gitea: enabled: false image: tag: 1.22.3 rootless: true repliaCount: 1 # We use RWO persistence strategy: type: "Recreate" # Since V9 they default to RWX and deployment, we default to old existing RWO from statefulset persistence: claimName: data-gitea-0 size: 4Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL # add: # - SYS_CHROOT resources: requests: cpu: "150m" memory: "320Mi" limits: memory: "2048Mi" extraVolumes: - name: gitea-themes configMap: name: gitea-kubezero-ci-themes extraVolumeMounts: - name: gitea-themes readOnly: true mountPath: "/data/gitea/public/assets/css" checkDeprecation: false test: enabled: false gitea: admin: existingSecret: gitea-admin-secret # Enable to install demo creds demo: false metrics: enabled: false serviceMonitor: enabled: true config: database: DB_TYPE: sqlite3 cache: ADAPTER: memory session: PROVIDER: memory queue: TYPE: level ui: THEMES: "gitea-light,gitea-dark,github-dark" DEFAULT_THEME: "gitea-dark" log: LEVEL: warn ssh.minimum_key_sizes: RSA: 2047 redis-cluster: enabled: false postgresql-ha: enabled: false postgresql: enabled: false istio: enabled: false gateway: istio-ingress/private-ingressgateway url: git.example.com jenkins: enabled: false controller: image: tag: alpine-jdk21 #tagLabel: alpine disableRememberMe: true prometheus: enabled: false testEnabled: false enableRawHtmlMarkupFormatter: true javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\"" jenkinsOpts: "--sessionTimeout=300 --sessionEviction=10800" # Until we setup the logging and metrics pipelines in OTEL containerEnv: - name: OTEL_LOGS_EXPORTER value: "none" - name: OTEL_METRICS_EXPORTER value: "none" resources: requests: cpu: "250m" memory: "1280Mi" limits: #cpu: "2000m" memory: "4096Mi" initContainerResources: requests: cpu: "50m" memory: "256Mi" limits: #cpu: "1000m" memory: "1024Mi" JCasC: configScripts: zdt-settings: | jenkins: noUsageStatistics: true disabledAdministrativeMonitors: - "jenkins.security.ResourceDomainRecommendation" appearance: themeManager: disableUserThemes: true theme: "dark" unclassified: openTelemetry: configurationProperties: |- otel.exporter.otlp.protocol=grpc otel.instrumentation.jenkins.web.enabled=false ignoredSteps: "dir,echo,isUnix,pwd,properties" #endpoint: "telemetry-jaeger-collector.telemetry:4317" exportOtelConfigurationAsEnvironmentVariables: false #observabilityBackends: # - jaeger: # jaegerBaseUrl: "https://jaeger.example.com" # name: "KubeZero Jaeger" serviceName: "Jenkins" buildDiscarders: configuredBuildDiscarders: - "jobBuildDiscarder" - defaultBuildDiscarder: discarder: logRotator: artifactDaysToKeepStr: "32" artifactNumToKeepStr: "10" daysToKeepStr: "100" numToKeepStr: "10" installPlugins: - kubernetes - kubernetes-credentials-provider - workflow-aggregator - git - basic-branch-build-strategies - pipeline-graph-view - pipeline-stage-view - configuration-as-code - antisamy-markup-formatter - prometheus - htmlpublisher - build-discarder - dark-theme - matrix-auth - reverse-proxy-auth-plugin - opentelemetry serviceAccountAgent: create: true name: jenkins-podman-aws # Preconfigure agents to use zdt podman requires fuse/overlayfs agent: image: repository: public.ecr.aws/zero-downtime/jenkins-podman tag: v0.6.2 #alwaysPullImage: true podRetention: "Default" showRawYaml: false podName: "podman-aws" defaultsProviderTemplate: "podman-aws" annotations: container.apparmor.security.beta.kubernetes.io/jnlp: "unconfined" cluster-autoscaler.kubernetes.io/safe-to-evict: "false" customJenkinsLabels: - podman-aws-trivy idleMinutes: 30 containerCap: 2 resources: requests: cpu: "" memory: "" limits: cpu: "" memory: "" # envVars: # - name: AWS_WEB_IDENTITY_TOKEN_FILE # value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" # - name: AWS_STS_REGIONAL_ENDPOINTS # value: regional # - name: AWS_ROLE_ARN # value: "" yamlMergeStrategy: "merge" inheritYamlMergeStrategy: true runAsUser: 1000 runAsGroup: 1000 serviceAccount: jenkins-podman-aws yamlTemplate: |- apiVersion: v1 kind: Pod spec: securityContext: fsGroup: 1000 containers: - name: jnlp resources: requests: cpu: "200m" memory: "512Mi" limits: cpu: "4" memory: "6144Mi" github.com/fuse: 1 volumeMounts: - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true - name: host-registries-conf mountPath: "/home/jenkins/.config/containers/registries.conf" readOnly: true volumes: - name: aws-token projected: sources: - serviceAccountToken: path: token expirationSeconds: 86400 audience: "sts.amazonaws.com" - name: host-registries-conf hostPath: path: /etc/containers/registries.conf type: File rbac: readSecrets: true persistence: size: "4Gi" istio: enabled: false gateway: istio-ingress/private-ingressgateway url: jenkins.example.com # Dedicated VirtualService for webhooks webhook: enabled: false gateway: istio-ingress/ingressgateway url: jenkins-webhook.example.com # Remote Agents agent: enabled: false gateway: istio-ingress/private-ingressgateway url: jenkins-agent.example.com trivy: enabled: false image: tag: 0.56.2 persistence: enabled: true size: 1Gi rbac: create: false renovate: enabled: false env: LOG_FORMAT: json cronjob: concurrencyPolicy: Forbid jobBackoffLimit: 3 schedule: "0 3 * * *" successfulJobsHistoryLimit: 1 securityContext: fsGroup: 1000