Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 8b8f3876a91d582795712d1b1355e69eba1f97ce / . / devtools / gerrit / kube / gerrit.libsonnet
blob: 2d10f322f6360ef391514619774ce55c8ec44eb5 [file] [log] [blame]
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]1local kube = import "../../../kube/hscloud.libsonnet";
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]2
3{
4 local gerrit = self,
5 local cfg = gerrit.cfg,
6
7 cfg:: {
8 namespace: error "namespace must be set",
9 appName: "gerrit",
10 prefix: "", # if set, should be 'foo-'
11 domain: error "domain must be set",
12 identity: error "identity (UUID) must be set",
13
14 // The secret must contain a key named 'secure.config' containing (at least):
15 // [auth]
16 // registerEmailPrivateKey = <random>
17 // [plugin "gerrit-oauth-provider-warsawhackerspace-oauth"]
18 // client-id = foo
19 // client-secret = bar
20 // [sendemail]
21 // smtpPass = foo
22 // [receiveemail]
23 // password = bar
24 secureSecret: error "secure secret name must be set",
25
26 storageClass: error "storage class must be set",
27 storageSize: {
28 git: "50Gi", // Main storage for repositories and NoteDB.
29 index: "10Gi", // Secondary Lucene index
30 cache: "10Gi", // H2 cache databases
31 db: "1Gi", // NoteDB is used, so database is basically empty (H2 accountPatchReviewDatabase)
32 etc: "1Gi", // Random site stuff.
33 },
34
35 email: {
36 server: "mail.hackerspace.pl",
37 username: "gerrit",
38 address: "gerrit@hackerspace.pl",
39 },
40
Serge Bazanski7f5f2092023-10-08 14:01:04 +0000[diff] [blame]41 tag: "3.7.5-r7",
Serge Bazanskiee2f8a32020-12-17 23:06:10 +0100[diff] [blame]42 image: "registry.k0.hswaw.net/q3k/gerrit:" + cfg.tag,
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]43 resources: {
44 requests: {
45 cpu: "100m",
46 memory: "500Mi",
47 },
48 limits: {
49 cpu: "1",
50 memory: "2Gi",
51 },
52 },
53 },
54
55 name(suffix):: cfg.prefix + suffix,
56
57 metadata(component):: {
58 namespace: cfg.namespace,
59 labels: {
60 "app.kubernetes.io/name": cfg.appName,
61 "app.kubernetes.io/managed-by": "kubecfg",
62 "app.kubernetes.io/component": "component",
63 },
64 },
65
66 configmap: kube.ConfigMap(gerrit.name("gerrit")) {
67 metadata+: gerrit.metadata("configmap"),
68 data: {
69 "gerrit.config": |||
70 [gerrit]
71 basePath = git
72 canonicalWebUrl = https://%(domain)s/
73 serverId = %(identity)s
Serge Bazanskic9f48fe2021-02-08 00:44:56 +0100[diff] [blame]74 reportBugUrl = https://b.hackerspace.pl/new
Serge Bazanskic68343c2023-10-08 12:58:05 +0000[diff] [blame]75 primaryWeblinkName = Forgejo
Serge Bazanskic9f48fe2021-02-08 00:44:56 +0100[diff] [blame]76
77 [commentlink "b"]
78 match = [Bb]/(\\d+)
79 link = https://b.hackerspace.pl/$1
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]80
Serge Bazanskic68343c2023-10-08 12:58:05 +0000[diff] [blame]81 [gitweb]
82 url = https://git.hackerspace.pl/
83 type = custom
84 revision = hswaw/${project}/commit/${commit}
85 project = hswaw/${project}
86 branch = hswaw/${project}/src/branch/${branch}
87 tag = hswaw/${project}/releases/tag/${tag}
88 roottree = hswaw/${project}/src/commit/${commit}
89 file = hswaw/${project}/src/commit/${hash}/${file}
90 filehistory = hswaw/${project}/commits/branch/${branch}/${file}
91 linkname = Forgejo
92
Sergiusz Bazanski9b5359d2019-07-20 17:20:53 +0200[diff] [blame]93 [sshd]
94 advertisedAddress = %(domain)s
95
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]96 [container]
97 javaOptions = -Djava.security.edg=file:/dev/./urandom
98
99 [auth]
100 type = OAUTH
101 gitBasicAuthPolicy = HTTP
102
103 [httpd]
104 listenUrl = proxy-http://*:8080
105
106 [sshd]
107 advertisedAddress = %(domain)s
108
109 [user]
110 email = %(emailAddress)s
111
112 [sendemail]
113 enable = true
114 from = MIXED
115 smtpServer = %(emailServer)s
116 smtpServerPort = 465
117 smtpEncryption = ssl
118 smtpUser = %(emailUser)s
119
120 [receiveemail]
121 protocol = IMAP
122 host = %(emailServer)s
123 username = %(emailUser)s
124 encryption = TLS
125 enableImapIdle = true
126
Serge Bazanski28b52602023-10-27 20:58:45 +0200[diff] [blame]127 [plugin "avatars-gravatar"]
128 gravatarUrl = https://profile.hackerspace.pl/avatar/
129 changeAvatarUrl = https://profile.hackerspace.pl/vcard
130
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]131 ||| % {
132 domain: cfg.domain,
133 identity: cfg.identity,
134 emailAddress: cfg.email.address,
135 emailServer: cfg.email.server,
136 emailUser: cfg.email.username,
137 },
138 },
139 },
140
141 volumes: {
142 [name]: kube.PersistentVolumeClaim(gerrit.name(name)) {
143 metadata+: gerrit.metadata("storage"),
Radek Pietruszewskif28cd622023-11-03 17:30:10 +0100[diff] [blame]144 storage: cfg.storageSize[name],
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]145 spec+: {
146 storageClassName: cfg.storageClassName,
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]147 },
148 }
149 for name in ["etc", "git", "index", "cache", "db"]
150 },
151
152 local volumeMounts = {
153 [name]: { mountPath: "/var/gerrit/%s" % name }
154 for name in ["etc", "git", "index", "cache", "db"]
155 } {
156 // ConfigMap gets mounted here
157 config: { mountPath: "/var/gerrit-config" },
158 // SecureSecret gets mounted here
159 secure: { mountPath: "/var/gerrit-secure" },
160 },
Serge Bazanski7f5f2092023-10-08 14:01:04 +0000[diff] [blame]161 keys: kube.Secret(gerrit.name("keys")) {
162 metadata+: gerrit.metadata("deployment"),
163 //data_: {
164 // FORGEJO_TOKEN: "fill me when deploying, TODO(q3k): god damn secrets",
165 //},
166 },
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]167 deployment: kube.Deployment(gerrit.name("gerrit")) {
168 metadata+: gerrit.metadata("deployment"),
169 spec+: {
170 replicas: 1,
171 template+: {
172 spec+: {
173 securityContext: {
174 fsGroup: 1000, # gerrit uid
175 },
176 volumes_: {
177 config: kube.ConfigMapVolume(gerrit.configmap),
178 secure: { secret: { secretName: cfg.secureSecret} },
179 } {
180 [name]: kube.PersistentVolumeClaimVolume(gerrit.volumes[name])
181 for name in ["etc", "git", "index", "cache", "db"]
182 },
183 containers_: {
184 gerrit: kube.Container(gerrit.name("gerrit")) {
185 image: cfg.image,
186 ports_: {
187 http: { containerPort: 8080 },
188 ssh: { containerPort: 29418 },
189 },
Serge Bazanski7f5f2092023-10-08 14:01:04 +0000[diff] [blame]190 env_: {
191 FORGEJO_TOKEN: { secretKeyRef: { name: gerrit.keys.metadata.name, key: "FORGEJO_TOKEN" }},
192 },
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]193 resources: cfg.resources,
194 volumeMounts_: volumeMounts,
Piotr Dobrowolski69957c32023-09-17 21:43:51 +0200[diff] [blame]195
196 livenessProbe: {
197 httpGet: {
198 path: "/",
199 port: 8080,
200 },
201 initialDelaySeconds: 60,
202 periodSeconds: 10,
203 },
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]204 },
205 },
206 },
207 },
208 },
209 },
210
211 svc: kube.Service(gerrit.name("gerrit")) {
212 metadata+: gerrit.metadata("service"),
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame^]213 target:: gerrit.deployment,
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]214 spec+: {
215 ports: [
216 { name: "http", port: 80, targetPort: 8080, protocol: "TCP" },
217 { name: "ssh", port: 22, targetPort: 29418, protocol: "TCP" },
218 ],
219 type: "ClusterIP",
220 },
221 },
222
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]223 ingress: kube.SimpleIngress(gerrit.name("gerrit")) {
224 hosts:: [cfg.domain],
225 target_service:: gerrit.svc,
226 metadata+: gerrit.metadata("ingress"),
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]227 },
228}