Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 5a12c4048f58897033b7f6911ead00c8da89e0aa / . / devtools / gerrit / kube / gerrit.libsonnet
blob: 2c1600f1cadb9ef833cb9f8a756630e7e28fb4b5 [file] [log] [blame]
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]1local kube = import "../../../kube/hscloud.libsonnet";
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]2
3{
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]4 local top = self,
5 local cfg = top.cfg,
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]6
7 cfg:: {
8 namespace: error "namespace must be set",
9 appName: "gerrit",
10 prefix: "", # if set, should be 'foo-'
11 domain: error "domain must be set",
12 identity: error "identity (UUID) must be set",
13
14 // The secret must contain a key named 'secure.config' containing (at least):
15 // [auth]
16 // registerEmailPrivateKey = <random>
17 // [plugin "gerrit-oauth-provider-warsawhackerspace-oauth"]
18 // client-id = foo
19 // client-secret = bar
20 // [sendemail]
21 // smtpPass = foo
22 // [receiveemail]
23 // password = bar
24 secureSecret: error "secure secret name must be set",
25
26 storageClass: error "storage class must be set",
27 storageSize: {
28 git: "50Gi", // Main storage for repositories and NoteDB.
29 index: "10Gi", // Secondary Lucene index
30 cache: "10Gi", // H2 cache databases
31 db: "1Gi", // NoteDB is used, so database is basically empty (H2 accountPatchReviewDatabase)
32 etc: "1Gi", // Random site stuff.
33 },
34
35 email: {
36 server: "mail.hackerspace.pl",
37 username: "gerrit",
38 address: "gerrit@hackerspace.pl",
39 },
40
Serge Bazanski7f5f2092023-10-08 14:01:04 +0000[diff] [blame]41 tag: "3.7.5-r7",
Serge Bazanskiee2f8a32020-12-17 23:06:10 +0100[diff] [blame]42 image: "registry.k0.hswaw.net/q3k/gerrit:" + cfg.tag,
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]43 resources: {
44 requests: {
45 cpu: "100m",
46 memory: "500Mi",
47 },
48 limits: {
49 cpu: "1",
50 memory: "2Gi",
51 },
52 },
53 },
54
radex1439fde2023-11-24 12:22:22 +0100[diff] [blame]55 secretRefs:: {
56 FORGEJO_TOKEN: { secretKeyRef: { name: top.keys.metadata.name, key: "FORGEJO_TOKEN" } },
57 },
58
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]59 name(suffix):: cfg.prefix + suffix,
60
61 metadata(component):: {
62 namespace: cfg.namespace,
63 labels: {
64 "app.kubernetes.io/name": cfg.appName,
65 "app.kubernetes.io/managed-by": "kubecfg",
66 "app.kubernetes.io/component": "component",
67 },
68 },
69
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]70 configmap: kube.ConfigMap(top.name("gerrit")) {
71 metadata+: top.metadata("configmap"),
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]72 data: {
73 "gerrit.config": |||
74 [gerrit]
75 basePath = git
76 canonicalWebUrl = https://%(domain)s/
77 serverId = %(identity)s
Serge Bazanskic9f48fe2021-02-08 00:44:56 +0100[diff] [blame]78 reportBugUrl = https://b.hackerspace.pl/new
Serge Bazanskic68343c2023-10-08 12:58:05 +0000[diff] [blame]79 primaryWeblinkName = Forgejo
Serge Bazanskic9f48fe2021-02-08 00:44:56 +0100[diff] [blame]80
81 [commentlink "b"]
82 match = [Bb]/(\\d+)
83 link = https://b.hackerspace.pl/$1
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]84
Serge Bazanskic68343c2023-10-08 12:58:05 +0000[diff] [blame]85 [gitweb]
86 url = https://git.hackerspace.pl/
87 type = custom
88 revision = hswaw/${project}/commit/${commit}
89 project = hswaw/${project}
90 branch = hswaw/${project}/src/branch/${branch}
91 tag = hswaw/${project}/releases/tag/${tag}
92 roottree = hswaw/${project}/src/commit/${commit}
93 file = hswaw/${project}/src/commit/${hash}/${file}
94 filehistory = hswaw/${project}/commits/branch/${branch}/${file}
95 linkname = Forgejo
96
Sergiusz Bazanski9b5359d2019-07-20 17:20:53 +0200[diff] [blame]97 [sshd]
98 advertisedAddress = %(domain)s
99
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]100 [container]
101 javaOptions = -Djava.security.edg=file:/dev/./urandom
102
103 [auth]
104 type = OAUTH
105 gitBasicAuthPolicy = HTTP
106
107 [httpd]
108 listenUrl = proxy-http://*:8080
109
110 [sshd]
111 advertisedAddress = %(domain)s
112
113 [user]
114 email = %(emailAddress)s
115
116 [sendemail]
117 enable = true
118 from = MIXED
119 smtpServer = %(emailServer)s
120 smtpServerPort = 465
121 smtpEncryption = ssl
122 smtpUser = %(emailUser)s
123
124 [receiveemail]
125 protocol = IMAP
126 host = %(emailServer)s
127 username = %(emailUser)s
128 encryption = TLS
129 enableImapIdle = true
130
Serge Bazanski28b52602023-10-27 20:58:45 +0200[diff] [blame]131 [plugin "avatars-gravatar"]
132 gravatarUrl = https://profile.hackerspace.pl/avatar/
133 changeAvatarUrl = https://profile.hackerspace.pl/vcard
134
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]135 ||| % {
136 domain: cfg.domain,
137 identity: cfg.identity,
138 emailAddress: cfg.email.address,
139 emailServer: cfg.email.server,
140 emailUser: cfg.email.username,
141 },
142 },
143 },
144
145 volumes: {
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]146 [name]: kube.PersistentVolumeClaim(top.name(name)) {
147 metadata+: top.metadata("storage"),
radex36964dc2023-11-24 11:19:46 +0100[diff] [blame]148 storage:: cfg.storageSize[name],
149 storageClass:: cfg.storageClassName,
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]150 }
151 for name in ["etc", "git", "index", "cache", "db"]
152 },
153
154 local volumeMounts = {
155 [name]: { mountPath: "/var/gerrit/%s" % name }
156 for name in ["etc", "git", "index", "cache", "db"]
157 } {
158 // ConfigMap gets mounted here
159 config: { mountPath: "/var/gerrit-config" },
160 // SecureSecret gets mounted here
161 secure: { mountPath: "/var/gerrit-secure" },
162 },
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]163 keys: kube.Secret(top.name("keys")) {
164 metadata+: top.metadata("deployment"),
Serge Bazanski7f5f2092023-10-08 14:01:04 +0000[diff] [blame]165 //data_: {
166 // FORGEJO_TOKEN: "fill me when deploying, TODO(q3k): god damn secrets",
167 //},
168 },
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]169 deployment: kube.Deployment(top.name("gerrit")) {
170 metadata+: top.metadata("deployment"),
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]171 spec+: {
172 replicas: 1,
173 template+: {
174 spec+: {
175 securityContext: {
176 fsGroup: 1000, # gerrit uid
177 },
178 volumes_: {
radex4ffc64d2023-11-24 13:28:57 +0100[diff] [blame]179 config: top.configmap.volume,
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]180 secure: { secret: { secretName: cfg.secureSecret} },
181 } {
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]182 [name]: kube.PersistentVolumeClaimVolume(top.volumes[name])
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]183 for name in ["etc", "git", "index", "cache", "db"]
184 },
185 containers_: {
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]186 gerrit: kube.Container(top.name("gerrit")) {
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]187 image: cfg.image,
188 ports_: {
189 http: { containerPort: 8080 },
190 ssh: { containerPort: 29418 },
191 },
Serge Bazanski7f5f2092023-10-08 14:01:04 +0000[diff] [blame]192 env_: {
radex1439fde2023-11-24 12:22:22 +0100[diff] [blame]193 FORGEJO_TOKEN: top.secretRefs.FORGEJO_TOKEN,
Serge Bazanski7f5f2092023-10-08 14:01:04 +0000[diff] [blame]194 },
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]195 resources: cfg.resources,
196 volumeMounts_: volumeMounts,
Piotr Dobrowolski69957c32023-09-17 21:43:51 +0200[diff] [blame]197
198 livenessProbe: {
199 httpGet: {
200 path: "/",
201 port: 8080,
202 },
203 initialDelaySeconds: 60,
204 periodSeconds: 10,
205 },
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]206 },
207 },
208 },
209 },
210 },
211 },
212
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]213 svc: kube.Service(top.name("gerrit")) {
214 metadata+: top.metadata("service"),
215 target:: top.deployment,
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]216 spec+: {
217 ports: [
218 { name: "http", port: 80, targetPort: 8080, protocol: "TCP" },
219 { name: "ssh", port: 22, targetPort: 29418, protocol: "TCP" },
220 ],
221 type: "ClusterIP",
222 },
223 },
224
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]225 ingress: kube.SimpleIngress(top.name("gerrit")) {
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]226 hosts:: [cfg.domain],
radexd45584a2023-11-24 12:51:57 +0100[diff] [blame]227 target:: top.svc,
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]228 metadata+: top.metadata("ingress"),
Sergiusz Bazanskia7e26cc2019-06-21 20:38:35 +0200[diff] [blame]229 },
230}