Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-04-02 15:27:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
93e3294026feb2bd09e9c47944490cb67ed7585a
charts/bitnami/harbor/templates/clair/clair-dpl.yaml
Paul Czarkowski 93e3294026 [harbor] Add support for providing own root CA (#3536)
2020-10-22 09:07:39 +02:00

256 lines
14 KiB
YAML
Raw Blame History

{{- if .Values.clair.enabled }}
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "harbor.clair" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: clair
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.clair.replicas }}
{{- if .Values.clair.updateStrategy }}
strategy: {{- toYaml .Values.clair.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: clair
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.clair.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.clair.podLabels "context" $) | nindent 8 }}
{{- end }}
app.kubernetes.io/component: clair
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/clair/clair-secret.yaml") . | sha256sum }}
{{- if and .Values.internalTLS.enabled (not .Values.clair.tls.existingSecret) }}
checksum/tls: {{ include (print $.Template.BasePath "/internal/internal-crt-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.clair.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.clair.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "harbor.imagePullSecrets" . | nindent 6 }}
{{- if .Values.clair.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.clair.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.podSecurityContext }}
securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.clair.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.clair.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.clair.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.clair.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.clair.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.clair.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: clair
image: {{ include "harbor.clairImage" . }}
imagePullPolicy: {{ .Values.clairImage.pullPolicy | quote }}
{{- if .Values.containerSecurityContext }}
securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.server.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.clair.server.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.server.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.clair.server.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.server.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.clair.server.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.server.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /health
port: 6061
initialDelaySeconds: {{ .Values.clair.server.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.clair.server.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.clair.server.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.clair.server.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.clair.server.livenessProbe.failureThreshold }}
{{- else if .Values.clair.server.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clair.server.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.server.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /health
port: 6061
initialDelaySeconds: {{ .Values.clair.server.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.clair.server.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.clair.server.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.clair.server.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.clair.server.readinessProbe.failureThreshold }}
{{- else if .Values.clair.server.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clair.server.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.clairImage.debug | quote }}
{{- if has "clair" .Values.proxy.components }}
{{- if .Values.clair.httpProxy }}
- name: HTTP_PROXY
value: {{ .Values.clair.httpProxy | quote }}
{{- end }}
{{- if .Values.clair.httpsProxy }}
- name: HTTPS_PROXY
value: {{ .Values.clair.httpsProxy | quote }}
{{- end }}
- name: NO_PROXY
value: {{ include "harbor.noProxy" . | quote }}
{{- end }}
{{- if .Values.clair.server.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.clair.server.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.clair.server.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.clair.server.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.clair.server.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.clair.server.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.clair.server.resources }}
resources: {{- toYaml .Values.clair.server.resources | nindent 12 }}
{{- end }}
ports:
- containerPort: 6060
volumeMounts:
- name: config
mountPath: /etc/clair/config.yaml
subPath: config.yaml
{{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolumeMount" . | indent 12 }}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: internal-tls-certs
mountPath: /etc/harbor/ssl/clair
{{- end }}
{{- if .Values.clair.server.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.clair.server.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
- name: adapter
image: {{ include "harbor.clairAdapterImage" . }}
imagePullPolicy: {{ .Values.clairAdapterImage.pullPolicy }}
{{- if .Values.clair.adapter.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.clair.adapter.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.adapter.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.clair.adapter.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.adapter.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.clair.adapter.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext }}
securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.adapter.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /probe/healthy
port: {{ include "harbor.clairAdapter.containerPort" . }}
scheme: {{ include "harbor.component.scheme" . | upper }}
initialDelaySeconds: {{ .Values.clair.adapter.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.clair.adapter.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.clair.adapter.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.clair.adapter.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.clair.adapter.livenessProbe.failureThreshold }}
{{- else if .Values.clair.adapter.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clair.adapter.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.adapter.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /probe/ready
port: {{ include "harbor.clairAdapter.containerPort" . }}
scheme: {{ include "harbor.component.scheme" . | upper }}
initialDelaySeconds: {{ .Values.clair.adapter.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.clair.adapter.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.clair.adapter.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.clair.adapter.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.clair.adapter.readinessProbe.failureThreshold }}
{{- else if .Values.clair.adapter.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.clair.adapter.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.clairAdapterImage.debug | quote }}
- name: SCANNER_CLAIR_URL
# To avoid a pod cannot reach itself via service IP when the clusters disable hairpin
value: "http://127.0.0.1:6060"
- name: SCANNER_STORE_REDIS_URL
value: {{ include "harbor.redisForClairAdapter" . }}
- name: SCANNER_CLAIR_DATABASE_URL
value: {{ include "harbor.database.clair" . }}
{{- if .Values.internalTLS.enabled }}
- name: INTERNAL_TLS_ENABLED
value: "true"
- name: SCANNER_API_SERVER_ADDR
value: {{ printf ":%s" ( include "harbor.clairAdapter.containerPort" . ) | quote }}
- name: SCANNER_API_SERVER_TLS_KEY
value: /etc/harbor/ssl/clair/tls.key
- name: SCANNER_API_SERVER_TLS_CERTIFICATE
value: /etc/harbor/ssl/clair/tls.crt
{{- end }}
{{- if .Values.clair.adapter.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.clair.adapter.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.clair.adapter.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.clair.adapter.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.clair.adapter.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.clair.adapter.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.clair.adapter.resources }}
resources: {{- toYaml .Values.clair.adapter.resources | nindent 12 }}
{{- end }}
ports:
- containerPort: 8080
volumeMounts:
{{- if .Values.internalTLS.enabled }}
- name: internal-tls-certs
mountPath: /etc/harbor/ssl/clair
{{- end }}
{{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolumeMount" . | indent 12 }}
{{- end }}
{{- if .Values.clair.adapter.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.clair.adapter.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.clair.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.clair.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: config
secret:
secretName: {{ include "harbor.clair" . | quote }}
{{- if .Values.internalTLS.enabled }}
- name: internal-tls-certs
secret:
secretName: {{ template "harbor.clair.tls.secretName" . }}
{{- end }}
{{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolume" . | indent 8 }}
{{- end }}
{{- if .Values.clair.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.clair.extraVolumes "context" $) | nindent 6 }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink