apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }} namespace: {{ .Values.namespaces.nexusNs }} labels: app: nxrm spec: replicas: 1 selector: matchLabels: app: nxrm template: metadata: labels: app: nxrm spec: serviceAccountName: {{ .Values.serviceAccount.name }} initContainers: # chown nexus-data to 'nexus' user and init log directories/files for a new pod # otherwise the side car containers will crash a couple of times and backoff whilst waiting # for nxrm-app to start and this increases the total start up time. - name: chown-nexusdata-owner-to-nexus-and-init-log-dir image: {{ .Values.deployment.initContainer.image.repository }}:{{ .Values.deployment.initContainer.image.tag }} command: [/bin/sh] args: - -c - >- mkdir -p /nexus-data/etc/logback && mkdir -p /nexus-data/log/tasks && mkdir -p /nexus-data/log/audit && touch -a /nexus-data/log/tasks/allTasks.log && touch -a /nexus-data/log/audit/audit.log && touch -a /nexus-data/log/request.log && chown -R '200:200' /nexus-data volumeMounts: - name: nexusdata mountPath: /nexus-data containers: - name: nxrm-app image: {{ .Values.deployment.container.image.repository }}:{{ .Values.deployment.container.image.tag }} securityContext: runAsUser: 200 imagePullPolicy: {{ .Values.deployment.container.pullPolicy }} ports: - containerPort: {{ .Values.deployment.container.containerPort }} env: - name: DB_NAME value: "{{ .Values.deployment.container.env.nexusDBName }}" - name: DB_PASSWORD valueFrom: secretKeyRef: name: nxrm-db-secret key: db-password - name: DB_USER valueFrom: secretKeyRef: name: nxrm-db-secret key: db-user - name: DB_HOST valueFrom: secretKeyRef: name: nxrm-db-secret key: db-host - name: NEXUS_SECURITY_INITIAL_PASSWORD valueFrom: secretKeyRef: name: nxrm-admin-secret key: nexus-admin-password - name: NEXUS_SECURITY_RANDOMPASSWORD value: "false" - name: INSTALL4J_ADD_VM_PARAMS value: "{{ .Values.deployment.container.env.install4jAddVmParams }} -Dnexus.licenseFile=/nxrm-secrets/{{ .Values.secret.license.alias }} \ -Dnexus.datastore.enabled=true -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs \ -Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://${DB_HOST}:{{ .Values.deployment.container.env.nexusDBPort }}/${DB_NAME} \ -Dnexus.datastore.nexus.username=${DB_USER} \ -Dnexus.datastore.nexus.password=${DB_PASSWORD}" volumeMounts: - mountPath: /nxrm-secrets name: nxrm-secrets - name: nexusdata mountPath: /nexus-data - name: logback-tasklogfile-override mountPath: /nexus-data/etc/logback/logback-tasklogfile-appender-override.xml subPath: logback-tasklogfile-appender-override.xml - name: request-log image: {{ .Values.deployment.requestLogContainer.image.repository }}:{{ .Values.deployment.requestLogContainer.image.tag }} args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/request.log'] volumeMounts: - name: nexusdata mountPath: /nexus-data - name: audit-log image: {{ .Values.deployment.auditLogContainer.image.repository }}:{{ .Values.deployment.auditLogContainer.image.tag }} args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/audit/audit.log'] volumeMounts: - name: nexusdata mountPath: /nexus-data - name: tasks-log image: {{ .Values.deployment.taskLogContainer.image.repository }}:{{ .Values.deployment.taskLogContainer.image.tag }} args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/tasks/allTasks.log'] volumeMounts: - name: nexusdata mountPath: /nexus-data volumes: - name: nexusdata persistentVolumeClaim: claimName: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-ebs-claim - name: nxrm-secrets csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-secret fsType: ext4 - name: logback-tasklogfile-override configMap: name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-logback-tasklogfile-override items: - key: logback-tasklogfile-appender-override.xml path: logback-tasklogfile-appender-override.xml