forked from sonatype/helm3-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
287 lines (249 loc) · 9.31 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
---
# Default values for iqserver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
statefulset:
# This is not supported
enabled: false
replicaCount: 1
deploymentStrategy: Recreate
image:
# Sonatype Official Public Image
repository: sonatype/nexus-iq-server
tag: 1.168.0
pullPolicy: IfNotPresent
imagePullSecrets:
# for image registries that require login, specify the name of the existing
# kubernetes secret
# - name: <pull-secret-name>
# Set fixOwner.enabled to true, when upgrading from IQ versions 1.117 or 1.100, to change file ownership.
fixOwner:
enabled: false
updateUser: 1000
updateGroup: 1000
iq:
name: nxiq
hostname: iq-server.demo
applicationPort: 8070
adminPort: 8071
# base 64 encoded license file with no line breaks
licenseSecret: ""
# add this line with this file path and the `licenseSecret` above to autoconfigure licensing
# licenseFile: /etc/nexus-iq-license/license_lic
extraLabels:
# add the following two lines to mount a secrets volume within the container at the specified location
# secretName: secret-jks
# secretMountName: /etc/secret-volume
env:
- name: JAVA_OPTS
value: "-Djava.util.prefs.userRoot=$(SONATYPE_WORK)/javaprefs"
# In conjunction with 'secretName' and 'secretMountName' above, this is an example of how to inject required password
# secrets into the runtime environment, and how to modify the startup of the server to utilize custom Java SSL stores.
# - name: TRUSTSTORE_PASSWORD
# valueFrom:
# secretKeyRef:
# name: secret-jks
# key: truststorePassword
# - name: KEYSTORE_PASSWORD
# valueFrom:
# secretKeyRef:
# name: secret-jks
# key: keystorePassword
# - name: JAVA_OPTS
# value: "-Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStore=/etc/secret-volume/keystore.jks -Djavax.net.ssl.keyStorePassword=$(KEYSTORE_PASSWORD) -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStore=/etc/secret-volume/truststore.jks -Djavax.net.ssl.trustStorePassword=$(TRUSTSTORE_PASSWORD) -Djava.util.prefs.userRoot=${SONATYPE_WORK}/javaprefs"
# Configures the liveness probe for IQ pod
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3
timeoutSeconds: 2
successThreshold: 1
# Configures the readiness probe for IQ pod
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 10
timeoutSeconds: 2
successThreshold: 1
nameOverride: ""
fullnameOverride: ""
environment: "production"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
# Default the pods UID and GID to match the nexus-iq-server container.
# Customize or remove these values from the securityContext as appropriate for
# your deployment environment.
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
service:
type: "ClusterIP"
port: 80
ingress:
enabled: false
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hostUI: iq-server.demo
hostUIPath: /
hostAdmin: admin.iq-server.demo
hostAdminPath: /
# tls:
# - secretName: nexus-local-tls
# hosts:
# - iq-server.demo
# - admin.iq-server.demo
resources:
# We usually recommend not to specify default resources and to leave this as a
# conscious choice for the user. This also increases chances charts run on
# environments with little resources, such as Minikube. If you do want to
# specify resources, uncomment the lines below. These values ensure minimum
# resources for production.
# requests:
# cpu: 8
# memory: 8Gi
# Optionally limit the resources to the recommended minimum requirements.
# limits:
# cpu: 8
# memory: 8Gi
nodeSelector: {}
tolerations: []
affinity: {}
persistence:
enabled: true
accessMode: ReadWriteOnce
storageSize: 1Gi
# # If defined, storageClass: <storageClass>
# # If set to "-", storageClass: "", which disables dynamic provisioning
# # If undefined (the default) or set to null, no storageClass spec is
# # set, choosing the default provisioner. (gp2 on AWS, standard on
# # GKE, AWS & OpenStack)
# storageClass: "-"
# # annotations are only applied to persistentVolumeClaim
# annotations:
# "helm.sh/resource-policy": keep
# # For existing PVCs
# existingClaim: nexus-data-disk
# existingLogClaim: nexus-log-disk
# # persistentVolume settings below here
# # Uncomment these to create a persistentVolume for data and/or logs volumes
# pvName: nexus-data-disk
# logpvName: nexus-log-disk
# # Uncomment this for gcePersistentDisk
# gcePersistentDisk:
# # Uncomment the next two lines if you want to use an existing GCE PersistentDisk for IQ Data.
# pdName: nexus-data-disk
# fsType: ext4
# # Uncomment the next two lines if you want to use an existing GCE PersistentDisk for IQ Logs.
# logpdName: nexus-log-disk
# logfsType: ext4
# #Uncomment the following section for using an existing AWS EBS Volume for data and/or logs
# awsElasticBlockStore:
# # Uncomment the next two lines if you want to use an existing AWS EBS Volume for IQ Data.
# volumeID: vol-xxxxxxxxxxxxxxxxx
# fsType: ext4
# # Uncomment the next two lines if you want to use an existing AWS EBS Volume for IQ Data.
# logvolumeID: vol-xxxxxxxxxxxxxxxxx
# logfsType: ext4
# # Uncomment the following block if you want to use ANY CSI Storage Driver
# # The YAML under 'csi:' or 'logCSI:' are taken as you choose to write them in order to support any CSI
# # The following is the csi block for the Data PV
# csi:
# driver: ebs.csi.aws.com
# volumeHandle: vol-xxxxxxxxxxxxxxxxx
# # The following is the csi block for the Log PV
# logCSI:
# driver: ebs.csi.aws.com
# volumeHandle: vol-xxxxxxxxxxxxxxxxx
# # Uncomment the following block if you need PV affinity
# # The nodeSelectorTerms block is taken as you choose to write it in whole
# affinity:
# nodeSelectorTerms:
# - matchExpressions:
# - key: topology.ebs.csi.aws.com/zone
# operator: In
# values:
# - us-east-2a
# configYaml is the full text of the config.yml file that will be passed to IQ Server
configYaml:
baseUrl: http:https://iq-server.demo
sonatypeWork: /sonatype-work
licenseFile: /etc/nexus-iq-license/license_lic
initialAdminPassword: admin123
features:
enableUnauthenticatedPages: true
server:
applicationConnectors:
- type: http
port: 8070
adminConnectors:
- type: http
port: 8071
# HTTP request log settings.
requestLog:
appenders:
# All appenders set to console
- type: file
currentLogFilename: /var/log/nexus-iq-server/request.log
# Do not display log statements below this threshold to stdout.
# threshold: INFO
logFormat: "%clientHost %l %user [%date] \"%requestURL\" %statusCode %bytesSent %elapsedTime \"%header{User-Agent}\""
archivedLogFilenamePattern: /var/log/nexus-iq-server/request-%d.log.gz
archivedFileCount: 50
createSampleData: true
logging:
# The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
level: DEBUG
# Logger-specific settings.
loggers:
"com.sonatype.insight.scan": INFO
"eu.medsea.mimeutil.MimeUtil2": INFO
"org.apache.http": INFO
"org.apache.http.wire": ERROR
"org.eclipse.birt.report.engine.layout.pdf.font.FontConfigReader": WARN
"org.eclipse.jetty": INFO
"org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter": INFO # WARNING: This reveals credentials at DEBUG level
"com.sonatype.insight.audit":
appenders:
# All appenders set to console
- type: file
currentLogFilename: /var/log/nexus-iq-server/audit.log
# Do not display log statements below this threshold to stdout.
# threshold: INFO
archivedLogFilenamePattern: /var/log/nexus-iq-server/audit-%d.log.gz
archivedFileCount: 50
"com.sonatype.insight.policy.violation":
appenders:
- type: console
# Do not display log statements below this threshold to stdout.
threshold: INFO
appenders:
# Settings for logging to stdout.
- type: console
# Do not display log statements below this threshold to stdout.
threshold: INFO
logFormat: "%d{'yyyy-MM-dd HH:mm:ss,SSSZ'} %level [%thread] %X{username} %logger - %msg%n"
- type: file
# Do not display log statements below this threshold to stdout.
threshold: ALL
logFormat: "%d{'yyyy-MM-dd HH:mm:ss,SSSZ'} %level [%thread] %X{username} %logger - %msg%n"
# The file to which current statements will be logged.
currentLogFilename: /var/log/nexus-iq-server/clm-server.log
archivedLogFilenamePattern: /var/log/nexus-iq-server/clm-server-%d.log.gz
archivedFileCount: 50