Enabling sshd in k8s deployment via using k8s-gerrit helm-chart

[Hakan AVCI]

Hi All,

Currently we are trying to setup our Gerrit instances (VM+docker deployment) in k8s platform and once we complete with fully ready k8s deployment, then we will migrate the git data and start using the Gerrit that is deployed in k8s . So our plan is adapt helm-chart to be used in production.

Well, I got stuck at enabling sshd in helm and to be honest couldn't find a documentation about how to enable sshd (creation of ssh keys) in helm deployment. So far I made these changes:

under gerrit.service

----------------------------------

  service:

    type: LoadBalancer

    http:

      port: 80

    ssh:

      enabled: true

      port: 29418

-----------------------------------

also under gerrit.etc.config.gerrit.config

--------------------------------------------------------------------

[sshd]

          listenAddress = *:29418

          advertisedAddress = some-url:29418

--------------------------------------------------------------------

This ended up with an exception that says:

[main] ERROR com.google.gerrit.pgm.Daemon : Unable to start daemon
com.google.inject.CreationException: Unable to create injector, see the following errors:

1) No SSH keys under /var/gerrit/etc

I was expecting that "init" phase will create and place the necessary ssh keys under /var/gerrit/etc but it won't. My expectation was based on following statement that I copy from original helm README:

"SSH keys should be configured via the helm-chart using the gerrit.etc.secret map. Gerrit will create its own keys, if none are present in the site," 

So am I missing something? or should I update something in values-yaml?

Thanks!

Hakan.

[Thomas Dräbing]

Hi Hakan,

please let me note up front: The helm-chart for the primary Gerrit is NOT production ready, only the gerrit-replica helm chart is production ready. Let me explain: The primary Gerrit cannot be scaled, does not support zero downtime upgrades and release upgrades that require additional migration steps, e.g. schema migrations, are not guaranteed to be supported or will at least cause considerable downtimes. We plan to implement a proper Kubernetes deployment for a primary Gerrit in the next few months based on the multisite plugin, but this will look completely different and we will not provide an upgrade path from the existing gerrit helm chart. Thus, please reconsider migrating your Gerrit to Kubernetes using this helm-chart for now.

I will give a short talk about our plans during the Gerrit User Summit on Friday: https://gerrit.googlesource.com/summit/2022/+/refs/heads/master/schedule.md. It is not too late to register for online attendance :-).

I nevertheless tried to reproduce the issue and was unable to do so. Which version of the docker images are you using and which commit in the k8s-gerrit repository are you using to install the helm-chart?

Could you share the complete logs, including the logs of the init containers?

Best,

Thomas

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/1e89aef2-60d8-4e2a-be46-71c61e602373n%40googlegroups.com.

[Hakan AVCI]

I guess registration is already ended since it has started :( Are these session recorded for the people who are not able to attend?

Back to original topic: We are currently re-considering about using gerrit primary helm-chart and we came across to a question based on your statement "only the gerrit-replica helm chart is production ready". Are you basically saying that can we use gerrit-replica helm to be able to have a primary instance? Or, the purpose of gerrit-replica is just about having replicas which is connected to primary instance?

Follow-up question if gerrit-replica can be used to have a primary: When you publish a proper gerrit primary helm, will we able to switch deployment from gerrit-replica to the new gerrit-primary helm easily? Or do you suggest us to just wait until a proper gerrit-primary helm that you have mentioned is ready? 

Thanks,

Hakan.

[Thomas Dräbing]

On Thu, 10 Nov 2022 at 11:35, Hakan AVCI <hakana...@gmail.com> wrote:

I guess registration is already ended since it has started :( Are these session recorded for the people who are not able to attend?

You can still join. The event is livestreamed at .

 

Back to original topic: We are currently re-considering about using gerrit primary helm-chart and we came across to a question based on your statement "only the gerrit-replica helm chart is production ready". Are you basically saying that can we use gerrit-replica helm to be able to have a primary instance? Or, the purpose of gerrit-replica is just about having replicas which is connected to primary instance?

The gerrit-replica helm-chart is meant to deploy a Gerrit Replica, which is a read-only mode for Gerrit. It is meant to serve git fetch/clone requests, but doesn't expose the UI or REST API or allow git push. So you would connect it to your primary Gerrit using the replication plugin.

The chart cannot be used to run a primary Gerrit.

 

Follow-up question if gerrit-replica can be used to have a primary: When you publish a proper gerrit primary helm, will we able to switch deployment from gerrit-replica to the new gerrit-primary helm easily? Or do you suggest us to just wait until a proper gerrit-primary helm that you have mentioned is ready? 

I would suggest waiting for the proper setup. This will also not be a helm chart, but managed by an operator.

To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/e788424f-78a9-4e4e-b8c2-ff2f44f3055dn%40googlegroups.com.