| images: |
| busybox: |
| registry: docker.io |
| tag: latest |
| # Registry used for container images created by this project |
| registry: |
| # The registry name must NOT contain a trailing slash |
| name: |
| ImagePullSecret: |
| # Leave blank, if no ImagePullSecret is needed. |
| name: image-pull-secret |
| # If set to false, the gerrit-replica chart expects either a ImagePullSecret |
| # with the name configured above to be present on the cluster or that no |
| # credentials are needed. |
| create: false |
| username: |
| password: |
| version: latest |
| imagePullPolicy: Always |
| # Additional ImagePullSecrets that already exist and should be used by the |
| # pods of this chart. E.g. to pull busybox from dockerhub. |
| additionalImagePullSecrets: [] |
| |
| # Additional labels that should be applied to all resources |
| additionalLabels: {} |
| |
| storageClasses: |
| # Storage class used for storing logs and other pod-specific persisted data |
| default: |
| # If create is set to false, an existing StorageClass with the given |
| # name is expected to exist in the cluster. Setting create to true will |
| # create a storage class with the parameters given below. |
| name: default |
| create: false |
| provisioner: kubernetes.io/aws-ebs |
| reclaimPolicy: Delete |
| # Use the parameters key to set all parameters needed for the provisioner |
| parameters: |
| type: gp2 |
| fsType: ext4 |
| mountOptions: [] |
| allowVolumeExpansion: false |
| # Storage class used for storing git repositories. Has to provide RWM access. |
| shared: |
| # If create is set to false, an existing StorageClass with RWM access |
| # mode and the given name has to be provided. |
| name: shared-storage |
| create: false |
| provisioner: nfs |
| reclaimPolicy: Delete |
| # Use the parameters key to set all parameters needed for the provisioner |
| parameters: |
| mountOptions: vers=4.1 |
| mountOptions: [] |
| allowVolumeExpansion: false |
| |
| nfsWorkaround: |
| enabled: false |
| chownOnStartup: false |
| idDomain: localdomain.com |
| |
| |
| networkPolicies: |
| enabled: false |
| dnsPorts: |
| - 53 |
| - 8053 |
| |
| |
| gitRepositoryStorage: |
| externalPVC: |
| use: false |
| name: git-repositories-pvc |
| size: 5Gi |
| |
| |
| logStorage: |
| enabled: false |
| externalPVC: |
| use: false |
| name: gerrit-logs-pvc |
| size: 5Gi |
| cleanup: |
| enabled: false |
| additionalPodLabels: {} |
| schedule: "0 0 * * *" |
| retentionDays: 14 |
| resources: |
| requests: |
| cpu: 100m |
| memory: 256Mi |
| limits: |
| cpu: 100m |
| memory: 256Mi |
| |
| |
| istio: |
| enabled: false |
| host: |
| tls: |
| enabled: false |
| secret: |
| # If using an external secret, make sure to name the keys `tls.crt` |
| # and `tls.key`, respectively. |
| create: true |
| # `name` will only be used, if `create` is set to false to bind an |
| # existing secret. Otherwise the name will be automatically generated to |
| # avoid conflicts between multiple chart installations. |
| name: |
| # `cert`and `key` will only be used, if the secret will be created by |
| # this chart. |
| cert: |- |
| -----BEGIN CERTIFICATE----- |
| |
| -----END CERTIFICATE----- |
| key: |- |
| -----BEGIN RSA PRIVATE KEY----- |
| |
| -----END RSA PRIVATE KEY----- |
| ssh: |
| enabled: false |
| |
| caCert: |
| |
| ingress: |
| enabled: false |
| host: |
| # The maximum body size to allow for requests. Use "0" to allow unlimited |
| # reuqest body sizes. |
| maxBodySize: 50m |
| additionalAnnotations: |
| kubernetes.io/ingress.class: nginx |
| # nginx.ingress.kubernetes.io/server-alias: example.com |
| # nginx.ingress.kubernetes.io/whitelist-source-range: xxx.xxx.xxx.xxx |
| tls: |
| enabled: false |
| secret: |
| # If using an external secret, make sure to name the keys `tls.crt` |
| # and `tls.key`, respectively. |
| create: true |
| # `name` will only be used, if `create` is set to false to bind an |
| # existing secret. Otherwise the name will be automatically generated to |
| # avoid conflicts between multiple chart installations. |
| name: |
| # `cert`and `key` will only be used, if the secret will be created by |
| # this chart. |
| cert: |- |
| -----BEGIN CERTIFICATE----- |
| |
| -----END CERTIFICATE----- |
| key: |- |
| -----BEGIN RSA PRIVATE KEY----- |
| |
| -----END RSA PRIVATE KEY----- |
| |
| promtailSidecar: |
| enabled: false |
| image: grafana/promtail |
| version: 1.3.0 |
| resources: |
| requests: |
| cpu: 100m |
| memory: 128Mi |
| limits: |
| cpu: 200m |
| memory: 128Mi |
| tls: |
| skipVerify: true |
| loki: |
| url: loki.example.com |
| user: admin |
| password: secret |
| |
| |
| gitBackend: |
| image: k8sgerrit/apache-git-http-backend |
| |
| additionalPodLabels: {} |
| tolerations: [] |
| topologySpreadConstraints: {} |
| nodeSelector: {} |
| affinity: |
| podAntiAffinity: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| - weight: 100 |
| podAffinityTerm: |
| labelSelector: |
| matchExpressions: |
| - key: app |
| operator: In |
| values: |
| - git-backend |
| topologyKey: "topology.kubernetes.io/zone" |
| |
| replicas: 1 |
| maxSurge: 25% |
| # For just one replica, 100 % unavailability has to be allowed for updates to |
| # work. |
| maxUnavailable: 100% |
| |
| # The general NetworkPolicy rules implemented by this chart may be too restrictive |
| # for some setups. Here custom rules may be added to whitelist some additional |
| # connections. |
| networkPolicy: |
| # This allows ingress traffic from all sources. If possible, this should be |
| # limited to the respective primary Gerrit that replicates to this replica. |
| ingress: |
| - {} |
| egress: [] |
| |
| resources: |
| requests: |
| cpu: 100m |
| memory: 256Mi |
| limits: |
| cpu: 100m |
| memory: 256Mi |
| |
| livenessProbe: |
| initialDelaySeconds: 10 |
| periodSeconds: 5 |
| |
| readinessProbe: |
| initialDelaySeconds: 5 |
| periodSeconds: 1 |
| |
| service: |
| additionalAnnotations: {} |
| loadBalancerSourceRanges: [] |
| type: NodePort |
| externalTrafficPolicy: Cluster |
| http: |
| port: 80 |
| |
| credentials: |
| # example: user: 'git'; password: 'secret' |
| # run `man htpasswd` to learn about how to create .htpasswd-files |
| htpasswd: git:$apr1$O/LbLKC7$Q60GWE7OcqSEMSfe/K8xU. |
| # TODO: Create htpasswd-file on container startup instead and set user |
| # and password in values.yaml. |
| #user: |
| #password: |
| |
| |
| gitGC: |
| image: k8sgerrit/git-gc |
| |
| tolerations: [] |
| nodeSelector: {} |
| affinity: {} |
| additionalPodLabels: {} |
| |
| schedule: 0 6,18 * * * |
| |
| resources: |
| requests: |
| cpu: 100m |
| memory: 256Mi |
| limits: |
| cpu: 100m |
| memory: 256Mi |
| |
| gerritReplica: |
| images: |
| gerritInit: k8sgerrit/gerrit-init |
| gerritReplica: k8sgerrit/gerrit |
| |
| tolerations: [] |
| topologySpreadConstraints: {} |
| nodeSelector: {} |
| affinity: |
| podAntiAffinity: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| - weight: 100 |
| podAffinityTerm: |
| labelSelector: |
| matchExpressions: |
| - key: app |
| operator: In |
| values: |
| - gerrit-replica |
| topologyKey: "topology.kubernetes.io/zone" |
| |
| replicas: 1 |
| updatePartition: 0 |
| additionalAnnotations: {} |
| additionalPodLabels: {} |
| |
| livenessProbe: |
| initialDelaySeconds: 60 |
| periodSeconds: 5 |
| |
| readinessProbe: |
| initialDelaySeconds: 10 |
| periodSeconds: 10 |
| |
| startupProbe: |
| initialDelaySeconds: 10 |
| periodSeconds: 30 |
| |
| gracefulStopTimeout: 90 |
| |
| # The memory limit has to be higher than the configures heap-size for Java! |
| resources: |
| requests: |
| cpu: 1 |
| memory: 5Gi |
| limits: |
| cpu: 1 |
| memory: 6Gi |
| |
| persistence: |
| enabled: true |
| size: 5Gi |
| |
| # The general NetworkPolicy rules implemented by this chart may be too restrictive |
| # for some setups, e.g. when trying to connect to an external database. Here |
| # custom rules may be added to whitelist some additional connections. |
| networkPolicy: |
| ingress: [] |
| egress: [] |
| |
| service: |
| additionalAnnotations: {} |
| loadBalancerSourceRanges: [] |
| type: NodePort |
| externalTrafficPolicy: Cluster |
| http: |
| port: 80 |
| ssh: |
| enabled: false |
| port: 29418 |
| |
| # `gerritReplica.keystore` expects a base64-encoded Java-keystore |
| # Since Java keystores are binary files, adding the unencoded content and |
| # automatic encoding using helm does not work here. |
| keystore: |
| |
| pluginManagement: |
| plugins: [] |
| # A plugin packaged in the gerrit.war-file |
| # - name: download-commands |
| |
| # A plugin packaged in the gerrit.war-file that will also be installed as a |
| # lib |
| # - name: replication |
| # installAsLibrary: true |
| |
| # A plugin that will be downloaded on startup |
| # - name: delete-project |
| # url: https://example.com/gerrit-plugins/delete-project.jar |
| # sha1: |
| # installAsLibrary: false |
| |
| # Only downloaded plugins will be cached. This will be ignored, if no plugins |
| # are downloaded. |
| libs: [] |
| cache: |
| enabled: false |
| size: 1Gi |
| |
| priorityClassName: |
| |
| etc: |
| # Some values are expected to have a specific value for the deployment installed |
| # by this chart to work. These are marked with `# FIXED`. |
| # Do not change them! |
| config: |
| gerrit.config: |- |
| [gerrit] |
| basePath = git # FIXED |
| serverId = gerrit-replica-1 |
| # The canonical web URL has to be set to the Ingress host, if an Ingress |
| # is used. If a LoadBalancer-service is used, this should be set to the |
| # LoadBalancer's external IP. This can only be done manually after installing |
| # the chart, when you know the external IP the LoadBalancer got from the |
| # cluster. |
| canonicalWebUrl = http://example.com/ |
| disableReverseDnsLookup = true |
| [index] |
| type = LUCENE |
| [index "scheduledIndexer"] |
| runOnStartup = false |
| [auth] |
| type = DEVELOPMENT_BECOME_ANY_ACCOUNT |
| [httpd] |
| # If using an ingress use proxy-http or proxy-https |
| listenUrl = proxy-http://*:8080/ |
| requestLog = true |
| gracefulStopTimeout = 1m |
| [sshd] |
| listenAddress = *:29418 |
| gracefulStopTimeout = 1m |
| [transfer] |
| timeout = 120 s |
| [user] |
| name = Gerrit Code Review |
| email = gerrit@example.com |
| anonymousCoward = Unnamed User |
| [cache] |
| directory = cache |
| [container] |
| user = gerrit # FIXED |
| replica = true # FIXED |
| javaHome = /usr/lib/jvm/java-11-openjdk # FIXED |
| javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED |
| javaOptions = -Xms200m |
| # Has to be lower than 'gerritReplica.resources.limits.memory'. Also |
| # consider memories used by other applications in the container. |
| javaOptions = -Xmx4g |
| |
| secret: |
| secure.config: |- |
| # Password for the keystore added as value for 'gerritReplica.keystore' |
| # Only needed, if SSL is enabled. |
| #[httpd] |
| # sslKeyPassword = gerrit |
| |
| # ssh_host_ecdsa_key: |- |
| # -----BEGIN EC PRIVATE KEY----- |
| |
| # -----END EC PRIVATE KEY----- |
| |
| # ssh_host_ecdsa_key.pub: ecdsa-sha2-nistp256... |
| |
| additionalConfigMaps: |
| # - name: |
| # subDir: |
| # data: |
| # file.txt: test |