KubeZero/charts/kubezero-ci/values.yaml

299 lines
7.1 KiB
YAML
Raw Permalink Normal View History

gitea:
2021-11-06 17:12:48 +00:00
enabled: false
2023-12-14 22:05:05 +00:00
image:
tag: 1.22.4
2023-12-14 22:05:05 +00:00
rootless: true
repliaCount: 1
# We use RWO persistence
strategy:
type: "Recreate"
2021-11-08 15:54:48 +00:00
# Since V9 they default to RWX and deployment, we default to old existing RWO from statefulset
persistence:
2024-05-17 11:37:57 +00:00
claimName: data-gitea-0
size: 4Gi
2021-11-08 15:54:48 +00:00
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources:
requests:
cpu: "150m"
memory: "320Mi"
limits:
memory: "2048Mi"
2023-11-22 17:51:09 +00:00
extraVolumes:
- name: gitea-themes
configMap:
name: gitea-kubezero-ci-themes
extraVolumeMounts:
- name: gitea-themes
readOnly: true
mountPath: "/data/gitea/public/assets/css"
2023-11-22 17:51:09 +00:00
checkDeprecation: false
test:
enabled: false
2021-11-08 15:54:48 +00:00
gitea:
admin:
existingSecret: gitea-admin-secret
# Enable to install demo creds
demo: false
metrics:
enabled: false
serviceMonitor:
enabled: true
2021-11-08 15:54:48 +00:00
config:
database:
DB_TYPE: sqlite3
cache:
ADAPTER: memory
session:
PROVIDER: memory
queue:
TYPE: level
2023-11-22 17:51:09 +00:00
ui:
2024-06-13 15:26:14 +00:00
THEMES: "gitea-light,gitea-dark,github-dark"
DEFAULT_THEME: "gitea-dark"
log:
LEVEL: warn
ssh.minimum_key_sizes:
RSA: 2047
2021-11-08 15:54:48 +00:00
redis-cluster:
enabled: false
postgresql-ha:
enabled: false
postgresql:
enabled: false
2021-11-08 15:54:48 +00:00
istio:
enabled: false
gateway: istio-ingress/private-ingressgateway
url: git.example.com
2021-11-08 15:54:48 +00:00
2021-11-06 17:12:48 +00:00
jenkins:
enabled: false
2021-12-03 21:16:22 +00:00
controller:
image:
tag: lts-alpine-jdk21
#tagLabel: alpine
disableRememberMe: true
prometheus:
enabled: false
testEnabled: false
enableRawHtmlMarkupFormatter: true
javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
2023-06-23 16:48:00 +00:00
jenkinsOpts: "--sessionTimeout=300 --sessionEviction=10800"
2024-04-25 15:36:09 +00:00
# Until we setup the logging and metrics pipelines in OTEL
containerEnv:
- name: OTEL_LOGS_EXPORTER
value: "none"
- name: OTEL_METRICS_EXPORTER
value: "none"
resources:
requests:
cpu: "250m"
memory: "1280Mi"
limits:
#cpu: "2000m"
memory: "4096Mi"
initContainerResources:
requests:
cpu: "50m"
memory: "256Mi"
limits:
#cpu: "1000m"
memory: "1024Mi"
JCasC:
configScripts:
zdt-settings: |
jenkins:
noUsageStatistics: true
disabledAdministrativeMonitors:
- "jenkins.security.ResourceDomainRecommendation"
2023-10-02 12:57:25 +00:00
appearance:
themeManager:
disableUserThemes: true
theme: "dark"
unclassified:
2024-04-25 15:36:09 +00:00
openTelemetry:
configurationProperties: |-
otel.exporter.otlp.protocol=grpc
otel.instrumentation.jenkins.web.enabled=false
ignoredSteps: "dir,echo,isUnix,pwd,properties"
#endpoint: "telemetry-jaeger-collector.telemetry:4317"
exportOtelConfigurationAsEnvironmentVariables: false
#observabilityBackends:
# - jaeger:
# jaegerBaseUrl: "https://jaeger.example.com"
# name: "KubeZero Jaeger"
serviceName: "Jenkins"
buildDiscarders:
configuredBuildDiscarders:
- "jobBuildDiscarder"
- defaultBuildDiscarder:
discarder:
logRotator:
artifactDaysToKeepStr: "32"
artifactNumToKeepStr: "10"
daysToKeepStr: "100"
numToKeepStr: "10"
installPlugins:
2023-09-13 18:50:45 +00:00
- kubernetes
- kubernetes-credentials-provider
- workflow-aggregator
- git
- basic-branch-build-strategies
- pipeline-graph-view
- pipeline-stage-view
- configuration-as-code
- antisamy-markup-formatter
- prometheus
- htmlpublisher
- build-discarder
- dark-theme
2023-10-02 12:57:25 +00:00
- matrix-auth
2024-01-29 14:02:50 +00:00
- reverse-proxy-auth-plugin
2024-04-25 15:36:09 +00:00
- opentelemetry
serviceAccountAgent:
create: true
name: jenkins-podman-aws
# Preconfigure agents to use zdt podman requires fuse/overlayfs
agent:
image:
repository: public.ecr.aws/zero-downtime/jenkins-podman
2024-11-12 16:55:22 +00:00
tag: v0.7.0
#alwaysPullImage: true
podRetention: "Default"
showRawYaml: false
podName: "podman-aws"
2024-06-17 16:42:09 +00:00
defaultsProviderTemplate: "podman-aws"
2023-11-24 13:05:33 +00:00
annotations:
container.apparmor.security.beta.kubernetes.io/jnlp: "unconfined"
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
customJenkinsLabels:
- podman-aws-trivy
2023-10-02 12:57:25 +00:00
idleMinutes: 30
containerCap: 2
2023-01-22 16:24:58 +00:00
resources:
requests:
cpu: ""
memory: ""
limits:
cpu: ""
memory: ""
# envVars:
# - name: AWS_WEB_IDENTITY_TOKEN_FILE
# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
# - name: AWS_STS_REGIONAL_ENDPOINTS
# value: regional
# - name: AWS_ROLE_ARN
# value: "<IAM ROLE ARN>"
yamlMergeStrategy: "merge"
2024-06-13 15:26:14 +00:00
inheritYamlMergeStrategy: true
runAsUser: 1000
runAsGroup: 1000
serviceAccount: jenkins-podman-aws
yamlTemplate: |-
apiVersion: v1
kind: Pod
spec:
securityContext:
fsGroup: 1000
containers:
- name: jnlp
resources:
requests:
cpu: "200m"
memory: "512Mi"
limits:
cpu: "4"
memory: "6144Mi"
github.com/fuse: 1
volumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
- name: host-registries-conf
mountPath: "/home/jenkins/.config/containers/registries.conf"
readOnly: true
volumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
- name: host-registries-conf
hostPath:
path: /etc/containers/registries.conf
type: File
2022-08-10 14:01:26 +00:00
rbac:
readSecrets: true
persistence:
size: "4Gi"
istio:
enabled: false
gateway: istio-ingress/private-ingressgateway
url: jenkins.example.com
# Dedicated VirtualService for webhooks
webhook:
enabled: false
gateway: istio-ingress/ingressgateway
url: jenkins-webhook.example.com
# Remote Agents
agent:
enabled: false
gateway: istio-ingress/private-ingressgateway
url: jenkins-agent.example.com
trivy:
enabled: false
#image:
#tag: 0.57.0
persistence:
enabled: true
size: 1Gi
rbac:
create: false
renovate:
enabled: false
2023-08-16 10:17:39 +00:00
env:
LOG_FORMAT: json
cronjob:
concurrencyPolicy: Forbid
jobBackoffLimit: 3
schedule: "0 3 * * *"
successfulJobsHistoryLimit: 1
securityContext:
fsGroup: 1000