zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 16:06:57 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e36f5ae63fb4e3654882d1f2e2999ad7bec40eb
JFrog-Cloud-Installers/Openshift4/helm/openshift-pipelines/charts/pipelines/templates/pipelines-statefulset.yaml

472 lines
22 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "pipelines.services.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
spec:
serviceName: {{ include "pipelines.services.name" . }}-headless
{{- if not .Values.pipelines.autoscaling.enabled }}
replicas: {{ .Values.pipelines.replicaCount }}
{{- end }}
updateStrategy:
type: {{ .Values.pipelines.updateStrategy }}
selector:
matchLabels:
{{- include "pipelines.selectorLabels" . | nindent 6 }}
component: {{ include "pipelines.services.name" . }}
template:
metadata:
labels:
{{- include "pipelines.selectorLabels" . | nindent 8 }}
component: {{ include "pipelines.services.name" . }}
annotations:
checksum/systemyaml: {{ include (print $.Template.BasePath "/pipelines-system-yaml.yaml") . | sha256sum }}
checksum/secretdb: {{ include (print $.Template.BasePath "/database-secret.yaml") . | sha256sum }}
checksum/secretaws: {{ include (print $.Template.BasePath "/buildplane-secret-aws.yaml") . | sha256sum }}
checksum/configaws: {{ include (print $.Template.BasePath "/buildplane-config-aws.yaml") . | sha256sum }}
checksum/secretk8s: {{ include (print $.Template.BasePath "/buildplane-secret-k8s.yaml") . | sha256sum }}
checksum/configk8s: {{ include (print $.Template.BasePath "/buildplane-config-k8s.yaml") . | sha256sum }}
checksum/configfilebeat: {{ include (print $.Template.BasePath "/filebeat-config.yaml") . | sha256sum }}
spec:
serviceAccountName: {{ include "pipelines.fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
initContainers:
{{- with .Values.pipelines.customInitContainersBegin }}
{{- tpl . $ | nindent 8 }}
{{- end }}
- name: copy-system-yaml
image: "{{ .Values.initContainer.image }}"
imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
command:
- '/bin/sh'
- '-c'
- >
echo "Copy system.yaml to {{ .Values.pipelines.mountPath }}";
cp -fv /tmp/etc/system.yaml {{ .Values.pipelines.mountPath }}/system.yaml;
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: systemyaml
mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml
- name: wait-for-vault
image: "{{ .Values.initContainer.image }}"
imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
command:
- 'sh'
- '-c'
- >
echo "Waiting for Vault to come up...";
{{- if .Values.vault.enabled }}
until nc -z -w 2 {{ include "pipelines.vault.name" . }} {{ .Values.vault.service.port }} && echo Vault ok; do
{{- else }}
until nc -z -w 2 {{ tpl .Values.global.vault.host . }} {{ .Values.global.vault.port }} && echo Vault ok; do
{{- end }}
sleep 2;
done;
- name: pipelines-installer
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.pipelinesInit.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
env:
- name: VAULT_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.global.vault.existingSecret | default (printf "%s" "root-vault-secret") }}
key: token
{{- if .Values.vault.enabled }}
- name: PIPELINES_SHARED_DB_CONNECTIONSTRING
valueFrom:
secretKeyRef:
name: {{ .Values.global.postgresql.existingSecret | default (printf "%s-%s" (include "pipelines.fullname" .) "database") }}
key: postgresql-url
{{- end }}
- name: PIPELINES_NODE_ID
valueFrom:
fieldRef:
fieldPath: "metadata.name"
command:
- 'sh'
- '-c'
- >
{{- if .Values.rabbitmq.enabled }}
echo "Waiting for RabbitMQ to come up...";
until nc -z -w 2 {{ .Release.Name }}-rabbitmq {{ .Values.rabbitmq.service.port }} && echo rabbitmq ok; do
sleep 2;
done;
{{- end }}
{{- if .Values.redis.enabled }}
echo "Waiting for Redis to come up...";
until nc -z -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.redisPort }} && echo redis ok; do
sleep 2;
done;
{{- end }}
sleep 20;
./pipelines-k8s;
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
{{- if .Values.buildPlane.dynamic.provider.aws.enabled }}
- name: buildplane-creds-aws
mountPath: {{ .Values.pipelines.mountPath }}/buildplane-creds
readOnly: true
- name: buildplane-config-aws
mountPath: {{ .Values.pipelines.mountPath }}/buildplane-config
readOnly: true
{{- end }}
{{- if .Values.buildPlane.dynamic.provider.k8s.enabled }}
- name: buildplane-creds-k8s
mountPath: {{ .Values.pipelines.mountPath }}/buildplane-creds
readOnly: true
- name: buildplane-config-k8s
mountPath: {{ .Values.pipelines.mountPath }}/buildplane-config
readOnly: true
{{- end }}
{{- with .Values.pipelines.customInitContainers }}
{{- tpl . $ | nindent 8 }}
{{- end }}
containers:
{{- if .Values.filebeat.enabled }}
- name: {{ .Values.filebeat.name }}
image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}"
imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }}
args:
- "-e"
- "-E"
- "http.enabled=true"
securityContext:
runAsUser: 0
resources:
{{ toYaml .Values.filebeat.resources | nindent 12 }}
volumeMounts:
- name: filebeat-config
mountPath: /usr/share/filebeat/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
{{- end }}
- name: router
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.router.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }}
env:
{{- if not .Values.router.routerConfiguration }}
- name: JF_ROUTER_SERVICEREGISTRY_URL
value: "{{ tpl .Values.pipelines.jfrogUrl . }}/access"
{{- end }}
- name: JF_ROUTER_SERVICEREGISTRY_GRPCADDRESS
value: "{{ include "pipelines.grpc.url" . }}"
- name: JF_ROUTER_ENTRYPOINTS_INTERNALPORT
value: "{{ .Values.pipelines.router.internalPort }}"
- name: JF_ROUTER_ENTRYPOINTS_EXTERNALPORT
value: "{{ .Values.pipelines.router.externalPort }}"
- name: JF_ROUTER_LOGGING_ROUTER_LOGLEVEL
value: "DEBUG"
- name: JF_SHARED_NODE_ID
valueFrom:
fieldRef:
fieldPath: "metadata.name"
- name: JF_SHARED_NODE_IP
valueFrom:
fieldRef:
fieldPath: "status.podIP"
- name: JF_SHARED_SECURITY_JOINKEY
value: "{{ .Values.pipelines.joinKey }}"
- name: JF_ROUTER_ENCRYPTSYSTEMCONFIG
value: "true"
ports:
- name: router
containerPort: {{ .Values.pipelines.router.internalPort }}
securityContext:
allowPrivilegeEscalation: false
resources:
{{ toYaml .Values.pipelines.router.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.router.mountPath }}
- name: api
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.api.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.api.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
env:
- name: PIPELINES_NODE_ID
valueFrom:
fieldRef:
fieldPath: "metadata.name"
ports:
- name: api
containerPort: 30000
{{- if .Values.pipelines.api.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.pipelines.api.livenessProbe.path}}
port: {{ .Values.pipelines.api.livenessProbe.port}}
initialDelaySeconds: {{ .Values.pipelines.api.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.pipelines.api.livenessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.pipelines.api.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.pipelines.api.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.pipelines.api.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.pipelines.api.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.pipelines.api.readinessProbe.path}}
port: {{ .Values.pipelines.api.readinessProbe.port}}
initialDelaySeconds: {{ .Values.pipelines.api.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.pipelines.api.readinessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.pipelines.api.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.pipelines.api.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.pipelines.api.readinessProbe.successThreshold }}
{{- end }}
resources:
{{- toYaml .Values.pipelines.api.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
{{- with .Values.pipelines.customVolumeMounts }}
{{ tpl . $ | nindent 10 }}
{{- end }}
- name: www
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.www.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.www.image.pullPolicy }}
ports:
- name: www
containerPort: 30001
{{- if .Values.pipelines.www.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.pipelines.www.livenessProbe.path}}
port: {{ .Values.pipelines.www.livenessProbe.port}}
initialDelaySeconds: {{ .Values.pipelines.www.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.pipelines.www.livenessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.pipelines.www.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.pipelines.www.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.pipelines.www.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.pipelines.www.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.pipelines.www.readinessProbe.path}}
port: {{ .Values.pipelines.www.readinessProbe.port}}
initialDelaySeconds: {{ .Values.pipelines.www.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.pipelines.www.readinessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.pipelines.www.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.pipelines.www.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.pipelines.www.readinessProbe.successThreshold }}
{{- end }}
resources:
{{- toYaml .Values.pipelines.www.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
{{- with .Values.pipelines.customVolumeMounts }}
{{ tpl . $ | indent 10 }}
{{- end }}
- name: pipelinesync
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.pipelineSync.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.pipelineSync.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
env:
- name: COMPONENT
value: pipelinesync
resources:
{{- toYaml .Values.pipelines.pipelineSync.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: runtrigger
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.runTrigger.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.runTrigger.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/runTrigger
env:
- name: COMPONENT
value: runtrigger
resources:
{{- toYaml .Values.pipelines.runTrigger.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: steptrigger
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.stepTrigger.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.stepTrigger.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/stepTrigger
env:
- name: COMPONENT
value: steptrigger
resources:
{{- toYaml .Values.pipelines.stepTrigger.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: cron
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.cron.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.cron.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/cron
env:
- name: COMPONENT
value: cron
resources:
{{- toYaml .Values.pipelines.cron.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: nexec
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.nexec.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.nexec.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/nexec
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
env:
- name: COMPONENT
value: nexec
resources:
{{- toYaml .Values.pipelines.nexec.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: hookhandler
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.hookHandler.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.hookHandler.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/hookHandler
env:
- name: COMPONENT
value: hookhandler
resources:
{{- toYaml .Values.pipelines.hookHandler.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: marshaller
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.marshaller.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.marshaller.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/marshaller
env:
- name: COMPONENT
value: marshaller
resources:
{{- toYaml .Values.pipelines.marshaller.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: logup
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.logup.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.logup.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/logup
env:
- name: COMPONENT
value: logup
resources:
{{- toYaml .Values.pipelines.logup.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: extensionsync
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.extensionSync.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.extensionSync.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/extensionSync
env:
- name: COMPONENT
value: extensionsync
resources:
{{- toYaml .Values.pipelines.extensionSync.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
{{- with .Values.pipelines.customSidecarContainers }}
{{ tpl . $ | nindent 8 }}
{{- end }}
{{- with .Values.pipelines.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.pipelines.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.pipelines.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- with .Values.pipelines.customVolumes }}
{{ tpl . $ | nindent 6 }}
{{- end }}
- name: jfrog-pipelines-folder
emptyDir: {}
- name: jfrog-pipelines-logs
emptyDir: {}
- name: systemyaml
secret:
secretName: {{ .Values.existingSecret | default (printf "%s-%s" (include "pipelines.fullname" .) "system-yaml") }}
{{- if .Values.pipelines.configMaps }}
- name: pipelines-configmaps
configMap:
name: {{ include "pipelines.fullname" . }}-configmaps
{{- end }}
{{- if .Values.buildPlane.dynamic.provider.aws.enabled }}
- name: buildplane-creds-aws
secret:
secretName: {{ .Values.buildPlane.dynamic.provider.aws.existingSecret | default (printf "%s-dynamic-buildplane-creds-aws" (include "pipelines.fullname" .)) }}
- name: buildplane-config-aws
configMap:
name: {{ include "pipelines.fullname" . }}-dynamic-buildplane-config-aws
{{- end }}
{{- if .Values.buildPlane.dynamic.provider.k8s.enabled }}
- name: buildplane-creds-k8s
secret:
secretName: {{ .Values.buildPlane.dynamic.provider.k8s.existingSecret | default (printf "%s-dynamic-buildplane-creds-k8s" (include "pipelines.fullname" .)) }}
- name: buildplane-config-k8s
configMap:
name: {{ include "pipelines.fullname" . }}-dynamic-buildplane-config-k8s
{{- end }}
{{- if .Values.filebeat.enabled }}
- name: filebeat-config
configMap:
name: {{ include "pipelines.fullname" . }}-filebeat-config
{{- end }}
Reference in New Issue View Git Blame Copy Permalink