[ { "path": ".github/workflows/lint-test.yml", "content": "name: Lint and Test Charts\n\non: pull_request\n\njobs:\n lint-test:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v2\n with:\n fetch-depth: 0\n\n - name: Set up Helm\n uses: azure/setup-helm@v1\n with:\n version: v3.4.1\n\n - name: Set up Python\n uses: actions/setup-python@v2\n with:\n python-version: 3.7\n\n - name: Set up chart-testing\n uses: helm/chart-testing-action@v2.1.0\n\n - name: Run chart-testing (list-changed)\n id: list-changed\n run: |\n changed=$(ct list-changed --config test.yaml)\n if [[ -n \"$changed\" ]]; then\n echo \"::set-output name=changed::true\"\n fi\n - name: Run chart-testing (lint)\n run: ct lint --config test.yaml\n\n - name: Create kind cluster\n uses: helm/kind-action@v1.2.0\n if: steps.list-changed.outputs.changed == 'true'\n\n - name: Run chart-testing (install)\n run: ct install --config test.yaml\n" }, { "path": ".github/workflows/release.yml", "content": "name: Release Charts\n\non:\n push:\n branches:\n - master\n\njobs:\n release:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v2\n\n - name: Fetch history\n run: git fetch --prune --unshallow\n\n - name: Configure Git\n run: |\n git config user.name \"$GITHUB_ACTOR\"\n git config user.email \"$GITHUB_ACTOR@users.noreply.github.com\"\n\n - name: Install Helm\n uses: azure/setup-helm@v1\n with:\n version: v3.4.0\n\n - name: Add helm repositories\n run: |\n helm repo add bitnami https://charts.bitnami.com/bitnami\n\n - name: Run chart-releaser\n uses: helm/chart-releaser-action@v1.2.0\n env:\n CR_TOKEN: \"${{ secrets.CR_TOKEN }}\"\n" }, { "path": ".gitignore", "content": "# General files for the project\npkg/*\n*.pyc\nbin/*\n.project\n/.bin\n/_test/secrets/*.json\n\n# OSX leaves these everywhere on SMB shares\n._*\n\n# OSX trash\n.DS_Store\n\n# Files generated by JetBrains IDEs, e.g. IntelliJ IDEA\n.idea/\n*.iml\n\n# Vscode files\n.vscode\n\n# Emacs save files\n*~\n\\#*\\#\n.\\#*\n\n# Vim-related files\n[._]*.s[a-w][a-z]\n[._]s[a-w][a-z]\n*.un~\nSession.vim\n.netrwhist\n\n# Chart dependencies\n**/charts/*.tgz\n\n.history\n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2020 Oteemo Inc\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "# Oteemo Charts Repository\n\n***This helm charts repository has been deprecated, please see individual charts for examples of where to migrate to***\n\nWelcome to the oteemo charts repository. All charts are in the charts directory.\n\n## Adding the chart Repository\n\n`helm repo add oteemocharts https://oteemo.github.io/charts`\n\n## Contributing\n\nFeel free to fork our repo and create a pull request with any new features or bug fixes.\n\n## Contacting us\n\nFor issues or concerns, please fill out an issue or email us at charts@oteemo.com\n\n## How It Works\n\nGitHub Pages points to the `gh-pages` branch so anything pushed to that branch will be publicly available. We are using a couple github actions to automate testing and deployment of charts. It is based off the example [here](https://github.com/helm/charts-repo-actions-demo).\n\n## Process to add a chart to the repository\n\n1. Create a branch or fork for your new chart\n1. Initialize new chart in the `charts` directory with `helm create mychart` or by copying in your work from outside\n1. After chart development is done, run (at minimum) `helm lint mychart/` to validate yaml and templates\n1. Don't forget to bump your chart version (if needed)\n1. Create a pull request with the new chart or updates\n1. Once the PR is approved, the automation will publish the chart to our repository\n\n## Notes about current testing\n\nTesting is currently done with Helm3\n" }, { "path": "charts/nexusiq/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n" }, { "path": "charts/nexusiq/Chart.yaml", "content": "apiVersion: v1\nappVersion: 1.63.0\nversion: 1.0.5\ndescription: A Helm chart for Nexus IQ\nname: nexusiq\nkeywords:\n- sonatype\n- nexusiq\n- nexus\nhome: https://www.sonatype.com/nexus-iq-server\nicon: http://www.sonatype.org/nexus/content/uploads/2015/06/Nexus-Logo.jpg\nsources:\n- https://help.sonatype.com/iqserver\n- https://hub.docker.com/r/sonatype/nexus-iq-server\ndeprecated: true\n" }, { "path": "charts/nexusiq/README.md", "content": "# Nexus IQ\n\n***This chart is deprecated. Nexus IQ chart is now managed by sonatype: https://artifacthub.io/packages/helm/sonatype/nexus-iq-server***\n\n## What is Nexus IQ\n\nShares component intelligence with your teams early, often and throughout the software supply chain so they make better decisions and build better software.\n\nOffers a fully-customizeable policy engine, so you can define which components are acceptable, and which are not.\n\nIntegrates with popular development tools including, but not limited to: Maven, Eclipse, IntelliJ, Visual Studio, GitHub, Bamboo, Jenkins, Xebia Labs, and SonarQube.\n\nProvides a full suite of supported REST APIs that provide access to core features for custom implementations.\n\n## Introduction\n\nThis chart bootstraps a Nexus IQ deployment on a cluster using Helm.\n\n## Installing the Chart\n\n### Installing with Helm 3.x\n\n```bash\nhelm repo add oteemocharts https://oteemo.github.io/charts\nhelm install nexusiq oteemocharts/nexusiq\n```\n\n### Templating with Helm 3.x\n\nTo template this with helm 3.x:\n\n 1. Complete the values file with your values.\n 2. Execute the ```helm template``` command to generate your manifest files\n 3. Execute the ```kubectl apply``` command to create the deployment within your kubernetes cluster.\n\n## Uninstalling the Chart\n\n### Uninstalling with Helm 3.x\n\n```bash\n$ helm list\nNAME REVISION UPDATED STATUS CHART NAMESPACE\nnexusiq 1 Fri Sep 1 13:19:50 2017 DEPLOYED nexusiq default\n$ helm delete nexusiq\n```\n\n### Uninstalling without Helm 3.x\n\nIn a tiller-less helm 2.x environment you must individually delete the objects created by the helm chart: deployment, persistent volumes, and persistent volume claims.\n\n## Configuration\n\nThe following table lists the configurable parameters of the NexusIQ chart and their default values.\n\n| Parameter | Description | Default |\n| ------------------------------------------ | ---------------------------------- | ----------------------------------------|\n| `nexusIQ.repository` | NexusIQ image repo | `sonatype/nexus-iq-server` |\n| `nexusIQ.tag` | NexusIQ image version | `1.63.0` |\n| `nexusIQ.pullPolicy` | NexusIQ image pull policy | `IfNotPresent` |\n| `nexusIQ.metricsPort` | NexusIQ port to expose prometheus metrics over | `8071` |\n| `nexusIQ.applicationPort` | NexusIQ application port | `8070` |\n| `nexusIQ.portName` | blank | `nexus-iq-server` |\n| `nexusIQ.livenessProbe.initialDelaySeconds` | LivenessProbe initial delay | `30` |\n| `nexusIQ.livenessProbe.periodSeconds` | LivenessProbe period seconds | `30` |\n| `nexusIQ.livenessProbe.failureThreshold` | LivenessProbe failure threshold | `6` |\n| `nexusIQ.livenessProbe.path` | LivenessProbe path | `/` |\n| `nexusIQ.readinessProbe.initialDelaySeconds` | ReadinessProbe initial delay | `30` |\n| `nexusIQ.readinessProbe.periodSeconds` | ReadinessProbe period seconds | `30` |\n| `nexusIQ.readinessProbe.failureThreshold` | ReadinessProbe failure threshold | `6` |\n| `nexusIQ.readinessProbe.path` | ReadinessProbe path | `/` |\n| `service.enabled` | Service Enabled Flag | `false` |\n| `service.name` | Name for Service | `nexus-iq-server` |\n| `service.type` | Service Type | `ClusterIP` |\n| `service.port` | Service Port | `80` |\n| `ingress.enabled` | Ingress Enabled Flag | `false` |\n| `ingress.annotations` | Ingress annotations | blank |\n| `ingress.hostName` | Ingress host name | blank |\n| `ingress.hosts` | Ingress hosts | blank |\n| `ingress.tls` | Ingress TLS configuration | blank |\n| `persistence.enabled` | Enable persistent storage | `false` |\n| `persistence.accessMode` | Set Storage Access Mode| `ReadWriteOnce` |\n| `persistence.storageSize` | Set Storage Size | `25Gi` |\n| `persistence.storageClass` | Set Storage Type | `gp2` |\n| `persistence.labels` | Set Storage Labels | blank |\n| `persistence.annotations` | Set storage annotations | blank |\n\n## After Installing the Chart\n\nAfter installing the chart a couple of actions still need to be done in order to use NexusIQ. Please follow the instructions below.\n\n### NexusIQ Configuration\n\nThe following steps need to be executed in order to use NexusIQ:\n\n 1. Install the license. Without a valid license you will not be able to navigate past the license page and use NexusIQ in any way.\n 2. Configure basic permissions. By default NexusIQ creates a default `admin` user with a password of `admin123` that is not configurable at boostrap. You MUST change this immediately upon logging in.\n 3. (Optional) Configure LDAP.\n\n### Nexus IQ Server System Requirements\n\nThe following table lists the system requirements of the Nexus IQ Server\n\n| Resource | Description |\n| ------------------------------------------ | ---------------------------------- |\n| `CPU & RAM` | Recommend a processor with at least 8 CPU cores and 8GB of RAM for initial setup. A minimum of 6GB of process space should be available to the IQ Server. Additional RAM can improve the performance due to decreased disk caching. |\n| `Disk` | Storage requirements range with the number of applications projected to use the IQ Server. 500 GB to 1 TB of free disk space should provide more than adequate resources. |\n| `Account` | It is recommended that an unprivileged service account be created if running the IQ Server as a daemon. |\n| `Operating System` | Generally, any machine that can run a supported Sun/Oracle Java version should work. Refer to the Oracle documentation for specifics: Oracle JDK 8 and JRE 8 Certified System Configurations. The most widely used operating system for the IQ Server is Linux and therefore customers should consider it the best tested platform. |\n| `Ports` | The IQ Server requires the following network access. Inbound: 8070 TCP: Used by all IQ Server clients for HTTP access. This port is configurable. 8071 TCP: Used by the local host or other IT monitoring tools for monitoring and operating functions. This port is optional and configurable. If not specified, port 8081 will be used. Outbound: 443 TCP to : Used by the IQ Server to securely access Sonatype Data Services. This hostname and port are not configurable. Sonatype Data Services must be reachable by IQ Server on the following URL: . |\n| `Java` | OpenJDK 8 (since December 2018, IQ Server release 55). Prior to IQ Server release 63, the IQ Server used to check if the used JVM is supported. This check does not work for certain OpenJDK versions/flavors. You can disable this check by adding -Dclm.disableJreCheck=true to the command used to start the IQ Server. |\n\n### Important Links\n\n1. Nexus IQ Server Web Page - \n2. Nexus IQ Server Documentation & Help Page - \n3. Nexus IQ Server Getting Started Guide - \n4. Nexus IQ Docker Repo & Docker Documentation - \n" }, { "path": "charts/nexusiq/references/README.MD", "content": "### Reference Documentation for Nexus IQ Server config.yml\n\nThe IQ Server is an application exposed using a Dropwizard server.\nThe main configuration file for the IQ Server installation is a YAML formatted file called config.yml found in the installation directory. The config.yml file typically contains only those configuration options which are rarely changed.\nSpecial considerations when editing the config.yml file:\nTAB characters are not supported, use space characters only for indenting\nstructure is tree-like - indents define structure hierarchy and are relevant to proper parsing of the file\nindented lines are considered child options of the first un-commented outdented line preceeding them\ncommented lines are ignored - comments begin with the # character\nan improperly formatted config.yml will prevent the server from starting\nWe strongly recommend using a text editor that will inform you of any TAB characters accidentally inserted into the file.\nOptions that are more commonly changed are typically found in the System Preferences section of the IQ Server user interface, which you can access by clicking on the System Preferences icon located in the top right of the IQ Server header ().\n\n## Useful Links:\n1. Documentation on config.yml - https://help.sonatype.com/iqserver/configuring/config.yml \n\nThe config.yml file is stored by default in the container in the following directory: ~/opt/sonatype//opt/sonatype/nexus-iq-server/config.yml\nThis " }, { "path": "charts/nexusiq/references/nexus-iq-config-template.yml", "content": "#\n# NOTE: The indentation in this file is crucial for proper processing. Please keep the existing indentation when editing it.\n#\n\n# Directory for data files.\nsonatypeWork: ./sonatype-work/clm-server\n\n# Path to a license file to automatically install if unlicensed.\n#licenseFile: ./license.lic\n\n# Base URL of the Sonatype CLM server for user facing links back to the server.\n#baseUrl: http://localhost:8070/\n\n# Hour of the day(0-23) to schedule Policy Monitoring execution. The default is midnight.\n#policyMonitoringHour: 0\n\n# If true, allows anonymous policy evaluation from client tooling (e.g. CLI, CI, Maven).\n# If false, forces authentication and disallows anonymous access.\n# Defaults to false for security.\n#anonymousClientAccessAllowed: false\n\n# Enables/disables cross-site request forgery protection. Defaults to true for increased security.\n#csrfProtection: true\n\n# A custom fragment to add to the \"user-agent\" for HTTP calls\n#userAgentSuffix: \"example fragment\"\n\n# HTTP-specific options.\nserver:\n # The context path for the application. Note that this must have a leading slash.\n applicationContextPath: /\n\n applicationConnectors:\n \n - type: http\n \n # The port on which the HTTP server listens for service requests.\n # Because Java cannot drop privileges in a POSIX system, these\n # ports cannot be in the range 1-1024. A port value of 0 will\n # make the OS use an arbitrary unused port.\n port: 8070\n \n # The hostname of the interface to which the application HTTP server socket\n # will be bound. If omitted, the socket will listen on all\n # interfaces.\n #bindHost: 127.0.0.1 # only bind to loopback\n \n adminConnectors:\n \n - type: http\n \n # The port on which the HTTP server listens for administrative\n # requests. Subject to the same limitations as \"port\".\n port: 8071\n \n # The hostname of the interface to which the admin HTTP server socket\n # will be bound. If omitted, the socket will listen on all\n # interfaces.\n #bindHost: 127.0.0.1 # only bind to loopback\n\n # HTTP request log settings.\n requestLog:\n \n appenders:\n \n # Settings for logging to a file.\n - type: file\n\n # The file to which current statements will be logged.\n currentLogFilename: ./log/request.log\n \n logFormat: \"%clientHost %l %user [%date] \\\"%requestURL\\\" %statusCode %bytesSent %elapsedTime \\\"%header{User-Agent}\\\"\"\n\n # When the log file rotates, the archived log will be renamed to this and gzipped. The\n # %d is replaced with the previous day (yyyy-MM-dd). Custom rolling windows can be created\n # by passing a SimpleDateFormat-compatible format as an argument: \"%d{yyyy-MM-dd-hh}\".\n archivedLogFilenamePattern: ./log/request-%d.log.gz\n\n # The number of archived files to keep.\n archivedFileCount: 50\n\n# Notification mail settings.\n# If enabled, ensure that the baseUrl configuration setting is also enabled and correct, because generated emails often contain links to the server.\n#mail:\n\n # The host running the SMTP server to use. \n #hostname: \"127.0.0.1\"\n\n # The port at which the SMTP server listens on. \n #port: 587\n\n # The address used as From for outgoing notification mails sent by the server.\n #systemEmail: \"SonatypeCLM@localhost\"\n\n # The username used to access the mail server.\n #username: \"anonymous\"\n\n # The password used to access the mail server.\n #password: \"guest\"\n \n # Connect using SSL.\n #ssl: true\n \n # Connect using TLS.\n #tls: true\n\n# Notification JIRA settings.\n# Note that any user of the Nexus IQ Server will have access to see all projects and applicable issue types available\n# to the configured JIRA account. More details available in the Nexus IQ Server documentation. If enabled, ensure that\n# the baseUrl configuration setting is also enabled and correct, because generated tickets contain links to the server.\n#jira:\n # The JIRA server address\n #url: \"https://jira.example.org\"\n\n # The username used to connect to the JIRA server\n #username: \"exampleuser\"\n\n # The password used to connect to the JIRA server\n #password: \"examplepassword\"\n\n # Any JIRA project issue type required fields without default values defined in JIRA must have their initial\n # field values defined here in order for that project and issue type to be available for policy notifications\n #customFields:\n # Example 'user' type system field\n #reporter:\n # name: \"username\"\n\n # Example 'array' type system field\n #labels:\n # - test\n # - bug\n\n # Example 'version' type custom field\n #customfield_12001:\n # name: \"Example\"\n\n # Example 'option' type custom field\n #customfield_10050:\n # value: \"P1\"\n\n # Example 'number' type custom field\n #customfield_13001: 10\n\n # Example 'datetime' type custom field\n #customfield_14000: \"2016-11-01\"\n\n# Proxy settings.\n#proxy:\n\n # The host running the proxy server to use.\n #hostname: \"127.0.0.1\"\n\n # The port at which the proxy server listens on.\n #port: 80\n\n # The username used to access the proxy server.\n #username: \"anonymous\"\n\n # The password used to access the proxy server.\n #password: \"guest\"\n\n# Configures reverse proxy authentication for the web UI.\n#reverseProxyAuthentication:\n\n # Enables/disables authentication via a reverse proxy. Once the reverse proxy has authenticated a user's identity,\n # it is expected to forward the username to the CLM server via the HTTP header configured below. The CLM server\n # will then consider the user logged in without further password prompt.\n #\n # WARNING: If improperly configured, this feature poses a security vulnerability. To guard against authentication\n # bypass it is crucial that all HTTP access to the CLM server is proxied such that the designated username header\n # is only settable by the reverse proxy that performs authentication and cannot be forged by end users themselves.\n #\n #enabled: false\n\n # The name of the HTTP request header that carries the username of an authenticated user.\n #usernameHeader: \"REMOTE_USER\"\n\n # For backwards compatibility of client requests - skips CSRF protection when using RUT\n #csrfProtectionDisabled: false\n\n # The service URL that will be redirected to when a user requests logout.\n #logoutUrl: http://localhost/logout/index.html\n\n# Logging settings.\nlogging:\n\n # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.\n level: DEBUG\n\n # Logger-specific settings.\n loggers:\n \"com.sonatype.insight.scan\": INFO\n \"eu.medsea.mimeutil.MimeUtil2\": INFO\n \"org.apache.http\": INFO\n \"org.apache.http.wire\": ERROR\n \"org.eclipse.birt.report.engine.layout.pdf.font.FontConfigReader\": WARN\n \"org.eclipse.jetty\": INFO\n \"org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter\": INFO # WARNING: This reveals credentials at DEBUG level\n \"com.sonatype.insight.audit\":\n appenders:\n - type: file\n # The file to which audit statements will be logged.\n currentLogFilename: ./log/audit.log\n # When the audit log file rotates, the archived audit log will be renamed to this and gzipped. The\n # %d is replaced with the previous day (yyyy-MM-dd). Custom rolling windows can be created\n # by passing a SimpleDateFormat-compatible format as an argument: \"%d{yyyy-MM-dd-hh}\".\n #\n # If archive is true, this must be specified.\n archivedLogFilenamePattern: ./log/audit-%d.log.gz\n # The number of archived audit log files to keep.\n archivedFileCount: 50\n #\"com.sonatype.insight.policy.violation\":\n #appenders:\n #- type: file\n # The file to which policy violations will be logged.\n #currentLogFilename: ./log/policy-violation.log\n # When the policy violation log file rotates, the archived policy violation log will be renamed to this \n # and gzipped. The %d is replaced with the previous day (yyyy-MM-dd). Custom rolling windows can be created\n # by passing a SimpleDateFormat-compatible format as an argument: \"%d{yyyy-MM-dd-hh}\".\n #\n # If archive is true, this must be specified.\n #archivedLogFilenamePattern: ./log/policy-violation-%d.log.gz\n # The number of archived policy violation log files to keep.\n #archivedFileCount: 5\n\n appenders:\n \n # Settings for logging to stdout.\n - type: console\n \n # Do not display log statements below this threshold to stdout.\n threshold: INFO\n \n logFormat: \"%d{'yyyy-MM-dd HH:mm:ss,SSSZ'} %level [%thread] %X{username} %logger - %msg%n\"\n \n # Settings for logging to a file.\n - type: file\n\n # Do not write log statements below this threshold to the file.\n threshold: ALL\n \n logFormat: \"%d{'yyyy-MM-dd HH:mm:ss,SSSZ'} %level [%thread] %X{username} %logger - %msg%n\"\n\n # The file to which current statements will be logged.\n currentLogFilename: ./log/clm-server.log\n\n # When the log file rotates, the archived log will be renamed to this and gzipped. The\n # %d is replaced with the previous day (yyyy-MM-dd). Custom rolling windows can be created\n # by passing a SimpleDateFormat-compatible format as an argument: \"%d{yyyy-MM-dd-hh}\".\n #\n # If archive is true, this must be specified.\n archivedLogFilenamePattern: ./log/clm-server-%d.log.gz\n\n # The number of archived files to keep.\n archivedFileCount: 50\n\n# Passphrase used to encrypt the Webhook Secret Keys\n#webhookSecretPassphrase: \"^d1swM!FF&qQ\"\n\n#eventBus:\n # Configures the number of threads used for the EventBus\n # Defaults to 500 if not provided.\n # maxPoolSize: 500\n\n# Sample data is created for new installs.\ncreateSampleData: true\n" }, { "path": "charts/nexusiq/templates/NOTES.txt", "content": "1. Get the application URL by running these commands:\n{{- if .Values.ingress.enabled }}\n{{- range $host := .Values.ingress.hosts }}\n {{- range .paths }}\n http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}\n {{- end }}\n{{- end }}\n{{- else if contains \"NodePort\" .Values.service.type }}\n export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath=\"{.spec.ports[0].nodePort}\" services {{ include \"nexus-iq.fullname\" . }})\n export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath=\"{.items[0].status.addresses[0].address}\")\n echo http://$NODE_IP:$NODE_PORT\n{{- else if contains \"LoadBalancer\" .Values.service.type }}\n NOTE: It may take a few minutes for the LoadBalancer IP to be available.\n You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include \"nexus-iq.fullname\" . }}'\n export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include \"nexus-iq.fullname\" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\n echo http://$SERVICE_IP:{{ .Values.service.port }}\n{{- else if contains \"ClusterIP\" .Values.service.type }}\n export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l \"app.kubernetes.io/name={{ include \"nexus-iq.name\" . }},app.kubernetes.io/instance={{ .Release.Name }}\" -o jsonpath=\"{.items[0].metadata.name}\")\n echo \"Visit http://127.0.0.1:8080 to use your application\"\n kubectl port-forward $POD_NAME 8080:80\n{{- end }}\n" }, { "path": "charts/nexusiq/templates/_helpers.tpl", "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"nexus-iq.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"nexus-iq.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"nexus-iq.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/* Manage the labels for each entity */}}\n{{- define \"nexus-iq.labels\" -}}\napp: {{ template \"nexus-iq.name\" . }}\nfullname: {{ template \"nexus-iq.fullname\" . }}\nchart: {{ template \"nexus-iq.chart\" . }}\nrelease: {{ .Release.Name }}\nheritage: {{ .Release.Service }}\n{{- end -}}\n" }, { "path": "charts/nexusiq/templates/deployment.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n namespace: {{ .Release.Namespace }}\n name: {{ include \"nexus-iq.fullname\" . }}\n labels:\n{{ include \"nexus-iq.labels\" . | indent 4 }}\nspec:\n replicas: {{ .Values.replicaCount }}\n selector:\n matchLabels:\n{{ include \"nexus-iq.labels\" . | indent 7 }}\n template:\n metadata:\n labels: \n{{ include \"nexus-iq.labels\" . | indent 7 }}\n spec:\n containers:\n - name: nexus-iq-server\n image: \"{{ .Values.nexusIQ.repository }}:{{ .Values.nexusIQ.tag }}\"\n imagePullPolicy: {{ .Values.nexusIQ.pullPolicy }}\n ports:\n - name: {{.Values.nexusIQ.portName}}\n containerPort: {{.Values.nexusIQ.applicationPort}}\n - name: metricsport\n containerPort: {{.Values.nexusIQ.metricsPort}}\n livenessProbe:\n httpGet:\n path: {{.Values.nexusIQ.livenessProbe.path}}\n port: {{.Values.nexusIQ.applicationPort}}\n initialDelaySeconds: {{ .Values.nexusIQ.livenessProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.nexusIQ.livenessProbe.periodSeconds }}\n failureThreshold: {{ .Values.nexusIQ.livenessProbe.failureThreshold }}\n readinessProbe:\n httpGet:\n path: {{.Values.nexusIQ.readinessProbe.path}}\n port: {{.Values.nexusIQ.applicationPort}}\n initialDelaySeconds: {{ .Values.nexusIQ.livenessProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.nexusIQ.livenessProbe.periodSeconds }}\n failureThreshold: {{ .Values.nexusIQ.livenessProbe.failureThreshold }}\n resources:\n {{- toYaml .Values.resources | nindent 12 }}\n volumeMounts: \n - mountPath: /nexusiq-data\n name: {{ template \"nexus-iq.fullname\" . }}-data\n volumes:\n - name: {{ template \"nexus-iq.fullname\" . }}-data\n {{- if .Values.persistence.enabled }}\n persistentVolumeClaim:\n claimName: {{ .Values.persistence.existingClaim | default (printf \"%s-%s\" (include \"nexus-iq.fullname\" .) \"data\") }}\n {{- end }}\n {{- with .Values.nodeSelector }}\n nodeSelector:\n {{- toYaml . | nindent 8 }}\n {{- end }}\n {{- with .Values.affinity }}\n affinity:\n {{- toYaml . | nindent 8 }}\n {{- end }}\n {{- with .Values.tolerations }}\n tolerations:\n {{- toYaml . | nindent 8 }}\n {{- end }}\n" }, { "path": "charts/nexusiq/templates/ingress.yaml", "content": "{{- if .Values.ingress.enabled -}}\n{{- $fullName := include \"nexus-iq.fullname\" . -}}\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n namespace: {{ .Release.Namespace }}\n name: {{ $fullName }}\n labels:\n{{ include \"nexus-iq.labels\" . | indent 4 }}\n {{- with .Values.ingress.annotations }}\n annotations:\n {{- toYaml . | nindent 4 }}\n {{- end }}\nspec:\n{{- if .Values.ingress.tls }}\n tls:\n{{ toYaml .Values.ingress.tls | indent 4 }}\n{{- end }}\n rules:\n - host: {{ .Values.ingress.hostName| quote }}\n http:\n paths:\n - backend: \n serviceName: {{ .Values.service.name }} ##this needs to match the name of the service being deployed. \n servicePort: {{.Values.service.port}}\n path: /\n{{- end }}" }, { "path": "charts/nexusiq/templates/pvc.yaml", "content": "{{- if .Values.persistence.enabled }}\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n## Modified from upstream,added namespace\n namespace: {{ .Release.Namespace }}\n name: {{ template \"nexus-iq.fullname\" . }}-data\n labels:\n{{ include \"nexus-iq.labels\" . | indent 4 }}\n{{- if .Values.persistence.annotations }}\n annotations:\n{{ toYaml .Values.persistence.annotations | indent 4 }}\n{{- end }}\nspec:\n accessModes:\n - {{ .Values.persistence.accessMode | quote }}\n resources:\n requests:\n storage: {{ .Values.persistence.storageSize | quote }}\n{{- if .Values.persistence.storageClass }}\n{{- if (eq \"-\" .Values.persistence.storageClass) }}\n storageClassName: \"\"\n{{- else }}\n storageClassName: \"{{ .Values.persistence.storageClass }}\"\n{{- end }}\n{{- end }}\n{{- end }}\n" }, { "path": "charts/nexusiq/templates/service.yaml", "content": "{{- if .Values.service.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n namespace: {{ .Release.Namespace }}\n name: {{ .Values.service.name }}\n labels:\n{{ include \"nexus-iq.labels\" . | indent 4 }}\nspec:\n type: {{ .Values.service.type }}\n ports:\n - name: {{.Values.service.portName}}\n port: {{ .Values.service.port }}\n targetPort: {{.Values.service.port}}\n protocol: TCP\n selector:\n app: {{ template \"nexus-iq.name\" . }}\n release: {{ .Release.Name }}\n{{- end}}" }, { "path": "charts/nexusiq/templates/tests/test-nexusiq.yaml", "content": "apiVersion: v1\nkind: Pod\nmetadata:\n namespace: {{ .Release.Namespace }}\n name: {{ include \"nexus-iq.fullname\" . }}-test\n annotations: \n \"helm.sh/hook\": test-success\nspec:\n containers:\n - name: nexus-iq-server-test\n image: \"{{ .Values.nexusIQ.repository }}:{{ .Values.nexusIQ.tag }}\"\n imagePullPolicy: {{ .Values.nexusIQ.pullPolicy }}\n ports:\n - name: {{.Values.nexusIQ.portName}}\n containerPort: {{.Values.nexusIQ.applicationPort}}\n - name: metricsport\n containerPort: {{.Values.nexusIQ.metricsPort}}\n livenessProbe:\n httpGet:\n path: {{.Values.nexusIQ.livenessProbe.path}}\n port: {{.Values.nexusIQ.applicationPort}}\n initialDelaySeconds: {{ .Values.nexusIQ.livenessProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.nexusIQ.livenessProbe.periodSeconds }}\n failureThreshold: {{ .Values.nexusIQ.livenessProbe.failureThreshold }}\n readinessProbe:\n httpGet:\n path: {{.Values.nexusIQ.readinessProbe.path}}\n port: {{.Values.nexusIQ.applicationPort}}\n initialDelaySeconds: {{ .Values.nexusIQ.livenessProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.nexusIQ.livenessProbe.periodSeconds }}\n failureThreshold: {{ .Values.nexusIQ.livenessProbe.failureThreshold }}\n command: [\"sh\",\"-c\", \"sleep 30\", \"curl http://localhost:8071\"]\n restartPolicy: Never\n" }, { "path": "charts/nexusiq/values.yaml", "content": "replicaCount: 1\n\nnexusIQ:\n repository: sonatype/nexus-iq-server\n tag: 1.63.0\n pullPolicy: IfNotPresent\n metricsPort: 8071\n applicationPort: 8070\n # env:\n # pvPath: -Djava.util.prefs.userRoot=/some-other-dir\n\n livenessProbe:\n initialDelaySeconds: 30\n periodSeconds: 30\n failureThreshold: 6\n # timeoutSeconds: 10\n path: /\n readinessProbe:\n initialDelaySeconds: 30\n periodSeconds: 30\n failureThreshold: 6\n # timeoutSeconds: 10\n path: /\n\nnameOverride: \"\"\nfullnameOverride: \"\"\n\nservice:\n enabled: false\n name: nexus-iq-server\n type: ClusterIP\n port: 8070\n portName: http\n\ningress:\n enabled: false\n annotations:\n # certmanager.k8s.io/cluster-issuer: \"letsencrypt-prod\"\n # nginx.ingress.kubernetes.io/ssl-redirect: \"false\"\n # nginx.ingress.kubernetes.io/add-base-url: \"true\"\n # certmanager.k8s.io/acme-challenge-type: \"dns01\"\n # certmanager.k8s.io/acme-dns01-provider: \"aws\"\n # kubernetes.io/tls-acme: \"true\"\n hostName:\n hosts:\n - host:\n paths: []\n tls:\n - secretName: nexusiq_tls\n hosts:\n\npersistence:\n enabled: false\n accessMode: ReadWriteOnce\n storageSize: 25Gi\n storageClass: gp2\n labels:\n annotations: {}\n\n\nresources:\n # Request and Resource limits have not been tested. Please read system requirements for NexusIQ\n # and experiment based upon usage levels you are monitoring.\n # limits:\n # cpu: 100m\n # memory: 128Mi\n # requests:\n # cpu: 100m\n # memory: 128Mi\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n" }, { "path": "charts/sonarqube/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n# OWNERS file for Kubernetes\nOWNERS\n" }, { "path": "charts/sonarqube/CHANGELOG.md", "content": "# SonarQube Chart Changelog\nAll changes to this chart will be documented in this file.\n## [9.x.x]\n* Use the `initContainers.securityContext` to also set the security context of the `wait-for-db` init container.\n\n## [9.6.3]\n* Fixed GH-277 by ensuring current/new admin passwords are URL escaped in the change-admin-password-hook job.\n\n## [9.6.2]\n* Change order of env variables to better support 7.9-lts\n\n## [9.6.1]\n* Add support for setting custom annotations in admin hook job.\n\n## [9.6.0]\n* Add the possibility of definining the secret key name of the postgres password.\n\n## [9.5.0]\n* Add Ingress default backend for GCE class\n\n## [9.2.3]\n* Added namespace to port-foward command in notes.\n\n## [9.2.2]\n* Added a condition to deployment.yaml so that `wait-for-db` initContainer is only created if `postgresql.enabled=true`\n\n## [9.2.1]\n* Updated the configuration table to include the additional keys added in release 9.2.0.\n\n## [9.2.0]\n* Added functionality for deployments to OpenShift clusters.\n * .Values.OpenShift flag to signify if deploying to OpenShift.\n\t* Ability to have chart generate an SCC allowing the init-sysctl container to run as privileged.\n\t* Setting of a seperate securityContext section for the main SonarQube container to avoid running as root.\n\t* Exposing additional `postreSQL` keys in values.yaml to support configuring postgres to run under standard \"restricted\" or \"anyuid\"/\"nonroot\" SCCs on OpenShift.\n* Added initContainer `wait-for-db` to await postgreSQL successful startup before starting SonarQube, to avoid race conditions.\n\n## [9.1.1]\n* Update SonarQube to 8.5.1.\n* **Fix:** Purge plugins directory before download.\n\n## [9.0.0]\n* Update SonarQube to 8.5.\n* **Breaking change:** Rework init containers.\n * Move global defaults from `plugins` section to `initContainers`.\n * Update container images.\n* **Deprecation:** `elasticsearch.configureNode` in favor of `initSysctl.enabled`.\n* Rework sysctl with support for custom values.\n* Rework plugins installation via `opt/sonarqube/extensions/downloads` folder that is handled by SonarQube itself.\n * **Breaking change:** remove `plugins.deleteDefaultPlugins` as SonarQube stores bundled plugins out of `opt/sonarqube/extensions`.\n* Rename deprecated `SONARQUBE_` environment variables to `SONAR_` ones.\n* **Breaking change:** Rename `enabledTests` to `tests.enabled`.\n* Add `terminationGracePeriodSeconds`.\n" }, { "path": "charts/sonarqube/Chart.yaml", "content": "apiVersion: v1\nname: sonarqube\ndescription: SonarQube is an open sourced code quality scanning tool\nversion: 9.11.0\nappVersion: 8.9.7-community\nkeywords:\n - coverage\n - security\n - code\n - quality\nhome: https://www.sonarqube.org/\nicon: https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg\nsources:\n - https://github.com/SonarSource/docker-sonarqube\ndeprecated: true\n" }, { "path": "charts/sonarqube/README.md", "content": "# SonarQube\n\n***This chart has been deprecated, please refer to another available chart listed below***\n\n## Alternative Charts\n\n* [PlatformOne's version](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube)\n* [SonarSource's version](https://github.com/SonarSource/helm-chart-sonarqube)\n* Other versions can be found on artifacthub.io\n\n[SonarQube](https://www.sonarqube.org/) is an open sourced code quality scanning tool.\n\n## Introduction\n\nThis chart bootstraps a SonarQube instance with a PostgreSQL database.\n\n## Prerequisites\n\n- Kubernetes 1.10+\n\n## Installing the chart\n\nTo install the chart:\n\n```bash\nhelm repo add oteemocharts https://oteemo.github.io/charts\nhelm install oteemocharts/sonarqube\n```\n\nThe above command deploys Sonarqube on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.\n\nFor OpenShift installations; if you wish for the chart to create the required SCC for the privileged initContainer, and run PostgreSQL under the restricted SCC use the following `set` statements:\n\n```bash\nhelm repo add oteemocharts https://oteemo.github.io/charts\nhelm install oteemocharts/sonarqube --set OpenShift.enabled=true,\\\n serviceAccount.create=true,\\\n postgresql.serviceAccount.enabled=true,\\\n postgresql.securityContext.enabled=false,\\\n postgresql.volumePermissions.enabled=true,\\\n postgresql.volumePermissions.securityContext.runAsUser=\"auto\"\n```\n\nThe default login is admin/admin.\n\n## Uninstalling the chart\n\nTo uninstall/delete the deployment:\n\n```bash\n$ helm list\nNAME REVISION UPDATED STATUS CHART NAMESPACE\nkindly-newt 1 Mon Oct 2 15:05:44 2017 DEPLOYED sonarqube-0.1.0 default\n$ helm delete kindly-newt\n```\n\n## Ingress\n\n### Path\n\nSome cloud may need the path to be `/*` instead of `/.` Try this first if you are having issues getting traffic through the ingress.\n\n### Default Backend\n\nif you use GCP as a cloud provider you need to set a default backend to avoid useless default backend created by the gce controller. To add this default backend you must set \"ingress.class\" annotation with \"gce\" or \"gce-internal\" value.\n\nExample:\n\n```yaml\n---\ningress:\n enabled: true\n hosts:\n - name: sonarqube.example.com\n path: \"/*\"\n annotations:\n kubernetes.io/ingress.class: \"gce-internal\"\n kubernetes.io/ingress.allow-http: \"false\"\n```\n\n## Configuration\n\nThe following table lists the configurable parameters of the Sonarqube chart and their default values.\n\n| Parameter | Description | Default |\n| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |\n| `replicaCount` | Number of replicas deployed | `1` |\n| `deploymentStrategy` | Deployment strategy | `{}` |\n| `priorityClassName` | Schedule pods on priority (commented out) | `\"high-priority\"` |\n| `schedulerName` | Kubernetes scheduler name | None |\n| `OpenShift.enabled` | Define if this deployment is for OpenShift | `false` |\n| `OpenShift.createSCC` | If this deployment is for OpenShift, define if SCC should be created for sonarqube pod | `true` |\n| `image.repository` | image repository | `sonarqube` |\n| `image.tag` | `sonarqube` image tag. | `8.9.7-community` |\n| `image.pullPolicy` | Image pull policy | `IfNotPresent` |\n| `image.pullSecret` | imagePullSecret to use for private repository (commented out) | `my-repo-secret` |\n| `securityContext.fsGroup` | Group applied to mounted directories/files | `1000` |\n| `containerSecurityContext.runAsUser` | User to run containers in sonarqube pod as, unless overwritten (such as for init-sysctl container) | `1000` |\n| `elasticsearch.configureNode` | [DEPRECATED] Use initSysctl.enabled instead. | `true` |\n| `elasticsearch.bootstrapChecks` | Enables/disables Elasticsearch bootstrap checks | `true` |\n| `service.type` | Kubernetes service type | `ClusterIP` |\n| `service.externalPort` | Kubernetes service port | `9000` |\n| `service.internalPort` | Kubernetes container port | `9000` |\n| `service.labels` | Kubernetes service labels | None |\n| `service.annotations` | Kubernetes service annotations | None |\n| `service.loadBalancerSourceRanges` | Kubernetes service LB Allowed inbound IP addresses | None |\n| `service.loadBalancerIP` | Kubernetes service LB Optional fixed external IP | None |\n| `service.nodePort` | Kubernetes service port of exposed on nodePort or LD | None |\n| `ingress.enabled` | Flag for enabling ingress | false |\n| `ingress.labels` | Ingress additional labels | `{}` |\n| `ingress.hosts[0].name` | Hostname to your SonarQube installation | `sonar.organization.com` |\n| `ingress.hosts[0].path` | Path within the URL structure | / |\n| `ingress.hosts[0].pathType` | [URL match type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | Prefix |\n| `ingress.hosts[0].serviceName` | Optional field to override the default serviceName of a path | None |\n| `ingress.hosts[0].servicePort` | Optional field to override the default servicePort of a path | None |\n| `ingress.tls` | Ingress secrets for TLS certificates | `[]` |\n| `affinity` | Node / Pod affinities | `{}` |\n| `tolerations` | List of node taints to tolerate | `[]` |\n| `nodeSelector` | Node labels for pod assignment | `{}` |\n| `hostAliases` | Aliases for IPs in /etc/hosts | `[]` |\n| `readinessProbe.initialDelaySecond` | ReadinessProbe initial delay for SonarQube checking | `60` |\n| `readinessProbe.periodSeconds` | ReadinessProbe period between checking SonarQube | `30` |\n| `readinessProbe.failureThreshold` | ReadinessProbe thresold for marking as failed | `6` |\n| `readinessProbe.sonarWebContext` | SonarQube web context for readinessProbe | / |\n| `livenessProbe.initialDelaySecond` | LivenessProbe initial delay for SonarQube checking | `60` |\n| `livenessProbe.periodSeconds` | LivenessProbe period between checking SonarQube | `30` |\n| `livenessProbe.sonarWebContext` | SonarQube web context for livenessProbe | / |\n| `initContainers.image` | Change init container image | `busybox:1.32` |\n| `initContainers.securityContext` | SecurityContext for init containers | `nil` |\n| `initContainers.resources` | Resources for init containers | `{}` |\n| `extraInitContainers` | Extra init containers to e.g. download required artifacts | `{}` |\n| `extraContainers` | Extra containers to run alongside sonarqube container | `{}` |\n| `caCerts.image` | Change init CA certificates container image | `adoptopenjdk/openjdk11:alpine` |\n| `caCerts.secret` | Name of the secret containing additional CA certificates | `nil` |\n| `initSysctl.enabled` | Modify k8s worker to conform to system requirements | `true` |\n| `initSysctl.vmMaxMapCount` | Set init sysctl container vm.max_map_count | `524288` |\n| `initSysctl.fsFileMax` | Set init sysctl container fs.file-max | `131072` |\n| `initSysctl.nofile` | Set init sysctl container open file descriptors limit | `131072` |\n| `initSysctl.nproc` | Set init sysctl container open threads limit | `8192 ` |\n| `initSysctl.image` | Change init sysctl container image | `busybox:1.32` |\n| `initSysctl.securityContext` | InitSysctl container security context | `{privileged: true}` |\n| `initSysctl.resources` | InitSysctl container resource requests & limits | `{}` |\n| `plugins.install` | List of plugins to install | `[]` |\n| `plugins.lib` | Plugins libray | `[]` |\n| `plugins.resources` | Plugin Pod resource requests & limits | `{}` |\n| `plugins.httpProxy` | For use behind a corporate proxy when downloading plugins | \"\" |\n| `plugins.httpsProxy` | For use behind a corporate proxy when downloading plugins | \"\" |\n| `plugins.noProxy` | For use behind a corporate proxy when downloading plugins | \"\" |\n| `plugins.image` | Image for plugins container | \"\" |\n| `plugins.resources` | Resources for plugins container | \"\" |\n| `plugins.netrcCreds` | Name of the secret containing .netrc file to use creds when downloading plugins | \"\" |\n| `plugins.noCheckCertificate` | Flag to not check server's certificate when downloading plugins | `false` |\n| `jvmOpts` | Values to add to SONARQUBE_WEB_JVM_OPTS | `\"\"` |\n| `env` | Environment variables to attach to the pods | `nil` |\n| `annotations` | Sonarqube Pod annotations | `{}` |\n| `resources` | Sonarqube Pod resource requests & limits | `{}` |\n| `persistence.enabled` | Flag for enabling persistent storage | false |\n| `persistence.annotations` | Kubernetes pvc annotations | `{}` |\n| `persistence.existingClaim` | Do not create a new PVC but use this one | None |\n| `persistence.storageClass` | Storage class to be used | \"\" |\n| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` |\n| `persistence.size` | Size of the volume | 10Gi |\n| `persistence.volumes` | Specify extra volumes. Refer to \".spec.volumes\" specification | [] |\n| `persistence.mounts` | Specify extra mounts. Refer to \".spec.containers.volumeMounts\" specification | [] |\n| `emptyDir` | Configuration of resources for `emptyDir` | `{}` |\n| `sonarProperties` | Custom `sonar.properties` file | None |\n| `sonarSecretProperties` | Additional `sonar.properties` file to load from a secret | None |\n| `sonarSecretKey` | Name of existing secret used for settings encryption | None |\n| `jdbcDatabaseType` | Type of the JDBC Database driver | `postgreql` |\n| `jdbcUrlOverride` | Overrides default JDBC URL creation | None |\n| `createPostgresqlSecret` | Set to `true` to create the postgresql secret in Sonarqube chart, instead of postgresql chart | `true` |\n| `postgresql.enabled` | Set to `false` to use external server | `true` |\n| `postgresql.existingSecret` | Secret containing the password of the external Postgresql server | `sonar-postgresql` |\n| `postgresql.secretKey` | | `postgresql-password` |\n| `postgresql.existingSecretPasswordKey` | Secret Key containing the password of the external Postgresql server | `postgresql-password` |\n| `postgresql.postgresqlServer` | Hostname of the external Postgresql server | `null` |\n| `postgresql.postgresqlUsername` | Postgresql database user | `sonarUser` |\n| `postgresql.postgresqlPassword` | Postgresql database password | `\"\"` |\n| `postgresql.postgresqlDatabase` | Postgresql database name | `sonarDB` |\n| `postgresql.service.port` | Postgresql port | `5432` |\n| `postgresql.resources.requests.memory` | Postgresql memory request | `256Mi` |\n| `postgresql.resources.requests.cpu` | Postgresql cpu request | `250m` |\n| `postgresql.resources.limits.memory` | Postgresql memory limit | `2Gi` |\n| `postgresql.resources.limits.cpu` | Postgresql cpu limit | `2` |\n| `postgresql.persistence.enabled` | Postgresql persistence en/disabled | `true` |\n| `postgresql.persistence.accessMode` | Postgresql persistence accessMode | `ReadWriteOnce` |\n| `postgresql.persistence.size` | Postgresql persistence size | `20Gi` |\n| `postgresql.persistence.storageClass` | Postgresql persistence storageClass | `\"\"` |\n| `postgresql.securityContext.enabled` | Postgresql securityContext en/disabled | `true` |\n| `postgresql.securityContext.fsGroup` | Postgresql securityContext fsGroup | `1001` |\n| `postgresql.securityContext.runAsUser` | Postgresql securityContext runAsUser | `1001` |\n| `postgresql.volumePermissions.enabled` | Postgres vol permissions en/disabled | `false` |\n| `postgresql.volumePermissions.securityContext.runAsUser` | Postgres vol permissions secContext runAsUser | `0` |\n| `postgresql.shmVolume.chmod.enabled` | Postgresql shared memory vol en/disabled | `false` |\n| `postgresql.serivceAccount.enabled` | Postgresql service Account creation en/disabled | `false` |\n| `postgresql.serivceAccount.name` | Postgresql service Account name (commented out) | `\"\"` |\n| `podLabels` | Map of labels to add to the pods | `{}` |\n| `sonarqubeFolder` | Directory name of Sonarqube | `/opt/sonarqube` |\n| `tests.enabled` | Flag that allows tests to be excluded from generated yaml | true |\n| `tests.image` | Change init test container image | `dduportal/bats:0.4.0` |\n| `serviceAccount.create` | If set to true, create a serviceAccount | false |\n| `serviceAccount.name` | Name of the serviceAccount to create/use | `sonarqube-sonarqube` |\n| `serviceAccount.annotations` | Additional serviceAccount annotations | `{}` |\n| `extraConfig.secrets` | A list of `Secret`s (which must contain key/value pairs) which may be loaded into the Scanner as environment variables | `[]` |\n| `extraConfig.configmaps` | A list of `ConfigMap`s (which must contain key/value pairs) which may be loaded into the Scanner as environment variables | `[]` |\n| `account.adminPassword` | Custom admin password | `\"admin\"` |\n| `account.currentAdminPassword` | Current admin password | `\"admin\"` |\n| `curlContainerImage` | Curl container image | `\"curlimages/curl:latest\"` |\n| `adminJobAnnotations` | Custom annotations for admin hook Job | `{}` |\n| `terminationGracePeriodSeconds` | Configuration of `terminationGracePeriodSeconds` | `60` |\n\nYou can also configure values for the PostgreSQL database via the Postgresql [Chart](https://hub.helm.sh/charts/bitnami/postgresql)\n\nFor overriding variables see: [Customizing the chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing)\n\n### Use custom `cacerts`\n\nIn environments with air-gapped setup, especially with internal tooling (repos) and self-signed certificates it is required to provide an adequate `cacerts` which overrides the default one:\n\n1. Create a yaml file `cacerts.yaml` with a secret that contains one or more keys to represent the certificates that you want including\n\n ```yaml\n apiVersion: v1\n kind: Secret\n metadata:\n name: my-cacerts\n data:\n cert-1.crt: |\n xxxxxxxxxxxxxxxxxxxxxxx\n ```\n\n2. Upload your `cacerts.yaml` to a secret in the cluster you are installing Sonarqube to.\n\n ```shell\n kubectl apply -f cacerts.yaml\n ```\n\n3. Set the following values of the chart:\n\n ```yaml\n caCerts:\n enabled: true\n secret: my-cacerts\n ```\n\n### Elasticsearch Settings\n\nSince SonarQube comes bundled with an Elasticsearch instance, some [bootstrap checks](https://www.elastic.co/guide/en/elasticsearch/reference/master/bootstrap-checks.html) of the host settings are done at start.\n\nThis chart offers the option to use an initContainer in privilaged mode to automatically set certain kernel settings on the kube worker. While this can ensure proper functionality of Elasticsearch, modifying the underlying kernel settings on the Kubernetes node can impact other users. It may be best to work with your cluster administrator to either provide specific nodes with the proper kernel settings, or ensure they are set cluster wide.\n\nTo enable auto-configuration of the kube worker node, set `elasticsearch.configureNode` to `true`. This is the default behavior, so you do not need to explicitly set this.\n\nThis will run `sysctl -w vm.max_map_count=262144` on the worker where the sonarqube pod(s) get scheduled. This needs to be set to `262144` but normally defaults to `65530`. Other kernel settings are recommended by the [docker image](https://hub.docker.com/_/sonarqube/#requirements), but the defaults work fine in most cases.\n\nTo disable worker node configuration, set `elasticsearch.configureNode` to `false`. Note that if node configuration is not enabled, then you will likely need to also disable the Elasticsearch bootstrap checks. These can be explicitly disabled by setting `elasticsearch.bootstrapChecks` to `false`.\n\n### As of 7.9 Mysql is no longer supported, so it has been removed from the chart\n\n### Extra Config\n\nFor environments where another tool, such as terraform or ansible, is used to provision infrastructure or passwords then setting databases addresses and credentials via helm becomes less than ideal. Ditto for environments where this config may be visible.\n\nIn such environments, configuration may be read, via environment variables, from Secrets and ConfigMaps.\n\n1. Create a `ConfigMap` (or `Secret`) containing key/value pairs, as expected by Sonarqube\n\n ```yaml\n apiVersion: v1\n kind: ConfigMap\n metadata:\n name: external-sonarqube-opts\n data:\n SONARQUBE_JDBC_USERNAME: foo\n SONARQUBE_JDBC_URL: jdbc:postgresql://db.example.com:5432/sonar\n ```\n\n2. Set the following in your `values.yaml` (using the key `extraConfig.secrets` to reference `Secret`s)\n\n ```yaml\n extraConfig:\n configmaps:\n - external-sonarqube-opts\n ```\n" }, { "path": "charts/sonarqube/templates/NOTES.txt", "content": "1. Get the application URL by running these commands:\n{{- if .Values.ingress.enabled }}\n{{- range .Values.ingress.hosts }}\n http://{{ .name }}\n{{- end }}\n{{- else if contains \"NodePort\" .Values.service.type }}\n export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath=\"{.spec.ports[0].nodePort}\" services {{ template \"sonarqube.fullname\" . }})\n export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath=\"{.items[0].status.addresses[0].address}\")\n echo http://$NODE_IP:$NODE_PORT\n{{- else if contains \"LoadBalancer\" .Values.service.type }}\n NOTE: It may take a few minutes for the LoadBalancer IP to be available.\n You can watch the status of by running 'kubectl get svc -w {{ template \"sonarqube.fullname\" . }}'\n export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template \"sonarqube.fullname\" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\n echo http://$SERVICE_IP:{{ .Values.service.externalPort }}\n{{- else if contains \"ClusterIP\" .Values.service.type }}\n export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l \"app={{ template \"sonarqube.name\" . }},release={{ .Release.Name }}\" -o jsonpath=\"{.items[0].metadata.name}\")\n echo \"Visit http://127.0.0.1:8080 to use your application\"\n kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }} -n {{ .Release.Namespace }}\n{{- end }}\n" }, { "path": "charts/sonarqube/templates/_helpers.tpl", "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"sonarqube.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\n*/}}\n{{- define \"sonarqube.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name (include \"sonarqube.name\" .) | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\n Create a default fully qualified mysql/postgresql name.\n We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\n*/}}\n{{- define \"postgresql.fullname\" -}}\n{{- printf \"%s-%s\" .Release.Name \"postgresql\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\n Determine the hostname to use for PostgreSQL/mySQL.\n*/}}\n{{- define \"postgresql.hostname\" -}}\n{{- if .Values.postgresql.enabled -}}\n{{- printf \"%s-%s\" .Release.Name \"postgresql\" | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s\" .Values.postgresql.postgresqlServer -}}\n{{- end -}}\n{{- end -}}\n" }, { "path": "charts/sonarqube/templates/change-admin-password-hook.yml", "content": "{{- if .Values.account }}\n{{- if .Values.account.adminPassword }}\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}-change-admin-password-hook\n labels:\n app: {{ template \"sonarqube.name\" . }}\n heritage: {{ .Release.Service }}\n release: {{ .Release.Name }}\n helm.sh/chart: \"{{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\"\n {{- range $key, $value := .Values.service.labels }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n annotations:\n \"helm.sh/hook\": post-install\n \"helm.sh/hook-delete-policy\": hook-succeeded\n {{- range $key, $value := .Values.adminJobAnnotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n template:\n metadata:\n name: {{ template \"sonarqube.fullname\" . }}-change-admin-password-hook\n labels:\n app: {{ template \"sonarqube.name\" . }}\n heritage: {{ .Release.Service }}\n release: {{ .Release.Name }}\n {{- range $key, $value := .Values.service.labels }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n spec:\n restartPolicy: OnFailure\n containers:\n - name: {{ template \"sonarqube.fullname\" . }}-change-default-admin-password\n image: {{ default \"curlimages/curl:latest\" .Values.curlContainerImage }}\n command: [\"sh\", \"-c\", 'until curl -v --connect-timeout 100 {{ template \"sonarqube.fullname\" . }}:{{ default 9000 .Values.service.internalPort }}/api/system/status | grep -w UP; do sleep 10; done; curl --connect-timeout 100 -u admin:{{ default \"admin\" .Values.account.currentAdminPassword }} -X POST \"{{ template \"sonarqube.fullname\" . }}:{{ default 9000 .Values.service.internalPort }}/api/users/change_password?login=admin&previousPassword={{ .Values.account.currentAdminPassword | default \"admin\" | urlquery }}&password={{ .Values.account.adminPassword | default \"admin\" | urlquery }}\"']\n{{- end }}\n{{- end }}\n" }, { "path": "charts/sonarqube/templates/config.yaml", "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}-config\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\ndata:\n {{- if and .Values.sonarSecretKey (not .Values.sonarProperties) (not .Values.elasticsearch.bootstrapChecks) }}\n sonar.properties: sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt\n {{- end }}\n {{- if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }}\n sonar.properties:\n {{ range $key, $val := .Values.sonarProperties }}\n {{ $key }}={{ $val }}\n {{ end }}\n {{- if not .Values.elasticsearch.bootstrapChecks }}\n sonar.es.bootstrap.checks.disable=true\n {{- end }}\n {{- end }}\n {{- if and .Values.sonarSecretKey .Values.sonarProperties }}\n sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt\n {{- end }}\n" }, { "path": "charts/sonarqube/templates/deployment.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\n app.kubernetes.io/name: {{ template \"sonarqube.name\" . }}-{{ template \"sonarqube.fullname\" . }}\n app.kubernetes.io/instance: {{ .Release.Name }}\n app.kubernetes.io/managed-by: {{ .Release.Service }}\n app.kubernetes.io/part-of: sonarqube\n app.kubernetes.io/component: {{ template \"sonarqube.fullname\" . }}\n app.kubernetes.io/version: {{ .Values.image.tag | quote }}\nspec:\n replicas: {{ .Values.replicaCount }}\n selector:\n matchLabels:\n app: {{ template \"sonarqube.name\" . }}\n release: {{ .Release.Name }}\n{{- if .Values.deploymentStrategy }}\n strategy:\n{{ toYaml .Values.deploymentStrategy | indent 4 }}\n{{- end }}\n template:\n metadata:\n labels:\n app: {{ template \"sonarqube.name\" . }}\n release: {{ .Release.Name }}\n{{- with .Values.podLabels }}\n{{ toYaml . | indent 8 }}\n{{- end }}\n annotations:\n checksum/init-sysctl: {{ include (print $.Template.BasePath \"/init-sysctl.yaml\") . | sha256sum }}\n checksum/plugins: {{ include (print $.Template.BasePath \"/install-plugins.yaml\") . | sha256sum }}\n checksum/config: {{ include (print $.Template.BasePath \"/config.yaml\") . | sha256sum }}\n checksum/secret: {{ include (print $.Template.BasePath \"/secret.yaml\") . | sha256sum }}\n{{- if .Values.annotations}}\n {{- range $key, $value := .Values.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n{{- end }}\n spec:\n {{- if .Values.schedulerName }}\n schedulerName: {{ .Values.schedulerName }}\n {{- end }}\n {{- if .Values.serviceAccount.create }}\n {{- if .Values.serviceAccount.name }}\n serviceAccountName: {{ .Values.serviceAccount.name }}\n {{- else }}\n serviceAccountName: {{ include \"sonarqube.fullname\" . }}\n {{- end }}\n {{- end }}\n securityContext:\n{{ toYaml .Values.securityContext | indent 8 }}\n {{- if .Values.image.pullSecret }}\n imagePullSecrets:\n - name: {{ .Values.image.pullSecret }}\n {{- end }}\n initContainers:\n {{- if .Values.extraInitContainers }}\n{{ toYaml .Values.extraInitContainers | indent 8 }}\n {{- end }}\n {{- if .Values.caCerts }}\n - name: ca-certs\n image: {{ default \"adoptopenjdk/openjdk11:alpine\" .Values.caCerts.image }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n command: [\"sh\"]\n args: [\"-c\", \"cp -f \\\"${JAVA_HOME}/lib/security/cacerts\\\" /tmp/certs/cacerts; if [ \\\"$(ls /tmp/secrets/ca-certs)\\\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \\\"${f}\\\" -alias \\\"$(basename \\\"${f}\\\")\\\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;\"]\n {{- if $securityContext := .Values.initContainers.securityContext }}\n securityContext:\n{{ toYaml $securityContext | indent 12 }}\n {{- end }}\n resources:\n{{ toYaml .Values.initContainers.resources | indent 12 }}\n volumeMounts:\n - mountPath: /tmp/certs\n name: sonarqube\n subPath: certs\n - mountPath: /tmp/secrets/ca-certs\n name: ca-certs\n {{- with .Values.env }}\n env:\n {{- . | toYaml | trim | nindent 12 }}\n {{- end }}\n {{- end }}\n {{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }}\n - name: init-sysctl\n image: {{ default \"busybox:1.32\" .Values.initSysctl.image }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n {{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }}\n securityContext:\n{{ toYaml $securityContext | indent 12 }}\n {{- end }}\n resources:\n{{ toYaml (default .Values.initContainers.resources .Values.initSysctl.resources) | indent 12 }}\n command: [\"sh\",\n \"-e\",\n \"/tmp/scripts/init_sysctl.sh\"]\n volumeMounts:\n - name: init-sysctl\n mountPath: /tmp/scripts/\n {{- with .Values.env }}\n env:\n {{- . | toYaml | trim | nindent 12 }}\n {{- end }}\n {{- end }}\n {{- if .Values.plugins.install }}\n - name: install-plugins\n image: {{ default \"rjkernick/alpine-wget:latest\" .Values.plugins.image }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n command: [\"sh\",\n \"-e\",\n \"/tmp/scripts/install_plugins.sh\"]\n volumeMounts:\n - mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads\n name: sonarqube\n subPath: extensions/downloads\n - mountPath: {{ .Values.sonarqubeFolder }}/lib/common\n name: sonarqube\n subPath: lib/common\n - name: install-plugins\n mountPath: /tmp/scripts/\n {{- if .Values.plugins.netrcCreds }}\n - name: plugins-netrc-file\n mountPath: /root\n {{- end }}\n {{- if $securityContext := .Values.initContainers.securityContext }}\n securityContext:\n{{ toYaml $securityContext | indent 12 }}\n {{- end }}\n resources:\n{{ toYaml (default .Values.initContainers.resources .Values.plugins.resource) | indent 12 }}\n {{- with .Values.env }}\n env:\n {{- . | toYaml | trim | nindent 12 }}\n {{- end }}\n {{- end }}\n {{- if and .Values.sonarProperties .Values.sonarSecretProperties }}\n - name: concat-properties\n image: {{ default \"busybox:1.32\" .Values.initContainers.image }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n command: [\"sh\",\n \"-c\",\n \"awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties\"]\n volumeMounts:\n - mountPath: /tmp/props/sonar.properties\n name: config\n subPath: sonar.properties\n - mountPath: /tmp/props/secret.properties\n name: secret-config\n subPath: secret.properties\n - mountPath: /tmp/result\n name: concat-dir\n {{- if $securityContext := .Values.initContainers.securityContext }}\n securityContext:\n{{ toYaml $securityContext | indent 12 }}\n {{- end }}\n resources:\n{{ toYaml .Values.initContainers.resources | indent 12 }}\n {{- with .Values.env }}\n env:\n {{- . | toYaml | trim | nindent 12 }}\n {{- end }}\n {{- end }}\n {{- if .Values.postgresql.enabled }} \n - name: \"wait-for-db\"\n image: {{ default \"busybox:1.32\" .Values.initContainers.image }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n {{- if $securityContext := .Values.initContainers.securityContext }}\n securityContext:\n{{ toYaml $securityContext | indent 12 }}\n {{- end }}\n resources:\n{{ toYaml .Values.initContainers.resources | indent 12 }}\n command: [\"/bin/sh\", \"-c\", \"for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1\"]\n {{- end }} \n {{- if .Values.priorityClassName }}\n priorityClassName: {{ .Values.priorityClassName }}\n {{- end }}\n {{- if .Values.nodeSelector }}\n nodeSelector:\n{{ toYaml .Values.nodeSelector | indent 8 }}\n {{- end }}\n {{- if .Values.hostAliases }}\n hostAliases:\n{{ toYaml .Values.hostAliases | indent 8 }}\n {{- end }}\n {{- if .Values.tolerations }}\n tolerations:\n{{ toYaml .Values.tolerations | indent 8 }}\n {{- end }}\n {{- if .Values.affinity }}\n affinity:\n{{ toYaml .Values.affinity | indent 8 }}\n {{- end }}\n containers:\n {{- if .Values.extraContainers }}\n {{- toYaml .Values.extraContainers | nindent 8 }}\n {{- end }}\n - name: {{ .Chart.Name }}\n image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n ports:\n - name: http\n containerPort: {{ .Values.service.internalPort }}\n protocol: TCP\n env:\n - name: SONAR_WEB_JAVAOPTS\n {{- if .Values.caCerts }}\n value: {{ printf \"-Djavax.net.ssl.trustStore=%s/certs/cacerts %s\" .Values.sonarqubeFolder .Values.jvmOpts | trim | quote }}\n {{- else }}\n value: \"{{ .Values.jvmOpts }}\"\n {{- end }}\n {{- if .Values.caCerts }}\n - name: SONAR_CE_JAVAOPTS\n value: {{ printf \"-Djavax.net.ssl.trustStore=%s/certs/cacerts\" .Values.sonarqubeFolder | trim | quote }}\n {{- end }}\n - name: SONAR_JDBC_PASSWORD\n valueFrom:\n secretKeyRef:\n name: {{- if .Values.postgresql.existingSecret }} {{ .Values.postgresql.existingSecret }} {{ else }} {{ .Release.Name }}-postgresql {{- end }}\n key: {{ .Values.postgresql.secretKey }}\n {{- with .Values.env }}\n {{- . | toYaml | trim | nindent 12 }}\n {{- end }}\n envFrom:\n - configMapRef:\n name: {{ template \"sonarqube.fullname\" . }}-postgres-config\n{{- range .Values.extraConfig.secrets }}\n - secretRef:\n name: {{ . }}\n{{- end }}\n{{- range .Values.extraConfig.configmaps }}\n - configMapRef:\n name: {{ . }}\n{{- end }}\n livenessProbe:\n httpGet:\n path: {{ .Values.livenessProbe.sonarWebContext }}api/system/status\n port: http\n initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.livenessProbe.periodSeconds }}\n readinessProbe:\n httpGet:\n path: {{ .Values.readinessProbe.sonarWebContext }}api/system/status\n port: http\n initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.readinessProbe.periodSeconds }}\n failureThreshold: {{ .Values.readinessProbe.failureThreshold }}\n {{- if .Values.containerSecurityContext }}\n securityContext:\n{{- toYaml .Values.containerSecurityContext | nindent 12 }}\n {{- end }}\n volumeMounts:\n{{- if .Values.persistence.mounts }}\n{{ toYaml .Values.persistence.mounts | indent 12 }}\n{{- end }}\n {{- if and .Values.sonarProperties .Values.sonarSecretProperties }}\n - mountPath: {{ .Values.sonarqubeFolder }}/conf/\n name: concat-dir\n {{- else if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }}\n - mountPath: {{ .Values.sonarqubeFolder }}/conf/\n name: config\n {{- end }}\n {{- if .Values.sonarSecretKey }}\n - mountPath: {{ .Values.sonarqubeFolder }}/secret/\n name: secret\n {{- end }}\n {{- if .Values.caCerts }}\n - mountPath: {{ .Values.sonarqubeFolder }}/certs\n name: sonarqube\n subPath: certs\n {{- end }}\n - mountPath: {{ .Values.sonarqubeFolder }}/data\n name: sonarqube\n subPath: data\n {{- if .Values.persistence.enabled }}\n - mountPath: {{ .Values.sonarqubeFolder }}/extensions\n name: sonarqube\n subPath: extensions\n {{- else if .Values.plugins.install }}\n - mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads\n name: sonarqube\n subPath: extensions/downloads\n {{- end }}\n {{- if .Values.plugins.lib }}\n {{- range $index, $val := .Values.plugins.lib }}\n - mountPath: {{ $.Values.sonarqubeFolder }}/lib/common/{{ $val }}\n name: sonarqube\n subPath: lib/common/{{ $val }}\n {{- end }}\n {{- end }}\n - mountPath: {{ .Values.sonarqubeFolder }}/temp\n name: sonarqube\n subPath: temp\n - mountPath: {{ .Values.sonarqubeFolder }}/logs\n name: sonarqube\n subPath: logs\n - mountPath: /tmp\n name: tmp-dir\n resources:\n{{ toYaml .Values.resources | indent 12 }}\n {{- if .Values.nodeSelector }}\n nodeSelector:\n{{ toYaml .Values.nodeSelector | indent 8 }}\n {{- end }}\n {{- if .Values.tolerations }}\n tolerations:\n{{ toYaml .Values.tolerations | indent 8 }}\n {{- end }}\n {{- if .Values.affinity }}\n affinity:\n{{ toYaml .Values.affinity | indent 8 }}\n {{- end }}\n volumes:\n{{- if .Values.persistence.volumes }}\n{{ tpl (toYaml .Values.persistence.volumes | indent 6) . }}\n{{- end }}\n {{- if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }}\n - name: config\n configMap:\n name: {{ template \"sonarqube.fullname\" . }}-config\n items:\n - key: sonar.properties\n path: sonar.properties\n {{- end }}\n {{- if .Values.sonarSecretProperties }}\n - name: secret-config\n secret:\n secretName: {{ .Values.sonarSecretProperties }}\n items:\n - key: secret.properties\n path: secret.properties\n {{- end }}\n {{- if .Values.sonarSecretKey }}\n - name: secret\n secret:\n secretName: {{ .Values.sonarSecretKey }}\n items:\n - key: sonar-secret.txt\n path: sonar-secret.txt\n {{- end }}\n {{- if .Values.caCerts }}\n - name: ca-certs\n secret:\n secretName: {{ .Values.caCerts.secret }}\n {{- end }}\n {{- if .Values.plugins.netrcCreds }}\n - name: plugins-netrc-file\n secret:\n secretName: {{ .Values.plugins.netrcCreds }}\n items:\n - key: netrc\n path: .netrc\n {{- end }}\n - name: init-sysctl\n configMap:\n name: {{ template \"sonarqube.fullname\" . }}-init-sysctl\n items:\n - key: init_sysctl.sh\n path: init_sysctl.sh\n - name: install-plugins\n configMap:\n name: {{ template \"sonarqube.fullname\" . }}-install-plugins\n items:\n - key: install_plugins.sh\n path: install_plugins.sh\n - name: sonarqube\n {{- if .Values.persistence.enabled }}\n persistentVolumeClaim:\n claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template \"sonarqube.fullname\" . }}{{- end }}\n {{- else }}\n emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }}\n {{- end }}\n - name : tmp-dir\n emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }}\n {{- if .Values.sonarSecretProperties }}\n - name : concat-dir\n emptyDir: {{- toYaml .Values.emptyDir | nindent 10 -}}\n {{- end }}\n" }, { "path": "charts/sonarqube/templates/ingress.yaml", "content": "{{- if .Values.ingress.enabled -}}\n{{- $serviceName := include \"sonarqube.fullname\" . -}}\n{{- $servicePort := .Values.service.externalPort -}}\n{{- if .Capabilities.APIVersions.Has \"networking.k8s.io/v1\" -}}\napiVersion: networking.k8s.io/v1\n{{- else if .Capabilities.APIVersions.Has \"networking.k8s.io/v1beta1\" -}}\napiVersion: networking.k8s.io/v1beta1\n{{- else -}}\napiVersion: extensions/v1beta1\n{{- end }}\nkind: Ingress\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\n{{- if .Values.ingress.labels }}\n{{ .Values.ingress.labels | toYaml | trimSuffix \"\\n\"| indent 4 -}}\n{{- end}}\n{{- if .Values.ingress.annotations}}\n annotations:\n {{- range $key, $value := .Values.ingress.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n{{- end }}\nspec:\n {{- if .Values.ingress.className }}\n ingressClassName: {{ .Values.ingress.className }}\n {{- end }}\n {{- if .Values.ingress.annotations }}\n {{- range $key, $value := .Values.ingress.annotations }}\n {{- if and (eq $key \"kubernetes.io/ingress.class\") (contains (toString $value) \"gce\") }}\n backend:\n serviceName: {{ default $serviceName .serviceName }}\n servicePort: {{ default $servicePort .servicePort }}\n {{- end }}\n {{- end }}\n {{- end }}\n rules:\n {{- range .Values.ingress.hosts }}\n - host: {{ .name }}\n http:\n paths:\n - path: {{ .path }}\n {{- if $.Capabilities.APIVersions.Has \"networking.k8s.io/v1\" }}\n pathType: {{ .pathType | default \"Prefix\" }} \n {{- end }}\n backend:\n {{- if $.Capabilities.APIVersions.Has \"networking.k8s.io/v1\" }}\n service:\n name: {{ default $serviceName .serviceName }}\n port:\n number: {{ default $servicePort .servicePort }}\n {{- else }}\n serviceName: {{ default $serviceName .serviceName }}\n servicePort: {{ default $servicePort .servicePort }}\n {{- end }}\n {{- end -}}\n {{- if .Values.ingress.tls }}\n tls:\n{{ toYaml .Values.ingress.tls | indent 4 }}\n {{- end -}}\n{{- end -}}\n" }, { "path": "charts/sonarqube/templates/init-sysctl.yaml", "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}-init-sysctl\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\ndata:\n init_sysctl.sh: |-\n {{- if .Values.initSysctl.vmMaxMapCount }}\n if [[ \"$(sysctl -n vm.max_map_count)\" -lt {{ .Values.initSysctl.vmMaxMapCount }} ]]; then\n sysctl -w vm.max_map_count={{ .Values.initSysctl.vmMaxMapCount }}\n fi\n {{- end }}\n {{- if .Values.initSysctl.fsFileMax }}\n if [[ \"$(sysctl -n fs.file-max)\" -lt {{ .Values.initSysctl.fsFileMax }} ]]; then\n sysctl -w fs.file-max={{ .Values.initSysctl.fsFileMax }}\n fi\n {{- end }}\n {{- if .Values.initSysctl.nofile }}\n if [[ \"$(ulimit -n)\" != \"unlimited\" ]]; then\n if [[ \"$(ulimit -n)\" -lt {{ .Values.initSysctl.nofile }} ]]; then\n echo \"ulimit -n {{ .Values.initSysctl.nofile }}\"\n ulimit -n {{ .Values.initSysctl.nofile }}\n fi\n fi\n {{- end }}\n {{- if .Values.initSysctl.nproc }}\n if [[ \"$(ulimit -u)\" != \"unlimited\" ]]; then\n if [[ \"$(ulimit -u)\" -lt {{ .Values.initSysctl.nproc }} ]]; then\n echo \"ulimit -u {{ .Values.initSysctl.nproc }}\"\n ulimit -u {{ .Values.initSysctl.nproc }}\n fi\n fi\n {{- end }}\n" }, { "path": "charts/sonarqube/templates/install-plugins.yaml", "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}-install-plugins\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\ndata:\n install_plugins.sh: |-\n {{- if .Values.plugins.httpProxy }}\n export http_proxy={{ .Values.plugins.httpProxy }}\n {{- end }}\n {{- if .Values.plugins.httpsProxy }}\n export https_proxy={{ .Values.plugins.httpsProxy }}\n {{- end }}\n {{- if .Values.plugins.noProxy }}\n export no_proxy={{ .Values.plugins.noProxy }}\n {{- end }}\n {{- if .Values.plugins.install }}\n [ -e {{ .Values.sonarqubeFolder }}/extensions/downloads/* ] && rm {{ .Values.sonarqubeFolder }}/extensions/downloads/*\n {{ range $index, $val := .Values.plugins.install }}\n echo {{ $val | quote }} >> {{ $.Values.sonarqubeFolder }}/extensions/downloads/list{{ end }}\n cat {{ .Values.sonarqubeFolder }}/extensions/downloads/list | xargs -n 1 -P 8 wget --directory-prefix {{ .Values.sonarqubeFolder }}/extensions/downloads --no-verbose{{ if .Values.plugins.noCheckCertificate }} --no-check-certificate{{ end }}\n rm {{ .Values.sonarqubeFolder }}/extensions/downloads/list\n {{- end }}\n {{- if .Values.plugins.lib }}\n {{- range $index, $val := .Values.plugins.lib }}\n cp -f {{ $.Values.sonarqubeFolder }}/extensions/downloads/{{ $val }} {{ $.Values.sonarqubeFolder }}/lib/common/{{ $val }}\n {{- end }}\n {{- end }}\n" }, { "path": "charts/sonarqube/templates/postgres-config.yaml", "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}-postgres-config\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\ndata:\n{{- if .Values.postgresql.postgresqlUsername }}\n SONAR_JDBC_USERNAME: {{ .Values.postgresql.postgresqlUsername | quote }}\n{{- end }}\n{{- if .Values.jdbcUrlOverride }}\n SONAR_JDBC_URL: \"{{- .Values.jdbcUrlOverride -}}\"\n{{- else if and .Values.postgresql.service.port .Values.postgresql.postgresqlDatabase }}\n SONAR_JDBC_URL: \"jdbc:{{- .Values.jdbcDatabaseType -}}://{{ template \"postgresql.hostname\" . }}:{{- .Values.postgresql.service.port -}}/{{- .Values.postgresql.postgresqlDatabase -}}\"\n{{- end }}\n" }, { "path": "charts/sonarqube/templates/pvc.yaml", "content": "{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: \"{{ .Chart.Name }}-{{ .Chart.Version }}\"\n release: \"{{ .Release.Name }}\"\n heritage: \"{{ .Release.Service }}\"\n{{ if .Values.persistence.annotations}}\n annotations:\n {{- range $key, $value := .Values.persistence.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n{{- end }}\nspec:\n accessModes:\n - {{ .Values.persistence.accessMode | quote }}\n resources:\n requests:\n storage: {{ .Values.persistence.size | quote }}\n{{- if .Values.persistence.storageClass }}\n{{- if (eq \"-\" .Values.persistence.storageClass) }}\n storageClassName: \"\"\n{{- else }}\n storageClassName: \"{{ .Values.persistence.storageClass }}\"\n{{- end }}\n{{- end }}\n{{- end }}\n" }, { "path": "charts/sonarqube/templates/secret.yaml", "content": "{{- if .Values.createPostgresqlSecret -}}\n{{- $relname := printf \"%s-%s\" .Release.Name \"postgresql\" -}}\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{- if .Values.postgresql.existingSecret }} {{ .Values.postgresql.existingSecret }} {{ else }} {{ $relname }} {{- end }}\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\ntype: Opaque\ndata:\n {{- if .Release.IsUpgrade }}\n # check to see if secret already exists in namespace.\n {{- if (index (lookup \"v1\" \"Secret\" .Release.Namespace $relname ) ) }}\n postgresql-password: {{ index (lookup \"v1\" \"Secret\" .Release.Namespace $relname ).data \"postgresql-password\" }}\n {{- else if (index (lookup \"v1\" \"Secret\" .Release.Namespace .Values.postgresql.existingSecret ) ) }}\n postgresql-password: {{ index (lookup \"v1\" \"Secret\" .Release.Namespace .Values.postgresql.existingSecret ).data \"postgresql-password\" }}\n {{ else }}\n # if a secret isn't found when perfroming an upgrade create a new secret.\n {{- if .Values.postgresql.postgresqlPassword }}\n postgresql-password: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }}\n {{- else }}\n {{- $postgresRandomPassword := randAlphaNum 16 | b64enc | quote }}\n postgresql-password: {{ $postgresRandomPassword }}\n {{- end }}\n {{- end }}\n {{ else }}\n # Perform normal install operation\n {{- if .Values.postgresql.postgresqlPassword }}\n postgresql-password: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }}\n {{- else }}\n {{- $postgresRandomPassword := randAlphaNum 16 | b64enc | quote }}\n postgresql-password: {{ $postgresRandomPassword }}\n {{ end }}\n {{ end }}\n{{- end }}\n" }, { "path": "charts/sonarqube/templates/service.yaml", "content": "apiVersion: v1\nkind: Service\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\n {{- range $key, $value := .Values.service.labels }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n{{ if .Values.service.annotations}}\n annotations:\n {{- range $key, $value := .Values.service.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n{{- end }}\nspec:\n type: {{ .Values.service.type }}\n ports:\n - port: {{ .Values.service.externalPort }}\n targetPort: http\n protocol: TCP\n name: http\n {{- if .Values.service.nodePort }}\n nodePort: {{ .Values.service.nodePort }}\n {{- end }}\n selector:\n app: {{ template \"sonarqube.name\" . }}\n release: {{ .Release.Name }}\n {{- if eq .Values.service.type \"LoadBalancer\"}}\n {{- if .Values.service.loadBalancerSourceRanges }}\n loadBalancerSourceRanges:\n {{- range .Values.service.loadBalancerSourceRanges }}\n - {{ . }}\n {{- end }}\n {{- end -}}\n {{- if .Values.service.loadBalancerIP}}\n loadBalancerIP: {{.Values.service.loadBalancerIP}}\n {{- end }}\n {{- end }}\n" }, { "path": "charts/sonarqube/templates/serviceaccount.yaml", "content": "{{- if .Values.serviceAccount.create -}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n{{- if .Values.serviceAccount.name }}\n name: {{ .Values.serviceAccount.name }}\n{{- else }}\n name: {{ include \"sonarqube.fullname\" . }}\n{{- end }}\n{{- if .Values.serviceAccount.annotations }}\n annotations:\n{{ toYaml .Values.serviceAccount.annotations | indent 4 }}\n{{- end }}\n{{- end -}}\n" }, { "path": "charts/sonarqube/templates/sonarqube-scc.yaml", "content": "{{- if and (.Values.OpenShift.enabled) (.Values.OpenShift.createSCC) }}\n\n# This SCC allows any user ID but restricts capabilties and host access\napiVersion: security.openshift.io/v1\nkind: SecurityContextConstraints\nmetadata:\n annotations:\n kubernetes.io/description: \"allows pod to run as root, privileged and run sysctl\"\n \"helm.sh/hook\": pre-install\n name: {{ .Release.Name }}-privileged-scc\nallowHostDirVolumePlugin: false\nallowHostIPC: false\nallowHostNetwork: false\nallowHostPID: false\nallowHostPorts: false\nallowPrivilegedContainer: true\nallowPrivilegeEscalation: true\nallowedCapabilities: []\nallowedFlexVolumes: []\nallowedUnsafeSysctls: []\ndefaultAddCapabilities: []\ndefaultAllowPrivilegeEscalation: true\nfsGroup:\n type: RunAsAny\nreadOnlyRootFilesystem: false\nrequiredDropCapabilities:\n- KILL\n- MKNOD\n- SETUID\n- SETGID\nrunAsUser:\n type: RunAsAny\n# This can be customized for your host machine\nseLinuxContext:\n type: MustRunAs\n# seLinuxOptions:\n# level:\n# user:\n# role:\n# type:\nsupplementalGroups:\n type: RunAsAny\n# This can be customized for your host machine\nvolumes:\n- configMap\n- downwardAPI\n- emptyDir\n- persistentVolumeClaim\n- projected\n- secret\n# If you want a priority on your SCC -- set for a value more than 0\npriority: 11\nusers:\n{{- if .Values.serviceAccount.name }}\n- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-{{ .Values.serviceAccount.name }}\n{{- else }}\n- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-sonarqube\n{{- end }}\n{{- if .Values.postgresql.securityContext.enabled }}\n- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-postgresql\n{{- end }}\n\n{{- end }}" }, { "path": "charts/sonarqube/templates/tests/sonarqube-test.yaml", "content": "{{- if .Values.tests.enabled -}}\napiVersion: v1\nkind: Pod\nmetadata:\n name: \"{{ .Release.Name }}-ui-test\"\n annotations:\n \"helm.sh/hook\": test-success\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\nspec:\n initContainers:\n - name: \"bats\"\n image: \"bats/bats:1.2.1\"\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n command: [\"bash\", \"-c\"]\n args:\n - |-\n set -ex\n cp -R /opt/bats /tools/bats/\n volumeMounts:\n - mountPath: /tools\n name: tools\n containers:\n - name: {{ .Release.Name }}-ui-test\n image: {{ default \"bitnami/minideb-extras\" .Values.tests.image }}\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n command: [\n \"/tools/bats/bin/bats\",\n \"--tap\",\n \"/tests/run.sh\"]\n volumeMounts:\n - mountPath: /tests\n name: tests\n readOnly: true\n - mountPath: /tools\n name: tools\n volumes:\n - name: tests\n configMap:\n name: {{ template \"sonarqube.fullname\" . }}-tests\n - name: tools\n emptyDir: {{ toYaml .Values.emptyDir | nindent 6 }}\n restartPolicy: Never\n{{- end -}}\n" }, { "path": "charts/sonarqube/templates/tests/test-config.yaml", "content": "{{- if .Values.tests.enabled -}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ template \"sonarqube.fullname\" . }}-tests\n labels:\n app: {{ template \"sonarqube.name\" . }}\n chart: {{ .Chart.Name }}-{{ .Chart.Version | replace \"+\" \"_\" }}\n release: {{ .Release.Name }}\n heritage: {{ .Release.Service }}\ndata:\n run.sh: |-\n @test \"Testing Sonarqube UI is accessible\" {\n curl --connect-timeout 5 --retry 12 --retry-delay 1 --retry-max-time 60 {{ template \"sonarqube.fullname\" . }}:{{ .Values.service.internalPort }}/api/system/status\n }\n{{- end -}}\n" }, { "path": "charts/sonarqube/values.yaml", "content": "# Default values for sonarqube.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\nreplicaCount: 1\n\n # This will use the default deployment strategy unless it is overriden\ndeploymentStrategy: {}\n# Uncomment this to scheduler pods on priority\n# priorityClassName: \"high-priority\"\n\n## Use an alternate scheduler, e.g. \"stork\".\n## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/\n##\n# schedulerName:\n\n## Is this deployment for OpenShift? If so, we help with SCCs\nOpenShift:\n enabled: false\n createSCC: true\n\nimage:\n repository: sonarqube\n tag: 8.9.7-community\n pullPolicy: IfNotPresent\n # If using a private repository, the name of the imagePullSecret to use\n # pullSecret: my-repo-secret\n\n# Set security context for sonarqube pod\nsecurityContext:\n fsGroup: 1000\n\n# Set security context for sonarqube container\ncontainerSecurityContext:\n # Sonarqube dockerfile creates sonarqube user as UID and GID 1000\n runAsUser: 1000\n\n# Settings to configure elasticsearch host requirements\nelasticsearch:\n # DEPRECATED: Use initSysctl.enabled instead\n configureNode: true\n bootstrapChecks: true\n\nservice:\n type: ClusterIP\n externalPort: 9000\n internalPort: 9000\n labels:\n annotations: {}\n # May be used in example for internal load balancing in GCP:\n # cloud.google.com/load-balancer-type: Internal\n # loadBalancerSourceRanges:\n # - 0.0.0.0/0\n # loadBalancerIP: 1.2.3.4\n # You can set the port to be exposed when type is NodePort or LoadBalancer.\n # nodePort: 30000\ningress:\n enabled: false\n # Used to create an Ingress record.\n hosts:\n - name: sonar.organization.com\n # Different clouds or configurations might need /* as the default path\n path: /\n # Only for API version \"networking.k8s.io/v1\"\n # https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types\n pathType: Prefix\n # For additional control over serviceName and servicePort\n # serviceName: someService\n # servicePort: somePort\n annotations: {}\n # kubernetes.io/ingress.class: nginx\n # kubernetes.io/tls-acme: \"true\"\n # This property allows for reports up to a certain size to be uploaded to SonarQube\n # nginx.ingress.kubernetes.io/proxy-body-size: \"8m\"\n\n# Additional labels for Ingress manifest file\n # labels:\n # traffic-type: external\n # traffic-type: internal\n tls: []\n # Secrets must be manually created in the namespace.\n # - secretName: chart-example-tls\n # hosts:\n # - chart-example.local\n\n # className: nginx\n\n# Affinity for pod assignment\n# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\naffinity: {}\n\n# Tolerations for pod assignment\n# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\ntolerations: []\n\n# Node labels for pod assignment\n# Ref: https://kubernetes.io/docs/user-guide/node-selection/\nnodeSelector: {}\n\n# hostAliases allows the modification of the hosts file inside a container\nhostAliases: []\n# - ip: \"192.168.1.10\"\n# hostnames:\n# - \"example.com\"\n# - \"www.example.com\"\n\nreadinessProbe:\n initialDelaySeconds: 60\n periodSeconds: 30\n failureThreshold: 6\n # If an ingress *path* other than the root (/) is defined, it should be reflected here\n # A trailing \"/\" must be included\n sonarWebContext: /\n # sonarWebContext: /sonarqube/\nlivenessProbe:\n initialDelaySeconds: 60\n periodSeconds: 30\n # If an ingress *path* other than the root (/) is defined, it should be reflected here\n # A trailing \"/\" must be included\n sonarWebContext: /\n # sonarWebContext: /sonarqube/\n # If an ingress *path* is defined, it should be reflected here\n # sonar.web.context: /sonarqube\n\ninitContainers:\n # image: busybox:1.32\n # We allow the init containers to have a separate security context declaration because\n # the initContainer may not require the same as SonarQube.\n # securityContext: {}\n # We allow the init containers to have a separate resources declaration because\n # the initContainer does not take as much resources.\n resources: {}\n\nextraInitContainers: {}\n# Extra init containers to e.g. download required artifacts\n# - name: \"prometheus-exporter-downloader\"\n# image: \"busybox\"\n# imagePullPolicy: \"IfNotPresent\"\n# securityContext:\n# runAsNonRoot: true\n# command:\n# - wget\n# - \"-O\"\n# - \"/downloads/jmx_prometheus_javaagent.jar\"\n# - ${JMX_EXPORTER_URL}\n# volumeMounts:\n# - name: \"downloads\"\n# mountPath: \"/downloads\"\n\nextraContainers: []\n## Array of extra containers to run alongside the sonarqube container\n## Example:\n# - name: \"example-container\"\n# image: \"busybox\"\n# imagePullPolicy: Always\n# command: ['sh', '-c', 'tail -f /dev/null']\n\n## Provide a secret containing one or more certificate files in the keys that will be added to cacerts\n## The cacerts file will be set via SONARQUBE_WEB_JVM_OPTS and SONAR_CE_JAVAOPTS\n##\n# caCerts:\n # image: adoptopenjdk/openjdk11:alpine\n # secret: my-secret\n\ninitSysctl:\n enabled: true\n vmMaxMapCount: 524288\n fsFileMax: 131072\n nofile: 131072\n nproc: 8192\n # image: busybox:1.32\n securityContext:\n privileged: true\n # resources: {}\n\n# List of plugins to install.\n# For example:\n# plugins:\n# install:\n# - \"https://github.com/AmadeusITGroup/sonar-stash/releases/download/1.3.0/sonar-stash-plugin-1.3.0.jar\"\n# - \"https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar\"\nplugins:\n install: []\n lib: []\n\n # For use behind a corporate proxy when downloading plugins\n # httpProxy: \"\"\n # httpsProxy: \"\"\n # noProxy: \"\"\n\n # image: rjkernick/alpine-wget:latest\n # resources: {}\n\n # .netrc secret file with a key \"netrc\" to use basic auth while downloading plugins\n # netrcCreds: \"\"\n\n # Set to true to not validate the server's certificate to download plugin\n noCheckCertificate: false\n\n## Values to add to SONARQUBE_WEB_JVM_OPTS\n##\n# jvmOpts: \"-Djava.net.preferIPv4Stack=true\"\njvmOpts: \"\"\n\n## Environment variables to attach to the pods\n##\n# env:\n# - name: VARIABLE\n# value: my-value\n\n# Set annotations for pods\nannotations: {}\n\nresources: {}\n# We usually recommend not to specify default resources and to leave this as a conscious\n# choice for the user. This also increases chances charts run on environments with little\n# resources, such as Minikube. If you do want to specify resources, uncomment the following\n# lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n# limits:\n# cpu: 100m\n# memory: 128Mi\n# requests:\n# cpu: 100m\n# memory: 128Mi\npersistence:\n enabled: false\n ## Set annotations on pvc\n annotations: {}\n\n ## Specify an existing volume claim instead of creating a new one.\n ## When using this option all following options like storageClass, accessMode and size are ignored.\n # existingClaim:\n\n ## If defined, storageClassName: \n ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n ## If undefined (the default) or set to null, no storageClassName spec is\n ## set, choosing the default provisioner. (gp2 on AWS, standard on\n ## GKE, AWS & OpenStack)\n ##\n storageClass:\n accessMode: ReadWriteOnce\n size: 10Gi\n\n ## Specify extra volumes. Refer to \".spec.volumes\" specification : https://kubernetes.io/fr/docs/concepts/storage/volumes/\n volumes: []\n ## Specify extra mounts. Refer to \".spec.containers.volumeMounts\" specification : https://kubernetes.io/fr/docs/concepts/storage/volumes/\n mounts: []\n\n# In case you want to specify different resources for emptyDir than {}\nemptyDir: {}\n # Example of resouces that might be used:\n # medium: Memory\n # sizeLimit: 16Mi\n\n# A custom sonar.properties file can be provided via dictionary.\n# For example:\n# sonarProperties:\n# sonar.forceAuthentication: true\n# sonar.security.realm: LDAP\n# ldap.url: ldaps://organization.com\n\n# Additional sonar properties to load from a secret with a key \"secret.properties\" (must be a string)\n# sonarSecretProperties:\n\n# Kubernetes secret that contains the encryption key for the sonarqube instance.\n# The secret must contain the key 'sonar-secret.txt'.\n# The 'sonar.secretKeyPath' property will be set automatically.\n# sonarSecretKey: \"settings-encryption-secret\"\n\n## JDBC Database Type; by default postgresql. To use a different Database type, adjust\njdbcDatabaseType: postgresql\n\ncreatePostgresqlSecret: true\n# create the postgresql secret in Sonarqube chart, outside of the postgresql chart.\n\n## Override JDBC URL\n# jdbcUrlOverride: \"jdbc:postgresql://myPostgress/myDatabase;socketTimeout=1500\"\n\n## Configuration values for postgresql dependency\n## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md\npostgresql:\n # Enable to deploy the PostgreSQL chart\n enabled: true\n # To use an external PostgreSQL instance, set enabled to false and uncomment\n # the line below:\n # postgresqlServer: \"\"\n # To use an external secret for the password for an external PostgreSQL\n # instance, set enabled to false and provide the name of the secret on the\n # line below:\n postgresqlUsername: \"sonarUser\"\n postgresqlPassword: \"\"\n postgresqlDatabase: \"sonarDB\"\n existingSecret: sonar-postgresql\n # This is the full name of the secret that will be created\n secretKey: postgresql-password\n # Specify the TCP port that PostgreSQL should use\n service:\n port: 5432\n resources:\n limits:\n cpu: 2\n memory: 2Gi\n requests:\n cpu: 100m\n memory: 200Mi\n persistence:\n enabled: true\n accessMode: ReadWriteOnce\n size: 20Gi\n storageClass:\n securityContext:\n # For standard Kubernetes deployment, set enabled=true\n # If using OpenShift, enabled=false for restricted SCC and enabled=true for anyuid/nonroot SCC\n enabled: true\n # fsGroup and runAsUser specifications below are not applied if enabled=false. enabled=false is the required setting for OpenShift \"restricted SCC\" to work successfully.\n # postgresql dockerfile sets user as 1001\n fsGroup: 1001\n runAsUser: 1001\n volumePermissions:\n # For standard Kubernetes deployment, set enabled=false\n # For OpenShift, set enabled=true and ensure to set volumepermissions.securitycontext.runAsUser below.\n enabled: false\n # if using restricted SCC set runAsUser: \"auto\" and if running under anyuid/nonroot SCC - runAsUser needs to match runAsUser above\n securityContext:\n runAsUser: 0\n shmVolume:\n chmod:\n enabled: false\n serviceAccount:\n ## If enabled = true, and name is not set, postgreSQL will create a serviceAccount\n enabled: false\n# name:\n\n# Additional labels to add to the pods:\n# podLabels:\n# key: value\npodLabels: {}\n# For compatibility with 8.0 replace by \"/opt/sq\"\n# For compatibility with 8.2, leave the default. They changed it back to /opt/sonarqube\nsonarqubeFolder: /opt/sonarqube\n\ntests:\n enabled: true\n # image: bitnami/minideb-extras\n\nserviceAccount:\n create: false\n # name:\n ## Annotations for the Service Account\n annotations: {}\n\n# extraConfig is used to load Environment Variables from Secrets and ConfigMaps\n# which may have been written by other tools, such as external orchestrators.\n#\n# These Secrets/ConfigMaps are expected to contain Key/Value pairs, such as:\n#\n# apiVersion: v1\n# kind: ConfigMap\n# metadata:\n# name: external-sonarqube-opts\n# data:\n# SONARQUBE_JDBC_USERNAME: foo\n# SONARQUBE_JDBC_URL: jdbc:postgresql://db.example.com:5432/sonar\n#\n# These vars can then be injected into the environment by uncommenting the following:\n#\n# extraConfig:\n# configmaps:\n# - external-sonarqube-opts\n\nextraConfig:\n secrets: []\n configmaps: []\n\n# account:\n# adminPassword: admin\n# currentAdminPassword: admin\n# curlContainerImage: curlimages/curl:latest\n# adminJobAnnotations: {}\n\nterminationGracePeriodSeconds: 60\n" }, { "path": "charts/sonatype-nexus/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n# OWNERS file for Kubernetes\nOWNERS\n*.tar\n" }, { "path": "charts/sonatype-nexus/Chart.yaml", "content": "apiVersion: v1\nname: sonatype-nexus\nversion: 5.5.0\nappVersion: 3.38.1\ndescription: Sonatype Nexus is an open source repository manager\nkeywords:\n - artifacts\n - dependency\n - management\n - sonatype\n - nexus\n - repository\nhome: https://www.sonatype.com/nexus-repository-oss\nicon: https://www.sonatype.com/hubfs/2021%20Design%20System/Logo_vert@2x.png\nsources:\n - https://github.com/sonatype/nexus-public\n - https://github.com/travelaudience/docker-nexus\n - https://github.com/travelaudience/kubernetes-nexus\n - https://github.com/travelaudience/docker-nexus-backup\n - https://github.com/dbccompany/docker-nexus-backup\ndeprecated: true\n" }, { "path": "charts/sonatype-nexus/README.md", "content": "# Nexus\n\n***This chart has been deprecated, please use one of the other helm charts below***\n\n## Alternative Helm Charts\n\n* [Sonatype's Chart](https://github.com/sonatype/helm3-charts)\n* [PlatformOne's chart](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus)\n* [Artifact Hub](https://artifacthub.io)\n\n## Nexus information\n\n[Nexus OSS](https://www.sonatype.com/nexus-repository-oss) is a free open source repository manager. It supports a wide range of package formats and it's used by hundreds of tech companies.\n\n## Introduction\n\nThis chart bootstraps a Nexus OSS deployment on a cluster using Helm.\nThis setup is best configured in [GCP](https://cloud.google.com/) since:\n\n- [google cloud storage](https://cloud.google.com/storage/) is used for backups\n- [NEW: Rclone](https://rclone.org/) it uses Rclone to create backups, basically compatible with all the major clouds.\n- [GCE Ingress controller](https://github.com/kubernetes/ingress/blob/master/docs/faq/gce.md) is used for using a pre-allocated static IP in GCE.\n\nThere is also the option of using a [proxy for Nexus](https://github.com/travelaudience/nexus-proxy) that authenticates Nexus against an external identity provider (only GCP IAM at the moment) which is **disabled** by default.\n\n## Prerequisites\n\n- Kubernetes 1.15+ with Beta APIs enabled\n- PV provisioner support in the underlying infrastructure\n- [Fulfill Nexus kubernetes requirements](https://github.com/travelaudience/kubernetes-nexus#pre-requisites)\n\n### With GCP IAM enabled\n\nAll the [Prerequisites](#Prerequisites) should be in place, plus:\n\n- [Fulfill GCP IAM requirements](https://github.com/travelaudience/kubernetes-nexus/blob/master/docs/admin/configuring-nexus-proxy.md#pre-requisites)\n\n## Testing the Chart\n\nTo test the chart:\n\n```bash\nhelm install --dry-run --debug ./\n```\n\nTo test the chart with your own values:\n\n```bash\nhelm install --dry-run --debug -f my_values.yaml ./\n```\n\n## Installing the Chart\n\nTo install the chart:\n\n```bash\nhelm repo add oteemocharts https://oteemo.github.io/charts\nhelm install sonatype-nexus oteemocharts/sonatype-nexus\n```\n\nThe above command deploys Nexus on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.\n\nThe default login is admin/admin123\n\n## Uninstalling the Chart\n\nTo uninstall/delete the deployment:\n\n```bash\n$ helm list\nNAME REVISION UPDATED STATUS CHART NAMESPACE\nplinking-gopher 1 Fri Sep 1 13:19:50 2017 DEPLOYED sonatype-nexus-0.1.0 default\n$ helm delete plinking-gopher\n```\n\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n\n## Official Nexus image vs TravelAudience\n\nThere are known issues with backups on the official image. If you want to swap in the official image, just override the values when installing the chart. Please note that backups will not work as expected with the official image.\n\n- [https://issues.sonatype.org/browse/NEXUS-23442](https://issues.sonatype.org/browse/NEXUS-23442)\n- [https://github.com/travelaudience/docker-nexus](https://github.com/travelaudience/docker-nexus)\n\n## Configuration\n\nThe following table lists the configurable parameters of the Nexus chart and their default values.\n\n| Parameter | Description | Default |\n| ------------------------------------------------------------ | ---------------------------------- | ----------------------------------------|\n| `namespaceOverride` | Override for namespace | `nil` |\n| `statefulset.enabled` | Use statefulset instead of deployment | `false` |\n| `replicaCount` | Number of Nexus service replicas | `1` |\n| `deploymentStrategy` | Deployment Strategy | `rollingUpdate` |\n| `initAdminPassword.enabled` | Enable initialization of admin password on Helm install | `false` |\n| `initAdminPassword.defaultPasswordOverride` | Override the default admin password | `nil` |\n| `initAdminPassword.password` | Admin password to be set | `admin321` |\n| `nexus.imageName` | Nexus image | `quay.io/travelaudience/docker-nexus` |\n| `nexus.imageTag` | Version of Nexus | `3.25.1` |\n| `nexus.imagePullPolicy` | Nexus image pull policy | `IfNotPresent` |\n| `nexus.imagePullSecret` | Secret to download Nexus image from private registry | `nil` |\n| `nexus.env` | Nexus environment variables | `[{install4jAddVmParams: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` |\n| `nexus.resources` | Nexus resource requests and limits | `{}` |\n| `nexus.dockerPort` | Port to access docker | `5003` |\n| `nexus.nexusPort` | Internal port for Nexus service | `8081` |\n| `nexus.additionalPorts` | expose additional ports | `[]` |\n| `nexus.service.type` | Service for Nexus | `NodePort` |\n| `nexus.service.clusterIp` | Specific cluster IP when service type is cluster IP. Use None for headless service |`nil` |\n| `nexus.service.loadBalancerIP` | Custom loadBalancerIP |`nil` |\n| `nexus.securityContextEnabled` | Security Context (for enabling official image use `fsGroup: 200`) | `{}` |\n| `nexus.labels` | Service labels | `{}` |\n| `nexus.podAnnotations` | Pod Annotations | `{}`\n| `nexus.livenessProbe.initialDelaySeconds` | LivenessProbe initial delay | 30 |\n| `nexus.livenessProbe.periodSeconds` | Seconds between polls | 30 |\n| `nexus.livenessProbe.failureThreshold` | Number of attempts before failure | 6 |\n| `nexus.livenessProbe.timeoutSeconds` | Time in seconds after liveness probe times out | `nil` |\n| `nexus.livenessProbe.path` | Path for LivenessProbe | / |\n| `nexus.readinessProbe.initialDelaySeconds` | ReadinessProbe initial delay | 30 |\n| `nexus.readinessProbe.periodSeconds` | Seconds between polls | 30 |\n| `nexus.readinessProbe.failureThreshold` | Number of attempts before failure | 6 |\n| `nexus.readinessProbe.timeoutSeconds` | Time in seconds after readiness probe times out | `nil` |\n| `nexus.readinessProbe.path` | Path for ReadinessProbe | / |\n| `nexus.startupProbe.initialDelaySeconds` | StartupProbe initial delay | 30 |\n| `nexus.startupProbe.periodSeconds` | Seconds between polls | 30 |\n| `nexus.startupProbe.failureThreshold` | Number of attempts before failure | 6 |\n| `nexus.startupProbe.timeoutSeconds` | Time in seconds after startup probe times out | `nil` |\n| `nexus.startupProbe.path` | Path for StartupProbe | / |\n| `nexus.hostAliases` | Aliases for IPs in /etc/hosts | [] |\n| `nexus.context` | Non-root path to run Nexus at | `nil` |\n| `nexus.chownNexusData` | Set false to not execute chown to the mounted nexus-data directory at startup | `true` |\n| `nexus.terminationGracePeriodSeconds` | Let Nexus terminate gracefully [More informations here](#graceful-shutdown-with-terminationGracePeriodSeconds). | `nil` |\n| `nexusProxy.enabled` | Enable nexus proxy | `true` |\n| `nexusProxy.svcName` | Nexus proxy service name | `nil` |\n| `nexusProxy.targetPort` | Container Port for Nexus proxy | `8080` |\n| `nexusProxy.port` | Port for exposing Nexus | `8080` |\n| `nexusProxy.imageName` | Proxy image | `quay.io/travelaudience/docker-nexus-proxy` |\n| `nexusProxy.imageTag` | Proxy image version | `2.6.0` |\n| `nexusProxy.imagePullPolicy` | Proxy image pull policy | `IfNotPresent` |\n| `nexusProxy.resources` | Proxy resource requests and limits | `{}` |\n| `nexusProxy.env.nexusHttpHost` | Nexus url to access Nexus | `nil` |\n| `nexusProxy.env.nexusDockerHost` | Containers url to be used with docker | `nil` |\n| `nexusProxy.env.enforceHttps` | Allow only https access or not | `false` |\n| `nexusProxy.env.cloudIamAuthEnabled` | Enable GCP IAM authentication in Nexus proxy | `false` |\n| `nexusProxyRoute.enabled` | Set to true to create route for additional service | `false` |\n| `nexusProxyRoute.labels` | Labels to be added to proxy route | `{}` |\n| `nexusProxyRoute.annotations` | Annotations to be added to proxy route | `{}` |\n| `nexusProxyRoute.path` | Host name of Route e.g jenkins.example.com | nil |\n| `persistence.enabled` | Create a volume for storage | `true` |\n| `persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` |\n| `persistence.storageClass` | Storage class of Nexus PVC | `nil` |\n| `persistence.storageSize` | Size of Nexus data volume | `8Gi` |\n| `persistence.annotations` | Persistent Volume annotations | `{}` |\n| `persistence.existingClaim` | Existing PVC name | `nil` |\n| `nexusBackup.enabled` | Nexus backup process | `false` |\n| `nexusBackup.imageName` | Nexus backup image | `dbcc/docker-nexus-backup` |\n| `nexusBackup.imageTag` | Nexus backup image version | `0.0.1` |\n| `nexusBackup.imagePullPolicy` | Backup image pull policy | `IfNotPresent` |\n| `nexusBackup.env.rcloneRemote` | Required if `nexusBackup` is enabled. Name of the Rclone remote as defined in the `rcloneConfig` entry. Example: `AWS` | `nil` |\n| `nexusBackup.env.targetBucket` | Required if `nexusBackup` is enabled. Name of the target bucket or bucket/path. Example: `my_bucket` or `my_bucket/my_folder` | `nil` |\n| `nexusBackup.env.streamingUploadCutoff` | Size of the data chunks to send to the Rclone remote, this value affects the maximum size of the backup file to upload. | `\"5000000\"` |\n| `nexusBackup.env.nexusAuthorization` | If set, `nexusBackup.nexusAdminPassword` will be disregarded. | `nil` |\n| `nexusBackup.env.offlineRepos` | Space separated list of repositories must be taken down to achieve a consistent backup. | `\"maven-central maven-public maven-releases maven-snapshots\"` |\n| `nexusBackup.env.gracePeriod` | The amount of time in seconds to wait between stopping repositories and starting the upload. | `60` |\n| `nexusBackup.nexusAdminPassword` | Nexus admin password used by the backup container to access Nexus API. This password should match the one that gets chosen by the user to replace the default admin password after the first login | `admin123` |\n| `nexusBackup.persistence.enabled` | Create a volume for backing Nexus configuration | `true` |\n| `nexusBackup.persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` |\n| `nexusBackup.persistence.storageClass` | Storage class of Nexus backup PVC | `nil` |\n| `nexusBackup.persistence.storageSize` | Size of Nexus backup data volume | `8Gi` |\n| `nexusBackup.persistence.annotations` | PV annotations for backup | `{}` |\n| `nexusBackup.persistence.existingClaim` | Existing PVC name for backup | `nil` |\n| `nexusBackup.resources` | Backup resource requests and limits | `{}` |\n| `nexusBackup.rcloneConfig.rclone.conf` | Rclone remote configuration, can be generated using the `rclone config` command, or using docker: `docker run -it --rm rclone/rclone config` | `[AWS]`
`type = s3`
`provider = AWS`
`env_auth = true`
`region = us-east-1`
`acl = authenticated-read` |\n| `nexusCloudiam.enabled` | Nexus Cloud IAM service account key path | `false` |\n| `nexusCloudiam.persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` |\n| `nexusCloudiam.persistence.annotations` | PV annotations for Cloud IAM service account key path | `{}` |\n| `nexusCloudiam.persistence.enabled` | Create a volume for Cloud IAM service account key path | `true` |\n| `nexusCloudiam.persistence.existingClaim` | Existing PVC name for Cloud IAM service account key path | `nil` |\n| `nexusCloudiam.persistence.storageClass` | Storage class of Cloud IAM service account path PVC | `nil` |\n| `nexusCloudiam.persistence.storageSize` | Size of Cloud IAM service account path volume | `8Gi` |\n| `ingress.enabled` | Create an ingress for Nexus | `false` |\n| `ingress.annotations` | Annotations to enhance ingress configuration | `{}` |\n| `ingress.tls.enabled` | Enable TLS | `true` |\n| `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` |\n| `ingress.tls.hosts` | Custom TLS hosts configuration | `{}` |\n| `ingress.path` | Path for ingress rules. GCP users should set to `/*` | `/` |\n| `ingressDocker.enabled` | Create an ingress for Docker registry | `false` |\n| `ingressDocker.annotations` | Annotations to enhance docker ingress configuration | `{}` |\n| `ingressDocker.tls.enabled` | Enable TLS | `true` |\n| `ingressDocker.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` |\n| `ingressDocker.tls.hosts` | Custom TLS hosts configuration | `{}` |\n| `ingressDocker.path` | Path for docker ingress rules. GCP users should set to `/*` | `/` |\n| `tolerations` | tolerations list | `[]` |\n| `config.enabled` | Enable configmap | `false` |\n| `config.mountPath` | Path to mount the config | `/sonatype-nexus-conf` |\n| `config.data` | Configmap data | `nil` |\n| `deployment.annotations` | Annotations to enhance deployment configuration | `{}` |\n| `deployment.initContainers` | Init containers to run before main containers | `nil` |\n| `deployment.postStart.command` | Command to run after starting the nexus container | `nil` |\n| `deployment.additionalContainers` | Add additional Container | `nil` |\n| `deployment.additionalVolumes` | Add additional Volumes | `nil` |\n| `deployment.additionalVolumeMounts` | Add additional Volume mounts | `nil` |\n| `secret.enabled` | Enable secret | `false` |\n| `secret.mountPath` | Path to mount the secret | `/etc/secret-volume` |\n| `secret.readOnly` | Secret readonly state | `true` |\n| `secret.data` | Secret data to add to secret. If nil then expects that a secret by name of `${.Values.nameOverride}-secret` or `${.Chart.Name}-secret` exists | `nil` |\n| `service.enabled` | Enable additional service | `nil` |\n| `service.name` | Service name | `nil` |\n| `service.portName` | Service port name | `nil` |\n| `service.labels` | Service labels | `nil` |\n| `service.annotations` | Service annotations | `nil` |\n| `service.loadBalancerSourceRanges` | Service LoadBalancer source IP whitelist | `nil` |\n| `service.loadBalancerIP` | Custom loadBalancerIP |`nil` |\n| `service.targetPort` | Service port | `nil` |\n| `service.port` | Port for exposing service | `nil` |\n| `serviceAccount.create` | Automatically create a service account | `true` |\n| `serviceAccount.name` | Service account to use | `nil` |\n| `serviceAccount.annotations` | Service account annotations | `nil` |\n| `rbac.create` | Creates a ClusterRoleBinding attached to the Service account. | `false` |\n| `rbac.roleRef` | ClusterRoleBinding field `roleRef` content. See examples [here](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-example). | `nil` |\n| `rbac.annotations` | ClusterRoleBinding annotations. | `nil` |\n| `route.enabled` | Set to true to create route for additional service | `false` |\n| `route.name` | Name of route | `docker` |\n| `route.portName` | Target port name of service | `docker` |\n| `route.labels` | Labels to be added to route | `{}` |\n| `route.annotations` | Annotations to be added to route | `{}` |\n| `route.path` | Host name of Route e.g jenkins.example.com | nil |\n| `additionalConfigMaps` | List of ConfigMap data containing Name, Data and Labels | nil |\n\nIf `nexusProxy.env.cloudIamAuthEnabled` is set to `true` the following variables need to be configured\n\n| Parameter | Description | Default |\n| ----------------------------- | ---------------------------------- | ---------------------------------------------------- |\n| `nexusProxy.env.clientId` | GCP OAuth client ID | `nil` |\n| `nexusProxy.env.clientSecret` | GCP OAuth client Secret | `nil` |\n| `nexusProxy.env.organizationId` | GCP organization ID | `nil` |\n| `nexusProxy.env.redirectUrl` | OAuth callback url. example `https://nexus.example.com/oauth/callback` | `nil` |\n| `nexusProxy.env.requiredMembershipVerification` | Whether users presenting valid JWT tokens must still be verified for membership within the GCP organization. | `true` |\n| `nexusProxy.secrets.keystore` | base-64 encoded value of the keystore file needed for the proxy to sign user tokens. Example: cat keystore.jceks | base64 | `nil` |\n| `nexusProxy.secrets.password` | Password to the Java Keystore file | `nil` |\n\n```bash\nhelm install --set persistence.enabled=false my-release oteemocharts/sonatype-nexus\n```\n\nThe above example turns off the persistence. Data will not be kept between restarts or deployments\n\nAlternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,\n\n```bash\nhelm install -f my-values.yaml sonatype-nexus oteemocharts/sonatype-nexus\n```\n\n### Persistence\n\nBy default a PersistentVolumeClaim is created and mounted into the `/nexus-data` directory. In order to disable this functionality\nyou can change the `values.yaml` to disable persistence which will use an `emptyDir` instead.\n\n> *\"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever.\"*\n\nYou must enable StatefulSet (`statefulset.enabled=true`) for true data persistence. If using Deployment approach, you can not recover data after restart or delete of helm chart. Statefulset will make sure that it picks up the same old volume which was used by the previous life of the nexus pod, helping you recover your data. When enabling statefulset, its required to enable the persistence.\n\n### Recommended settings\n\nAs a minimum for running in production, the following settings are advised:\n\n```yaml\nnexusProxy:\n env:\n nexusDockerHost: container.example.com\n nexusHttpHost: nexus.example.com\n\nnexusBackup:\n env:\n targetBucket: \"gs://my-nexus-backup\"\n persistence:\n storageClass: standard\n\ningress:\n enabled: true\n annotations:\n kubernetes.io/ingress.class: gce\n kubernetes.io/tls-acme: true\n\npersistence:\n storageClass: standard\n storageSize: 1024Gi\n\nresources:\n requests:\n cpu: 250m\n # Based on https://support.sonatype.com/hc/en-us/articles/115006448847#mem\n # and https://twitter.com/analytically/status/894592422382063616:\n # Xms == Xmx\n # Xmx <= 4G\n # MaxDirectMemory >= 2G\n # Xmx + MaxDirectMemory <= RAM * 2/3 (hence the request for 4800Mi)\n # MaxRAMFraction=1 is not being set as it would allow the heap\n # to use all the available memory.\n memory: 4800Mi\n```\n\n### Using GCP Storage for Backup\n\nIrrespective of whether Nexus is deployed to Google's GKE, or to some other k8s installation, it is possible to configure the [nexus-backup](https://github.com/travelaudience/docker-nexus-backup) container to backup to GCP Cloud Storage.\nThis makes for a cost effective solution for backups.\n\nTo enable, add the following key to the values file:\n\n```yaml\nnexusCloudiam:\n enabled: true\n```\n\nYou should also deploy Nexus as a stateful app, rather than a deployment.\nThat means also adding:\n \n```yaml\nstatefulset:\n enabled: true\n```\n\nDeploying the chart now will result in a new PV and PVC within the pod that runs the containers.\n\nCreate a service account with privileges to upload to your GCP bucket, and creaet a key for this service account.\nDownload that service account key as a file, call it `service-account-key.json`.\n\nThis file now needs to be made available to the pod running in k8s, and should be called `/nexus-data/cloudiam/service-account-key.json`.\nHow this is done will depend upon the storage class used for the PV.\n\nConfirm that the service account file is available to the pod, using:\n \n kubectl exec --stdin --tty \\\n --container nexus-backup \\\n sonatype-nexus-0 \\\n -- find /nexus-data/cloudiam -type f\n\nYou might need to scale the deployment to zero and back up to pick up the changes:\n\n kubectl scale --replicas=0 statefulset.apps/sonatype-nexus\n kubectl scale --replicas=1 statefulset.apps/sonatype-nexus\n\n### Graceful shutdown with terminationGracePeriodSeconds\nCustomizing terminationGracePeriodSeconds maybe helpful to prevent Orientdb corruption during stop/start actions(eg : upgrade). \n**WARNING** : It has no effect with the [default image of this chart](https://quay.io/repository/travelaudience/docker-nexus?tag=latest&tab=tags) because of this [issue](https://github.com/travelaudience/docker-nexus/issues/56) \nHowever it can be useful when you switch to the official image [here](https://hub.docker.com/r/sonatype/nexus3/tags?page=1&ordering=last_updated)\n\n\n## After Installing the Chart\n\nAfter installing the chart a couple of actions need still to be done in order to use nexus. Please follow the instructions below.\n\n### Nexus Configuration\n\nThe following steps need to be executed in order to use Nexus:\n\n- [Configure Nexus](https://github.com/travelaudience/kubernetes-nexus/blob/master/docs/admin/configuring-nexus.md)\n- [Configure Backups](https://github.com/travelaudience/kubernetes-nexus/blob/master/docs/admin/configuring-nexus.md#configure-backup)\n\nand if GCP IAM authentication is enabled, please also check:\n\n- [Enable GCP IAM authentication in Nexus](https://github.com/travelaudience/kubernetes-nexus/blob/master/docs/admin/configuring-nexus-proxy.md#enable-gcp-iam-auth)\n\n### Nexus Usage\n\nTo see how to use Nexus with different tools like Docker, Maven, Python, and so on please check:\n\n- [Nexus Usage](https://github.com/travelaudience/kubernetes-nexus#usage)\n\n### Disaster Recovery\n\nIn a disaster recovery scenario, the latest backup made by the nexus-backup container should be restored. In order to achieve this please follow the procedure described below:\n\n- [Restore Backups](https://github.com/travelaudience/kubernetes-nexus#restore)\n" }, { "path": "charts/sonatype-nexus/templates/NOTES.txt", "content": "- To access Nexus:\n\n NOTE: It may take a few minutes for the ingress load balancer to become available or the backends to become HEALTHY.\n You can watch the status of the backends by running:\n `kubectl get ingress -o jsonpath='{.items[*].metadata.annotations.ingress\\.kubernetes\\.io/backends}'`\n\n To access Nexus you can check:\n {{- if .Values.nexusProxy.env.enforceHttps }}\n https://{{ .Values.nexusProxy.env.nexusHttpHost }}\n {{- else }}\n http://{{ .Values.nexusProxy.env.nexusHttpHost }}\n {{- end }}\n\n- Login with the following credentials\n\n username: admin\n {{- if .Values.initAdminPassword.enabled }}\n password: {{ .Values.initAdminPassword.password }}\n {{- else }}\n password: {{ .Values.nexusBackup.nexusAdminPassword }}\n {{- end }}\n\n{{- if .Values.initAdminPassword.enabled }}\n- Change Your password after the first login\n\n {{- if .Values.nexusBackup.enabled }}\n Once you login you should change your admin password to match the value of `nexusBackup.env.nexusAdminPassword`\n This is important for security reasons and also because backup container needs this password set for admin user\n to access Nexus API to run backups.\n {{- end }}\n{{- end }}\n- Next steps in configuration\n\n Please follow the link below to the README for nexus configuration, usage, backups and DR info:\n https://github.com/Oteemo/charts/tree/master/charts/sonatype-nexus#after-installing-the-chart\n" }, { "path": "charts/sonatype-nexus/templates/_helpers.tpl", "content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"nexus.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"nexus.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nAllow the release namespace to be overridden for multi-namespace deployments in combined charts.\n*/}}\n{{- define \"nexus.namespace\" -}}\n {{- if .Values.namespaceOverride -}}\n {{- .Values.namespaceOverride -}}\n {{- else -}}\n {{- .Release.Namespace -}}\n {{- end -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified name for proxy keystore secret.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\n*/}}\n{{- define \"nexus.proxy-ks.name\" -}}\n{{- printf \"%s-%s\" (include \"nexus.fullname\" .) \"proxy-ks\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/* Manage the labels for each entity */}}\n{{- define \"nexus.labels\" -}}\napp: {{ template \"nexus.name\" . }}\nfullname: {{ template \"nexus.fullname\" . }}\nchart: {{ .Chart.Name }}\nrelease: {{ .Release.Name }}\nheritage: {{ .Release.Service }}\n{{- end -}}\n\n{{/*\nCreate a fully qualified name for docker ingress.\n*/}}\n{{- define \"nexus.ingress.docker\" -}}\n{{- printf \"%s-%s\" (include \"nexus.fullname\" .) \"docker\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n" }, { "path": "charts/sonatype-nexus/templates/adtl-configmap.yaml", "content": "{{ $root := . }}\n{{- if .Values.additionalConfigMaps }}\n{{- range $cm := .Values.additionalConfigMaps }}\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ $cm.name }}\n namespace: {{ template \"nexus.namespace\" $root }}\n labels:\n{{ include \"nexus.labels\" $root | indent 4 }}\n{{- if $.Values.nexus.labels }}\n{{ toYaml $.Values.nexus.labels | indent 4 }}\n{{- end }}\n{{- if $cm.labels }}\n{{ toYaml $cm.labels | indent 4 }}\n{{- end }}\ndata:\n{{ toYaml $cm.data | indent 2 }}\n{{- end }}\n{{- end }}\n\n" }, { "path": "charts/sonatype-nexus/templates/backup-pv.yaml", "content": "{{- if and .Values.nexusBackup.enabled (not .Values.statefulset.enabled) }}\n{{- if .Values.nexusBackup.persistence.pdName -}}\napiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: {{ .Values.nexusBackup.persistence.pdName }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\nspec:\n capacity:\n storage: {{ .Values.nexusBackup.persistence.storageSize }}\n accessModes:\n - ReadWriteOnce\n claimRef:\n name: {{ template \"nexus.fullname\" . }}-backup\n namespace: {{ .Release.Namespace }}\n gcePersistentDisk:\n pdName: {{ .Values.nexusBackup.persistence.pdName }}\n fsType: {{ .Values.nexusBackup.persistence.fsType }}\n{{- end }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/backup-pvc.yaml", "content": "{{- if and .Values.nexusBackup.enabled (not .Values.statefulset.enabled) }}\n{{- if and .Values.nexusBackup.persistence.enabled (not .Values.nexusBackup.persistence.existingClaim) }}\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: {{ template \"nexus.fullname\" . }}-backup\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\n{{- if .Values.nexusBackup.persistence.annotations }}\n annotations:\n{{ toYaml .Values.nexusBackup.persistence.annotations | indent 4 }}\n{{- end }}\nspec:\n accessModes:\n - {{ .Values.nexusBackup.persistence.accessMode }}\n resources:\n requests:\n storage: {{ .Values.nexusBackup.persistence.storageSize | quote }}\n{{- if .Values.nexusBackup.persistence.storageClass }}\n{{- if (eq \"-\" .Values.nexusBackup.persistence.storageClass) }}\n storageClassName: \"\"\n{{- else }}\n storageClassName: \"{{ .Values.nexusBackup.persistence.storageClass }}\"\n{{- end }}\n{{- end }}\n{{- end }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/backup-secret.yaml", "content": "{{- if and .Values.nexusBackup.enabled (not .Values.nexusBackup.env.nexusAuthorization) }}\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ template \"nexus.fullname\" . }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\ntype: Opaque\ndata:\n nexus.nexusAdminPassword: {{ printf \"%s%s\" \"Basic \" (printf \"%s%s\" \"admin:\" .Values.nexusBackup.nexusAdminPassword | b64enc) | cat | b64enc | quote }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/cloudiam-pv.yaml", "content": "{{- if and .Values.nexusCloudiam.enabled (not .Values.statefulset.enabled) }}\n{{- if .Values.nexusCloudiam.persistence.pdName -}}\napiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: {{ .Values.nexusCloudiam.persistence.pdName }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\nspec:\n capacity:\n storage: {{ .Values.nexusCloudiam.persistence.storageSize }}\n accessModes:\n - ReadWriteOnce\n claimRef:\n name: {{ template \"nexus.fullname\" . }}-cloudiam\n namespace: {{ .Release.Namespace }}\n gcePersistentDisk:\n pdName: {{ .Values.nexusCloudiam.persistence.pdName }}\n fsType: {{ .Values.nexusCloudiam.persistence.fsType }}\n{{- end }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/cloudiam-pvc.yaml", "content": "{{- if and .Values.nexusCloudiam.enabled (not .Values.statefulset.enabled) }}\n{{- if and .Values.nexusCloudiam.persistence.enabled (not .Values.nexusCloudiam.persistence.existingClaim) }}\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: {{ template \"nexus.fullname\" . }}-cloudiam\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\n{{- if .Values.nexusCloudiam.persistence.annotations }}\n annotations:\n{{ toYaml .Values.nexusCloudiam.persistence.annotations | indent 4 }}\n{{- end }}\nspec:\n accessModes:\n - {{ .Values.nexusCloudiam.persistence.accessMode }}\n resources:\n requests:\n storage: {{ .Values.nexusCloudiam.persistence.storageSize | quote }}\n{{- if .Values.nexusCloudiam.persistence.storageClass }}\n{{- if (eq \"-\" .Values.nexusCloudiam.persistence.storageClass) }}\n storageClassName: \"\"\n{{- else }}\n storageClassName: \"{{ .Values.nexusCloudiam.persistence.storageClass }}\"\n{{- end }}\n{{- end }}\n{{- end }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/clusterrolebinding.yaml", "content": "{{- if .Values.rbac.create -}}\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: {{ template \"nexus.fullname\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- with .Values.rbac.annotations }}\n annotations:\n{{ toYaml . | indent 4 }}\n{{- end }}\nroleRef:\n{{- with .Values.rbac.roleRef }}\n{{ toYaml . | indent 2 }}\n{{- end }}\nsubjects:\n- kind: ServiceAccount\n {{- if .Values.serviceAccount.name }}\n name: {{ .Values.serviceAccount.name }}\n {{- else }}\n name: {{ template \"nexus.fullname\" . }}\n {{- end }}\n namespace: {{ template \"nexus.namespace\" . }}\n{{- end -}}" }, { "path": "charts/sonatype-nexus/templates/configmap.yaml", "content": "{{- if .Values.config.enabled -}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ template \"nexus.name\" . }}-conf\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\ndata:\n{{ toYaml .Values.config.data | indent 2 }}\n{{- end }}" }, { "path": "charts/sonatype-nexus/templates/deployment-statefulset.yaml", "content": "{{- if .Values.statefulset.enabled }}\napiVersion: apps/v1\nkind: StatefulSet\n{{- else }}\napiVersion: apps/v1\nkind: Deployment\n{{- end }}\nmetadata:\n name: {{ template \"nexus.fullname\" . }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\n{{- if .Values.deployment.annotations }}\n annotations:\n{{ toYaml .Values.deployment.annotations | indent 4 }}\n{{- end }}\nspec:\n replicas: {{ .Values.replicaCount }}\n {{- if .Values.statefulset.enabled }}\n {{- if .Values.nexusProxy.svcName }}\n serviceName: {{ .Values.nexusProxy.svcName }}\n {{- else }}\n serviceName: {{ template \"nexus.fullname\" . }}\n {{- end }}\n {{- end }}\n {{- if .Values.deploymentStrategy }}\n strategy:\n{{ toYaml .Values.deploymentStrategy | indent 4 }}\n {{- end }}\n selector:\n matchLabels:\n app: {{ template \"nexus.name\" . }}\n release: {{ .Release.Name }}\n template:\n metadata:\n {{- if .Values.nexus.podAnnotations }}\n annotations:\n{{ toYaml .Values.nexus.podAnnotations | indent 8}}\n {{- end }}\n labels:\n app: {{ template \"nexus.name\" . }}\n release: {{ .Release.Name }}\n {{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 8 }}\n {{- end }}\n spec:\n {{- if .Values.deployment.initContainers }}\n initContainers:\n{{ toYaml .Values.deployment.initContainers | indent 6 }}\n {{- end }}\n {{- if .Values.nexus.nodeSelector }}\n nodeSelector:\n{{ toYaml .Values.nexus.nodeSelector | indent 8 }}\n {{- end }}\n {{- if .Values.nexus.hostAliases }}\n hostAliases:\n{{ toYaml .Values.nexus.hostAliases | indent 8 }}\n {{- end }}\n {{- if .Values.nexus.imagePullSecret }}\n imagePullSecrets:\n - name: {{ .Values.nexus.imagePullSecret }}\n {{- end }}\n {{- if .Values.serviceAccount.name }}\n serviceAccountName: {{ .Values.serviceAccount.name | quote }}\n {{- else if .Values.serviceAccount.create }}\n serviceAccountName: {{ template \"nexus.fullname\" . }}\n {{- end }}\n {{- if .Values.nexus.priorityClassName }}\n priorityClassName: {{ .Values.nexus.priorityClassName }}\n {{- end }}\n containers:\n - name: nexus\n image: {{ .Values.nexus.imageName }}:{{ .Values.nexus.imageTag }}\n imagePullPolicy: {{ .Values.nexus.imagePullPolicy }}\n {{- if .Values.nexus.containerSecurityContext }}\n securityContext:\n{{ toYaml .Values.nexus.containerSecurityContext | indent 12 }}\n {{- end }}\n {{- if .Values.deployment.postStart.command }}\n lifecycle:\n postStart:\n exec:\n command: {{ .Values.deployment.postStart.command }}\n {{- end }}\n {{- with .Values.nexus.envFrom }}\n envFrom: \n {{- toYaml . | nindent 12 }}\n {{- end }}\n env:\n{{ toYaml .Values.nexus.env | indent 12 }}\n - name: NEXUS_DATA_CHOWN\n value: {{ .Values.nexus.chownNexusData | quote }}\n{{- if .Values.nexus.context }}\n - name: NEXUS_CONTEXT\n value: {{ .Values.nexus.context }}\n{{- end }}\n\n resources:\n{{ toYaml .Values.nexus.resources | indent 12 }}\n ports:\n - containerPort: {{ .Values.nexus.dockerPort }}\n name: nexus-docker-g\n - containerPort: {{ .Values.nexus.nexusPort }}\n name: nexus-http \n {{- with .Values.nexus.additionalPorts }}\n{{ toYaml . | indent 12 }}\n {{- end }}\n livenessProbe:\n httpGet:\n path: {{ .Values.nexus.livenessProbe.path }}\n port: {{ .Values.nexus.nexusPort }}\n initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }}\n failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }}\n {{- if .Values.nexus.livenessProbe.timeoutSeconds }}\n timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }}\n {{- end }}\n readinessProbe:\n httpGet:\n path: {{ .Values.nexus.readinessProbe.path }}\n port: {{ .Values.nexus.nexusPort }}\n initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }}\n failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }}\n {{- if .Values.nexus.readinessProbe.timeoutSeconds }}\n timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }}\n {{- end }}\n {{- if .Values.nexus.startupProbe }}\n startupProbe:\n httpGet:\n path: {{ .Values.nexus.startupProbe.path }}\n port: {{ .Values.nexus.nexusPort }}\n initialDelaySeconds: {{ .Values.nexus.startupProbe.initialDelaySeconds }}\n periodSeconds: {{ .Values.nexus.startupProbe.periodSeconds }}\n failureThreshold: {{ .Values.nexus.startupProbe.failureThreshold }}\n {{- if .Values.nexus.startupProbe.timeoutSeconds }}\n timeoutSeconds: {{ .Values.nexus.startupProbe.timeoutSeconds }}\n {{- end }}\n {{- end }}\n volumeMounts:\n - mountPath: /nexus-data\n name: {{ template \"nexus.fullname\" . }}-data\n {{- if .Values.nexusBackup.enabled }}\n - mountPath: /nexus-data/backup\n name: {{ template \"nexus.fullname\" . }}-backup\n {{- end }}\n {{- if .Values.nexusCloudiam.enabled }}\n - mountPath: /nexus-data/cloudiam\n name: {{ template \"nexus.fullname\" . }}-cloudiam\n {{- end }}\n {{- if .Values.config.enabled }}\n - mountPath: {{ .Values.config.mountPath }}\n name: {{ template \"nexus.name\" . }}-conf\n {{- end }}\n {{- if .Values.secret.enabled }}\n - mountPath: {{ .Values.secret.mountPath }}\n name: {{ template \"nexus.name\" . }}-secret\n readOnly: {{ .Values.secret.readOnly }}\n {{- end }}\n {{- if .Values.deployment.additionalVolumeMounts}}\n{{ toYaml .Values.deployment.additionalVolumeMounts | indent 12 }}\n {{- end }}\n {{- if .Values.nexusProxy.enabled }}\n - name: nexus-proxy\n image: {{ .Values.nexusProxy.imageName }}:{{ .Values.nexusProxy.imageTag }}\n resources:\n{{ toYaml .Values.nexusProxy.resources | indent 12 }}\n imagePullPolicy: {{ .Values.nexusProxy.imagePullPolicy }}\n {{- if .Values.nexusProxy.containerSecurityContext }}\n securityContext:\n{{ toYaml .Values.nexusProxy.containerSecurityContext | indent 12 }}\n {{- end }}\n env:\n - name: ALLOWED_USER_AGENTS_ON_ROOT_REGEX\n value: {{ default \"GoogleHC\" .Values.nexusProxy.env.allowedUserAgentsOnRootRegex | quote }}\n - name: CLOUD_IAM_AUTH_ENABLED\n value: {{ .Values.nexusProxy.env.cloudIamAuthEnabled | quote }}\n - name: BIND_PORT\n value: {{ .Values.nexusProxy.targetPort | quote }}\n - name: ENFORCE_HTTPS\n value: {{ .Values.nexusProxy.env.enforceHttps | quote }}\n - name: NEXUS_DOCKER_HOST\n value: {{ .Values.nexusProxy.env.nexusDockerHost | quote }}\n - name: NEXUS_HTTP_HOST\n value: {{ .Values.nexusProxy.env.nexusHttpHost | quote }}\n - name: UPSTREAM_DOCKER_PORT\n value: {{ .Values.nexus.dockerPort | quote }}\n - name: UPSTREAM_HTTP_PORT\n value: {{ .Values.nexus.nexusPort | quote }}\n - name: UPSTREAM_HOST\n value: \"localhost\"\n {{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}\n - name: NEXUS_RUT_HEADER\n value: \"X-Forwarded-User\"\n - name: CLIENT_ID\n value: {{ .Values.nexusProxy.env.clientId | quote }}\n - name: CLIENT_SECRET\n value: {{ .Values.nexusProxy.env.clientSecret | quote }}\n - name: ORGANIZATION_ID\n value: {{ .Values.nexusProxy.env.organizationId | quote }}\n - name: REDIRECT_URL\n value: {{ .Values.nexusProxy.env.redirectUrl | quote }}\n - name: KEYSTORE_PASS\n valueFrom:\n secretKeyRef:\n name: {{ template \"nexus.proxy-ks.name\" . }}\n key: password\n - name: KEYSTORE_PATH\n value: \"/nexus-proxy-ks/keystore\"\n - name: AUTH_CACHE_TTL\n value: \"60000\"\n - name: SESSION_TTL\n value: \"86400000\"\n - name: JWT_REQUIRES_MEMBERSHIP_VERIFICATION\n value: {{ .Values.nexusProxy.env.requiredMembershipVerification | quote }}\n {{- end }}\n {{- with .Values.nexusProxy.env.javaOptions }}\n - name: JAVA_TOOL_OPTIONS\n value: {{ . | quote }}\n {{ end }}\n ports:\n - containerPort: {{ .Values.nexusProxy.targetPort }}\n name: nexus-proxy\n {{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}\n volumeMounts:\n - mountPath: /nexus-proxy-ks\n name: {{ template \"nexus.proxy-ks.name\" . }}\n readOnly: true\n {{- end }}\n {{- end }}\n {{- if .Values.nexusBackup.enabled }}\n - name: nexus-backup\n image: {{ .Values.nexusBackup.imageName }}:{{ .Values.nexusBackup.imageTag }}\n imagePullPolicy: {{ .Values.nexusBackup.imagePullPolicy }}\n {{- if .Values.nexusBackup.containerSecurityContext }}\n securityContext:\n{{ toYaml .Values.nexusBackup.containerSecurityContext | indent 12 }}\n {{- end }}\n resources:\n{{ toYaml .Values.nexusBackup.resources | indent 12 }}\n env:\n - name: NEXUS_AUTHORIZATION\n {{- if not .Values.nexusBackup.env.nexusAuthorization }}\n valueFrom:\n secretKeyRef:\n key: nexus.nexusAdminPassword\n name: {{ template \"nexus.fullname\" . }}\n {{- else }}\n value: {{ .Values.nexusBackup.env.nexusAuthorization | quote }}\n {{- end }}\n - name: NEXUS_BACKUP_DIRECTORY\n value: /nexus-data/backup\n - name: NEXUS_DATA_DIRECTORY\n value: /nexus-data\n - name: NEXUS_LOCAL_HOST_PORT\n value: \"localhost:{{ .Values.nexus.nexusPort }}\"\n - name: OFFLINE_REPOS\n value: {{ .Values.nexusBackup.env.offlineRepos | quote }}\n - name: TARGET_BUCKET\n value: {{ .Values.nexusBackup.env.targetBucket | quote }}\n - name: GRACE_PERIOD\n value: {{ .Values.nexusBackup.env.gracePeriod | quote }}\n - name: TRIGGER_FILE\n value: .backup\n - name: RCLONE_REMOTE\n value: {{ .Values.nexusBackup.env.rcloneRemote | quote }}\n - name: STREAMING_UPLOAD_CUTOFF\n value: {{ .Values.nexusBackup.env.streamingUploadCutoff | default \"5000000\" | quote }}\n {{- if .Values.nexusCloudiam.enabled }}\n - name: CLOUD_IAM_SERVICE_ACCOUNT_KEY_PATH\n value: /nexus-data/cloudiam/service-account-key.json\n {{- end }}\n volumeMounts:\n - mountPath: /nexus-data\n name: {{ template \"nexus.fullname\" . }}-data\n - mountPath: /nexus-data/backup\n name: {{ template \"nexus.fullname\" . }}-backup\n {{- if .Values.nexusCloudiam.enabled }}\n - mountPath: /nexus-data/cloudiam\n name: {{ template \"nexus.fullname\" . }}-cloudiam\n {{- end }}\n - mountPath: /root/.config/rclone\n name: {{ template \"nexus.fullname\" . }}-rclone-config\n {{- end }}\n {{- if .Values.deployment.additionalContainers }}\n{{ toYaml .Values.deployment.additionalContainers | indent 8 }}\n {{- end }}\n {{- if .Values.nexus.securityContextEnabled }}\n securityContext:\n{{ toYaml .Values.nexus.securityContext | indent 8 }}\n {{- end }}\n volumes:\n {{- if .Values.nexusBackup.enabled }}\n - name: {{ template \"nexus.fullname\" . }}-rclone-config\n secret:\n secretName: {{ template \"nexus.name\" . }}-rclone-config-secret\n {{- end }}\n {{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}\n - name: {{ template \"nexus.proxy-ks.name\" . }}\n secret:\n secretName: {{ template \"nexus.proxy-ks.name\" . }}\n {{- end }}\n\n {{- if .Values.statefulset.enabled }}\n {{- if not .Values.persistence.enabled }}\n - name: {{ template \"nexus.fullname\" . }}-data\n emptyDir: {}\n {{- end }}\n {{- if and .Values.nexusBackup.enabled (not .Values.nexusBackup.persistence.enabled) }}\n - name: {{ template \"nexus.fullname\" . }}-backup\n emptyDir: {}\n {{- end }}\n {{- if and .Values.nexusCloudiam.enabled (not .Values.nexusCloudiam.persistence.enabled) }}\n - name: {{ template \"nexus.fullname\" . }}-cloudiam\n emptyDir: {}\n {{- end }}\n {{- else }}\n - name: {{ template \"nexus.fullname\" . }}-data\n {{- if .Values.persistence.enabled }}\n persistentVolumeClaim:\n claimName: {{ .Values.persistence.existingClaim | default (printf \"%s-%s\" (include \"nexus.fullname\" .) \"data\") }}\n {{- else }}\n emptyDir: {}\n {{- end }}\n {{- if .Values.nexusBackup.enabled }}\n - name: {{ template \"nexus.fullname\" . }}-backup\n {{- if and .Values.nexusBackup.persistence.enabled .Values.nexusBackup.enabled }}\n persistentVolumeClaim:\n claimName: {{ .Values.nexusBackup.persistence.existingClaim | default (printf \"%s-%s\" (include \"nexus.fullname\" .) \"backup\") }}\n {{- else }}\n emptyDir: {}\n {{- end }}\n {{- end }}\n {{- if .Values.nexusCloudiam.enabled }}\n - name: {{ template \"nexus.fullname\" . }}-cloudiam\n {{- if and .Values.nexusCloudiam.persistence.enabled .Values.nexusCloudiam.enabled }}\n persistentVolumeClaim:\n claimName: {{ .Values.nexusCloudiam.persistence.existingClaim | default (printf \"%s-%s\" (include \"nexus.fullname\" .) \"cloudiam\") }}\n {{- else }}\n emptyDir: {}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Values.config.enabled }}\n - name: {{ template \"nexus.name\" . }}-conf\n configMap:\n name: {{ template \"nexus.name\" . }}-conf\n {{- end }}\n {{- if .Values.secret.enabled }}\n - name: {{ template \"nexus.name\" . }}-secret\n secret:\n secretName: {{ template \"nexus.name\" . }}-secret\n {{- end }}\n {{- if .Values.deployment.additionalVolumes }}\n{{ toYaml .Values.deployment.additionalVolumes | indent 8 }}\n {{- end }}\n {{- if .Values.nexus.terminationGracePeriodSeconds }}\n terminationGracePeriodSeconds: {{ .Values.nexus.terminationGracePeriodSeconds }}\n {{- end }}\n {{- with .Values.tolerations }}\n tolerations:\n{{ toYaml . | indent 8 }}\n {{- end }}\n {{- with .Values.affinity }}\n affinity:\n{{ toYaml . | indent 8 }}\n {{- end }}\n\n\n## create pvc in case of statefulsets\n {{- if .Values.statefulset.enabled }}\n volumeClaimTemplates:\n {{- if .Values.persistence.enabled }}\n - metadata:\n name: {{ template \"nexus.fullname\" . }}-data\n labels:\n{{ include \"nexus.labels\" . | indent 10 }}\n {{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 10 }}\n {{- end }}\n {{- if .Values.persistence.annotations }}\n annotations:\n{{ toYaml .Values.persistence.annotations | indent 10 }}\n {{- end }}\n spec:\n accessModes:\n - {{ .Values.persistence.accessMode | quote }}\n resources:\n requests:\n storage: {{ .Values.persistence.storageSize | quote }}\n {{- if .Values.persistence.storageClass }}\n {{- if (eq \"-\" .Values.persistence.storageClass) }}\n storageClassName: \"\"\n {{- else }}\n storageClassName: \"{{ .Values.persistence.storageClass }}\"\n {{- end }}\n {{- end }}\n {{- end }}\n\n {{- if .Values.nexusBackup.persistence.enabled }}\n - metadata:\n name: {{ template \"nexus.fullname\" . }}-backup\n labels:\n{{ include \"nexus.labels\" . | indent 10 }}\n {{- if .Values.nexusBackup.persistence.annotations }}\n annotations:\n{{ toYaml .Values.nexusBackup.persistence.annotations | indent 10 }}\n {{- end }}\n spec:\n accessModes:\n - {{ .Values.nexusBackup.persistence.accessMode }}\n resources:\n requests:\n storage: {{ .Values.nexusBackup.persistence.storageSize | quote }}\n {{- if .Values.nexusBackup.persistence.storageClass }}\n {{- if (eq \"-\" .Values.nexusBackup.persistence.storageClass) }}\n storageClassName: \"\"\n {{- else }}\n storageClassName: \"{{ .Values.nexusBackup.persistence.storageClass }}\"\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Values.nexusCloudiam.persistence.enabled }}\n - metadata:\n name: {{ template \"nexus.fullname\" . }}-cloudiam\n labels:\n{{ include \"nexus.labels\" . | indent 10 }}\n {{- if .Values.nexusCloudiam.persistence.annotations }}\n annotations:\n{{ toYaml .Values.nexusCloudiam.persistence.annotations | indent 10 }}\n {{- end }}\n spec:\n accessModes:\n - {{ .Values.nexusCloudiam.persistence.accessMode }}\n resources:\n requests:\n storage: {{ .Values.nexusCloudiam.persistence.storageSize | quote }}\n {{- if .Values.nexusCloudiam.persistence.storageClass }}\n {{- if (eq \"-\" .Values.nexusCloudiam.persistence.storageClass) }}\n storageClassName: \"\"\n {{- else }}\n storageClassName: \"{{ .Values.nexusCloudiam.persistence.storageClass }}\"\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/ingress-docker.yaml", "content": "{{- if .Values.ingressDocker.enabled }}\n\n{{- $serviceName := include \"nexus.fullname\" . -}}\n{{- if .Values.nexusProxy.svcName }}\n {{- $serviceName = .Values.nexusProxy.svcName -}}\n{{- end }}\n\n{{- $servicePort := .Values.nexus.dockerPort -}}\n{{- if .Values.nexusProxy.enabled }}\n {{- $servicePort = .Values.nexusProxy.port -}}\n{{- end }}\n\n{{- if .Capabilities.APIVersions.Has \"networking.k8s.io/v1\" -}}\napiVersion: networking.k8s.io/v1\n{{- else if .Capabilities.APIVersions.Has \"networking.k8s.io/v1beta1\" -}}\napiVersion: networking.k8s.io/v1beta1\n{{- else -}}\napiVersion: extensions/v1beta1\n{{- end }}\nkind: Ingress\nmetadata:\n name: {{ template \"nexus.ingress.docker\" . }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n {{- range $key, $value := .Values.ingressDocker.labels }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n annotations:\n {{- range $key, $value := .Values.ingressDocker.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n {{- if .Values.ingressDocker.className }}\n ingressClassName: {{ .Values.ingressDocker.className }}\n {{- end }}\n rules:\n {{- if .Values.nexusProxy.env.nexusDockerHost }}\n - host: {{ .Values.nexusProxy.env.nexusDockerHost }}\n http:\n paths:\n - path: {{ .Values.ingressDocker.path }}\n {{- if $.Capabilities.APIVersions.Has \"networking.k8s.io/v1\" }}\n pathType: {{ .Values.ingressDocker.pathType }}\n backend:\n service:\n name: {{ $serviceName }}\n port:\n number: {{ $servicePort }}\n {{- else }}\n backend:\n serviceName: {{ $serviceName }}\n servicePort: {{ $servicePort }}\n {{- end }}\n {{- end }}\n {{- with .Values.ingressDocker.rules }}\n {{- toYaml . | nindent 4 }}\n {{- end -}}\n{{- if .Values.ingressDocker.tls.enabled }}\n tls:\n - hosts:\n {{- if .Values.nexusProxy.env.nexusDockerHost }}\n - {{ .Values.nexusProxy.env.nexusDockerHost }}\n {{- end }}\n {{- if .Values.ingressDocker.tls.secretName }}\n secretName: {{ .Values.ingressDocker.tls.secretName | quote }}\n {{- end }}\n {{- with .Values.ingressDocker.tls.hosts }}\n {{- toYaml . | nindent 4 }}\n {{- end -}}\n{{- end -}}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/ingress.yaml", "content": "{{- if .Values.ingress.enabled -}}\n\n{{- $serviceName := include \"nexus.fullname\" . -}}\n{{- if .Values.nexusProxy.svcName }}\n {{- $serviceName = .Values.nexusProxy.svcName -}}\n{{- end }}\n\n{{- $servicePort := .Values.nexus.nexusPort -}}\n{{- if .Values.nexusProxy.enabled }}\n {{- $servicePort = .Values.nexusProxy.port -}}\n{{- end }}\n\n{{- if .Capabilities.APIVersions.Has \"networking.k8s.io/v1\" -}}\napiVersion: networking.k8s.io/v1\n{{- else if .Capabilities.APIVersions.Has \"networking.k8s.io/v1beta1\" -}}\napiVersion: networking.k8s.io/v1beta1\n{{- else -}}\napiVersion: extensions/v1beta1\n{{- end }}\nkind: Ingress\nmetadata:\n name: {{ template \"nexus.fullname\" . }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n {{- range $key, $value := .Values.ingress.labels }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n annotations:\n {{- range $key, $value := .Values.ingress.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n {{- if .Values.ingress.className }}\n ingressClassName: {{ .Values.ingress.className }}\n {{- end }}\n rules:\n{{- if .Values.nexusProxy.env.nexusHttpHost }}\n - host: {{ .Values.nexusProxy.env.nexusHttpHost }}\n http:\n paths:\n - path: {{ .Values.ingress.path }}\n {{- if $.Capabilities.APIVersions.Has \"networking.k8s.io/v1\" }}\n pathType: {{ .Values.ingress.pathType }}\n backend:\n service:\n name: {{ $serviceName }}\n port:\n number: {{ $servicePort }}\n {{- else }}\n backend:\n serviceName: {{ $serviceName }}\n servicePort: {{ $servicePort }}\n {{- end }}\n{{- end }}\n {{- with .Values.ingress.rules }}\n {{- toYaml . | nindent 4 }}\n {{- end -}}\n{{- if .Values.ingress.tls.enabled }}\n tls:\n - hosts:\n {{- if .Values.nexusProxy.env.nexusHttpHost }}\n - {{ .Values.nexusProxy.env.nexusHttpHost }}\n {{- end }}\n {{- if .Values.ingress.tls.secretName }}\n secretName: {{ .Values.ingress.tls.secretName | quote }}\n {{- end }}\n {{- with .Values.ingress.tls.hosts }}\n {{- toYaml . | nindent 4 }}\n {{- end -}}\n{{- end -}}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/initpwd-job.yaml", "content": "{{- if .Values.initAdminPassword.enabled }}\n---\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: {{ template \"nexus.fullname\" . }}-initpwd-job\n annotations:\n helm.sh/hook: \"post-install\"\n helm.sh/hook-weight: \"10\"\n helm.sh/hook-delete-policy: \"before-hook-creation\"\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\nspec:\n backoffLimit: 5\n template:\n metadata:\n name: {{ template \"nexus.fullname\" . }}-initpwd\n labels:\n app: {{ template \"nexus.name\" . }}\n release: {{ .Release.Name }}\n spec:\n restartPolicy: Never\n containers:\n - name: nexus-initpwd\n image: curlimages/curl:7.73.0\n command:\n - /bin/sh\n - -ec\n - |\n curl --fail -X PUT \\\n http://$(NEXUS_HOST)/service/rest/beta/security/users/admin/change-password \\\n -H \"Content-Type: text/plain\" \\\n -H \"Authorization: Basic $(NEXUS_AUTHORIZATION)\" \\\n -d \"$(ADMIN_PASSWORD)\"\n env:\n - name: NEXUS_AUTHORIZATION\n valueFrom:\n secretKeyRef:\n key: nexusAuthorization\n name: {{ template \"nexus.fullname\" . }}-initpwd-secret\n - name: NEXUS_HOST\n value: {{ template \"nexus.fullname\" . }}.{{ .Release.Namespace }}:{{ .Values.nexus.nexusPort }}\n - name: ADMIN_PASSWORD\n valueFrom:\n secretKeyRef:\n key: adminPassword\n name: {{ template \"nexus.fullname\" . }}-initpwd-secret\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ template \"nexus.fullname\" . }}-initpwd-secret\n annotations:\n helm.sh/hook: \"post-install\"\n helm.sh/hook-weight: \"-10\"\n helm.sh/hook-delete-policy: \"hook-succeeded,before-hook-creation\"\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\ntype: Opaque\ndata:\n nexusAuthorization: {{ printf \"%s%s\" \"admin:\" (default \"admin123\" .Values.initAdminPassword.defaultPasswordOverride) | b64enc | b64enc }}\n adminPassword: {{ .Values.initAdminPassword.password | b64enc }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/proxy-ks-secret.yaml", "content": "{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ template \"nexus.proxy-ks.name\" . }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\ntype: Opaque\ndata:\n keystore: {{ .Values.nexusProxy.secrets.keystore }}\n password: {{ .Values.nexusProxy.secrets.password | b64enc }}\n{{- end}}\n" }, { "path": "charts/sonatype-nexus/templates/proxy-route.yaml", "content": "{{- if .Values.nexusProxyRoute.enabled }}\napiVersion: route.openshift.io/v1\nkind: Route\nmetadata:\n name: {{ template \"nexus.fullname\" . }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n {{- range $key, $value := .Values.nexusProxyRoute.labels }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n annotations:\n {{- range $key, $value := .Values.nexusProxyRoute.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n host: {{ .Values.nexusProxyRoute.path }}\n port:\n {{- if .Values.nexusProxy.svcName }}\n targetPort: {{ .Values.nexusProxy.svcName }}\n {{- else }}\n targetPort: {{ template \"nexus.fullname\" . }}\n {{- end }}\n tls:\n insecureEdgeTerminationPolicy: Redirect\n termination: edge\n to:\n kind: Service\n{{- if .Values.nexusProxy.svcName }}\n name: {{ .Values.nexusProxy.svcName }}\n{{- else }}\n name: {{ template \"nexus.fullname\" . }}\n{{- end }}\n weight: 100\n wildcardPolicy: None\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/proxy-svc.yaml", "content": "{{- if or .Values.nexusProxy.enabled .Values.ingress.enabled }}\napiVersion: v1\nkind: Service\nmetadata:\n{{- if .Values.nexusProxy.svcName }}\n name: {{ .Values.nexusProxy.svcName }}\n{{- else }}\n name: {{ template \"nexus.fullname\" . }}\n{{- end }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\n{{- if .Values.nexusProxy.labels }}\n{{ toYaml .Values.nexusProxy.labels | indent 4 }}\n{{- end }}\n{{- if .Values.nexus.annotations }}\n annotations:\n{{ toYaml .Values.nexus.annotations | indent 4 }}\n{{- end }}\nspec:\n ports:\n{{- if .Values.nexusProxy.enabled }}\n - port: {{ .Values.nexusProxy.port }}\n{{- else }}\n - port: {{ .Values.nexus.nexusPort }}\n{{- end }}\n{{- if .Values.nexusProxy.svcName }}\n name: {{ .Values.nexusProxy.svcName }}\n{{- else }}\n name: {{ template \"nexus.fullname\" . }}\n{{- end }}\n protocol: TCP\n{{- if .Values.nexusProxy.enabled }}\n targetPort: {{ .Values.nexusProxy.targetPort }}\n{{- else }}\n targetPort: {{ .Values.nexus.nexusPort }}\n - port: {{ .Values.nexus.dockerPort }}\n name: docker\n protocol: TCP\n targetPort: {{ .Values.nexus.dockerPort }}\n{{- range $ports := .Values.nexus.additionalPorts }}\n - port: {{ $ports.containerPort }}\n name: {{ $ports.name }}\n protocol: TCP\n targetPort: {{ $ports.containerPort }}\n{{- end }}\n{{- end }}\n selector:\n app: {{ template \"nexus.name\" . }}\n release: {{ .Release.Name }}\n type: {{ .Values.nexus.service.type }}\n {{- if and (eq .Values.nexus.service.type \"ClusterIP\") .Values.nexus.service.clusterIP }}\n clusterIP: {{ .Values.nexus.service.clusterIP }}\n {{- end }}\n {{- if and (eq .Values.nexus.service.type \"LoadBalancer\") .Values.nexus.service.loadBalancerIP }}\n loadBalancerIP: {{ .Values.nexus.service.loadBalancerIP }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/pv.yaml", "content": "{{- if not .Values.statefulset.enabled }}\n{{- if .Values.persistence.pdName -}}\napiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: {{ .Values.persistence.pdName }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\nspec:\n capacity:\n storage: {{ .Values.persistence.storageSize }}\n accessModes:\n - ReadWriteOnce\n claimRef:\n namespace: {{ .Release.Namespace }}\n name: {{ template \"nexus.fullname\" . }}-data\n gcePersistentDisk:\n pdName: {{ .Values.persistence.pdName }}\n fsType: {{ .Values.persistence.fsType }}\n{{- end }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/pvc.yaml", "content": "{{- if not .Values.statefulset.enabled }}\n{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: {{ template \"nexus.fullname\" . }}-data\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\n{{- if .Values.persistence.annotations }}\n annotations:\n{{ toYaml .Values.persistence.annotations | indent 4 }}\n{{- end }}\nspec:\n accessModes:\n - {{ .Values.persistence.accessMode | quote }}\n resources:\n requests:\n storage: {{ .Values.persistence.storageSize | quote }}\n{{- if .Values.persistence.storageClass }}\n{{- if (eq \"-\" .Values.persistence.storageClass) }}\n storageClassName: \"\"\n{{- else }}\n storageClassName: \"{{ .Values.persistence.storageClass }}\"\n{{- end }}\n{{- end }}\n{{- end }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/rclone-config-secret.yaml", "content": "{{- if and .Values.nexusBackup.enabled -}}\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ template \"nexus.name\" . }}-rclone-config-secret\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\ndata:\n{{- if .Values.nexusBackup.rcloneConfig }}\n{{- range $key, $val := .Values.nexusBackup.rcloneConfig }}\n {{ $key }}: |-\n{{ $val | b64enc| indent 4}}\n{{- end }}\n{{- end -}}\n{{- end}}\n" }, { "path": "charts/sonatype-nexus/templates/route.yaml", "content": "{{- if .Values.route.enabled }}\napiVersion: route.openshift.io/v1\nkind: Route\nmetadata:\n name: {{ .Values.route.name }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels: \n {{- range $key, $value := .Values.route.labels }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\n annotations:\n {{- range $key, $value := .Values.route.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n host: {{ .Values.route.path }}\n port:\n targetPort: {{ .Values.route.portName }}\n tls:\n insecureEdgeTerminationPolicy: Redirect\n termination: edge\n to:\n kind: Service\n{{- if .Values.service.name }}\n name: {{ .Values.service.name }}\n{{- else }}\n name: {{ template \"nexus.name\" . }}-service\n{{- end }}\n weight: 100\n wildcardPolicy: None\nstatus:\n ingress: []\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/templates/secret.yaml", "content": "{{- if and .Values.secret.enabled .Values.secret.data -}}\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ template \"nexus.name\" . }}-secret\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\ndata:\n{{ toYaml .Values.secret.data | indent 2 }}\n{{- end}}\n" }, { "path": "charts/sonatype-nexus/templates/service.yaml", "content": "{{- if .Values.service.enabled -}}\napiVersion: v1\nkind: Service\nmetadata:\n{{- if .Values.service.name }}\n name: {{ .Values.service.name }}\n{{- else }}\n name: {{ template \"nexus.name\" . }}-service\n{{- end }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.service.labels }}\n{{ toYaml .Values.service.labels | indent 4 }}\n{{- end }}\n{{- if .Values.service.annotations }}\n annotations:\n{{ toYaml .Values.service.annotations | indent 4 }}\n{{- end }}\nspec:\n ports:\n {{- if .Values.service.portName }}\n - name: {{ .Values.service.portName }}\n port: {{ .Values.service.port }}\n targetPort: {{ .Values.service.targetPort }}\n {{- end }}\n {{- with .Values.service.ports }}\n{{ toYaml . | indent 2 }}\n {{- end }}\n selector:\n app: {{ template \"nexus.name\" . }}\n release: {{ .Release.Name }}\n type: {{ .Values.service.type }}\n {{ if .Values.service.loadBalancerSourceRanges }}\n loadBalancerSourceRanges:\n {{- range .Values.service.loadBalancerSourceRanges }}\n - {{ . }}\n {{- end }}\n {{ end }}\n {{- if and (eq .Values.service.type \"LoadBalancer\") .Values.service.loadBalancerIP }}\n loadBalancerIP: {{ .Values.service.loadBalancerIP }}\n {{- end }}\n{{- end}}\n\n" }, { "path": "charts/sonatype-nexus/templates/serviceaccount.yaml", "content": "{{- if .Values.serviceAccount.create }}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n {{- if .Values.serviceAccount.name }}\n name: {{ .Values.serviceAccount.name }}\n {{- else }}\n name: {{ template \"nexus.fullname\" . }}\n {{- end }}\n namespace: {{ template \"nexus.namespace\" . }}\n labels:\n{{ include \"nexus.labels\" . | indent 4 }}\n{{- if .Values.nexus.labels }}\n{{ toYaml .Values.nexus.labels | indent 4 }}\n{{- end }}\n {{- if .Values.serviceAccount.annotations }}\n annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}\n {{- end }}\n{{- end }}\n" }, { "path": "charts/sonatype-nexus/values.yaml", "content": "## Overrides for generated resource names\n# namespaceOverride:\n\nstatefulset:\n enabled: false\nreplicaCount: 1\n# By default deploymentStrategy is set to rollingUpdate with maxSurge of 25% and maxUnavailable of 25% . you can change type to `Recreate` or can uncomment `rollingUpdate` specification and adjust them to your usage.\ndeploymentStrategy: {}\n # rollingUpdate:\n # maxSurge: 25%\n # maxUnavailable: 25%\n # type: RollingUpdate\n\n# If enabled, a Job will be launched after the chart is installed to initialize the admin password of your choice\ninitAdminPassword:\n enabled: false\n # Set this in the instance where default admin password is different\n defaultPasswordOverride:\n password: \"admin321\"\n\nnexus:\n imageName: quay.io/travelaudience/docker-nexus\n imageTag: 3.38.1-01\n imagePullPolicy: IfNotPresent\n # Uncomment this to scheduler pods on priority\n # priorityClassName: \"high-priority\"\n env:\n - name: INSTALL4J_ADD_VM_PARAMS\n value: \"-Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:ActiveProcessorCount=4\"\n - name: NEXUS_SECURITY_RANDOMPASSWORD\n value: \"false\"\n # envFrom:\n # - configMapRef:\n # name: special-config\n # nodeSelector:\n # cloud.google.com/gke-nodepool: default-pool\n resources: {}\n # requests:\n ## Based on https://support.sonatype.com/hc/en-us/articles/115006448847#mem\n ## and https://twitter.com/analytically/status/894592422382063616:\n ## Xms == Xmx\n ## Xmx <= 4G\n ## MaxDirectMemory >= 2G\n ## Xmx + MaxDirectMemory <= RAM * 2/3 (hence the request for 4800Mi)\n ## MaxRAMFraction=1 is not being set as it would allow the heap\n ## to use all the available memory.\n # cpu: 250m\n # memory: 4800Mi\n containerSecurityContext: {}\n # The ports should only be changed if the nexus image uses a different port\n dockerPort: 5003\n nexusPort: 8081\n additionalPorts: []\n service:\n type: NodePort\n # clusterIP: None\n # annotations: {}\n ## When using LoadBalancer service type, use the following AWS certificate from ACM\n ## https://aws.amazon.com/documentation/acm/\n # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: \"arn:aws:acm:eu-west-1:123456789:certificate/abc123-abc123-abc123-abc123\"\n # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: \"https\"\n # service.beta.kubernetes.io/aws-load-balancer-backend-port: \"https\"\n ## When using LoadBalancer service type, whitelist these source IP ranges\n ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/\n # loadBalancerSourceRanges:\n # - 192.168.1.10/32\n # labels: {}\n ## Configures the requested IP on the loadBalancer when using LoadBalancer service type\n # loadBalancerIP: \"192.168.1.10\"\n securityContextEnabled: true\n securityContext:\n fsGroup: 200\n podAnnotations: {}\n livenessProbe:\n initialDelaySeconds: 300\n periodSeconds: 30\n failureThreshold: 6\n # timeoutSeconds: 10\n path: /\n readinessProbe:\n initialDelaySeconds: 30\n periodSeconds: 30\n failureThreshold: 6\n # timeoutSeconds: 10\n path: /\n # startupProbe:\n # initialDelaySeconds: 10\n # periodSeconds: 10\n # failureThreshold: 300\n # # timeoutSeconds: 10\n # path: /\n # hostAliases allows the modification of the hosts file inside a container\n hostAliases: []\n # - ip: \"192.168.1.10\"\n # hostnames:\n # - \"example.com\"\n # - \"www.example.com\"\n context:\n # When using nexus it is important that all the files in the data directory have the proper owner configured. Therefore this\n # value defaults to true to apply chown -R nexus:nexus to the mounted directory at every startup of the container.\n chownNexusData: true\n # terminationGracePeriodSeconds : 30\n # Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.\n # WARNING : It has no effect with quay.io/travelaudience/docker-nexus which is using Runsvdir (https://github.com/travelaudience/docker-nexus/issues/56)\n # However it can be useful when you switch to the official image (https://hub.docker.com/r/sonatype/nexus3/tags?page=1&ordering=last_updated)\n\nroute:\n enabled: false\n name: docker\n portName: docker\n labels:\n annotations:\n # path: docker.apps.ocp01.cluster.local\n\nnexusProxy:\n enabled: true\n # svcName: proxy-svc\n imageName: quay.io/travelaudience/docker-nexus-proxy\n imageTag: 2.6.0\n imagePullPolicy: IfNotPresent\n port: 8080\n containerSecurityContext: {}\n targetPort: 8080\n # labels: {}\n env:\n # Example for javaOptions : \"-Xms3G -Xmx3G -XX:MaxDirectMemorySize=3G\"\n javaOptions:\n nexusDockerHost:\n nexusHttpHost:\n enforceHttps: false\n cloudIamAuthEnabled: false\n## If cloudIamAuthEnabled is set to true uncomment the variables below and remove this line\n # clientId: \"\"\n # clientSecret: \"\"\n # organizationId: \"\"\n # redirectUrl: \"\"\n # requiredMembershipVerification: \"true\"\n # secrets:\n # keystore: \"\"\n # password: \"\"\n resources: {}\n # requests:\n # cpu: 100m\n # memory: 256Mi\n # limits:\n # cpu: 200m\n # memory: 512Mi\n\nnexusProxyRoute:\n enabled: false\n labels:\n annotations:\n # path: /nexus\n\npersistence:\n enabled: true\n accessMode: ReadWriteOnce\n ## If defined, storageClass: \n ## If set to \"-\", storageClass: \"\", which disables dynamic provisioning\n ## If undefined (the default) or set to null, no storageClass spec is\n ## set, choosing the default provisioner. (gp2 on AWS, standard on\n ## GKE, AWS & OpenStack)\n ##\n # existingClaim:\n # annotations:\n # \"helm.sh/resource-policy\": keep\n # storageClass: \"-\"\n storageSize: 8Gi\n # If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.\n # pdName: nexus-data-disk\n # fsType: ext4\n\nnexusBackup:\n enabled: false\n imageName: dbcc/docker-nexus-backup\n imageTag: 0.0.1\n imagePullPolicy: IfNotPresent\n env:\n rcloneRemote:\n targetBucket:\n nexusAuthorization:\n # Size of the data chunk to stream to the remote\n streamingUploadCutoff: \"5000000\"\n offlineRepos: \"maven-central maven-public maven-releases maven-snapshots\"\n gracePeriod: 60\n # This should match the value of `initAdminPassword.password` if `initAdminPassword.enabled` is true\n nexusAdminPassword: \"admin123\"\n persistence:\n enabled: true\n # existingClaim:\n # annotations:\n # \"helm.sh/resource-policy\": keep\n accessMode: ReadWriteOnce\n # See comment above for information on setting the backup storageClass\n # storageClass: \"-\"\n storageSize: 8Gi\n # If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.\n # pdName: nexus-backup-disk\n # fsType: ext4\n resources: {}\n # requests:\n # cpu: 100m\n # memory: 256Mi\n # limits:\n # cpu: 200m\n # memory: 512Mi\n rcloneConfig:\n rclone.conf: |\n [AWS]\n type = s3\n provider = AWS\n env_auth = true\n region = us-east-1\n acl = authenticated-read\n containerSecurityContext: {}\n\nnexusCloudiam:\n enabled: false\n persistence:\n enabled: true\n # existingClaim:\n # annotations:\n # \"helm.sh/resource-policy\": keep\n accessMode: ReadWriteOnce\n # See comment above for information on setting the backup storageClass\n # storageClass: \"-\"\n storageSize: 1Mi\n # If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.\n # pdName: nexus-cloudiam-path\n # fsType: ext4\n\nserviceAccount:\n # Specifies whether a service account should be created\n create: true\n # The name of the service account to use.\n # If not set and create is true, a name is generated using the fullname template\n name:\n annotations: {}\n\nrbac:\n create: false\n roleRef: {}\n annotations: {}\n\ningress:\n enabled: false\n path: /\n pathType: Prefix\n labels: {}\n annotations: {}\n # # NOTE: Can't use 'false' due to https://github.com/jetstack/kube-lego/issues/173.\n # kubernetes.io/ingress.allow-http: true\n # kubernetes.io/ingress.class: gce\n # kubernetes.io/ingress.global-static-ip-name: \"\"\n # kubernetes.io/tls-acme: true\n tls:\n enabled: true\n secretName: nexus-tls\n hosts:\n # Specify custom rules in addition to or instead of the nexus-proxy rules\n rules:\n # - host: http://nexus.127.0.0.1.nip.io\n # http:\n # paths:\n # - backend:\n # serviceName: additional-svc\n # servicePort: 80\n\n # className: nginx\n\ningressDocker:\n enabled: false\n path: /\n pathType: Prefix\n labels: {}\n annotations: {}\n # # NOTE: Can't use 'false' due to https://github.com/jetstack/kube-lego/issues/173.\n # kubernetes.io/ingress.allow-http: true\n # kubernetes.io/ingress.class: gce\n # kubernetes.io/ingress.global-static-ip-name: \"\"\n # kubernetes.io/tls-acme: true\n tls:\n enabled: true\n secretName: nexus-tls\n hosts:\n # Specify custom rules in addition to or instead of the nexus-proxy rules\n rules:\n # - host: http://nexus.127.0.0.1.nip.io\n # http:\n # paths:\n # - backend:\n # serviceName: additional-svc\n # servicePort: 80\n\n # className: nginx\n\naffinity: {}\n\ntolerations: []\n\n# # Enable configmap and add data in configmap\nconfig:\n enabled: false\n mountPath: /sonatype-nexus-conf\n data:\n\ndeployment:\n # # Add annotations in deployment to enhance deployment configurations\n annotations: {}\n # # Add init containers. e.g. to be used to give specific permissions for nexus-data.\n # # Add your own init container or uncomment and modify the given example.\n initContainers:\n # - name: fmp-volume-permission\n # image: busybox\n # imagePullPolicy: IfNotPresent\n # command: ['chown','-R', '200', '/nexus-data']\n # volumeMounts:\n # - name: nexus-data\n # mountPath: /nexus-data\n # # Uncomment and modify this to run a command after starting the nexus container.\n postStart:\n command: # '[\"/bin/sh\", \"-c\", \"ls\"]'\n # # Enable nexus scripts settings, disabled by default for versions >= 3.21.2\n # command: '[\"/bin/sh\", \"-c\", \"if [[ -z $(grep ^nexus.scripts.allowCreation=true /nexus-data/etc/nexus.properties) ]];then echo nexus.scripts.allowCreation=true >> /nexus-data/etc/nexus.properties;fi\"]'\n\n additionalContainers:\n additionalVolumes:\n additionalVolumeMounts:\n\n# # To use an additional secret, set enable to true and add data\nsecret:\n enabled: false\n mountPath: /etc/secret-volume\n readOnly: true\n data:\n\n# # To use an additional service, set enable to true\nservice:\n type: ClusterIP\n # name: additional-svc\n enabled: false\n labels: {}\n annotations: {}\n ports:\n - name: nexus-service\n targetPort: 80\n port: 80\n ## Configures the requested IP on the loadBalancer when using LoadBalancer service type\n # loadBalancerIP: \"192.168.1.10\"\n\nadditionalConfigMaps: []\n# - name: maven-central\n# labels:\n# nexus-type: repository\n# data:\n# recipe: 'MavenProxy'\n# remoteUrl: 'https://repo.maven.apache.org/maven2/'\n# blobStoreName: 'default'\n# strictContentTypeValidation: 'true'\n# versionPolicy: 'RELEASE'\n# layoutPolicy: 'STRICT'\n" }, { "path": "docs/index.html", "content": "\n\n\n Oteemo Chart Repository\n\n\n

Oteemo Helm Charts Repo

\n

Point Helm at this repository to access Oteemo's helm charts

\n

helm repo add oteemocharts https://oteemo.github.io/charts

\n\n\n" }, { "path": "docs/index.yaml", "content": "apiVersion: v1\nentries:\n che:\n - apiVersion: v1\n appVersion: 7.3.1\n created: \"2019-11-01T14:10:55.698277-04:00\"\n description: A Helm chart for deploying Eclipse Che to Kubernetes\n digest: 788127cd4e5a1d43e92b5007b5a18fb867780180cc2de01d68f9f2358b491910\n name: che\n urls:\n - https://oteemo.github.io/charts/che-0.1.2.tgz\n version: 0.1.2\n - apiVersion: v1\n created: \"2019-11-01T14:10:55.694465-04:00\"\n description: A Helm chart for deploying Eclipse Che to Kubernetes\n digest: c5fc2099b6b86d9dd25b4fa31bf7bbd3bbd969ce079a06bef5ac1558b74d67ee\n name: che\n urls:\n - https://oteemo.github.io/charts/che-0.1.1.tgz\n version: 0.1.1\ngenerated: \"2019-11-01T14:10:55.688664-04:00\"\n" }, { "path": "lint.yaml", "content": "# See https://github.com/helm/chart-testing#configuration\nremote: origin\nchart-dirs:\n - charts\nchart-repos:\n - bitnami=https://charts.bitnami.com/bitnami\nhelm-extra-args: --timeout 600s" }, { "path": "old-charts/che/.gitignore", "content": "charts\nrequirements.lock\n\n" }, { "path": "old-charts/che/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n" }, { "path": "old-charts/che/Chart.yaml", "content": "apiVersion: v1\nappVersion: 7.3.1\ndescription: A Helm chart for deploying Eclipse Che to Kubernetes\nname: che\nversion: 0.1.6\nkeywords:\n- che\n- eclipse\nmaintainers:\nhome: https://www.eclipse.org/che/\nicon: https://www.eclipse.org/che/images/logo-eclipseche.svg\ndeprecated: true\n" }, { "path": "old-charts/che/Readme.md", "content": "# Eclipse Che\n\n***This chart has been deprecated***\n" }, { "path": "old-charts/che/custom-charts/che-devfile-registry/Chart.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: \"v1\"\nname: \"che-devfile-registry\"\nversion: \"0.0.1\"\nhome: \"https://github.com/eclipse/che-devfile-registry/\"\n" }, { "path": "old-charts/che/custom-charts/che-devfile-registry/README.md", "content": "# Che devfile Registry Helm Chart\n\nThis Helm Chart install [Che](https://github.com/eclipse/che) devfile Registry. More information about Che devfile Registry can be found [here](https://github.com/eclipse/che-devfile-registry)." }, { "path": "old-charts/che/custom-charts/che-devfile-registry/templates/deployment.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: che\n component: devfile-registry\n name: devfile-registry\nspec:\n replicas: 1\n revisionHistoryLimit: 2\n selector:\n matchLabels:\n app: che\n component: devfile-registry\n strategy:\n type: RollingUpdate\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n template:\n metadata:\n labels:\n app: che\n component: devfile-registry\n spec:\n containers:\n - image: {{ .Values.cheDevfileRegistry.repository }}:{{ .Values.global.cheImageTag }}\n imagePullPolicy: {{ .Values.cheDevfileRegistry.imagePullPolicy }}\n name: che-devfile-registry\n ports:\n - containerPort: 8080\n livenessProbe:\n httpGet:\n path: /devfiles/\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n periodSeconds: 10\n timeoutSeconds: 3\n readinessProbe:\n httpGet:\n path: /devfiles/\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 3\n periodSeconds: 10\n timeoutSeconds: 3\n resources:\n limits:\n memory: {{ .Values.cheDevfileRegistry.memoryLimit }}\n requests:\n memory: {{ .Values.cheDevfileRegistry.memoryRequests }}\n" }, { "path": "old-charts/che/custom-charts/che-devfile-registry/templates/ingress.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n name: devfile-registry\n annotations:\n kubernetes.io/ingress.class: {{ .Values.cheDevfileRegistry.ingress.class }}\n {{- range $key, $value := .Values.cheDevfileRegistry.ingress.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n rules:\n - host: {{ printf .Values.global.cheDevfileRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}\n http:\n paths:\n - path: /\n backend:\n serviceName: devfile-registry\n servicePort: 8080\n{{- if .Values.global.tls.enabled }}\n tls:\n - hosts:\n - {{ printf .Values.global.cheDevfileRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}\n secretName: {{ .Values.global.tls.secretName }}\n{{- end -}}\n" }, { "path": "old-charts/che/custom-charts/che-devfile-registry/templates/service.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: Service\nmetadata:\n labels:\n app: che\n component: devfile-registry\n name: devfile-registry\nspec:\n ports:\n - protocol: TCP\n port: 8080\n targetPort: 8080\n selector:\n app: che\n component: devfile-registry\n" }, { "path": "old-charts/che/custom-charts/che-devfile-registry/values.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\ncheDevfileRegistry:\n repository: quay.io/eclipse/che-devfile-registry\n imagePullPolicy: Always\n memoryLimit: 256Mi\n memoryRequests: 16Mi\n ingress:\n class: nginx\n annotations: {}\n" }, { "path": "old-charts/che/custom-charts/che-jaeger/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n" }, { "path": "old-charts/che/custom-charts/che-jaeger/Chart.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\ndescription: A Jaeger Helm chart, used by Che\nname: che-jaeger\nversion: 1.0.0\n" }, { "path": "old-charts/che/custom-charts/che-jaeger/templates/deployment.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n name: jaeger\n labels:\n app: jaeger\n jaeger-infra: jaeger-deployment\nspec:\n replicas: 1\n strategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 0\n template:\n metadata:\n labels:\n app: jaeger\n jaeger-infra: jaeger-pod\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/port: \"16686\"\n spec:\n containers:\n - image: {{ .Values.image }}\n name: jaeger\n ports:\n - containerPort: 5775\n protocol: UDP\n - containerPort: 6831\n protocol: UDP\n - containerPort: 6832\n protocol: UDP\n - containerPort: 16686\n protocol: TCP\n - containerPort: 5778\n protocol: TCP\n readinessProbe:\n httpGet:\n path: \"/\"\n port: 14269\n initialDelaySeconds: 5\n" }, { "path": "old-charts/che/custom-charts/che-jaeger/templates/ingress.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n{{- define \"jaegerHost\" }}\n{{- printf \"jaeger-%s.%s\" .Release.Namespace .Values.global.ingressDomain }}\n{{- end }}\n\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n name: jaeger-query\n annotations:\n kubernetes.io/ingress.class: \"nginx\"\n {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: \"3600\"\n {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: \"3600\"\n{{- if .Values.global.tls.enabled }}\n {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: \"true\"\n{{- else }}\n {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: \"false\"\n{{- end }}\nspec:\n{{- if .Values.global.tls.enabled }}\n tls:\n - hosts:\n - {{ template \"jaegerHost\" . }}\n secretName: {{ .Values.global.tls.secretName }}\n{{- end }}\n rules:\n - host: {{ template \"jaegerHost\" . }}\n http:\n paths:\n - path: /\n backend:\n serviceName: jaeger-query\n servicePort: 16686\n" }, { "path": "old-charts/che/custom-charts/che-jaeger/templates/service-agent.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: Service\nmetadata:\n name: jaeger-agent\n labels:\n app: jaeger\n jaeger-infra: agent-service\nspec:\n ports:\n - name: agent-zipkin-thrift\n port: 5775\n protocol: UDP\n targetPort: 5775\n - name: agent-compact\n port: 6831\n protocol: UDP\n targetPort: 6831\n - name: agent-binary\n port: 6832\n protocol: UDP\n targetPort: 6832\n - name: agent-sampler-manager\n port: 5778\n protocol: TCP\n targetPort: 5778\n selector:\n jaeger-infra: jaeger-pod\n" }, { "path": "old-charts/che/custom-charts/che-jaeger/templates/service-collector.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: Service\nmetadata:\n name: jaeger-collector\n labels:\n app: jaeger\n jaeger-infra: collector-service\nspec:\n ports:\n - name: jaeger-collector-tchannel\n port: 14267\n protocol: TCP\n targetPort: 14267\n - name: jaeger-collector-http\n port: 14268\n protocol: TCP\n targetPort: 14268\n selector:\n jaeger-infra: jaeger-pod\n" }, { "path": "old-charts/che/custom-charts/che-jaeger/templates/service-query.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: Service\nmetadata:\n name: jaeger-query\n labels:\n app: jaeger\n jaeger-infra: jaeger-service\nspec:\n ports:\n - name: query-http\n port: 80\n protocol: TCP\n targetPort: 16686\n selector:\n jaeger-infra: jaeger-pod\n" }, { "path": "old-charts/che/custom-charts/che-jaeger/values.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n# Default values for postgres.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nimage: jaegertracing/all-in-one:latest\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/Chart.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\ndescription: A Helm chart for Keycloak, used by Che\nname: che-keycloak\nversion: 1.0.0\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/templates/deployment.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n labels:\n app: che\n component: keycloak\n io.kompose.service: keycloak\n name: keycloak\nspec:\n replicas: 1\n template:\n metadata:\n labels:\n app: che\n component: keycloak\n io.kompose.service: keycloak\n spec:\n initContainers:\n - name: wait-for-postgres\n image: eclipse/che-endpoint-watcher:{{ .Values.global.cheImageTag }}\n env:\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: ENDPOINT\n value: postgres\n containers:\n - env:\n - name: DB_VENDOR\n value: POSTGRES\n - name: DB_ADDR\n value: postgres\n - name: DB_PORT\n value: \"5432\"\n - name: DB_DATABASE\n value: keycloak\n - name: DB_USER\n value: keycloak\n - name: DB_PASSWORD\n value: keycloak\n - name: KEYCLOAK_USER\n value: admin\n - name: KEYCLOAK_PASSWORD\n value: admin\n - name: CHE_HOST\n value: {{ template \"cheHost\" . }}\n - name: ROUTING_SUFFIX\n value: {{ .Values.global.ingressDomain }}\n - name: NAMESPACE\n value: {{ .Release.Namespace }}\n - name: PROTOCOL\n{{- if .Values.global.tls.enabled }}\n value: \"https\"\n - name: PROXY_ADDRESS_FORWARDING\n value: \"true\"\n{{- else }}\n value: \"http\"\n{{- end }}\n\n image: {{ .Values.repository }}:{{ .Values.global.cheImageTag }}\n command: [\"/scripts/kc_realm_user.sh\"]\n imagePullPolicy: Always\n name: keycloak\n livenessProbe:\n failureThreshold: 11\n initialDelaySeconds: 5\n periodSeconds: 5\n successThreshold: 1\n tcpSocket:\n port: 8080\n timeoutSeconds: 30\n readinessProbe:\n failureThreshold: 10\n httpGet:\n path: auth/js/keycloak.js\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 1\n ports:\n - containerPort: 8080\n resources:\n limits:\n memory: 1536Mi\n requests:\n memory: 1024Mi\n volumeMounts:\n - mountPath: /opt/jboss/keycloak/standalone/data\n name: keycloak-data\n - mountPath: /opt/jboss/keycloak/standalone/log\n name: keycloak-log\n restartPolicy: Always\n securityContext:\n # `fsGroup`, `runAsGroup`, and `runAsUser` must be\n # same values that `USER` in the container image.\n fsGroup: 1000\n runAsGroup: 1000\n runAsUser: 1000\n runAsNonRoot: true\n serviceAccountName: che-keycloak\n volumes:\n - name: keycloak-data\n persistentVolumeClaim:\n claimName: keycloak-data\n - name: keycloak-log\n persistentVolumeClaim:\n claimName: keycloak-log\nstatus: {}\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/templates/endpoints-monitor-role.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n namespace: {{ .Release.Namespace }}\n name: che-endpoints-monitor\nrules:\n- apiGroups: [\"\"]\n resources: [\"services\", \"endpoints\", \"pods\"]\n verbs: [\"get\", \"list\"]" }, { "path": "old-charts/che/custom-charts/che-keycloak/templates/endpoints-monitor-rolebinding.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: {{ .Release.Namespace -}} -keycloak-role-binding\nroleRef:\n kind: Role\n name: che-endpoints-monitor\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: ServiceAccount\n name: che-keycloak\n namespace: {{ .Release.Namespace }}\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/templates/ingress.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n name: keycloak-ingress\n annotations:\n kubernetes.io/ingress.class: {{ .Values.ingress.class }}\n {{- range $key, $value := .Values.ingress.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n{{- if .Values.global.tls.enabled }}\n tls:\n - hosts:\n - {{ template \"keycloakHost\" . }}\n secretName: {{ .Values.global.tls.secretName }}\n{{- end }}\n rules:\n{{- if eq .Values.global.serverStrategy \"default-host\" }}\n - http:\n paths:\n - path: /auth/\n{{- else if eq .Values.global.serverStrategy \"single-host\" }}\n - host: {{ template \"keycloakHost\" . }}\n http:\n paths:\n - path: /auth/\n{{- else }}\n - host: {{ template \"keycloakHost\" . }}\n http:\n paths:\n - path: /\n{{- end }}\n backend:\n serviceName: keycloak\n servicePort: 5050\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/templates/keycloak-data-claim.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n labels:\n io.kompose.service: keycloak-data\n name: keycloak-data\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\nstatus: {}\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/templates/keycloak-log-claim.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n labels:\n io.kompose.service: keycloak-log\n name: keycloak-log\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\nstatus: {}\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/templates/keycloak-serviceaccount.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n labels:\n app: che\n component: keycloak\n name: che-keycloak\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/templates/service.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: Service\nmetadata:\n name: \"keycloak\"\nspec:\n ports:\n - name: \"5050\"\n port: 5050\n targetPort: 8080\n selector:\n io.kompose.service: keycloak\nstatus:\n loadBalancer: {}\n" }, { "path": "old-charts/che/custom-charts/che-keycloak/values.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n# Default values for postgres.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nrepository: eclipse/che-keycloak\nrequireAdminPasswordChange: true\ningress:\n class: nginx\n annotations: {}\n" }, { "path": "old-charts/che/custom-charts/che-plugin-registry/Chart.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: \"v1\"\nname: \"che-plugin-registry\"\nversion: \"0.0.1\"\nhome: \"https://github.com/eclipse/che-plugin-registry/\"\n" }, { "path": "old-charts/che/custom-charts/che-plugin-registry/README.md", "content": "# Che Plugin Registry Helm Chart\n\nThis Helm Chart install [Che](https://github.com/eclipse/che) Plugin Registry. More information about Che Plugin Registry can be found [here](https://github.com/eclipse/che-plugin-registry)." }, { "path": "old-charts/che/custom-charts/che-plugin-registry/templates/deployment.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: che\n component: plugin-registry\n name: plugin-registry\nspec:\n replicas: 1\n revisionHistoryLimit: 2\n selector:\n matchLabels:\n app: che\n component: plugin-registry\n strategy:\n type: RollingUpdate\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n template:\n metadata:\n labels:\n app: che\n component: plugin-registry\n spec:\n containers:\n - image: {{ .Values.chePluginRegistry.repository }}:{{ .Values.global.cheImageTag }}\n imagePullPolicy: {{ .Values.chePluginRegistry.imagePullPolicy }}\n name: che-plugin-registry\n ports:\n - containerPort: 8080\n livenessProbe:\n httpGet:\n path: /v3/plugins/\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n periodSeconds: 10\n timeoutSeconds: 3\n readinessProbe:\n httpGet:\n path: /v3/plugins/\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 3\n periodSeconds: 10\n timeoutSeconds: 3\n resources:\n limits:\n memory: {{ .Values.chePluginRegistry.memoryLimit }}\n requests:\n memory: {{ .Values.chePluginRegistry.memoryRequests }}\n" }, { "path": "old-charts/che/custom-charts/che-plugin-registry/templates/ingress.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n name: plugin-registry\n annotations:\n kubernetes.io/ingress.class: {{ .Values.chePluginRegistry.ingress.class }}\n {{- range $key, $value := .Values.chePluginRegistry.ingress.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n rules:\n - host: {{ printf .Values.global.chePluginRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}\n http:\n paths:\n - path: /\n backend:\n serviceName: plugin-registry\n servicePort: 8080\n{{- if .Values.global.tls.enabled }}\n tls:\n - hosts:\n - {{ printf .Values.global.chePluginRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}\n secretName: {{ .Values.global.tls.secretName }}\n{{- end -}}\n" }, { "path": "old-charts/che/custom-charts/che-plugin-registry/templates/service.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: Service\nmetadata:\n labels:\n app: che\n component: plugin-registry\n name: plugin-registry\nspec:\n ports:\n - protocol: TCP\n port: 8080\n targetPort: 8080\n selector:\n app: che\n component: plugin-registry\n" }, { "path": "old-charts/che/custom-charts/che-plugin-registry/values.yaml", "content": "#\n# Copyright (c) 2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\nchePluginRegistry:\n repository: quay.io/eclipse/che-plugin-registry\n imagePullPolicy: Always\n memoryLimit: 256Mi\n memoryRequests: 16Mi\n ingress:\n class: nginx\n annotations: {}\n" }, { "path": "old-charts/che/custom-charts/che-postgres/.helmignore", "content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n" }, { "path": "old-charts/che/custom-charts/che-postgres/Chart.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\ndescription: A Helm chart for postgresql, used by Che\nname: che-postgres\nversion: 1.0.0\n" }, { "path": "old-charts/che/custom-charts/che-postgres/templates/deployment.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n creationTimestamp: null\n labels:\n app: che\n component: postgres\n io.kompose.service: postgres\n name: postgres\nspec:\n replicas: 1\n template:\n metadata:\n labels:\n app: che\n component: postgres\n io.kompose.service: postgres\n spec:\n securityContext:\n runAsUser: 26\n fsGroup: 26\n containers:\n - env:\n - name: POSTGRESQL_USER\n value: keycloak\n - name: POSTGRESQL_PASSWORD\n value: keycloak\n - name: POSTGRESQL_DATABASE\n value: keycloak\n - name: \"CHE_POSTGRES_USERNAME\"\n value: \"pgche\"\n - name: \"CHE_POSTGRES_PASSWORD\"\n value: \"pgchepassword\"\n - name: \"CHE_POSTGRES_DATABASE\"\n value: \"dbche\"\n {{- if .Values.global.postgresDebugLogs }}\n - name: \"POSTGRESQL_LOG_DEBUG\"\n value: \"true\"\n {{- end }}\n image: {{ .Values.repository }}:{{ .Values.global.cheImageTag }}\n securityContext:\n runAsUser: 26\n imagePullPolicy: Always\n name: postgres\n livenessProbe:\n failureThreshold: 3\n initialDelaySeconds: 30\n periodSeconds: 10\n successThreshold: 1\n tcpSocket:\n port: 5432\n timeoutSeconds: 1\n readinessProbe:\n exec:\n command:\n - bash\n - -c\n - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d $POSTGRESQL_DATABASE -c \"SELECT 1\"\n failureThreshold: 10\n initialDelaySeconds: 5\n periodSeconds: 3\n successThreshold: 1\n timeoutSeconds: 1\n ports:\n - containerPort: 5432\n resources: {}\n volumeMounts:\n - mountPath: /var/lib/pgsql/data\n name: postgres-data\n restartPolicy: Always\n volumes:\n - name: postgres-data\n persistentVolumeClaim:\n claimName: postgres-data\nstatus: {}\n" }, { "path": "old-charts/che/custom-charts/che-postgres/templates/postgres-data-claim.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n creationTimestamp: null\n labels:\n io.kompose.service: postgres-data\n name: postgres-data\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\nstatus: {}\n" }, { "path": "old-charts/che/custom-charts/che-postgres/templates/service.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: Service\nmetadata:\n creationTimestamp: null\n labels:\n io.kompose.service: postgres\n name: postgres\nspec:\n ports:\n - name: \"5432\"\n port: 5432\n targetPort: 5432\n selector:\n io.kompose.service: postgres\nstatus:\n loadBalancer: {}\n" }, { "path": "old-charts/che/custom-charts/che-postgres/values.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n# Default values for postgres.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\nrepository: eclipse/che-postgres\n" }, { "path": "old-charts/che/requirements.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\ndependencies:\n - name: che-devfile-registry\n repository: file://./custom-charts/che-devfile-registry/\n version: 0.0.1\n condition: cheDevfileRegistry.deploy\n - name: che-plugin-registry\n repository: file://./custom-charts/che-plugin-registry/\n version: 0.0.1\n condition: chePluginRegistry.deploy\n - name: che-postgres\n repository: file://./custom-charts/che-postgres/\n version: 1.0.0\n condition: global.multiuser\n - name: che-keycloak\n repository: file://./custom-charts/che-keycloak/\n version: 1.0.0\n condition: global.cheDedicatedKeycloak,global.multiuser\n - name: che-jaeger\n repository: file://./custom-charts/che-jaeger\n version: 1.0.0\n condition: jaeger.deploy\n - name: prometheus\n repository: https://kubernetes-charts.storage.googleapis.com/\n version: ^7.4.5\n condition: prometheus.deploy\n - name: grafana\n repository: https://kubernetes-charts.storage.googleapis.com/\n version: ^1.19.0\n condition: grafana.deploy\n" }, { "path": "old-charts/che/templates/NOTES.txt", "content": "You can access your che instance through {{ template \"cheHost\" . }}" }, { "path": "old-charts/che/templates/_hostHelper.tpl", "content": "{{- define \"cheHost\" }}\n{{- if or (eq .Values.global.serverStrategy \"default-host\") (eq .Values.global.serverStrategy \"single-host\") }}\n{{- printf \"%s\" .Values.global.ingressDomain }}\n{{- else }}\n{{- printf \"che-%s.%s\" .Release.Namespace .Values.global.ingressDomain }}\n{{- end }}\n{{- end }}\n" }, { "path": "old-charts/che/templates/_keycloakAuthUrlHelper.tpl", "content": "{{- define \"keycloakAuthUrl\" }}\n {{- if or (eq .Values.global.serverStrategy \"default-host\") (eq .Values.global.serverStrategy \"single-host\") }}\n {{- if .Values.global.tls.enabled }}\n {{- printf \"https://%s/auth\" .Values.global.ingressDomain }}\n {{- else }}\n {{- printf \"http://%s/auth\" .Values.global.ingressDomain }}\n {{- end }}\n {{- else }}\n {{- if .Values.global.tls.enabled }}\n {{- printf \"https://keycloak-%s.%s/auth\" .Release.Namespace .Values.global.ingressDomain }}\n {{- else }}\n {{- printf \"http://keycloak-%s.%s/auth\" .Release.Namespace .Values.global.ingressDomain }}\n {{- end }}\n {{- end }}\n{{- end }}\n" }, { "path": "old-charts/che/templates/_keycloakHostHelper.tpl", "content": "{{- define \"keycloakHost\" }}\n{{- if or (eq .Values.global.serverStrategy \"default-host\") (eq .Values.global.serverStrategy \"single-host\") }}\n{{- printf \"%s\" .Values.global.ingressDomain }}\n{{- else }}\n{{- printf \"keycloak-%s.%s\" .Release.Namespace .Values.global.ingressDomain }}\n{{- end }}\n{{- end }}" }, { "path": "old-charts/che/templates/_secretHelper.tpl", "content": "{{- define \"imagePullSecret\" }}\n{{- if .Values.registry }}\n{{- if and .Values.registry.password .Values.registry.username }}\n{{- printf \"{\\\"auths\\\": {\\\"%s\\\": {\\\"auth\\\": \\\"%s\\\"}}}\" .Values.registry.host (printf \"%s:%s\" .Values.registry.username .Values.registry.password | b64enc) | b64enc }}\n{{- end }}\n{{- end }}\n{{- end }}\n" }, { "path": "old-charts/che/templates/cluster-role-binding.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: {{ .Release.Namespace -}} -che-clusterrole-binding\nroleRef:\n kind: ClusterRole\n name: cluster-admin\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: ServiceAccount\n name: che\n namespace: {{ .Release.Namespace }}\n" }, { "path": "old-charts/che/templates/configmap.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n labels:\n app: che\n component: che\n name: che\ndata:\n CHE_HOST: {{ template \"cheHost\" . }}\n CHE_PORT: \"8080\"\n{{- if and .Values.global.tls .Values.global.tls.enabled }}\n CHE_API: https://{{ template \"cheHost\" . }}/api\n CHE_WEBSOCKET_ENDPOINT: wss://{{ template \"cheHost\" . }}/api/websocket\n CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: https://{{ template \"cheHost\" . }}/agent-binaries/linux_amd64/bootstrapper/bootstrapper\n{{ else }}\n CHE_API: http://{{ template \"cheHost\" . }}/api\n CHE_WEBSOCKET_ENDPOINT: ws://{{ template \"cheHost\" . }}/api/websocket\n CHE_WEBSOCKET_ENDPOINT__MINOR: ws://{{ template \"cheHost\" . }}/api/websocket-minor\n CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: http://{{ template \"cheHost\" . }}/agent-binaries/linux_amd64/bootstrapper/bootstrapper\n{{- end }}\n CHE_DEBUG_SERVER: \"true\"\n CHE_INFRASTRUCTURE_ACTIVE: \"kubernetes\"\n CHE_INFRA_KUBERNETES_INGRESS_DOMAIN: {{ .Values.global.ingressDomain }}\n CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN: \"5\"\n CHE_INFRA_KUBERNETES_MASTER__URL: \"\"\n{{- if and .Values.global.tls .Values.global.tls.enabled }}\n CHE_INFRA_KUBERNETES_TLS__ENABLED: {{ .Values.global.tls.enabled | quote}}\n CHE_INFRA_KUBERNETES_TLS__SECRET: {{ .Values.global.tls.secretName }}\n{{- else }}\n CHE_INFRA_KUBERNETES_TLS__ENABLED: \"false\"\n CHE_INFRA_KUBERNETES_TLS__SECRET: \"\"\n{{- end }}\n{{- if .Values.global.multiuser }}\n CHE_KEYCLOAK_CLIENT__ID: {{ .Values.cheKeycloakClientId | quote}}\n CHE_KEYCLOAK_AUTH__SERVER__URL: {{ template \"keycloakAuthUrl\" . }}\n CHE_KEYCLOAK_REALM: {{ .Values.cheKeycloakRealm }}\n{{- end }}\n{{- if (and .Values.global.multiuser .Values.customOidcProvider) }}\n CHE_KEYCLOAK_OIDC__PROVIDER: {{ .Values.customOidcProvider }}\n{{- end }}\n{{- if and .Values.global.multiuser .Values.customOidcUsernameClaim }}\n CHE_KEYCLOAK_USERNAME__CLAIM: {{ .Values.customOidcUsernameClaim }}\n{{- end }}\n CHE_INFRA_KUBERNETES_NAMESPACE: {{ .Values.global.cheWorkspacesNamespace | quote}}\n CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME: {{ .Values.global.cheWorkspaceServiceAccount }}\n CHE_INFRA_KUBERNETES_TRUST__CERTS: \"false\"\n CHE_INFRA_KUBERNETES_PVC_STRATEGY: \"common\"\n CHE_INFRA_KUBERNETES_PVC_QUANTITY: {{ .Values.global.pvcClaim }}\n CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS: \"true\"\n CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER: \"{{ .Values.global.securityContext.runAsUser }}\"\n CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP: \"{{ .Values.global.securityContext.fsGroup }}\"\n CHE_LOCAL_CONF_DIR: /etc/conf\n CHE_LOGS_DIR: /data/logs\n CHE_LOG_LEVEL: \"INFO\"\n CHE_MULTIUSER: {{ .Values.global.multiuser | quote }}\n CHE_OAUTH_GITHUB_CLIENTID: {{ .Values.global.gitHubClientID | quote}}\n CHE_OAUTH_GITHUB_CLIENTSECRET: {{ .Values.global.gitHubClientSecret | quote}}\n JAVA_OPTS: \"-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true -Xms20m \"\n CHE_WORKSPACE_AUTO_START: \"false\"\n CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{\"kubernetes.io/ingress.class\": \"{{ .Values.workspace.ingress.class }}\" {{- range $key, $value := .Values.workspace.ingress.annotations }},{{ $key | quote }}: {{ $value | quote }}{{- end }}}'\n CHE_INFRA_KUBERNETES_INGRESS_PATH__TRANSFORM: '%s(.*)'\n CHE_INFRA_KUBERNETES_SERVER__STRATEGY: {{ .Values.global.serverStrategy }}\n CHE_LOGGER_CONFIG: {{ .Values.global.log.loggerConfig | quote}}\n CHE_LOGS_APPENDERS_IMPL: {{ .Values.global.log.appenderName }}\n CHE_WORKSPACE_HTTP__PROXY: {{ .Values.cheWorkspaceHttpProxy | quote}}\n CHE_WORKSPACE_HTTPS__PROXY: {{ .Values.cheWorkspaceHttpsProxy | quote}}\n CHE_WORKSPACE_NO__PROXY: {{ .Values.cheWorkspaceNoProxy | quote}}\n CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT: '{{ .Values.global.workspaceIdleTimeout }}'\n{{- if .Values.workspaceDefaultRamRequest }}\n CHE_WORKSPACE_DEFAULT_MEMORY_REQUEST_MB: {{ .Values.workspaceDefaultRamRequest }}\n{{- end }}\n{{- if .Values.workspaceDefaultRamLimit }}\n CHE_WORKSPACE_DEFAULT_MEMORY_LIMIT_MB: {{ .Values.workspaceDefaultRamLimit }}\n{{- end }}\n{{- if .Values.che.workspace.devfileRegistryUrl }}\n CHE_WORKSPACE_DEVFILE__REGISTRY__URL: {{ .Values.che.workspace.devfileRegistryUrl | quote }}\n{{- else if .Values.cheDevfileRegistry.deploy }}\n {{- if .Values.global.tls.enabled }}\n CHE_WORKSPACE_DEVFILE__REGISTRY__URL: https://{{ printf .Values.global.cheDevfileRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}\n {{- else }}\n CHE_WORKSPACE_DEVFILE__REGISTRY__URL: http://{{ printf .Values.global.cheDevfileRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}\n {{- end }}\n{{- end }}\n{{- if .Values.che.workspace.pluginRegistryUrl }}\n CHE_WORKSPACE_PLUGIN__REGISTRY__URL: {{ .Values.che.workspace.pluginRegistryUrl | quote }}\n{{- else if .Values.chePluginRegistry.deploy }}\n {{- if .Values.global.tls.enabled }}\n CHE_WORKSPACE_PLUGIN__REGISTRY__URL: https://{{ printf .Values.global.chePluginRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}/v3\n {{- else }}\n CHE_WORKSPACE_PLUGIN__REGISTRY__URL: http://{{ printf .Values.global.chePluginRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}/v3\n {{- end }}\n{{- end }}\n{{- if .Values.workspaceSidecarDefaultRamLimit }}\n CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB: {{ .Values.workspaceSidecarDefaultRamLimit }}\n{{- end }}\n{{- if .Values.global.cheWorkspaceClusterRole }}\n CHE_INFRA_KUBERNETES_CLUSTER__ROLE__NAME: {{ .Values.global.cheWorkspaceClusterRole }}\n{{- end }}\n CHE_CORS_ENABLED: \"true\"\n CHE_CORS_ALLOW__CREDENTIALS: \"false\"\n CHE_CORS_ALLOWED__ORIGINS: \"*\"\n CHE_WSAGENT_CORS_ENABLED: \"true\"\n CHE_WSAGENT_CORS_ALLOW__CREDENTIALS: \"true\"\n CHE_WSAGENT_CORS_ALLOWED__ORIGINS: \"NULL\"\n CHE_TRACING_ENABLED: {{ .Values.global.tracingEnabled | quote }}\n JAEGER_ENDPOINT: \"http://jaeger-collector:14268/api/traces\"\n JAEGER_SERVICE_NAME: \"che-server\"\n JAEGER_SAMPLER_MANAGER_HOST_PORT: \"jaeger:5778\"\n JAEGER_SAMPLER_TYPE: \"const\"\n JAEGER_SAMPLER_PARAM: \"1\"\n JAEGER_REPORTER_MAX_QUEUE_SIZE: \"10000\"\n CHE_METRICS_ENABLED: {{ .Values.global.metricsEnabled | quote }}\n CHE_WORKSPACE_JAVA__OPTIONS: \"-Xmx2000m\"\n CHE_WORKSPACE_MAVEN__OPTIONS: \"-Xmx20000m\"\n CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN: \"15\"\n" }, { "path": "old-charts/che/templates/deployment.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n labels:\n app: che\n component: che\n name: che\nspec:\n replicas: 1\n revisionHistoryLimit: 2\n selector:\n matchLabels:\n app: che\n strategy:\n type: Recreate\n template:\n metadata:\n labels:\n app: che\n component: che\n spec:\n securityContext:\n fsGroup: {{ .Values.global.securityContext.fsGroup }}\n initContainers:\n{{- if .Values.global.multiuser }}\n - name: wait-for-postgres\n image: eclipse/che-endpoint-watcher:{{ .Values.global.cheImageTag}}\n env:\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: ENDPOINT\n value: postgres\n{{- end }}\n#wait for keycloak if in multiuser mode and .Values.customOidcProvider was not defined\n{{- if (and .Values.global.multiuser (not .Values.customOidcProvider)) }}\n - name: wait-for-keycloak\n image: eclipse/che-endpoint-watcher:{{ .Values.global.cheImageTag}}\n env:\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: ENDPOINT\n value: keycloak\n{{- end }}\n{{- if not .Values.global.multiuser }}\n - name: fmp-volume-permission\n image: busybox\n command: [\"chmod\", \"777\", \"/data\"]\n volumeMounts: [{\n \"mountPath\": \"/data\",\n \"name\": \"che-data-volume\"\n }]\n{{- end }}\n containers:\n - envFrom:\n - configMapRef:\n name: che\n env:\n - name: OPENSHIFT_KUBE_PING_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n {{- if .Values.global.tls.enabled }}\n\n # If self-signed-cert is used then configure Che Server with certificate content\n # to propagate it to trust store\n {{- if .Values.global.tls.useSelfSignedCerts }}\n - name: CHE_SELF__SIGNED__CERT\n valueFrom:\n secretKeyRef:\n key: ca.crt\n name: {{ .Values.global.tls.selfSignedCertSecretName }}\n optional: false\n {{- end }}\n\n # If workspaces are created in different namespace than Che Server's one\n # then configure Che Server to propagate TLS secret to workspaces' namespaces\n {{- if ne .Release.Namespace .Values.global.cheWorkspacesNamespace }}\n - name: \"CHE_INFRA_KUBERNETES_TLS__CERT\"\n valueFrom:\n secretKeyRef:\n key: tls.crt\n name: {{ .Values.global.tls.secretName }}\n optional: false\n - name: \"CHE_INFRA_KUBERNETES_TLS__KEY\"\n valueFrom:\n secretKeyRef:\n key: tls.key\n name: {{ .Values.global.tls.secretName }}\n optional: false\n {{- end }}\n {{- end }}\n image: {{ .Values.cheImage }}:{{ .Values.global.cheImageTag}}\n imagePullPolicy: {{ .Values.cheImagePullPolicy }}\n securityContext:\n runAsUser: {{ .Values.global.securityContext.runAsUser }}\n livenessProbe:\n httpGet:\n path: /api/system/state\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 120\n timeoutSeconds: 10\n name: che\n ports:\n - containerPort: 8080\n name: http\n - containerPort: 8000\n name: http-debug\n - containerPort: 8888\n name: jgroups-ping\n - containerPort: 8087\n name: http-metrics\n readinessProbe:\n httpGet:\n path: /api/system/state\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 15\n timeoutSeconds: 60\n resources:\n limits:\n memory: 600Mi\n requests:\n memory: 256Mi\n{{- if not .Values.global.multiuser }}\n volumeMounts:\n - mountPath: /data\n name: che-data-volume\n volumes:\n - name: che-data-volume\n persistentVolumeClaim:\n claimName: che-data-volume\n{{- end }}\n{{- if .Values.registry }}\n{{- if and .Values.registry.password .Values.registry.username }}\n imagePullSecrets:\n - name: registry-pull-secret\n{{- end }}\n{{- end }}\n serviceAccountName: che\n" }, { "path": "old-charts/che/templates/exec-role.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n{{- if (.Values.global.cheWorkspacesNamespace) }}\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: exec\n namespace: {{ .Values.global.cheWorkspacesNamespace }}\nrules:\n- apiGroups:\n - \"\"\n attributeRestrictions: null\n resources:\n - pods/exec\n verbs:\n - create\n{{- end }}\n" }, { "path": "old-charts/che/templates/ingress.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n name: che-ingress\n annotations:\n kubernetes.io/ingress.class: {{ .Values.che.ingress.class }}\n {{- range $key, $value := .Values.che.ingress.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n{{- if .Values.global.tls.enabled }}\n tls:\n - hosts:\n - {{ template \"cheHost\" . }}\n secretName: {{ .Values.global.tls.secretName }}\n{{- end }}\n rules:\n{{- if ne .Values.global.serverStrategy \"default-host\" }}\n - host: {{ template \"cheHost\" . }}\n http:\n{{- else }}\n - http:\n{{- end }}\n paths:\n - path: /\n backend:\n serviceName: che-host\n servicePort: 8080\n" }, { "path": "old-charts/che/templates/metrics-ingress.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n{{- define \"prometheusHost\" }}\n{{- printf \"prometheus-%s.%s\" .Release.Namespace .Values.global.ingressDomain }}\n{{- end }}\n\n{{- define \"grafanaHost\" }}\n{{- printf \"grafana-%s.%s\" .Release.Namespace .Values.global.ingressDomain }}\n{{- end }}\n\n\n{{ if or .Values.prometheus.deploy .Values.grafana.deploy }}\n\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n name: che-metrics-ingress\n annotations:\n kubernetes.io/ingress.class: \"{{ .Values.metrics.ingress.class }}\"\n {{- range $key, $value := .Values.metrics.ingress.annotations }}\n {{ $key }}: {{ $value | quote }}\n {{- end }}\nspec:\n{{- if .Values.global.tls.enabled }}\n tls:\n - hosts:\n {{- if .Values.prometheus.deploy }}\n - {{ template \"prometheusHost\" . }}\n {{- end }}\n {{- if .Values.grafana.deploy }}\n - {{ template \"grafanaHost\" . }}\n {{- end }}\n secretName: {{ .Values.global.tls.secretName }}\n{{- end }}\n{{- if .Values.prometheus.deploy }}\n rules:\n - host: {{ template \"prometheusHost\" . }}\n http:\n paths:\n - path: /\n backend:\n serviceName: che-prometheus-server\n servicePort: 80\n{{- end }}\n{{- if .Values.grafana.deploy }}\n - host: {{ template \"grafanaHost\" . }}\n http:\n paths:\n - path: /\n backend:\n serviceName: che-grafana\n servicePort: 80\n{{- end }}\n\n{{- end }}\n" }, { "path": "old-charts/che/templates/pvc.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n{{- if not .Values.global.multiuser }}\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n labels:\n app: che\n component: che\n name: che-data-volume\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n{{- end }}\n" }, { "path": "old-charts/che/templates/registry-pull-secret.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n{{- if .Values.registry }}\n{{- if and .Values.registry.password .Values.registry.username }}\n# When creating a pod based on an image that resides in a private Docker registry (a secure registry protected by basic authentication),\n# one must specify an imagePullSecrets as part of the pod's spec.\n# (see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret)\n\n# This resource creates a docker registry pull secret that's based on values provided in values.yaml (it relies on a template defined in _secretHelper.tpl). The secret must be deployed to\n# the same namespace in which the pod will be created.\napiVersion: v1\nkind: Secret\nmetadata:\n name: registry-pull-secret\ntype: kubernetes.io/dockerconfigjson\ndata:\n .dockerconfigjson: {{ template \"imagePullSecret\" . }}\n{{- end }}\n{{- end }}\n" }, { "path": "old-charts/che/templates/service.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: Service\nmetadata:\n labels:\n app: che\n component: che\n name: che-host\nspec:\n ports:\n - name: http\n port: 8080\n protocol: TCP\n targetPort: 8080\n - name: metrics\n port: 8087\n protocol: TCP\n targetPort: 8087\n selector:\n app: che\n component: che\n" }, { "path": "old-charts/che/templates/serviceaccount.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n labels:\n app: che\n component: che\n name: che\n" }, { "path": "old-charts/che/templates/wildcard-certificate.yaml", "content": "{{- if .Values.global.tls.letsEncrypt.isDeployed }}\napiVersion: cert-manager.io/v1alpha2\nkind: Certificate\nmetadata:\n name: che-wildcard-certificate\nspec:\n secretName: {{ .Values.global.tls.secretName }}\n dnsNames:\n - {{ .Values.global.ingressDomain }}\n - \"*.{{ .Values.global.ingressDomain }}\"\n issuerRef:\n kind: ClusterIssuer\n name: {{ .Values.global.tls.letsEncrypt.clusterIssuer }}\n commonName: \"*.{{ .Values.global.ingressDomain }}\"\n{{- end }}\n" }, { "path": "old-charts/che/templates/workspace-exec-role-binding.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n{{- if (.Values.global.cheWorkspacesNamespace) }}\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: che-workspace-exec\n namespace: {{ .Values.global.cheWorkspacesNamespace }}\nroleRef:\n kind: Role\n name: exec\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: ServiceAccount\n name: {{ .Values.global.cheWorkspaceServiceAccount }}\n namespace: {{ .Values.global.cheWorkspacesNamespace }}\n{{- end }}\n" }, { "path": "old-charts/che/templates/workspace-service-account.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n{{- if (.Values.global.cheWorkspacesNamespace) }}\nkind: ServiceAccount\napiVersion: v1\nmetadata:\n name: {{ .Values.global.cheWorkspaceServiceAccount }}\n namespace: {{ .Values.global.cheWorkspacesNamespace }}\n{{- end }}\n" }, { "path": "old-charts/che/templates/workspace-view-role-binding.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n{{- if (.Values.global.cheWorkspacesNamespace) }}\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: che-workspace-view\n namespace: {{ .Values.global.cheWorkspacesNamespace }}\nroleRef:\n kind: Role\n name: workspace-view\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: ServiceAccount\n name: {{ .Values.global.cheWorkspaceServiceAccount }}\n namespace: {{ .Values.global.cheWorkspacesNamespace }}\n{{- end }}\n" }, { "path": "old-charts/che/templates/workspace-view-role.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n{{- if (.Values.global.cheWorkspacesNamespace) }}\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: workspace-view\n namespace: {{ .Values.global.cheWorkspacesNamespace }}\nrules:\n- apiGroups:\n - \"\"\n attributeRestrictions: null\n resources:\n - pods\n - services\n verbs:\n - list\n{{- end }}\n" }, { "path": "old-charts/che/tiller-rbac.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: tiller-role-binding\nroleRef:\n kind: ClusterRole\n name: cluster-admin\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: ServiceAccount\n name: tiller\n namespace: kube-system\n\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: tiller\n namespace: kube-system\n\n####################################################\n# after applying this resource, run this command:\n# helm init --service-account tiller\n# or if your already performed helm init, run this command:\n# kubectl patch deploy --namespace kube-system tiller-deploy -p '{\"spec\":{\"template\":{\"spec\":{\"serviceAccount\":\"tiller\"}}}}'\n# see: https://github.com/kubernetes/helm/issues/2224, https://stackoverflow.com/a/45306258/2365824\n####################################################\n" }, { "path": "old-charts/che/values/default-host.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\nglobal:\n multiuser: true\n ingressDomain: 192.168.99.100\n serverStrategy: default-host\n" }, { "path": "old-charts/che/values/multi-user.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\nglobal:\n multiuser: true\n\n" }, { "path": "old-charts/che/values/tls.yaml", "content": "#\n# Copyright (c) 2012-2019 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\nglobal:\n tls:\n enabled: true\n secretName: che-tls\n" }, { "path": "old-charts/che/values.yaml", "content": "#\n# Copyright (c) 2012-2018 Red Hat, Inc.\n# This program and the accompanying materials are made\n# available under the terms of the Eclipse Public License 2.0\n# which is available at https://www.eclipse.org/legal/epl-2.0/\n#\n# SPDX-License-Identifier: EPL-2.0\n#\n\n# the following section is for secure registries. when uncommented, a pull secret will be created\n# registry:\n# host: my-secure-private-registry.com\n# username: myUser\n# password: myPass\n\ncheWorkspaceHttpProxy: \"\"\ncheWorkspaceHttpsProxy: \"\"\ncheWorkspaceNoProxy: \"\"\ncheImage: eclipse/che-server\ncheImagePullPolicy: Always\ncheKeycloakRealm: \"che\"\ncheKeycloakClientId: \"che-public\"\n# customOidcUsernameClaim: \"\"\n# customOidcProvider: \"\"\n# workspaceDefaultRamRequest: \"\"\n# workspaceDefaultRamLimit: \"\"\n# workspaceSidecarDefaultRamLimit: \"\"\n\nglobal:\n ## ImageTag used for all che related images\n cheImageTag: nightly\n\n multiuser: false\n # This value can be passed if custom Oidc provider is used, and there is no need to deploy keycloak in multiuser mode\n # default (if empty) is true\n # cheDedicatedKeycloak: false\n ingressDomain: 192.168.99.100.nip.io\n # See --annotations-prefix flag (https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/cli-arguments.md)\n ingressAnnotationsPrefix: \"nginx.\"\n # options: default-host, single-host, multi-host\n serverStrategy: multi-host\n\n ## Allows to enable and configure TLS\n tls:\n enabled: false\n\n ## Secret name that will be used in ALL Che Ingresses for setting TLS up\n ## Note the helm chart does not create this secret and\n ## it MUST be pre-created in the configured Che namespace as a wildcard certificate\n secretName: che-tls\n\n ## If isDeployed is set to `true` then a Certificate CRD will be created that will request\n ## a wildcard certificate from Let's Encrypt using your specified cluster-issuer and ingressDomain.\n ## The name of the secret will be the `secretName` specified above.\n letsEncrypt:\n isDeployed: false\n clusterIissuer:\n\n\n ## If self-signed certificate is enabled\n ## then certificate from `tls.selfSignedCertSecretName` will be propagated to Che components' trust stores\n useSelfSignedCerts: false\n selfSignedCertSecretName: self-signed-cert\n\n gitHubClientID: \"\"\n gitHubClientSecret: \"\"\n pvcClaim: \"1Gi\"\n cheWorkspacesNamespace: \"\"\n # Service account name that will be mounted to workspaces pods\n # Note that:\n # if `cheWorkspacesNamespace` is configured then service account with configured name will be created by helm chart during deploying Che\n # if `cheWorkspacesNamespace` is empty then Che Server creates new namespace for each workspace and ensures that configured SA exists there\n cheWorkspaceServiceAccount: \"che-workspace\"\n # If set, Che will bind the specified cluster role to the workspace service account when creating a workspace.\n cheWorkspaceClusterRole: \"\"\n workspaceIdleTimeout: \"-1\"\n log:\n loggerConfig: \"\"\n appenderName: \"plaintext\"\n tracingEnabled: false\n metricsEnabled: false\n # Run Che and Che workspaces as the same non-root user\n securityContext:\n runAsUser: 1724\n fsGroup: 1724\n postgresDebugLogs: false\n cheDevfileRegistryUrlFormat: \"devfile-registry-%s.%s\"\n chePluginRegistryUrlFormat: \"plugin-registry-%s.%s\"\n\nche:\n workspace: {}\n ingress:\n class: nginx\n annotations:\n nginx.ingress.kubernetes.io/proxy-read-timeout: \"3600\"\n nginx.ingress.kubernetes.io/proxy-connect-timeout: \"3600\"\n# devfileRegistryUrl: \"https://che-devfile-registry.openshift.io/\"\n# pluginRegistryUrl: \"https://che-plugin-registry.openshift.io/v3\"\n\nworkspace:\n ingress:\n class: nginx\n annotations:\n nginx.ingress.kubernetes.io/rewrite-target: /$1\n nginx.ingress.kubernetes.io/proxy-connect-timeout: 3600\n nginx.ingress.kubernetes.io/proxy-read-timeout: 3600\n\ncheDevfileRegistry:\n deploy: true\n\nchePluginRegistry:\n deploy: true\n\njaeger:\n deploy: false\n\nmetrics:\n ingress:\n class: nginx\n annotations:\n nginx.ingress.kubernetes.io/proxy-read-timeout: \"3600\"\n nginx.ingress.kubernetes.io/proxy-connect-timeout: \"3600\"\n\nprometheus:\n deploy: false\n alertmanager:\n enabled: false\n kubeStateMetrics:\n enabled: false\n nodeExporter:\n enabled: false\n pushgateway:\n enabled: false\n rbac:\n enabled: false\n serverFiles:\n prometheus.yml:\n scrape_configs:\n - job_name: che\n static_configs:\n - targets:\n - che-host:8087\n\ngrafana:\n deploy: false\n adminUser: admin\n adminPassword: admin\n datasources:\n datasources.yaml:\n apiVersion: 1\n datasources:\n - name: che\n type: prometheus\n access: proxy\n url: http://che-prometheus-server\n isDefault: true\n dashboardProviders:\n dashboardproviders.yaml:\n apiVersion: 1\n providers:\n - name: default\n editable: true\n type: file\n folder: ''\n orgId: 1\n options:\n path: /var/lib/grafana/dashboards/default\n dashboards:\n default:\n chejvm:\n json: |\n {\n \"annotations\": {\n \"list\": [\n {\n \"builtIn\": 1,\n \"datasource\": \"-- Grafana --\",\n \"enable\": true,\n \"hide\": true,\n \"iconColor\": \"rgba(0, 211, 255, 1)\",\n \"name\": \"Annotations & Alerts\",\n \"type\": \"dashboard\"\n }\n ]\n },\n \"editable\": true,\n \"gnetId\": null,\n \"graphTooltip\": 0,\n \"id\": 1,\n \"links\": [],\n \"panels\": [\n {\n \"aliasColors\": {},\n \"bars\": false,\n \"dashLength\": 10,\n \"dashes\": false,\n \"datasource\": \"che\",\n \"fill\": 1,\n \"gridPos\": {\n \"h\": 9,\n \"w\": 12,\n \"x\": 0,\n \"y\": 0\n },\n \"id\": 2,\n \"legend\": {\n \"avg\": false,\n \"current\": false,\n \"max\": false,\n \"min\": false,\n \"show\": true,\n \"total\": false,\n \"values\": false\n },\n \"lines\": true,\n \"linewidth\": 1,\n \"links\": [],\n \"nullPointMode\": \"null\",\n \"percentage\": false,\n \"pointradius\": 5,\n \"points\": false,\n \"renderer\": \"flot\",\n \"seriesOverrides\": [],\n \"spaceLength\": 10,\n \"stack\": false,\n \"steppedLine\": false,\n \"targets\": [\n {\n \"expr\": \"jvm_memory_used_bytes{job=\\\"che\\\"}\",\n \"format\": \"time_series\",\n \"interval\": \"\",\n \"intervalFactor\": 1,\n \"legendFormat\": \"{{ id }}\",\n \"refId\": \"A\"\n }\n ],\n \"thresholds\": [],\n \"timeFrom\": null,\n \"timeShift\": null,\n \"title\": \"Che JVM Heap\",\n \"tooltip\": {\n \"shared\": true,\n \"sort\": 0,\n \"value_type\": \"individual\"\n },\n \"type\": \"graph\",\n \"xaxis\": {\n \"buckets\": null,\n \"mode\": \"time\",\n \"name\": null,\n \"show\": true,\n \"values\": []\n },\n \"yaxes\": [\n {\n \"format\": \"short\",\n \"label\": null,\n \"logBase\": 1,\n \"max\": null,\n \"min\": null,\n \"show\": true\n },\n {\n \"format\": \"short\",\n \"label\": null,\n \"logBase\": 1,\n \"max\": null,\n \"min\": null,\n \"show\": true\n }\n ],\n \"yaxis\": {\n \"align\": false,\n \"alignLevel\": null\n }\n }\n ],\n \"refresh\": false,\n \"schemaVersion\": 16,\n \"style\": \"dark\",\n \"tags\": [],\n \"templating\": {\n \"list\": []\n },\n \"timepicker\": {\n \"refresh_intervals\": [\n \"5s\",\n \"10s\",\n \"30s\",\n \"1m\",\n \"5m\",\n \"15m\",\n \"30m\",\n \"1h\",\n \"2h\",\n \"1d\"\n ],\n \"time_options\": [\n \"5m\",\n \"15m\",\n \"1h\",\n \"6h\",\n \"12h\",\n \"24h\",\n \"2d\",\n \"7d\",\n \"30d\"\n ]\n },\n \"timezone\": \"\",\n \"title\": \"Che JVM Heap\",\n \"uid\": \"IkmWvLLmk\",\n \"version\": 1\n }\n" }, { "path": "pom.xml", "content": "\n\n 4.0.0\n\n uk.co.haywood-associates\n charts\n 1.0.0-SNAPSHOT\n\n pom\n\n\n" }, { "path": "test.yaml", "content": "# See https://github.com/helm/chart-testing#configuration\nremote: origin\nchart-dirs:\n - charts\nchart-repos:\n - bitnami=https://charts.bitnami.com/bitnami\nexcluded-charts:\n - che\nhelm-extra-args: --timeout 600s\n" } ]