mirror of
https://github.com/bitnami/charts.git
synced 2026-03-29 16:27:11 +08:00
da68be8e95
* Add copyright header Signed-off-by: sfelipe <sfelipe@vmware.com> * Remove copyright from vib runtime_parameters files Signed-off-by: sfelipe <sfelipe@vmware.com> * Add copyright header for pinniped-auth.sh Signed-off-by: sfelipe <sfelipe@vmware.com> * Update templates copyright header format Signed-off-by: sfelipe <sfelipe@vmware.com> --------- Signed-off-by: sfelipe <sfelipe@vmware.com>
267 lines
15 KiB
YAML
267 lines
15 KiB
YAML
{{- /*
|
|
Copyright VMware, Inc.
|
|
SPDX-License-Identifier: APACHE-2.0
|
|
*/}}
|
|
|
|
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "harbor.jobservice" . }}
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
app.kubernetes.io/component: jobservice
|
|
{{- if .Values.commonAnnotations }}
|
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
replicas: {{ .Values.jobservice.replicaCount }}
|
|
selector:
|
|
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
|
|
app.kubernetes.io/component: jobservice
|
|
{{- if .Values.jobservice.updateStrategy }}
|
|
strategy: {{- toYaml .Values.jobservice.updateStrategy | nindent 4 }}
|
|
{{- end }}
|
|
template:
|
|
metadata:
|
|
labels: {{- include "common.labels.standard" . | nindent 8 }}
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.podLabels }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.jobservice.podLabels "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
app.kubernetes.io/component: jobservice
|
|
annotations:
|
|
checksum/configmap-env: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm-envvars.yaml") . | sha256sum }}
|
|
checksum/secret-env: {{ include (print $.Template.BasePath "/jobservice/jobservice-secret-envvars.yaml") . | sha256sum }}
|
|
checksum/secret-config: {{ include (print $.Template.BasePath "/jobservice/jobservice-config-secret.yaml") . | sha256sum }}
|
|
checksum/secret: {{ include (print $.Template.BasePath "/jobservice/jobservice-secrets.yaml") . | sha256sum }}
|
|
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
|
|
{{- if and .Values.internalTLS.enabled (not .Values.core.tls.existingSecret) }}
|
|
checksum/tls: {{ include (print $.Template.BasePath "/internal/internal-crt-secret.yaml") . | sha256sum }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.podAnnotations }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.jobservice.podAnnotations "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- include "harbor.imagePullSecrets" . | nindent 6 }}
|
|
automountServiceAccountToken: {{ .Values.jobservice.automountServiceAccountToken }}
|
|
{{- if .Values.jobservice.hostAliases }}
|
|
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.hostAliases "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.affinity }}
|
|
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.affinity "context" $) | nindent 8 }}
|
|
{{- else }}
|
|
affinity:
|
|
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.jobservice.podAffinityPreset "component" "jobservice" "context" $) | nindent 10 }}
|
|
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.jobservice.podAntiAffinityPreset "component" "jobservice" "context" $) | nindent 10 }}
|
|
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.jobservice.nodeAffinityPreset.type "key" .Values.jobservice.nodeAffinityPreset.key "values" .Values.jobservice.nodeAffinityPreset.values) | nindent 10 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.nodeSelector }}
|
|
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.nodeSelector "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.tolerations }}
|
|
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.tolerations "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.topologySpreadConstraints }}
|
|
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.topologySpreadConstraints "context" .) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.priorityClassName }}
|
|
priorityClassName: {{ .Values.jobservice.priorityClassName | quote }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.schedulerName }}
|
|
schedulerName: {{ .Values.jobservice.schedulerName }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.podSecurityContext.enabled }}
|
|
securityContext: {{- omit .Values.jobservice.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
|
{{- end }}
|
|
initContainers:
|
|
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
|
|
- name: volume-permissions
|
|
image: {{ include "harbor.volumePermissions.image" . }}
|
|
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
|
command:
|
|
- /bin/bash
|
|
args:
|
|
- -ec
|
|
- |
|
|
mkdir -p /var/log/jobs
|
|
find /var/log/jobs -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.jobservice.containerSecurityContext.runAsUser }}:{{ .Values.jobservice.podSecurityContext.fsGroup }}
|
|
{{- if .Values.volumePermissions.containerSecurityContext.enabled }}
|
|
securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.volumePermissions.resources }}
|
|
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: job-logs
|
|
mountPath: /var/log/jobs
|
|
subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.subPath }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.initContainers }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.jobservice.initContainers "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: jobservice
|
|
image: {{ include "harbor.jobservice.image" . }}
|
|
imagePullPolicy: {{ .Values.jobservice.image.pullPolicy | quote }}
|
|
{{- if .Values.jobservice.containerSecurityContext.enabled }}
|
|
securityContext: {{- omit .Values.jobservice.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.diagnosticMode.enabled }}
|
|
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
|
|
{{- else if .Values.jobservice.command }}
|
|
command: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.command "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.diagnosticMode.enabled }}
|
|
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
|
|
{{- else if .Values.jobservice.args }}
|
|
args: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.args "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
env:
|
|
- name: BITNAMI_DEBUG
|
|
value: {{ ternary "true" "false" .Values.jobservice.image.debug | quote }}
|
|
- name: CORE_SECRET
|
|
valueFrom:
|
|
{{- if .Values.core.existingSecret }}
|
|
secretKeyRef:
|
|
name: {{ .Values.core.existingSecret }}
|
|
key: secret
|
|
{{- else }}
|
|
secretKeyRef:
|
|
name: {{ include "harbor.core" . }}
|
|
key: secret
|
|
{{- end }}
|
|
- name: JOBSERVICE_SECRET
|
|
valueFrom:
|
|
{{- if .Values.jobservice.existingSecret }}
|
|
secretKeyRef:
|
|
name: {{ .Values.jobservice.existingSecret }}
|
|
key: secret
|
|
{{- else }}
|
|
secretKeyRef:
|
|
name: {{ include "harbor.jobservice" . }}
|
|
key: secret
|
|
{{- end }}
|
|
{{- if .Values.internalTLS.enabled }}
|
|
- name: INTERNAL_TLS_ENABLED
|
|
value: "true"
|
|
- name: INTERNAL_TLS_KEY_PATH
|
|
value: /etc/harbor/ssl/jobservice/tls.key
|
|
- name: INTERNAL_TLS_CERT_PATH
|
|
value: /etc/harbor/ssl/jobservice/tls.crt
|
|
- name: INTERNAL_TLS_TRUST_CA_PATH
|
|
value: /etc/harbor/ssl/jobservice/ca.crt
|
|
{{- end }}
|
|
{{- if .Values.jobservice.extraEnvVars }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.jobservice.extraEnvVars "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
envFrom:
|
|
- configMapRef:
|
|
name: {{ printf "%s-envvars" (include "harbor.jobservice" .) }}
|
|
- secretRef:
|
|
name: {{ printf "%s-envvars" (include "harbor.jobservice" .) }}
|
|
{{- if .Values.jobservice.extraEnvVarsCM }}
|
|
- configMapRef:
|
|
name: {{ include "common.tplvalues.render" (dict "value" .Values.jobservice.extraEnvVarsCM "context" $) }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.extraEnvVarsSecret }}
|
|
- secretRef:
|
|
name: {{ include "common.tplvalues.render" (dict "value" .Values.jobservice.extraEnvVarsSecret "context" $) }}
|
|
{{- end }}
|
|
ports:
|
|
- containerPort: {{ ternary .Values.jobservice.containerPorts.https .Values.jobservice.containerPorts.http .Values.internalTLS.enabled }}
|
|
name: {{ ternary "https" "http" .Values.internalTLS.enabled }}
|
|
{{- if .Values.metrics.enabled }}
|
|
- containerPort: {{ .Values.jobservice.containerPorts.metrics }}
|
|
name: metrics
|
|
{{- end }}
|
|
{{- if not .Values.diagnosticMode.enabled }}
|
|
{{- if .Values.jobservice.customStartupProbe }}
|
|
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.customStartupProbe "context" $) | nindent 12 }}
|
|
{{- else if .Values.jobservice.startupProbe.enabled }}
|
|
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.jobservice.startupProbe "enabled") "context" $) | nindent 12 }}
|
|
tcpSocket:
|
|
port: {{ ternary "https" "http" .Values.internalTLS.enabled }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.customLivenessProbe }}
|
|
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.customLivenessProbe "context" $) | nindent 12 }}
|
|
{{- else if .Values.jobservice.livenessProbe.enabled }}
|
|
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.jobservice.livenessProbe "enabled") "context" $) | nindent 12 }}
|
|
httpGet:
|
|
path: /api/v1/stats
|
|
port: {{ ternary "https" "http" .Values.internalTLS.enabled }}
|
|
scheme: {{ ternary "https" "http" .Values.internalTLS.enabled | upper }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.customReadinessProbe }}
|
|
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.customReadinessProbe "context" $) | nindent 12 }}
|
|
{{- else if .Values.jobservice.readinessProbe.enabled }}
|
|
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.jobservice.readinessProbe "enabled") "context" $) | nindent 12 }}
|
|
httpGet:
|
|
path: /api/v1/stats
|
|
port: {{ ternary "https" "http" .Values.internalTLS.enabled }}
|
|
scheme: {{ ternary "https" "http" .Values.internalTLS.enabled | upper }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.lifecycleHooks }}
|
|
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.jobservice.lifecycleHooks "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.resources }}
|
|
resources: {{- toYaml .Values.jobservice.resources | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: jobservice-config
|
|
mountPath: /etc/jobservice/config.yml
|
|
subPath: config.yml
|
|
- name: job-logs
|
|
mountPath: /var/log/jobs
|
|
subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.subPath }}
|
|
- name: jobservice-scandata
|
|
mountPath: /var/scandata_exports
|
|
subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.scanData.subPath }}
|
|
{{- if .Values.internalTLS.enabled }}
|
|
- name: internal-tls-certs
|
|
mountPath: /etc/harbor/ssl/jobservice
|
|
{{- end }}
|
|
{{- if .Values.internalTLS.caBundleSecret }}
|
|
{{- include "harbor.caBundleVolumeMount" . | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.extraVolumeMounts }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.jobservice.extraVolumeMounts "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.sidecars }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.jobservice.sidecars "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: jobservice-config
|
|
secret:
|
|
secretName: {{ include "harbor.jobservice" . }}-config
|
|
- name: job-logs
|
|
{{- if and .Values.persistence.enabled (eq .Values.jobservice.jobLogger "file") }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.persistence.persistentVolumeClaim.jobservice.existingClaim | default (include "harbor.jobservice" .) }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
- name: jobservice-scandata
|
|
{{- if and .Values.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.persistence.persistentVolumeClaim.jobservice.scanData.existingClaim | default (include "harbor.jobserviceScanData" .) }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- if .Values.internalTLS.caBundleSecret }}
|
|
{{- include "harbor.caBundleVolume" . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.internalTLS.enabled }}
|
|
- name: internal-tls-certs
|
|
secret:
|
|
secretName: {{ include "harbor.jobservice.tls.secretName" . }}
|
|
{{- end }}
|
|
{{- if .Values.jobservice.extraVolumes }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.jobservice.extraVolumes "context" $) | nindent 8 }}
|
|
{{- end }}
|