blob: 3f318f8ae0547a9794db4e1386a5f2cd8b0ea35d [file] [log] [blame]
images:
busybox:
registry: docker.io
tag: latest
# Registry used for container images created by this project
registry:
# The registry name must NOT contain a trailing slash
name:
ImagePullSecret:
# Leave blank, if no ImagePullSecret is needed.
name: image-pull-secret
# If set to false, the gerrit-replica chart expects either a ImagePullSecret
# with the name configured above to be present on the cluster or that no
# credentials are needed.
create: false
username:
password:
version: latest
imagePullPolicy: Always
# Additional ImagePullSecrets that already exist and should be used by the
# pods of this chart. E.g. to pull busybox from dockerhub.
additionalImagePullSecrets: []
# Additional labels that should be applied to all resources
additionalLabels: {}
storageClasses:
# Storage class used for storing logs and other pod-specific persisted data
default:
# If create is set to false, an existing StorageClass with the given
# name is expected to exist in the cluster. Setting create to true will
# create a storage class with the parameters given below.
name: default
create: false
provisioner: kubernetes.io/aws-ebs
reclaimPolicy: Delete
# Use the parameters key to set all parameters needed for the provisioner
parameters:
type: gp2
fsType: ext4
mountOptions: []
allowVolumeExpansion: false
# Storage class used for storing git repositories. Has to provide RWM access.
shared:
# If create is set to false, an existing StorageClass with RWM access
# mode and the given name has to be provided.
name: shared-storage
create: false
provisioner: nfs
reclaimPolicy: Delete
# Use the parameters key to set all parameters needed for the provisioner
parameters:
mountOptions: vers=4.1
mountOptions: []
allowVolumeExpansion: false
nfsWorkaround:
enabled: false
chownOnStartup: false
idDomain: localdomain.com
networkPolicies:
enabled: false
dnsPorts:
- 53
- 8053
gitRepositoryStorage:
externalPVC:
use: false
name: git-repositories-pvc
size: 5Gi
logStorage:
enabled: false
externalPVC:
use: false
name: gerrit-logs-pvc
size: 5Gi
cleanup:
enabled: false
additionalPodLabels: {}
schedule: "0 0 * * *"
retentionDays: 14
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 100m
memory: 256Mi
istio:
enabled: false
host:
tls:
enabled: false
secret:
# If using an external secret, make sure to name the keys `tls.crt`
# and `tls.key`, respectively.
create: true
# `name` will only be used, if `create` is set to false to bind an
# existing secret. Otherwise the name will be automatically generated to
# avoid conflicts between multiple chart installations.
name:
# `cert`and `key` will only be used, if the secret will be created by
# this chart.
cert: |-
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
key: |-
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
ssh:
enabled: false
caCert:
ingress:
enabled: false
host:
# The maximum body size to allow for requests. Use "0" to allow unlimited
# reuqest body sizes.
maxBodySize: 50m
additionalAnnotations:
kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/server-alias: example.com
# nginx.ingress.kubernetes.io/whitelist-source-range: xxx.xxx.xxx.xxx
tls:
enabled: false
secret:
# If using an external secret, make sure to name the keys `tls.crt`
# and `tls.key`, respectively.
create: true
# `name` will only be used, if `create` is set to false to bind an
# existing secret. Otherwise the name will be automatically generated to
# avoid conflicts between multiple chart installations.
name:
# `cert`and `key` will only be used, if the secret will be created by
# this chart.
cert: |-
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
key: |-
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
promtailSidecar:
enabled: false
image: grafana/promtail
version: 1.3.0
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 128Mi
tls:
skipVerify: true
loki:
url: loki.example.com
user: admin
password: secret
gitBackend:
image: k8sgerrit/apache-git-http-backend
additionalPodLabels: {}
tolerations: []
topologySpreadConstraints: {}
nodeSelector: {}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- git-backend
topologyKey: "topology.kubernetes.io/zone"
replicas: 1
maxSurge: 25%
# For just one replica, 100 % unavailability has to be allowed for updates to
# work.
maxUnavailable: 100%
# The general NetworkPolicy rules implemented by this chart may be too restrictive
# for some setups. Here custom rules may be added to whitelist some additional
# connections.
networkPolicy:
# This allows ingress traffic from all sources. If possible, this should be
# limited to the respective primary Gerrit that replicates to this replica.
ingress:
- {}
egress: []
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 100m
memory: 256Mi
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 5
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 1
service:
additionalAnnotations: {}
loadBalancerSourceRanges: []
type: NodePort
externalTrafficPolicy: Cluster
http:
port: 80
credentials:
# example: user: 'git'; password: 'secret'
# run `man htpasswd` to learn about how to create .htpasswd-files
htpasswd: git:$apr1$O/LbLKC7$Q60GWE7OcqSEMSfe/K8xU.
# TODO: Create htpasswd-file on container startup instead and set user
# and password in values.yaml.
#user:
#password:
gitGC:
image: k8sgerrit/git-gc
tolerations: []
nodeSelector: {}
affinity: {}
additionalPodLabels: {}
schedule: 0 6,18 * * *
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 100m
memory: 256Mi
gerritReplica:
images:
gerritInit: k8sgerrit/gerrit-init
gerritReplica: k8sgerrit/gerrit
tolerations: []
topologySpreadConstraints: {}
nodeSelector: {}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- gerrit-replica
topologyKey: "topology.kubernetes.io/zone"
replicas: 1
updatePartition: 0
additionalAnnotations: {}
additionalPodLabels: {}
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 5
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 10
startupProbe:
initialDelaySeconds: 10
periodSeconds: 30
gracefulStopTimeout: 90
# The memory limit has to be higher than the configures heap-size for Java!
resources:
requests:
cpu: 1
memory: 5Gi
limits:
cpu: 1
memory: 6Gi
persistence:
enabled: true
size: 5Gi
# The general NetworkPolicy rules implemented by this chart may be too restrictive
# for some setups, e.g. when trying to connect to an external database. Here
# custom rules may be added to whitelist some additional connections.
networkPolicy:
ingress: []
egress: []
service:
additionalAnnotations: {}
loadBalancerSourceRanges: []
type: NodePort
externalTrafficPolicy: Cluster
http:
port: 80
ssh:
enabled: false
port: 29418
# `gerritReplica.keystore` expects a base64-encoded Java-keystore
# Since Java keystores are binary files, adding the unencoded content and
# automatic encoding using helm does not work here.
keystore:
pluginManagement:
plugins: []
# A plugin packaged in the gerrit.war-file
# - name: download-commands
# A plugin packaged in the gerrit.war-file that will also be installed as a
# lib
# - name: replication
# installAsLibrary: true
# A plugin that will be downloaded on startup
# - name: delete-project
# url: https://example.com/gerrit-plugins/delete-project.jar
# sha1:
# installAsLibrary: false
# Only downloaded plugins will be cached. This will be ignored, if no plugins
# are downloaded.
libs: []
cache:
enabled: false
size: 1Gi
priorityClassName:
etc:
# Some values are expected to have a specific value for the deployment installed
# by this chart to work. These are marked with `# FIXED`.
# Do not change them!
config:
gerrit.config: |-
[gerrit]
basePath = git # FIXED
serverId = gerrit-replica-1
# The canonical web URL has to be set to the Ingress host, if an Ingress
# is used. If a LoadBalancer-service is used, this should be set to the
# LoadBalancer's external IP. This can only be done manually after installing
# the chart, when you know the external IP the LoadBalancer got from the
# cluster.
canonicalWebUrl = http://example.com/
disableReverseDnsLookup = true
[index]
type = LUCENE
[index "scheduledIndexer"]
runOnStartup = false
[auth]
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
[httpd]
# If using an ingress use proxy-http or proxy-https
listenUrl = proxy-http://*:8080/
requestLog = true
gracefulStopTimeout = 1m
[sshd]
listenAddress = *:29418
gracefulStopTimeout = 1m
[transfer]
timeout = 120 s
[user]
name = Gerrit Code Review
email = gerrit@example.com
anonymousCoward = Unnamed User
[cache]
directory = cache
[container]
user = gerrit # FIXED
replica = true # FIXED
javaHome = /usr/lib/jvm/java-11-openjdk # FIXED
javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
javaOptions = -Xms200m
# Has to be lower than 'gerritReplica.resources.limits.memory'. Also
# consider memories used by other applications in the container.
javaOptions = -Xmx4g
secret:
secure.config: |-
# Password for the keystore added as value for 'gerritReplica.keystore'
# Only needed, if SSL is enabled.
#[httpd]
# sslKeyPassword = gerrit
# ssh_host_ecdsa_key: |-
# -----BEGIN EC PRIVATE KEY-----
# -----END EC PRIVATE KEY-----
# ssh_host_ecdsa_key.pub: ecdsa-sha2-nistp256...
additionalConfigMaps:
# - name:
# subDir:
# data:
# file.txt: test