null
+++ b/container-images/gerrit-base/Dockerfile
@@ -0,0 +1,21 @@
+FROM base:latest
+
+RUN apt-get update && apt-get -y install curl unzip openjdk-8-jdk
+
+RUN mkdir -p /var/gerrit/bin
+RUN mkdir -p /var/gerrit/etc
+
+# Download Gerrit release
+ARG GERRIT_WAR_URL=https://gerrit-ci.gerritforge.com/job/Gerrit-buck-stable-2.12/lastSuccessfulBuild/artifact/gerrit/buck-out/gen/gerrit.war
+RUN curl -k -o /var/gerrit/bin/gerrit.war ${GERRIT_WAR_URL}
+
+ARG GERRIT_UID=1000
+RUN useradd gerrit -u $GERRIT_UID -g users
+
+# Allow incoming traffic
+EXPOSE 29418 8080
+
+RUN chown -R gerrit:users /var/gerrit
+USER gerrit
+
+ENTRYPOINT ["/bin/bash", "/var/tools/start"]
diff --git a/container-images/gerrit-master/Dockerfile b/container-images/gerrit-master/Dockerfile
new file mode 100644
index 0000000..689a53e
--- /dev/null
+++ b/container-images/gerrit-master/Dockerfile
@@ -0,0 +1,3 @@
+FROM gerrit-base:latest
+
+COPY tools/* /var/tools/
diff --git a/container-images/gerrit-master/start b/container-images/gerrit-master/start
new file mode 100755
index 0000000..0a8c47c
--- /dev/null
+++ b/container-images/gerrit-master/start
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+MODE=$1 && shift
+NAME=$1 && shift
+SITE=$1 && shift
+REGISTRY=$1 && shift
+TAG=$1 && shift
+OWNER_UID=$1 && shift
+OWNER_GID=$1 && shift
+ENV=$1 && shift
+
+create_dir "$SITE/logs" $OWNER_UID $OWNER_GID
+
+docker run $MODE \
+ -h $(hostname -f) \
+ --name ${NAME} \
+ -p 8082:8080 \
+ -p 29418:29418 \
+ -v $SITE/etc:/var/gerrit/etc \
+ -v $SITE/git:/var/gerrit/git \
+ -v $SITE/logs:/var/gerrit/logs \
+ -v $SITE/lib:/var/gerrit/lib \
+ $ENV \
+ ${REGISTRY}k8sgerrit/${NAME}:${TAG}
diff --git a/container-images/gerrit-master/tools/start b/container-images/gerrit-master/tools/start
new file mode 100755
index 0000000..b9c54c5
--- /dev/null
+++ b/container-images/gerrit-master/tools/start
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+gerrit_uid=$(id -u)
+gerrit_gid=$(cut -d: -f3 < <(getent group users))
+
+for dir in /var/gerrit/*; do
+ /var/tools/validate_site.sh $dir $gerrit_uid $gerrit_gid || exit 1
+done
+
+java -jar /var/gerrit/bin/gerrit.war init \
+ --batch \
+ -d /var/gerrit
+
+java -jar /var/gerrit/bin/gerrit.war reindex \
+ -d /var/gerrit
+
+git config -f /var/gerrit/etc/gerrit.config container.javaOptions "-Djava.security.egd=file:/dev/./urandom"
+
+/var/gerrit/bin/gerrit.sh start
+
+tail -F -n +1 /var/gerrit/logs/{error,httpd,sshd}_log
diff --git a/container-images/gerrit-slave-init/Dockerfile b/container-images/gerrit-slave-init/Dockerfile
new file mode 100644
index 0000000..7202a25
--- /dev/null
+++ b/container-images/gerrit-slave-init/Dockerfile
@@ -0,0 +1,14 @@
+FROM k8sgerrit/gerrit-slave:latest
+
+USER root
+
+RUN apt-get update && \
+ apt-get install -y mysql-client
+
+COPY tools/* /var/tools/
+
+ENV TEST_MODE=
+
+USER gerrit
+
+ENTRYPOINT ["/bin/bash", "-c", "/var/tools/verify_fs_permissions && /var/tools/start"]
\ No newline at end of file
diff --git a/container-images/gerrit-slave-init/start b/container-images/gerrit-slave-init/start
new file mode 100755
index 0000000..2c620f8
--- /dev/null
+++ b/container-images/gerrit-slave-init/start
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+MODE=$1 && shift
+NAME=$1 && shift
+SITE=$1 && shift
+REGISTRY=$1 && shift
+TAG=$1 && shift
+OWNER_UID=$1 && shift
+OWNER_GID=$1 && shift
+ENV=$1 && shift
+
+create_dir "$SITE/logs" $OWNER_UID $OWNER_GID
+
+docker run $MODE \
+ -h $(hostname -f) \
+ --name ${NAME} \
+ -v $SITE/etc:/var/gerrit/etc \
+ -v $SITE/git:/var/gerrit/git \
+ -v $SITE/logs:/var/gerrit/logs \
+ -v $SITE/lib:/var/gerrit/lib \
+ $ENV \
+ ${REGISTRY}k8sgerrit/${NAME}:${TAG}
diff --git a/container-images/gerrit-slave-init/tools/start b/container-images/gerrit-slave-init/tools/start
new file mode 100755
index 0000000..53897a3
--- /dev/null
+++ b/container-images/gerrit-slave-init/tools/start
@@ -0,0 +1,134 @@
+#!/bin/bash
+
+get_db_config(){
+ if test -f "/var/gerrit/etc/secure.config"; then
+ export DB_USER=$(git config --file /var/gerrit/etc/secure.config --get database.username)
+ export DB_PASSWORD=$(git config --file /var/gerrit/etc/secure.config --get database.password)
+ fi
+
+ if test -f "/var/gerrit/etc/gerrit.config"; then
+ export DB_TYPE=$(git config --file /var/gerrit/etc/gerrit.config --get database.type)
+ export DB_NAME=$(git config --file /var/gerrit/etc/gerrit.config --get database.database)
+ export DB_HOST=$(git config --file /var/gerrit/etc/gerrit.config --get database.hostname)
+ export DB_PORT=$(git config --file /var/gerrit/etc/gerrit.config --get database.port)
+ fi
+
+ if test -z "${DB_USER}"; then
+ echo "Missing database username in Gerrit config."
+ exit 1
+ fi
+
+ if test -z "${DB_PASSWORD}"; then
+ echo "Missing database password in Gerrit config."
+ exit 1
+ fi
+
+ if test -z "${DB_NAME}"; then
+ export DB_NAME="reviewdb"
+ fi
+
+ if test -z "${DB_HOST}"; then
+ echo "Missing database host in Gerrit config."
+ exit 1
+ fi
+
+ if test -z "${DB_PORT}"; then
+ echo "Missing database port in Gerrit config."
+ exit 1
+ fi
+
+ return 0
+}
+
+test_repositories(){
+ local EXIT_CODE=0
+ test -d "/var/gerrit/git/All-Projects.git" || EXIT_CODE=1
+ return ${EXIT_CODE}
+}
+
+test_mysql_db(){
+ local EXIT_CODE=0
+ mysql -h ${DB_HOST} -P${DB_PORT} -u ${DB_USER} -p${DB_PASSWORD} ${DB_NAME} >/dev/null 2>&1 </dev/null || EXIT_CODE=1
+ # Check existence of some tables
+ for table in accounts changes patch_sets; do # tables expected in Gerrit 2.12
+ SQL_EXISTS=$(printf 'SHOW TABLES LIKE "%s"' "${table}")
+ if [[ $(mysql -h ${DB_HOST} -P${DB_PORT} -u ${DB_USER} -p${DB_PASSWORD} -e "${SQL_EXISTS}" ${DB_NAME}) ]]; then
+ echo "Table ${table} was found."
+ else
+ echo "Table ${table} was NOT found. Continuing to wait..."
+ local EXIT_CODE=1
+ break
+ fi
+ done
+ return ${EXIT_CODE}
+}
+
+wait_for_repositories(){
+ echo "Waiting for replicated repositories."
+ while [ true ]; do
+ test_repositories && break
+ sleep 10
+ done
+ echo "The All-Projects.git repository was found."
+}
+
+wait_for_db_schema(){
+ echo "Waiting for database to be ready."
+
+ case "${DB_TYPE^^}" in
+ MYSQL)
+ while [ true ]; do
+ test_mysql_db && break
+ sleep 10
+ done
+ ;;
+
+ *)
+ echo "Database type ${DB_TYPE} not supported."
+ exit 1
+ ;;
+ esac
+ echo "Database was found."
+}
+
+wait_for_db_connection(){
+ echo "Waiting for database connection..."
+
+ case "${DB_TYPE^^}" in
+ MYSQL)
+ while ! mysqladmin ping -h "${DB_HOST}" -P"${DB_PORT}" --silent; do
+ sleep 1
+ done
+ ;;
+
+ *)
+ echo "Database type ${DB_TYPE} not supported."
+ exit 1
+ ;;
+ esac
+}
+
+# cleanup from last start
+rm -f /var/gerrit/logs/gerrit.pid
+
+# read db configuration from gerrit.config
+get_db_config || exit 1
+
+# wait for db to start
+wait_for_db_connection
+
+if [[ "$TEST_MODE" == "true" ]]; then
+ java -jar /var/gerrit/bin/gerrit.war init \
+ --batch \
+ --no-auto-start \
+ --install-plugin singleusergroup \
+ -d /var/gerrit
+fi
+
+# wait for All-Projects to arrive via replication from master
+wait_for_repositories
+
+# wait for db schema to arrive via replication from master
+wait_for_db_schema
+
+echo "Gerrit site appears to be initialized. Gerrit slave can be startet."
\ No newline at end of file
diff --git a/container-images/gerrit-slave-init/tools/verify_fs_permissions b/container-images/gerrit-slave-init/tools/verify_fs_permissions
new file mode 100755
index 0000000..ee1baf6
--- /dev/null
+++ b/container-images/gerrit-slave-init/tools/verify_fs_permissions
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+gerrit_uid=$(id -u)
+gerrit_gid=$(cut -d: -f3 < <(getent group users))
+
+for dir in /var/gerrit/*; do
+ /var/tools/validate_site.sh $dir $gerrit_uid $gerrit_gid || exit 1
+done
\ No newline at end of file
diff --git a/container-images/gerrit-slave/Dockerfile b/container-images/gerrit-slave/Dockerfile
new file mode 100644
index 0000000..c511099
--- /dev/null
+++ b/container-images/gerrit-slave/Dockerfile
@@ -0,0 +1,19 @@
+FROM gerrit-base:latest
+
+RUN java -jar /var/gerrit/bin/gerrit.war init --batch --no-auto-start --install-plugin singleusergroup -d /var/gerrit
+
+# Install MySQL driver for Gerrit
+# TODO: Does not work for Gerrit >= 2.14, since the file structure in gerrit.war
+# changed
+RUN unzip -xOf /var/gerrit/bin/gerrit.war WEB-INF/lib/gerrit-pgm-init.jar -d /tmp && \
+ LIBRARY_CONFIG_PATH="com/google/gerrit/pgm/init/libraries.config" && \
+ unzip -xOf /tmp/WEB-INF/lib/gerrit-pgm-init.jar ${LIBRARY_CONFIG_PATH} -d /tmp && \
+ ( cd /var/gerrit/lib && \
+ curl -LO $(git config --file /tmp/${LIBRARY_CONFIG_PATH} --get library.mysqlDriver.url) ) && \
+ git config --file /tmp/${LIBRARY_CONFIG_PATH} --get library.mysqlDriver.sha1 && \
+ echo "$(git config --file /tmp/${LIBRARY_CONFIG_PATH} --get library.mysqlDriver.sha1) $(find /var/gerrit/lib -name 'mysql-connector-java-*.jar')" | shasum -c - && \
+ rm -rf /tmp/WEB-INF /tmp/${LIBRARY_CONFIG_PATH}
+
+RUN git config -f /var/gerrit/etc/gerrit.config container.slave true
+
+COPY tools/* /var/tools/
diff --git a/container-images/gerrit-slave/start b/container-images/gerrit-slave/start
new file mode 100755
index 0000000..0a8c47c
--- /dev/null
+++ b/container-images/gerrit-slave/start
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+MODE=$1 && shift
+NAME=$1 && shift
+SITE=$1 && shift
+REGISTRY=$1 && shift
+TAG=$1 && shift
+OWNER_UID=$1 && shift
+OWNER_GID=$1 && shift
+ENV=$1 && shift
+
+create_dir "$SITE/logs" $OWNER_UID $OWNER_GID
+
+docker run $MODE \
+ -h $(hostname -f) \
+ --name ${NAME} \
+ -p 8082:8080 \
+ -p 29418:29418 \
+ -v $SITE/etc:/var/gerrit/etc \
+ -v $SITE/git:/var/gerrit/git \
+ -v $SITE/logs:/var/gerrit/logs \
+ -v $SITE/lib:/var/gerrit/lib \
+ $ENV \
+ ${REGISTRY}k8sgerrit/${NAME}:${TAG}
diff --git a/container-images/gerrit-slave/tools/start b/container-images/gerrit-slave/tools/start
new file mode 100755
index 0000000..926ee0f
--- /dev/null
+++ b/container-images/gerrit-slave/tools/start
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+gerrit_uid=$(id -u)
+gerrit_gid=$(cut -d: -f3 < <(getent group users))
+
+for dir in /var/gerrit/*; do
+ /var/tools/validate_site.sh $dir $gerrit_uid $gerrit_gid || exit 1
+done
+
+JAVA_OPTIONS=$(git config --file /var/gerrit/etc/gerrit.config --get-all container.javaOptions)
+git config -f /var/gerrit/etc/gerrit.config container.slave true
+
+# workaround gerrit.sh does not start httpd
+java ${JAVA_OPTIONS} -jar /var/gerrit/bin/gerrit.war daemon \
+ -d /var/gerrit \
+ --enable-httpd \
+ --slave &
+
+tail -F -n +1 /var/gerrit/logs/{error,httpd,sshd}_log
diff --git a/container-images/git-gc/Dockerfile b/container-images/git-gc/Dockerfile
new file mode 100644
index 0000000..18790b1
--- /dev/null
+++ b/container-images/git-gc/Dockerfile
@@ -0,0 +1,18 @@
+FROM base:latest
+
+# Install cron
+RUN apt-get update
+RUN apt-get -y install cron
+
+COPY tools/* /var/tools/
+COPY cron/* /var/cron/
+RUN mkdir -p /var/log/git
+
+ARG GERRIT_UID=1000
+RUN useradd gerrit -u $GERRIT_UID -g users
+RUN chown gerrit:users /var/log/git
+
+VOLUME ["/var/gerrit/git"]
+
+# Start
+ENTRYPOINT ["/bin/bash", "/var/tools/start"]
diff --git a/container-images/git-gc/cron/crontab b/container-images/git-gc/cron/crontab
new file mode 100644
index 0000000..f3b8b23
--- /dev/null
+++ b/container-images/git-gc/cron/crontab
@@ -0,0 +1,2 @@
+0 6 * * * /var/tools/gc-all.sh
+30 17 * * * /var/tools/gc-all.sh
diff --git a/container-images/git-gc/start b/container-images/git-gc/start
new file mode 100755
index 0000000..a8c4b07
--- /dev/null
+++ b/container-images/git-gc/start
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+MODE=$1 && shift
+NAME=$1 && shift
+SITE=$1 && shift
+REGISTRY=$1 && shift
+TAG=$1 && shift
+ENV=$1 && shift
+
+docker run $MODE \
+ --name ${NAME} \
+ -v $SITE/git:/var/gerrit/git \
+ $ENV \
+ ${REGISTRY}k8sgerrit/${NAME}:${TAG}
diff --git a/container-images/git-gc/tools/gc-all.sh b/container-images/git-gc/tools/gc-all.sh
new file mode 100755
index 0000000..b27d297
--- /dev/null
+++ b/container-images/git-gc/tools/gc-all.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+log() {
+ # Rotate the $LOG if current date is different from the last modification of $LOG
+ if test -f "$LOG" ; then
+ TODAY=$(date +%Y-%m-%d)
+ LOG_LAST_MODIFIED=$(date +%Y-%m-%d -r $LOG)
+ if test "$TODAY" != "$LOG_LAST_MODIFIED" ; then
+ mv "$LOG" "$LOG.$LOG_LAST_MODIFIED"
+ gzip "$LOG.$LOG_LAST_MODIFIED"
+ fi
+ fi
+
+ echo $1 | tee -a $LOG
+}
+
+TOP=/var/gerrit/git
+LOG=/var/log/git/gc.log
+OUT=$(date +"%D %r Started") && log "$OUT"
+
+gc_options() {
+ if test -f "$1/gc-aggressive" ; then
+ echo "--aggressive"
+ elif test -f "$1/gc-aggressive-once" ; then
+ echo "--aggressive"
+ rm -f "$1/gc-aggressive-once"
+ else
+ echo ""
+ fi
+}
+
+log_opts() {
+ if test -z $1 ; then
+ echo ""
+ else
+ echo " [$1]"
+ fi
+}
+
+find $TOP -type d -name \*.git -print0 | sed 's,^./,,' | while IFS= read -r -d $'\0' d
+do
+ OPTS=$(gc_options $d)
+ LOG_OPTS=$(log_opts $OPTS)
+
+ OUT=$(date +"%D %r Started: $d$LOG_OPTS") && log "$OUT"
+
+ git --git-dir="$d" config core.logallrefupdates true
+
+ git --git-dir="$d" config repack.usedeltabaseoffset true
+ git --git-dir="$d" config repack.writebitmaps true
+ git --git-dir="$d" config pack.compression 9
+ git --git-dir="$d" config pack.indexversion 2
+
+ git --git-dir="$d" config gc.autodetach false
+ git --git-dir="$d" config gc.autopacklimit 4
+ git --git-dir="$d" config gc.packrefs true
+ git --git-dir="$d" config gc.reflogexpire never
+ git --git-dir="$d" config gc.reflogexpireunreachable never
+ git --git-dir="$d" config receive.autogc false
+
+ OUT=$(git --git-dir="$d" gc --auto --prune $OPTS || date +"%D %r Failed: $d") \
+ && log "$OUT"
+
+ (find "$d/refs/changes" -type d | xargs rmdir;
+ find "$d/refs/changes" -type d | xargs rmdir
+ ) 2>/dev/null
+
+ OUT=$(date +"%D %r Finished: $d$LOG_OPTS") && log "$OUT"
+
+done
+
+OUT=$(date +"%D %r Finished") && log "$OUT"
diff --git a/container-images/git-gc/tools/start b/container-images/git-gc/tools/start
new file mode 100755
index 0000000..5781ce5
--- /dev/null
+++ b/container-images/git-gc/tools/start
@@ -0,0 +1,12 @@
+gerrit_uid=$(id -u gerrit)
+gerrit_gid=$(cut -d: -f3 < <(getent group users))
+
+/etc/init.d/cron start
+
+for dir in /var/gerrit/*; do
+ /var/tools/validate_site.sh $dir $gerrit_uid $gerrit_gid || exit 1
+done
+
+sudo -u gerrit crontab /var/cron/crontab \
+ && touch /var/log/git/gc.log \
+ && tail -F -n +1 /var/log/git/gc.log
diff --git a/container-images/mysql-replication-init/Dockerfile b/container-images/mysql-replication-init/Dockerfile
new file mode 100644
index 0000000..5d0f8f3
--- /dev/null
+++ b/container-images/mysql-replication-init/Dockerfile
@@ -0,0 +1,7 @@
+FROM ubuntu:18.04
+
+RUN apt-get update && apt-get install -y mysql-client
+
+COPY tools/* /var/tools/
+
+ENTRYPOINT ["/bin/bash", "/var/tools/start"]
\ No newline at end of file
diff --git a/container-images/mysql-replication-init/tools/start b/container-images/mysql-replication-init/tools/start
new file mode 100755
index 0000000..020a992
--- /dev/null
+++ b/container-images/mysql-replication-init/tools/start
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+test -z "${FILEPATH}" && FILEPATH=/var/data/db/master_dump.sql
+mkdir -p $(dirname "${FILEPATH}")
+useradd gerrit -u 1000 -g users
+chown -R gerrit:users /var/data/db
+rm -f ${FILEPATH} || echo "File did not exist yet."
+
+getTimeFromLastChange() {
+ lastAccess=$(stat --format=%Y ${FILEPATH})
+ now=$(date +%s)
+ timePassed=$((now - lastAccess))
+ echo ${timePassed}
+}
+
+while test -z ${FINISHED}; do
+ sleep 5
+ if [ -f ${FILEPATH} ]; then
+ FINISHED="true"
+ fi
+ echo "Waiting for database dump file at ${FILEPATH}"
+done
+
+while [ true ]; do
+ lastChange=$(getTimeFromLastChange ${FILEPATH})
+ if [ "${lastChange}" -lt 5 ]; then
+ echo "waiting"
+ sleep 1
+ else
+ echo "done"
+ break
+ fi
+done
+
+# Load database dump into database
+mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD} < ${FILEPATH}
+
+# Configure and start database slave
+mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD} \
+ -e "set @replpwd='${REPL_PASSWORD}'; source /var/sql/initialize-slave.sql;"
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/.helmignore b/helm-charts/gerrit-master/.helmignore
new file mode 100644
index 0000000..4a00615
--- /dev/null
+++ b/helm-charts/gerrit-master/.helmignore
@@ -0,0 +1,25 @@
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+docs/
+supplements/
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/Chart.yaml b/helm-charts/gerrit-master/Chart.yaml
new file mode 100644
index 0000000..7fa3744
--- /dev/null
+++ b/helm-charts/gerrit-master/Chart.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+appVersion: 2.12
+description: |-
+ Gerrit is a free, web-based team code collaboration tool. Software developers
+ in a team can review each other's modifications on their source code using
+ a Web browser and approve or reject those changes. It integrates closely with
+ Git, a distributed version control system. [1]
+
+ [1](https://en.wikipedia.org/wiki/Gerrit_(software)
+name: gerrit-master
+version: 0.1.0
+maintainers:
+- name: Thomas Draebing
+ email: thomas.draebing@sap.com
+- name: Matthias Sohn
+ email: matthias.sohn@sap.com
+- name: Sasa Zivkov
+ email: sasa.zivkov@sap.com
+- name: Christian Halstrick
+ email: christian.halstrick@sap.com
+home: https://gerrit.googlesource.com/k8s-gerrit/+/master/helm-charts/gerrit-slave
+icon: http://commondatastorage.googleapis.com/gerrit-static/diffy-w200.png
+sources:
+- https://gerrit.googlesource.com/k8s-gerrit/+/master/
+keywords:
+- gerrit
+- git
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/LICENSE b/helm-charts/gerrit-master/LICENSE
new file mode 100644
index 0000000..028fc9f
--- /dev/null
+++ b/helm-charts/gerrit-master/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright (C) 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/helm-charts/gerrit-master/README.md b/helm-charts/gerrit-master/README.md
new file mode 100644
index 0000000..3113afe
--- /dev/null
+++ b/helm-charts/gerrit-master/README.md
@@ -0,0 +1,241 @@
+# Gerrit on Kubernetes
+
+Gerrit is a web-based code review tool, which acts as a Git server. This helm
+chart provides a Gerrit setup that can be deployed on Kubernetes.
+The chart can deploy its own database (Currently on MySQL databases are supported)
+and provides a CronJob to perform Git garbage collection.
+
+## Prerequisites
+
+- Helm and Tiller (of course)
+
+ (Check out [this guide](https://docs.helm.sh/using_helm/#quickstart-guide)
+ how to install and use helm.)
+
+- Access to a provisioner for persistent volumes with `Read Write Many (RWM)`-
+ capability.
+
+ A list of applicaple volume types can be found
+ [here](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).
+ This project was developed using the
+ [NFS-server-provisioner helm chart](https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner),
+ a NFS-provisioner deployed in the Kubernetes cluster itself. Refer to
+ [this guide](/helm-charts/gerrit-master/docs/nfs-provisioner.md) of how to
+ deploy it in context of this project.
+
+- A [Java keystore](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#httpd.sslKeyStore)
+ to be used by Gerrit.
+
+- A domain name that is configured to point to the IP address of the node running
+ the Ingress controller on the kubernetes cluster (as described
+ [here](http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster/)).
+
+## Installing the Chart
+
+***note
+**ATTENTION:** The values for `gerritMaster.ingress.host` and `gerritMaster.keystore`
+are required for rendering the chart's templates. The nature of the values does
+not allow defaults. Thus a custom `values.yaml`-file setting this values is required!
+***
+
+To install the chart with the release name `gerrit-master`, execute:
+
+```sh
+cd $(git rev-parse --show-toplevel)/helm-charts
+helm install ./gerrit-master \
+ --dep-up \
+ -n gerrit-master \
+ -f <path-to-custom-values>.yaml
+```
+
+The command deploys the Gerrit instance on the current Kubernetes cluster.
+The [configuration section](#Configuration) lists the parameters that can be
+configured during installation.
+
+## Configuration
+
+The following sections list the configurable values in `values.yaml`. To configure
+a Gerrit setup, make a copy of the `values.yaml`-file and change the parameters
+as needed. The configuration can be applied by installing the chart as described
+[above](#Installing-the-chart).
+
+In addition, single options can be set without creating a custom `values.yaml`:
+
+```sh
+cd $(git rev-parse --show-toplevel)/helm-charts
+helm install ./gerrit-master \
+ --dep-up \
+ -n gerrit-master \
+ --set=gitRepositoryStorage.size=100Gi
+```
+
+### Container images
+
+| Parameter | Description | Default |
+|--------------------------------------------|------------------------------------------------------|----------------------------------------------------------------------|
+| `images.registry.name` | The image registry to pull the container images from | `` |
+| `images.registry.ImagePullSecret.name` | Name of the ImagePullSecret | `image-pull-secret` (if empty no image pull secret will be deployed) |
+| `images.registry.ImagePullSecret.create` | Whether to create an ImagePullSecret | `false` |
+| `images.registry.ImagePullSecret.username` | The image registry username | `nil` |
+| `images.registry.ImagePullSecret.password` | The image registry password | `nil` |
+| `images.version` | The image version (image tag) to use | `latest` |
+| `images.imagePullPolicy` | Image pull policy | `Always` |
+
+### Storage classes
+
+For information of how a `StorageClass` is configured in Kubernetes, read the
+[official Documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#introduction).
+
+| Parameter | Description | Default |
+|----------------------------------------|-------------------------------------------------------------------|---------------------------------------------------|
+| `storageClasses.default.name` | The name of the default StorageClass (RWO) | `default` |
+| `storageClasses.default.create` | Whether to create the StorageClass | `false` |
+| `storageClasses.default.provisioner` | Provisioner of the StorageClass | `kubernetes.io/aws-ebs` |
+| `storageClasses.default.reclaimPolicy` | Whether to `Retain` or `Delete` volumes, when they become unbound | `Delete` |
+| `storageClasses.default.parameters` | Parameters for the provisioner | `parameters.type: gp2`, `parameters.fsType: ext4` |
+| `storageClasses.shared.name` | The name of the shared StorageClass (RWM) | `shared-storage` |
+| `storageClasses.shared.create` | Whether to create the StorageClass | `false` |
+| `storageClasses.shared.provisioner` | Provisioner of the StorageClass | `nfs` |
+| `storageClasses.shared.reclaimPolicy` | Whether to `Retain` or `Delete` volumes, when they become unbound | `Delete` |
+| `storageClasses.shared.parameters` | Parameters for the provisioner | `parameters.mountOptions: vers=4.1` |
+
+### Storage for Git repositories
+
+| Parameter | Description | Default |
+|-----------------------------|-------------------------------------------------|---------|
+| `gitRepositoryStorage.size` | Size of the volume storing the Git repositories | `5Gi` |
+
+### Git garbage collection
+
+| Parameter | Description | Default |
+|-------------------------------------|------------------------------------------------------------------|--------------------------|
+| `gitGC.image` | Image name of the Git-GC container image | `k8s-gerrit/git-gc` |
+| `gitGC.schedule` | Cron-formatted schedule with which to run Git garbage collection | `0 6,18 * * *` |
+| `gitGC.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 100m` |
+| | | `requests.memory: 256Mi` |
+| | | `limits.cpu: 100m` |
+| | | `limits.memory: 256Mi` |
+| `gitGC.logging.persistence.enabled` | Whether to persist logs | `true` |
+| `gitGC.logging.persistence.size` | Storage size for persisted logs | `1Gi` |
+
+### Database
+
+Gerrit requires a database containing the user data. Currently this chart provides
+the possibility to install a MySQL database for this purpose. Other databases may
+be installed manually, if wanted.
+
+Since the configuration of the database is different depending on the database
+provider used, the configuration is described in separate documents (other
+databases may be added in future):
+
+- [MySQL](/helm-charts/gerrit-master/docs/mysql.md)
+
+### Gerrit
+
+***note
+The way the Jetty servlet used by Gerrit works, the Gerrit component of the
+gerrit-master chart actually requires the URL to be known, when the chart is installed.
+The suggested way to do that is to use the provided Ingress resource. This requires
+that a URL is available and that the DNS is configured to point the URL to the
+IP of the node the Ingress controller is running on!
+***
+
+***note
+Setting the canonical web URL in the gerrit.config to the host used for the Ingress
+is mandatory, if access to Gerrit is required!
+***
+
+| Parameter | Description | Default |
+|--------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------------|
+| `gerritMaster.images.gerritInit` | Image name of the Gerrit init container image | `k8s-gerrit/gerrit-slave-init` |
+| `gerritMaster.images.gerritMaster` | Image name of the Gerrit master container image | `k8s-gerrit/gerrit-master` |
+| `gerritMaster.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
+| | | `requests.memory: 5Gi` |
+| | | `limits.cpu: 1` |
+| | | `limits.memory: 6Gi` |
+| `gerritMaster.logging.persistence.enabled` | Whether to persist logs | `true` |
+| `gerritMaster.logging.persistence.size` | Storage size for persisted logs | `1Gi` |
+| `gerritMaster.service.type` | Which kind of Service to deploy | `NodePort` |
+| `gerritMaster.service.http.port` | Port over which to expose HTTP | `80` |
+| `gerritMaster.ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
+| `gerritMaster.ingress.alias` | Optional: ALias host name for the Ingress | `nil` |
+| `gerritMaster.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
+| `gerritMaster.ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
+| `gerritMaster.ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+| `gerritMaster.keystore` | REQUIRED: base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit | `nil` |
+| `gerritMaster.config.gerrit` | The contents of the gerrit.config | [see here](#Gerrit-config-files) |
+| `gerritMaster.config.secure` | The contents of the secure.config | [see here](#Gerrit-config-files) |
+| `gerritMaster.config.replication` | The contents of the replication.config | [see here](#Gerrit-config-files) |
+
+### Gerrit config files
+
+The gerrit-master chart provides a ConfigMap containing the `gerrit.config` as well
+as `replication.config` and a Secret containing the `secure.config` to configure
+the Gerrit installation in the Gerrit component. The content of the config files
+can be set in the `values.yaml` under the keys `gerritMaster.config.gerrit`,
+`gerritMaster.config.replication` and `gerritMaster.config.secure` respectively.
+All configuration options are described in detail in the
+[official documentation of Gerrit](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html).
+Some options however have to be set in a specified way for Gerrit to work as
+intended with the chart:
+
+- `gerrit.basePath`
+
+ Path to the directory containing the repositories. The chart mounts this
+ directory from a persistent volume to `/var/gerrit/git` in the container. For
+ Gerrit to find the correct directory, this has to be set to `git`.
+
+- `gerrit.canonicalWebUrl`
+
+ The canonical web URL has to be set to the Ingress host.
+
+- `database.*`
+
+ The default settings are configured to use the MySQL-database installed as a
+ dependency and if the chart is installed with the release name set to
+ `gerrit-master`. Only change this, if you decide to use a different database or
+ changed the default settings for the mysql-chart.
+
+- `httpd.listenURL`
+
+ This has to be set to `proxy-http://*:8080/` or `proxy-https://*:8080`,
+ depending of TLS is enabled in the Ingress or not, otherwise the Jetty
+ servlet will run into an endless redirect loop.
+
+- `container.user`
+
+ The technical user in the Gerrit container is called `gerrit`. Thus, this
+ value is required to be `gerrit`.
+
+- `container.javaHome`
+
+ This has to be set to `/usr/lib/jvm/java-8-openjdk-amd64`, since this is
+ the path of the Java installation in the container.
+
+- `container.javaOptions`
+
+ The maximum heap size has to be set. And its value has to be lower than the
+ memory resource limit set for the container (e.g. `-Xmx4g`). In your calculation,
+ allow memory for other components running in the container.
+
+## Upgrading the Chart
+
+To upgrade an existing installation of the gerrit-master chart, e.g. to install
+a newer chart version or to use an updated custom `values.yaml`-file, execute
+the following command:
+
+```sh
+cd $(git rev-parse --show-toplevel)/helm-charts
+helm upgrade <release-name> \
+ -f <path-to-custom-values>.yaml \
+ ./gerrit-master
+```
+
+## Uninstalling the Chart
+
+To delete the chart from the cluster, use:
+
+```sh
+helm delete <release-name> \
+ --purge
+```
diff --git a/helm-charts/gerrit-master/docs/mysql.md b/helm-charts/gerrit-master/docs/mysql.md
new file mode 100644
index 0000000..5c244db
--- /dev/null
+++ b/helm-charts/gerrit-master/docs/mysql.md
@@ -0,0 +1,112 @@
+# Configuring the MySQL-database
+
+To install a MySQL database with the gerrit-master chart, set `mysql.enabled`to
+true in the `values.yaml`. This will then install the
+[mysql chart](https://github.com/helm/charts/tree/master/stable/mysql)
+onto the Kubernetes cluster as a dependency.
+
+## Create certificates for SSL-encrypted communication
+
+For SSL-encrypted communication, a set of certificates is needed. Use the
+following commands to create them after adjusting the subject strings:
+
+```sh
+openssl genrsa -out ./ca.key.pem 4096
+
+openssl req \
+ -key ./ca.key.pem \
+ -new \
+ -x509 \
+ -days 7300 \
+ -sha256 \
+ -out ./ca.cert.pem \
+ -subj "/C=DE/O=Gerrit/CN=gerrit-db-master" \
+ -nodes
+
+openssl genrsa -out ./master.key.pem 4096
+
+openssl req \
+ -key ./master.key.pem \
+ -new \
+ -sha256 \
+ -out ./master.csr.pem \
+ -subj "/C=DE/O=Gerrit/CN=gerrit-db-master" \
+ -nodes
+
+openssl x509 \
+ -req \
+ -CA ./ca.cert.pem \
+ -CAkey ./ca.key.pem \
+ -CAcreateserial \
+ -in ./master.csr.pem \
+ -out ./master.cert.pem
+```
+
+## Configuration
+
+### mysql-chart
+
+The configuration of the database is done in the `values.yaml`of the gerrit-master
+chart under the `mysql`-key. The complete list of options for the mysql-chart can
+be viewed in the chart's [documentation](https://github.com/helm/charts/blob/master/stable/mysql/README.md).
+The options referenced in the gerrit-master chart's `values.yaml` are listed here:
+
+| Parameter | Description | Default |
+|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|
+| `mysql.enabled` | Whether to install the MySQL database | `true` |
+| `mysql.image` | Which container image containing MySQL to use | `mysql` |
+| `mysql.imageTag` | Tag of container image (usually the database version) | `5.5.61` |
+| `mysql.mysqlRootPassword` | Password of the database `root` user | `big_secret` |
+| `mysql.mysqlUser` | Database user (The technical user used by Gerrit) | `gerrit` |
+| `mysql.mysqlPassword` | Password of the database user | `secret` |
+| `mysql.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `30` |
+| `mysql.livenessProbe.periodSeconds` | How often to perform the probe | `10` |
+| `mysql.livenessProbe.timeoutSeconds` | When the probe times out | `5` |
+| `mysql.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
+| `mysql.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` |
+| `mysql.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `5` |
+| `mysql.readinessProbe.periodSeconds` | How often to perform the probe | `10` |
+| `mysql.readinessProbe.timeoutSeconds` | When the probe times out | `1` |
+| `mysql.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
+| `mysql.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` |
+| `mysql.persistence.enabled` | Create a volume to store data | `true` |
+| `mysql.persistence.size` | Size of persistent volume claim | `8Gi` |
+| `mysql.persistence.storageClass` | Type of persistent volume claim | `default` |
+| `mysql.persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` |
+| `mysql.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 250m` |
+| | | `requests.memory: 1Gi` |
+| | | `limits.cpu: 250m` |
+| | | `limits.memory: 1Gi` |
+| `mysql.configurationFiles` | Add configuration files for MySQL | `mysql.cnf` (check the [mysql.cnf-section](#mysql.cnf) for configuration options) |
+| `mysql.initializationFiles` | Add scripts that are executed, when the database is started the first time | `initialize_reviewdb.sql` (Should not be changed) |
+| `mysql.service.type` | Type of the Service used to expose the database | `NodePort` |
+| `mysql.service.port` | The port used to expose the database | `3306` |
+| `ssl.enabled` | Setup and use SSL for MySQL connections | `false` |
+| `ssl.secret` | Name of the secret containing the SSL certificates | master-ssl-certs |
+| `ssl.certificates[0].name` | Name of the secret containing the SSL certificates | master-ssl-certs |
+| `ssl.certificates[0].ca` | CA certificate (if using replication use the CA created [peviously](#Create-certificates-for-SSL-encrypted-communication)) | `-----BEGIN CERTIFICATE-----` |
+| `ssl.certificates[0].cert` | Server certificate (public key) (if using replication use the certificate created [peviously](#Create-certificates-for-SSL-encrypted-communication)) | `-----BEGIN CERTIFICATE-----` |
+| `ssl.certificates[0].key` | Server key (private key) (if using replication use the key created [peviously](#Create-certificates-for-SSL-encrypted-communication)) | `-----BEGIN RSA PRIVATE KEY-----` |
+
+### mysql.cnf
+
+The configuration file for the MySQL-server is provided under the key
+`mysql.configurationsFiles.mysql.cnf`. The provided values provide necessary
+configuration to receive replicated databases from the master database.
+
+Some options should be adapted to the respective setup:
+
+| Parameter | Description | Default |
+|-----------------|----------------------------------------------------------|-------------|
+| `log_bin` | Name of transaction logs (used for database replication) | `mysql-bin` |
+| `binlog_format` | Format of the binlogs (Has to be the same as on master) | `row` |
+| `server-id` | ID unique in the MySQL setup | `42` |
+
+In addition, if using SSL for MySQL-requests the following options have to be made
+available by uncommenting them. The values must not be changed, when using the chart:
+
+```sh
+ssl-ca=/ssl/ca.pem
+ssl-cert=/ssl/server-cert.pem
+ssl-key=/ssl/server-key.pem
+```
diff --git a/helm-charts/gerrit-master/docs/nfs-provisioner.md b/helm-charts/gerrit-master/docs/nfs-provisioner.md
new file mode 100644
index 0000000..847933b
--- /dev/null
+++ b/helm-charts/gerrit-master/docs/nfs-provisioner.md
@@ -0,0 +1,65 @@
+# Installing a NFS-provisioner
+
+Gerrit requires access to a persistent volume capable of running in
+`Read Write Many (RWM)`-mode to store the git repositories, since the repositories
+have to be accessed by mutiple pods. One possibility to provide such volumes
+is to install a provisioner for NFS-volumes into the same Kubernetes-cluster.
+This document will guide through the process.
+
+The [Kubernetes external-storage project](https://github.com/kubernetes-incubator/external-storage)
+provides an out-of-tree dynamic [provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs)
+for NFS volumes. A chart exists for easy deployment of the project onto a
+Kubernetes cluster. The chart's sources can be found [here](https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner).
+
+## Prerequisites
+
+This guide will use Helm to install the NFS-provisioner. Thus, Helm and Tiller
+will have to be installed.
+
+## Installing the nfs-server-provisioner chart
+
+A custom `values.yaml`-file containing a configuration tested with the
+gerrit charts can be found in the `supplements/nfs`-directory in the
+gerrit-master chart's root directory. In addition a file stating the tested
+version of the nfs-server-provisioner chart is present in the same directory.
+
+If needed, adapt the `values.yaml`-file for the nfs-server-provisioner chart
+further and then run:
+
+```sh
+cd $(git rev-parse --show-toplevel)/helm-charts/gerrit-master/supplements/nfs
+helm install stable/nfs-server-provisioner \
+ --name nfs \
+ -f values.yaml \
+ --version $(cat VERSION)
+```
+
+For a description of the configuration options, refer to the
+[chart's documentation](https://github.com/helm/charts/blob/master/stable/nfs-server-provisioner/README.md).
+
+Here are some tips for configuring the nfs-server-provisioner chart to work with
+the gerrit-master chart:
+
+- Deploying more than 1 `replica` led to some reliability issues in tests and
+ should be further tested for now, if required.
+- The name of the StorageClass created for NFS-volumes has to be the same as the
+ one defined in the gerrit-master chart for `storageClasses.shared.name`
+- The StorageClas for NFS-volumes needs to have the parameter `mountOptions: vers=4.1`,
+ due to compatibility [issues](https://github.com/kubernetes-incubator/external-storage/issues/223)
+ with Ganesha.
+
+## Deleting the nfs-server-provisioner chart
+
+***note
+**Attention:** Never delete the nfs-server-provisioner chart, if there is still a
+PersistentVolumeClaim and Pods using a NFS-volume provisioned by the NFS server
+provisioner. This will lead to crashed pods, that will not be terminated correctly.
+***
+
+If no Pod or PVC is using a NFS-volume provisioned by the NFS server provisioner
+anymore, delete it like any other chart:
+
+```sh
+helm delete nfs \
+ --purge
+```
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/requirements.yaml b/helm-charts/gerrit-master/requirements.yaml
new file mode 100644
index 0000000..c0b68f3
--- /dev/null
+++ b/helm-charts/gerrit-master/requirements.yaml
@@ -0,0 +1,5 @@
+dependencies:
+- name: mysql
+ version: 0.10.1
+ repository: https://kubernetes-charts.storage.googleapis.com/
+ condition: mysql.enabled
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/supplements/nfs/VERSION b/helm-charts/gerrit-master/supplements/nfs/VERSION
new file mode 100644
index 0000000..7dff5b8
--- /dev/null
+++ b/helm-charts/gerrit-master/supplements/nfs/VERSION
@@ -0,0 +1 @@
+0.2.1
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/supplements/nfs/values.yaml b/helm-charts/gerrit-master/supplements/nfs/values.yaml
new file mode 100644
index 0000000..05163c3
--- /dev/null
+++ b/helm-charts/gerrit-master/supplements/nfs/values.yaml
@@ -0,0 +1,42 @@
+# Deploying more than 1 `replica` led to some reliability issues in tests and
+# should be further tested for now, if required.
+replicaCount: 1
+
+image:
+ repository: quay.io/kubernetes_incubator/nfs-provisioner
+ tag: v1.0.9
+ pullPolicy: IfNotPresent
+
+service:
+ type: ClusterIP
+ nfsPort: 2049
+ mountdPort: 20048
+ rpcbindPort: 51413
+
+persistence:
+ enabled: true
+ storageClass: default
+ accessMode: ReadWriteOnce
+ size: 7.5Gi
+
+storageClass:
+ create: true
+ defaultClass: false
+ # The name of the StorageClass has to be the same as the one defined in the
+ # gerrit-master chart for `storageClasses.shared.name`
+ name: shared-storage
+ parameters:
+ # Required!
+ mountOptions: vers=4.1
+ reclaimPolicy: Delete
+
+rbac:
+ create: true
+
+resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 100m
+ memory: 256Mi
diff --git a/helm-charts/gerrit-master/templates/NOTES.txt b/helm-charts/gerrit-master/templates/NOTES.txt
new file mode 100644
index 0000000..4dce62c
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/NOTES.txt
@@ -0,0 +1,4 @@
+A Gerrit master has been deployed.
+==================================
+
+Gerrit may be accessed under: {{ .Values.gerritMaster.ingress.host }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/_helpers.tpl b/helm-charts/gerrit-master/templates/_helpers.tpl
new file mode 100644
index 0000000..44b8af8
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/_helpers.tpl
@@ -0,0 +1,20 @@
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gerrit-master.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create secret to access docker registry
+*/}}
+{{- define "imagePullSecret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.images.registry.name (printf "%s:%s" .Values.images.registry.ImagePullSecret.username .Values.images.registry.ImagePullSecret.password | b64enc) | b64enc }}
+{{- end }}
+
+{{/*
+Add '/' to registry if needed.
+*/}}
+{{- define "registry" -}}
+{{ if .Values.images.registry.name }}{{- printf "%s/" .Values.images.registry.name -}}{{end}}
+{{- end -}}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/gerrit-master.configmap.yaml b/helm-charts/gerrit-master/templates/gerrit-master.configmap.yaml
new file mode 100644
index 0000000..df7422d
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/gerrit-master.configmap.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-gerrit-master-configmap
+ labels:
+ app: gerrit-master
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ gerrit.config: |-
+{{ .Values.gerritMaster.config.gerrit | indent 4 }}
+ replication.config: |-
+{{ .Values.gerritMaster.config.replication | indent 4 }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/gerrit-master.deployment.yaml b/helm-charts/gerrit-master/templates/gerrit-master.deployment.yaml
new file mode 100644
index 0000000..194ee52
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/gerrit-master.deployment.yaml
@@ -0,0 +1,105 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-gerrit-master-deployment
+ labels:
+ app: gerrit-master
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ replicas: {{ .Values.gerritMaster.replicas | default 1 }}
+ selector:
+ matchLabels:
+ app: gerrit-master
+ template:
+ metadata:
+ labels:
+ app: gerrit-master
+ spec:
+ securityContext:
+ fsGroup: 100
+ {{ if .Values.images.registry.ImagePullSecret.name -}}
+ imagePullSecrets:
+ - name: {{ .Values.images.registry.ImagePullSecret.name }}
+ {{- end }}
+ initContainers:
+ - name: gerrit-master-init
+ image: {{ template "registry" . }}{{ .Values.gerritMaster.images.gerritInit }}:{{ .Values.images.version }}
+ imagePullPolicy: {{ .Values.images.imagePullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ args:
+ - |
+ echo "Waiting for database..."
+ while ! mysqladmin ping -h "gerrit-master-mysql" -P"3306" --silent; do
+ sleep 10
+ done
+ echo "Database connection successful!"
+ containers:
+ - name: gerrit-master
+ image: {{ template "registry" . }}{{ .Values.gerritMaster.images.gerritMaster }}:{{ .Values.images.version }}
+ imagePullPolicy: {{ .Values.images.imagePullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ args:
+ - |
+ ln -s /var/keystore /var/gerrit/etc/keystore
+ ln -sf /var/config/gerrit.config /var/gerrit/etc/gerrit.config
+ ln -sf /var/config/replication.config /var/gerrit/etc/replication.config
+ ln -sf /var/config/secure.config /var/gerrit/etc/secure.config
+
+ java -jar /var/gerrit/bin/gerrit.war init \
+ --batch \
+ --install-plugin replication \
+ --install-plugin commit-message-length-validator \
+ --install-plugin download-commands \
+ --install-plugin reviewnotes \
+ -d /var/gerrit
+
+ java -jar /var/gerrit/bin/gerrit.war reindex \
+ -d /var/gerrit
+
+ /var/gerrit/bin/gerrit.sh start
+
+ tail -F -n +1 /var/gerrit/logs/{error,httpd,sshd}_log
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - name: git-filesystem
+ mountPath: "/var/gerrit/git"
+ - name: gerrit-logs
+ mountPath: "/var/gerrit/logs"
+ - name: gerrit-config
+ mountPath: "/var/config/gerrit.config"
+ subPath: gerrit.config
+ - name: gerrit-config
+ mountPath: "/var/config/replication.config"
+ subPath: replication.config
+ - name: gerrit-master-secure-config
+ mountPath: "/var/config/secure.config"
+ subPath: secure.config
+ - name: gerrit-master-secure-config
+ mountPath: "/var/keystore"
+ subPath: keystore
+ resources:
+{{ toYaml .Values.gerritMaster.resources | indent 10 }}
+ volumes:
+ - name: git-filesystem
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-git-filesystem-pvc
+ - name: gerrit-logs
+ {{ if .Values.gerritMaster.logging.persistence.enabled -}}
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-gerrit-master-logs-pvc
+ {{ else -}}
+ emptyDir: {}
+ {{- end }}
+ - name: gerrit-config
+ configMap:
+ name: {{ .Release.Name }}-gerrit-master-configmap
+ - name: gerrit-master-secure-config
+ secret:
+ secretName: {{ .Release.Name }}-gerrit-master-secure-config
diff --git a/helm-charts/gerrit-master/templates/gerrit-master.ingress.yaml b/helm-charts/gerrit-master/templates/gerrit-master.ingress.yaml
new file mode 100644
index 0000000..64b883d
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/gerrit-master.ingress.yaml
@@ -0,0 +1,27 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ .Release.Name }}-gerrit-master-ingress
+ labels:
+ app: gerrit-master
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ {{ if .Values.gerritMaster.ingress.alias -}}
+ annotations:
+ nginx.ingress.kubernetes.io/server-alias: {{ .Values.gerritMaster.ingress.alias }}
+ {{- end }}
+spec:
+ {{ if .Values.gerritMaster.ingress.tls.enabled -}}
+ tls:
+ - hosts:
+ - {{ .Values.gerritMaster.ingress.host }}
+ secretName: {{ .Release.Name }}-gerrit-master-tls-secret
+ {{- end }}
+ rules:
+ - host: {{required "A host URL is required for the Gerrit master Ingress. Please set 'gerritMaster.ingress.host'" .Values.gerritMaster.ingress.host }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ .Release.Name }}-gerrit-master-service
+ servicePort: {{ .Values.gerritMaster.service.http.port }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/gerrit-master.secrets.yaml b/helm-charts/gerrit-master/templates/gerrit-master.secrets.yaml
new file mode 100644
index 0000000..36850c5
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/gerrit-master.secrets.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-gerrit-master-secure-config
+ labels:
+ app: gerrit-master
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ keystore: {{required "A Java keystore is required to start Gerrit. Please edit 'gerritMaster.keystore'." .Values.gerritMaster.keystore }}
+ secure.config: {{ .Values.gerritMaster.config.secure | b64enc }}
+type: Opaque
+---
+{{ if .Values.gerritMaster.ingress.tls.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-gerrit-master-tls-secret
+ labels:
+ app: gerrit-master
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+type: kubernetes.io/tls
+data:
+ {{ with .Values.gerritMaster.ingress.tls -}}
+ tls.crt: {{ .cert | b64enc }}
+ tls.key: {{ .key | b64enc }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/gerrit-master.service.yaml b/helm-charts/gerrit-master/templates/gerrit-master.service.yaml
new file mode 100644
index 0000000..d932d78
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/gerrit-master.service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}-gerrit-master-service
+ labels:
+ app: gerrit-master
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ {{ with .Values.gerritMaster.service }}
+ ports:
+ - name: http
+ port: {{ .http.port }}
+ targetPort: 8080
+ selector:
+ app: gerrit-master
+ type: {{ .type }}
+ {{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/gerrit-master.storage.yaml b/helm-charts/gerrit-master/templates/gerrit-master.storage.yaml
new file mode 100644
index 0000000..70f70f5
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/gerrit-master.storage.yaml
@@ -0,0 +1,18 @@
+{{ if .Values.gerritMaster.logging.persistence.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-gerrit-master-logs-pvc
+ labels:
+ app: gerrit-master
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.gerritMaster.logging.persistence.size }}
+ storageClassName: {{ .Values.storageClasses.default.name }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/git-gc.cronjob.yaml b/helm-charts/gerrit-master/templates/git-gc.cronjob.yaml
new file mode 100644
index 0000000..7a8d47a
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/git-gc.cronjob.yaml
@@ -0,0 +1,47 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: {{ .Release.Name }}-git-gc
+ labels:
+ app: git-gc
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ schedule: {{ .Values.gitGC.schedule | quote }}
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ restartPolicy: OnFailure
+ securityContext:
+ runAsUser: 1000
+ fsGroup: 100
+ {{ if .Values.images.registry.ImagePullSecret.name -}}
+ imagePullSecrets:
+ - name: {{ .Values.images.registry.ImagePullSecret.name }}
+ {{- end }}
+ containers:
+ - name: git-gc
+ imagePullPolicy: {{ .Values.images.imagePullPolicy }}
+ image: {{ template "registry" . }}{{ .Values.gitGC.image }}:{{ .Values.images.version }}
+ command:
+ - /var/tools/gc-all.sh
+ resources:
+{{ toYaml .Values.gitGC.resources | indent 14 }}
+ volumeMounts:
+ - name: git-filesystem
+ mountPath: "/var/gerrit/git"
+ - name: git-gc-logs
+ mountPath: "/var/log/git"
+ volumes:
+ - name: git-filesystem
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-git-filesystem-pvc
+ - name: git-gc-logs
+ {{ if .Values.gitGC.logging.persistence.enabled -}}
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-git-gc-logs-pvc
+ {{ else -}}
+ emptyDir: {}
+ {{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/git-gc.storage.yaml b/helm-charts/gerrit-master/templates/git-gc.storage.yaml
new file mode 100644
index 0000000..56954aa
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/git-gc.storage.yaml
@@ -0,0 +1,18 @@
+{{ if .Values.gitGC.logging.persistence.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-git-gc-logs-pvc
+ labels:
+ app: git-gc
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.gitGC.logging.persistence.size }}
+ storageClassName: {{ .Values.storageClasses.default.name }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/git-repositories.storage.yaml b/helm-charts/gerrit-master/templates/git-repositories.storage.yaml
new file mode 100644
index 0000000..bb786b2
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/git-repositories.storage.yaml
@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-git-filesystem-pvc
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: {{ .Values.gitRepositoryStorage.size }}
+ storageClassName: {{ .Values.storageClasses.shared.name }}
diff --git a/helm-charts/gerrit-master/templates/image-pull.secret.yaml b/helm-charts/gerrit-master/templates/image-pull.secret.yaml
new file mode 100644
index 0000000..d107472
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/image-pull.secret.yaml
@@ -0,0 +1,9 @@
+{{ if and .Values.images.registry.ImagePullSecret.name .Values.images.registry.ImagePullSecret.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.images.registry.ImagePullSecret.name }}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/templates/storageclasses.yaml b/helm-charts/gerrit-master/templates/storageclasses.yaml
new file mode 100644
index 0000000..0311e8a
--- /dev/null
+++ b/helm-charts/gerrit-master/templates/storageclasses.yaml
@@ -0,0 +1,37 @@
+{{ if .Values.storageClasses.default.create -}}
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+ name: {{ .Values.storageClasses.default.name }}
+ labels:
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+provisioner: {{ .Values.storageClasses.default.provisioner }}
+reclaimPolicy: {{ .Values.storageClasses.default.reclaimPolicy }}
+{{ if .Values.storageClasses.shared.parameters -}}
+parameters:
+{{- range $key, $value := .Values.storageClasses.default.parameters }}
+ {{ $key }}: {{ $value }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{ if .Values.storageClasses.shared.create -}}
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+ name: {{ .Values.storageClasses.shared.name }}
+ labels:
+ chart: {{ template "gerrit-master.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+provisioner: {{ .Values.storageClasses.shared.provisioner }}
+reclaimPolicy: {{ .Values.storageClasses.shared.reclaimPolicy }}
+{{ if .Values.storageClasses.shared.parameters -}}
+parameters:
+{{- range $key, $value := .Values.storageClasses.shared.parameters }}
+ {{ $key }}: {{ $value }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-master/values.yaml b/helm-charts/gerrit-master/values.yaml
new file mode 100644
index 0000000..4edb187
--- /dev/null
+++ b/helm-charts/gerrit-master/values.yaml
@@ -0,0 +1,278 @@
+images:
+ registry:
+ # The registry name must NOT contain a trailing slash
+ name:
+ ImagePullSecret:
+ # Leave blank, if no ImagePullSecret is needed.
+ name: image-pull-secret
+ # If set to false, the gerrit-master chart expects either a ImagePullSecret
+ # with the name configured above to be present on the cluster or that no
+ # credentials are needed.
+ create: false
+ username:
+ password:
+ version: latest
+ imagePullPolicy: Always
+
+
+storageClasses:
+ # Storage class used for storing logs and other pod-specific persisted data
+ default:
+ # If create is set to false, an existing StorageClass with the given
+ # name is expected to exist in the cluster. Setting create to true will
+ # create a storage class with the parameters given below.
+ name: default
+ create: false
+ provisioner: kubernetes.io/aws-ebs
+ reclaimPolicy: Delete
+ # Use the parameters key to set all parameters needed for the provisioner
+ parameters:
+ type: gp2
+ fsType: ext4
+ # Storage class used for storing git repositories. Has to provide RWM access.
+ shared:
+ # If create is set to false, an existing StorageClass with RWM access
+ # mode and the given name has to be provided.
+ name: shared-storage
+ create: false
+ provisioner: nfs
+ reclaimPolicy: Delete
+ # Use the parameters key to set all parameters needed for the provisioner
+ parameters:
+ mountOptions: vers=4.1
+
+
+gitRepositoryStorage:
+ size: 5Gi
+
+
+gitGC:
+ image: k8sgerrit/git-gc
+
+ schedule: 0 6,18 * * *
+
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 100m
+ memory: 256Mi
+
+ logging:
+ persistence:
+ enabled: true
+ size: 1Gi
+
+
+gerritMaster:
+ images:
+ gerritInit: k8sgerrit/gerrit-slave-init
+ gerritMaster: k8sgerrit/gerrit-master
+
+ # The memory limit has to be higher than the configures heap-size for Java!
+ resources:
+ requests:
+ cpu: 1
+ memory: 5Gi
+ limits:
+ cpu: 1
+ memory: 6Gi
+
+ logging:
+ persistence:
+ enabled: true
+ size: 1Gi
+
+ service:
+ type: NodePort
+ http:
+ port: 80
+
+ ingress:
+ host:
+ # Provide a second host name used as an alias. Leave empty, if no alias is
+ # desired.
+ alias:
+ tls:
+ enabled: false
+ cert: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ key: |-
+ -----BEGIN RSA PRIVATE KEY-----
+
+ -----END RSA PRIVATE KEY-----
+
+ # `gerritMaster.keystore` expects a base64-encoded Java-keystore
+ # Since Java keystores are binary files, adding the unencoded content and
+ # automatic encoding using helm does not work here.
+ keystore:
+
+ config:
+ # Some values are expected to have a specific value for the deployment installed
+ # by this chart to work. These are marked with `# FIXED`. Do not change them!
+ gerrit: |-
+ [gerrit]
+ basePath = git # FIXED
+ # The canonical web URL has to be set to the Ingress host, if an Ingress
+ # is used. If a LoadBalancer-service is used, this should be set to the
+ # LoadBalancer's external IP. This can only be done manually after installing
+ # the chart, when you know the external IP the LoadBalancer got from the
+ # cluster.
+ canonicalWebUrl = http://example.com/
+ disableReverseDnsLookup = true
+ [database]
+ type = mysql
+ # 'gerrit-master-mysql' is the reference to the service that manages
+ # the traffic to the mysql database, if the mysql-database is installed
+ # via the gerrit-master chart
+ hostname = gerrit-master-mysql
+ port = 3306
+ database = reviewdb
+ [index]
+ type = LUCENE
+ [auth]
+ type = DEVELOPMENT_BECOME_ANY_ACCOUNT
+ [httpd]
+ # If using an ingress use proxy-http or proxy-https
+ listenUrl = proxy-http://*:8080/
+ [transfer]
+ timeout = 120 s
+ [user]
+ name = Gerrit Code Review
+ email = gerrit@example.com
+ anonymousCoward = Unnamed User
+ [cache]
+ directory = cache
+ [container]
+ user = gerrit # FIXED
+ javaHome = /usr/lib/jvm/java-8-openjdk-amd64 # FIXED
+ javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
+ javaOptions = -Xms200m
+ # Has to be lower than 'gerritMaster.resources.limits.memory'. Also
+ # consider memories used by other applications in the container.
+ javaOptions = -Xmx4g
+
+ secure: |-
+ # Database credentials should be the same as configured for the database
+ # Gerrit-master chart, if the database was installed using the chart.
+ [database]
+ username = gerrit
+ password = secret
+
+ # Password for the keystore added as value for 'gerritMaster.keystore'
+ [httpd]
+ sslKeyPassword = gerrit
+
+ # Credentials for replication targets
+ # [remote "slave"]
+ # username = git
+ # password = secret
+
+ replication: |-
+ [gerrit]
+ autoReload = false
+ replicateOnStartup = true
+ defaultForceUpdate = true
+
+ # [remote "slave"]
+ # url = http://gerrit-slave.example.com/git/${name}.git
+ # replicationDelay = 0
+ # timeout = 30
+
+
+mysql:
+ # Enabling the installation of the MySQL database will only make sense, if
+ # `mysql` is chosen as a provider under `database.provider`.
+ enabled: true
+
+ image: mysql
+ # The major.minor version of mysql should be the same as for the master database
+ imageTag: 5.5.61
+
+ mysqlRootPassword: big_secret
+ mysqlUser: gerrit
+ mysqlPassword: secret
+
+ livenessProbe:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+
+ readinessProbe:
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
+ persistence:
+ enabled: true
+ storageClass: default
+ accessMode: ReadWriteOnce
+ size: 8Gi
+
+ resources:
+ requests:
+ cpu: 250m
+ memory: 1Gi
+ limits:
+ cpu: 250m
+ memory: 1Gi
+
+ configurationFiles:
+ mysql.cnf: |-
+ [mysqld]
+
+ # Adapt the following changes to your setup
+ ###########################################
+
+ # Name of transaction logs (used for database replication)
+ log_bin=mysql-bin
+
+ # Adapt to the binlog format of the Gerrit master's database
+ binlog_format=row
+
+ # Has to be different for each database in the replication setup.
+ server-id=1
+
+ # Add the following options to the config, if using SSL (`mysql.ssl.enabled: true`)
+ # But do not change the values.
+ # ssl-ca=/ssl/ca.pem
+ # ssl-cert=/ssl/server-cert.pem
+ # ssl-key=/ssl/server-key.pem
+
+ initializationFiles:
+ # Do not change or remove this script.
+ initialize_reviewdb.sql: |-
+ CREATE DATABASE reviewdb DEFAULT CHARACTER SET 'utf8';
+ GRANT ALL ON reviewdb.* TO 'gerrit';
+ FLUSH PRIVILEGES;
+
+ service:
+ type: NodePort
+ port: 3306
+
+ ssl:
+ # If enabled, add the required lines to the configuration as described in
+ # `mysql.configurationFiles.mysql.cnf`
+ enabled: false
+ secret: master-ssl-certs
+ certificates:
+ - name: master-ssl-certs
+ ca: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ cert: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ key: |-
+ -----BEGIN RSA PRIVATE KEY-----
+
+ -----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/.helmignore b/helm-charts/gerrit-slave/.helmignore
new file mode 100644
index 0000000..4a00615
--- /dev/null
+++ b/helm-charts/gerrit-slave/.helmignore
@@ -0,0 +1,25 @@
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+docs/
+supplements/
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/Chart.yaml b/helm-charts/gerrit-slave/Chart.yaml
new file mode 100644
index 0000000..cb29c79
--- /dev/null
+++ b/helm-charts/gerrit-slave/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+appVersion: 2.12
+description: |-
+ The Gerrit slave serves as a read-only Gerrit instance to serve repositories
+ that it receives from a Gerrit master instance via replication. It can be
+ used to reduce the load on Gerrit master instances.
+name: gerrit-slave
+version: 0.1.0
+maintainers:
+- name: Thomas Draebing
+ email: thomas.draebing@sap.com
+- name: Matthias Sohn
+ email: matthias.sohn@sap.com
+- name: Sasa Zivkov
+ email: sasa.zivkov@sap.com
+- name: Christian Halstrick
+ email: christian.halstrick@sap.com
+home: https://gerrit.googlesource.com/k8s-gerrit/+/master/helm-charts/gerrit-slave
+icon: http://commondatastorage.googleapis.com/gerrit-static/diffy-w200.png
+sources:
+- https://gerrit.googlesource.com/k8s-gerrit/+/master
+keywords:
+- gerrit
+- git
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/LICENSE b/helm-charts/gerrit-slave/LICENSE
new file mode 100644
index 0000000..028fc9f
--- /dev/null
+++ b/helm-charts/gerrit-slave/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright (C) 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/helm-charts/gerrit-slave/README.md b/helm-charts/gerrit-slave/README.md
new file mode 100644
index 0000000..f76c423
--- /dev/null
+++ b/helm-charts/gerrit-slave/README.md
@@ -0,0 +1,294 @@
+# Gerrit slave on Kubernetes
+
+Gerrit is a web-based code review tool, which acts as a Git server. On large setups
+Gerrit servers can see a sizable amount of traffic from git operations performed by
+developers and build servers. The major part of requests are read-only requests
+(e.g. by `git fetch` operations). To take some load of the Gerrit master server,
+Gerrit slaves can be deployed to serve read-only requests.
+
+This helm chart provides a Gerrit slave setup that can be deployed on Kubernetes.
+The Gerrit slave is capable of receiving replicated git repositories from a
+Gerrit master. The slave can deploy its own database, that replicates the data
+from the Gerrit master's database (Currently only MySQL databases are supported).
+The Gerrit slave can then serve authenticated read-only requests.
+
+## Prerequisites
+
+- Helm and Tiller (of course)
+
+ (Check out [this guide](https://docs.helm.sh/using_helm/#quickstart-guide)
+ how to install and use helm.)
+
+- Access to a provisioner for persistent volumes with `Read Write Many (RWM)`-
+ capability.
+
+ A list of applicaple volume types can be found
+ [here](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).
+ This project was developed using the
+ [NFS-server-provisioner helm chart](https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner),
+ a NFS-provisioner deployed in the Kubernetes cluster itself. Refer to
+ [this guide](/helm-charts/gerrit-slave/docs/nfs-provisioner.md) of how to
+ deploy it in context of this project.
+
+- A [Java keystore](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#httpd.sslKeyStore)
+ to be used by Gerrit.
+
+- A domain name that is configured to point to the IP address of the node running
+ the Ingress controller on the kubernetes cluster (as described
+ [here](http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster/)).
+
+## Installing the Chart
+
+***note
+**ATTENTION:** The values for `gerritSlave.ingress.host` and `gerritSlave.keystore`
+are required for rendering the chart's templates. The nature of the values does
+not allow defaults. Thus a custom `values.yaml`-file setting this values is required!
+***
+
+To install the chart with the release name `gerrit-slave`, execute:
+
+```sh
+cd $(git rev-parse --show-toplevel)/helm-charts
+helm install ./gerrit-slave \
+ --dep-up \
+ -n gerrit-slave \
+ -f <path-to-custom-values>.yaml
+```
+
+The command deploys the Gerrit slave on the current Kubernetes cluster. The
+[configuration section](#Configuration) lists the parameters that can be
+configured during installation.
+
+## Configuration
+
+The following sections list the configurable values in `values.yaml`. To configure
+a Gerrit slave setup, make a copy of the `values.yaml`-file and change the
+parameters as needed. The configuration can be applied by installing the chart as
+described [above](#Installing-the-chart).
+
+In addition, single options can be set without creating a custom `values.yaml`:
+
+```sh
+cd $(git rev-parse --show-toplevel)/helm-charts
+helm install ./gerrit-slave \
+ --dep-up \
+ -n gerrit-slave \
+ --set=gitRepositoryStorage.size=100Gi,gitBackend.replicas=2
+```
+
+### Container images
+
+| Parameter | Description | Default |
+|--------------------------------------------|------------------------------------------------------|----------------------------------------------------------------------|
+| `images.registry.name` | The image registry to pull the container images from | `` |
+| `images.registry.ImagePullSecret.name` | Name of the ImagePullSecret | `image-pull-secret` (if empty no image pull secret will be deployed) |
+| `images.registry.ImagePullSecret.create` | Whether to create an ImagePullSecret | `false` |
+| `images.registry.ImagePullSecret.username` | The image registry username | `nil` |
+| `images.registry.ImagePullSecret.password` | The image registry password | `nil` |
+| `images.version` | The image version (image tag) to use | `latest` |
+| `images.imagePullPolicy` | Image pull policy | `Always` |
+
+### Storage classes
+
+For information of how a `StorageClass` is configured in Kubernetes, read the
+[official Documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#introduction).
+
+| Parameter | Description | Default |
+|----------------------------------------|-------------------------------------------------------------------|---------------------------------------------------|
+| `storageClasses.default.name` | The name of the default StorageClass (RWO) | `default` |
+| `storageClasses.default.create` | Whether to create the StorageClass | `false` |
+| `storageClasses.default.provisioner` | Provisioner of the StorageClass | `kubernetes.io/aws-ebs` |
+| `storageClasses.default.reclaimPolicy` | Whether to `Retain` or `Delete` volumes, when they become unbound | `Delete` |
+| `storageClasses.default.parameters` | Parameters for the provisioner | `parameters.type: gp2`, `parameters.fsType: ext4` |
+| `storageClasses.shared.name` | The name of the shared StorageClass (RWM) | `shared-storage` |
+| `storageClasses.shared.create` | Whether to create the StorageClass | `false` |
+| `storageClasses.shared.provisioner` | Provisioner of the StorageClass | `nfs` |
+| `storageClasses.shared.reclaimPolicy` | Whether to `Retain` or `Delete` volumes, when they become unbound | `Delete` |
+| `storageClasses.shared.parameters` | Parameters for the provisioner | `parameters.mountOptions: vers=4.1` |
+
+### Storage for Git repositories
+
+| Parameter | Description | Default |
+|-----------------------------|-------------------------------------------------|---------|
+| `gitRepositoryStorage.size` | Size of the volume storing the Git repositories | `5Gi` |
+
+### Apache-Git-HTTP-Backend (Git-Backend)
+
+| Parameter | Description | Default |
+|------------------------------------------|-----------------------------------------------------------------------------|---------------------------------------------------------------------------|
+| `gitBackend.image` | Image name of the Apache-git-http-backend container image | `k8s-gerrit/apache-git-http-backend` |
+| `gitBackend.replicas` | Number of pod replicas to deploy | `1` |
+| `gitBackend.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 100m` |
+| | | `requests.memory: 256Mi` |
+| | | `limits.cpu: 100m` |
+| | | `limits.memory: 256Mi` |
+| `gitBackend.credentials.htpasswd` | `.htpasswd`-file containing username/password-credentials for accessing git | `git:$apr1$O/LbLKC7$Q60GWE7OcqSEMSfe/K8xU.` (user: git, password: secret) |
+| `gitBackend.logging.persistence.enabled` | Whether to persist logs | `true` |
+| `gitBackend.logging.persistence.size` | Storage size for persisted logs | `1Gi` |
+| `gitBackend.service.type` | Which kind of Service to deploy | `LoadBalancer` |
+| `gitBackend.service.http.enabled` | Whether to serve HTTP-requests (needed for Ingress) | `true` |
+| `gitBackend.service.http.port` | Port over which to expose HTTP | `80` |
+| `gitBackend.service.https.enabled` | Whether to serve HTTPS-requests | `false` |
+| `gitBackend.service.https.port` | Port over which to expose HTTPS | `443` |
+| `gitBackend.service.https.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
+| `gitBackend.service.https.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+| `gitBackend.ingress.enabled` | Whether to deploy an Ingress | `false` |
+| `gitBackend.ingress.host` | Host name to use for the Ingress (required for Ingress) | `nil` |
+| `gitBackend.ingress.alias` | Optional: ALias host name for the Ingress | `nil` |
+| `gitBackend.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
+| `gitBackend.ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
+| `gitBackend.ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+
+***note
+At least one endpoint (HTTP and/or HTTPS) has to be enabled in the service!
+***
+
+### Git garbage collection
+
+| Parameter | Description | Default |
+|-------------------------------------|------------------------------------------------------------------|--------------------------|
+| `gitGC.image` | Image name of the Git-GC container image | `k8s-gerrit/git-gc` |
+| `gitGC.schedule` | Cron-formatted schedule with which to run Git garbage collection | `0 6,18 * * *` |
+| `gitGC.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 100m` |
+| | | `requests.memory: 256Mi` |
+| | | `limits.cpu: 100m` |
+| | | `limits.memory: 256Mi` |
+| `gitGC.logging.persistence.enabled` | Whether to persist logs | `true` |
+| `gitGC.logging.persistence.size` | Storage size for persisted logs | `1Gi` |
+
+### Database
+
+The Gerrit slave requires a database containing the user data associated with the
+replicated Git repositories, which is implemented as a database slave containing
+the replicated data of the master database.
+
+***note
+Future implementations will provide the possibility to bring custom databases
+from different providers, but so far the setup expects to setup its own MySQL
+database.
+***
+
+| Parameter | Description | Default |
+|--------------------------------|--------------------------------------------------------|---------|
+| `database.provider` | Database type/provider to be used (Available: mysql) | `mysql` |
+| `database.replication.enabled` | Whether to initialize replication from master database | `true` |
+
+The usual way to provide a database is meant to deploy it as a dependency of
+this chart. Since the configuration of the database is different depending on
+the database provider used, the configuration is described in separate documents:
+
+- [MySQL](/helm-charts/gerrit-slave/docs/mysql.md)
+
+### Gerrit slave
+
+***note
+The way the Jetty servlet used by Gerrit works, the Gerrit slave component of the
+gerrit-slave chart actually requires the URL to be known, when the chart is installed.
+The suggested way to do that is to use the provided Ingress resource. This requires
+that a URL is available and that the DNS is configured to point the URL to the
+IP of the node the Ingress controller is running on!
+***
+
+***note
+Setting the canonical web URL in the gerrit.config to the host used for the Ingress
+is mandatory, if access to the Gerrit slave is required!
+***
+
+| Parameter | Description | Default |
+|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|-----------------------------------|
+| `gerritMaster.images.gerritInit` | Image name of the Gerrit init container image | `k8s-gerrit/gerrit-slave-init` |
+| `gerritMaster.images.gerritSlave` | Image name of the Gerrit slave container image | `k8s-gerrit/gerrit-slave` |
+| `gerritSlave.initializeTestSite.enabled` | Enable the initialization of a site. USE ONLY for testing, if you do not plan to replicate repositories or the database. | `true` |
+| `gerritSlave.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
+| | | `requests.memory: 5Gi` |
+| | | `limits.cpu: 1` |
+| | | `limits.memory: 6Gi` |
+| `gerritSlave.logging.persistence.enabled` | Whether to persist logs | `true` |
+| `gerritSlave.logging.persistence.size` | Storage size for persisted logs | `1Gi` |
+| `gerritSlave.service.type` | Which kind of Service to deploy | `NodePort` |
+| `gerritSlave.service.http.port` | Port over which to expose HTTP | `80` |
+| `gerritSlave.ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
+| `gerritSlave.ingress.alias` | Optional: Alias host name for the Ingress | `nil` |
+| `gerritSlave.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
+| `gerritSlave.ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
+| `gerritSlave.ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+| `gerritSlave.keystore` | REQUIRED: base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit | `nil` |
+| `gerritSlave.config.gerrit` | The contents of the gerrit.config | [see here](#Gerrit-config-files) |
+| `gerritSlave.config.secure` | The contents of the secure.config | [see here](#Gerrit-config-files) |
+
+### Gerrit config files
+
+The gerrit-slave chart provides a ConfigMap containing the `gerrit.config` and a
+Secret containing the `secure.config` to configure the Gerrit installation in the
+Gerrit slave component. The content of the `gerrit.config` and `secure.config`
+can be set in the `values.yaml` under the keys `gerritSlave.config.gerrit` and
+`gerritSlave.config.secure` respectively. All configuration options are described
+in detail in the [official documentation of Gerrit](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html).
+Some options however have to be set in a specified way for the Gerrit slave to
+work as intended:
+
+- `gerrit.basePath`
+
+ Path to the directory containing the repositories. The chart mounts this
+ directory from a persistent volume to `/var/gerrit/git` in the container. For
+ Gerrit to find the correct directory, this has to be set to `git`.
+
+- `gerrit.canonicalWebUrl`
+
+ The canonical web URL has to be set to the Ingress host.
+
+- `database.*`
+
+ The default settings are configured to use the MySQL-database installed as a
+ dependency and if the chart is installed with the release name set to
+ `gerrit-slave`. Only change this, if you decide to use a different database or
+ changed the default settings for the mysql-chart.
+
+- `httpd.listenURL`
+
+ This has to be set to `proxy-http://*:8080/` or `proxy-https://*:8080`,
+ depending of TLS is enabled in the Ingress or not, otherwise the Jetty
+ servlet will run into an endless redirect loop.
+
+- `container.user`
+
+ The technical user in the Gerrit slave container is called `gerrit`. Thus, this
+ value is required to be `gerrit`.
+
+- `container.slave`
+
+ Since this chart is meant to install a Gerrit slave, this naturally has to be
+ `true`.
+
+- `container.javaHome`
+
+ This has to be set to `/usr/lib/jvm/java-8-openjdk-amd64`, since this is
+ the path of the Java installation in the container.
+
+- `container.javaOptions`
+
+ The maximum heap size has to be set. And its value has to be lower than the
+ memory resource limit set for the container (e.g. `-Xmx4g`). In your calculation
+ allow memory for other components running in the container.
+
+## Upgrading the Chart
+
+To upgrade an existing installation of the gerrit-slave chart, e.g. to install
+a newer chart version or to use an updated custom `values.yaml`-file, execute
+the following command:
+
+```sh
+cd $(git rev-parse --show-toplevel)/helm-charts
+helm upgrade <release-name> \
+ -f <path-to-custom-values>.yaml \
+ ./gerrit-slave
+```
+
+## Uninstalling the Chart
+
+To delete the chart from the cluster, use:
+
+```sh
+helm delete <release-name> \
+ --purge
+```
diff --git a/helm-charts/gerrit-slave/docs/mysql.md b/helm-charts/gerrit-slave/docs/mysql.md
new file mode 100644
index 0000000..df33ca2
--- /dev/null
+++ b/helm-charts/gerrit-slave/docs/mysql.md
@@ -0,0 +1,273 @@
+# Configuring the MySQL-slave
+
+To install a MySQL slave database with the gerrit-slave chart, set
+`database.provider` to `mysql` and `mysql.enabled`to true in the `values.yaml`.
+This will then install the [mysql chart](https://github.com/helm/charts/tree/master/stable/mysql)
+onto the Kubernetes cluster as a dependency of the gerrit-slave chart.
+
+## Configuring the master DB instance
+
+For the replication to work, the MySQL database master has to be configured
+accordingly and some data about the database state has to be collected. The
+necessary steps are detailed in this section. If it is not planned to replicate
+the master database, skip this section.
+
+### Create technical user
+
+Connect to the MySQL database master and create a technical user to handle the
+replication:
+
+```sql
+CREATE USER 'repl' IDENTIFIED BY 'password';
+GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repl'
+ IDENTIFIED BY 'password'
+ REQUIRE SUBJECT '/C=DE/O=Gerrit/CN=gerrit-db-slave';
+FLUSH PRIVILEGES;
+```
+
+The username, password and certificate subject can be chosen as needed, but should
+be written down, since they are needed in coming steps.
+
+### Create certificates for SSL-encrypted communication
+
+For SSL-encrypted communication, a set of certificates is needed. If the master
+does not yet possess a CA, private- and public key, use the following commands
+to create them after adjusting the subject strings:
+
+```sh
+openssl genrsa -out ./ca.key.pem 4096
+
+openssl req \
+ -key ./ca.key.pem \
+ -new \
+ -x509 \
+ -days 7300 \
+ -sha256 \
+ -out ./ca.cert.pem \
+ -subj "/C=DE/O=Gerrit/CN=gerrit-db-master" \
+ -nodes
+
+openssl genrsa -out ./master.key.pem 4096
+
+openssl req \
+ -key ./master.key.pem \
+ -new \
+ -sha256 \
+ -out ./master.csr.pem \
+ -subj "/C=DE/O=Gerrit/CN=gerrit-db-master" \
+ -nodes
+
+openssl x509 \
+ -req \
+ -CA ./ca.cert.pem \
+ -CAkey ./ca.key.pem \
+ -CAcreateserial \
+ -in ./master.csr.pem \
+ -out ./master.cert.pem
+```
+
+Then a private and a public key for the slave has to be created. If the master
+did already possess a CA, change the corresponding paths in the commands below.
+The subject string has to be the same as the one used, when creating the
+[MySQL user for replication](#Create-technical-user). The content of the
+CA-certificate and the slave's private and public key (here: `slave.key.pem` and
+`slave.cert.pem`) have to be noted for later use.
+
+```sh
+openssl genrsa -out ./slave.key.pem 4096
+
+openssl req \
+ -key ./slave.key.pem \
+ -new -sha256 \
+ -out ./slave.csr.pem \
+ -subj "/C=DE/O=Gerrit/CN=gerrit-db-slave" \
+ -nodes
+
+openssl x509 \
+ -req \
+ -CA ./ca.cert.pem \
+ -CAkey ./ca.key.pem \
+ -CAcreateserial \
+ -in ./slave.csr.pem \
+ -out ./slave.cert.pem
+```
+
+### Configure the master database
+
+The master DB has to be configured for replication by adding the following entries
+to the configuration-file of the MySQL instance:
+
+```python
+[mysqld]
+server-id=1 # Has to be unique under all masters/slaves.
+log_bin=mysql-bin # Name of the logs used for replication
+
+ssl-ca=/ssl/ca.pem # Location of the CA-certificate
+ssl-cert=/ssl/server-cert.pem # Location of the public key
+ssl-key=/ssl/server-key.pem # Location of the private key
+```
+
+### Create database dump and note database state
+
+In the next steps the content of the database has to be retrieved and the corresponding
+status of the transaction logs has to be retrieved. Depending on the traffic the
+database receives, the master DB should be stopped for these steps, since the
+information could get out off sync, if the data is changed inbetween the steps:
+
+```sql
+STOP MASTER;
+```
+
+Retrieve the status of the master:
+
+```sql
+SHOW MASTER STATUS;
+
+ +------------------+----------+--------------+------------------+-------------------+
+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+ +------------------+----------+--------------+------------------+-------------------+
+ | mysql-bin.000004 | 69444891 | | | |
+ +------------------+----------+--------------+------------------+-------------------+
+```
+
+The filename and position should be written down, since they will be needed for
+the configuration of the slave.
+
+Dump the content of the database:
+
+```sh
+mysqldump --user=root -p --all-databases > ./master_dump.sql
+```
+
+Afterwards, the master can be started again:
+
+```sql
+START MASTER;
+```
+
+## Configuration
+
+### mysql-chart
+
+The configuration of the database is done in the `values.yaml`of the gerrit-slave
+chart under the `mysql`-key. The complete list of options for the mysql-chart can
+be viewed in the chart's [documentation](https://github.com/helm/charts/blob/master/stable/mysql/README.md).
+The options referenced in the gerrit-slave chart's `values.yaml` are listed here:
+
+| Parameter | Description | Default |
+|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|
+| `mysql.enabled` | Whether to install the MySQL database | `true` |
+| `mysql.image` | Which container image containing MySQL to use | `mysql` |
+| `mysql.imageTag` | Tag of container image (usually the database version) | `5.5.61` |
+| `mysql.mysqlRootPassword` | Password of the database `root` user | `big_secret` |
+| `mysql.mysqlUser` | Database user (The technical user used by the Gerrit slave) | `gerrit` |
+| `mysql.mysqlPassword` | Password of the database user | `secret` |
+| `mysql.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `30` |
+| `mysql.livenessProbe.periodSeconds` | How often to perform the probe | `10` |
+| `mysql.livenessProbe.timeoutSeconds` | When the probe times out | `5` |
+| `mysql.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
+| `mysql.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` |
+| `mysql.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `5` |
+| `mysql.readinessProbe.periodSeconds` | How often to perform the probe | `10` |
+| `mysql.readinessProbe.timeoutSeconds` | When the probe times out | `1` |
+| `mysql.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` |
+| `mysql.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` |
+| `mysql.persistence.enabled` | Create a volume to store data | `true` |
+| `mysql.persistence.size` | Size of persistent volume claim | `8Gi` |
+| `mysql.persistence.storageClass` | Type of persistent volume claim | `default` |
+| `mysql.persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` |
+| `mysql.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 250m` |
+| | | `requests.memory: 1Gi` |
+| | | `limits.cpu: 250m` |
+| | | `limits.memory: 1Gi` |
+| `mysql.configurationFiles` | Add configuration files for MySQL | `mysql.cnf` (check the [mysql.cnf-section](#mysql.cnf) for configuration options) |
+| `mysql.initializationFiles` | Add scripts that are executed, when the database is started the first time | `initialize_reviewdb.sql` (Should not be changed) |
+| `mysql.service.type` | Type of the Service used to expose the database | `NodePort` |
+| `mysql.service.port` | The port used to expose the database | `3306` |
+| `ssl.enabled` | Setup and use SSL for MySQL connections | `false` |
+| `ssl.secret` | Name of the secret containing the SSL certificates | slave-ssl-certs |
+| `ssl.certificates[0].name` | Name of the secret containing the SSL certificates | slave-ssl-certs |
+| `ssl.certificates[0].ca` | CA certificate (if using replication use the CA created [peviously](#Create-certificates-for-SSL-encrypted-communication)) | `-----BEGIN CERTIFICATE-----` |
+| `ssl.certificates[0].cert` | Server certificate (public key) (if using replication use the certificate created [peviously](#Create-certificates-for-SSL-encrypted-communication)) | `-----BEGIN CERTIFICATE-----` |
+| `ssl.certificates[0].key` | Server key (private key) (if using replication use the key created [peviously](#Create-certificates-for-SSL-encrypted-communication)) | `-----BEGIN RSA PRIVATE KEY-----` |
+
+### mysql.cnf
+
+The configuration file for the MySQL-server is provided under the key
+`mysql.configurationsFiles.mysql.cnf`. The provided values provide necessary
+configuration to receive replicated databases from the master database. The
+following options should normally not be changed:
+
+```sh
+[mysqld]
+
+log-bin=/var/lib/mysql/bin.log
+log-bin-index=/var/lib/mysql/log-bin.index
+log-error=/var/lib/mysql/error.log
+
+relay-log=/var/lib/mysql/relay.log
+relay-log-info-file=/var/lib/mysql/relay-log.info
+relay-log-index=/var/lib/mysql/relay-log.index
+
+log-error=/var/lib/mysql/error.log
+log_slave_updates = 1
+
+sql_mode="ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
+```
+
+The other provided options should be adapted to the respective setup:
+
+| Parameter | Description | Default |
+|-----------------------|-----------------------------------------------------------------------------------------------------------------------------|---------|
+| `read_only` | Toggle read only mode. In production this should be on (`1`). The test mode of the Gerrit slave expects it to be off (`0`). | `0` |
+| `replicate-ignore-db` | Databases not to replicate (replicating the `mysql`-DB for example would overwrite database users) | `mysql` |
+| `binlog_format` | Format of the binlogs (Has to be the same as on master) | `row` |
+| `server-id` | ID unique in the MySQL setup | `42` |
+
+In addition, if using SSL for MySQL-requests the following options have to be made
+available by uncommenting them. The values must not be changed, when using the chart:
+
+```sh
+ssl-ca=/ssl/ca.pem
+ssl-cert=/ssl/server-cert.pem
+ssl-key=/ssl/server-key.pem
+```
+
+### Replication
+
+The replication of the MySQL database from master to slave is performed using the
+replication functionality provided by MySQL. To start replication a database dump
+from the master has to be loaded into the database slave. Then the slave has to
+be configured for replication and replication has to be started. This is done by
+a job provided by the chart.
+
+The Job needs to be configured with the data retrieved from the database master
+by configuring the corresponding values in the `values.yaml`-file:
+
+| Parameter | Description | Default |
+|----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------|
+| `database.replication.mysql.config.masterHost` | Hostname of the Mysql database master | `mysql.example.com` |
+| `database.replication.mysql.config.masterPort` | Port of the Mysql database master | `3306` |
+| `database.replication.mysql.config.masterUser` | Username of technical user created [previously](#Create-technical-user) | `repl` |
+| `database.replication.mysql.config.masterPassword` | Password of technical user created [previously](#Create-technical-user) | `password` |
+| `database.replication.mysql.config.masterLogFile` | Transaction log file at timepoint of dump as retrieved [previously](#Create-database-dump-and-note-database-state) | `mysql-bin.000001` |
+| `database.replication.mysql.config.masterLogPos` | Transaction log position at timepoint of dump as retrieved [previously](#Create-database-dump-and-note-database-state) | `111` |
+| `database.replication.mysql.dbDumpAcceptPath` | Path, where the replication init script will expect the database dump file to appear | `/var/data/db/master_dump.sql` |
+
+## Initialize replication
+
+Deploying the gerrit-slave chart with the configuration detailed above, will
+create a MySQL database with a technical user to be used by the Gerrit
+slave and an empty ReviewDB database. In addition a Job will be deployed that
+waits for a database dump to be copied into the container to the location specified
+in `database.replication.mysql.dbDumpAcceptPath`. The dump file can be copied
+using kubectl:
+
+```sh
+JOB_POD=$(kubectl get pod -l app=mysql-replication-init -o jsonpath="{.items[0].metadata.name}")
+kubectl cp <PATH_TO_DUMP> ${JOB_POD}:<DB_DUMP_ACCEPT_PATH>
+```
+
+As soon as the file is fully copied into the container, the script will load
+the dump into the database and initialize the replication in the slave. The
+database is then fully configured.
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/docs/nfs-provisioner.md b/helm-charts/gerrit-slave/docs/nfs-provisioner.md
new file mode 100644
index 0000000..cd2db32
--- /dev/null
+++ b/helm-charts/gerrit-slave/docs/nfs-provisioner.md
@@ -0,0 +1,65 @@
+# Installing a NFS-provisioner
+
+The Gerrit slave requires access to a persistent volume capable of running in
+`Read Write Many (RWM)`-mode to store the git repositories, since the repositories
+have to be accessed by mutiple pods. One possibility to provide such volumes
+is to install a provisioner for NFS-volumes into the same Kubernetes-cluster.
+This document will guide through the process.
+
+The [Kubernetes external-storage project](https://github.com/kubernetes-incubator/external-storage)
+provides an out-of-tree dynamic [provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs)
+for NFS volumes. A chart exists for easy deployment of the project onto a
+Kubernetes cluster. The chart's sources can be found [here](https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner).
+
+## Prerequisites
+
+This guide will use Helm to install the NFS-provisioner. Thus, Helm and Tiller
+will have to be installed.
+
+## Installing the nfs-server-provisioner chart
+
+A custom `values.yaml`-file containing a configuration tested with the
+gerrit-slave chart can be found in the `supplements/nfs`-directory in the
+gerrit-slave chart's root directory. In addition a file stating the tested
+version of the nfs-server-provisioner chart is present in the same directory.
+
+If needed, adapt the `values.yaml`-file for the nfs-server-provisioner chart
+further and then run:
+
+```sh
+cd $(git rev-parse --show-toplevel)/helm-charts/gerrit-slave/supplements/nfs
+helm install stable/nfs-server-provisioner \
+ --name nfs \
+ -f values.yaml \
+ --version $(cat VERSION)
+```
+
+For a description of the configuration options, refer to the
+[chart's documentation](https://github.com/helm/charts/blob/master/stable/nfs-server-provisioner/README.md).
+
+Here are some tips for configuring the nfs-server-provisioner chart to work with
+the gerrit-slave chart:
+
+- Deploying more than 1 `replica` led to some reliability issues in tests and
+ should be further tested for now, if required.
+- The name of the StorageClass created for NFS-volumes has to be the same as the
+ one defined in the gerrit-slave chart for `storageClasses.shared.name`
+- The StorageClas for NFS-volumes needs to have the parameter `mountOptions: vers=4.1`,
+ due to compatibility [issues](https://github.com/kubernetes-incubator/external-storage/issues/223)
+ with Ganesha.
+
+## Deleting the nfs-server-provisioner chart
+
+***note
+**Attention:** Never delete the nfs-server-provisioner chart, if there is still a
+PersistentVolumeClaim and Pods using a NFS-volume provisioned by the NFS server
+provisioner. This will lead to crashed pods, that will not be terminated correctly.
+***
+
+If no Pod or PVC is using a NFS-volume provisioned by the NFS server provisioner
+anymore, delete it like any other chart:
+
+```sh
+helm delete nfs \
+ --purge
+```
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/requirements.yaml b/helm-charts/gerrit-slave/requirements.yaml
new file mode 100644
index 0000000..c0b68f3
--- /dev/null
+++ b/helm-charts/gerrit-slave/requirements.yaml
@@ -0,0 +1,5 @@
+dependencies:
+- name: mysql
+ version: 0.10.1
+ repository: https://kubernetes-charts.storage.googleapis.com/
+ condition: mysql.enabled
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/supplements/nfs/VERSION b/helm-charts/gerrit-slave/supplements/nfs/VERSION
new file mode 100644
index 0000000..7dff5b8
--- /dev/null
+++ b/helm-charts/gerrit-slave/supplements/nfs/VERSION
@@ -0,0 +1 @@
+0.2.1
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/supplements/nfs/values.yaml b/helm-charts/gerrit-slave/supplements/nfs/values.yaml
new file mode 100644
index 0000000..ca42a7e
--- /dev/null
+++ b/helm-charts/gerrit-slave/supplements/nfs/values.yaml
@@ -0,0 +1,42 @@
+# Deploying more than 1 `replica` led to some reliability issues in tests and
+# should be further tested for now, if required.
+replicaCount: 1
+
+image:
+ repository: quay.io/kubernetes_incubator/nfs-provisioner
+ tag: v1.0.9
+ pullPolicy: IfNotPresent
+
+service:
+ type: ClusterIP
+ nfsPort: 2049
+ mountdPort: 20048
+ rpcbindPort: 51413
+
+persistence:
+ enabled: true
+ storageClass: default
+ accessMode: ReadWriteOnce
+ size: 7.5Gi
+
+storageClass:
+ create: true
+ defaultClass: false
+ # The name of the StorageClass has to be the same as the one defined in the
+ # gerrit-slave chart for `storageClasses.shared.name`
+ name: shared-storage
+ parameters:
+ # Required!
+ mountOptions: vers=4.1
+ reclaimPolicy: Delete
+
+rbac:
+ create: true
+
+resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 100m
+ memory: 256Mi
diff --git a/helm-charts/gerrit-slave/templates/NOTES.txt b/helm-charts/gerrit-slave/templates/NOTES.txt
new file mode 100644
index 0000000..7f9ec69
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/NOTES.txt
@@ -0,0 +1,61 @@
+A Gerrit slave has been deployed.
+=================================
+
+The Apache-Git-HTTP-Backend is now ready to receive replication requests from the
+Gerrit master. Please configure the replication plugin of the Gerrit-master to
+push the repositories to:
+
+{{ if .Values.gitBackend.ingress.enabled -}}
+ http {{- if .Values.gitBackend.ingress.tls.enabled -}} s {{- end -}} :// {{- .Values.gitBackend.ingress.host -}} /git/${name}.git
+{{- else }}
+ {{ if .Values.gitBackend.service.https.enabled -}}
+ https://<EXTERNAL-IP>: {{- .Values.gitBackend.service.https.port -}} /git/${name}.git
+ {{ else }}
+ http://<EXTERNAL-IP>: {{- .Values.gitBackend.service.http.port -}} /git/${name}.git
+ {{ end }}
+ The external IP of the service can be found by running:
+ kubectl get svc git-backend-service
+{{- end }}
+
+Requests to create new repositories have to be directed to the route /new/${name}.git
+over HTTP(S). A detailed guide of how to configure Gerrit's replication plugin
+can be found here:
+
+https://gerrit.googlesource.com/plugins/replication/+doc/master/src/main/resources/Documentation/config.md
+
+
+{{ if .Values.mysql.enabled -}}
+A mysql database has been deployed and configured to work with the Gerrit slave.
+Note, that the database is not yet initialized with the scheme expected by Gerrit.
+Either use database replication or run the Gerrit-slave in test-mode to create
+the expected schemas.
+{{- end }}
+
+{{ if .Values.database.replication.enabled -}}
+The components to initialize database replication have been deployed. To start
+initialization the Job needs a database dump containing the master's data. Use
+the following command to make the database dump available to the job:
+
+ JOB_POD=$(kubectl get pod -l app=replication-init -o jsonpath="{.items[0].metadata.name}")
+ kubectl cp <PATH_TO_DUMP> ${JOB_POD}:{{ .Values.database.replication.mysql.dbDumpAcceptPath }}
+
+Depending on the size of the database the initialization will take a while. When
+finished the job will shut down.
+{{- end }}
+
+The Gerrit slave is starting up.
+
+{{ if .Values.gerritSlave.initializeTestSite.enabled -}}
+Since the test-mode was activated, a Gerrit site will be initialized after the
+database connection could be established.
+{{- else }}
+The deployment will wait for the replication of repositories and the databse scheme.
+The repository replication is checked by testing for the presence of the 'All-Projects.git'-
+repository. The database-scheme is tested by testing for the presence of a database
+with the configured name, containing the tables 'accounts', 'changes' and 'patch_sets'.
+{{- end }}
+
+The initialization process may take some time. Afterwards the git repositories
+will be available under:
+
+http {{- if .Values.gerritSlave.ingress.tls.enabled -}} s {{- end -}} :// {{- .Values.gerritSlave.ingress.host -}} /<repository-name>.git
diff --git a/helm-charts/gerrit-slave/templates/_helpers.tpl b/helm-charts/gerrit-slave/templates/_helpers.tpl
new file mode 100644
index 0000000..95a0020
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/_helpers.tpl
@@ -0,0 +1,20 @@
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gerrit-slave.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create secret to access docker registry
+*/}}
+{{- define "imagePullSecret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.images.registry.name (printf "%s:%s" .Values.images.registry.ImagePullSecret.username .Values.images.registry.ImagePullSecret.password | b64enc) | b64enc }}
+{{- end }}
+
+{{/*
+Add '/' to registry if needed.
+*/}}
+{{- define "registry" -}}
+{{ if .Values.images.registry.name }}{{- printf "%s/" .Values.images.registry.name -}}{{end}}
+{{- end -}}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/gerrit-slave.configmap.yaml b/helm-charts/gerrit-slave/templates/gerrit-slave.configmap.yaml
new file mode 100644
index 0000000..f41c678
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/gerrit-slave.configmap.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-gerrit-slave-configmap
+ labels:
+ app: gerrit-slave
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ test-mode: {{ if .Values.gerritSlave.initializeTestSite.enabled }} "true" {{ else }} "false" {{ end }}
+ gerrit.config: |-
+{{ .Values.gerritSlave.config.gerrit | indent 4 }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/gerrit-slave.deployment.yaml b/helm-charts/gerrit-slave/templates/gerrit-slave.deployment.yaml
new file mode 100644
index 0000000..c753f0e
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/gerrit-slave.deployment.yaml
@@ -0,0 +1,123 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-gerrit-slave-deployment
+ labels:
+ app: gerrit-slave
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ replicas: {{ .Values.gerritSlave.replicas | default 1 }}
+ selector:
+ matchLabels:
+ app: gerrit-slave
+ template:
+ metadata:
+ labels:
+ app: gerrit-slave
+ spec:
+ securityContext:
+ fsGroup: 100
+ {{ if .Values.images.registry.ImagePullSecret.name -}}
+ imagePullSecrets:
+ - name: {{ .Values.images.registry.ImagePullSecret.name }}
+ {{- end }}
+ initContainers:
+ - name: gerrit-slave-init
+ image: {{ template "registry" . }}{{ .Values.gerritSlave.images.gerritInit }}:{{ .Values.images.version }}
+ imagePullPolicy: {{ .Values.images.imagePullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ args:
+ - |
+ ln -s /var/keystore /var/gerrit/etc/keystore
+ ln -sf /var/config/gerrit.config /var/gerrit/etc/gerrit.config
+ ln -sf /var/config/secure.config /var/gerrit/etc/secure.config
+
+ /var/tools/start
+ env:
+ - name: TEST_MODE
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-gerrit-slave-configmap
+ key: test-mode
+ volumeMounts:
+ - name: git-filesystem
+ mountPath: "/var/gerrit/git"
+ - name: gerrit-logs
+ mountPath: "/var/gerrit/logs"
+ - name: gerrit-config
+ mountPath: "/var/config/gerrit.config"
+ subPath: gerrit.config
+ - name: gerrit-slave-secure-config
+ mountPath: "/var/config/secure.config"
+ subPath: secure.config
+ - name: gerrit-slave-secure-config
+ mountPath: "/var/keystore"
+ subPath: keystore
+ containers:
+ - name: gerrit-slave
+ image: {{ template "registry" . }}{{ .Values.gerritSlave.images.gerritSlave }}:{{ .Values.images.version }}
+ imagePullPolicy: {{ .Values.images.imagePullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ args:
+ - |
+ rm -f /var/gerrit/logs/gerrit.pid
+
+ ln -s /var/keystore /var/gerrit/etc/keystore
+ ln -sf /var/config/gerrit.config /var/gerrit/etc/gerrit.config
+ ln -sf /var/config/secure.config /var/gerrit/etc/secure.config
+
+ JAVA_OPTIONS=$(git config --file /var/gerrit/etc/gerrit.config --get-all container.javaOptions)
+
+ java ${JAVA_OPTIONS} -jar /var/gerrit/bin/gerrit.war daemon \
+ -d /var/gerrit \
+ --enable-httpd \
+ --slave &
+
+ tail -F -n +1 /var/gerrit/logs/{error,httpd,sshd}_log
+ env:
+ - name: TEST_MODE
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-gerrit-slave-configmap
+ key: test-mode
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - name: git-filesystem
+ mountPath: "/var/gerrit/git"
+ - name: gerrit-logs
+ mountPath: "/var/gerrit/logs"
+ - name: gerrit-config
+ mountPath: "/var/config/gerrit.config"
+ subPath: gerrit.config
+ - name: gerrit-slave-secure-config
+ mountPath: "/var/config/secure.config"
+ subPath: secure.config
+ - name: gerrit-slave-secure-config
+ mountPath: "/var/keystore"
+ subPath: keystore
+ resources:
+{{ toYaml .Values.gerritSlave.resources | indent 10 }}
+ volumes:
+ - name: git-filesystem
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-git-filesystem-pvc
+ - name: gerrit-logs
+ {{ if .Values.gerritSlave.logging.persistence.enabled -}}
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-gerrit-slave-logs-pvc
+ {{ else -}}
+ emptyDir: {}
+ {{- end }}
+ - name: gerrit-config
+ configMap:
+ name: {{ .Release.Name }}-gerrit-slave-configmap
+ - name: gerrit-slave-secure-config
+ secret:
+ secretName: {{ .Release.Name }}-gerrit-slave-secure-config
diff --git a/helm-charts/gerrit-slave/templates/gerrit-slave.ingress.yaml b/helm-charts/gerrit-slave/templates/gerrit-slave.ingress.yaml
new file mode 100644
index 0000000..1b6c448
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/gerrit-slave.ingress.yaml
@@ -0,0 +1,27 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ .Release.Name }}-gerrit-slave-ingress
+ labels:
+ app: gerrit-slave
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ {{ if .Values.gerritSlave.ingress.alias -}}
+ annotations:
+ nginx.ingress.kubernetes.io/server-alias: {{ .Values.gerritSlave.ingress.alias }}
+ {{- end }}
+spec:
+ {{ if .Values.gerritSlave.ingress.tls.enabled -}}
+ tls:
+ - hosts:
+ - {{ .Values.gerritSlave.ingress.host }}
+ secretName: {{ .Release.Name }}-gerrit-slave-tls-secret
+ {{- end }}
+ rules:
+ - host: {{required "A host URL is required for the Gerrit slave Ingress. Please set 'gerritSlave.ingress.host'" .Values.gerritSlave.ingress.host }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ .Release.Name }}-gerrit-slave-service
+ servicePort: {{ .Values.gerritSlave.service.http.port }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/gerrit-slave.secrets.yaml b/helm-charts/gerrit-slave/templates/gerrit-slave.secrets.yaml
new file mode 100644
index 0000000..b21c3a3
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/gerrit-slave.secrets.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-gerrit-slave-secure-config
+ labels:
+ app: gerrit-slave
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ keystore: {{required "A Java keystore is required to start Gerrit. Please edit 'gerritSlave.keystore'." .Values.gerritSlave.keystore }}
+ secure.config: {{ .Values.gerritSlave.config.secure | b64enc }}
+type: Opaque
+---
+{{ if .Values.gerritSlave.ingress.tls.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-gerrit-slave-tls-secret
+ labels:
+ app: gerrit-slave
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+type: kubernetes.io/tls
+data:
+ {{ with .Values.gerritSlave.ingress.tls -}}
+ tls.crt: {{ .cert | b64enc }}
+ tls.key: {{ .key | b64enc }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/gerrit-slave.service.yaml b/helm-charts/gerrit-slave/templates/gerrit-slave.service.yaml
new file mode 100644
index 0000000..6591ac0
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/gerrit-slave.service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}-gerrit-slave-service
+ labels:
+ app: gerrit-slave
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ {{ with .Values.gerritSlave.service }}
+ ports:
+ - name: http
+ port: {{ .http.port }}
+ targetPort: 8080
+ selector:
+ app: gerrit-slave
+ type: {{ .type }}
+ {{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/gerrit-slave.storage.yaml b/helm-charts/gerrit-slave/templates/gerrit-slave.storage.yaml
new file mode 100644
index 0000000..2f1d2ce
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/gerrit-slave.storage.yaml
@@ -0,0 +1,18 @@
+{{ if .Values.gerritSlave.logging.persistence.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-gerrit-slave-logs-pvc
+ labels:
+ app: gerrit-slave
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.gerritSlave.logging.persistence.size }}
+ storageClassName: {{ .Values.storageClasses.default.name }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/git-backend.deployment.yaml b/helm-charts/gerrit-slave/templates/git-backend.deployment.yaml
new file mode 100644
index 0000000..a1e5092
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/git-backend.deployment.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-git-backend-deployment
+ labels:
+ app: git-backend
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ replicas: {{ .Values.gitBackend.replicas | default 1 }}
+ selector:
+ matchLabels:
+ app: git-backend
+ template:
+ metadata:
+ labels:
+ app: git-backend
+ spec:
+ securityContext:
+ fsGroup: 100
+ {{ if .Values.images.registry.ImagePullSecret.name -}}
+ imagePullSecrets:
+ - name: {{ .Values.images.registry.ImagePullSecret.name }}
+ {{- end }}
+ containers:
+ - name: apache-git-http-backend
+ imagePullPolicy: {{ .Values.images.imagePullPolicy }}
+ image: {{ template "registry" . }}{{ .Values.gitBackend.image }}:{{ .Values.images.version }}
+ command:
+ - bin/bash
+ - -c
+ args:
+ - |
+ {{ if eq .Values.gitBackend.service.https.enabled false -}}
+ rm /etc/apache2/sites-enabled/git-https-backend.conf
+ {{- end }}
+ {{ if eq .Values.gitBackend.service.http.enabled false -}}
+ rm /etc/apache2/sites-enabled/git-http-backend.conf
+ {{- end }}
+ /etc/init.d/apache2 start \
+ && tail -F -q -n +1 /var/log/apache2/*.log
+ ports:
+ - containerPort: 80
+ - containerPort: 443
+ resources:
+{{ toYaml .Values.gitBackend.resources | indent 10 }}
+ volumeMounts:
+ - name: git-filesystem
+ mountPath: "/var/gerrit/git"
+ - name: git-backend-secret
+ readOnly: true
+ mountPath: "/var/apache/credentials"
+ - name: apache-logs
+ mountPath: "/var/log/apache2"
+ volumes:
+ - name: git-filesystem
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-git-filesystem-pvc
+ - name: git-backend-secret
+ secret:
+ secretName: {{ .Release.Name }}-git-backend-secret
+ - name: apache-logs
+ {{ if .Values.gitBackend.logging.persistence.enabled -}}
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-apache-logs-pvc
+ {{ else -}}
+ emptyDir: {}
+ {{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/git-backend.ingress.yaml b/helm-charts/gerrit-slave/templates/git-backend.ingress.yaml
new file mode 100644
index 0000000..6d7354d
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/git-backend.ingress.yaml
@@ -0,0 +1,33 @@
+{{ if .Values.gitBackend.ingress.enabled -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ .Release.Name }}-git-backend-ingress
+ labels:
+ app: git-backend
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-body-size: "0"
+ {{ if .Values.gitBackend.ingress.alias -}}
+ nginx.ingress.kubernetes.io/server-alias: {{ .Values.gitBackend.ingress.alias }}
+ {{- end }}
+spec:
+ {{ if .Values.gitBackend.ingress.tls.enabled -}}
+ tls:
+ - hosts:
+ - {{ .Values.gitBackend.ingress.host }}
+ secretName: {{ .Release.Name }}-git-backend-tls-secret
+ {{- end }}
+ rules:
+ - host: {{ .Values.gitBackend.ingress.host }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ .Release.Name }}-git-backend-service
+ servicePort: {{ .Values.gitBackend.service.http.port }}
+ # TODO: Allow encrypted communication between Ingress and Service
+ # A possible solution could be the annotation
+ # nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/git-backend.secrets.yaml b/helm-charts/gerrit-slave/templates/git-backend.secrets.yaml
new file mode 100644
index 0000000..f69608a
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/git-backend.secrets.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-git-backend-secret
+ labels:
+ app: git-backend
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ {{ with .Values.gitBackend -}}
+ .htpasswd: {{ .credentials.htpasswd | b64enc }}
+ {{ if .service.https.enabled -}}
+ server.key: {{ .service.https.key | b64enc }}
+ server.crt: {{ .service.https.cert | b64enc }}
+ {{- end }}
+ {{- end }}
+type: Opaque
+---
+{{ if and .Values.gitBackend.ingress.enabled .Values.gitBackend.ingress.tls.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-git-backend-tls-secret
+ labels:
+ app: git-backend
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+type: kubernetes.io/tls
+data:
+ {{ with .Values.gitBackend.ingress.tls -}}
+ tls.crt: {{ .cert | b64enc }}
+ tls.key: {{ .key | b64enc }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/git-backend.service.yaml b/helm-charts/gerrit-slave/templates/git-backend.service.yaml
new file mode 100644
index 0000000..11b57ce
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/git-backend.service.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}-git-backend-service
+ labels:
+ app: git-backend
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ {{ with .Values.gitBackend.service }}
+ ports:
+ {{ if .http.enabled -}}
+ - name: http
+ port: {{ .http.port }}
+ targetPort: 80
+ {{- end }}
+ {{ if .https.enabled -}}
+ - name: https
+ port: {{ .https.port }}
+ targetPort: 443
+ {{- end }}
+ selector:
+ app: git-backend
+ type: {{ .type }}
+ {{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/git-backend.storage.yaml b/helm-charts/gerrit-slave/templates/git-backend.storage.yaml
new file mode 100644
index 0000000..aebbabf
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/git-backend.storage.yaml
@@ -0,0 +1,18 @@
+{{ if .Values.gitBackend.logging.persistence.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-apache-logs-pvc
+ labels:
+ app: git-backend
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.gitBackend.logging.persistence.size }}
+ storageClassName: {{ .Values.storageClasses.default.name }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/git-gc.cronjob.yaml b/helm-charts/gerrit-slave/templates/git-gc.cronjob.yaml
new file mode 100644
index 0000000..5803b79
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/git-gc.cronjob.yaml
@@ -0,0 +1,47 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: {{ .Release.Name }}-git-gc
+ labels:
+ app: git-gc
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ schedule: {{ .Values.gitGC.schedule | quote }}
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ restartPolicy: OnFailure
+ securityContext:
+ runAsUser: 1000
+ fsGroup: 100
+ {{ if .Values.images.registry.ImagePullSecret.name -}}
+ imagePullSecrets:
+ - name: {{ .Values.images.registry.ImagePullSecret.name }}
+ {{- end }}
+ containers:
+ - name: git-gc
+ imagePullPolicy: {{ .Values.images.imagePullPolicy }}
+ image: {{ template "registry" . }}{{ .Values.gitGC.image }}:{{ .Values.images.version }}
+ command:
+ - /var/tools/gc-all.sh
+ resources:
+{{ toYaml .Values.gitGC.resources | indent 14 }}
+ volumeMounts:
+ - name: git-filesystem
+ mountPath: "/var/gerrit/git"
+ - name: git-gc-logs
+ mountPath: "/var/log/git"
+ volumes:
+ - name: git-filesystem
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-git-filesystem-pvc
+ - name: git-gc-logs
+ {{ if .Values.gitGC.logging.persistence.enabled -}}
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-git-gc-logs-pvc
+ {{ else -}}
+ emptyDir: {}
+ {{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/git-gc.storage.yaml b/helm-charts/gerrit-slave/templates/git-gc.storage.yaml
new file mode 100644
index 0000000..8a63ee8
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/git-gc.storage.yaml
@@ -0,0 +1,18 @@
+{{ if .Values.gitGC.logging.persistence.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-git-gc-logs-pvc
+ labels:
+ app: git-gc
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.gitGC.logging.persistence.size }}
+ storageClassName: {{ .Values.storageClasses.default.name }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/git-repositories.storage.yaml b/helm-charts/gerrit-slave/templates/git-repositories.storage.yaml
new file mode 100644
index 0000000..bb786b2
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/git-repositories.storage.yaml
@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-git-filesystem-pvc
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: {{ .Values.gitRepositoryStorage.size }}
+ storageClassName: {{ .Values.storageClasses.shared.name }}
diff --git a/helm-charts/gerrit-slave/templates/image-pull.secret.yaml b/helm-charts/gerrit-slave/templates/image-pull.secret.yaml
new file mode 100644
index 0000000..d107472
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/image-pull.secret.yaml
@@ -0,0 +1,9 @@
+{{ if and .Values.images.registry.ImagePullSecret.name .Values.images.registry.ImagePullSecret.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.images.registry.ImagePullSecret.name }}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/mysql-replication-init.job.yaml b/helm-charts/gerrit-slave/templates/mysql-replication-init.job.yaml
new file mode 100644
index 0000000..e2a0214
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/mysql-replication-init.job.yaml
@@ -0,0 +1,101 @@
+{{ if and .Values.database.replication.enabled (eq .Values.database.provider "mysql") }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-mysql-replication-init-configmap
+ labels:
+ app: mysql-replication-init
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ initialize-slave.sql: |
+ SET @query = CONCAT(
+ "CHANGE MASTER TO ",
+ "MASTER_HOST = '{{ .Values.database.replication.mysql.config.masterHost }}' , ",
+ "MASTER_PORT = {{ .Values.database.replication.mysql.config.masterPort }} , ",
+ "MASTER_USER = '{{ .Values.database.replication.mysql.config.masterUser }}' , ",
+ "MASTER_PASSWORD ='", @replpwd, "', ",
+ "MASTER_LOG_FILE = '{{ .Values.database.replication.mysql.config.masterLogFile }}' , ",
+ "MASTER_LOG_POS = {{ .Values.database.replication.mysql.config.masterLogPos }} , ",
+ "MASTER_SSL = {{ if .Values.mysql.ssl.enabled }} 1 {{ else }} 0 {{ end }} , ",
+ "MASTER_SSL_CA = '/ssl/ca.pem', ",
+ "MASTER_SSL_CERT = '/ssl/server-cert.pem', ",
+ "MASTER_SSL_KEY = '/ssl/server-key.pem', ",
+ "MASTER_SSL_VERIFY_SERVER_CERT = 1;");
+ PREPARE stmt FROM @query;
+ EXECUTE stmt;
+ DEALLOCATE PREPARE stmt;
+
+ START SLAVE;
+ DO SLEEP(15);
+ SHOW SLAVE STATUS\G;
+ dump-filepath: {{ .Values.database.replication.mysql.dbDumpAcceptPath }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-mysql-replication-init-secret
+ labels:
+ app: mysql-replication-init
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+ repl-password: {{ .Values.database.replication.mysql.config.masterPassword | b64enc }}
+type: Opaque
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ .Release.Name }}-mysql-replication-init-job
+ labels:
+ app: mysql-replication-init
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ template:
+ metadata:
+ name: {{ .Release.Name }}-mysql-replication-init
+ labels:
+ app: mysql-replication-init
+ spec:
+ restartPolicy: OnFailure
+ {{ if .Values.images.registry.ImagePullSecret.name -}}
+ imagePullSecrets:
+ - name: {{ .Values.images.registry.ImagePullSecret.name }}
+ {{- end }}
+ containers:
+ - name: mysql-replication-init
+ imagePullPolicy: {{ .Values.images.imagePullPolicy }}
+ image: {{ template "registry" . }}{{ .Values.database.replication.image }}:{{ .Values.images.version }}
+ env:
+ - name: REPL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name }}-mysql-replication-init-secret
+ key: repl-password
+ - name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ printf "%s-mysql" .Release.Name }}
+ key: mysql-root-password
+ - name: FILEPATH
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-mysql-replication-init-configmap
+ key: dump-filepath
+ - name: MYSQL_HOST
+ value: {{ printf "%s-mysql" .Release.Name }}
+ - name: MYSQL_PORT
+ value: {{ .Values.mysql.service.port | quote }}
+ volumeMounts:
+ - name: mysql-replication-init-configmap
+ mountPath: "/var/sql"
+ volumes:
+ - name: mysql-replication-init-configmap
+ configMap:
+ name: {{ .Release.Name }}-mysql-replication-init-configmap
+
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/templates/storageclasses.yaml b/helm-charts/gerrit-slave/templates/storageclasses.yaml
new file mode 100644
index 0000000..10a3c12
--- /dev/null
+++ b/helm-charts/gerrit-slave/templates/storageclasses.yaml
@@ -0,0 +1,37 @@
+{{ if .Values.storageClasses.default.create -}}
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+ name: {{ .Values.storageClasses.default.name }}
+ labels:
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+provisioner: {{ .Values.storageClasses.default.provisioner }}
+reclaimPolicy: {{ .Values.storageClasses.default.reclaimPolicy }}
+{{ if .Values.storageClasses.shared.parameters -}}
+parameters:
+{{- range $key, $value := .Values.storageClasses.default.parameters }}
+ {{ $key }}: {{ $value }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{ if .Values.storageClasses.shared.create -}}
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+ name: {{ .Values.storageClasses.shared.name }}
+ labels:
+ chart: {{ template "gerrit-slave.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+provisioner: {{ .Values.storageClasses.shared.provisioner }}
+reclaimPolicy: {{ .Values.storageClasses.shared.reclaimPolicy }}
+{{ if .Values.storageClasses.shared.parameters -}}
+parameters:
+{{- range $key, $value := .Values.storageClasses.shared.parameters }}
+ {{ $key }}: {{ $value }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/gerrit-slave/values.yaml b/helm-charts/gerrit-slave/values.yaml
new file mode 100644
index 0000000..4efb8a7
--- /dev/null
+++ b/helm-charts/gerrit-slave/values.yaml
@@ -0,0 +1,375 @@
+images:
+ registry:
+ # The registry name must NOT contain a trailing slash
+ name:
+ ImagePullSecret:
+ # Leave blank, if no ImagePullSecret is needed.
+ name: image-pull-secret
+ # If set to false, the gerrit-slave chart expects either a ImagePullSecret
+ # with the name configured above to be present on the cluster or that no
+ # credentials are needed.
+ create: false
+ username:
+ password:
+ version: latest
+ imagePullPolicy: Always
+
+
+storageClasses:
+ # Storage class used for storing logs and other pod-specific persisted data
+ default:
+ # If create is set to false, an existing StorageClass with the given
+ # name is expected to exist in the cluster. Setting create to true will
+ # create a storage class with the parameters given below.
+ name: default
+ create: false
+ provisioner: kubernetes.io/aws-ebs
+ reclaimPolicy: Delete
+ # Use the parameters key to set all parameters needed for the provisioner
+ parameters:
+ type: gp2
+ fsType: ext4
+ # Storage class used for storing git repositories. Has to provide RWM access.
+ shared:
+ # If create is set to false, an existing StorageClass with RWM access
+ # mode and the given name has to be provided.
+ name: shared-storage
+ create: false
+ provisioner: nfs
+ reclaimPolicy: Delete
+ # Use the parameters key to set all parameters needed for the provisioner
+ parameters:
+ mountOptions: vers=4.1
+
+
+gitRepositoryStorage:
+ size: 5Gi
+
+
+database:
+ provider: mysql
+
+ # Only applies to databases set up by this chart (currently available: MySQL)
+ replication:
+ enabled: false
+ image: k8sgerrit/mysql-replication-init
+
+ # The following section is specific for replication of MySQL databases
+ mysql:
+ config:
+ masterHost: mysql.example.com
+ masterPort: 3306
+ masterUser: repl
+ masterPassword: password
+ masterLogFile: mysql-bin.000001
+ masterLogPos: 111
+ dbDumpAcceptPath: /var/data/db/master_dump.sql
+
+
+gitBackend:
+ image: k8sgerrit/apache-git-http-backend
+
+ replicas: 1
+
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 100m
+ memory: 256Mi
+
+ logging:
+ persistence:
+ enabled: true
+ size: 1Gi
+
+ service:
+ type: LoadBalancer
+ # At least one endpoint (HTTP and/or HTTPS) has to be enabled in the service!
+ http:
+ enabled: true
+ port: 80
+ https:
+ enabled: false
+ port: 443
+ cert: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ key: |-
+ -----BEGIN RSA PRIVATE KEY-----
+
+ -----END RSA PRIVATE KEY-----
+
+ ingress:
+ enabled: false
+ host:
+ # Provide a second host name used as an alias. Leave empty, if no alias is
+ # desired.
+ alias:
+ tls:
+ enabled: false
+ cert: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ key: |-
+ -----BEGIN RSA PRIVATE KEY-----
+
+ -----END RSA PRIVATE KEY-----
+
+ credentials:
+ # example: user: 'git'; password: 'secret'
+ # run `man htpasswd` to learn about how to create .htpasswd-files
+ htpasswd: git:$apr1$O/LbLKC7$Q60GWE7OcqSEMSfe/K8xU.
+ # TODO: Create htpasswd-file on container startup instead and set user
+ # and password in values.yaml.
+ #user:
+ #password:
+
+
+gitGC:
+ image: k8sgerrit/git-gc
+
+ schedule: 0 6,18 * * *
+
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 100m
+ memory: 256Mi
+
+ logging:
+ persistence:
+ enabled: true
+ size: 1Gi
+
+
+gerritSlave:
+ images:
+ gerritInit: k8sgerrit/gerrit-slave-init
+ gerritSlave: k8sgerrit/gerrit-slave
+
+ # If you only intend to test the Gerrit slave and do not wish to actually
+ # replicate repositories and the database, activate this option to initialize
+ # a new site.
+ # NOTE: The database must not run in read-only mode for this to work!
+ initializeTestSite:
+ enabled: true
+
+ # The memory limit has to be higher than the configures heap-size for Java!
+ resources:
+ requests:
+ cpu: 1
+ memory: 5Gi
+ limits:
+ cpu: 1
+ memory: 6Gi
+
+ logging:
+ persistence:
+ enabled: true
+ size: 1Gi
+
+ service:
+ type: NodePort
+ http:
+ port: 80
+
+ ingress:
+ host:
+ # Provide a second host name used as an alias. Leave empty, if no alias is
+ # desired.
+ alias:
+ tls:
+ enabled: false
+ cert: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ key: |-
+ -----BEGIN RSA PRIVATE KEY-----
+
+ -----END RSA PRIVATE KEY-----
+
+ # `gerritSlave.keystore` expects a base64-encoded Java-keystore
+ # Since Java keystores are binary files, adding the unencoded content and
+ # automatic encoding using helm does not work here.
+ keystore:
+
+ config:
+ # Some values are expected to have a specific value for the deployment installed
+ # by this chart to work. These are marked with `# FIXED`. Do not change them!
+ gerrit: |-
+ [gerrit]
+ basePath = git # FIXED
+ # The canonical web URL has to be set to the Ingress host, if an Ingress
+ # is used. If a LoadBalancer-service is used, this should be set to the
+ # LoadBalancer's external IP. This can only be done manually after installing
+ # the chart, when you know the external IP the LoadBalancer got from the
+ # cluster.
+ canonicalWebUrl = http://example.com/
+ disableReverseDnsLookup = true
+ [database]
+ type = mysql
+ # 'gerrit-slave-mysql' is the reference to the service that managaes
+ # the traffic to the mysql database, if the mysql-database is installed
+ # via the gerrit-slave chart
+ hostname = gerrit-slave-mysql
+ port = 3306
+ database = reviewdb
+ [index]
+ type = LUCENE
+ [auth]
+ type = DEVELOPMENT_BECOME_ANY_ACCOUNT
+ [httpd]
+ # If using an ingress use proxy-http or proxy-https
+ listenUrl = proxy-http://*:8080/
+ [transfer]
+ timeout = 120 s
+ [user]
+ name = Gerrit Code Review
+ email = gerrit@example.com
+ anonymousCoward = Unnamed User
+ [cache]
+ directory = cache
+ [container]
+ user = gerrit # FIXED
+ slave = true # FIXED
+ javaHome = /usr/lib/jvm/java-8-openjdk-amd64 # FIXED
+ javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
+ javaOptions = -Xms200m
+ # Has to be lower than 'gerritSlave.resources.limits.memory'. Also
+ # consider memories used by other applications in the container.
+ javaOptions = -Xmx4g
+
+ secure: |-
+ # Database credentials should be the same as configured for the database
+ # Gerrit-slave chart, if the database was installed using the chart.
+ [database]
+ username = gerrit
+ password = secret
+
+ # Password for the keystore added as value for 'gerritSlave.keystore'
+ [httpd]
+ sslKeyPassword = gerrit
+
+
+mysql:
+ # Enabling the installation of the MySQL database will only make sense, if
+ # `mysql` is chosen as a provider under `database.provider`.
+ enabled: true
+
+ image: mysql
+ # The major.minor version of mysql should be the same as for the master database
+ imageTag: 5.5.61
+
+ mysqlRootPassword: big_secret
+ mysqlUser: gerrit
+ mysqlPassword: secret
+
+ livenessProbe:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+
+ readinessProbe:
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
+ persistence:
+ enabled: true
+ storageClass: default
+ accessMode: ReadWriteOnce
+ size: 8Gi
+
+ resources:
+ requests:
+ cpu: 250m
+ memory: 1Gi
+ limits:
+ cpu: 250m
+ memory: 1Gi
+
+ configurationFiles:
+ mysql.cnf: |-
+ [mysqld]
+
+ # The following options should not be changed
+ #############################################
+
+ log-bin=/var/lib/mysql/bin.log
+ log-bin-index=/var/lib/mysql/log-bin.index
+ log-error=/var/lib/mysql/error.log
+
+ relay-log=/var/lib/mysql/relay.log
+ relay-log-info-file=/var/lib/mysql/relay-log.info
+ relay-log-index=/var/lib/mysql/relay-log.index
+
+ log-error=/var/lib/mysql/error.log
+ log_slave_updates = 1
+
+ sql_mode="ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
+
+ # Adapt the following changes to your setup
+ ###########################################
+
+ # Should usually set to '1', when running in production. When running the
+ # Gerrit slave in test mode, it has to be set to '0' to be able to initialize
+ # the reviewDB
+ read_only=0
+
+ # The mysql database should not be replicated to avoid to overwrite user data
+ # of the database
+ replicate-ignore-db=mysql
+
+ # Adapt to the binlog format of the Gerrit master's database
+ binlog_format=row
+
+ # Has to be different for each database in the replication setup.
+ server-id=42
+
+ # Add the following options to the config, if using SSL (`mysql.ssl.enabled: true`)
+ # But do not change the values.
+ # ssl-ca=/ssl/ca.pem
+ # ssl-cert=/ssl/server-cert.pem
+ # ssl-key=/ssl/server-key.pem
+
+ initializationFiles:
+ # Do not change or remove this script.
+ initialize_reviewdb.sql: |-
+ CREATE DATABASE reviewdb DEFAULT CHARACTER SET 'utf8';
+ GRANT ALL ON reviewdb.* TO 'gerrit';
+ FLUSH PRIVILEGES;
+
+ service:
+ type: NodePort
+ port: 3306
+
+ ssl:
+ # If enabled, add the required lines to the configuration as described in
+ # `mysql.configurationFiles.mysql.cnf`
+ enabled: false
+ secret: slave-ssl-certs
+ certificates:
+ - name: slave-ssl-certs
+ ca: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ cert: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ key: |-
+ -----BEGIN RSA PRIVATE KEY-----
+
+ -----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/publish b/publish
new file mode 100755
index 0000000..ce6f36b
--- /dev/null
+++ b/publish
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+usage() {
+ me=`basename "$0"`
+ echo >&2 "Usage: $me [--update-latest] [--tag TAG] [--registry REGISTRY] component"
+ exit 1
+}
+
+UPDATE_LATEST=false
+
+while test $# -gt 0 ; do
+ case "$1" in
+ --update-latest)
+ UPDATE_LATEST=true
+ shift
+ ;;
+ --registry)
+ shift
+ REGISTRY=$1
+ shift
+ ;;
+ --tag)
+ shift
+ TAG=$1
+ shift
+ ;;
+ *)
+ break
+ esac
+done
+
+if test -z "$TAG"; then
+ echo "No tag was provided."
+ echo "Use either the --tag option or provide a TAG-environment variable."
+ exit 1
+fi
+
+test -n "$REGISTRY" && [[ "$REGISTRY" != */ ]] && REGISTRY="$REGISTRY/"
+
+test $# -eq 1 || usage
+IMAGE=$1
+
+if test "$UPDATE_LATEST" = "true" ; then
+ docker image tag k8sgerrit/$IMAGE:$TAG ${REGISTRY}k8sgerrit/$IMAGE:latest
+ docker push ${REGISTRY}k8sgerrit/$IMAGE:latest
+fi
+
+docker image tag k8sgerrit/$IMAGE:$TAG ${REGISTRY}k8sgerrit/$IMAGE:$TAG
+docker push ${REGISTRY}k8sgerrit/$IMAGE:$TAG
\ No newline at end of file
diff --git a/start b/start
new file mode 100755
index 0000000..e0458f2
--- /dev/null
+++ b/start
@@ -0,0 +1,98 @@
+#!/bin/bash
+
+usage() {
+ me=`basename "$0"`
+ echo >&2 "Usage: $me [--registry REGISTRY] [--tag TAG] [--detach] [--enable-http] site component"
+ exit 1
+}
+
+create_dir() {
+ d=$1
+ u=$2
+ g=$3
+ mkdir -p $d
+ if [ $? -ne 0 ]; then
+ echo >&2 "Failed to create directory $d"
+ exit 1
+ fi
+
+ chown $u:$g $d
+ if [ $? -ne 0 ]; then
+ echo >&2 "Failed to set ownership for directory $d"
+ exit 1
+ fi
+}
+
+export -f create_dir
+
+while test $# -gt 0 ; do
+ case "$1" in
+ --registry)
+ shift
+ REGISTRY=$1
+ shift
+ ;;
+ --tag)
+ shift
+ TAG=$1
+ shift
+ ;;
+ --detach)
+ MODE=$1
+ shift
+ ;;
+ --enable-http)
+ ENABLE_HTTP='-e ENABLE_HTTP=1'
+ shift
+ ;;
+
+ *)
+ break
+ esac
+done
+
+test -z "$TAG" && TAG=latest
+test -z "$MODE" && MODE='--interactive --tty'
+
+test $# -ge 1 || usage
+SITE=$1
+shift
+
+test $# -eq 1 || usage
+NAME=$1
+
+[[ -n "$REGISTRY" ]] && [["$REGISTRY" != */ ]] && REGISTRY="$REGISTRY/"
+
+OWNER_UID=$(ls -lnd $SITE/git | tr -s ' ' | cut -d ' ' -f 3)
+OWNER_GID=$(ls -lnd $SITE/git | tr -s ' ' | cut -d ' ' -f 4)
+
+if [[ "$OSTYPE" == "darwin"* ]]; then
+ ENV="$ENV -e FIXFS=true"
+fi
+
+docker rm ${NAME} >/dev/null 2>&1
+
+case "$NAME" in
+apache-git-http-backend)
+ container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$ENABLE_HTTP" "$REGISTRY" "$TAG" "$OWNER_UID" "$OWNER_GID" "$ENV"
+ ;;
+
+git-gc)
+ container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$REGISTRY" "$TAG" "$ENV"
+ ;;
+
+gerrit-master)
+ container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$REGISTRY" "$TAG" "$OWNER_UID" "$OWNER_GID" "$ENV"
+ ;;
+
+gerrit-slave)
+ container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$REGISTRY" "$TAG" "$OWNER_UID" "$OWNER_GID" "$ENV"
+ ;;
+
+gerrit-slave-init)
+ container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$REGISTRY" "$TAG" "$OWNER_UID" "$OWNER_GID" "$ENV"
+ ;;
+
+*)
+ echo "$NAME not a known component"
+esac
