gitea:
  enabled: false

  image:
    tag: 1.22.4
    rootless: true

  repliaCount: 1

  # We use RWO persistence
  strategy:
    type: "Recreate"

  # Since V9 they default to RWX and deployment, we default to old existing RWO from statefulset
  persistence:
    claimName: data-gitea-0
    size: 4Gi

  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - ALL

  resources:
    requests:
      cpu: "150m"
      memory: "320Mi"
    limits:
      memory: "2048Mi"

  extraVolumes:
    - name: gitea-themes
      configMap:
        name: gitea-kubezero-ci-themes

  extraVolumeMounts:
    - name: gitea-themes
      readOnly: true
      mountPath: "/data/gitea/public/assets/css"

  checkDeprecation: false
  test:
    enabled: false

  gitea:
    admin:
      existingSecret: gitea-admin-secret

    # Enable to install demo creds
    demo: false

    metrics:
      enabled: false
      serviceMonitor:
        enabled: true

    config:
      database:
        DB_TYPE: sqlite3
      cache:
        ADAPTER: memory
      session:
        PROVIDER: memory
      queue:
        TYPE: level
      ui:
        THEMES: "gitea-light,gitea-dark,github-dark"
        DEFAULT_THEME: "gitea-dark"
      log:
        LEVEL: warn
      ssh.minimum_key_sizes:
        RSA: 2047

  redis-cluster:
    enabled: false
  postgresql-ha:
    enabled: false
  postgresql:
    enabled: false

  istio:
    enabled: false
    gateway: istio-ingress/private-ingressgateway
    url: git.example.com


jenkins:
  enabled: false

  controller:
    image:
      tag: lts-alpine-jdk21
      #tagLabel: alpine
    disableRememberMe: true
    prometheus:
      enabled: false
    testEnabled: false
    enableRawHtmlMarkupFormatter: true
    javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
    jenkinsOpts: "--sessionTimeout=300 --sessionEviction=10800"

    # Until we setup the logging and metrics pipelines in OTEL
    containerEnv:
      - name: OTEL_LOGS_EXPORTER
        value: "none"
      - name: OTEL_METRICS_EXPORTER
        value: "none"

    resources:
      requests:
        cpu: "250m"
        memory: "1280Mi"
      limits:
        #cpu: "2000m"
        memory: "4096Mi"
    initContainerResources:
      requests:
        cpu: "50m"
        memory: "256Mi"
      limits:
        #cpu: "1000m"
        memory: "1024Mi"

    JCasC:
      configScripts:
        zdt-settings: |
          jenkins:
            noUsageStatistics: true
            disabledAdministrativeMonitors:
            - "jenkins.security.ResourceDomainRecommendation"
          appearance:
            themeManager:
              disableUserThemes: true
              theme: "dark"
          unclassified:
            openTelemetry:
              configurationProperties: |-
                otel.exporter.otlp.protocol=grpc
                otel.instrumentation.jenkins.web.enabled=false
              ignoredSteps: "dir,echo,isUnix,pwd,properties"
              #endpoint: "telemetry-jaeger-collector.telemetry:4317"
              exportOtelConfigurationAsEnvironmentVariables: false
              #observabilityBackends:
              # - jaeger:
              #     jaegerBaseUrl: "https://jaeger.example.com"
              #     name: "KubeZero Jaeger"
              serviceName: "Jenkins"
            buildDiscarders:
              configuredBuildDiscarders:
              - "jobBuildDiscarder"
              - defaultBuildDiscarder:
                  discarder:
                    logRotator:
                      artifactDaysToKeepStr: "32"
                      artifactNumToKeepStr: "10"
                      daysToKeepStr: "100"
                      numToKeepStr: "10"

    installPlugins:
      - kubernetes
      - kubernetes-credentials-provider
      - workflow-aggregator
      - git
      - basic-branch-build-strategies
      - pipeline-graph-view
      - pipeline-stage-view
      - configuration-as-code
      - antisamy-markup-formatter
      - prometheus
      - htmlpublisher
      - build-discarder
      - dark-theme
      - matrix-auth
      - reverse-proxy-auth-plugin
      - opentelemetry

  serviceAccountAgent:
    create: true
    name: jenkins-podman-aws

  # Preconfigure agents to use zdt podman requires fuse/overlayfs
  agent:
    image:
      repository: public.ecr.aws/zero-downtime/jenkins-podman
      tag: v0.7.0
    #alwaysPullImage: true
    podRetention: "Default"
    showRawYaml: false
    podName: "podman-aws"
    defaultsProviderTemplate: "podman-aws"
    annotations:
      container.apparmor.security.beta.kubernetes.io/jnlp: "unconfined"
      cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
    customJenkinsLabels:
    - podman-aws-trivy
    idleMinutes: 30
    containerCap: 2
    resources:
      requests:
        cpu: ""
        memory: ""
      limits:
        cpu: ""
        memory: ""
    # envVars:
    # - name: AWS_WEB_IDENTITY_TOKEN_FILE
    #   value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
    # - name: AWS_STS_REGIONAL_ENDPOINTS
    #   value: regional
    # - name: AWS_ROLE_ARN
    #   value: "<IAM ROLE ARN>"
    yamlMergeStrategy: "merge"
    inheritYamlMergeStrategy: true
    runAsUser: 1000
    runAsGroup: 1000
    serviceAccount: jenkins-podman-aws
    yamlTemplate: |-
      apiVersion: v1
      kind: Pod
      spec:
        securityContext:
          fsGroup: 1000
        containers:
        - name: jnlp
          resources:
            requests:
              cpu: "200m"
              memory: "512Mi"
            limits:
              cpu: "4"
              memory: "6144Mi"
              github.com/fuse: 1
          volumeMounts:
          - name: aws-token
            mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
            readOnly: true
          - name: host-registries-conf
            mountPath: "/home/jenkins/.config/containers/registries.conf"
            readOnly: true
        volumes:
        - name: aws-token
          projected:
            sources:
            - serviceAccountToken:
                path: token
                expirationSeconds: 86400
                audience: "sts.amazonaws.com"
        - name: host-registries-conf
          hostPath:
            path: /etc/containers/registries.conf
            type: File

  rbac:
    readSecrets: true

  persistence:
    size: "4Gi"

  istio:
    enabled: false
    gateway: istio-ingress/private-ingressgateway
    url: jenkins.example.com

    # Dedicated VirtualService for webhooks
    webhook:
      enabled: false
      gateway: istio-ingress/ingressgateway
      url: jenkins-webhook.example.com

    # Remote Agents
    agent:
      enabled: false
      gateway: istio-ingress/private-ingressgateway
      url: jenkins-agent.example.com

trivy:
  enabled: false
  #image:
  #tag: 0.57.0
  persistence:
    enabled: true
    size: 1Gi
  rbac:
    create: false

renovate:
  enabled: false

  env:
    LOG_FORMAT: json
  cronjob:
    concurrencyPolicy: Forbid
    jobBackoffLimit: 3
    schedule:	"0 3 * * *"
    successfulJobsHistoryLimit: 1
  securityContext:
    fsGroup: 1000