--- apiVersion: apps/v1 kind: Deployment metadata: name: dtrack namespace: artifact-keeper labels: app.kubernetes.io/name: artifact-keeper app.kubernetes.io/instance: ak app.kubernetes.io/part-of: artifact-keeper app.kubernetes.io/component: dependency-track spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: artifact-keeper app.kubernetes.io/instance: ak app.kubernetes.io/component: dependency-track template: metadata: labels: app.kubernetes.io/name: artifact-keeper app.kubernetes.io/instance: ak app.kubernetes.io/component: dependency-track spec: automountServiceAccountToken: false securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 initContainers: - name: wait-for-postgres image: postgres:16-alpine securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL resources: requests: cpu: 10m memory: 16Mi limits: cpu: 100m memory: 64Mi command: ["/bin/sh", "-c"] args: - | echo "Waiting for PostgreSQL..." until pg_isready -h artifact-keeper-postgres-pooler -p 5432 -U registry; do sleep 3 done echo "PostgreSQL is ready" containers: - name: dtrack-api image: "dependencytrack/apiserver:4.11.4" imagePullPolicy: IfNotPresent securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL ports: - name: http containerPort: 8080 protocol: TCP env: - name: ALPINE_DATABASE_MODE value: "external" - name: ALPINE_DATABASE_URL value: "jdbc:postgresql://artifact-keeper-postgres-pooler:5432/dependency_track" - name: ALPINE_DATABASE_DRIVER value: "org.postgresql.Driver" - name: ALPINE_DATABASE_USERNAME value: "registry" - name: ALPINE_DATABASE_PASSWORD valueFrom: secretKeyRef: name: postgres-credentials key: password - name: ALPINE_DATA_DIRECTORY value: "/data" - name: ALPINE_ENFORCE_AUTHENTICATION value: "true" - name: ALPINE_CORS_ENABLED value: "true" - name: ALPINE_CORS_ALLOW_ORIGIN value: "*" - name: JAVA_OPTIONS value: "-Xmx4g" resources: limits: cpu: "2" memory: 6Gi requests: cpu: 250m memory: 4Gi volumeMounts: - name: dtrack-data mountPath: /data - name: tmp mountPath: /tmp volumes: - name: tmp emptyDir: sizeLimit: 256Mi - name: dtrack-data persistentVolumeClaim: claimName: dtrack