apiVersion: apps/v1 kind: StatefulSet metadata: name: dependency-track-api-server namespace: dependency-track labels: helm.sh/chart: dependency-track-0.44.0 app.kubernetes.io/part-of: dependency-track app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: dependency-track app.kubernetes.io/name: dependency-track-api-server app.kubernetes.io/component: api-server app.kubernetes.io/version: 4.14.1 spec: serviceName: dependency-track-api-server replicas: 1 selector: matchLabels: app.kubernetes.io/instance: dependency-track app.kubernetes.io/name: dependency-track-api-server app.kubernetes.io/component: api-server template: metadata: labels: app.kubernetes.io/instance: dependency-track app.kubernetes.io/name: dependency-track-api-server app.kubernetes.io/component: api-server annotations: prometheus.io/scrape: "true" prometheus.io/path: /metrics spec: enableServiceLinks: true initContainers: serviceAccount: dependency-track securityContext: fsGroup: 1000 containers: - name: dependency-track-api-server image: docker.io/dependencytrack/apiserver:4.14.1@sha256:2d8813e1ba4ada4aa23087d908c1b5a3ffce39261ead5555c397a1d67c7cbe9d imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault resources: limits: {} requests: cpu: 100m memory: 100Mi env: - name: ALPINE_METRICS_ENABLED value: "true" - name: ALPINE_SECRET_KEY_PATH value: "/var/run/secrets/secret.key" - name: ALPINE_DATABASE_MODE value: external - name: ALPINE_DATABASE_MODE value: org.postgresql.Driver - name: ALPINE_DATABASE_URL valueFrom: secretKeyRef: key: jdbc-uri name: dependency-track-postgresql-18-cluster-app - name: ALPINE_DATABASE_USERNAME valueFrom: secretKeyRef: key: user name: dependency-track-postgresql-18-cluster-app - name: ALPINE_DATABASE_PASSWORD valueFrom: secretKeyRef: key: password name: dependency-track-postgresql-18-cluster-app - name: ALPINE_OIDC_ENABLED value: "true" - name: ALPINE_OIDC_CLIENT_ID valueFrom: secretKeyRef: key: client name: dependency-track-oidc-secret - name: ALPINE_OIDC_ISSUER value: https://authentik.alexlebens.net/application/o/dependency-track/ - name: ALPINE_OIDC_USERNAME_CLAIM value: preferred_username - name: ALPINE_OIDC_TEAMS_CLAIM value: groups - name: ALPINE_OIDC_USER_PROVISIONING value: "true" - name: ALPINE_OIDC_TEAM_SYNCHRONIZATION value: "true" - name: ALPINE_CORS_ENABLED value: "true" - name: ALPINE_CORS_ALLOW_ORIGIN value: dependency-track.alexlebens.net, dependency-track.dependency-track ports: - name: web containerPort: 8080 protocol: TCP volumeMounts: - name: data mountPath: /data - name: tmp mountPath: /tmp - name: secret-key subPath: secret.key mountPath: /var/run/secrets/secret.key readOnly: true startupProbe: httpGet: scheme: HTTP port: web path: /health/started failureThreshold: 30 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 livenessProbe: httpGet: scheme: HTTP port: web path: /health/live failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 readinessProbe: httpGet: scheme: HTTP port: web path: /health/ready failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 volumes: - name: tmp emptyDir: {} - name: secret-key secret: secretName: dependency-track-key-secret volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data spec: storageClassName: ceph-block resources: requests: storage: 5Gi accessModes: - ReadWriteOnce