charts/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml

{{- if .Values.chartmuseum.enabled }}
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
  name: {{ include "harbor.chartmuseum" . }}
  labels: {{- include "common.labels.standard" . | nindent 4 }}
    {{- if .Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- end }}
    app.kubernetes.io/component: chartmuseum
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.chartmuseum.replicas }}
  {{- if .Values.chartmuseum.updateStrategy }}
  strategy: {{- toYaml .Values.chartmuseum.updateStrategy | nindent 4 }}
  {{- end }}
  selector:
    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
      app.kubernetes.io/component: chartmuseum
  template:
    metadata:
      labels: {{- include "common.labels.matchLabels" . | nindent 8 }}
        {{- if .Values.commonLabels }}
        {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
        {{- end }}
        {{- if .Values.chartmuseum.podLabels }}
        {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.podLabels "context" $) | nindent 8 }}
        {{- end }}
        app.kubernetes.io/component: chartmuseum
      annotations:
        checksum/configmap-envvars: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm-envvars.yaml") . | sha256sum }}
        checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }}
        checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
        {{- if and .Values.internalTLS.enabled (not .Values.chartmuseum.tls.existingSecret) }}
        checksum/tls: {{ include (print $.Template.BasePath "/internal/internal-crt-secret.yaml") . | sha256sum }}
        {{- end }}
        {{- if .Values.chartmuseum.podAnnotations }}
        {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.podAnnotations "context" $) | nindent 8 }}
        {{- end }}
    spec:
      {{- include "harbor.imagePullSecrets" . | nindent 6 }}
      {{- if .Values.chartmuseum.affinity }}
      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.affinity "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.chartmuseum.nodeSelector }}
      nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.nodeSelector "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.chartmuseum.tolerations }}
      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.tolerations "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.podSecurityContext }}
      securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.podSecurityContext "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.chartmuseum.initContainers }}
      initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.initContainers "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.chartmuseum.hostAliases }}
      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.hostAliases "context" $) | nindent 8 }}
      {{- end }}
      containers:
        - name: chartmuseum
          image: {{ include "harbor.chartMuseumImage" . }}
          imagePullPolicy: {{ .Values.chartMuseumImage.pullPolicy | quote }}
          {{- if .Values.containerSecurityContext }}
          securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.chartmuseum.command }}
          command: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.command "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.chartmuseum.args }}
          args: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.args "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.chartmuseum.lifecycleHooks }}
          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.lifecycleHooks "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.chartmuseum.resources }}
          resources: {{- toYaml .Values.chartmuseum.resources | nindent 12 }}
          {{- end }}
          {{- if .Values.chartmuseum.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /health
              port: http
              scheme: {{ include "harbor.component.scheme" . | upper }}
            initialDelaySeconds: {{ .Values.chartmuseum.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.chartmuseum.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.chartmuseum.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.chartmuseum.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.chartmuseum.livenessProbe.failureThreshold }}
          {{- else if .Values.chartmuseum.customLivenessProbe }}
          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.customLivenessProbe "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.chartmuseum.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /health
              port: http
              scheme: {{ include "harbor.component.scheme" . | upper }}
            initialDelaySeconds: {{ .Values.chartmuseum.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.chartmuseum.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.chartmuseum.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.chartmuseum.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.chartmuseum.readinessProbe.failureThreshold }}
          {{- else if .Values.chartmuseum.customReadinessProbe }}
          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.customReadinessProbe "context" $) | nindent 12 }}
          {{- end }}
          envFrom:
            - configMapRef:
                name: {{ include "harbor.chartmuseum" . }}-envvars
            - secretRef:
                name: {{ include "harbor.chartmuseum" . }}-secret
            {{- if .Values.chartmuseum.extraEnvVarsCM }}
            - configMapRef:
                name: {{ include "common.tplvalues.render" (dict "value" .Values.chartmuseum.extraEnvVarsCM "context" $) }}
            {{- end }}
            {{- if .Values.chartmuseum.extraEnvVarsSecret }}
            - secretRef:
                name: {{ include "common.tplvalues.render" (dict "value" .Values.chartmuseum.extraEnvVarsSecret "context" $) }}
            {{- end }}
          env:
            - name: DEBUG
              value: {{ ternary "1" "0" .Values.chartMuseumImage.debug | quote }}
            {{- if has "chartmuseum" .Values.proxy.components }}
            - name: HTTP_PROXY
              value: {{ .Values.proxy.httpProxy | quote  }}
            - name: HTTPS_PROXY
              value: {{ .Values.proxy.httpsProxy | quote }}
            - name: NO_PROXY
              value: {{ include "harbor.noProxy" . | quote }}
            {{- end }}
            {{- if .Values.internalTLS.enabled }}
            - name: INTERNAL_TLS_ENABLED
              value: "true"
            - name: INTERNAL_TLS_KEY_PATH
              value: /etc/harbor/ssl/chartmuseum/tls.key
            - name: INTERNAL_TLS_CERT_PATH
              value: /etc/harbor/ssl/chartmuseum/tls.crt
            - name: INTERNAL_TLS_TRUST_CA_PATH
              value: /etc/harbor/ssl/chartmuseum/ca.crt
            {{- end }}
            {{- if .Values.chartmuseum.extraEnvVars }}
            {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.extraEnvVars "context" $) | nindent 12 }}
            {{- end }}
            - name: BASIC_AUTH_PASS
              valueFrom:
                secretKeyRef:
                  # Take the password from the core component secret
                  name: {{ include "harbor.core" . }}
                  key: secret
          ports:
            - containerPort: {{ include "harbor.chartmuseum.containerPort" .  }}
              name: http
          volumeMounts:
            - name: chartmuseum-data
              mountPath: /bitnami/data
              subPath: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.subPath }}
            {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }}
            - name: gcs-key
              mountPath: /etc/chartmuseum/gcs-key.json
              subPath: gcs-key.json
            {{- end }}
            {{- if .Values.internalTLS.enabled }}
            - name: internal-tls-certs
              mountPath: /etc/harbor/ssl/chartmuseum
            {{- end }}
            {{- if .Values.persistence.imageChartStorage.caBundleSecretName }}
            - name: storage-service-ca
              mountPath: /harbor_cust_cert/ca-bundle.crt
              subPath: ca.crt
            {{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolumeMount" . | indent 12 }}
            {{- end }}
            {{- end }}
            {{- if .Values.chartmuseum.extraVolumeMounts }}
            {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.extraVolumeMounts "context" $) | nindent 12 }}
            {{- end }}
        {{- if .Values.chartmuseum.sidecars }}
        {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.sidecars "context" $) | nindent 8 }}
        {{- end }}
      volumes:
        - name: chartmuseum-data
        {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }}
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }}
        {{- else }}
          emptyDir: {}
        {{- end }}
        {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }}
        - name: gcs-key
          secret:
            secretName: {{ include "harbor.chartmuseum" . }}-secret
            items:
              - key: GCS_KEY_DATA
                path: gcs-key.json
        {{- end }}
        {{- if .Values.persistence.imageChartStorage.caBundleSecretName }}
        - name: storage-service-ca
          secret:
            secretName: {{ .Values.persistence.imageChartStorage.caBundleSecretName }}
        {{- end }}
        {{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolume" . | indent 8 }}
        {{- end }}
        {{- if .Values.internalTLS.enabled }}
        - name: internal-tls-certs
          secret:
            secretName: {{ include "harbor.chartmuseum.tls.secretName" . }}
        {{- end }}
      {{- if .Values.chartmuseum.extraVolumes }}
      {{- include "common.tplvalues.render" (dict "value" .Values.chartmuseum.extraVolumes "context" $) | nindent 6 }}
      {{- end }}
{{- end }}