{{- if .Values.chartmuseum.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: "{{ template "harbor.chartmuseum" . }}" labels: {{ include "harbor.labels" . | indent 4 }} component: chartmuseum spec: replicas: {{ .Values.chartmuseum.replicas }} strategy: type: {{ .Values.updateStrategy.type }} {{- if eq .Values.updateStrategy.type "Recreate" }} rollingUpdate: null {{- end }} selector: matchLabels: {{ include "harbor.matchLabels" . | indent 6 }} component: chartmuseum template: metadata: labels: {{ include "harbor.labels" . | indent 8 }} component: chartmuseum annotations: checksum/configmap: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }} checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }} {{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }} checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }} {{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }} checksum/tls: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-tls.yaml") . | sha256sum }} {{- end }} {{- if .Values.chartmuseum.podAnnotations }} {{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }} {{- end }} spec: securityContext: fsGroup: 10000 {{- if .Values.chartmuseum.serviceAccountName }} serviceAccountName: {{ .Values.chartmuseum.serviceAccountName }} {{- end -}} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: chartmuseum {{- if contains "/" .Values.chartmuseum.image.repository }} image: "{{ .Values.chartmuseum.image.repository }}" {{- else }} image: "{{ .Values.chartmuseum.image.hub | default .Values.global.hub }}/{{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag | default .Values.global.tag }}{{ template ".beagle.imageArch" . }}" {{- end }} imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}" livenessProbe: httpGet: path: /health scheme: {{ include "harbor.component.scheme" . | upper }} port: {{ template "harbor.chartmuseum.containerPort" . }} initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: /health scheme: {{ include "harbor.component.scheme" . | upper }} port: {{ template "harbor.chartmuseum.containerPort" . }} initialDelaySeconds: 1 periodSeconds: 10 {{- if .Values.chartmuseum.resources }} resources: {{ toYaml .Values.chartmuseum.resources | indent 10 }} {{- end }} envFrom: - configMapRef: name: "{{ template "harbor.chartmuseum" . }}" - secretRef: name: "{{ template "harbor.chartmuseum" . }}" env: {{- if has "chartmuseum" .Values.proxy.components }} - name: HTTP_PROXY value: "{{ .Values.proxy.httpProxy }}" - name: HTTPS_PROXY value: "{{ .Values.proxy.httpsProxy }}" - name: NO_PROXY value: "{{ template "harbor.noProxy" . }}" {{- end }} {{- if .Values.internalTLS.enabled }} - name: INTERNAL_TLS_ENABLED value: "true" - name: INTERNAL_TLS_KEY_PATH value: /etc/harbor/ssl/chartmuseum/tls.key - name: INTERNAL_TLS_CERT_PATH value: /etc/harbor/ssl/chartmuseum/tls.crt - name: INTERNAL_TLS_TRUST_CA_PATH value: /etc/harbor/ssl/chartmuseum/ca.crt {{- end }} - name: BASIC_AUTH_PASS valueFrom: secretKeyRef: name: {{ template "harbor.core" . }} key: secret - # Needed to make AWS' client connect correctly (see https://github.com/helm/chartmuseum/issues/280) name: AWS_SDK_LOAD_CONFIG value: "1" ports: - containerPort: {{ template "harbor.chartmuseum.containerPort" . }} volumeMounts: - name: chartmuseum-data mountPath: /chart_storage subPath: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.subPath }} {{- if .Values.internalTLS.enabled }} - name: chart-internal-certs mountPath: /etc/harbor/ssl/chartmuseum {{- end }} {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }} - name: gcs-key mountPath: /etc/chartmuseum/gcs-key.json subPath: gcs-key.json {{- end }} {{- if .Values.persistence.imageChartStorage.caBundleSecretName }} - name: storage-service-ca mountPath: /harbor_cust_cert/custom-ca-bundle.crt subPath: ca.crt {{- end }} {{- if .Values.caBundleSecretName }} {{ include "harbor.caBundleVolumeMount" . | indent 8 }} {{- end }} volumes: - name: chartmuseum-data {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }} persistentVolumeClaim: claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }} {{- else }} emptyDir: {} {{- end }} {{- if .Values.internalTLS.enabled }} - name: chart-internal-certs secret: secretName: {{ template "harbor.internalTLS.chartmuseum.secretName" . }} {{- end }} {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }} - name: gcs-key secret: secretName: {{ template "harbor.registry" . }} items: - key: GCS_KEY_DATA path: gcs-key.json {{- end }} {{- if .Values.persistence.imageChartStorage.caBundleSecretName }} - name: storage-service-ca secret: secretName: {{ .Values.persistence.imageChartStorage.caBundleSecretName }} {{- end }} {{- if .Values.caBundleSecretName }} {{ include "harbor.caBundleVolume" . | indent 6 }} {{- end }} {{- with .Values.chartmuseum.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.chartmuseum.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.chartmuseum.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- end }}