{{- if .Values.statefulset.enabled }} apiVersion: apps/v1 kind: StatefulSet {{- else }} apiVersion: apps/v1 kind: Deployment {{- end }} metadata: name: {{ template "nexus.fullname" . }} labels: {{ include "nexus.labels" . | indent 4 }} {{- if .Values.nexus.labels }} {{ toYaml .Values.nexus.labels | indent 4 }} {{- end }} {{- if .Values.deployment.annotations }} annotations: {{ toYaml .Values.deployment.annotations | indent 4 }} {{- end }} spec: replicas: {{ .Values.replicaCount }} {{- if .Values.statefulset.enabled }} {{- if .Values.nexusProxy.svcName }} serviceName: {{ .Values.nexusProxy.svcName }} {{- else }} serviceName: {{ template "nexus.fullname" . }} {{- end }} {{- end }} {{- if .Values.deploymentStrategy }} strategy: {{ toYaml .Values.deploymentStrategy | indent 4 }} {{- end }} selector: matchLabels: app: {{ template "nexus.name" . }} release: {{ .Release.Name }} template: metadata: {{- if .Values.nexus.podAnnotations }} annotations: {{ toYaml .Values.nexus.podAnnotations | indent 8}} {{- end }} labels: app: {{ template "nexus.name" . }} release: {{ .Release.Name }} spec: {{- if .Values.deployment.initContainers }} initContainers: {{ toYaml .Values.deployment.initContainers | indent 6 }} {{- end }} {{- if .Values.nexus.nodeSelector }} nodeSelector: {{ toYaml .Values.nexus.nodeSelector | indent 8 }} {{- end }} {{- if .Values.nexus.hostAliases }} hostAliases: {{ toYaml .Values.nexus.hostAliases | indent 8 }} {{- end }} {{- if .Values.nexus.imagePullSecret }} imagePullSecrets: - name: {{ .Values.nexus.imagePullSecret }} {{- end }} {{- if .Values.serviceAccount.create }} serviceAccountName: {{ template "nexus.fullname" . }} {{- else }} serviceAccountName: {{ .Values.serviceAccount.name | quote }} {{- end }} {{- if .Values.nexus.priorityClassName }} priorityClassName: {{ .Values.nexus.priorityClassName }} {{- end }} containers: - name: nexus image: {{ .Values.nexus.imageName }}:{{ .Values.nexus.imageTag }} imagePullPolicy: {{ .Values.nexus.imagePullPolicy }} {{- if .Values.deployment.postStart.command }} lifecycle: postStart: exec: command: {{ .Values.deployment.postStart.command }} {{- end }} env: {{ toYaml .Values.nexus.env | indent 12 }} resources: {{ toYaml .Values.nexus.resources | indent 12 }} ports: - containerPort: {{ .Values.nexus.dockerPort }} name: nexus-docker-g - containerPort: {{ .Values.nexus.nexusPort }} name: nexus-http livenessProbe: httpGet: path: {{ .Values.nexus.livenessProbe.path }} port: {{ .Values.nexus.nexusPort }} initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }} failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }} {{- if .Values.nexus.livenessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }} {{- end }} readinessProbe: httpGet: path: {{ .Values.nexus.readinessProbe.path }} port: {{ .Values.nexus.nexusPort }} initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }} failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }} {{- if .Values.nexus.readinessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }} {{- end }} volumeMounts: - mountPath: /nexus-data name: {{ template "nexus.fullname" . }}-data - mountPath: /nexus-data/backup name: {{ template "nexus.fullname" . }}-backup {{- if .Values.config.enabled }} - mountPath: {{ .Values.config.mountPath }} name: {{ template "nexus.name" . }}-conf {{- end }} {{- if .Values.secret.enabled }} - mountPath: {{ .Values.secret.mountPath }} name: {{ template "nexus.name" . }}-secret readOnly: {{ .Values.secret.readOnly }} {{- end }} {{- if .Values.deployment.additionalVolumeMounts}} {{ toYaml .Values.deployment.additionalVolumeMounts | indent 12 }} {{- end }} {{- if .Values.nexusProxy.enabled }} - name: nexus-proxy image: {{ .Values.nexusProxy.imageName }}:{{ .Values.nexusProxy.imageTag }} resources: {{ toYaml .Values.nexusProxy.resources | indent 12 }} imagePullPolicy: {{ .Values.nexusProxy.imagePullPolicy }} env: - name: ALLOWED_USER_AGENTS_ON_ROOT_REGEX value: "GoogleHC" - name: CLOUD_IAM_AUTH_ENABLED value: {{ .Values.nexusProxy.env.cloudIamAuthEnabled | quote }} - name: BIND_PORT value: {{ .Values.nexusProxy.targetPort | quote }} - name: ENFORCE_HTTPS value: {{ .Values.nexusProxy.env.enforceHttps | quote }} - name: NEXUS_DOCKER_HOST value: {{ .Values.nexusProxy.env.nexusDockerHost | quote }} - name: NEXUS_HTTP_HOST value: {{ .Values.nexusProxy.env.nexusHttpHost | quote }} - name: UPSTREAM_DOCKER_PORT value: {{ .Values.nexus.dockerPort | quote }} - name: UPSTREAM_HTTP_PORT value: {{ .Values.nexus.nexusPort | quote }} - name: UPSTREAM_HOST value: "localhost" {{- if .Values.nexusProxy.env.cloudIamAuthEnabled }} - name: NEXUS_RUT_HEADER value: "X-Forwarded-User" - name: CLIENT_ID value: {{ .Values.nexusProxy.env.clientId | quote }} - name: CLIENT_SECRET value: {{ .Values.nexusProxy.env.clientSecret | quote }} - name: ORGANIZATION_ID value: {{ .Values.nexusProxy.env.organizationId | quote }} - name: REDIRECT_URL value: {{ .Values.nexusProxy.env.redirectUrl | quote }} - name: KEYSTORE_PASS valueFrom: secretKeyRef: name: {{ template "nexus.proxy-ks.name" . }} key: password - name: KEYSTORE_PATH value: "/nexus-proxy-ks/keystore" - name: AUTH_CACHE_TTL value: "60000" - name: SESSION_TTL value: "86400000" - name: JWT_REQUIRES_MEMBERSHIP_VERIFICATION value: {{ .Values.nexusProxy.env.requiredMembershipVerification | quote }} {{- end }} ports: - containerPort: {{ .Values.nexusProxy.targetPort }} name: nexus-proxy {{- if .Values.nexusProxy.env.cloudIamAuthEnabled }} volumeMounts: - mountPath: /nexus-proxy-ks name: {{ template "nexus.proxy-ks.name" . }} readOnly: true {{- end }} {{- end }} {{- if .Values.nexusBackup.enabled }} - name: nexus-backup image: {{ .Values.nexusBackup.imageName }}:{{ .Values.nexusBackup.imageTag }} imagePullPolicy: {{ .Values.nexusBackup.imagePullPolicy }} resources: {{ toYaml .Values.nexusBackup.resources | indent 12 }} env: - name: NEXUS_AUTHORIZATION valueFrom: secretKeyRef: key: nexus.nexusAdminPassword name: {{ template "nexus.fullname" . }} - name: NEXUS_BACKUP_DIRECTORY value: /nexus-data/backup - name: NEXUS_DATA_DIRECTORY value: /nexus-data - name: NEXUS_LOCAL_HOST_PORT value: "localhost:{{ .Values.nexus.nexusPort }}" - name: OFFLINE_REPOS value: "maven-central maven-public maven-releases maven-snapshots" - name: TARGET_BUCKET value: {{ .Values.nexusBackup.env.targetBucket | quote }} - name: GRACE_PERIOD value: "60" - name: TRIGGER_FILE value: .backup volumeMounts: - mountPath: /nexus-data name: {{ template "nexus.fullname" . }}-data - mountPath: /nexus-data/backup name: {{ template "nexus.fullname" . }}-backup {{- end }} {{- if .Values.deployment.additionalContainers }} {{ toYaml .Values.deployment.additionalContainers | indent 8 }} {{- end }} {{- if .Values.nexus.securityContextEnabled }} securityContext: {{ toYaml .Values.nexus.securityContext | indent 8 }} {{- end }} volumes: {{- if .Values.nexusProxy.env.cloudIamAuthEnabled }} - name: {{ template "nexus.proxy-ks.name" . }} secret: secretName: {{ template "nexus.proxy-ks.name" . }} {{- end }} {{- if .Values.statefulset.enabled }} {{- if not .Values.persistence.enabled }} - name: {{ template "nexus.fullname" . }}-data emptyDir: {} {{- end }} {{- if not .Values.nexusBackup.persistence.enabled }} - name: {{ template "nexus.fullname" . }}-backup emptyDir: {} {{- end }} {{- else }} - name: {{ template "nexus.fullname" . }}-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }} {{- else }} emptyDir: {} {{- end }} - name: {{ template "nexus.fullname" . }}-backup {{- if .Values.nexusBackup.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.nexusBackup.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "backup") }} {{- else }} emptyDir: {} {{- end }} {{- end }} {{- if .Values.config.enabled }} - name: {{ template "nexus.name" . }}-conf configMap: name: {{ template "nexus.name" . }}-conf {{- end }} {{- if .Values.secret.enabled }} - name: {{ template "nexus.name" . }}-secret secret: secretName: {{ template "nexus.name" . }}-secret {{- end }} {{- if .Values.deployment.additionalVolumes }} {{ toYaml .Values.deployment.additionalVolumes | indent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} ## create pvc in case of statefulsets {{- if .Values.statefulset.enabled }} volumeClaimTemplates: {{- if .Values.persistence.enabled }} - metadata: name: {{ template "nexus.fullname" . }}-data labels: {{ include "nexus.labels" . | indent 10 }} {{- if .Values.persistence.annotations }} annotations: {{ toYaml .Values.persistence.annotations | indent 10 }} {{- end }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} resources: requests: storage: {{ .Values.persistence.storageSize | quote }} {{- if .Values.persistence.storageClass }} {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} {{- end }} {{- end }} {{- if .Values.nexusBackup.persistence.enabled }} - metadata: name: {{ template "nexus.fullname" . }}-backup labels: {{ include "nexus.labels" . | indent 10 }} {{- if .Values.nexusBackup.persistence.annotations }} annotations: {{ toYaml .Values.nexusBackup.persistence.annotations | indent 10 }} {{- end }} spec: accessModes: - {{ .Values.nexusBackup.persistence.accessMode }} resources: requests: storage: {{ .Values.nexusBackup.persistence.storageSize | quote }} {{- if .Values.nexusBackup.persistence.storageClass }} {{- if (eq "-" .Values.nexusBackup.persistence.storageClass) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.nexusBackup.persistence.storageClass }}" {{- end }} {{- end }} {{- end }} {{- end }}