| images: |
| registry: |
| # The registry name must NOT contain a trailing slash |
| name: |
| ImagePullSecret: |
| # Leave blank, if no ImagePullSecret is needed. |
| name: image-pull-secret |
| # If set to false, the gerrit-slave chart expects either a ImagePullSecret |
| # with the name configured above to be present on the cluster or that no |
| # credentials are needed. |
| create: false |
| username: |
| password: |
| version: latest |
| imagePullPolicy: Always |
| |
| |
| storageClasses: |
| # Storage class used for storing logs and other pod-specific persisted data |
| default: |
| # If create is set to false, an existing StorageClass with the given |
| # name is expected to exist in the cluster. Setting create to true will |
| # create a storage class with the parameters given below. |
| name: default |
| create: false |
| provisioner: kubernetes.io/aws-ebs |
| reclaimPolicy: Delete |
| # Use the parameters key to set all parameters needed for the provisioner |
| parameters: |
| type: gp2 |
| fsType: ext4 |
| # Storage class used for storing git repositories. Has to provide RWM access. |
| shared: |
| # If create is set to false, an existing StorageClass with RWM access |
| # mode and the given name has to be provided. |
| name: shared-storage |
| create: false |
| provisioner: nfs |
| reclaimPolicy: Delete |
| # Use the parameters key to set all parameters needed for the provisioner |
| parameters: |
| mountOptions: vers=4.1 |
| |
| |
| gitRepositoryStorage: |
| size: 5Gi |
| |
| |
| database: |
| provider: mysql |
| |
| # Only applies to databases set up by this chart (currently available: MySQL) |
| replication: |
| enabled: false |
| image: k8sgerrit/mysql-replication-init |
| |
| # The following section is specific for replication of MySQL databases |
| mysql: |
| config: |
| masterHost: mysql.example.com |
| masterPort: 3306 |
| masterUser: repl |
| masterPassword: password |
| masterLogFile: mysql-bin.000001 |
| masterLogPos: 111 |
| dbDumpAcceptPath: /var/data/db/master_dump.sql |
| |
| |
| gitBackend: |
| image: k8sgerrit/apache-git-http-backend |
| |
| replicas: 1 |
| |
| resources: |
| requests: |
| cpu: 100m |
| memory: 256Mi |
| limits: |
| cpu: 100m |
| memory: 256Mi |
| |
| logging: |
| persistence: |
| enabled: true |
| size: 1Gi |
| |
| service: |
| type: LoadBalancer |
| # At least one endpoint (HTTP and/or HTTPS) has to be enabled in the service! |
| http: |
| enabled: true |
| port: 80 |
| https: |
| enabled: false |
| port: 443 |
| cert: |- |
| -----BEGIN CERTIFICATE----- |
| |
| -----END CERTIFICATE----- |
| key: |- |
| -----BEGIN RSA PRIVATE KEY----- |
| |
| -----END RSA PRIVATE KEY----- |
| |
| ingress: |
| enabled: false |
| host: |
| # Provide a second host name used as an alias. Leave empty, if no alias is |
| # desired. |
| alias: |
| tls: |
| enabled: false |
| cert: |- |
| -----BEGIN CERTIFICATE----- |
| |
| -----END CERTIFICATE----- |
| key: |- |
| -----BEGIN RSA PRIVATE KEY----- |
| |
| -----END RSA PRIVATE KEY----- |
| |
| credentials: |
| # example: user: 'git'; password: 'secret' |
| # run `man htpasswd` to learn about how to create .htpasswd-files |
| htpasswd: git:$apr1$O/LbLKC7$Q60GWE7OcqSEMSfe/K8xU. |
| # TODO: Create htpasswd-file on container startup instead and set user |
| # and password in values.yaml. |
| #user: |
| #password: |
| |
| |
| gitGC: |
| image: k8sgerrit/git-gc |
| |
| schedule: 0 6,18 * * * |
| |
| resources: |
| requests: |
| cpu: 100m |
| memory: 256Mi |
| limits: |
| cpu: 100m |
| memory: 256Mi |
| |
| logging: |
| persistence: |
| enabled: true |
| size: 1Gi |
| |
| |
| gerritSlave: |
| images: |
| gerritInit: k8sgerrit/gerrit-init |
| gerritSlave: k8sgerrit/gerrit-slave |
| |
| # If you only intend to test the Gerrit slave and do not wish to actually |
| # replicate repositories and the database, activate this option to initialize |
| # a new site. |
| # NOTE: The database must not run in read-only mode for this to work! |
| initializeTestSite: |
| enabled: true |
| |
| # The memory limit has to be higher than the configures heap-size for Java! |
| resources: |
| requests: |
| cpu: 1 |
| memory: 5Gi |
| limits: |
| cpu: 1 |
| memory: 6Gi |
| |
| logging: |
| persistence: |
| enabled: true |
| size: 1Gi |
| |
| h2Database: |
| persistence: |
| enabled: true |
| size: 1Gi |
| |
| service: |
| type: NodePort |
| http: |
| port: 80 |
| |
| ingress: |
| host: |
| # Provide a second host name used as an alias. Leave empty, if no alias is |
| # desired. |
| alias: |
| tls: |
| enabled: false |
| cert: |- |
| -----BEGIN CERTIFICATE----- |
| |
| -----END CERTIFICATE----- |
| key: |- |
| -----BEGIN RSA PRIVATE KEY----- |
| |
| -----END RSA PRIVATE KEY----- |
| |
| # `gerritSlave.keystore` expects a base64-encoded Java-keystore |
| # Since Java keystores are binary files, adding the unencoded content and |
| # automatic encoding using helm does not work here. |
| keystore: |
| |
| config: |
| # Some values are expected to have a specific value for the deployment installed |
| # by this chart to work. These are marked with `# FIXED`. Do not change them! |
| gerrit: |- |
| [gerrit] |
| basePath = git # FIXED |
| serverId = gerrit-slave-1 |
| # The canonical web URL has to be set to the Ingress host, if an Ingress |
| # is used. If a LoadBalancer-service is used, this should be set to the |
| # LoadBalancer's external IP. This can only be done manually after installing |
| # the chart, when you know the external IP the LoadBalancer got from the |
| # cluster. |
| canonicalWebUrl = http://example.com/ |
| disableReverseDnsLookup = true |
| [database] |
| type = mysql |
| # 'gerrit-slave-mysql' is the reference to the service that managaes |
| # the traffic to the mysql database, if the mysql-database is installed |
| # via the gerrit-slave chart |
| hostname = gerrit-slave-mysql |
| port = 3306 |
| database = reviewdb |
| # To switch of enforced SSL-encrypted communication uncomment: |
| # url = jdbc:mysql://gerrit-slave-mysql:3306/reviewdb?nullNamePatternMatchesAll=true&useSSL=false |
| [index] |
| type = LUCENE |
| [auth] |
| type = DEVELOPMENT_BECOME_ANY_ACCOUNT |
| [httpd] |
| # If using an ingress use proxy-http or proxy-https |
| listenUrl = proxy-http://*:8080/ |
| [sshd] |
| listenAddress = off |
| [transfer] |
| timeout = 120 s |
| [user] |
| name = Gerrit Code Review |
| email = gerrit@example.com |
| anonymousCoward = Unnamed User |
| [cache] |
| directory = cache |
| [container] |
| user = gerrit # FIXED |
| slave = true # FIXED |
| javaHome = /usr/lib/jvm/java-8-openjdk-amd64 # FIXED |
| javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED |
| javaOptions = -Xms200m |
| # Has to be lower than 'gerritSlave.resources.limits.memory'. Also |
| # consider memories used by other applications in the container. |
| javaOptions = -Xmx4g |
| |
| secure: |- |
| # Database credentials should be the same as configured for the database |
| # Gerrit-slave chart, if the database was installed using the chart. |
| [database] |
| username = gerrit |
| password = secret |
| |
| # Password for the keystore added as value for 'gerritSlave.keystore' |
| # Only needed, if SSL is enabled. |
| #[httpd] |
| # sslKeyPassword = gerrit |
| |
| |
| mysql: |
| # Enabling the installation of the MySQL database will only make sense, if |
| # `mysql` is chosen as a provider under `database.provider`. |
| enabled: true |
| |
| image: mysql |
| # The major.minor version of mysql should be the same as for the master database |
| imageTag: 5.5.61 |
| |
| mysqlRootPassword: big_secret |
| mysqlUser: gerrit |
| mysqlPassword: secret |
| |
| livenessProbe: |
| initialDelaySeconds: 30 |
| periodSeconds: 10 |
| timeoutSeconds: 5 |
| successThreshold: 1 |
| failureThreshold: 3 |
| |
| readinessProbe: |
| initialDelaySeconds: 5 |
| periodSeconds: 10 |
| timeoutSeconds: 1 |
| successThreshold: 1 |
| failureThreshold: 3 |
| |
| persistence: |
| enabled: true |
| storageClass: default |
| accessMode: ReadWriteOnce |
| size: 8Gi |
| |
| resources: |
| requests: |
| cpu: 250m |
| memory: 1Gi |
| limits: |
| cpu: 250m |
| memory: 1Gi |
| |
| configurationFiles: |
| mysql.cnf: |- |
| [mysqld] |
| |
| # The following options should not be changed |
| ############################################# |
| |
| log-bin=/var/lib/mysql/bin.log |
| log-bin-index=/var/lib/mysql/log-bin.index |
| log-error=/var/lib/mysql/error.log |
| |
| relay-log=/var/lib/mysql/relay.log |
| relay-log-info-file=/var/lib/mysql/relay-log.info |
| relay-log-index=/var/lib/mysql/relay-log.index |
| |
| log-error=/var/lib/mysql/error.log |
| log_slave_updates = 1 |
| |
| sql_mode="ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" |
| |
| # Adapt the following changes to your setup |
| ########################################### |
| |
| # Should usually set to '1', when running in production. When running the |
| # Gerrit slave in test mode, it has to be set to '0' to be able to initialize |
| # the reviewDB |
| read_only=0 |
| |
| # The mysql database should not be replicated to avoid to overwrite user data |
| # of the database |
| replicate-ignore-db=mysql |
| |
| # Adapt to the binlog format of the Gerrit master's database |
| binlog_format=row |
| |
| # Has to be different for each database in the replication setup. |
| server-id=42 |
| |
| # Add the following options to the config, if using SSL (`mysql.ssl.enabled: true`) |
| # But do not change the values. |
| # ssl-ca=/ssl/ca.pem |
| # ssl-cert=/ssl/server-cert.pem |
| # ssl-key=/ssl/server-key.pem |
| |
| initializationFiles: |
| # Do not change or remove this script. |
| initialize_reviewdb.sql: |- |
| CREATE DATABASE reviewdb DEFAULT CHARACTER SET 'utf8'; |
| GRANT ALL ON reviewdb.* TO 'gerrit'; |
| FLUSH PRIVILEGES; |
| |
| service: |
| type: NodePort |
| port: 3306 |
| |
| ssl: |
| # If enabled, add the required lines to the configuration as described in |
| # `mysql.configurationFiles.mysql.cnf` |
| enabled: false |
| secret: slave-ssl-certs |
| certificates: |
| - name: slave-ssl-certs |
| ca: |- |
| -----BEGIN CERTIFICATE----- |
| |
| -----END CERTIFICATE----- |
| cert: |- |
| -----BEGIN CERTIFICATE----- |
| |
| -----END CERTIFICATE----- |
| key: |- |
| -----BEGIN RSA PRIVATE KEY----- |
| |
| -----END RSA PRIVATE KEY----- |