alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity
Files
f4935e8b9967f31bd21fd23b57d89f79a0523f93
infrastructure/clusters/cl01tl/manifests/dependency-track/StatefulSet-dependency-track-api-server.yaml

161 lines
5.1 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: dependency-track-api-server
namespace: dependency-track
labels:
helm.sh/chart: dependency-track-0.44.0
app.kubernetes.io/part-of: dependency-track
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: dependency-track
app.kubernetes.io/name: dependency-track-api-server
app.kubernetes.io/component: api-server
app.kubernetes.io/version: 4.14.1
spec:
serviceName: dependency-track-api-server
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: dependency-track
app.kubernetes.io/name: dependency-track-api-server
app.kubernetes.io/component: api-server
template:
metadata:
labels:
app.kubernetes.io/instance: dependency-track
app.kubernetes.io/name: dependency-track-api-server
app.kubernetes.io/component: api-server
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: /metrics
spec:
enableServiceLinks: true
initContainers:
serviceAccount: dependency-track
securityContext:
fsGroup: 1000
containers:
- name: dependency-track-api-server
image: docker.io/dependencytrack/apiserver:4.14.1@sha256:2d8813e1ba4ada4aa23087d908c1b5a3ffce39261ead5555c397a1d67c7cbe9d
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
resources:
limits: {}
requests:
cpu: 100m
memory: 100Mi
env:
- name: ALPINE_METRICS_ENABLED
value: "true"
- name: ALPINE_SECRET_KEY_PATH
value: "/var/run/secrets/secret.key"
- name: ALPINE_DATABASE_MODE
value: external
- name: ALPINE_DATABASE_DRIVER
value: org.postgresql.Driver
- name: ALPINE_DATABASE_URL
valueFrom:
secretKeyRef:
key: jdbc-uri
name: dependency-track-postgresql-18-cluster-app
- name: ALPINE_DATABASE_USERNAME
valueFrom:
secretKeyRef:
key: user
name: dependency-track-postgresql-18-cluster-app
- name: ALPINE_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: dependency-track-postgresql-18-cluster-app
- name: ALPINE_OIDC_ENABLED
value: "true"
- name: ALPINE_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
key: client
name: dependency-track-oidc-secret
- name: ALPINE_OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: ALPINE_OIDC_USERNAME_CLAIM
value: preferred_username
- name: ALPINE_OIDC_TEAMS_CLAIM
value: groups
- name: ALPINE_OIDC_USER_PROVISIONING
value: "true"
- name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
value: "true"
- name: ALPINE_CORS_ENABLED
value: "true"
- name: ALPINE_CORS_ALLOW_ORIGIN
value: dependency-track.alexlebens.net dependency-track.dependency-track
ports:
- name: web
containerPort: 8080
protocol: TCP
volumeMounts:
- name: data
mountPath: /data
- name: tmp
mountPath: /tmp
- name: secret-key
subPath: secret.key
mountPath: /var/run/secrets/secret.key
readOnly: true
startupProbe:
httpGet:
scheme: HTTP
port: web
path: /health/started
failureThreshold: 30
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
httpGet:
scheme: HTTP
port: web
path: /health/live
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
scheme: HTTP
port: web
path: /health/ready
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 5
volumes:
- name: tmp
emptyDir: {}
- name: secret-key
secret:
secretName: dependency-track-key-secret
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
storageClassName: ceph-block
resources:
requests:
storage: 5Gi
accessModes:
- ReadWriteOnce
Reference in New Issue View Git Blame Copy Permalink