Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / f9f0beec8492e05a459bd7080ad095b4cf9292bc / . / charts / gerrit-replica / values.yaml
blob: f2ba93c701df3a694845d962cf3acae23fe7201b [file] [log] [blame]
Giorgi Lekveishviliee15ee22024-03-28 12:35:10 +0400[diff] [blame]1images:
2 busybox:
3 registry: docker.io
4 tag: latest
5 # Registry used for container images created by this project
6 registry:
7 # The registry name must NOT contain a trailing slash
8 name:
9 ImagePullSecret:
10 # Leave blank, if no ImagePullSecret is needed.
11 name: image-pull-secret
12 # If set to false, the gerrit-replica chart expects either a ImagePullSecret
13 # with the name configured above to be present on the cluster or that no
14 # credentials are needed.
15 create: false
16 username:
17 password:
18 version: latest
19 imagePullPolicy: Always
20 # Additional ImagePullSecrets that already exist and should be used by the
21 # pods of this chart. E.g. to pull busybox from dockerhub.
22 additionalImagePullSecrets: []
23
24# Additional labels that should be applied to all resources
25additionalLabels: {}
26
27storageClasses:
28 # Storage class used for storing logs and other pod-specific persisted data
29 default:
30 # If create is set to false, an existing StorageClass with the given
31 # name is expected to exist in the cluster. Setting create to true will
32 # create a storage class with the parameters given below.
33 name: default
34 create: false
35 provisioner: kubernetes.io/aws-ebs
36 reclaimPolicy: Delete
37 # Use the parameters key to set all parameters needed for the provisioner
38 parameters:
39 type: gp2
40 fsType: ext4
41 mountOptions: []
42 allowVolumeExpansion: false
43 # Storage class used for storing git repositories. Has to provide RWM access.
44 shared:
45 # If create is set to false, an existing StorageClass with RWM access
46 # mode and the given name has to be provided.
47 name: shared-storage
48 create: false
49 provisioner: nfs
50 reclaimPolicy: Delete
51 # Use the parameters key to set all parameters needed for the provisioner
52 parameters:
53 mountOptions: vers=4.1
54 mountOptions: []
55 allowVolumeExpansion: false
56
57nfsWorkaround:
58 enabled: false
59 chownOnStartup: false
60 idDomain: localdomain.com
61
62
63networkPolicies:
64 enabled: false
65 dnsPorts:
66 - 53
67 - 8053
68
69
70gitRepositoryStorage:
71 externalPVC:
72 use: false
73 name: git-repositories-pvc
74 size: 5Gi
75
76
77logStorage:
78 enabled: false
79 externalPVC:
80 use: false
81 name: gerrit-logs-pvc
82 size: 5Gi
83 cleanup:
84 enabled: false
85 additionalPodLabels: {}
86 schedule: "0 0 * * *"
87 retentionDays: 14
88 resources:
89 requests:
90 cpu: 100m
91 memory: 256Mi
92 limits:
93 cpu: 100m
94 memory: 256Mi
95
96
97istio:
98 enabled: false
99 host:
100 tls:
101 enabled: false
102 secret:
103 # If using an external secret, make sure to name the keys `tls.crt`
104 # and `tls.key`, respectively.
105 create: true
106 # `name` will only be used, if `create` is set to false to bind an
107 # existing secret. Otherwise the name will be automatically generated to
108 # avoid conflicts between multiple chart installations.
109 name:
110 # `cert`and `key` will only be used, if the secret will be created by
111 # this chart.
112 cert: |-
113 -----BEGIN CERTIFICATE-----
114
115 -----END CERTIFICATE-----
116 key: |-
117 -----BEGIN RSA PRIVATE KEY-----
118
119 -----END RSA PRIVATE KEY-----
120 ssh:
121 enabled: false
122
123caCert:
124
125ingress:
126 enabled: false
127 host:
128 # The maximum body size to allow for requests. Use "0" to allow unlimited
129 # reuqest body sizes.
130 maxBodySize: 50m
131 additionalAnnotations:
132 kubernetes.io/ingress.class: nginx
133 # nginx.ingress.kubernetes.io/server-alias: example.com
134 # nginx.ingress.kubernetes.io/whitelist-source-range: xxx.xxx.xxx.xxx
135 tls:
136 enabled: false
137 secret:
138 # If using an external secret, make sure to name the keys `tls.crt`
139 # and `tls.key`, respectively.
140 create: true
141 # `name` will only be used, if `create` is set to false to bind an
142 # existing secret. Otherwise the name will be automatically generated to
143 # avoid conflicts between multiple chart installations.
144 name:
145 # `cert`and `key` will only be used, if the secret will be created by
146 # this chart.
147 cert: |-
148 -----BEGIN CERTIFICATE-----
149
150 -----END CERTIFICATE-----
151 key: |-
152 -----BEGIN RSA PRIVATE KEY-----
153
154 -----END RSA PRIVATE KEY-----
155
156promtailSidecar:
157 enabled: false
158 image: grafana/promtail
159 version: 1.3.0
160 resources:
161 requests:
162 cpu: 100m
163 memory: 128Mi
164 limits:
165 cpu: 200m
166 memory: 128Mi
167 tls:
168 skipVerify: true
169 loki:
170 url: loki.example.com
171 user: admin
172 password: secret
173
174
175gitBackend:
176 image: k8sgerrit/apache-git-http-backend
177
178 additionalPodLabels: {}
179 tolerations: []
180 topologySpreadConstraints: {}
181 nodeSelector: {}
182 affinity:
183 podAntiAffinity:
184 preferredDuringSchedulingIgnoredDuringExecution:
185 - weight: 100
186 podAffinityTerm:
187 labelSelector:
188 matchExpressions:
189 - key: app
190 operator: In
191 values:
192 - git-backend
193 topologyKey: "topology.kubernetes.io/zone"
194
195 replicas: 1
196 maxSurge: 25%
197 # For just one replica, 100 % unavailability has to be allowed for updates to
198 # work.
199 maxUnavailable: 100%
200
201 # The general NetworkPolicy rules implemented by this chart may be too restrictive
202 # for some setups. Here custom rules may be added to whitelist some additional
203 # connections.
204 networkPolicy:
205 # This allows ingress traffic from all sources. If possible, this should be
206 # limited to the respective primary Gerrit that replicates to this replica.
207 ingress:
208 - {}
209 egress: []
210
211 resources:
212 requests:
213 cpu: 100m
214 memory: 256Mi
215 limits:
216 cpu: 100m
217 memory: 256Mi
218
219 livenessProbe:
220 initialDelaySeconds: 10
221 periodSeconds: 5
222
223 readinessProbe:
224 initialDelaySeconds: 5
225 periodSeconds: 1
226
227 service:
228 additionalAnnotations: {}
229 loadBalancerSourceRanges: []
230 type: NodePort
231 externalTrafficPolicy: Cluster
232 http:
233 port: 80
234
235 credentials:
236 # example: user: 'git'; password: 'secret'
237 # run `man htpasswd` to learn about how to create .htpasswd-files
238 htpasswd: git:$apr1$O/LbLKC7$Q60GWE7OcqSEMSfe/K8xU.
239 # TODO: Create htpasswd-file on container startup instead and set user
240 # and password in values.yaml.
241 #user:
242 #password:
243
244
245gitGC:
246 image: k8sgerrit/git-gc
247
248 tolerations: []
249 nodeSelector: {}
250 affinity: {}
251 additionalPodLabels: {}
252
253 schedule: 0 6,18 * * *
254
255 resources:
256 requests:
257 cpu: 100m
258 memory: 256Mi
259 limits:
260 cpu: 100m
261 memory: 256Mi
262
263gerritReplica:
264 images:
265 gerritInit: k8sgerrit/gerrit-init
266 gerritReplica: k8sgerrit/gerrit
267
268 tolerations: []
269 topologySpreadConstraints: {}
270 nodeSelector: {}
271 affinity:
272 podAntiAffinity:
273 preferredDuringSchedulingIgnoredDuringExecution:
274 - weight: 100
275 podAffinityTerm:
276 labelSelector:
277 matchExpressions:
278 - key: app
279 operator: In
280 values:
281 - gerrit-replica
282 topologyKey: "topology.kubernetes.io/zone"
283
284 replicas: 1
285 updatePartition: 0
286 additionalAnnotations: {}
287 additionalPodLabels: {}
288
289 # If no value for probeScheme, the probe will use the default HTTP
290 probeScheme: HTTP
291
292 livenessProbe:
293 initialDelaySeconds: 60
294 periodSeconds: 5
295
296 readinessProbe:
297 initialDelaySeconds: 10
298 periodSeconds: 10
299
300 startupProbe:
301 initialDelaySeconds: 10
302 periodSeconds: 30
303
304 gracefulStopTimeout: 90
305
306 # The memory limit has to be higher than the configures heap-size for Java!
307 resources:
308 requests:
309 cpu: 1
310 memory: 5Gi
311 limits:
312 cpu: 1
313 memory: 6Gi
314
315 persistence:
316 enabled: true
317 size: 5Gi
318
319 # The general NetworkPolicy rules implemented by this chart may be too restrictive
320 # for some setups, e.g. when trying to connect to an external database. Here
321 # custom rules may be added to whitelist some additional connections.
322 networkPolicy:
323 ingress: []
324 egress: []
325
326 service:
327 additionalAnnotations: {}
328 loadBalancerSourceRanges: []
329 type: NodePort
330 externalTrafficPolicy: Cluster
331 http:
332 port: 80
333 ssh:
334 enabled: false
335 port: 29418
336
337 # `gerritReplica.keystore` expects a base64-encoded Java-keystore
338 # Since Java keystores are binary files, adding the unencoded content and
339 # automatic encoding using helm does not work here.
340 keystore:
341
342 pluginManagement:
343 plugins: []
344 # A plugin packaged in the gerrit.war-file
345 # - name: download-commands
346
347 # A plugin packaged in the gerrit.war-file that will also be installed as a
348 # lib
349 # - name: replication
350 # installAsLibrary: true
351
352 # A plugin that will be downloaded on startup
353 # - name: delete-project
354 # url: https://example.com/gerrit-plugins/delete-project.jar
355 # sha1:
356 # installAsLibrary: false
357
358 # Only downloaded plugins will be cached. This will be ignored, if no plugins
359 # are downloaded.
360 libs: []
361 cache:
362 enabled: false
363 size: 1Gi
364
365 priorityClassName:
366
367 etc:
368 # Some values are expected to have a specific value for the deployment installed
369 # by this chart to work. These are marked with `# FIXED`.
370 # Do not change them!
371 config:
372 gerrit.config: |-
373 [gerrit]
374 basePath = git # FIXED
375 serverId = gerrit-replica-1
376 # The canonical web URL has to be set to the Ingress host, if an Ingress
377 # is used. If a LoadBalancer-service is used, this should be set to the
378 # LoadBalancer's external IP. This can only be done manually after installing
379 # the chart, when you know the external IP the LoadBalancer got from the
380 # cluster.
381 canonicalWebUrl = http://example.com/
382 disableReverseDnsLookup = true
383 [index]
384 type = LUCENE
385 [index "scheduledIndexer"]
386 runOnStartup = false
387 [auth]
388 type = DEVELOPMENT_BECOME_ANY_ACCOUNT
389 [httpd]
390 # If using an ingress use proxy-http or proxy-https
391 listenUrl = proxy-http://*:8080/
392 requestLog = true
393 gracefulStopTimeout = 1m
394 [sshd]
395 listenAddress = *:29418
396 gracefulStopTimeout = 1m
397 [transfer]
398 timeout = 120 s
399 [user]
400 name = Gerrit Code Review
401 email = gerrit@example.com
402 anonymousCoward = Unnamed User
403 [cache]
404 directory = cache
405 [container]
406 user = gerrit # FIXED
407 replica = true # FIXED
408 javaHome = /usr/lib/jvm/java-17-openjdk # FIXED
409 javaOptions = -Djavax.net.ssl.trustStore=/var/gerrit/etc/keystore # FIXED
410 javaOptions = -Xms200m
411 # Has to be lower than 'gerritReplica.resources.limits.memory'. Also
412 # consider memories used by other applications in the container.
413 javaOptions = -Xmx4g
414
415 secret:
416 secure.config: |-
417 # Password for the keystore added as value for 'gerritReplica.keystore'
418 # Only needed, if SSL is enabled.
419 #[httpd]
420 # sslKeyPassword = gerrit
421
422 # ssh_host_ecdsa_key: |-
423 # -----BEGIN EC PRIVATE KEY-----
424
425 # -----END EC PRIVATE KEY-----
426
427 # ssh_host_ecdsa_key.pub: ecdsa-sha2-nistp256...
428
429 additionalConfigMaps:
430 # - name:
431 # subDir:
432 # data:
433 # file.txt: test