2021-11-06 17:12:48 +00:00
|
|
|
# kubezero-ci
|
|
|
|
|
2023-12-14 22:05:05 +00:00
|
|
|
![Version: 0.8.5](https://img.shields.io/badge/Version-0.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
2021-11-06 17:12:48 +00:00
|
|
|
|
|
|
|
KubeZero umbrella chart for all things CI
|
|
|
|
|
|
|
|
**Homepage:** <https://kubezero.com>
|
|
|
|
|
|
|
|
## Maintainers
|
|
|
|
|
|
|
|
| Name | Email | Url |
|
|
|
|
| ---- | ------ | --- |
|
2022-04-21 21:21:24 +00:00
|
|
|
| Stefan Reimer | <stefan@zero-downtime.net> | |
|
2021-11-06 17:12:48 +00:00
|
|
|
|
|
|
|
## Requirements
|
|
|
|
|
2023-10-02 12:57:25 +00:00
|
|
|
Kubernetes: `>= 1.25.0`
|
2021-11-06 17:12:48 +00:00
|
|
|
|
|
|
|
| Repository | Name | Version |
|
|
|
|
|------------|------|---------|
|
2023-04-21 13:54:30 +00:00
|
|
|
| https://aquasecurity.github.io/helm-charts/ | trivy | 0.7.0 |
|
2022-12-15 21:51:31 +00:00
|
|
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
2023-12-14 22:05:05 +00:00
|
|
|
| https://charts.jenkins.io | jenkins | 4.9.2 |
|
2023-11-29 11:38:21 +00:00
|
|
|
| https://dl.gitea.io/charts/ | gitea | 9.6.1 |
|
2023-12-14 22:05:05 +00:00
|
|
|
| https://docs.renovatebot.com/helm-charts | renovate | 37.92.4 |
|
2021-11-06 17:12:48 +00:00
|
|
|
|
|
|
|
# Jenkins
|
2022-01-24 11:05:54 +00:00
|
|
|
- default build retention 10 builds, 32days
|
|
|
|
- memory request 1.25GB
|
|
|
|
- dark theme
|
|
|
|
- trivy scanner incl. HTML reporting and publisher
|
2022-01-28 16:19:41 +00:00
|
|
|
|
2021-11-06 17:12:48 +00:00
|
|
|
# goCD
|
2022-01-28 16:19:41 +00:00
|
|
|
|
2022-01-19 23:04:35 +00:00
|
|
|
# Gitea
|
|
|
|
|
2023-05-13 08:38:33 +00:00
|
|
|
# Verdaccio
|
|
|
|
|
|
|
|
## Authentication sealed-secret
|
|
|
|
```htpasswd -n -b -B -C 4 <username> <password> | kubeseal --raw --namespace verdaccio --name verdaccio-htpasswd```
|
2022-01-19 23:04:35 +00:00
|
|
|
|
2022-01-28 16:19:41 +00:00
|
|
|
## Resources
|
2021-11-06 17:12:48 +00:00
|
|
|
|
2022-04-21 21:21:24 +00:00
|
|
|
### JVM tuning in containers
|
|
|
|
- https://developers.redhat.com/blog/2017/04/04/openjdk-and-containers?extIdCarryOver=true&sc_cid=701f2000001Css5AAC
|
|
|
|
|
2021-11-06 17:12:48 +00:00
|
|
|
## Values
|
|
|
|
|
|
|
|
| Key | Type | Default | Description |
|
|
|
|
|-----|------|---------|-------------|
|
2023-11-24 13:05:33 +00:00
|
|
|
| gitea.checkDeprecation | bool | `false` | |
|
2021-11-08 15:54:48 +00:00
|
|
|
| gitea.enabled | bool | `false` | |
|
2023-11-24 13:05:33 +00:00
|
|
|
| gitea.extraVolumeMounts[0].mountPath | string | `"/data/gitea/public/assets/css"` | |
|
|
|
|
| gitea.extraVolumeMounts[0].name | string | `"gitea-themes"` | |
|
|
|
|
| gitea.extraVolumeMounts[0].readOnly | bool | `true` | |
|
|
|
|
| gitea.extraVolumes[0].configMap.name | string | `"gitea-kubezero-ci-themes"` | |
|
|
|
|
| gitea.extraVolumes[0].name | string | `"gitea-themes"` | |
|
2021-11-08 15:54:48 +00:00
|
|
|
| gitea.gitea.admin.existingSecret | string | `"gitea-admin-secret"` | |
|
|
|
|
| gitea.gitea.config.cache.ADAPTER | string | `"memory"` | |
|
|
|
|
| gitea.gitea.config.database.DB_TYPE | string | `"sqlite3"` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| gitea.gitea.config.queue.TYPE | string | `"level"` | |
|
|
|
|
| gitea.gitea.config.session.PROVIDER | string | `"memory"` | |
|
2023-11-24 13:05:33 +00:00
|
|
|
| gitea.gitea.config.ui.DEFAULT_THEME | string | `"github-dark"` | |
|
|
|
|
| gitea.gitea.config.ui.THEMES | string | `"gitea,github-dark"` | |
|
2021-11-08 15:54:48 +00:00
|
|
|
| gitea.gitea.demo | bool | `false` | |
|
|
|
|
| gitea.gitea.metrics.enabled | bool | `false` | |
|
2023-01-11 12:08:18 +00:00
|
|
|
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` | |
|
2023-12-14 22:05:05 +00:00
|
|
|
| gitea.image.rootless | bool | `true` | |
|
|
|
|
| gitea.image.tag | string | `"1.21.2"` | |
|
2021-11-08 15:54:48 +00:00
|
|
|
| gitea.istio.enabled | bool | `false` | |
|
|
|
|
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| gitea.istio.url | string | `"git.example.com"` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| gitea.persistence.create | bool | `false` | |
|
2021-11-08 15:54:48 +00:00
|
|
|
| gitea.persistence.enabled | bool | `true` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| gitea.persistence.mount | bool | `true` | |
|
2021-11-08 15:54:48 +00:00
|
|
|
| gitea.persistence.size | string | `"4Gi"` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| gitea.postgresql-ha.enabled | bool | `false` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| gitea.postgresql.enabled | bool | `false` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| gitea.redis-cluster.enabled | bool | `false` | |
|
|
|
|
| gitea.repliaCount | int | `1` | |
|
2023-01-11 12:08:18 +00:00
|
|
|
| gitea.resources.limits.memory | string | `"2048Mi"` | |
|
|
|
|
| gitea.resources.requests.cpu | string | `"150m"` | |
|
|
|
|
| gitea.resources.requests.memory | string | `"320Mi"` | |
|
2021-11-08 15:54:48 +00:00
|
|
|
| gitea.securityContext.allowPrivilegeEscalation | bool | `false` | |
|
|
|
|
| gitea.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` | |
|
|
|
|
| gitea.securityContext.capabilities.drop[0] | string | `"ALL"` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| gitea.strategy.type | string | `"Recreate"` | |
|
2023-11-24 13:05:33 +00:00
|
|
|
| gitea.test.enabled | bool | `false` | |
|
2023-11-29 11:38:21 +00:00
|
|
|
| jenkins.agent.annotations."container.apparmor.security.beta.kubernetes.io/jnlp" | string | `"unconfined"` | |
|
2022-04-21 21:21:24 +00:00
|
|
|
| jenkins.agent.containerCap | int | `2` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.agent.customJenkinsLabels[0] | string | `"podman-aws-trivy"` | |
|
2023-11-22 17:51:09 +00:00
|
|
|
| jenkins.agent.idleMinutes | int | `30` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.agent.image | string | `"public.ecr.aws/zero-downtime/jenkins-podman"` | |
|
|
|
|
| jenkins.agent.podName | string | `"podman-aws"` | |
|
|
|
|
| jenkins.agent.podRetention | string | `"Default"` | |
|
2023-04-12 11:14:31 +00:00
|
|
|
| jenkins.agent.resources.limits.cpu | string | `""` | |
|
|
|
|
| jenkins.agent.resources.limits.memory | string | `""` | |
|
|
|
|
| jenkins.agent.resources.requests.cpu | string | `""` | |
|
|
|
|
| jenkins.agent.resources.requests.memory | string | `""` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.agent.showRawYaml | bool | `false` | |
|
2023-12-14 22:05:05 +00:00
|
|
|
| jenkins.agent.tag | string | `"v0.4.6"` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.agent.yamlMergeStrategy | string | `"merge"` | |
|
2023-01-11 12:08:18 +00:00
|
|
|
| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n requests:\n cpu: \"512m\"\n memory: \"1024Mi\"\n limits:\n cpu: \"4\"\n memory: \"6144Mi\"\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nappearance:\n themeManager:\n disableUserThemes: true\n theme: \"dark\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.controller.disableRememberMe | bool | `true` | |
|
|
|
|
| jenkins.controller.enableRawHtmlMarkupFormatter | bool | `true` | |
|
|
|
|
| jenkins.controller.initContainerResources.limits.memory | string | `"1024Mi"` | |
|
|
|
|
| jenkins.controller.initContainerResources.requests.cpu | string | `"50m"` | |
|
|
|
|
| jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| jenkins.controller.installPlugins[0] | string | `"kubernetes"` | |
|
|
|
|
| jenkins.controller.installPlugins[10] | string | `"htmlpublisher"` | |
|
|
|
|
| jenkins.controller.installPlugins[11] | string | `"build-discarder"` | |
|
|
|
|
| jenkins.controller.installPlugins[12] | string | `"dark-theme"` | |
|
2023-11-22 17:51:09 +00:00
|
|
|
| jenkins.controller.installPlugins[13] | string | `"matrix-auth"` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| jenkins.controller.installPlugins[1] | string | `"kubernetes-credentials-provider"` | |
|
|
|
|
| jenkins.controller.installPlugins[2] | string | `"workflow-aggregator"` | |
|
|
|
|
| jenkins.controller.installPlugins[3] | string | `"git"` | |
|
|
|
|
| jenkins.controller.installPlugins[4] | string | `"basic-branch-build-strategies"` | |
|
|
|
|
| jenkins.controller.installPlugins[5] | string | `"pipeline-graph-view"` | |
|
|
|
|
| jenkins.controller.installPlugins[6] | string | `"pipeline-stage-view"` | |
|
|
|
|
| jenkins.controller.installPlugins[7] | string | `"configuration-as-code"` | |
|
|
|
|
| jenkins.controller.installPlugins[8] | string | `"antisamy-markup-formatter"` | |
|
|
|
|
| jenkins.controller.installPlugins[9] | string | `"prometheus"` | |
|
2022-04-21 21:21:24 +00:00
|
|
|
| jenkins.controller.javaOpts | string | `"-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""` | |
|
2023-07-04 15:28:05 +00:00
|
|
|
| jenkins.controller.jenkinsOpts | string | `"--sessionTimeout=300 --sessionEviction=10800"` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.controller.prometheus.enabled | bool | `false` | |
|
|
|
|
| jenkins.controller.resources.limits.memory | string | `"4096Mi"` | |
|
|
|
|
| jenkins.controller.resources.requests.cpu | string | `"250m"` | |
|
|
|
|
| jenkins.controller.resources.requests.memory | string | `"1280Mi"` | |
|
2022-11-09 16:08:22 +00:00
|
|
|
| jenkins.controller.tag | string | `"alpine-jdk17"` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.controller.testEnabled | bool | `false` | |
|
2021-11-06 20:20:24 +00:00
|
|
|
| jenkins.enabled | bool | `false` | |
|
2022-05-04 12:49:56 +00:00
|
|
|
| jenkins.istio.agent.enabled | bool | `false` | |
|
|
|
|
| jenkins.istio.agent.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
|
|
|
| jenkins.istio.agent.url | string | `"jenkins-agent.example.com"` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.istio.enabled | bool | `false` | |
|
|
|
|
| jenkins.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
|
|
|
| jenkins.istio.url | string | `"jenkins.example.com"` | |
|
|
|
|
| jenkins.istio.webhook.enabled | bool | `false` | |
|
|
|
|
| jenkins.istio.webhook.gateway | string | `"istio-ingress/ingressgateway"` | |
|
|
|
|
| jenkins.istio.webhook.url | string | `"jenkins-webhook.example.com"` | |
|
|
|
|
| jenkins.persistence.size | string | `"4Gi"` | |
|
2022-08-24 15:13:39 +00:00
|
|
|
| jenkins.rbac.readSecrets | bool | `true` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| jenkins.serviceAccountAgent.create | bool | `true` | |
|
|
|
|
| jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | |
|
2023-10-02 12:57:25 +00:00
|
|
|
| renovate.cronjob.concurrencyPolicy | string | `"Forbid"` | |
|
|
|
|
| renovate.cronjob.jobBackoffLimit | int | `3` | |
|
|
|
|
| renovate.cronjob.schedule | string | `"0 3 * * *"` | |
|
|
|
|
| renovate.cronjob.successfulJobsHistoryLimit | int | `1` | |
|
|
|
|
| renovate.enabled | bool | `false` | |
|
|
|
|
| renovate.env.LOG_FORMAT | string | `"json"` | |
|
|
|
|
| renovate.securityContext.fsGroup | int | `1000` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| trivy.enabled | bool | `false` | |
|
2023-12-14 12:37:05 +00:00
|
|
|
| trivy.image.tag | string | `"0.47.0"` | |
|
2022-01-19 23:04:35 +00:00
|
|
|
| trivy.persistence.enabled | bool | `true` | |
|
|
|
|
| trivy.persistence.size | string | `"1Gi"` | |
|
|
|
|
| trivy.rbac.create | bool | `false` | |
|