{{- if gt (.Values.artifactory.node.replicaCount | int) 0 -}} apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "artifactory-ha.node.name" . }} labels: app: {{ template "artifactory-ha.name" . }} chart: {{ template "artifactory-ha.chart" . }} component: {{ .Values.artifactory.name }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} {{- with .Values.artifactory.node.labels }} {{ toYaml . | indent 4 }} {{- end }} {{- with .Values.artifactory.statefulset.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} spec: serviceName: {{ template "artifactory-ha.node.name" . }} replicas: {{ .Values.artifactory.node.replicaCount }} updateStrategy: {{- toYaml .Values.artifactory.node.updateStrategy | nindent 4}} selector: matchLabels: app: {{ template "artifactory-ha.name" . }} role: {{ template "artifactory-ha.node.name" . }} release: {{ .Release.Name }} template: metadata: labels: app: {{ template "artifactory-ha.name" . }} chart: {{ template "artifactory-ha.chart" . }} role: {{ template "artifactory-ha.node.name" . }} heritage: {{ .Release.Service }} component: {{ .Values.artifactory.name }} release: {{ .Release.Name }} {{- with .Values.artifactory.node.labels }} {{ toYaml . | indent 8 }} {{- end }} annotations: {{- if not .Values.artifactory.unifiedSecretInstallation }} checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }} checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }} checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} checksum/gcpcredentials: {{ include (print $.Template.BasePath "/artifactory-gcp-credentials-secret.yaml") . | sha256sum }} {{- end }} {{- else }} checksum/artifactory-unified-secret: {{ include (print $.Template.BasePath "/artifactory-unified-secret.yaml") . | sha256sum }} {{- end }} {{- range $key, $value := .Values.artifactory.annotations }} {{ $key }}: {{ tpl $value $ | quote }} {{- end }} spec: {{- if .Values.artifactory.schedulerName }} schedulerName: {{ .Values.artifactory.schedulerName | quote }} {{- end }} {{- if .Values.artifactory.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }} {{- else -}} {{- if .Values.artifactory.priorityClass.create }} priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }} {{- end }} {{- end }} serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} {{- end }} {{- if .Values.artifactory.setSecurityContext }} securityContext: runAsUser: {{ .Values.artifactory.uid }} fsGroup: {{ .Values.artifactory.gid }} {{- if .Values.artifactory.fsGroupChangePolicy }} fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} {{- end }} {{- end }} {{- if .Values.artifactory.topologySpreadConstraints }} topologySpreadConstraints: {{ tpl (toYaml .Values.artifactory.topologySpreadConstraints) . | indent 8 }} {{- end }} initContainers: {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} {{ tpl (include "artifactory-ha.customInitContainersBegin" .) . | indent 6 }} {{- end }} {{- if .Values.artifactory.persistence.enabled }} {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - name: "create-artifactory-data-dir" image: "{{ .Values.initContainerImage }}" imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - 'bash' - '-c' - > mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}; resources: {{ toYaml .Values.initContainers.resources | indent 10 }} volumeMounts: - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} name: volume {{- end }} {{- end }} {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - name: "delete-db-properties" image: "{{ .Values.initContainerImage }}" imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} command: - 'bash' - '-c' - 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties' resources: {{ toYaml .Values.initContainers.resources | indent 10 }} volumeMounts: - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} name: volume {{- end }} {{- end }} {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} - name: "wait-for-primary" image: "{{ .Values.initContainerImage }}" imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - 'bash' - '-c' - > echo "Waiting for primary node to be ready..."; {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled .Values.artifactory.node.waitForPrimaryStartup.time }} echo "Sleeping to allow time for primary node to come up"; sleep {{ .Values.artifactory.node.waitForPrimaryStartup.time }}; {{- else }} response=""; url={{ include "artifactory-ha.scheme" . }}://{{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.externalPort }}; while [ "$response" != "200" ]; do echo "Primary not ready. Waiting..."; sleep 3; response=$(curl -k --connect-timeout 5 --write-out '%{http_code}' --silent --output /dev/null $url); done; echo "Primary node ready!"; {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} {{- end }} - name: 'copy-system-configurations' image: '{{ .Values.initContainerImage }}' securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > if [[ -e "{{ .Values.artifactory.persistence.mountPath }}/etc/filebeat.yaml" ]]; then chmod 644 {{ .Values.artifactory.persistence.mountPath }}/etc/filebeat.yaml; fi; echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; {{- if .Values.systemYamlOverride.existingSecret }} cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; {{- else }} cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; {{- end }} echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; echo "Copy binarystore.xml file"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/artifactory; cp -fv /tmp/etc/artifactory/binarystore.xml {{ .Values.artifactory.persistence.mountPath }}/etc/artifactory/binarystore.xml; echo "Removing join.key file"; rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/security/join.key; {{- if .Values.access.resetAccessCAKeys }} echo "Resetting Access CA Keys - load from database"; {{- end }} {{- if .Values.access.customCertificatesSecretName }} echo "Load custom certificates from database"; {{- end }} {{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security; echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key; env: - name: ARTIFACTORY_MASTER_KEY valueFrom: secretKeyRef: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: master-key {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: systemyaml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} {{- if .Values.systemYamlOverride.existingSecret }} mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" subPath: {{ .Values.systemYamlOverride.dataKey }} {{- else if .Values.artifactory.systemYaml }} mountPath: "/tmp/etc/system.yaml" subPath: system.yaml {{- end }} {{- end }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: copy-custom-certificates image: "{{ .Values.initContainerImage }}" securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: - 'bash' - '-c' - > {{ include "artifactory-ha.copyCustomCerts" . | indent 10 }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath }} - name: ca-certs mountPath: "/tmp/certs" {{- end }} {{- if .Values.artifactory.circleOfTrustCertificatesSecret }} - name: copy-circle-of-trust-certificates image: "{{ .Values.initContainerImage }}" securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: - 'bash' - '-c' - > {{ include "artifactory.copyCircleOfTrustCertsCerts" . | indent 10 }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath }} - name: circle-of-trust-certs mountPath: "/tmp/circleoftrustcerts" {{- end }} {{- if .Values.waitForDatabase }} {{- if or .Values.postgresql.enabled }} - name: "wait-for-db" image: "{{ .Values.initContainerImage }}" command: - /bin/bash - -c - | echo "Waiting for postgresql to come up" ready=false; while ! $ready; do echo waiting; timeout 2s bash -c " {{- if .Values.artifactory.migration.preStartCommand }} echo "Running custom preStartCommand command"; {{ tpl .Values.artifactory.migration.preStartCommand . }}; {{- end }} scriptsPath="/opt/jfrog/artifactory/app/bin"; mkdir -p $scriptsPath; echo "Copy migration scripts and Run migration"; cp -fv /tmp/migrate.sh $scriptsPath/migrate.sh; cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; bash $scriptsPath/migrationStatus.sh {{ include "artifactory-ha.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; resources: {{ toYaml .Values.artifactory.node.resources | indent 10 }} env: {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB value: "true" {{- end }} {{- if or .Values.database.secrets.user .Values.database.user }} - name: JF_SHARED_DATABASE_USERNAME valueFrom: secretKeyRef: {{- if .Values.database.secrets.user }} name: {{ tpl .Values.database.secrets.user.name . }} key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-user {{- end }} {{- end }} {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - name: JF_SHARED_DATABASE_PASSWORD valueFrom: secretKeyRef: {{- if .Values.database.secrets.password }} name: {{ tpl .Values.database.secrets.password.name . }} key: {{ tpl .Values.database.secrets.password.key . }} {{- else if .Values.database.password }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql key: postgresql-password {{- end }} {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: secretKeyRef: {{- if .Values.database.secrets.url }} name: {{ tpl .Values.database.secrets.url.name . }} key: {{ tpl .Values.database.secrets.url.key . }} {{- else if .Values.database.url }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-url {{- end }} {{- end }} - name: JF_SHARED_NODE_HAENABLED value: "true" {{- with .Values.artifactory.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: migration-scripts mountPath: "/tmp/migrate.sh" subPath: migrate.sh - name: migration-scripts mountPath: "/tmp/migrationHelmInfo.yaml" subPath: migrationHelmInfo.yaml - name: migration-scripts mountPath: "/tmp/migrationStatus.sh" subPath: migrationStatus.sh - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - name: artifactory-ha-data-{{ $sharedClaimNumber }} mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" {{- end }} - name: artifactory-ha-backup mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" {{- end }} {{- end }} {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} {{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} {{- end }} {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-ha-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml {{- end }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: gcpcreds-json {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json {{- end }} {{- end }} {{- if .Values.hostAliases }} hostAliases: {{ toYaml .Values.hostAliases | indent 6 }} {{- end }} containers: {{- if .Values.splitServicesToContainers }} - name: {{ .Values.router.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }} imagePullPolicy: {{ .Values.router.image.imagePullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > exec /opt/jfrog/router/app/bin/entrypoint-router.sh {{- with .Values.router.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES value: {{ include "artifactory-ha.router.requiredServiceTypes" . }} {{- with .Values.router.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} ports: - name: http containerPort: {{ .Values.router.internalPort }} volumeMounts: - name: volume mountPath: {{ .Values.router.persistence.mountPath | quote }} {{- with .Values.router.customVolumeMounts }} {{ tpl . $ | indent 8 }} {{- end }} resources: {{ toYaml .Values.router.resources | indent 10 }} {{- if .Values.router.startupProbe.enabled }} startupProbe: {{ tpl .Values.router.startupProbe.config . | indent 10 }} {{- end }} {{- if .Values.router.readinessProbe.enabled }} readinessProbe: {{ tpl .Values.router.readinessProbe.config . | indent 10 }} {{- end }} {{- if .Values.router.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.router.livenessProbe.config . | indent 10 }} {{- end }} {{- if .Values.frontend.enabled }} - name: {{ .Values.frontend.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > exec /opt/jfrog/artifactory/app/third-party/node/bin/node /opt/jfrog/artifactory/app/frontend/bin/server/dist/bundle.js /opt/jfrog/artifactory/app/frontend {{- with .Values.frontend.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: - name: JF_SHARED_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name {{- with .Values.frontend.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} resources: {{ toYaml .Values.frontend.resources | indent 10 }} {{- if .Values.frontend.startupProbe.enabled }} startupProbe: {{ tpl .Values.frontend.startupProbe.config . | indent 10 }} {{- end }} {{- if .Values.frontend.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.frontend.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.metadata.enabled }} - name: {{ .Values.metadata.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > exec /opt/jfrog/artifactory/app/metadata/bin/jf-metadata start {{- with .Values.metadata.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: - name: JF_SHARED_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name {{- if or .Values.database.secrets.user .Values.database.user }} - name: JF_SHARED_DATABASE_USERNAME valueFrom: secretKeyRef: {{- if .Values.database.secrets.user }} name: {{ tpl .Values.database.secrets.user.name . }} key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-user {{- end }} {{- end }} {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - name: JF_SHARED_DATABASE_PASSWORD valueFrom: secretKeyRef: {{- if .Values.database.secrets.password }} name: {{ tpl .Values.database.secrets.password.name . }} key: {{ tpl .Values.database.secrets.password.key . }} {{- else if .Values.database.password }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql key: postgresql-password {{- end }} {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: secretKeyRef: {{- if .Values.database.secrets.url }} name: {{ tpl .Values.database.secrets.url.name . }} key: {{ tpl .Values.database.secrets.url.key . }} {{- else if .Values.database.url }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-url {{- end }} {{- end }} {{- with .Values.metadata.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} resources: {{ toYaml .Values.metadata.resources | indent 10 }} {{- if .Values.metadata.startupProbe.enabled }} startupProbe: {{ tpl .Values.metadata.startupProbe.config . | indent 10 }} {{- end }} {{- if .Values.metadata.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.metadata.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.event.enabled }} - name: {{ .Values.event.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > exec /opt/jfrog/artifactory/app/event/bin/jf-event start {{- with .Values.event.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: - name: JF_SHARED_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name {{- with .Values.event.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} resources: {{ toYaml .Values.event.resources | indent 10 }} {{- if .Values.event.startupProbe.enabled }} startupProbe: {{ tpl .Values.event.startupProbe.config . | indent 10 }} {{- end }} {{- if .Values.event.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.event.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.artifactory.replicator.enabled }} - name: {{ .Values.artifactory.replicator.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start {{- with .Values.artifactory.replicator.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: - name: JF_SHARED_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name {{- with .Values.artifactory.replicator.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} resources: {{ toYaml .Values.artifactory.replicator.resources | indent 10 }} {{- end }} {{- if .Values.jfconnect.enabled }} - name: {{ .Values.jfconnect.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > exec /opt/jfrog/artifactory/app/jfconnect/bin/jf-connect start {{- with .Values.jfconnect.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: - name: JF_SHARED_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name {{- with .Values.jfconnect.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} resources: {{ toYaml .Values.jfconnect.resources | indent 10 }} {{- if .Values.jfconnect.startupProbe.enabled }} startupProbe: {{ tpl .Values.jfconnect.startupProbe.config . | indent 10 }} {{- end }} {{- if .Values.jfconnect.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.jfconnect.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.integration.enabled }} - name: {{ .Values.integration.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > exec /opt/jfrog/artifactory/app/integration/bin/jf-integration start {{- with .Values.integration.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: - name: JF_SHARED_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name {{- with .Values.integration.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} resources: {{ toYaml .Values.integration.resources | indent 10 }} {{- if .Values.integration.startupProbe.enabled }} startupProbe: {{ tpl .Values.integration.startupProbe.config . | indent 10 }} {{- end }} {{- if .Values.integration.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.integration.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.observability.enabled }} - name: {{ .Values.observability.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > exec /opt/jfrog/artifactory/app/observability/bin/jf-observability start {{- with .Values.observability.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: - name: JF_SHARED_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name {{- with .Values.observability.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} resources: {{ toYaml .Values.observability.resources | indent 10 }} {{- if .Values.observability.startupProbe.enabled }} startupProbe: {{ tpl .Values.observability.startupProbe.config . | indent 10 }} {{- end }} {{- if .Values.observability.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.observability.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- end }} - name: {{ .Values.artifactory.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - NET_RAW command: - '/bin/bash' - '-c' - > set -e; {{- range .Values.artifactory.copyOnEveryStartup }} {{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }} {{- $baseDirectory := regexFind ".*/" $targetPath }} mkdir -p {{ $baseDirectory }}; cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }}; {{- end }} {{- if .Values.artifactory.preStartCommand }} echo "Running custom preStartCommand command"; {{ tpl .Values.artifactory.preStartCommand . }}; {{- end }} {{- with .Values.artifactory.node.preStartCommand }} echo "Running member node specific custom preStartCommand command"; {{ tpl . $ }}; {{- end }} exec /entrypoint-artifactory.sh {{- with .Values.artifactory.lifecycle }} lifecycle: {{ toYaml . | indent 10 }} {{- end }} env: {{- if .Values.aws.license.enabled }} - name: IS_AWS_LICENSE value: "true" - name: AWS_REGION value: {{ .Values.aws.region | quote }} {{- if .Values.aws.licenseConfigSecretName }} - name: AWS_WEB_IDENTITY_REFRESH_TOKEN_FILE value: "/var/run/secrets/product-license/license_token" - name: AWS_ROLE_ARN valueFrom: secretKeyRef: name: {{ .Values.aws.licenseConfigSecretName }} key: iam_role {{- end }} {{- end }} {{- if .Values.splitServicesToContainers }} - name : JF_ROUTER_ENABLED value: "true" - name : JF_ROUTER_SERVICE_ENABLED value: "false" - name : JF_EVENT_ENABLED value: "false" - name : JF_METADATA_ENABLED value: "false" - name : JF_FRONTEND_ENABLED value: "false" - name: JF_REPLICATOR_ENABLED value: "true" - name: JF_REPLICATOR_SERVICE_ENABLED value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - name : JF_JFCONNECT_ENABLED value: "true" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - name : JF_INTEGRATION_ENABLED value: "false" {{- end }} {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB value: "true" {{- end }} {{- if or .Values.database.secrets.user .Values.database.user }} - name: JF_SHARED_DATABASE_USERNAME valueFrom: secretKeyRef: {{- if .Values.database.secrets.user }} name: {{ tpl .Values.database.secrets.user.name . }} key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-user {{- end }} {{- end }} {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - name: JF_SHARED_DATABASE_PASSWORD valueFrom: secretKeyRef: {{- if .Values.database.secrets.password }} name: {{ tpl .Values.database.secrets.password.name . }} key: {{ tpl .Values.database.secrets.password.key . }} {{- else if .Values.database.password }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql key: postgresql-password {{- end }} {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: secretKeyRef: {{- if .Values.database.secrets.url }} name: {{ tpl .Values.database.secrets.url.name . }} key: {{ tpl .Values.database.secrets.url.key . }} {{- else if .Values.database.url }} {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: db-url {{- end }} {{- end }} - name: JF_SHARED_NODE_HAENABLED value: "true" {{- with .Values.artifactory.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} ports: - containerPort: {{ .Values.artifactory.internalPort }} name: http - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} name: http-internal {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} name: tcp-jmx {{- end }} {{- if .Values.artifactory.ssh.enabled }} - containerPort: {{ .Values.artifactory.ssh.internalPort }} name: tcp-ssh {{- end }} volumeMounts: {{- if .Values.artifactory.customPersistentVolumeClaim }} - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }} {{- end }} {{- if .Values.artifactory.customPersistentPodVolumeClaim }} - name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }} mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} {{- end }} {{- if .Values.aws.licenseConfigSecretName }} - name: awsmp-product-license mountPath: "/var/run/secrets/product-license" {{- end }} - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - name: artifactory-ha-data-{{ $sharedClaimNumber }} mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" {{- end }} - name: artifactory-ha-backup mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" {{- end }} {{- end }} {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-ha-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: gcpcreds-json {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json {{- end }} {{- if .Values.artifactory.configMapName }} - name: bootstrap-config mountPath: "/bootstrap/" {{- end }} {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: artifactory-license {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/artifactory_bootstrap/artifactory.cluster.license" {{- if .Values.artifactory.license.secret }} subPath: {{ .Values.artifactory.license.dataKey }} {{- else if .Values.artifactory.license.licenseKey }} subPath: artifactory.lic {{- end }} {{- end }} {{- end }} - name: installer-info mountPath: "/artifactory_bootstrap/info/installer-info.json" subPath: installer-info.json {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} {{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} {{- end }} resources: {{ toYaml .Values.artifactory.node.resources | indent 10 }} {{- if .Values.artifactory.startupProbe.enabled }} startupProbe: {{ tpl .Values.artifactory.startupProbe.config . | indent 10 }} {{- end }} {{- if and (not .Values.splitServicesToContainers) (semverCompare "