infrastructure/clusters/cl01tl/manifests/harbor/Deployment-harbor-jobservice.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: "harbor-jobservice"
  namespace: "harbor"
  labels:
    heritage: Helm
    release: harbor
    chart: harbor
    app: "harbor"
    app.kubernetes.io/instance: harbor
    app.kubernetes.io/name: harbor
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/part-of: harbor
    app.kubernetes.io/version: "2.14.2"
    component: jobservice
    app.kubernetes.io/component: jobservice
spec:
  replicas: 2
  revisionHistoryLimit: 10
  strategy:
    type: Recreate
    rollingUpdate: null
  selector:
    matchLabels:
      release: harbor
      app: "harbor"
      component: jobservice
  template:
    metadata:
      labels:
        heritage: Helm
        release: harbor
        chart: harbor
        app: "harbor"
        app.kubernetes.io/instance: harbor
        app.kubernetes.io/name: harbor
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/part-of: harbor
        app.kubernetes.io/version: "2.14.2"
        component: jobservice
        app.kubernetes.io/component: jobservice
      annotations:
        checksum/configmap: 5ca4ab1b168eaf25d971fa6d3cda24f9631a74065926b9760d79d0e19589886f
        checksum/configmap-env: 6bc09dbefdd38703b3b4a150ac23b43ebfc6b8d5a77e61983a8c68a3588d02bf
        checksum/secret: d997909ea151f04cd3c6ce0da2b1e4b09ab6eecdc3d048c0d3aedf21b23285ba
        checksum/secret-core: ea96175d9d13685272268c622197e7f602ef7f436c55dafd8e625f468586290d
    spec:
      securityContext:
        runAsUser: 10000
        fsGroup: 10000
      automountServiceAccountToken: false
      terminationGracePeriodSeconds: 120
      containers:
        - name: jobservice
          image: goharbor/harbor-jobservice:v2.14.2
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              path: /api/v1/stats
              scheme: HTTP
              port: 8080
            initialDelaySeconds: 300
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /api/v1/stats
              scheme: HTTP
              port: 8080
            initialDelaySeconds: 20
            periodSeconds: 10
          env:
            - name: CORE_SECRET
              valueFrom:
                secretKeyRef:
                  name: harbor-secret
                  key: secret
            - name: JOBSERVICE_SECRET
              valueFrom:
                secretKeyRef:
                  name: harbor-secret
                  key: JOBSERVICE_SECRET
            - name: REGISTRY_CREDENTIAL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: harbor-secret
                  key: REGISTRY_PASSWD
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          envFrom:
            - configMapRef:
                name: "harbor-jobservice-env"
            - secretRef:
                name: "harbor-jobservice"
          ports:
            - containerPort: 8080
          volumeMounts:
            - name: jobservice-config
              mountPath: /etc/jobservice/config.yml
              subPath: config.yml
            - name: job-logs
              mountPath: /var/log/jobs
              subPath:
      volumes:
        - name: jobservice-config
          configMap:
            name: "harbor-jobservice"
        - name: job-logs
          emptyDir: {}