Gerrit Operator - API Reference
General Remarks
Inheritance
Some objects inherit the fields of other objects. In this case the section will contain an Extends: label to link to the parent object, but it will not repeat inherited fields.
GerritCluster
Group: gerritoperator.google.com
Version: v1beta9
Kind: GerritCluster
| Field | Type | Description |
|---|
apiVersion | String | APIVersion of this resource |
kind | String | Kind of this resource |
metadata | ObjectMeta | Metadata of the resource |
spec | GerritClusterSpec | Specification for GerritCluster |
status | GerritClusterStatus | Status for GerritCluster |
Example:
apiVersion: "gerritoperator.google.com/v1beta9"
kind: GerritCluster
metadata:
name: gerrit
spec:
containerImages:
imagePullSecrets: []
imagePullPolicy: Always
gerritImages:
registry: docker.io
org: k8sgerrit
tag: latest
busyBox:
registry: docker.io
tag: latest
storage:
storageClasses:
readWriteOnce: default
readWriteMany: shared-storage
nfsWorkaround:
enabled: false
chownOnStartup: false
idmapdConfig: |-
[General]
Verbosity = 0
Domain = localdomain.com
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
sharedStorage:
externalPVC:
enabled: false
claimName: ""
size: 1Gi
volumeName: ""
selector:
matchLabels:
volume-type: ssd
aws-availability-zone: us-east-1
pluginCache:
enabled: false
ingress:
enabled: true
host: example.com
annotations: {}
tls:
enabled: false
secret: ""
ambassador:
id: []
createHost: false
istio:
gatewaySelector:
istio: ingressgateway
refdb:
database: NONE
spanner:
projectName: ""
instance: ""
database: ""
zookeeper:
connectString: ""
rootNode: ""
fluentBitSidecar:
enabled: true
image: fluent/fluent-bit:latest
config: |-
[OUTPUT]
Name stdout
Match *
[FILTER]
Name modify
Match *
Add k8s.pod.name ${POD_NAME}
serverId: ""
gerrits:
- metadata:
name: gerrit
labels:
app: gerrit
spec:
serviceAccount: gerrit
tolerations:
- key: key1
operator: Equal
value: value1
effect: NoSchedule
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: In
values:
- ssd
topologySpreadConstraints: []
- maxSkew: 1
topologyKey: zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
foo: bar
priorityClassName: ""
replicas: 1
updatePartition: 0
resources:
requests:
cpu: 1
memory: 5Gi
limits:
cpu: 1
memory: 6Gi
startupProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
livenessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
gracefulStopTimeout: 30
service:
type: NodePort
httpPort: 80
sshPort: 29418
mode: REPLICA
debug:
enabled: false
suspend: false
site:
size: 1Gi
plugins:
# Installs a packaged plugin
- name: delete-project
# Plugin with data files
- name: hooks
data:
secretRef: hooks
executable: false
# Downloads and installs a plugin
- name: javamelody
url: https://gerrit-ci.gerritforge.com/view/Plugins-stable-3.6/job/plugin-javamelody-bazel-master-stable-3.6/lastSuccessfulBuild/artifact/bazel-bin/plugins/javamelody/javamelody.jar
sha1: 40ffcd00263171e373a24eb6a311791b2924707c
# If the `installAsLibrary` option is set to `true` the plugin's jar-file will
# be symlinked to the lib directory and thus installed as a library as well.
- name: saml
url: https://gerrit-ci.gerritforge.com/view/Plugins-stable-3.6/job/plugin-saml-bazel-master-stable-3.6/lastSuccessfulBuild/artifact/bazel-bin/plugins/saml/saml.jar
sha1: 6dfe8292d46b179638586e6acf671206f4e0a88b
installAsLibrary: true
libs:
- name: global-refdb
url: https://example.com/global-refdb.jar
sha1: 3d533a536b0d4e0184f824478c24bc8dfe896d06
configFiles:
gerrit.config: |-
[gerrit]
serverId = gerrit-1
disableReverseDnsLookup = true
[index]
type = LUCENE
[auth]
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
[httpd]
requestLog = true
gracefulStopTimeout = 1m
[transfer]
timeout = 120 s
[user]
name = Gerrit Code Review
email = gerrit@example.com
anonymousCoward = Unnamed User
[container]
javaOptions = -Xms200m
javaOptions = -Xmx4g
envVars:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/gerrit/etc/gcp-credentials.json
secretRef: gerrit-secure-config
receiver:
metadata:
name: receiver
labels:
app: receiver
spec:
tolerations:
- key: key1
operator: Equal
value: value2
effect: NoSchedule
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: In
values:
- ssd
topologySpreadConstraints: []
- maxSkew: 1
topologyKey: zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
foo: bar
priorityClassName: ""
replicas: 2
maxSurge: 1
maxUnavailable: 1
resources:
requests:
cpu: 1
memory: 5Gi
limits:
cpu: 1
memory: 6Gi
readinessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
livenessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
service:
type: NodePort
httpPort: 80
credentialSecretRef: receiver-credentials
scheduledTasks:
incomingReplication:
- metadata:
name: github
spec:
schedule: "0 * * * *"
config:
remotes:
- name: github
url: https://github.com
fetch:
- remoteRepo: fabric8io/kubernetes-client
- remoteRepo: operator-framework/java-operator-sdk
localRepo: josdk
refSpec: "+refs/heads/master:refs/heads/github/master"
secretRef: github-repl-secret
Gerrit
Group: gerritoperator.google.com
Version: v1beta9
Kind: Gerrit
| Field | Type | Description |
|---|
apiVersion | String | APIVersion of this resource |
kind | String | Kind of this resource |
metadata | ObjectMeta | Metadata of the resource |
spec | GerritSpec | Specification for Gerrit |
status | GerritStatus | Status for Gerrit |
Example:
apiVersion: "gerritoperator.google.com/v1beta9"
kind: Gerrit
metadata:
name: gerrit
spec:
serviceAccount: gerrit
tolerations:
- key: key1
operator: Equal
value: value1
effect: NoSchedule
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: In
values:
- ssd
topologySpreadConstraints:
- maxSkew: 1
topologyKey: zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
foo: bar
priorityClassName: ""
replicas: 1
updatePartition: 0
resources:
requests:
cpu: 1
memory: 5Gi
limits:
cpu: 1
memory: 6Gi
startupProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
livenessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
gracefulStopTimeout: 30
service:
type: NodePort
httpPort: 80
sshPort: 29418
mode: PRIMARY
debug:
enabled: false
suspend: false
site:
size: 1Gi
plugins:
# Installs a plugin packaged into the gerrit.war file
- name: delete-project
# Plugin with data files
- name: hooks
data:
secretRef: hooks
executable: false
# Downloads and installs a plugin
- name: javamelody
url: https://gerrit-ci.gerritforge.com/view/Plugins-stable-3.6/job/plugin-javamelody-bazel-master-stable-3.6/lastSuccessfulBuild/artifact/bazel-bin/plugins/javamelody/javamelody.jar
sha1: 40ffcd00263171e373a24eb6a311791b2924707c
# If the `installAsLibrary` option is set to `true` the plugin jar-file will
# be symlinked to the lib directory and thus installed as a library as well.
- name: saml
url: https://gerrit-ci.gerritforge.com/view/Plugins-stable-3.6/job/plugin-saml-bazel-master-stable-3.6/lastSuccessfulBuild/artifact/bazel-bin/plugins/saml/saml.jar
sha1: 6dfe8292d46b179638586e6acf671206f4e0a88b
installAsLibrary: true
data:
secretRef: sp-metadata.xml
libs:
- name: global-refdb
url: https://example.com/global-refdb.jar
sha1: 3d533a536b0d4e0184f824478c24bc8dfe896d06
configFiles:
gerrit.config: |-
[gerrit]
serverId = gerrit-1
disableReverseDnsLookup = true
[index]
type = LUCENE
[auth]
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
[httpd]
requestLog = true
gracefulStopTimeout = 1m
[transfer]
timeout = 120 s
[user]
name = Gerrit Code Review
email = gerrit@example.com
anonymousCoward = Unnamed User
[container]
javaOptions = -Xms200m
javaOptions = -Xmx4g
envVars:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/gerrit/etc/gcp-credentials.json
secretRef: gerrit-secure-config
serverId: ""
containerImages:
imagePullSecrets: []
imagePullPolicy: Always
gerritImages:
registry: docker.io
org: k8sgerrit
tag: latest
busyBox:
registry: docker.io
tag: latest
storage:
storageClasses:
readWriteOnce: default
readWriteMany: shared-storage
nfsWorkaround:
enabled: false
chownOnStartup: false
idmapdConfig: |-
[General]
Verbosity = 0
Domain = localdomain.com
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
sharedStorage:
externalPVC:
enabled: false
claimName: ""
size: 1Gi
volumeName: ""
selector:
matchLabels:
volume-type: ssd
aws-availability-zone: us-east-1
pluginCache:
enabled: false
ingress:
host: example.com
tlsEnabled: false
refdb:
database: NONE
spanner:
projectName: ""
instance: ""
database: ""
zookeeper:
connectString: ""
rootNode: ""
Receiver
Group: gerritoperator.google.com
Version: v1beta9
Kind: Receiver
| Field | Type | Description |
|---|
apiVersion | String | APIVersion of this resource |
kind | String | Kind of this resource |
metadata | ObjectMeta | Metadata of the resource |
spec | ReceiverSpec | Specification for Receiver |
status | ReceiverStatus | Status for Receiver |
Example:
apiVersion: "gerritoperator.google.com/v1beta9"
kind: Receiver
metadata:
name: receiver
spec:
tolerations:
- key: key1
operator: Equal
value: value1
effect: NoSchedule
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: In
values:
- ssd
topologySpreadConstraints:
- maxSkew: 1
topologyKey: zone
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
foo: bar
priorityClassName: ""
replicas: 1
maxSurge: 1
maxUnavailable: 1
resources:
requests:
cpu: 1
memory: 5Gi
limits:
cpu: 1
memory: 6Gi
readinessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
livenessProbe:
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
service:
type: NodePort
httpPort: 80
credentialSecretRef: apache-credentials
containerImages:
imagePullSecrets: []
imagePullPolicy: Always
gerritImages:
registry: docker.io
org: k8sgerrit
tag: latest
busyBox:
registry: docker.io
tag: latest
storage:
storageClasses:
readWriteOnce: default
readWriteMany: shared-storage
nfsWorkaround:
enabled: false
chownOnStartup: false
idmapdConfig: |-
[General]
Verbosity = 0
Domain = localdomain.com
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
sharedStorage:
externalPVC:
enabled: false
claimName: ""
size: 1Gi
volumeName: ""
selector:
matchLabels:
volume-type: ssd
aws-availability-zone: us-east-1
ingress:
host: example.com
tlsEnabled: false
GitGarbageCollection
Group: gerritoperator.google.com
Version: v1beta9
Kind: GitGarbageCollection
Example:
apiVersion: "gerritoperator.google.com/v1beta9"
kind: GitGarbageCollection
metadata:
name: gitgc
spec:
cluster: gerrit
schedule: "*/5 * * * *"
projects: []
disableBitmapIndex: false
disablePackRefs: false
preservePacks: false
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 100m
memory: 256Mi
tolerations:
- key: key1
operator: Equal
value: value1
effect: NoSchedule
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: In
values:
- ssd
GerritNetwork
Group: gerritoperator.google.com
Version: v1beta9
Kind: GerritNetwork
| Field | Type | Description |
|---|
apiVersion | String | APIVersion of this resource |
kind | String | Kind of this resource |
metadata | ObjectMeta | Metadata of the resource |
spec | GerritNetworkSpec | Specification for GerritNetwork |
Example:
apiVersion: "gerritoperator.google.com/v1beta9"
kind: GerritNetwork
metadata:
name: gerrit-network
spec:
ingress:
enabled: true
host: example.com
annotations: {}
tls:
enabled: false
secret: ""
istio:
gatewaySelector:
istio: ingressgateway
receiver:
name: receiver
httpPort: 80
primaryGerrit: {}
# name: gerrit-primary
# httpPort: 80
# httpPort: 29418
gerritReplica:
name: gerrit
httpPort: 80
httpPort: 29418
IncomingReplicationTask
Group: gerritoperator.google.com
Version: v1beta9
Kind: IncomingReplicationTask
| Field | Type | Description |
|---|
apiVersion | String | APIVersion of this resource |
kind | String | Kind of this resource |
metadata | ObjectMeta | Metadata of the resource |
spec | IncomingReplicationTaskSpec | Specification for IncomingReplicationTask |
Example:
apiVersion: "gerritoperator.google.com/v1beta9"
kind: IncomingReplicationTask
metadata:
name: incoming-repl-task
spec:
config:
remotes:
- fetch:
- remoteRepo: fabric8io/kubernetes-client
name: github
timeout: 5m
url: https://github.com
schedule: '*/5 * * * *'
secretRef: incoming-repl-test
containerImages:
imagePullSecrets: []
imagePullPolicy: Always
gerritImages:
registry: docker.io
org: k8sgerrit
tag: latest
busyBox:
registry: docker.io
tag: latest
storage:
storageClasses:
readWriteOnce: default
readWriteMany: shared-storage
nfsWorkaround:
enabled: false
chownOnStartup: false
idmapdConfig: |-
[General]
Verbosity = 0
Domain = localdomain.com
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
sharedStorage:
externalPVC:
enabled: false
claimName: ""
size: 1Gi
volumeName: ""
selector:
matchLabels:
volume-type: ssd
aws-availability-zone: us-east-1
GerritClusterSpec
| Field | Type | Description |
|---|
storage | GerritStorageConfig | Storage used by Gerrit instances |
containerImages | ContainerImageConfig | Container images used inside GerritCluster |
ingress | GerritClusterIngressConfig | Ingress traffic handling in GerritCluster |
refdb | GlobalRefDbConfig | The Global RefDB used by Gerrit |
fluentBitSidecar | FluentBitSidecarConfig | The Fluent Bit sidecar for application logging |
serverId | String | The serverId to be used for all Gerrit instances (default: <namespace>/<name>) |
gerrits | GerritTemplate-Array | A list of Gerrit instances to be installed in the GerritCluster. Only a single primary Gerrit and a single Gerrit Replica is permitted. |
receiver | ReceiverTemplate | A Receiver instance to be installed in the GerritCluster. |
scheduledTasks | ScheduledTasks | Scheduled tasks to install into the GerritCluster |
GerritClusterStatus
| Field | Type | Description |
|---|
members | Map<String, List<String>> | A map listing all Gerrit and Receiver instances managed by the GerritCluster by name |
StorageConfig
| Field | Type | Description |
|---|
storageClasses | StorageClassConfig | StorageClasses used in the GerritCluster |
sharedStorage | SharedStorage | Volume used for resources shared between Gerrit instances except git repositories |
GerritStorageConfig
Extends StorageConfig.
| Field | Type | Description |
|---|
pluginCache | PluginCacheConfig | Configuration of cache for downloaded plugins |
StorageClassConfig
| Field | Type | Description |
|---|
readWriteOnce | String | Name of a StorageClass allowing ReadWriteOnce access. (default: default) |
readWriteMany | String | Name of a StorageClass allowing ReadWriteMany access. (default: shared-storage) |
nfsWorkaround | NfsWorkaroundConfig | NFS is not well supported by Kubernetes. These options provide a workaround to ensure correct file ownership and id mapping |
NfsWorkaroundConfig
| Field | Type | Description |
|---|
enabled | boolean | If enabled, below options might be used. (default: false) |
chownOnStartup | boolean | If enabled, the ownership of the mounted NFS volumes will be set on pod startup. Note that this is not done recursively. It is expected that all data already present in the volume was created by the user used in accessing containers. (default: false) |
idmapdConfig | String | The idmapd.config file can be used to e.g. configure the ID domain. This might be necessary for some NFS servers to ensure correct mapping of user and group IDs. (optional) |
SharedStorage
| Field | Type | Description |
|---|
externalPVC | ExternalPVCConfig | Configuration regarding the use of an external / manually created PVC |
size | Quantity | Size of the volume (mandatory) |
volumeName | String | Name of a specific persistent volume to claim (optional) |
selector | LabelSelector | Selector to select a specific persistent volume (optional) |
PluginCacheConfig
| Field | Type | Description |
|---|
enabled | boolean | If enabled, downloaded plugins will be cached. (default: false) |
ExternalPVCConfig
| Field | Type | Description |
|---|
enabled | boolean | If enabled, a provided PVC will be used instead of creating one. (default: false) |
claimName | String | Name of the PVC to be used. |
ContainerImageConfig
| Field | Type | Description |
|---|
imagePullPolicy | String | Image pull policy (https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to be used in all containers. (default: Always) |
imagePullSecrets | LocalObjectReference-Array | List of names representing imagePullSecrets available in the cluster. These secrets will be added to all pods. (optional) |
busyBox | BusyBoxImage | The busybox container is used for some init containers |
gerritImages | GerritRepositoryConfig | The container images in this project are tagged with the output of git describe. All container images are published for each version, even when the image itself was not updated. This ensures that all containers work well together. Here, the data on how to get those images can be configured. |
BusyBoxImage
| Field | Type | Description |
|---|
registry | String | The registry from which to pull the “busybox” image. (default: docker.io) |
tag | String | The tag/version of the “busybox” image. (default: latest) |
GerritRepositoryConfig
| Field | Type | Description |
|---|
registry | String | The registry from which to pull the images. (default: docker.io) |
org | String | The organization in the registry containing the images. (default: k8sgerrit) |
tag | String | The tag/version of the images. (default: latest) |
GerritClusterIngressConfig
| Field | Type | Description |
|---|
enabled | boolean | Whether to configure an ingress provider to manage the ingress traffic in the GerritCluster (default: false) |
host | string | Hostname to be used by the ingress. For each Gerrit deployment a new subdomain using the name of the respective Gerrit CustomResource will be used. |
annotations | Map<String, String> | Annotations to be set for the ingress. This allows to configure the ingress further by e.g. setting the ingress class. This will be only used for type INGRESS and ignored otherwise. (optional) |
tls | GerritIngressTlsConfig | Configuration of TLS to be used in the ingress |
ambassador | GerritIngressAmbassadorConfig | Ambassador configuration. Only relevant when the INGRESS environment variable is set to “ambassador” in the operator |
istio | GerritIstioConfig | Istio configuration. Only relevant when the INGRESS environment variable is set to “istio” in the operator |
GerritIngressTlsConfig
| Field | Type | Description |
|---|
enabled | boolean | Whether to use TLS (default: false) |
secret | String | Name of the secret containing the TLS key pair. The certificate should be a wildcard certificate allowing for all subdomains under the given host. |
GerritIngressAmbassadorConfig
| Field | Type | Description |
|---|
id | List<String> | The operator uses the ids specified in ambassadorId to set the ambassador_id spec field in the Ambassador CustomResources it creates (Mapping, TLSContext). (optional) |
createHost | boolean | Specify whether you want the operator to create a Host resource. This will be required if you don't have a wildcard host set up in your cluster. Default is false. (optional) |
GerritIstioConfig
| Field | Type | Description |
|---|
gatewaySelector | Map<String, String> | Labels used to select the Istio Ingressgateway Deployment to use (default: istio: ingressgateway) |
GlobalRefDbConfig
Note, that the operator will not deploy or operate the database used for the global refdb. It will only configure Gerrit to use it.
| Field | Type | Description |
|---|
database | RefDatabase | Which database to use for the global refdb. Choices: NONE, SPANNER, ZOOKEEPER. (default: NONE) |
spanner | SpannerRefDbConfig | Configuration of spanner. Only used if spanner was configured to be used for the global refdb. |
zookeeper | ZookeeperRefDbConfig | Configuration of zookeeper. Only used, if zookeeper was configured to be used for the global refdb. |
RefDatabase
| Value | Description |
|---|
NONE | No global refdb will be used. Not allowed, if a primary Gerrit with 2 or more instances will be installed. |
SPANNER | Spanner will be used as a global refdb |
ZOOKEEPER | Zookeeper will be used as a global refdb |
SpannerRefDbConfig
Note that the spanner ref-db plugin requires google credentials to be mounted to /var/gerrit/etc/gcp-credentials.json. Instructions for generating those credentials can be found here and may be provided in the optional secretRef in GerritTemplateSpec.
| Field | Type | Description |
|---|
projectName | String | Spanner project name to be used |
instance | String | Spanner instance name to be used |
database | String | Spanner database name to be used |
ZookeeperRefDbConfig
| Field | Type | Description |
|---|
connectString | String | Hostname and port of the zookeeper instance to be used, e.g. zookeeper.example.com:2181 |
rootNode | String | Root node that will be used to store the global refdb data. Will be set automatically, if GerritCluster is being used. |
FluentBitSidecarConfig
Fluent Bit is installed as a sidecar container to each Gerrit pod, which allows application logs to be collected.
The default configuration is to label logs with the file name, pod name, and then output to stdout. Any custom configuration will override the output to stdout and pod name label. The input and file name label is always configured by the operator.
| Field | Type | Description |
|---|
enabled | boolean | Whether or not to create the sidecar (default: false) |
image | String | Fluent Bit image from docker (default: fluent/fluent-bit:latest) |
config | String | Additional config for fluent bit. Available options |
GerritTemplate
| Field | Type | Description |
|---|
metadata | ObjectMeta | Metadata of the resource. A name is mandatory. Labels can optionally be defined. Other fields like the namespace are ignored. |
spec | GerritTemplateSpec | Specification for GerritTemplate |
GerritTemplateSpec
| Field | Type | Description |
|---|
serviceAccount | String | ServiceAccount to be used by Gerrit. Required for service discovery when using the high-availability plugin |
tolerations | Toleration-Array | Pod tolerations (optional) |
affinity | Affinity | Pod affinity (optional) |
topologySpreadConstraints | TopologySpreadConstraint-Array | Pod topology spread constraints (optional) |
priorityClassName | String | PriorityClass to be used with the pod (optional) |
replicas | int | Number of pods running Gerrit in the StatefulSet (default: 1) |
updatePartition | int | Ordinal at which to start updating pods. Pods with a lower ordinal will not be updated. (default: 0) |
resources | ResourceRequirements | Resource requirements for the Gerrit container |
startupProbe | GerritProbe | Startup probe. The action will be set by the operator. All other probe parameters can be set. |
readinessProbe | GerritProbe | Readiness probe. The action will be set by the operator. All other probe parameters can be set. |
livenessProbe | GerritProbe | Liveness probe. The action will be set by the operator. All other probe parameters can be set. |
gracefulStopTimeout | long | Seconds the pod is allowed to shutdown until it is forcefully killed (default: 30) |
service | GerritServiceConfig | Configuration for the service used to manage network access to the StatefulSet |
site | GerritSite | Configuration concerning the Gerrit site directory |
plugins | GerritPlugin-Array | List of Gerrit plugins to install. These plugins can either be packaged in the Gerrit war-file or they will be downloaded. (optional) |
libs | GerritModule-Array | List of Gerrit library modules to install. These lib modules will be downloaded. (optional) |
configFiles | Map<String, String> | Configuration files for Gerrit that will be mounted into the Gerrit site's etc-directory (gerrit.config is mandatory) |
envVars | List<EnvVar> | Environment variables that will be set in the pod. (optional) |
secretRef | String | Name of secret containing configuration files, e.g. secure.config, that will be mounted into the Gerrit site's etc-directory (optional) |
mode | GerritMode | In which mode Gerrit should be run. (default: PRIMARY) |
debug | GerritDebugConfig | Enable the debug-mode for Gerrit |
GerritProbe
Extends: Probe
The fields exec, grpc, httpGet and tcpSocket cannot be set manually anymore compared to the parent object. All other options can still be configured.
GerritServiceConfig
| Field | Type | Description |
|---|
type | String | Service type (default: NodePort) |
httpPort | int | Port used for HTTP requests (default: 80) |
sshPort | Integer | Port used for SSH requests (optional; if unset, SSH access is disabled). If Istio is used, the Gateway will be automatically configured to accept SSH requests. If an Ingress controller is used, SSH requests will only be served by the Service itself! |
GerritSite
| Field | Type | Description |
|---|
size | Quantity | Size of the volume used to persist not otherwise persisted site components (e.g. git repositories are persisted in a dedicated volume) (mandatory) |
GerritModule
| Field | Type | Description |
|---|
name | String | Name of the module/plugin |
url | String | URL of the module/plugin, if it should be downloaded. If the URL is not set, the plugin is expected to be packaged in the war-file (not possible for lib-modules). (optional) |
sha1 | String | SHA1-checksum of the module/plugin JAR-file. (mandatory, if url is set) |
data | GerritModuleData | Plugin data mounted under the gerrit site's data/$name directory |
GerritModuleData
| Field | Type | Description |
|---|
secretRef | String | Name of a secretRef. The secret will be mounted under the gerrit site's data/$module_name directory |
executable | boolean | Whether the mounted data files should have executable permissions (file mode 754 instead of 644). (default: false) |
GerritPlugin
Extends: GerritModule
| Field | Type | Description |
|---|
installAsLibrary | boolean | Some plugins also need to be installed as a library. If set to true the plugin JAR will be symlinked to the lib-directory in the Gerrit site. (default: false) |
GerritMode
| Value | Description |
|---|
PRIMARY | A primary Gerrit |
REPLICA | A Gerrit Replica, which only serves git fetch/clone requests |
GerritDebugConfig
These options allow to debug Gerrit. It will enable debugging in all pods and expose the port 8000 in the container. Port-forwarding is required to connect the debugger. Note, that all pods will be restarted to enable the debugger. Also, if suspend is enabled, ensure that the lifecycle probes are configured accordingly to prevent pod restarts before Gerrit is ready.
| Field | Type | Description |
|---|
enabled | boolean | Whether to enable debugging. (default: false) |
suspend | boolean | Whether to suspend Gerrit on startup. (default: false) |
GerritSpec
Extends: GerritTemplateSpec
GerritStatus
| Field | Type | Description |
|---|
ready | boolean | Whether the Gerrit instance is ready |
appliedConfigMapVersions | Map<String, String> | Versions of each ConfigMap currently mounted into Gerrit pods |
appliedSecretVersions | Map<String, String> | Versions of each secret currently mounted into Gerrit pods |
IngressConfig
| Field | Type | Description |
|---|
host | string | Hostname that is being used by the ingress provider for this Gerrit instance. |
tlsEnabled | boolean | Whether the ingress provider enables TLS. (default: false) |
ReceiverTemplate
| Field | Type | Description |
|---|
metadata | ObjectMeta | Metadata of the resource. A name is mandatory. Labels can optionally be defined. Other fields like the namespace are ignored. |
spec | ReceiverTemplateSpec | Specification for ReceiverTemplate |
ReceiverTemplateSpec
| Field | Type | Description |
|---|
tolerations | Toleration-Array | Pod tolerations (optional) |
affinity | Affinity | Pod affinity (optional) |
topologySpreadConstraints | TopologySpreadConstraint-Array | Pod topology spread constraints (optional) |
priorityClassName | String | PriorityClass to be used with the pod (optional) |
replicas | int | Number of pods running the receiver in the Deployment (default: 1) |
maxSurge | IntOrString | Ordinal or percentage of pods that are allowed to be created in addition during rolling updates. (default: 1) |
maxUnavailable | IntOrString | Ordinal or percentage of pods that are allowed to be unavailable during rolling updates. (default: 1) |
resources | ResourceRequirements | Resource requirements for the Receiver container |
readinessProbe | ReceiverProbe | Readiness probe. The action will be set by the operator. All other probe parameters can be set. |
livenessProbe | ReceiverProbe | Liveness probe. The action will be set by the operator. All other probe parameters can be set. |
service | ReceiverServiceConfig | Configuration for the service used to manage network access to the Deployment |
credentialSecretRef | String | Name of the secret containing the .htpasswd file used to configure basic authentication within the Apache server (mandatory) |
ReceiverSpec
Extends: ReceiverTemplateSpec
ReceiverStatus
| Field | Type | Description |
|---|
ready | boolean | Whether the Receiver instance is ready |
appliedCredentialSecretVersion | String | Version of credential secret currently mounted into Receiver pods |
ReceiverProbe
Extends: Probe
The fields exec, grpc, httpGet and tcpSocket cannot be set manually anymore compared to the parent object. All other options can still be configured.
ReceiverServiceConfig
| Field | Type | Description |
|---|
type | String | Service type (default: NodePort) |
httpPort | int | Port used for HTTP requests (default: 80) |
GitGarbageCollectionSpec
| Field | Type | Description |
|---|
cluster | string | Name of the Gerrit cluster this Gerrit is a part of. (mandatory) |
tolerations | Toleration-Array | Pod tolerations (optional) |
affinity | Affinity | Pod affinity (optional) |
schedule | string | Cron schedule defining when to run git gc (mandatory) |
projects | Set<String> | List of projects to gc. If omitted, all projects not handled by other Git GC jobs will be gc‘ed. Only one job gc’ing all projects can exist. (default: []) |
disableBitmapIndex | Boolean | Whether to disable bitmap index creation. This will increase push performance but decrease performance when serving fetches (default: false) |
disablePackRefs | Boolean | Whether to disable packing refs. Packing refs might interfere with pushes due to locking packed-refs (default: false) |
preservePacks | Boolean | Whether to preserve existing packs. Requires additional storage, but prevents failing fetches due to deleted packs (default: false) |
resources | ResourceRequirements | Resource requirements for the GitGarbageCollection container |
GitGarbageCollectionStatus
| Field | Type | Description |
|---|
replicateAll | boolean | Whether this GitGarbageCollection handles all projects |
excludedProjects | Set<String> | List of projects that were excluded from this GitGarbageCollection, since they are handled by other Jobs |
state | GitGcState | State of the GitGarbageCollection |
GitGcState
| Value | Description |
|---|
ACTIVE | GitGarbageCollection is scheduled |
INACTIVE | GitGarbageCollection is not scheduled |
CONFLICT | GitGarbageCollection conflicts with another GitGarbageCollection |
ERROR | Controller failed to schedule GitGarbageCollection |
GerritNetworkSpec
NetworkMember
| Field | Type | Description |
|---|
name | String | Name of the network member |
httpPort | int | Port used for HTTP(S) |
NetworkMemberWithSsh
Extends: NetworkMember
| Field | Type | Description |
|---|
sshPort | int | Port used for SSH |
ScheduledTasks
IncomingReplicationTaskTemplate
| Field | Type | Description |
|---|
metadata | ObjectMeta | Metadata of the resource. A name is mandatory. Labels can optionally be defined. Other fields like the namespace are ignored. |
spec | IncomingReplicationTaskTemplateSpec | Specification for IncomingReplicationTaskTemplate |
IncomingReplicationTaskTemplateSpec
| Field | Type | Description |
|---|
schedule | String | Schedule in which to execute the job |
config | IncomingReplicationConfig | Configuration of replication task |
resources | ResourceRequirements | Resource requirements for the GitGarbageCollection container |
tolerations | Toleration-Array | Pod tolerations (optional) |
affinity | Affinity | Pod affinity (optional) |
secretRef | String | Name of the secret containing the .netrc file containing credentials for all remote git servers |
IncomingReplicationConfig
| Field | Type | Description |
|---|
remotes | List<Remote> | List of remotes from which to fetch |
Remote
| Field | Type | Description |
|---|
name | String | Name of the remote (mandatory) |
url | String | Base URL of the remote, e.g. https://gerrit-review.googlesource.com/a (mandatory) |
timeout | String | Timeout for the fetch (default: 5m) |
fetch | List<Fetch> | List of projects to fetch |
Fetch
| Field | Type | Description |
|---|
remoteRepo | String | Name of the remote repository (mandatory) |
localRepo | String | Name of the local repository (default: same as remoteRepo) |
refSpec | String | RefSpec to fetch (default: +refs/heads/:refs/heads/{{remote.name}}/) |
IncomingReplicationTaskSpec
Extends: IncomingReplicationTaskTemplateSpec