apiVersion: v1
kind: List
items:
# The git server is deployed as a singleton pod and uses a very small amount
# of resources. It can host or transiently serve Git repositories, as well
# as automatically integrate with builds in a namespace.
- apiVersion: v1
kind: DeploymentConfig
metadata:
name: git
labels:
app: git
spec:
strategy:
type: Recreate
replicas: 1 # the git server is not HA and should not be scaled past 1
selector:
run-container: git
template:
metadata:
labels:
run-container: git
spec:
serviceAccountName: git
containers:
- name: git
image: openshift/origin-gitserver:latest
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /_/healthz
port: 8080
env:
# Each environment variable matching GIT_INITIAL_CLONE_* will
# be cloned when the process starts; failures will be logged.
# <name> must be [A-Z0-9_\-\.], the cloned directory name will
# be lowercased. If the name is invalid the pod will halt. If
# the repository already exists on disk, it will be updated
# from the remote.
#
#- name: GIT_INITIAL_CLONE_1
# value: <url>[;<name>]
# The namespace of the pod is required for implicit config
# (passing '-' to AUTOLINK_KUBECONFIG or REQUIRE_SERVER_AUTH)
# and can also be used to target a specific namespace.
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# The URL that builds must use to access the Git repositories
# stored in this app.
# TODO: support HTTPS
- name: PUBLIC_URL
value: http://git.$(POD_NAMESPACE).svc.cluster.local:8080
# If INTERNAL_URL is specified, then it's used to point
# BuildConfigs to the internal service address of the git
# server
- name: INTERNAL_URL
value: http://git:8080
# The directory to store Git repositories in. If not backed
# by a persistent volume, repositories will be lost when
# deployments occur. Use INITIAL_GIT_CLONE and AUTOLINK_*
# to remove the need to use a persistent volume.
- name: GIT_HOME
value: /var/lib/git
# The directory to use as the default hook directory for any
# cloned or autolinked directories.
- name: HOOK_PATH
value: /var/lib/git-hooks
# If 'true' new-app will be invoked on push for repositories
# for which a matching BuildConfig is not found.
- name: GENERATE_ARTIFACTS
value: "true"
# The strategy to use when creating build artifacts from a repository.
# With the default empty value, a Docker build will be generated if
# a Dockerfile is present in the repository. Otherwise, a source build
# will be created. Valid values are: "", docker, source
- name: BUILD_STRATEGY
value: ""
# The script to use for custom language detection on a
# repository. See hooks/detect-language for an example.
# To use new-app's default detection, leave this variable
# blank.
- name: DETECTION_SCRIPT
# value: detect-language
# Authentication and authorization
# If 'true', clients may push to the server with git push.
- name: ALLOW_GIT_PUSH
value: "true"
# If 'true', clients may set hooks via the API. However, unless
# the Git home is backed by a persistent volume, any deployment
# will result in the hooks being lost.
- name: ALLOW_GIT_HOOKS
value: "true"
# If 'true', clients can create new git repositories on demand
# by pushing. If the data on disk is not backed by a persistent
# volume, the Git repo will be deleted if the deployment is
# updated.
- name: ALLOW_LAZY_CREATE
value: "true"
# If 'true', clients can pull without being authenticated.
- name: ALLOW_ANON_GIT_PULL
value: "true"
# Provides the path to a kubeconfig file in the image that
# should be used to authorize against the server. The value
# '-' will use the pod's service account.
# May not be used in combination with REQUIRE_GIT_AUTH
- name: REQUIRE_SERVER_AUTH
value: "-"
# The namespace to check authorization against when
# REQUIRE_SERVICE_AUTH is used. Users must have 'get' on
# 'pods' to pull and 'create' on 'pods' to push.
- name: AUTH_NAMESPACE
value: $(POD_NAMESPACE)
# Require BASIC authentication with a username and password
# to push or pull.
# May not be used in combination with REQUIRE_SERVER_AUTH
- name: REQUIRE_GIT_AUTH
# value: <username>:<password>
# Autolinking:
#
# The git server can automatically clone Git repositories
# associated with a build config and replace the URL with
# a link to the repo on PUBLIC_URL. The default post-receive
# hook on the cloned repo will then trigger a build. You
# may customize the hook with AUTOLINK_HOOK (path to hook).
# To autolink, the account the pod runs under must have 'edit'
# on the AUTOLINK_NAMESPACE:
#
# oc policy add-role-to-user -z git edit
#
# Links are checked every time the pod starts.
# The location to read auth configuration from for autolinking.
# If '-', use the service account token to link. The account
# represented by this config must have the edit role on the
# namespace.
- name: AUTOLINK_KUBECONFIG
value: "-"
# The namespace to autolink
- name: AUTOLINK_NAMESPACE
value: $(POD_NAMESPACE)
# The path to a script in the image to use as the default
# post-receive hook - only set during link, so has no effect
# on cloned repositories. See the "hooks" directory in the
# image for examples.
- name: AUTOLINK_HOOK
volumeMounts:
- mountPath: /var/lib/git
name: git-data
volumes:
- name: git-data
persistentVolumeClaim:
claimName: git
triggers:
- type: ConfigChange
# The git server service is required for DNS resolution
- apiVersion: v1
kind: Service
metadata:
name: git
labels:
app: git
spec:
ports:
- port: 8080
targetPort: 8080
selector:
run-container: git
# The service account for the git server must be granted the view role to
# automatically start builds, edit role to create objects and autolink
- apiVersion: v1
kind: ServiceAccount
metadata:
name: git
labels:
app: git
# Default route for git service
- apiVersion: v1
kind: Route
metadata:
labels:
app: git
name: git
spec:
to:
name: git
# Persistent volume claim
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: git
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1G