blob: 8493c7a8c47d89d63515d65db0a5728acc20981f [file] [log] [blame]
{{- $root := . -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ .Release.Name }}-gerrit-replica-statefulset
labels:
app.kubernetes.io/component: gerrit-replica
app.kubernetes.io/instance: {{ .Release.Name }}
chart: {{ template "gerrit-replica.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | indent 4 }}
{{- end }}
spec:
serviceName: {{ .Release.Name }}-gerrit-replica-service
replicas: {{ .Values.gerritReplica.replicas }}
updateStrategy:
rollingUpdate:
partition: {{ .Values.gerritReplica.updatePartition }}
selector:
matchLabels:
app.kubernetes.io/component: gerrit-replica
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/component: gerrit-replica
app.kubernetes.io/instance: {{ .Release.Name }}
chart: {{ template "gerrit-replica.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | indent 8 }}
{{- end }}
{{- if .Values.gerritReplica.additionalPodLabels }}
{{ toYaml .Values.gerritReplica.additionalPodLabels | indent 8 }}
{{- end }}
annotations:
chartRevision: "{{ .Release.Revision }}"
{{- if .Values.gerritReplica.additionalAnnotations }}
{{ toYaml .Values.gerritReplica.additionalAnnotations | indent 8 }}
{{- end }}
spec:
{{- with .Values.gerritReplica.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gerritReplica.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gerritReplica.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gerritReplica.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gerritReplica.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.gerritReplica.gracefulStopTimeout }}
securityContext:
fsGroup: 100
{{ if .Values.images.registry.ImagePullSecret.name -}}
imagePullSecrets:
- name: {{ .Values.images.registry.ImagePullSecret.name }}
{{- range .Values.images.additionalImagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
initContainers:
{{- if and .Values.nfsWorkaround.enabled .Values.nfsWorkaround.chownOnStartup }}
- name: nfs-init
image: {{ .Values.images.busybox.registry -}}/busybox:{{- .Values.images.busybox.tag }}
command:
- sh
- -c
args:
- |
chown 1000:100 /var/mnt/logs
chown 1000:100 /var/mnt/git
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: logs
subPathExpr: "gerrit-replica/$(POD_NAME)"
mountPath: "/var/mnt/logs"
- name: git-repositories
mountPath: "/var/mnt/git"
{{- if .Values.nfsWorkaround.idDomain }}
- name: nfs-config
mountPath: "/etc/idmapd.conf"
subPath: idmapd.conf
{{- end }}
{{- end }}
- name: gerrit-init
image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritInit }}:{{ .Values.images.version }}
imagePullPolicy: {{ .Values.images.imagePullPolicy }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: gerrit-site
mountPath: "/var/gerrit"
- name: git-repositories
mountPath: "/var/mnt/git"
- name: logs
subPathExpr: "gerrit-replica/$(POD_NAME)"
mountPath: "/var/mnt/logs"
- name: gerrit-init-config
mountPath: "/var/config/gerrit-init.yaml"
subPath: gerrit-init.yaml
{{- if and .Values.nfsWorkaround.enabled .Values.nfsWorkaround.idDomain }}
- name: nfs-config
mountPath: "/etc/idmapd.conf"
subPath: idmapd.conf
{{- end }}
{{- if and .Values.gerritReplica.pluginManagement.cache.enabled }}
- name: gerrit-plugin-cache
mountPath: "/var/mnt/plugins"
{{- end }}
- name: gerrit-config
mountPath: "/var/mnt/etc/config"
- name: gerrit-replica-secure-config
mountPath: "/var/mnt/etc/secret"
{{ if .Values.caCert -}}
- name: tls-ca
subPath: ca.crt
mountPath: "/var/config/ca.crt"
{{- end }}
{{- range .Values.gerritReplica.additionalConfigMaps }}
- name: {{ .name }}
mountPath: "/var/mnt/data/{{ .subDir }}"
{{- end }}
containers:
- name: gerrit-replica
image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritReplica }}:{{ .Values.images.version }}
imagePullPolicy: {{ .Values.images.imagePullPolicy }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
lifecycle:
preStop:
exec:
command:
- "/bin/ash"
- "-c"
- "kill -2 $(pidof java) && tail --pid=$(pidof java) -f /dev/null"
ports:
- name: http
containerPort: 8080
{{ if .Values.gerritReplica.service.ssh -}}
- name: ssh
containerPort: 29418
{{- end }}
volumeMounts:
- name: gerrit-site
mountPath: "/var/gerrit"
- name: git-repositories
mountPath: "/var/mnt/git"
- name: logs
subPathExpr: "gerrit-replica/$(POD_NAME)"
mountPath: "/var/mnt/logs"
{{- if and .Values.nfsWorkaround.enabled .Values.nfsWorkaround.idDomain }}
- name: nfs-config
mountPath: "/etc/idmapd.conf"
subPath: idmapd.conf
{{- end }}
- name: gerrit-config
mountPath: "/var/mnt/etc/config"
- name: gerrit-replica-secure-config
mountPath: "/var/mnt/etc/secret"
{{- range .Values.gerritReplica.additionalConfigMaps }}
- name: {{ .name }}
mountPath: "/var/mnt/data/{{ .subDir }}"
{{- end }}
livenessProbe:
httpGet:
path: /config/server/healthcheck~status
port: http
{{- if .Values.gerritReplica.probeScheme }}
scheme: {{ .Values.gerritReplica.probeScheme }}
{{- end }}
{{ toYaml .Values.gerritReplica.livenessProbe | indent 10 }}
readinessProbe:
httpGet:
path: /config/server/healthcheck~status
port: http
{{- if .Values.gerritReplica.probeScheme }}
scheme: {{ .Values.gerritReplica.probeScheme }}
{{- end }}
{{ toYaml .Values.gerritReplica.readinessProbe | indent 10 }}
startupProbe:
httpGet:
path: /config/server/healthcheck~status
port: http
{{- if .Values.gerritReplica.probeScheme }}
scheme: {{ .Values.gerritReplica.probeScheme }}
{{- end }}
{{ toYaml .Values.gerritReplica.startupProbe | indent 10 }}
resources:
{{ toYaml .Values.gerritReplica.resources | indent 10 }}
{{ if .Values.istio.enabled -}}
- name: istio-proxy
image: auto
lifecycle:
preStop:
exec:
command:
- "/bin/sh"
- "-c"
- "while [ $(netstat -plunt | grep tcp | grep -v envoy | wc -l | xargs) -ne 0 ]; do sleep 1; done"
{{- end }}
{{ if .Values.promtailSidecar.enabled -}}
- name: promtail
image: {{ .Values.promtailSidecar.image }}:v{{ .Values.promtailSidecar.version }}
imagePullPolicy: {{ .Values.images.imagePullPolicy }}
command:
- sh
- -ec
args:
- |-
/usr/bin/promtail \
-config.file=/etc/promtail/promtail.yaml \
-client.url={{ .Values.promtailSidecar.loki.url }}/loki/api/v1/push \
-client.external-labels=instance=$HOSTNAME
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
resources:
{{ toYaml .Values.promtailSidecar.resources | indent 10 }}
volumeMounts:
- name: promtail-config
mountPath: /etc/promtail/promtail.yaml
subPath: promtail.yaml
- name: promtail-secret
mountPath: /etc/promtail/promtail.secret
subPath: promtail.secret
{{- if not .Values.promtailSidecar.tls.skipVerify }}
- name: tls-ca
mountPath: /etc/promtail/promtail.ca.crt
subPath: ca.crt
{{- end }}
- name: logs
subPathExpr: "gerrit-replica/$(POD_NAME)"
mountPath: "/var/gerrit/logs"
{{- if and .Values.nfsWorkaround.enabled .Values.nfsWorkaround.idDomain }}
- name: nfs-config
mountPath: "/etc/idmapd.conf"
subPath: idmapd.conf
{{- end }}
{{- end }}
volumes:
{{ if not .Values.gerritReplica.persistence.enabled -}}
- name: gerrit-site
emptyDir: {}
{{- end }}
{{- if and .Values.gerritReplica.pluginManagement.cache.enabled }}
- name: gerrit-plugin-cache
persistentVolumeClaim:
claimName: {{ .Release.Name }}-plugin-cache-pvc
{{- end }}
- name: git-repositories
persistentVolumeClaim:
{{- if .Values.gitRepositoryStorage.externalPVC.use }}
claimName: {{ .Values.gitRepositoryStorage.externalPVC.name }}
{{- else }}
claimName: {{ .Release.Name }}-git-repositories-pvc
{{- end }}
- name: logs
{{ if .Values.logStorage.enabled -}}
persistentVolumeClaim:
{{- if .Values.logStorage.externalPVC.use }}
claimName: {{ .Values.logStorage.externalPVC.name }}
{{- else }}
claimName: {{ .Release.Name }}-log-pvc
{{- end }}
{{ else -}}
emptyDir: {}
{{- end }}
- name: gerrit-init-config
configMap:
name: {{ .Release.Name }}-gerrit-init-configmap
- name: gerrit-config
configMap:
name: {{ .Release.Name }}-gerrit-replica-configmap
- name: gerrit-replica-secure-config
secret:
secretName: {{ .Release.Name }}-gerrit-replica-secure-config
{{ if .Values.caCert -}}
- name: tls-ca
secret:
secretName: {{ .Release.Name }}-tls-ca
{{- end }}
{{- range .Values.gerritReplica.additionalConfigMaps }}
- name: {{ .name }}
configMap:
name: {{ if .data }}{{ $root.Release.Name }}-{{ .name }}{{ else }}{{ .name }}{{ end }}
{{- end }}
{{- if and .Values.nfsWorkaround.enabled .Values.nfsWorkaround.idDomain }}
- name: nfs-config
configMap:
name: {{ .Release.Name }}-nfs-configmap
{{- end }}
{{ if .Values.promtailSidecar.enabled -}}
- name: promtail-config
configMap:
name: {{ .Release.Name }}-promtail-gerrit-configmap
- name: promtail-secret
secret:
secretName: {{ .Release.Name }}-promtail-secret
{{- end }}
{{ if .Values.gerritReplica.persistence.enabled -}}
volumeClaimTemplates:
- metadata:
name: gerrit-site
labels:
app.kubernetes.io/component: gerrit-replica
app.kubernetes.io/instance: {{ .Release.Name }}
chart: {{ template "gerrit-replica.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | indent 8 }}
{{- end }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.gerritReplica.persistence.size }}
storageClassName: {{ .Values.storageClasses.default.name }}
{{- end }}