apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "nexus.fullname" . }} labels: {{ include "nexus.labels" . | indent 4 }} {{- if .Values.nexus.extraLabels }} {{- with .Values.nexus.extraLabels }} {{ toYaml . | indent 4 }} {{- end }} {{- end }} {{- if .Values.deployment.annotations }} annotations: {{ toYaml .Values.deployment.annotations | nindent 4 }} {{- end }} spec: replicas: 1 strategy: type: {{ .Values.deploymentStrategy }} selector: matchLabels: {{- include "nexus.selectorLabels" . | nindent 6 }} {{- if .Values.nexus.extraSelectorLabels }} {{- with .Values.nexus.extraSelectorLabels }} {{ toYaml . | indent 6 }} {{- end }} {{- end }} template: metadata: annotations: checksum/configmap-properties: {{ include (print .Template.BasePath "/configmap-properties.yaml") $ | sha256sum }} {{- if .Values.nexus.podAnnotations }} {{ toYaml .Values.nexus.podAnnotations | nindent 8}} {{- end }} labels: {{- include "nexus.selectorLabels" . | nindent 8 }} spec: serviceAccountName: {{ include "nexus.serviceAccountName" . }} {{- if .Values.deployment.initContainers }} initContainers: {{ toYaml .Values.deployment.initContainers | nindent 6 }} {{- end }} {{- if .Values.nexus.nodeSelector }} nodeSelector: {{ toYaml .Values.nexus.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.nexus.hostAliases }} hostAliases: {{ toYaml .Values.nexus.hostAliases | nindent 8 }} {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.deployment.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false runAsNonRoot: true seccompProfile: type: RuntimeDefault capabilities: drop: - ALL lifecycle: {{- if .Values.deployment.postStart.command }} postStart: exec: command: {{ .Values.deployment.postStart.command }} {{- end }} env: {{ toYaml .Values.nexus.env | nindent 12 }} envFrom: {{ toYaml .Values.nexus.envFrom | nindent 12 }} resources: {{ toYaml .Values.nexus.resources | nindent 12 }} ports: - name: nexus-ui containerPort: {{ .Values.nexus.nexusPort }} {{- if .Values.nexus.docker.enabled }} {{- range .Values.nexus.docker.registries }} - name: docker-{{ .port }} containerPort: {{ .port }} {{- end }} {{- end }} livenessProbe: httpGet: path: {{ .Values.nexus.livenessProbe.path }} port: {{ .Values.nexus.nexusPort }} initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }} failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }} {{- if .Values.nexus.livenessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }} {{- end }} readinessProbe: httpGet: path: {{ .Values.nexus.readinessProbe.path }} port: {{ .Values.nexus.nexusPort }} initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }} failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }} {{- if .Values.nexus.readinessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }} {{- end }} volumeMounts: - mountPath: /nexus-data name: {{ template "nexus.name" . }}-data {{- if .Values.config.enabled }} - mountPath: {{ .Values.config.mountPath }} name: {{ template "nexus.name" . }}-conf {{- end }} {{- if .Values.nexus.properties.override }} - mountPath: /nexus-data/etc/nexus.properties name: {{ template "nexus.name" . }}-properties subPath: nexus.properties {{- end }} {{- if .Values.secret.enabled }} - mountPath: {{ .Values.secret.mountPath }} name: {{ template "nexus.name" . }}-secret readOnly: {{ .Values.secret.readOnly }} {{- end }} {{- if .Values.deployment.additionalVolumeMounts}} {{ toYaml .Values.deployment.additionalVolumeMounts | nindent 12 }} {{- end }} {{- if .Values.deployment.additionalContainers }} {{ toYaml .Values.deployment.additionalContainers | nindent 8 }} {{- end }} {{- if .Values.nexus.securityContext }} securityContext: {{ toYaml .Values.nexus.securityContext | nindent 8 }} {{- end }} volumes: - name: {{ template "nexus.name" . }}-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }} {{- else }} emptyDir: {} {{- end }} {{- if .Values.config.enabled }} - name: {{ template "nexus.name" . }}-conf configMap: name: {{ template "nexus.name" . }}-conf {{- end }} {{- if .Values.nexus.properties.override }} - name: {{ template "nexus.name" . }}-properties configMap: name: {{ template "nexus.name" . }}-properties items: - key: nexus.properties path: nexus.properties {{- end }} {{- if .Values.secret.enabled }} - name: {{ template "nexus.name" . }}-secret secret: secretName: {{ template "nexus.name" . }}-secret {{- end }} {{- if .Values.deployment.additionalVolumes }} {{ toYaml .Values.deployment.additionalVolumes | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{ toYaml . | nindent 8 }} {{- end }}