2021-11-06 17:12:48 +00:00
|
|
|
gocd:
|
|
|
|
enabled: false
|
|
|
|
|
2021-11-06 20:20:24 +00:00
|
|
|
server:
|
|
|
|
service:
|
|
|
|
type: "ClusterIP"
|
|
|
|
ingress:
|
|
|
|
enabled: false
|
|
|
|
|
2021-11-06 20:30:32 +00:00
|
|
|
istio:
|
|
|
|
enabled: false
|
|
|
|
gateway: istio-ingress/private-ingressgateway
|
|
|
|
url: "" # gocd.example.com
|
|
|
|
|
2022-01-19 23:04:35 +00:00
|
|
|
|
2021-11-08 15:54:48 +00:00
|
|
|
gitea:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
image:
|
2022-12-06 15:41:17 +00:00
|
|
|
tag: 1.17.3
|
2021-11-08 15:54:48 +00:00
|
|
|
rootless: true
|
|
|
|
|
|
|
|
securityContext:
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
capabilities:
|
|
|
|
drop:
|
|
|
|
- ALL
|
|
|
|
add:
|
|
|
|
- SYS_CHROOT
|
|
|
|
|
|
|
|
persistence:
|
|
|
|
enabled: true
|
|
|
|
size: 4Gi
|
|
|
|
|
|
|
|
gitea:
|
|
|
|
admin:
|
|
|
|
existingSecret: gitea-admin-secret
|
|
|
|
|
|
|
|
# Enable to install demo creds
|
|
|
|
demo: false
|
|
|
|
|
|
|
|
metrics:
|
|
|
|
enabled: false
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
config:
|
|
|
|
database:
|
|
|
|
DB_TYPE: sqlite3
|
|
|
|
cache:
|
|
|
|
ADAPTER: memory
|
|
|
|
|
2022-01-19 23:04:35 +00:00
|
|
|
memcached:
|
|
|
|
enabled: false
|
|
|
|
postgresql:
|
|
|
|
enabled: false
|
|
|
|
mysql:
|
|
|
|
enabled: false
|
|
|
|
mariadb:
|
|
|
|
enabled: false
|
2021-11-08 15:54:48 +00:00
|
|
|
|
|
|
|
istio:
|
|
|
|
enabled: false
|
|
|
|
gateway: istio-ingress/private-ingressgateway
|
2022-01-19 23:04:35 +00:00
|
|
|
url: git.example.com
|
|
|
|
|
2021-11-08 15:54:48 +00:00
|
|
|
|
2021-11-06 17:12:48 +00:00
|
|
|
jenkins:
|
|
|
|
enabled: false
|
2021-12-03 21:16:22 +00:00
|
|
|
|
2021-12-19 22:18:01 +00:00
|
|
|
controller:
|
2022-11-03 12:21:51 +00:00
|
|
|
tag: alpine-jdk17
|
2022-04-08 15:11:34 +00:00
|
|
|
#tagLabel: alpine
|
2021-12-19 22:18:01 +00:00
|
|
|
disableRememberMe: true
|
|
|
|
prometheus:
|
|
|
|
enabled: false
|
|
|
|
testEnabled: false
|
2022-01-19 23:04:35 +00:00
|
|
|
enableRawHtmlMarkupFormatter: true
|
2022-04-08 15:11:34 +00:00
|
|
|
javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
|
2022-01-28 16:19:41 +00:00
|
|
|
jenkinsOpts: "--sessionTimeout=180 --sessionEviction=3600"
|
2022-01-19 23:04:35 +00:00
|
|
|
|
|
|
|
resources:
|
|
|
|
requests:
|
|
|
|
cpu: "250m"
|
|
|
|
memory: "1280Mi"
|
|
|
|
limits:
|
|
|
|
cpu: "2000m"
|
|
|
|
memory: "4096Mi"
|
|
|
|
initContainerResources:
|
|
|
|
requests:
|
|
|
|
cpu: "50m"
|
|
|
|
memory: "256Mi"
|
|
|
|
limits:
|
|
|
|
cpu: "1000m"
|
|
|
|
memory: "1024Mi"
|
|
|
|
|
|
|
|
JCasC:
|
|
|
|
configScripts:
|
|
|
|
zdt-settings: |
|
|
|
|
jenkins:
|
|
|
|
noUsageStatistics: true
|
|
|
|
disabledAdministrativeMonitors:
|
|
|
|
- "jenkins.security.ResourceDomainRecommendation"
|
|
|
|
unclassified:
|
|
|
|
buildDiscarders:
|
|
|
|
configuredBuildDiscarders:
|
|
|
|
- "jobBuildDiscarder"
|
|
|
|
- defaultBuildDiscarder:
|
|
|
|
discarder:
|
|
|
|
logRotator:
|
|
|
|
artifactDaysToKeepStr: "32"
|
|
|
|
artifactNumToKeepStr: "10"
|
|
|
|
daysToKeepStr: "100"
|
|
|
|
numToKeepStr: "10"
|
|
|
|
|
|
|
|
installPlugins:
|
2022-11-03 12:21:51 +00:00
|
|
|
- kubernetes:3734.v562b_b_a_627ea_c
|
2022-06-21 18:35:35 +00:00
|
|
|
- workflow-aggregator:581.v0c46fa_697ffd
|
2022-12-13 12:13:33 +00:00
|
|
|
- git:4.14.2
|
2022-11-03 12:21:51 +00:00
|
|
|
- configuration-as-code:1569.vb_72405b_80249
|
2022-12-06 15:41:17 +00:00
|
|
|
- antisamy-markup-formatter:155.v795fb_8702324
|
2022-04-08 15:11:34 +00:00
|
|
|
- prometheus:2.0.11
|
2022-09-28 15:41:30 +00:00
|
|
|
- htmlpublisher:1.31
|
2022-09-14 17:08:14 +00:00
|
|
|
- build-discarder:139.v05696a_7fe240
|
2022-11-03 12:21:51 +00:00
|
|
|
- dark-theme:262.v0202a_4c8fb_6a
|
|
|
|
- kubernetes-credentials-provider:1.206.v7ce2cf7b_0c8b
|
2022-01-19 23:04:35 +00:00
|
|
|
|
|
|
|
serviceAccountAgent:
|
|
|
|
create: true
|
|
|
|
name: jenkins-podman-aws
|
|
|
|
|
|
|
|
# Preconfigure agents to use zdt podman requires fuse/overlayfs
|
|
|
|
agent:
|
|
|
|
image: public.ecr.aws/zero-downtime/jenkins-podman
|
2022-12-06 15:41:17 +00:00
|
|
|
tag: v0.4.1
|
2022-01-19 23:04:35 +00:00
|
|
|
resources:
|
|
|
|
requests:
|
|
|
|
cpu: "512m"
|
2022-04-08 15:11:34 +00:00
|
|
|
memory: "1024Mi"
|
2022-01-19 23:04:35 +00:00
|
|
|
limits:
|
2022-04-08 15:11:34 +00:00
|
|
|
cpu: "4"
|
|
|
|
memory: "6144Mi"
|
|
|
|
#alwaysPullImage: true
|
2022-01-19 23:04:35 +00:00
|
|
|
podRetention: "Default"
|
|
|
|
showRawYaml: false
|
|
|
|
podName: "podman-aws"
|
|
|
|
customJenkinsLabels:
|
|
|
|
- podman-aws-trivy
|
|
|
|
idleMinutes: 10
|
2022-04-08 15:11:34 +00:00
|
|
|
containerCap: 2
|
2022-01-19 23:04:35 +00:00
|
|
|
annotations:
|
|
|
|
container.apparmor.security.beta.kubernetes.io/jnlp: unconfined
|
|
|
|
# envVars:
|
|
|
|
# - name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
|
|
# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
|
|
# - name: AWS_STS_REGIONAL_ENDPOINTS
|
|
|
|
# value: regional
|
|
|
|
# - name: AWS_ROLE_ARN
|
|
|
|
# value: "<IAM ROLE ARN>"
|
|
|
|
yamlMergeStrategy: "merge"
|
|
|
|
yamlTemplate: |-
|
|
|
|
apiVersion: v1
|
|
|
|
kind: Pod
|
|
|
|
spec:
|
2022-07-08 08:53:08 +00:00
|
|
|
securityContext:
|
|
|
|
fsGroup: 1000
|
2022-01-19 23:04:35 +00:00
|
|
|
serviceAccountName: jenkins-podman-aws
|
|
|
|
containers:
|
|
|
|
- name: jnlp
|
|
|
|
resources:
|
|
|
|
limits:
|
|
|
|
github.com/fuse: 1
|
|
|
|
volumeMounts:
|
|
|
|
- name: aws-token
|
|
|
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
|
|
|
readOnly: true
|
2022-08-23 14:32:33 +00:00
|
|
|
- name: host-registries-conf
|
|
|
|
mountPath: "/home/jenkins/.config/containers/registries.conf"
|
|
|
|
readOnly: true
|
2022-01-19 23:04:35 +00:00
|
|
|
volumes:
|
|
|
|
- name: aws-token
|
|
|
|
projected:
|
|
|
|
sources:
|
|
|
|
- serviceAccountToken:
|
|
|
|
path: token
|
|
|
|
expirationSeconds: 86400
|
|
|
|
audience: "sts.amazonaws.com"
|
2022-08-23 14:32:33 +00:00
|
|
|
- name: host-registries-conf
|
|
|
|
hostPath:
|
|
|
|
path: /etc/containers/registries.conf
|
|
|
|
type: File
|
2021-12-19 22:18:01 +00:00
|
|
|
|
2022-08-10 14:01:26 +00:00
|
|
|
rbac:
|
|
|
|
readSecrets: true
|
|
|
|
|
2021-12-19 22:18:01 +00:00
|
|
|
persistence:
|
2022-01-19 23:04:35 +00:00
|
|
|
size: "4Gi"
|
2021-12-19 22:18:01 +00:00
|
|
|
|
|
|
|
istio:
|
|
|
|
enabled: false
|
|
|
|
gateway: istio-ingress/private-ingressgateway
|
|
|
|
url: jenkins.example.com
|
2022-01-19 23:04:35 +00:00
|
|
|
|
|
|
|
# Dedicated VirtualService for webhooks
|
|
|
|
webhook:
|
|
|
|
enabled: false
|
|
|
|
gateway: istio-ingress/ingressgateway
|
|
|
|
url: jenkins-webhook.example.com
|
|
|
|
|
2022-04-28 09:17:49 +00:00
|
|
|
# Remote Agents
|
|
|
|
agent:
|
|
|
|
enabled: false
|
|
|
|
gateway: istio-ingress/private-ingressgateway
|
|
|
|
url: jenkins-agent.example.com
|
|
|
|
|
2022-01-19 23:04:35 +00:00
|
|
|
trivy:
|
|
|
|
enabled: false
|
2022-12-06 15:41:17 +00:00
|
|
|
image:
|
|
|
|
tag: 0.34.0
|
2022-01-19 23:04:35 +00:00
|
|
|
persistence:
|
|
|
|
enabled: true
|
|
|
|
size: 1Gi
|
|
|
|
rbac:
|
|
|
|
create: false
|