nhyatt/nxrm3-helm-repository
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nxrm3-helm-repository/nexus-repository-manager/templates/deployment.yaml
John M Flinchbaugh c8b1ad3059
INT-7432 security context for openshift (#34) 
OpenShift requires the red hat image (optional)
and these security settings to alleviate warnings.

These changes are fine for other k8s implementations
like minikube using the stock container from docker hub.
2022-11-17 11:05:22 -05:00

171 lines
6.6 KiB
YAML
Raw Permalink Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "nexus.fullname" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.extraLabels }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.deployment.annotations }}
annotations:
{{ toYaml .Values.deployment.annotations | nindent 4 }}
{{- end }}
spec:
replicas: 1
strategy:
type: {{ .Values.deploymentStrategy }}
selector:
matchLabels:
{{- include "nexus.selectorLabels" . | nindent 6 }}
{{- if .Values.nexus.extraSelectorLabels }}
{{- with .Values.nexus.extraSelectorLabels }}
{{ toYaml . | indent 6 }}
{{- end }}
{{- end }}
template:
metadata:
annotations:
checksum/configmap-properties: {{ include (print .Template.BasePath "/configmap-properties.yaml") $ | sha256sum }}
{{- if .Values.nexus.podAnnotations }}
{{ toYaml .Values.nexus.podAnnotations | nindent 8}}
{{- end }}
labels:
{{- include "nexus.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "nexus.serviceAccountName" . }}
{{- if .Values.deployment.initContainers }}
initContainers:
{{ toYaml .Values.deployment.initContainers | nindent 6 }}
{{- end }}
{{- if .Values.nexus.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nexus.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.nexus.hostAliases }}
hostAliases:
{{ toYaml .Values.nexus.hostAliases | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.deployment.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
lifecycle:
{{- if .Values.deployment.postStart.command }}
postStart:
exec:
command: {{ .Values.deployment.postStart.command }}
{{- end }}
env:
{{ toYaml .Values.nexus.env | nindent 12 }}
envFrom:
{{ toYaml .Values.nexus.envFrom | nindent 12 }}
resources:
{{ toYaml .Values.nexus.resources | nindent 12 }}
ports:
- name: nexus-ui
containerPort: {{ .Values.nexus.nexusPort }}
{{- if .Values.nexus.docker.enabled }}
{{- range .Values.nexus.docker.registries }}
- name: docker-{{ .port }}
containerPort: {{ .port }}
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: {{ .Values.nexus.livenessProbe.path }}
port: {{ .Values.nexus.nexusPort }}
initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }}
{{- if .Values.nexus.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }}
{{- end }}
readinessProbe:
httpGet:
path: {{ .Values.nexus.readinessProbe.path }}
port: {{ .Values.nexus.nexusPort }}
initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }}
{{- if .Values.nexus.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }}
{{- end }}
volumeMounts:
- mountPath: /nexus-data
name: {{ template "nexus.name" . }}-data
{{- if .Values.config.enabled }}
- mountPath: {{ .Values.config.mountPath }}
name: {{ template "nexus.name" . }}-conf
{{- end }}
{{- if .Values.nexus.properties.override }}
- mountPath: /nexus-data/etc/nexus.properties
name: {{ template "nexus.name" . }}-properties
subPath: nexus.properties
{{- end }}
{{- if .Values.secret.enabled }}
- mountPath: {{ .Values.secret.mountPath }}
name: {{ template "nexus.name" . }}-secret
readOnly: {{ .Values.secret.readOnly }}
{{- end }}
{{- if .Values.deployment.additionalVolumeMounts}}
{{ toYaml .Values.deployment.additionalVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.deployment.additionalContainers }}
{{ toYaml .Values.deployment.additionalContainers | nindent 8 }}
{{- end }}
{{- if .Values.nexus.securityContext }}
securityContext:
{{ toYaml .Values.nexus.securityContext | nindent 8 }}
{{- end }}
volumes:
- name: {{ template "nexus.name" . }}-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.config.enabled }}
- name: {{ template "nexus.name" . }}-conf
configMap:
name: {{ template "nexus.name" . }}-conf
{{- end }}
{{- if .Values.nexus.properties.override }}
- name: {{ template "nexus.name" . }}-properties
configMap:
name: {{ template "nexus.name" . }}-properties
items:
- key: nexus.properties
path: nexus.properties
{{- end }}
{{- if .Values.secret.enabled }}
- name: {{ template "nexus.name" . }}-secret
secret:
secretName: {{ template "nexus.name" . }}-secret
{{- end }}
{{- if .Values.deployment.additionalVolumes }}
{{ toYaml .Values.deployment.additionalVolumes | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | nindent 8 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink