217 lines
8.1 KiB
YAML
217 lines
8.1 KiB
YAML
{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
|
|
{{- if .Values.nginx.enabled -}}
|
|
{{- $serviceName := include "artifactory-ha.fullname" . -}}
|
|
{{- $servicePort := .Values.artifactory.externalPort -}}
|
|
apiVersion: apps/v1
|
|
kind: {{ .Values.nginx.kind }}
|
|
metadata:
|
|
name: {{ template "artifactory-ha.nginx.fullname" . }}
|
|
labels:
|
|
app: {{ template "artifactory-ha.name" . }}
|
|
chart: {{ template "artifactory-ha.chart" . }}
|
|
heritage: {{ .Release.Service }}
|
|
release: {{ .Release.Name }}
|
|
component: {{ .Values.nginx.name }}
|
|
{{- if .Values.nginx.labels }}
|
|
{{ toYaml .Values.nginx.labels | indent 4 }}
|
|
{{- end }}
|
|
{{- with .Values.nginx.deployment.annotations }}
|
|
annotations:
|
|
{{ toYaml . | indent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- if ne .Values.nginx.kind "DaemonSet" }}
|
|
replicas: {{ .Values.nginx.replicaCount }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
app: {{ template "artifactory-ha.name" . }}
|
|
release: {{ .Release.Name }}
|
|
component: {{ .Values.nginx.name }}
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }}
|
|
checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }}
|
|
{{- range $key, $value := .Values.nginx.annotations }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
labels:
|
|
app: {{ template "artifactory-ha.name" . }}
|
|
chart: {{ template "artifactory-ha.chart" . }}
|
|
component: {{ .Values.nginx.name }}
|
|
heritage: {{ .Release.Service }}
|
|
release: {{ .Release.Name }}
|
|
spec:
|
|
securityContext:
|
|
runAsUser: {{ .Values.nginx.uid }}
|
|
runAsGroup: {{ .Values.nginx.gid }}
|
|
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
|
|
terminationGracePeriodSeconds: {{ .Values.nginx.terminationGracePeriodSeconds }}
|
|
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
|
|
{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }}
|
|
{{- end }}
|
|
{{- if .Values.nginx.priorityClassName }}
|
|
priorityClassName: {{ .Values.nginx.priorityClassName | quote }}
|
|
{{- end }}
|
|
{{- if .Values.nginx.topologySpreadConstraints }}
|
|
topologySpreadConstraints:
|
|
{{ tpl (toYaml .Values.nginx.topologySpreadConstraints) . | indent 8 }}
|
|
{{- end }}
|
|
initContainers:
|
|
{{- if .Values.nginx.customInitContainers }}
|
|
{{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }}
|
|
{{- end }}
|
|
- name: "setup"
|
|
image: "{{ .Values.initContainerImage }}"
|
|
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
|
|
{{- if .Values.containerSecurityContext.enabled }}
|
|
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
|
|
{{- end }}
|
|
command:
|
|
- '/bin/sh'
|
|
- '-c'
|
|
- >
|
|
rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found;
|
|
mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs;
|
|
volumeMounts:
|
|
- mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
|
|
name: nginx-volume
|
|
containers:
|
|
- name: {{ .Values.nginx.name }}
|
|
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }}
|
|
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
|
|
{{- with .Values.nginx.securityContext }}
|
|
securityContext:
|
|
{{ toYaml . | indent 10 }}
|
|
{{- end }}
|
|
command:
|
|
{{- tpl (include "nginx.command" .) . | indent 10 }}
|
|
ports:
|
|
{{ if .Values.nginx.customPorts }}
|
|
{{ toYaml .Values.nginx.customPorts | indent 8 }}
|
|
{{ end }}
|
|
# DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and
|
|
# will be cleaned up in a later version
|
|
{{- if .Values.nginx.http }}
|
|
{{- if .Values.nginx.http.enabled }}
|
|
- containerPort: {{ .Values.nginx.http.internalPort }}
|
|
name: http
|
|
{{- end }}
|
|
{{- else }} # DEPRECATED
|
|
- containerPort: {{ .Values.nginx.internalPortHttp }}
|
|
name: http-internal
|
|
{{- end }}
|
|
{{- if .Values.nginx.https }}
|
|
{{- if .Values.nginx.https.enabled }}
|
|
- containerPort: {{ .Values.nginx.https.internalPort }}
|
|
name: https
|
|
{{- end }}
|
|
{{- else }} # DEPRECATED
|
|
- containerPort: {{ .Values.nginx.internalPortHttps }}
|
|
name: https-internal
|
|
{{- end }}
|
|
{{- if .Values.artifactory.ssh.enabled }}
|
|
- containerPort: {{ .Values.nginx.ssh.internalPort }}
|
|
name: tcp-ssh
|
|
{{- end }}
|
|
{{- with .Values.nginx.lifecycle }}
|
|
lifecycle:
|
|
{{ toYaml . | indent 10 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: nginx-conf
|
|
mountPath: /etc/nginx/nginx.conf
|
|
subPath: nginx.conf
|
|
- name: nginx-artifactory-conf
|
|
mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/"
|
|
- name: nginx-volume
|
|
mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
|
|
{{- if .Values.nginx.https.enabled }}
|
|
- name: ssl-certificates
|
|
mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl"
|
|
{{- end }}
|
|
{{- if .Values.nginx.customVolumeMounts }}
|
|
{{ tpl (include "artifactory.nginx.customVolumeMounts" .) . | indent 8 }}
|
|
{{- end }}
|
|
resources:
|
|
{{ toYaml .Values.nginx.resources | indent 10 }}
|
|
{{- if .Values.nginx.startupProbe.enabled }}
|
|
startupProbe:
|
|
{{ tpl .Values.nginx.startupProbe.config . | indent 10 }}
|
|
{{- end }}
|
|
{{- if .Values.nginx.readinessProbe.enabled }}
|
|
readinessProbe:
|
|
{{ tpl .Values.nginx.readinessProbe.config . | indent 10 }}
|
|
{{- end }}
|
|
{{- if .Values.nginx.livenessProbe.enabled }}
|
|
livenessProbe:
|
|
{{ tpl .Values.nginx.livenessProbe.config . | indent 10 }}
|
|
{{- end }}
|
|
{{- $mountPath := .Values.nginx.persistence.mountPath }}
|
|
{{- range .Values.nginx.loggers }}
|
|
- name: {{ . | replace "_" "-" | replace "." "-" }}
|
|
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
|
|
command:
|
|
- tail
|
|
args:
|
|
- '-F'
|
|
- '{{ $mountPath }}/logs/{{ . }}'
|
|
volumeMounts:
|
|
- name: nginx-volume
|
|
mountPath: {{ $mountPath }}
|
|
resources:
|
|
{{ toYaml $.Values.nginx.loggersResources | indent 10 }}
|
|
{{- end }}
|
|
{{- if .Values.nginx.customSidecarContainers }}
|
|
{{ tpl (include "artifactory.nginx.customSidecarContainers" .) . | indent 6 }}
|
|
{{- end }}
|
|
{{- if or .Values.nginx.nodeSelector .Values.global.nodeSelector }}
|
|
{{ tpl (include "nginx.nodeSelector" .) . | indent 6 }}
|
|
{{- end }}
|
|
{{- with .Values.nginx.affinity }}
|
|
affinity:
|
|
{{ toYaml . | indent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.nginx.tolerations }}
|
|
tolerations:
|
|
{{ toYaml . | indent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
{{- if .Values.nginx.customVolumes }}
|
|
{{ tpl (include "artifactory.nginx.customVolumes" .) . | indent 6 }}
|
|
{{- end }}
|
|
- name: nginx-conf
|
|
configMap:
|
|
{{- if .Values.nginx.customConfigMap }}
|
|
name: {{ .Values.nginx.customConfigMap }}
|
|
{{- else }}
|
|
name: {{ template "artifactory-ha.fullname" . }}-nginx-conf
|
|
{{- end }}
|
|
- name: nginx-artifactory-conf
|
|
configMap:
|
|
{{- if .Values.nginx.customArtifactoryConfigMap }}
|
|
name: {{ .Values.nginx.customArtifactoryConfigMap }}
|
|
{{- else }}
|
|
name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf
|
|
{{- end }}
|
|
|
|
- name: nginx-volume
|
|
{{- if .Values.nginx.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- if .Values.nginx.https.enabled }}
|
|
- name: ssl-certificates
|
|
secret:
|
|
{{- if .Values.nginx.tlsSecretName }}
|
|
secretName: {{ .Values.nginx.tlsSecretName }}
|
|
{{- else }}
|
|
secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|