apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "artifactory-ha.primary.name" . }} labels: app: {{ template "artifactory-ha.name" . }} chart: {{ template "artifactory-ha.chart" . }} component: {{ .Values.artifactory.name }} version: {{ default .Chart.AppVersion .Values.artifactory.image.version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} {{- with .Values.artifactory.primary.labels }} {{ toYaml . | indent 4 }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md), pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x." .Values.databaseUpgradeReady | quote }} {{- end }} spec: serviceName: {{ template "artifactory-ha.primary.name" . }} replicas: 1 updateStrategy: type: RollingUpdate selector: matchLabels: app: {{ template "artifactory-ha.name" . }} role: {{ template "artifactory-ha.primary.name" . }} release: {{ .Release.Name }} template: metadata: labels: app: {{ template "artifactory-ha.name" . }} chart: {{ template "artifactory-ha.chart" . }} role: {{ template "artifactory-ha.primary.name" . }} component: {{ .Values.artifactory.name }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} {{- with .Values.artifactory.primary.labels }} {{ toYaml . | indent 8 }} {{- end }} annotations: checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} {{- if .Values.access.accessConfig }} checksum/access-config: {{ include (print $.Template.BasePath "/artifactory-access-config.yaml") . | sha256sum }} {{- end }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} {{- end }} {{- if not (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} checksum/admin-creds: {{ include (print $.Template.BasePath "/admin-bootstrap-creds.yaml") . | sha256sum }} {{- end }} {{- range $key, $value := .Values.artifactory.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: {{- if .Values.artifactory.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} {{- else -}} {{- if .Values.artifactory.priorityClass.create }} priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} {{- end }} {{- end }} serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} {{- if .Values.imagePullSecrets }} imagePullSecrets: - name: {{ .Values.imagePullSecrets }} {{- end }} securityContext: runAsUser: {{ .Values.artifactory.uid }} fsGroup: {{ .Values.artifactory.uid }} initContainers: {{- if .Values.artifactory.customInitContainersBegin }} {{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }} {{- end }} {{- if .Values.artifactory.persistence.enabled }} {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - name: "create-artifactory-data-dir" image: "{{ .Values.initContainerImage }}" imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: - 'sh' - '-c' - > mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; volumeMounts: - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} name: volume {{- end }} {{- end }} {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - name: "delete-db-properties" image: "{{ .Values.initContainerImage }}" imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: - 'sh' - '-c' - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' volumeMounts: - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} name: volume {{- end }} - name: "remove-lost-found" image: "{{ .Values.initContainerImage }}" imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: - 'sh' - '-c' - > rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; volumeMounts: - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - name: artifactory-ha-data-{{ $sharedClaimNumber }} mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" {{- end }} - name: artifactory-ha-backup mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" {{- end }} {{- end }} {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - name: "access-bootstrap-creds" image: "{{ .Values.initContainerImage }}" imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: - 'sh' - '-c' - > echo "Preparing {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; chmod 600 {{ .Values.artifactory.persistence.mountPath }}/etc/access/bootstrap.creds; volumeMounts: - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: access-bootstrap-creds mountPath: "/tmp/access/bootstrap.creds" {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} subPath: {{ .Values.artifactory.admin.dataKey }} {{- else }} subPath: bootstrap.creds {{- end }} {{- end }} {{- end }} - name: 'copy-system-yaml' image: '{{ .Values.initContainerImage }}' resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: - '/bin/sh' - '-c' - > echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; {{- if .Values.access.accessConfig }} echo "Copy access.config.latest.yml to {{ .Values.artifactory.persistence.mountPath }}/etc"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access; cp -fv /tmp/etc/access.config.import.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.import.yml; {{- end }} {{- if .Values.access.resetAccessCAKeys }} echo "Resetting Access CA Keys"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; touch {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/reset_ca_keys; {{- end }} {{- if .Values.access.customCertificatesSecretName }} echo "Copying custom certificates to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys; cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt; cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key; {{- end }} {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName }} echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security; echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key; {{- end }} {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; {{- end }} env: {{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName}} - name: ARTIFACTORY_JOIN_KEY valueFrom: secretKeyRef: name: "{{ .Values.artifactory.joinKeySecretName | default (include "artifactory-ha.fullname" .) }}" key: join-key {{- end }} {{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }} - name: ARTIFACTORY_MASTER_KEY valueFrom: secretKeyRef: name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}" key: master-key {{- end }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - name: systemyaml mountPath: "/tmp/etc/system.yaml" subPath: system.yaml {{- if .Values.access.accessConfig }} - name: access-config mountPath: "/tmp/etc/access.config.import.yml" subPath: access.config.import.yml {{- end }} {{- if .Values.access.customCertificatesSecretName }} - name: access-certs mountPath: "/tmp/etc/tls.crt" subPath: tls.crt - name: access-certs mountPath: "/tmp/etc/tls.key" subPath: tls.key {{- end }} {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - name: "prepare-custom-persistent-volume" image: "{{ .Values.initContainerImage }}" resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: - 'sh' - '-c' - > chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} securityContext: runAsUser: 0 resources: {{ toYaml .Values.initContainers.resources | indent 10 }} volumeMounts: - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} {{- end }} {{- if .Values.waitForDatabase }} {{- if or .Values.postgresql.enabled }} - name: "wait-for-db" image: "{{ .Values.initContainerImage }}" command: - 'sh' - '-c' - > until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do sleep 2; done; resources: {{ toYaml .Values.initContainers.resources | indent 10 }} {{- end }} {{- end }} {{- if .Values.artifactory.customInitContainers }} {{ tpl .Values.artifactory.customInitContainers . | indent 6 }} {{- end }} {{- if .Values.artifactory.migration.enabled }} - name: 'migration-artifactory-ha' image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} resources: {{ toYaml .Values.artifactory.primary.resources | indent 10 }} securityContext: allowPrivilegeEscalation: false command: - '/bin/bash' - '-c' - > {{- if .Values.artifactory.migration.preStartCommand }} echo "Running custom preStartCommand command"; {{ tpl .Values.artifactory.migration.preStartCommand . }}; {{- end }} scriptsPath="/opt/jfrog/artifactory/app/bin"; mkdir -p $scriptsPath; echo "Copy migration scripts and Run migration"; cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.version }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; env: {{- if or .Values.database.secrets.user .Values.database.user }} - name: JF_SHARED_DATABASE_USERNAME valueFrom: secretKeyRef: {{- if .Values.database.secrets.user }} name: {{ tpl .Values.database.secrets.user.name . }} key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} name: {{ template "artifactory-ha.fullname" . }}-database-creds key: db-user {{- end }} {{- end }} {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - name: JF_SHARED_DATABASE_PASSWORD valueFrom: secretKeyRef: {{- if .Values.database.secrets.password }} name: {{ tpl .Values.database.secrets.password.name . }} key: {{ tpl .Values.database.secrets.password.key . }} {{- else if .Values.database.password }} name: {{ template "artifactory-ha.fullname" . }}-database-creds key: db-password {{- else if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql key: postgresql-password {{- end }} {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: secretKeyRef: {{- if .Values.database.secrets.url }} name: {{ tpl .Values.database.secrets.url.name . }} key: {{ tpl .Values.database.secrets.url.key . }} {{- else if .Values.database.url }} name: {{ template "artifactory-ha.fullname" . }}-database-creds key: db-url {{- end }} {{- end }} - name: JF_SHARED_NODE_PRIMARY value: "true" - name: JF_SHARED_NODE_HAENABLED value: "true" {{- with .Values.artifactory.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: migration-scripts mountPath: "/tmp/migrate.sh" subPath: migrate.sh - name: migration-scripts mountPath: "/tmp/migrationHelmInfo.yaml" subPath: migrationHelmInfo.yaml - name: migration-scripts mountPath: "/tmp/migrationStatus.sh" subPath: migrationStatus.sh - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - name: artifactory-ha-data-{{ $sharedClaimNumber }} mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" {{- end }} - name: artifactory-ha-backup mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" {{- end }} {{- end }} {{- if .Values.artifactory.customVolumeMounts }} {{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} {{- end }} {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-ha-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} {{- if .Values.artifactory.binarystore.enabled }} - name: binarystore-xml mountPath: "/artifactory_bootstrap/binarystore.xml" subPath: binarystore.xml {{- end }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - name: gcpcreds-json mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json {{- end }} {{- end }} {{- end }} containers: - name: {{ .Values.artifactory.name }} image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}' imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false command: - '/bin/bash' - '-c' - > set -e; if [ -d /artifactory_extra_conf ] && [ -d /artifactory_bootstrap ]; then echo "Copying bootstrap config from /artifactory_extra_conf to /artifactory_bootstrap"; cp -Lrfv /artifactory_extra_conf/ /artifactory_bootstrap/; fi; {{- if .Values.artifactory.configMapName }} echo "Copying bootstrap configs"; cp -Lrf /bootstrap/* /artifactory_bootstrap/; {{- end }} {{- if .Values.artifactory.userPluginSecrets }} echo "Copying plugins"; cp -Lrf /tmp/plugin/*/* /artifactory_bootstrap/plugins; {{- end }} {{- range .Values.artifactory.copyOnEveryStartup }} {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} {{- $baseDirectory := regexFind ".*/" $targetPath }} mkdir -p {{ $baseDirectory }}; cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; {{- end }} {{- with .Values.artifactory.preStartCommand }} echo "Running custom preStartCommand command"; {{ tpl . $ }}; {{- end }} {{- with .Values.artifactory.primary.preStartCommand }} echo "Running primary specific custom preStartCommand command"; {{ tpl . $ }}; {{- end }} exec /entrypoint-artifactory.sh lifecycle: postStart: exec: command: - '/bin/bash' - '-c' - > echo; {{- with .Values.artifactory.postStartCommand }} {{ tpl . $ }} {{- end }} env: {{- if or .Values.database.secrets.user .Values.database.user }} - name: JF_SHARED_DATABASE_USERNAME valueFrom: secretKeyRef: {{- if .Values.database.secrets.user }} name: {{ tpl .Values.database.secrets.user.name . }} key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} name: {{ template "artifactory-ha.fullname" . }}-database-creds key: db-user {{- end }} {{- end }} {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - name: JF_SHARED_DATABASE_PASSWORD valueFrom: secretKeyRef: {{- if .Values.database.secrets.password }} name: {{ tpl .Values.database.secrets.password.name . }} key: {{ tpl .Values.database.secrets.password.key . }} {{- else if .Values.database.password }} name: {{ template "artifactory-ha.fullname" . }}-database-creds key: db-password {{- else if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql key: postgresql-password {{- end }} {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: secretKeyRef: {{- if .Values.database.secrets.url }} name: {{ tpl .Values.database.secrets.url.name . }} key: {{ tpl .Values.database.secrets.url.key . }} {{- else if .Values.database.url }} name: {{ template "artifactory-ha.fullname" . }}-database-creds key: db-url {{- end }} {{- end }} - name: JF_SHARED_NODE_PRIMARY value: "true" - name: JF_SHARED_NODE_HAENABLED value: "true" {{- with .Values.artifactory.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} ports: - containerPort: {{ .Values.artifactory.internalPort }} - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} {{- end }} {{- if .Values.artifactory.ssh.enabled }} - containerPort: {{ .Values.artifactory.ssh.internalPort }} {{- end }} volumeMounts: {{- if .Values.artifactory.customPersistentVolumeClaim }} - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} {{- end }} {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} {{- end }} {{- if .Values.artifactory.userPluginSecrets }} - name: bootstrap-plugins mountPath: "/artifactory_bootstrap/plugins/" {{- range .Values.artifactory.userPluginSecrets }} - name: {{ tpl . $ }} mountPath: "/tmp/plugin/{{ tpl . $ }}" {{- end }} {{- end }} - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - name: artifactory-ha-data-{{ $sharedClaimNumber }} mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" {{- end }} - name: artifactory-ha-backup mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" {{- end }} {{- end }} {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-ha-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} {{- if .Values.artifactory.binarystore.enabled }} - name: binarystore-xml mountPath: "/artifactory_bootstrap/binarystore.xml" subPath: binarystore.xml {{- end }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - name: gcpcreds-json mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json {{- end }} {{- end }} {{- if .Values.artifactory.configMapName }} - name: bootstrap-config mountPath: "/bootstrap/" {{- end }} {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - name: artifactory-license mountPath: "/artifactory_bootstrap/artifactory.cluster.license" {{- if .Values.artifactory.license.secret }} subPath: {{ .Values.artifactory.license.dataKey }} {{- else if .Values.artifactory.license.licenseKey }} subPath: artifactory.lic {{- end }} {{- end }} - name: installer-info mountPath: "/artifactory_bootstrap/info/installer-info.json" subPath: installer-info.json {{- if .Values.artifactory.customVolumeMounts }} {{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }} {{- end }} resources: {{ toYaml .Values.artifactory.primary.resources | indent 10 }} {{- if .Values.artifactory.readinessProbe.enabled }} readinessProbe: httpGet: path: {{ .Values.artifactory.readinessProbe.path }} scheme: {{ include "artifactory-ha.scheme" . | upper }} port: {{ .Values.artifactory.internalPort }} initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }} failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }} successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }} {{- end }} {{- if .Values.artifactory.livenessProbe.enabled }} livenessProbe: httpGet: path: {{ .Values.artifactory.livenessProbe.path }} scheme: {{ include "artifactory-ha.scheme" . | upper }} port: {{ .Values.artifactory.internalPort }} initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }} failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }} successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }} {{- end }} {{- $image := .Values.logger.image.repository }} {{- $tag := .Values.logger.image.tag }} {{- $mountPath := .Values.artifactory.persistence.mountPath }} {{- range .Values.artifactory.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: '{{ $image }}:{{ $tag }}' command: - 'sh' - '-c' - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' volumeMounts: - name: volume mountPath: {{ $mountPath }} - name: tail-logger-script mountPath: /scripts/tail-log.sh subPath: tail-log.sh resources: {{ toYaml $.Values.artifactory.loggersResources | indent 10 }} {{- end }} {{ if .Values.artifactory.catalinaLoggers }} {{- range .Values.artifactory.catalinaLoggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: '{{ $image }}:{{ $tag }}' command: - 'sh' - '-c' - 'sh /scripts/tail-log.sh {{ $mountPath }}/log/tomcat {{ . }}' volumeMounts: - name: volume mountPath: {{ $mountPath }} - name: tail-logger-script mountPath: /scripts/tail-log.sh subPath: tail-log.sh resources: {{ toYaml $.Values.artifactory.catalinaLoggersResources | indent 10 }} {{- end }} {{- end }} {{- if .Values.filebeat.enabled }} - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} args: - "-e" - "-E" - "http.enabled=true" securityContext: runAsUser: 0 volumeMounts: - name: filebeat-config mountPath: /usr/share/filebeat/filebeat.yml readOnly: true subPath: filebeat.yml - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" livenessProbe: {{ toYaml .Values.filebeat.livenessProbe | indent 10 }} readinessProbe: {{ toYaml .Values.filebeat.readinessProbe | indent 10 }} resources: {{ toYaml .Values.filebeat.resources | indent 10 }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} {{- end }} {{- if .Values.artifactory.customSidecarContainers }} {{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }} {{- end }} {{- with .Values.artifactory.primary.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- if .Values.artifactory.primary.affinity }} {{- with .Values.artifactory.primary.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} labelSelector: matchLabels: app: {{ template "artifactory-ha.name" . }} release: {{ .Release.Name }} {{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }} labelSelector: matchLabels: app: {{ template "artifactory-ha.name" . }} release: {{ .Release.Name }} {{- end }} {{- with .Values.artifactory.primary.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} volumes: {{- if .Values.artifactory.binarystore.enabled }} - name: binarystore-xml secret: {{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }} secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }} {{- else }} secretName: {{ template "artifactory-ha.fullname" . }}-binarystore {{- end }} {{- end }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - name: gcpcreds-json secret: {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} {{- else }} secretName: {{ template "artifactory-ha.fullname" . }}-gcpcreds {{- end }} {{- end }} {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - name: artifactory-license secret: {{- if .Values.artifactory.license.secret }} secretName: {{ .Values.artifactory.license.secret }} {{- else if .Values.artifactory.license.licenseKey }} secretName: {{ template "artifactory-ha.fullname" . }}-license {{- end }} {{- end }} {{- if .Values.artifactory.migration.enabled }} - name: migration-scripts configMap: name: {{ template "artifactory-ha.fullname" . }}-migration-scripts {{- end }} - name: installer-info configMap: name: {{ template "artifactory-ha.fullname" . }}-installer-info {{- if .Values.artifactory.userPluginSecrets }} - name: bootstrap-plugins emptyDir: {} {{- range .Values.artifactory.userPluginSecrets }} - name: {{ tpl . $ }} secret: secretName: {{ tpl . $ }} {{- end }} {{- end }} {{- if .Values.artifactory.configMapName }} - name: bootstrap-config configMap: name: {{ .Values.artifactory.configMapName }} {{- end}} {{- if or .Values.artifactory.loggers .Values.artifactory.catalinaLoggers }} - name: tail-logger-script configMap: name: {{ template "artifactory-ha.fullname" . }}-logger {{- end }} {{- if .Values.artifactory.configMaps }} - name: artifactory-configmaps configMap: name: {{ template "artifactory-ha.fullname" . }}-configmaps {{- end }} {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - name: access-bootstrap-creds secret: {{- if and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey }} secretName: {{ .Values.artifactory.admin.secret }} {{- else }} secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds {{- end }} {{- end }} {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - name: artifactory-ha-data-{{ $sharedClaimNumber }} persistentVolumeClaim: claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }} {{- end }} - name: artifactory-ha-backup persistentVolumeClaim: claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc {{- end }} {{- end }} {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data persistentVolumeClaim: claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc - name: artifactory-ha-backup persistentVolumeClaim: claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc {{- end }} - name: systemyaml secret: secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml {{- if .Values.access.accessConfig }} - name: access-config secret: secretName: {{ template "artifactory-ha.fullname" . }}-access-config {{- end }} {{- if .Values.access.customCertificatesSecretName }} - name: access-certs secret: secretName: {{ .Values.access.customCertificatesSecretName }} {{- end }} {{- if .Values.artifactory.customPersistentVolumeClaim }} - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} persistentVolumeClaim: claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }} {{- end }} {{- if .Values.filebeat.enabled }} - name: filebeat-config configMap: name: {{ template "artifactory-ha.fullname" . }}-filebeat-config {{- end }} {{- if .Values.artifactory.customVolumes }} {{ tpl .Values.artifactory.customVolumes . | indent 6 }} {{- end }} {{- if not .Values.artifactory.persistence.enabled }} - name: volume emptyDir: sizeLimit: {{ .Values.artifactory.persistence.size }} {{- end }} volumeClaimTemplates: {{- if .Values.artifactory.persistence.enabled }} - metadata: name: volume {{- if not .Values.artifactory.primary.persistence.existingClaim }} spec: {{- if .Values.artifactory.persistence.storageClassName }} {{- if (eq "-" .Values.artifactory.persistence.storageClassName) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}" {{- end }} {{- end }} accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ] resources: requests: storage: {{ .Values.artifactory.persistence.size }} {{- end }} {{- end }} {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - metadata: name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} spec: {{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }} {{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}" {{- end }} {{- end }} accessModes: {{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }} {{- end }}