Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-09 15:38:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dfd62e9edfaaf4f08287c223ecdc1cdd13a6874
charts/bitnami/concourse/templates/worker/statefulset.yaml
Javier J. Salmerón-García 1f86167ee1 [bitnami/concourse] fix: 🔒 Move service-account token auto-mount to pod declaration (#22391) 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
2024-01-22 11:42:36 +01:00

287 lines
15 KiB
YAML
Raw Blame History

{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.worker.enabled (or (not .Values.web.enabled) (include "concourse.host" .)) }}
{{- if eq .Values.worker.mode "statefulset" }}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ template "concourse.worker.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: {{ template "concourse.worker.fullname" . }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.worker.replicaCount }}
podManagementPolicy: {{ .Values.worker.podManagementPolicy }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.worker.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: {{ template "concourse.worker.fullname" . }}
serviceName: {{ template "concourse.worker.fullname" . }}
{{- if .Values.worker.updateStrategy }}
updateStrategy: {{- toYaml .Values.worker.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.worker.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.worker.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: {{ template "concourse.worker.fullname" . }}
spec:
serviceAccountName: {{ template "concourse.worker.serviceAccountName" . }}
{{- include "concourse.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
{{- if .Values.worker.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.worker.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.worker.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.worker.podAffinityPreset "component" "worker" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.worker.podAntiAffinityPreset "component" "worker" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.worker.nodeAffinityPreset.type "key" .Values.worker.nodeAffinityPreset.key "values" .Values.worker.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.worker.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.worker.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.worker.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.worker.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.worker.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.worker.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.worker.priorityClassName }}
priorityClassName: {{ .Values.worker.priorityClassName }}
{{- end }}
{{- if .Values.worker.schedulerName }}
schedulerName: {{ .Values.worker.schedulerName | quote }}
{{- end }}
{{- if .Values.worker.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.worker.podSecurityContext.enabled }}
securityContext: {{- omit .Values.worker.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- if and .Values.volumePermissions.enabled .Values.worker.persistence.enabled }}
- name: volume-permissions
image: {{ include "concourse.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
args:
- -ec
- |
mkdir -p /bitnami/concourse
find /bitnami/concourse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.worker.containerSecurityContext.runAsUser }}:{{ .Values.worker.podSecurityContext.fsGroup }}
{{- if .Values.worker.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.worker.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: concourse-work-dir
mountPath: /bitnami/concourse/workdir
{{- end }}
{{- if .Values.worker.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.worker.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: concourse-web
image: {{ template "concourse.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.worker.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.worker.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.worker.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.worker.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.worker.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.worker.command "context" $) | nindent 12 }}
{{- else }}
command:
- /opt/bitnami/concourse/bin/concourse
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.worker.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.worker.args "context" $) | nindent 12 }}
{{- else }}
args:
- worker
{{- end }}
env:
- name: CONCOURSE_TSA_PUBLIC_KEY
value: /bitnami/concourse/concourse-keys/host_key.pub
- name: CONCOURSE_TSA_WORKER_PRIVATE_KEY
value: /bitnami/concourse/concourse-keys/worker_key
- name: CONCOURSE_WORK_DIR
value: /bitnami/concourse/workdir
- name: CONCOURSE_HEALTHCHECK_BIND_PORT
value: {{ .Values.worker.containerPorts.health | quote }}
{{- if .Values.worker.logLevel }}
- name: CONCOURSE_LOG_LEVEL
value: {{ .Values.worker.logLevel | quote }}
{{- end }}
{{- if .Values.worker.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.worker.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
- name: CONCOURSE_TSA_HOST
value: {{ template "concourse.web.tsa.address" . }}
{{- if .Values.worker.bindIp }}
- name: CONCOURSE_BIND_IP
value: {{ .Values.worker.bindIp | quote }}
{{- end }}
{{- if .Values.worker.containerPorts.garden }}
- name: CONCOURSE_BIND_PORT
value: {{ .Values.worker.containerPorts.garden | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.logLevel }}
- name: CONCOURSE_BAGGAGECLAIM_LOG_LEVEL
value: {{ .Values.worker.baggageclaim.logLevel | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.bindIp }}
- name: CONCOURSE_BAGGAGECLAIM_BIND_IP
value: {{ .Values.worker.baggageclaim.bindIp | quote }}
{{- end }}
{{- if .Values.worker.containerPorts.baggageclaim }}
- name: CONCOURSE_BAGGAGECLAIM_BIND_PORT
value: {{ .Values.worker.containerPorts.baggageclaim | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.debugBindIp }}
- name: CONCOURSE_BAGGAGECLAIM_DEBUG_BIND_IP
value: {{ .Values.worker.baggageclaim.debugBindIp | quote }}
{{- end }}
{{- if .Values.worker.containerPorts.pprof }}
- name: CONCOURSE_BAGGAGECLAIM_DEBUG_BIND_PORT
value: {{ .Values.worker.containerPorts.pprof | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.volumes }}
- name: CONCOURSE_BAGGAGECLAIM_VOLUMES
value: {{ .Values.worker.baggageclaim.volumes | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.driver }}
- name: CONCOURSE_BAGGAGECLAIM_DRIVER
value: {{ .Values.worker.baggageclaim.driver | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.btrfsBin }}
- name: CONCOURSE_BAGGAGECLAIM_BTRFS_BIN
value: {{ .Values.worker.baggageclaim.btrfsBin | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.mkfsBin }}
- name: CONCOURSE_BAGGAGECLAIM_MKFS_BIN
value: {{ .Values.worker.baggageclaim.mkfsBin | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.overlaysDir }}
- name: CONCOURSE_BAGGAGECLAIM_OVERLAYS_DIR
value: {{ .Values.worker.baggageclaim.overlaysDir | quote }}
{{- end }}
{{- if .Values.worker.baggageclaim.disableUserNamespaces }}
- name: CONCOURSE_BAGGAGECLAIM_DISABLE_USER_NAMESPACES
value: {{ .Values.worker.baggageclaim.disableUserNamespaces | quote }}
{{- end }}
{{- if .Values.worker.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.worker.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.worker.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.worker.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.worker.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.worker.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.worker.resources }}
resources: {{- toYaml .Values.worker.resources | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.worker.containerPorts.garden }}
- name: healthz
containerPort: {{ .Values.worker.containerPorts.health }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.worker.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.worker.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.worker.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.worker.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: healthz
{{- end }}
{{- if .Values.worker.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.worker.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.worker.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.worker.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: healthz
{{- end }}
{{- if .Values.worker.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.worker.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.worker.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.worker.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: healthz
{{- end }}
{{- end }}
volumeMounts:
- name: concourse-keys
mountPath: /bitnami/concourse/concourse-keys
readOnly: true
- name: concourse-work-dir
mountPath: /bitnami/concourse/workdir
{{- if .Values.worker.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.worker.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.worker.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.worker.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: concourse-keys
secret:
secretName: {{ include "concourse.worker.secretName" . }}
defaultMode: 0400
{{- if .Values.worker.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.worker.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.worker.persistence.enabled .Values.worker.persistence.existingClaim }}
- name: concourse-work-dir
persistentVolumeClaim:
claimName: {{ tpl .Values.worker.persistence.existingClaim $ }}
{{- else if not .Values.worker.persistence.enabled }}
- name: concourse-work-dir
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: concourse-work-dir
{{- if .Values.worker.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.worker.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.worker.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.worker.persistence.size | quote }}
{{- if .Values.worker.persistence.selector }}
selector: {{- include "common.tplvalues.render" ( dict "value" .Values.worker.persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{ include "common.storage.class" (dict "persistence" .Values.worker.persistence "global" .Values.global) }}
{{- end }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink