images:
  busybox:
    registry: docker.io
    tag: latest
  # Registry used for container images created by this project
  registry:
    # The registry name must NOT contain a trailing slash
    name:
    ImagePullSecret:
      # Leave blank, if no ImagePullSecret is needed.
      name: image-pull-secret
      # If set to false, the gerrit-replica chart expects either a ImagePullSecret
      # with the name configured above to be present on the cluster or that no
      # credentials are needed.
      create: false
      username:
      password:
  version: latest
  imagePullPolicy: Always
  # Additional ImagePullSecrets that already exist and should be used by the
  # pods of this chart. E.g. to pull busybox from dockerhub.
  additionalImagePullSecrets: []


storageClasses:
  # Storage class used for storing logs and other pod-specific persisted data
  default:
    # If create is set to false, an existing StorageClass with the given
    # name is expected to exist in the cluster. Setting create to true will
    # create a storage class with the parameters given below.
    name: default
    create: false
    provisioner: kubernetes.io/aws-ebs
    reclaimPolicy: Delete
    # Use the parameters key to set all parameters needed for the provisioner
    parameters:
      type: gp2
      fsType: ext4
  # Storage class used for storing git repositories. Has to provide RWM access.
  shared:
    # If create is set to false, an existing StorageClass with RWM access
    # mode and the given name has to be provided.
    name: shared-storage
    create: false
    provisioner: nfs
    reclaimPolicy: Delete
    # Use the parameters key to set all parameters needed for the provisioner
    parameters:
      mountOptions: vers=4.1

nfsWorkaround:
  enabled: false
  idDomain: localdomain.com


networkPolicies:
  enabled: false
  dnsPorts:
  - 53
  - 8053


gitRepositoryStorage:
  externalPVC:
    use: false
    name: git-repositories-pvc
  size: 5Gi


logStorage:
  enabled: false
  externalPVC:
    use: false
    name: gerrit-logs-pvc
  size: 5Gi
  cleanup:
    enabled: false
    schedule: "0 0 * * *"
    retentionDays: 14
    resources:
      requests:
        cpu: 100m
        memory: 256Mi
      limits:
        cpu: 100m
        memory: 256Mi


istio:
  enabled: false
  host:
  tls:
    enabled: false
    secret:
      # If using an external secret, make sure to name the keys `tls.crt`
      # and `tls.key`, respectively.
      create: true
      # `name` will only be used, if `create` is set to false to bind an
      # existing secret. Otherwise the name will be automatically generated to
      # avoid conflicts between multiple chart installations.
      name:
    # `cert`and `key` will only be used, if the secret will be created by
    # this chart.
    cert: |-
      -----BEGIN CERTIFICATE-----

      -----END CERTIFICATE-----
    key: |-
      -----BEGIN RSA PRIVATE KEY-----

      -----END RSA PRIVATE KEY-----
  ssh:
    enabled: false

caCert:

ingress:
  enabled: false
  host:
  # The maximum body size to allow for requests. Use "0" to allow unlimited
  # reuqest body sizes.
  maxBodySize: 50m
  additionalAnnotations:
    kubernetes.io/ingress.class: nginx
  #  nginx.ingress.kubernetes.io/server-alias: example.com
  #  nginx.ingress.kubernetes.io/whitelist-source-range: xxx.xxx.xxx.xxx
  tls:
    enabled: false
    secret:
      # If using an external secret, make sure to name the keys `tls.crt`
      # and `tls.key`, respectively.
      create: true
      # `name` will only be used, if `create` is set to false to bind an
      # existing secret. Otherwise the name will be automatically generated to
      # avoid conflicts between multiple chart installations.
      name:
    # `cert`and `key` will only be used, if the secret will be created by
    # this chart.
    cert: |-
      -----BEGIN CERTIFICATE-----

      -----END CERTIFICATE-----
    key: |-
      -----BEGIN RSA PRIVATE KEY-----

      -----END RSA PRIVATE KEY-----

promtailSidecar:
  enabled: false
  image: grafana/promtail
  version: 1.3.0
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits:
      cpu: 200m
      memory: 128Mi
  tls:
    skipVerify: true
  loki:
    url: loki.example.com
    user: admin
    password: secret


gitBackend:
  image: k8sgerrit/apache-git-http-backend

  tolerations: []
  topologySpreadConstraints: {}
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
            - key: app
              operator: In
              values:
              - git-backend
          topologyKey: "topology.kubernetes.io/zone"

  replicas: 1
  maxSurge: 25%
  # For just one replica, 100 % unavailability has to be allowed for updates to
  # work.
  maxUnavailable: 100%

  # The general NetworkPolicy rules implemented by this chart may be too restrictive
  # for some setups. Here custom rules may be added to whitelist some additional
  # connections.
  networkPolicy:
    # This allows ingress traffic from all sources. If possible, this should be
    # limited to the respective primary Gerrit that replicates to this replica.
    ingress:
    - {}
    egress: []

  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 100m
      memory: 256Mi

  livenessProbe:
    initialDelaySeconds: 10
    periodSeconds: 5

  readinessProbe:
    initialDelaySeconds: 5
    periodSeconds: 1

  service:
    type: NodePort
    http:
      port: 80

  credentials:
    # example: user: 'git'; password: 'secret'
    # run `man htpasswd` to learn about how to create .htpasswd-files
    htpasswd: git:$apr1$O/LbLKC7$Q60GWE7OcqSEMSfe/K8xU.
    # TODO: Create htpasswd-file on container startup instead and set user
    # and password in values.yaml.
    #user:
    #password:


gitGC:
  image: k8sgerrit/git-gc

  tolerations: []
  affinity: {}

  schedule: 0 6,18 * * *

  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 100m
      memory: 256Mi

gerritReplica:
  images:
    gerritInit: k8sgerrit/gerrit-init
    gerritReplica: k8sgerrit/gerrit-replica

  tolerations: []
  topologySpreadConstraints: {}
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
            - key: app
              operator: In
              values:
              - gerrit-replica
          topologyKey: "topology.kubernetes.io/zone"

  replicas: 1
  maxSurge: 25%
  # For just one replica, 100 % unavailability has to be allowed for updates to
  # work.
  maxUnavailable: 100%

  livenessProbe:
    initialDelaySeconds: 60
    periodSeconds: 5

  readinessProbe:
    initialDelaySeconds: 10
    periodSeconds: 10

  startupProbe:
    initialDelaySeconds: 10
    periodSeconds: 30

  gracefulStopTimeout: 90

  # The memory limit has to be higher than the configures heap-size for Java!
  resources:
    requests:
      cpu: 1
      memory: 5Gi
    limits:
      cpu: 1
      memory: 6Gi

  # The general NetworkPolicy rules implemented by this chart may be too restrictive
  # for some setups, e.g. when trying to connect to an external database. Here
  # custom rules may be added to whitelist some additional connections.
  networkPolicy:
    ingress: []
    egress: []

  service:
    type: NodePort
    http:
      port: 80
    ssh:
      enabled: false
      port: 29418

  # `gerritReplica.keystore` expects a base64-encoded Java-keystore
  # Since Java keystores are binary files, adding the unencoded content and
  # automatic encoding using helm does not work here.
  keystore:

  plugins:
    packaged:
    - singleusergroup
    downloaded:
    # - name: delete-project
    #   url: https://example.com/gerrit-plugins/delete-project.jar
    #   sha1:
    installAsLibrary: []
    # Only downloaded plugins will be cached. This will be ignored, if no plugins
    # are downloaded.
    cache:
      enabled: false
      size: 1Gi

  etc:
    # Some values are expected to have a specific value for the deployment installed
    # by this chart to work. These are marked with `# FIXED`.
    # Do not change them!
    config:
      gerrit.config: |-
        [gerrit]
          basePath = git # FIXED
          serverId = gerrit-replica-1
          # The canonical web URL has to be set to the Ingress host, if an Ingress
          # is used. If a LoadBalancer-service is used, this should be set to the
          # LoadBalancer's external IP. This can only be done manually after installing
          # the chart, when you know the external IP the LoadBalancer got from the
          # cluster.
          canonicalWebUrl = http://example.com/
          disableReverseDnsLookup = true
        [index]
          type = LUCENE
        [index "scheduledIndexer"]
          runOnStartup = false
        [auth]
          type = DEVELOPMENT_BECOME_ANY_ACCOUNT
        [httpd]
          # If using an ingress use proxy-http or proxy-https
          listenUrl = proxy-http://*:8080/
          requestLog = true
          gracefulStopTimeout = 1m
        [sshd]
          listenAddress = *:29418
          gracefulStopTimeout = 1m
        [transfer]
          timeout = 120 s
        [user]
          name = Gerrit Code Review
          email = gerrit@example.com
          anonymousCoward = Unnamed User
        [cache]
          directory = cache
        [container]
          user = gerrit # FIXED
          replica = true # FIXED
          javaHome = /usr/lib/jvm/java-11-openjdk # FIXED
          javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
          javaOptions = -Xms200m
          # Has to be lower than 'gerritReplica.resources.limits.memory'. Also
          # consider memories used by other applications in the container.
          javaOptions = -Xmx4g

    secret:
      secure.config: |-
        # Password for the keystore added as value for 'gerritReplica.keystore'
        # Only needed, if SSL is enabled.
        #[httpd]
        #  sslKeyPassword = gerrit

      # ssh_host_ecdsa_key: |-
      #   -----BEGIN EC PRIVATE KEY-----

      #   -----END EC PRIVATE KEY-----

      # ssh_host_ecdsa_key.pub: ecdsa-sha2-nistp256...

  additionalConfigMaps:
    # - name:
    #   subDir:
    #   data:
    #     file.txt: test