apiVersion: v1 kind: List items: # The git server is deployed as a singleton pod and uses a very small amount # of resources. It can host or transiently serve Git repositories, as well # as automatically integrate with builds in a namespace. - apiVersion: v1 kind: DeploymentConfig metadata: name: git labels: app: git spec: strategy: type: Recreate replicas: 1 # the git server is not HA and should not be scaled past 1 selector: run-container: git template: metadata: labels: run-container: git spec: serviceAccountName: git containers: - name: git image: openshift/origin-gitserver:latest ports: - containerPort: 8080 readinessProbe: httpGet: path: /_/healthz port: 8080 env: # Each environment variable matching GIT_INITIAL_CLONE_* will # be cloned when the process starts; failures will be logged. # <name> must be [A-Z0-9_\-\.], the cloned directory name will # be lowercased. If the name is invalid the pod will halt. If # the repository already exists on disk, it will be updated # from the remote. # #- name: GIT_INITIAL_CLONE_1 # value: <url>[;<name>] # The namespace of the pod is required for implicit config # (passing '-' to AUTOLINK_KUBECONFIG or REQUIRE_SERVER_AUTH) # and can also be used to target a specific namespace. - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace # The URL that builds must use to access the Git repositories # stored in this app. # TODO: support HTTPS - name: PUBLIC_URL value: http://git.$(POD_NAMESPACE).svc.cluster.local:8080 # If INTERNAL_URL is specified, then it's used to point # BuildConfigs to the internal service address of the git # server - name: INTERNAL_URL value: http://git:8080 # The directory to store Git repositories in. If not backed # by a persistent volume, repositories will be lost when # deployments occur. Use INITIAL_GIT_CLONE and AUTOLINK_* # to remove the need to use a persistent volume. - name: GIT_HOME value: /var/lib/git # The directory to use as the default hook directory for any # cloned or autolinked directories. - name: HOOK_PATH value: /var/lib/git-hooks # If 'true' new-app will be invoked on push for repositories # for which a matching BuildConfig is not found. - name: GENERATE_ARTIFACTS value: "true" # The strategy to use when creating build artifacts from a repository. # With the default empty value, a Docker build will be generated if # a Dockerfile is present in the repository. Otherwise, a source build # will be created. Valid values are: "", docker, source - name: BUILD_STRATEGY value: "" # The script to use for custom language detection on a # repository. See hooks/detect-language for an example. # To use new-app's default detection, leave this variable # blank. - name: DETECTION_SCRIPT # value: detect-language # Authentication and authorization # If 'true', clients may push to the server with git push. - name: ALLOW_GIT_PUSH value: "true" # If 'true', clients may set hooks via the API. However, unless # the Git home is backed by a persistent volume, any deployment # will result in the hooks being lost. - name: ALLOW_GIT_HOOKS value: "true" # If 'true', clients can create new git repositories on demand # by pushing. If the data on disk is not backed by a persistent # volume, the Git repo will be deleted if the deployment is # updated. - name: ALLOW_LAZY_CREATE value: "true" # If 'true', clients can pull without being authenticated. - name: ALLOW_ANON_GIT_PULL value: "true" # Provides the path to a kubeconfig file in the image that # should be used to authorize against the server. The value # '-' will use the pod's service account. # May not be used in combination with REQUIRE_GIT_AUTH - name: REQUIRE_SERVER_AUTH value: "-" # The namespace to check authorization against when # REQUIRE_SERVICE_AUTH is used. Users must have 'get' on # 'pods' to pull and 'create' on 'pods' to push. - name: AUTH_NAMESPACE value: $(POD_NAMESPACE) # Require BASIC authentication with a username and password # to push or pull. # May not be used in combination with REQUIRE_SERVER_AUTH - name: REQUIRE_GIT_AUTH # value: <username>:<password> # Autolinking: # # The git server can automatically clone Git repositories # associated with a build config and replace the URL with # a link to the repo on PUBLIC_URL. The default post-receive # hook on the cloned repo will then trigger a build. You # may customize the hook with AUTOLINK_HOOK (path to hook). # To autolink, the account the pod runs under must have 'edit' # on the AUTOLINK_NAMESPACE: # # oc policy add-role-to-user -z git edit # # Links are checked every time the pod starts. # The location to read auth configuration from for autolinking. # If '-', use the service account token to link. The account # represented by this config must have the edit role on the # namespace. - name: AUTOLINK_KUBECONFIG value: "-" # The namespace to autolink - name: AUTOLINK_NAMESPACE value: $(POD_NAMESPACE) # The path to a script in the image to use as the default # post-receive hook - only set during link, so has no effect # on cloned repositories. See the "hooks" directory in the # image for examples. - name: AUTOLINK_HOOK volumeMounts: - mountPath: /var/lib/git name: git-data volumes: - name: git-data persistentVolumeClaim: claimName: git triggers: - type: ConfigChange # The git server service is required for DNS resolution - apiVersion: v1 kind: Service metadata: name: git labels: app: git spec: ports: - port: 8080 targetPort: 8080 selector: run-container: git # The service account for the git server must be granted the view role to # automatically start builds, edit role to create objects and autolink - apiVersion: v1 kind: ServiceAccount metadata: name: git labels: app: git # Default route for git service - apiVersion: v1 kind: Route metadata: labels: app: git name: git spec: to: name: git # Persistent volume claim - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: git spec: accessModes: - ReadWriteOnce resources: requests: storage: 1G