UNCLASSIFIED

Skip to content

GitLab

Commit fdeea492 authored by Grant Duncklee's avatar Grant Duncklee
Browse files

Merge branch 'bb-29/bigbang-addon' into 'main' 

29.1.0-bb.0

See merge request !1
parents 41dfdebe bcc14499
Pipeline #351576 passed with stages
in 3 minutes and 31 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 360 additions and 735 deletions
chart/templates/cloudiam-pvc.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if and .Values.nexusCloudiam.enabled (not .Values.statefulset.enabled) }}
{{- if and .Values.nexusCloudiam.persistence.enabled (not .Values.nexusCloudiam.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "nexus.fullname" . }}-cloudiam
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexusCloudiam.persistence.annotations }}
annotations:
{{ toYaml .Values.nexusCloudiam.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.nexusCloudiam.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.nexusCloudiam.persistence.storageSize | quote }}
{{- if .Values.nexusCloudiam.persistence.storageClass }}
{{- if (eq "-" .Values.nexusCloudiam.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nexusCloudiam.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
chart/templates/clusterrolebinding.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ template "nexus.fullname" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- with .Values.rbac.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
roleRef:
{{- with .Values.rbac.roleRef }}
{{ toYaml . | indent 2 }}
{{- end }}
subjects:
- kind: ServiceAccount
{{- if .Values.serviceAccount.name }}
name: {{ .Values.serviceAccount.name }}
{{- else }}
name: {{ template "nexus.fullname" . }}
{{- end }}
namespace: {{ template "nexus.namespace" . }}
{{- end -}}
\ No newline at end of file
chart/templates/configmap-properties.yaml 0 → 100644
View file @ fdeea492
{{- if .Values.nexus.properties.override -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "nexus.name" . }}-properties
labels: {{- include "nexus.labels" . | nindent 4 }}
{{- if .Values.nexus.extraLabels }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
data:
nexus.properties: |
{{- $data := dict -}}
{{- $licenseDict := dict -}}
{{- if .Values.license_key -}}
{{- $_ := set $licenseDict "nexus.licenseFile" .Values.license.mountPath -}}
{{- end -}}
{{- $data := mergeOverwrite $licenseDict .Values.nexus.properties.data -}}
{{- range $k, $v := $data }}
{{ $k }}={{ $v }}
{{- end }}
{{- end }}
\ No newline at end of file
chart/templates/configmap.yaml
View file @ fdeea492
......@@ -3,12 +3,13 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "nexus.name" . }}-conf
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
{{- if .Values.nexus.extraLabels }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
data:
{{ toYaml .Values.config.data | indent 2 }}
{{- end }}
\ No newline at end of file
chart/templates/deployment-statefulset.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if .Values.statefulset.enabled }}
apiVersion: apps/v1
kind: StatefulSet
{{- else }}
apiVersion: apps/v1
kind: Deployment
{{- end }}
metadata:
name: {{ template "nexus.fullname" . }}
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
{{- if .Values.deployment.annotations }}
annotations:
{{ toYaml .Values.deployment.annotations | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
{{- if .Values.statefulset.enabled }}
{{- if .Values.nexusProxy.svcName }}
serviceName: {{ .Values.nexusProxy.svcName }}
{{- else }}
serviceName: {{ template "nexus.fullname" . }}
{{- end }}
{{- end }}
{{- if .Values.deploymentStrategy }}
strategy:
{{ toYaml .Values.deploymentStrategy | indent 4 }}
{{- end }}
selector:
matchLabels:
app: {{ template "nexus.name" . }}
release: {{ .Release.Name }}
template:
metadata:
{{- if .Values.nexus.podAnnotations }}
annotations:
{{ toYaml .Values.nexus.podAnnotations | indent 8}}
{{- end }}
labels:
app: {{ template "nexus.name" . }}
release: {{ .Release.Name }}
spec:
{{- if .Values.deployment.initContainers }}
initContainers:
{{ toYaml .Values.deployment.initContainers | indent 6 }}
{{- end }}
{{- if .Values.nexus.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nexus.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.nexus.hostAliases }}
hostAliases:
{{ toYaml .Values.nexus.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.nexus.imagePullSecret }}
imagePullSecrets:
- name: {{ .Values.nexus.imagePullSecret }}
{{- end }}
{{- if .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name | quote }}
{{- else if .Values.serviceAccount.create }}
serviceAccountName: {{ template "nexus.fullname" . }}
{{- end }}
{{- if .Values.nexus.priorityClassName }}
priorityClassName: {{ .Values.nexus.priorityClassName }}
{{- end }}
containers:
- name: nexus
image: {{ .Values.nexus.imageName }}:{{ .Values.nexus.imageTag }}
imagePullPolicy: {{ .Values.nexus.imagePullPolicy }}
{{- if .Values.deployment.postStart.command }}
lifecycle:
postStart:
exec:
command: {{ .Values.deployment.postStart.command }}
{{- end }}
env:
{{ toYaml .Values.nexus.env | indent 12 }}
- name: NEXUS_DATA_CHOWN
value: {{ .Values.nexus.chownNexusData | quote }}
{{- if .Values.nexus.context }}
- name: NEXUS_CONTEXT
value: {{ .Values.nexus.context }}
{{- end }}
resources:
{{ toYaml .Values.nexus.resources | indent 12 }}
ports:
- containerPort: {{ .Values.nexus.dockerPort }}
name: nexus-docker-g
- containerPort: {{ .Values.nexus.nexusPort }}
name: nexus-http
{{- with .Values.nexus.additionalPorts }}
{{ toYaml . | indent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: {{ .Values.nexus.livenessProbe.path }}
port: {{ .Values.nexus.nexusPort }}
initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }}
{{- if .Values.nexus.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }}
{{- end }}
readinessProbe:
httpGet:
path: {{ .Values.nexus.readinessProbe.path }}
port: {{ .Values.nexus.nexusPort }}
initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }}
{{- if .Values.nexus.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }}
{{- end }}
volumeMounts:
- mountPath: /nexus-data
name: {{ template "nexus.fullname" . }}-data
{{- if .Values.nexusBackup.enabled }}
- mountPath: /nexus-data/backup
name: {{ template "nexus.fullname" . }}-backup
{{- end }}
{{- if .Values.nexusCloudiam.enabled }}
- mountPath: /nexus-data/cloudiam
name: {{ template "nexus.fullname" . }}-cloudiam
{{- end }}
{{- if .Values.config.enabled }}
- mountPath: {{ .Values.config.mountPath }}
name: {{ template "nexus.name" . }}-conf
{{- end }}
{{- if .Values.secret.enabled }}
- mountPath: {{ .Values.secret.mountPath }}
name: {{ template "nexus.name" . }}-secret
readOnly: {{ .Values.secret.readOnly }}
{{- end }}
{{- if .Values.deployment.additionalVolumeMounts}}
{{ toYaml .Values.deployment.additionalVolumeMounts | indent 12 }}
{{- end }}
{{- if .Values.nexusProxy.enabled }}
- name: nexus-proxy
image: {{ .Values.nexusProxy.imageName }}:{{ .Values.nexusProxy.imageTag }}
resources:
{{ toYaml .Values.nexusProxy.resources | indent 12 }}
imagePullPolicy: {{ .Values.nexusProxy.imagePullPolicy }}
env:
- name: ALLOWED_USER_AGENTS_ON_ROOT_REGEX
value: {{ default "GoogleHC" .Values.nexusProxy.env.allowedUserAgentsOnRootRegex | quote }}
- name: CLOUD_IAM_AUTH_ENABLED
value: {{ .Values.nexusProxy.env.cloudIamAuthEnabled | quote }}
- name: BIND_PORT
value: {{ .Values.nexusProxy.targetPort | quote }}
- name: ENFORCE_HTTPS
value: {{ .Values.nexusProxy.env.enforceHttps | quote }}
- name: NEXUS_DOCKER_HOST
value: {{ .Values.nexusProxy.env.nexusDockerHost | quote }}
- name: NEXUS_HTTP_HOST
value: {{ .Values.nexusProxy.env.nexusHttpHost | quote }}
- name: UPSTREAM_DOCKER_PORT
value: {{ .Values.nexus.dockerPort | quote }}
- name: UPSTREAM_HTTP_PORT
value: {{ .Values.nexus.nexusPort | quote }}
- name: UPSTREAM_HOST
value: "localhost"
{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
- name: NEXUS_RUT_HEADER
value: "X-Forwarded-User"
- name: CLIENT_ID
value: {{ .Values.nexusProxy.env.clientId | quote }}
- name: CLIENT_SECRET
value: {{ .Values.nexusProxy.env.clientSecret | quote }}
- name: ORGANIZATION_ID
value: {{ .Values.nexusProxy.env.organizationId | quote }}
- name: REDIRECT_URL
value: {{ .Values.nexusProxy.env.redirectUrl | quote }}
- name: KEYSTORE_PASS
valueFrom:
secretKeyRef:
name: {{ template "nexus.proxy-ks.name" . }}
key: password
- name: KEYSTORE_PATH
value: "/nexus-proxy-ks/keystore"
- name: AUTH_CACHE_TTL
value: "60000"
- name: SESSION_TTL
value: "86400000"
- name: JWT_REQUIRES_MEMBERSHIP_VERIFICATION
value: {{ .Values.nexusProxy.env.requiredMembershipVerification | quote }}
{{- end }}
ports:
- containerPort: {{ .Values.nexusProxy.targetPort }}
name: nexus-proxy
{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
volumeMounts:
- mountPath: /nexus-proxy-ks
name: {{ template "nexus.proxy-ks.name" . }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.nexusBackup.enabled }}
- name: nexus-backup
image: {{ .Values.nexusBackup.imageName }}:{{ .Values.nexusBackup.imageTag }}
imagePullPolicy: {{ .Values.nexusBackup.imagePullPolicy }}
resources:
{{ toYaml .Values.nexusBackup.resources | indent 12 }}
env:
- name: NEXUS_AUTHORIZATION
{{- if not .Values.nexusBackup.env.nexusAuthorization }}
valueFrom:
secretKeyRef:
key: nexus.nexusAdminPassword
name: {{ template "nexus.fullname" . }}
{{- else }}
value: {{ .Values.nexusBackup.env.nexusAuthorization | quote }}
{{- end }}
- name: NEXUS_BACKUP_DIRECTORY
value: /nexus-data/backup
- name: NEXUS_DATA_DIRECTORY
value: /nexus-data
- name: NEXUS_LOCAL_HOST_PORT
value: "localhost:{{ .Values.nexus.nexusPort }}"
- name: OFFLINE_REPOS
value: {{ .Values.nexusBackup.env.offlineRepos | quote }}
- name: TARGET_BUCKET
value: {{ .Values.nexusBackup.env.targetBucket | quote }}
- name: GRACE_PERIOD
value: {{ .Values.nexusBackup.env.gracePeriod | quote }}
- name: TRIGGER_FILE
value: .backup
- name: RCLONE_REMOTE
value: {{ .Values.nexusBackup.env.rcloneRemote | quote }}
- name: STREAMING_UPLOAD_CUTOFF
value: {{ .Values.nexusBackup.env.streamingUploadCutoff | default "5000000" | quote }}
{{- if .Values.nexusCloudiam.enabled }}
- name: CLOUD_IAM_SERVICE_ACCOUNT_KEY_PATH
value: /nexus-data/cloudiam/service-account-key.json
{{- end }}
volumeMounts:
- mountPath: /nexus-data
name: {{ template "nexus.fullname" . }}-data
- mountPath: /nexus-data/backup
name: {{ template "nexus.fullname" . }}-backup
{{- if .Values.nexusCloudiam.enabled }}
- mountPath: /nexus-data/cloudiam
name: {{ template "nexus.fullname" . }}-cloudiam
{{- end }}
- mountPath: /root/.config/rclone
name: {{ template "nexus.fullname" . }}-rclone-config
{{- end }}
{{- if .Values.deployment.additionalContainers }}
{{ toYaml .Values.deployment.additionalContainers | indent 8 }}
{{- end }}
{{- if .Values.nexus.securityContextEnabled }}
securityContext:
{{ toYaml .Values.nexus.securityContext | indent 8 }}
{{- end }}
volumes:
{{- if .Values.nexusBackup.enabled }}
- name: {{ template "nexus.fullname" . }}-rclone-config
secret:
secretName: {{ template "nexus.name" . }}-rclone-config-secret
{{- end }}
{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
- name: {{ template "nexus.proxy-ks.name" . }}
secret:
secretName: {{ template "nexus.proxy-ks.name" . }}
{{- end }}
{{- if .Values.statefulset.enabled }}
{{- if not .Values.persistence.enabled }}
- name: {{ template "nexus.fullname" . }}-data
emptyDir: {}
{{- end }}
{{- if and .Values.nexusBackup.enabled (not .Values.nexusBackup.persistence.enabled) }}
- name: {{ template "nexus.fullname" . }}-backup
emptyDir: {}
{{- end }}
{{- if and .Values.nexusCloudiam.enabled (not .Values.nexusCloudiam.persistence.enabled) }}
- name: {{ template "nexus.fullname" . }}-cloudiam
emptyDir: {}
{{- end }}
{{- else }}
- name: {{ template "nexus.fullname" . }}-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.nexusBackup.enabled }}
- name: {{ template "nexus.fullname" . }}-backup
{{- if and .Values.nexusBackup.persistence.enabled .Values.nexusBackup.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.nexusBackup.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "backup") }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.nexusCloudiam.enabled }}
- name: {{ template "nexus.fullname" . }}-cloudiam
{{- if and .Values.nexusCloudiam.persistence.enabled .Values.nexusCloudiam.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.nexusCloudiam.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "cloudiam") }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.config.enabled }}
- name: {{ template "nexus.name" . }}-conf
configMap:
name: {{ template "nexus.name" . }}-conf
{{- end }}
{{- if .Values.secret.enabled }}
- name: {{ template "nexus.name" . }}-secret
secret:
secretName: {{ template "nexus.name" . }}-secret
{{- end }}
{{- if .Values.deployment.additionalVolumes }}
{{ toYaml .Values.deployment.additionalVolumes | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
## create pvc in case of statefulsets
{{- if .Values.statefulset.enabled }}
volumeClaimTemplates:
{{- if .Values.persistence.enabled }}
- metadata:
name: {{ template "nexus.fullname" . }}-data
labels:
{{ include "nexus.labels" . | indent 10 }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.storageSize | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.nexusBackup.persistence.enabled }}
- metadata:
name: {{ template "nexus.fullname" . }}-backup
labels:
{{ include "nexus.labels" . | indent 10 }}
{{- if .Values.nexusBackup.persistence.annotations }}
annotations:
{{ toYaml .Values.nexusBackup.persistence.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
- {{ .Values.nexusBackup.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.nexusBackup.persistence.storageSize | quote }}
{{- if .Values.nexusBackup.persistence.storageClass }}
{{- if (eq "-" .Values.nexusBackup.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nexusBackup.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.nexusCloudiam.persistence.enabled }}
- metadata:
name: {{ template "nexus.fullname" . }}-cloudiam
labels:
{{ include "nexus.labels" . | indent 10 }}
{{- if .Values.nexusCloudiam.persistence.annotations }}
annotations:
{{ toYaml .Values.nexusCloudiam.persistence.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
- {{ .Values.nexusCloudiam.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.nexusCloudiam.persistence.storageSize | quote }}
{{- if .Values.nexusCloudiam.persistence.storageClass }}
{{- if (eq "-" .Values.nexusCloudiam.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nexusCloudiam.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
chart/templates/deployment.yaml 0 → 100644
View file @ fdeea492
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "nexus.fullname" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.extraLabels }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.deployment.annotations }}
annotations:
{{ toYaml .Values.deployment.annotations | indent 4 }}
{{- end }}
spec:
replicas: 1
strategy:
type: {{ .Values.deploymentStrategy }}
selector:
matchLabels:
{{- include "nexus.selectorLabels" . | nindent 6 }}
{{- if .Values.nexus.extraSelectorLabels }}
{{- with .Values.nexus.extraSelectorLabels }}
{{ toYaml . | indent 6 }}
{{- end }}
{{- end }}
template:
metadata:
annotations:
checksum/configmap-properties: {{ include (print .Template.BasePath "/configmap-properties.yaml") $ | sha256sum }}
{{- if .Values.nexus.podAnnotations }}
{{ toYaml .Values.nexus.podAnnotations | indent 8}}
{{- end }}
labels:
{{- include "nexus.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "nexus.serviceAccountName" . }}
{{- if .Values.deployment.initContainers }}
initContainers:
{{ toYaml .Values.deployment.initContainers | indent 6 }}
{{- end }}
{{- if .Values.nexus.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nexus.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.nexus.affinity }}
affinity:
{{ toYaml .Values.nexus.affinity | indent 8 }}
{{- end }}
{{- if .Values.nexus.hostAliases }}
hostAliases:
{{ toYaml .Values.nexus.hostAliases | indent 8 }}
{{- end }}
{{- with .Values.nexus.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8}}
{{- end }}
{{- if .Values.deployment.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
lifecycle:
{{- if .Values.deployment.postStart.command }}
postStart:
exec:
command: {{ .Values.deployment.postStart.command }}
{{- end }}
env:
{{ toYaml .Values.nexus.env | indent 12 }}
envFrom:
{{ toYaml .Values.nexus.envFrom | indent 12 }}
resources:
{{ toYaml .Values.nexus.resources | indent 12 }}
ports:
- name: nexus-ui
containerPort: {{ .Values.nexus.nexusPort }}
{{- if .Values.nexus.docker.enabled }}
{{- range .Values.nexus.docker.registries }}
- name: docker-{{ .port }}
containerPort: {{ .port }}
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: {{ .Values.nexus.livenessProbe.path }}
port: {{ .Values.nexus.nexusPort }}
initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }}
{{- if .Values.nexus.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }}
{{- end }}
readinessProbe:
httpGet:
path: {{ .Values.nexus.readinessProbe.path }}
port: {{ .Values.nexus.nexusPort }}
initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }}
{{- if .Values.nexus.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }}
{{- end }}
volumeMounts:
- mountPath: /nexus-data
name: {{ template "nexus.name" . }}-data
- mountPath: /nexus-data/etc
name: {{ template "nexus.name" . }}-data
{{- if .Values.license_key }}
- mountPath: {{ .Values.license.mountPath }}
name: {{ template "nexus.name" . }}-license
subPath: {{ .Values.license.subPath }}
{{- end }}
{{- if .Values.config.enabled }}
- mountPath: {{ .Values.config.mountPath }}
name: {{ template "nexus.name" . }}-conf
{{- end }}
{{- if .Values.nexus.properties.override }}
- mountPath: /nexus-data/etc/nexus.properties
name: {{ template "nexus.name" . }}-properties
subPath: nexus.properties
{{- end }}
{{- if .Values.secret.enabled }}
- mountPath: {{ .Values.secret.mountPath }}
name: {{ template "nexus.name" . }}-secret
subPath: {{ .Values.secret.subPath }}
readOnly: {{ .Values.secret.readOnly }}
{{- end }}
{{- if .Values.deployment.additionalVolumeMounts}}
{{ toYaml .Values.deployment.additionalVolumeMounts | indent 12 }}
{{- end }}
{{- if .Values.deployment.additionalContainers }}
{{ toYaml .Values.deployment.additionalContainers | indent 8 }}
{{- end }}
{{- if .Values.nexus.securityContext }}
securityContext:
{{ toYaml .Values.nexus.securityContext | indent 8 }}
{{- end }}
volumes:
- name: {{ template "nexus.name" . }}-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.license_key }}
- name: nexus-repository-manager-license
secret:
secretName: {{ template "nexus.name" . }}-license
items:
- key: sonatype-license.lic
path: sonatype-license.lic
{{- end }}
{{- if .Values.config.enabled }}
- name: {{ template "nexus.name" . }}-conf
configMap:
name: {{ template "nexus.name" . }}-conf
{{- end }}
{{- if .Values.nexus.properties.override }}
- name: {{ template "nexus.name" . }}-properties
configMap:
name: {{ template "nexus.name" . }}-properties
items:
- key: nexus.properties
path: nexus.properties
{{- end }}
{{- if .Values.secret.enabled }}
- name: {{ template "nexus.name" . }}-secret
secret:
secretName: {{ template "nexus.name" . }}-secret
items:
- key: admin.password
path: admin.password
{{- end }}
{{- if .Values.deployment.additionalVolumes }}
{{ toYaml .Values.deployment.additionalVolumes | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
chart/templates/ingress-docker.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if .Values.ingressDocker.enabled }}
apiVersion: {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} networking.k8s.io/v1beta1 {{- else }} extensions/v1beta1 {{- end }}
kind: Ingress
metadata:
name: {{ template "nexus.ingres.docker" . }}
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- range $key, $value := .Values.ingressDocker.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
{{- range $key, $value := .Values.ingressDocker.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- if .Values.nexusProxy.env.nexusDockerHost }}
- host: {{ .Values.nexusProxy.env.nexusDockerHost }}
http:
paths:
- backend:
{{- if .Values.nexusProxy.svcName }}
serviceName: {{ .Values.nexusProxy.svcName }}
{{- else }}
serviceName: {{ template "nexus.fullname" . }}
{{- end }}
{{- if .Values.nexusProxy.enabled }}
servicePort: {{ .Values.nexusProxy.port }}
{{- else }}
servicePort: {{ .Values.nexus.dockerPort }}
{{- end }}
path: {{ .Values.ingress.path }}
{{- end }}
{{- with .Values.ingressDocker.rules }}
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- if .Values.ingress.tls.enabled }}
tls:
- hosts:
{{- if .Values.nexusProxy.env.nexusDockerHost }}
- {{ .Values.nexusProxy.env.nexusDockerHost }}
{{- end }}
{{- if .Values.ingressDocker.tls.secretName }}
secretName: {{ .Values.ingressDocker.tls.secretName | quote }}
{{- end }}
{{- end -}}
{{- end }}
chart/templates/ingress.yaml
View file @ fdeea492
{{- if .Values.ingress.enabled -}}
apiVersion: {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} networking.k8s.io/v1beta1 {{- else }} extensions/v1beta1 {{- end }}
{{- if and .Values.ingress.enabled (not .Values.istio.enabled) -}}
{{- $fullName := include "nexus.fullname" . -}}
{{- $svcPort := .Values.nexus.nexusPort -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ template "nexus.fullname" . }}
namespace: {{ template "nexus.namespace" . }}
name: {{ $fullName }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- range $key, $value := .Values.ingress.labels }}
{{ $key }}: {{ $value | quote }}
{{- include "nexus.labels" . | nindent 4 }}
{{- if .Values.nexus.extraLabels }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- if .Values.nexusProxy.env.nexusHttpHost }}
- host: {{ .Values.nexusProxy.env.nexusHttpHost }}
- host: {{ .Values.ingress.hostRepo }}
http:
paths:
- backend:
{{- if .Values.nexusProxy.svcName }}
serviceName: {{ .Values.nexusProxy.svcName }}
{{- else }}
serviceName: {{ template "nexus.fullname" . }}
{{- end }}
{{- if .Values.nexusProxy.enabled }}
servicePort: {{ .Values.nexusProxy.port }}
{{- else }}
servicePort: {{ .Values.nexus.nexusPort }}
{{- end }}
path: {{ .Values.ingress.path }}
{{- end }}
{{- with .Values.ingress.rules }}
- path: {{ .Values.ingress.hostPath }}
backend:
serviceName: {{ $fullName }}
servicePort: 8081
{{ if .Values.nexus.docker.enabled }}
{{ range $registry := .Values.nexus.docker.registries }}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }}
labels:
{{- include "nexus.labels" $ | nindent 4 }}
{{- if $.Values.nexus.extraLabels }}
{{- with $.Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
{{- with $.Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- if .Values.ingress.tls.enabled }}
{{- end }}
spec:
tls:
- hosts:
{{- if .Values.nexusProxy.env.nexusHttpHost }}
- {{ .Values.nexusProxy.env.nexusHttpHost }}
{{- end }}
{{- if .Values.ingress.tls.secretName }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
{{- end }}
{{- end -}}
- {{ $registry.host | quote }}
secretName: {{ $registry.secretName }}
rules:
- host: {{ $registry.host }}
http:
paths:
- path: /
backend:
serviceName: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }}
servicePort: {{ $registry.port }}
{{- end }}
{{- end }}
{{- end }}
chart/templates/initpwd-job.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if .Values.initAdminPassword.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "nexus.fullname" . }}-initpwd-job
annotations:
helm.sh/hook: "post-install"
helm.sh/hook-weight: "10"
helm.sh/hook-delete-policy: "before-hook-creation"
labels:
{{ include "nexus.labels" . | indent 4 }}
spec:
backoffLimit: 5
template:
metadata:
name: {{ template "nexus.fullname" . }}-initpwd
labels:
app: {{ template "nexus.name" . }}
release: {{ .Release.Name }}
spec:
restartPolicy: Never
containers:
- name: nexus-initpwd
image: curlimages/curl:7.73.0
command:
- /bin/sh
- -ec
- |
curl --fail -X PUT \
http://$(NEXUS_HOST)/service/rest/beta/security/users/admin/change-password \
-H "Content-Type: text/plain" \
-H "Authorization: Basic $(NEXUS_AUTHORIZATION)" \
-d "$(ADMIN_PASSWORD)"
env:
- name: NEXUS_AUTHORIZATION
valueFrom:
secretKeyRef:
key: nexusAuthorization
name: {{ template "nexus.fullname" . }}-initpwd-secret
- name: NEXUS_HOST
value: {{ template "nexus.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.nexus.nexusPort }}
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: adminPassword
name: {{ template "nexus.fullname" . }}-initpwd-secret
---
apiVersion: v1
kind: Secret
metadata:
name: {{ template "nexus.fullname" . }}-initpwd-secret
annotations:
helm.sh/hook: "post-install"
helm.sh/hook-weight: "-10"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
labels:
{{ include "nexus.labels" . | indent 4 }}
type: Opaque
data:
nexusAuthorization: {{ printf "%s%s" "admin:" (default "admin123" .Values.initAdminPassword.defaultPasswordOverride) | b64enc | b64enc }}
adminPassword: {{ .Values.initAdminPassword.password | b64enc }}
{{- end }}
chart/templates/proxy-ks-secret.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "nexus.proxy-ks.name" . }}
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
type: Opaque
data:
keystore: {{ .Values.nexusProxy.secrets.keystore }}
password: {{ .Values.nexusProxy.secrets.password | b64enc }}
{{- end}}
chart/templates/proxy-route.yaml
View file @ fdeea492
......@@ -3,11 +3,7 @@ apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ template "nexus.fullname" . }}
namespace: {{ template "nexus.namespace" . }}
labels:
{{- range $key, $value := .Values.nexusProxyRoute.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels: {{ .Values.nexusProxyRoute.labels }}
annotations:
{{- range $key, $value := .Values.nexusProxyRoute.annotations }}
{{ $key }}: {{ $value | quote }}
......@@ -15,21 +11,13 @@ metadata:
spec:
host: {{ .Values.nexusProxyRoute.path }}
port:
{{- if .Values.nexusProxy.svcName }}
targetPort: {{ .Values.nexusProxy.svcName }}
{{- else }}
targetPort: {{ template "nexus.fullname" . }}
{{- end }}
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
{{- if .Values.nexusProxy.svcName }}
name: {{ .Values.nexusProxy.svcName }}
{{- else }}
name: {{ template "nexus.fullname" . }}
{{- end }}
weight: 100
wildcardPolicy: None
{{- end }}
chart/templates/proxy-svc.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if or .Values.nexusProxy.enabled .Values.ingress.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.nexusProxy.svcName }}
name: {{ .Values.nexusProxy.svcName }}
{{- else }}
name: {{ template "nexus.fullname" . }}
{{- end }}
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
{{- if .Values.nexusProxy.labels }}
{{ toYaml .Values.nexusProxy.labels | indent 4 }}
{{- end }}
{{- if .Values.nexus.annotations }}
annotations:
{{ toYaml .Values.nexus.annotations | indent 4 }}
{{- end }}
spec:
ports:
{{- if .Values.nexusProxy.enabled }}
- port: {{ .Values.nexusProxy.port }}
{{- else }}
- port: {{ .Values.nexus.nexusPort }}
{{- end }}
{{- if .Values.nexusProxy.svcName }}
name: {{ .Values.nexusProxy.svcName }}
{{- else }}
name: {{ template "nexus.fullname" . }}
{{- end }}
protocol: TCP
{{- if .Values.nexusProxy.enabled }}
targetPort: {{ .Values.nexusProxy.targetPort }}
{{- else }}
targetPort: {{ .Values.nexus.nexusPort }}
- port: {{ .Values.nexus.dockerPort }}
name: docker
protocol: TCP
targetPort: {{ .Values.nexus.dockerPort }}
{{- end }}
selector:
app: {{ template "nexus.name" . }}
release: {{ .Release.Name }}
type: {{ .Values.nexus.service.type }}
{{- if and (eq .Values.nexus.service.type "ClusterIP") .Values.nexus.service.clusterIP }}
clusterIP: {{ .Values.nexus.service.clusterIP }}
{{- end }}
{{- if and (eq .Values.nexus.service.type "LoadBalancer") .Values.nexus.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.nexus.service.loadBalancerIP }}
{{- end }}
{{- end }}
chart/templates/psp-clusterrole.yaml 0 → 100644
View file @ fdeea492
{{- if .Values.psp.create -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels: {{- include "nexus.labels" . | nindent 4 }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "nexus.name" . }}-psp-use
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
resourceNames:
- {{ template "nexus.name" . }}
verbs:
- use
{{- end -}}
\ No newline at end of file
chart/templates/psp-rolebinding.yaml 0 → 100644
View file @ fdeea492
{{- if .Values.psp.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels: {{- include "nexus.labels" . | nindent 4 }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "nexus.name" . }}-psp-use
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "nexus.name" . }}-psp-use
subjects:
- kind: ServiceAccount
name: {{ include "nexus.serviceAccountName" . }}
{{- end -}}
\ No newline at end of file
chart/templates/psp.yaml 0 → 100644
View file @ fdeea492
{{- if .Values.psp.create -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
labels: {{- include "nexus.labels" . | nindent 4 }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "nexus.name" . }}
spec:
requiredDropCapabilities:
- ALL
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- secret
- projected
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: RunAsAny
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
{{- end }}
chart/templates/pv.yaml
View file @ fdeea492
......@@ -4,9 +4,13 @@ apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ .Values.persistence.pdName }}
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.extraLabels }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
spec:
capacity:
storage: {{ .Values.persistence.storageSize }}
......
chart/templates/pvc.yaml
View file @ fdeea492
{{- if not .Values.statefulset.enabled }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "nexus.fullname" . }}-data
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.extraLabels }}
{{- with .Values.nexus.extraLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }}
......@@ -25,4 +28,3 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}
chart/templates/rclone-config-secret.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if and .Values.nexusBackup.enabled -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "nexus.name" . }}-rclone-config-secret
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
data:
{{- if .Values.nexusBackup.rcloneConfig }}
{{- range $key, $val := .Values.nexusBackup.rcloneConfig }}
{{ $key }}: |-
{{ $val | b64enc| indent 4}}
{{- end }}
{{- end -}}
{{- end}}
chart/templates/route.yaml
View file @ fdeea492
......@@ -3,11 +3,7 @@ apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ .Values.route.name }}
namespace: {{ template "nexus.namespace" . }}
labels:
{{- range $key, $value := .Values.route.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels: {{ .Values.route.labels }}
annotations:
{{- range $key, $value := .Values.route.annotations }}
{{ $key }}: {{ $value | quote }}
......@@ -28,6 +24,4 @@ spec:
{{- end }}
weight: 100
wildcardPolicy: None
status:
ingress: []
{{- end }}
chart/templates/secret.yaml deleted 100644 → 0
View file @ 41dfdebe
{{- if and .Values.secret.enabled .Values.secret.data -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "nexus.name" . }}-secret
namespace: {{ template "nexus.namespace" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
data:
{{ toYaml .Values.secret.data | indent 2 }}
{{- end}}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED