1366 lines
55 KiB
YAML
1366 lines
55 KiB
YAML
# Default values for jenkins.
|
||
# This is a YAML-formatted file.
|
||
# Declare name/value pairs to be passed into your templates.
|
||
# name: value
|
||
|
||
## Overrides for generated resource names
|
||
# See templates/_helpers.tpl
|
||
# -- Override the resource name prefix
|
||
# @default -- `Chart.Name`
|
||
nameOverride:
|
||
# -- Override the full resource names
|
||
# @default -- `jenkins-(release-name)` or `jenkins` if the release-name is `jenkins`
|
||
fullnameOverride:
|
||
# -- Override the deployment namespace
|
||
# @default -- `Release.Namespace`
|
||
namespaceOverride:
|
||
|
||
# For FQDN resolving of the controller service. Change this value to match your existing configuration.
|
||
# ref: https://github.com/kubernetes/dns/blob/master/docs/specification.md
|
||
# -- Override the cluster name for FQDN resolving
|
||
clusterZone: "cluster.local"
|
||
|
||
# -- The URL of the Kubernetes API server
|
||
kubernetesURL: "https://kubernetes.default"
|
||
|
||
# -- The Jenkins credentials to access the Kubernetes API server. For the default cluster it is not needed.
|
||
credentialsId:
|
||
|
||
# -- Enables rendering of the helm.sh/chart label to the annotations
|
||
renderHelmLabels: true
|
||
|
||
controller:
|
||
# -- Used for label app.kubernetes.io/component
|
||
componentName: "jenkins-controller"
|
||
image:
|
||
# -- Controller image registry
|
||
registry: "docker.io"
|
||
# -- Controller image repository
|
||
repository: "jenkins/jenkins"
|
||
|
||
# -- Controller image tag override; i.e., tag: "2.440.1-jdk17"
|
||
tag:
|
||
|
||
# -- Controller image tag label
|
||
tagLabel: jdk17
|
||
# -- Controller image pull policy
|
||
pullPolicy: "Always"
|
||
# -- Controller image pull secret
|
||
imagePullSecretName:
|
||
# -- Lifecycle specification for controller-container
|
||
lifecycle: {}
|
||
# postStart:
|
||
# exec:
|
||
# command:
|
||
# - "uname"
|
||
# - "-a"
|
||
|
||
# -- Disable use of remember me
|
||
disableRememberMe: false
|
||
|
||
# -- Set Number of executors
|
||
numExecutors: 0
|
||
|
||
# -- Sets the executor mode of the Jenkins node. Possible values are "NORMAL" or "EXCLUSIVE"
|
||
executorMode: "NORMAL"
|
||
|
||
# -- Append Jenkins labels to the controller
|
||
customJenkinsLabels: []
|
||
|
||
hostNetworking: false
|
||
|
||
# When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist.
|
||
# If you disable the non-Jenkins identity store and instead use the Jenkins internal one,
|
||
# you should revert controller.admin.username to your preferred admin user:
|
||
admin:
|
||
|
||
# -- Admin username created as a secret if `controller.admin.createSecret` is true
|
||
username: "admin"
|
||
# -- Admin password created as a secret if `controller.admin.createSecret` is true
|
||
# @default -- <random password>
|
||
password:
|
||
|
||
# -- The key in the existing admin secret containing the username
|
||
userKey: jenkins-admin-user
|
||
# -- The key in the existing admin secret containing the password
|
||
passwordKey: jenkins-admin-password
|
||
|
||
# The default configuration uses this secret to configure an admin user
|
||
# If you don't need that user or use a different security realm, then you can disable it
|
||
# -- Create secret for admin user
|
||
createSecret: true
|
||
|
||
# -- The name of an existing secret containing the admin credentials
|
||
existingSecret: ""
|
||
# -- Email address for the administrator of the Jenkins instance
|
||
jenkinsAdminEmail:
|
||
|
||
# This value should not be changed unless you use your custom image of jenkins or any derived from.
|
||
# If you want to use Cloudbees Jenkins Distribution docker, you should set jenkinsHome: "/var/cloudbees-jenkins-distribution"
|
||
# -- Custom Jenkins home path
|
||
jenkinsHome: "/var/jenkins_home"
|
||
|
||
# This value should not be changed unless you use your custom image of jenkins or any derived from.
|
||
# If you want to use Cloudbees Jenkins Distribution docker, you should set jenkinsRef: "/usr/share/cloudbees-jenkins-distribution/ref"
|
||
# -- Custom Jenkins reference path
|
||
jenkinsRef: "/usr/share/jenkins/ref"
|
||
|
||
# Path to the jenkins war file which is used by jenkins-plugin-cli.
|
||
jenkinsWar: "/usr/share/jenkins/jenkins.war"
|
||
# Override the default arguments passed to the war
|
||
# overrideArgs:
|
||
# - --httpPort=8080
|
||
|
||
# -- Resource allocation (Requests and Limits)
|
||
resources:
|
||
requests:
|
||
cpu: "50m"
|
||
memory: "256Mi"
|
||
limits:
|
||
cpu: "2000m"
|
||
memory: "4096Mi"
|
||
|
||
# Share process namespace to allow sidecar containers to interact with processes in other containers in the same pod
|
||
shareProcessNamespace: false
|
||
|
||
# Service links might cause issue if running in a namespace with a large amount of services
|
||
# that might cause a slow startup when plugins are copied from ref to volume
|
||
# Set to true to keep previous behavior
|
||
# See https://github.com/kubernetes/kubernetes/issues/121787
|
||
enableServiceLinks: false
|
||
|
||
# Overrides the init container default values
|
||
# -- Resources allocation (Requests and Limits) for Init Container
|
||
initContainerResources: {}
|
||
# initContainerResources:
|
||
# requests:
|
||
# cpu: "50m"
|
||
# memory: "256Mi"
|
||
# limits:
|
||
# cpu: "2000m"
|
||
# memory: "4096Mi"
|
||
# -- Environment variable sources for Init Container
|
||
initContainerEnvFrom: []
|
||
|
||
# useful for i.e., http_proxy
|
||
# -- Environment variables for Init Container
|
||
initContainerEnv: []
|
||
# initContainerEnv:
|
||
# - name: http_proxy
|
||
# value: "http://192.168.64.1:3128"
|
||
|
||
# -- Environment variable sources for Jenkins Container
|
||
containerEnvFrom: []
|
||
|
||
# -- Environment variables for Jenkins Container
|
||
containerEnv: []
|
||
# - name: http_proxy
|
||
# value: "http://192.168.64.1:3128"
|
||
|
||
# Set min/max heap here if needed with "-Xms512m -Xmx512m"
|
||
# -- Append to `JAVA_OPTS` env var
|
||
javaOpts:
|
||
# -- Append to `JENKINS_OPTS` env var
|
||
jenkinsOpts:
|
||
|
||
# If you are using the ingress definitions provided by this chart via the `controller.ingress` block,
|
||
# the configured hostname will be the ingress hostname starting with `https://`
|
||
# or `http://` depending on the `tls` configuration.
|
||
# The Protocol can be overwritten by specifying `controller.jenkinsUrlProtocol`.
|
||
# -- Set protocol for Jenkins URL; `https` if `controller.ingress.tls`, `http` otherwise
|
||
jenkinsUrlProtocol:
|
||
|
||
# -- Set Jenkins URL if you are not using the ingress definitions provided by the chart
|
||
jenkinsUrl:
|
||
|
||
# If you set this prefix and use ingress controller, then you might want to set the ingress path below
|
||
# I.e., "/jenkins"
|
||
# -- Root URI Jenkins will be served on
|
||
jenkinsUriPrefix:
|
||
|
||
# -- Enable pod security context (must be `true` if podSecurityContextOverride, runAsUser or fsGroup are set)
|
||
usePodSecurityContext: true
|
||
|
||
# Note that `runAsUser`, `fsGroup`, and `securityContextCapabilities` are
|
||
# being deprecated and replaced by `podSecurityContextOverride`.
|
||
# Set runAsUser to 1000 to let Jenkins run as non-root user 'jenkins', which exists in 'jenkins/jenkins' docker image.
|
||
# When configuring runAsUser to a different value than 0 also set fsGroup to the same value:
|
||
# -- Deprecated in favor of `controller.podSecurityContextOverride`. uid that jenkins runs with.
|
||
runAsUser: 1000
|
||
|
||
# -- Deprecated in favor of `controller.podSecurityContextOverride`. uid that will be used for persistent volume.
|
||
fsGroup: 1000
|
||
|
||
# If you have PodSecurityPolicies that require dropping of capabilities as suggested by CIS K8s benchmark, put them here
|
||
# securityContextCapabilities:
|
||
# drop:
|
||
# - NET_RAW
|
||
securityContextCapabilities: {}
|
||
|
||
# In the case of mounting an ext4 filesystem, it might be desirable to use `supplementalGroups` instead of `fsGroup` in
|
||
# the `securityContext` block: https://github.com/kubernetes/kubernetes/issues/67014#issuecomment-589915496
|
||
# podSecurityContextOverride:
|
||
# runAsUser: 1000
|
||
# runAsNonRoot: true
|
||
# supplementalGroups: [1000]
|
||
# capabilities: {}
|
||
# -- Completely overwrites the contents of the pod security context, ignoring the values provided for `runAsUser`, `fsGroup`, and `securityContextCapabilities`
|
||
podSecurityContextOverride: ~
|
||
|
||
# -- Allow controlling the securityContext for the jenkins container
|
||
containerSecurityContext:
|
||
runAsUser: 1000
|
||
runAsGroup: 1000
|
||
readOnlyRootFilesystem: true
|
||
allowPrivilegeEscalation: false
|
||
|
||
# For minikube, set this to NodePort, elsewhere uses LoadBalancer
|
||
# Use ClusterIP if your setup includes ingress controller
|
||
# -- k8s service type
|
||
serviceType: ClusterIP
|
||
|
||
# -- k8s service clusterIP. Only used if serviceType is ClusterIP
|
||
clusterIp:
|
||
# -- k8s service port
|
||
servicePort: 8080
|
||
# -- k8s target port
|
||
targetPort: 8080
|
||
# -- k8s node port. Only used if serviceType is NodePort
|
||
nodePort:
|
||
|
||
# Use Local to preserve the client source IP and avoids a second hop for LoadBalancer and NodePort type services,
|
||
# but risks potentially imbalanced traffic spreading.
|
||
serviceExternalTrafficPolicy:
|
||
|
||
# -- Jenkins controller service annotations
|
||
serviceAnnotations: {}
|
||
# -- Jenkins controller custom labels for the StatefulSet
|
||
statefulSetLabels: {}
|
||
# foo: bar
|
||
# bar: foo
|
||
# -- Labels for the Jenkins controller-service
|
||
serviceLabels: {}
|
||
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
|
||
|
||
# Put labels on Jenkins controller pod
|
||
# -- Custom Pod labels (an object with `label-key: label-value` pairs)
|
||
podLabels: {}
|
||
|
||
# Enable Kubernetes Startup, Liveness and Readiness Probes
|
||
# if Startup Probe is supported, enable it too
|
||
# ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout.
|
||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
|
||
# -- Enable Kubernetes Probes configuration configured in `controller.probes`
|
||
healthProbes: true
|
||
|
||
probes:
|
||
startupProbe:
|
||
# -- Set the failure threshold for the startup probe
|
||
failureThreshold: 12
|
||
httpGet:
|
||
# -- Set the Pod's HTTP path for the startup probe
|
||
path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
|
||
# -- Set the Pod's HTTP port to use for the startup probe
|
||
port: http
|
||
# -- Set the time interval between two startup probes executions in seconds
|
||
periodSeconds: 10
|
||
# -- Set the timeout for the startup probe in seconds
|
||
timeoutSeconds: 5
|
||
|
||
livenessProbe:
|
||
# -- Set the failure threshold for the liveness probe
|
||
failureThreshold: 5
|
||
httpGet:
|
||
# -- Set the Pod's HTTP path for the liveness probe
|
||
path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
|
||
# -- Set the Pod's HTTP port to use for the liveness probe
|
||
port: http
|
||
# -- Set the time interval between two liveness probes executions in seconds
|
||
periodSeconds: 10
|
||
# -- Set the timeout for the liveness probe in seconds
|
||
timeoutSeconds: 5
|
||
|
||
# If Startup Probe is not supported on your Kubernetes cluster, you might want to use "initialDelaySeconds" instead.
|
||
# It delays the initial liveness probe while Jenkins is starting
|
||
# -- Set the initial delay for the liveness probe in seconds
|
||
initialDelaySeconds:
|
||
|
||
readinessProbe:
|
||
# -- Set the failure threshold for the readiness probe
|
||
failureThreshold: 3
|
||
httpGet:
|
||
# -- Set the Pod's HTTP path for the liveness probe
|
||
path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
|
||
# -- Set the Pod's HTTP port to use for the readiness probe
|
||
port: http
|
||
# -- Set the time interval between two readiness probes executions in seconds
|
||
periodSeconds: 10
|
||
# -- Set the timeout for the readiness probe in seconds
|
||
timeoutSeconds: 5
|
||
|
||
# If Startup Probe is not supported on your Kubernetes cluster, you might want to use "initialDelaySeconds" instead.
|
||
# It delays the initial readiness probe while Jenkins is starting
|
||
# -- Set the initial delay for the readiness probe in seconds
|
||
initialDelaySeconds:
|
||
|
||
# PodDisruptionBudget config
|
||
podDisruptionBudget:
|
||
# ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||
|
||
# -- Enable Kubernetes Pod Disruption Budget configuration
|
||
enabled: false
|
||
|
||
# For Kubernetes v1.5+, use 'policy/v1beta1'
|
||
# For Kubernetes v1.21+, use 'policy/v1'
|
||
# -- Policy API version
|
||
apiVersion: "policy/v1beta1"
|
||
|
||
annotations: {}
|
||
labels: {}
|
||
# -- Number of pods that can be unavailable. Either an absolute number or a percentage
|
||
maxUnavailable: "0"
|
||
|
||
# -- Create Agent listener service
|
||
agentListenerEnabled: true
|
||
# -- Listening port for agents
|
||
agentListenerPort: 50000
|
||
# -- Host port to listen for agents
|
||
agentListenerHostPort:
|
||
# -- Node port to listen for agents
|
||
agentListenerNodePort:
|
||
|
||
# ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies
|
||
# -- Traffic Policy of for the agentListener service
|
||
agentListenerExternalTrafficPolicy:
|
||
# -- Allowed inbound IP for the agentListener service
|
||
agentListenerLoadBalancerSourceRanges:
|
||
- 0.0.0.0/0
|
||
# -- Disabled agent protocols
|
||
disabledAgentProtocols:
|
||
- JNLP-connect
|
||
- JNLP2-connect
|
||
csrf:
|
||
defaultCrumbIssuer:
|
||
# -- Enable the default CSRF Crumb issuer
|
||
enabled: true
|
||
# -- Enable proxy compatibility
|
||
proxyCompatability: true
|
||
|
||
# Kubernetes service type for the JNLP agent service
|
||
# agentListenerServiceType is the Kubernetes Service type for the JNLP agent service,
|
||
# either 'LoadBalancer', 'NodePort', or 'ClusterIP'
|
||
# Note if you set this to 'LoadBalancer', you *must* define annotations to secure it. By default,
|
||
# this will be an external load balancer and allowing inbound 0.0.0.0/0, a HUGE
|
||
# security risk: https://github.com/kubernetes/charts/issues/1341
|
||
# -- Defines how to expose the agentListener service
|
||
agentListenerServiceType: "ClusterIP"
|
||
|
||
# -- Annotations for the agentListener service
|
||
agentListenerServiceAnnotations: {}
|
||
|
||
# Optionally, assign an IP to the LoadBalancer agentListenerService LoadBalancer
|
||
# GKE users: only regional static IPs will work for Service Load balancer.
|
||
# -- Static IP for the agentListener LoadBalancer
|
||
agentListenerLoadBalancerIP:
|
||
|
||
# -- Whether legacy remoting security should be enabled
|
||
legacyRemotingSecurityEnabled: false
|
||
|
||
# Example of a 'LoadBalancer'-type agent listener with annotations securing it
|
||
# agentListenerServiceType: LoadBalancer
|
||
# agentListenerServiceAnnotations:
|
||
# service.beta.kubernetes.io/aws-load-balancer-internal: "True"
|
||
# service.beta.kubernetes.io/load-balancer-source-ranges: "172.0.0.0/8, 10.0.0.0/8"
|
||
|
||
# LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to
|
||
# set allowed inbound rules on the security group assigned to the controller load balancer
|
||
# -- Allowed inbound IP addresses
|
||
loadBalancerSourceRanges:
|
||
- 0.0.0.0/0
|
||
|
||
# -- Optionally assign a known public LB IP
|
||
loadBalancerIP:
|
||
|
||
# Optionally configure a JMX port. This requires additional javaOpts, for example,
|
||
# javaOpts: >
|
||
# -Dcom.sun.management.jmxremote.port=4000
|
||
# -Dcom.sun.management.jmxremote.authenticate=false
|
||
# -Dcom.sun.management.jmxremote.ssl=false
|
||
# jmxPort: 4000
|
||
# -- Open a port, for JMX stats
|
||
jmxPort:
|
||
|
||
# -- Optionally configure other ports to expose in the controller container
|
||
extraPorts: []
|
||
# - name: BuildInfoProxy
|
||
# port: 9000
|
||
# targetPort: 9010 (Optional: Use to explicitly set targetPort if different from port)
|
||
|
||
# Plugins will be installed during Jenkins controller start
|
||
# -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false`
|
||
installPlugins:
|
||
- kubernetes:4295.v7fa_01b_309c95
|
||
- workflow-aggregator:600.vb_57cdd26fdd7
|
||
- git:5.6.0
|
||
- configuration-as-code:1887.v9e47623cb_043
|
||
|
||
# If set to false, Jenkins will download the minimum required version of all dependencies.
|
||
# -- Download the minimum required version or latest version of all dependencies
|
||
installLatestPlugins: true
|
||
|
||
# -- Set to true to download the latest version of any plugin that is requested to have the latest version
|
||
installLatestSpecifiedPlugins: false
|
||
|
||
# -- List of plugins to install in addition to those listed in controller.installPlugins
|
||
additionalPlugins: []
|
||
|
||
# Without this; whenever the controller gets restarted (Evicted, etc.) it will fetch plugin updates that have the potential to cause breakage.
|
||
# Note that for this to work, `persistence.enabled` needs to be set to `true`
|
||
# -- Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true`
|
||
initializeOnce: false
|
||
|
||
# Enable to always override the installed plugins with the values of 'controller.installPlugins' on upgrade or redeployment.
|
||
# -- Overwrite installed plugins on start
|
||
overwritePlugins: false
|
||
|
||
# Configures if plugins bundled with `controller.image` should be overwritten with the values of 'controller.installPlugins' on upgrade or redeployment.
|
||
# -- Overwrite plugins that are already installed in the controller image
|
||
overwritePluginsFromImage: true
|
||
|
||
# Configures the restrictions for naming projects. Set this key to null or empty to skip it in the default config.
|
||
projectNamingStrategy: standard
|
||
|
||
# Useful with ghprb plugin. The OWASP plugin is not installed by default, please update controller.installPlugins.
|
||
# -- Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter)
|
||
enableRawHtmlMarkupFormatter: false
|
||
|
||
# This is ignored if enableRawHtmlMarkupFormatter is true
|
||
# -- Yaml of the markup formatter to use
|
||
markupFormatter: plainText
|
||
|
||
# Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval
|
||
# -- List of groovy functions to approve
|
||
scriptApproval: []
|
||
# - "method groovy.json.JsonSlurperClassic parseText java.lang.String"
|
||
# - "new groovy.json.JsonSlurperClassic"
|
||
|
||
# -- Map of groovy init scripts to be executed during Jenkins controller start
|
||
initScripts: {}
|
||
# test: |-
|
||
# print 'adding global pipeline libraries, register properties, bootstrap jobs...'
|
||
# -- Name of the existing ConfigMap that contains init scripts
|
||
initConfigMap:
|
||
|
||
# 'name' is a name of an existing secret in the same namespace as jenkins,
|
||
# 'keyName' is the name of one of the keys inside the current secret.
|
||
# the 'name' and 'keyName' are concatenated with a '-' in between, so for example:
|
||
# an existing secret "secret-credentials" and a key inside it named "github-password" should be used in JCasC as ${secret-credentials-github-password}
|
||
# 'name' and 'keyName' must be lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-',
|
||
# and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc')
|
||
# existingSecret existing secret "secret-credentials" and a key inside it named "github-username" should be used in JCasC as ${github-username}
|
||
# When using existingSecret no need to specify the keyName under additionalExistingSecrets.
|
||
existingSecret:
|
||
|
||
# -- List of additional existing secrets to mount
|
||
additionalExistingSecrets: []
|
||
# ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets
|
||
# additionalExistingSecrets:
|
||
# - name: secret-name-1
|
||
# keyName: username
|
||
# - name: secret-name-1
|
||
# keyName: password
|
||
|
||
# -- List of additional secrets to create and mount
|
||
additionalSecrets: []
|
||
# ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets
|
||
# additionalSecrets:
|
||
# - name: nameOfSecret
|
||
# value: secretText
|
||
|
||
# Generate SecretClaim resources to create Kubernetes secrets from HashiCorp Vault using kube-vault-controller.
|
||
# 'name' is the name of the secret that will be created in Kubernetes. The Jenkins fullname is prepended to this value.
|
||
# 'path' is the fully qualified path to the secret in Vault
|
||
# 'type' is an optional Kubernetes secret type. The default is 'Opaque'
|
||
# 'renew' is an optional secret renewal time in seconds
|
||
# -- List of `SecretClaim` resources to create
|
||
secretClaims: []
|
||
# - name: secretName # required
|
||
# path: testPath # required
|
||
# type: kubernetes.io/tls # optional
|
||
# renew: 60 # optional
|
||
|
||
# -- Name of default cloud configuration.
|
||
cloudName: "kubernetes"
|
||
|
||
# Below is the implementation of Jenkins Configuration as Code. Add a key under configScripts for each configuration area,
|
||
# where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value.
|
||
# Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label
|
||
# characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the controller in
|
||
# /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each |
|
||
# become the content of the configuration yaml file. The first line after this is a JCasC root element, e.g., jenkins, credentials,
|
||
# etc. Best reference is https://<jenkins_url>/configuration-as-code/reference. The example below creates a welcome message:
|
||
JCasC:
|
||
# -- Enables default Jenkins configuration via configuration as code plugin
|
||
defaultConfig: true
|
||
|
||
# If true, the init container deletes all the plugin config files and Jenkins Config as Code overwrites any existing configuration
|
||
# -- Whether Jenkins Config as Code should overwrite any existing configuration
|
||
overwriteConfiguration: false
|
||
# -- Remote URLs for configuration files.
|
||
configUrls: []
|
||
# - https://acme.org/jenkins.yaml
|
||
# -- List of Jenkins Config as Code scripts
|
||
configScripts: {}
|
||
# welcome-message: |
|
||
# jenkins:
|
||
# systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'.
|
||
|
||
# Allows adding to the top-level security JCasC section. For legacy purposes, by default, the chart includes apiToken configurations
|
||
# -- Jenkins Config as Code security-section
|
||
security:
|
||
apiToken:
|
||
creationOfLegacyTokenEnabled: false
|
||
tokenGenerationOnCreationEnabled: false
|
||
usageStatisticsEnabled: true
|
||
|
||
# Ignored if securityRealm is defined in controller.JCasC.configScripts
|
||
# -- Jenkins Config as Code Security Realm-section
|
||
securityRealm: |-
|
||
local:
|
||
allowsSignup: false
|
||
enableCaptcha: false
|
||
users:
|
||
- id: "${chart-admin-username}"
|
||
name: "Jenkins Admin"
|
||
password: "${chart-admin-password}"
|
||
|
||
# Ignored if authorizationStrategy is defined in controller.JCasC.configScripts
|
||
# -- Jenkins Config as Code Authorization Strategy-section
|
||
authorizationStrategy: |-
|
||
loggedInUsersCanDoAnything:
|
||
allowAnonymousRead: false
|
||
|
||
# -- Annotations for the JCasC ConfigMap
|
||
configMapAnnotations: {}
|
||
|
||
# -- Custom init-container specification in raw-yaml format
|
||
customInitContainers: []
|
||
# - name: custom-init
|
||
# image: "alpine:3"
|
||
# imagePullPolicy: Always
|
||
# command: [ "uname", "-a" ]
|
||
|
||
sidecars:
|
||
configAutoReload:
|
||
# If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot.
|
||
# If false or not-specified, JCasC changes will cause a reboot and will only be applied at the subsequent start-up.
|
||
# Auto-reload uses the http://<jenkins_url>/reload-configuration-as-code endpoint to reapply config when changes to
|
||
# the configScripts are detected.
|
||
# -- Enables Jenkins Config as Code auto-reload
|
||
enabled: true
|
||
image:
|
||
# -- Registry for the image that triggers the reload
|
||
registry: docker.io
|
||
# -- Repository of the image that triggers the reload
|
||
repository: kiwigrid/k8s-sidecar
|
||
# -- Tag for the image that triggers the reload
|
||
tag: 1.28.0
|
||
imagePullPolicy: IfNotPresent
|
||
resources: {}
|
||
# limits:
|
||
# cpu: 100m
|
||
# memory: 100Mi
|
||
# requests:
|
||
# cpu: 50m
|
||
# memory: 50Mi
|
||
# -- Enables additional volume mounts for the config auto-reload container
|
||
additionalVolumeMounts: []
|
||
# - name: auto-reload-config
|
||
# mountPath: /var/config/logger
|
||
# - name: auto-reload-logs
|
||
# mountPath: /var/log/auto_reload
|
||
# -- Config auto-reload logging settings
|
||
logging:
|
||
# See default settings https://github.com/kiwigrid/k8s-sidecar/blob/master/src/logger.py
|
||
configuration:
|
||
# -- Enables custom log config utilizing using the settings below.
|
||
override: false
|
||
logLevel: INFO
|
||
formatter: JSON
|
||
logToConsole: true
|
||
logToFile: false
|
||
maxBytes: 1024
|
||
backupCount: 3
|
||
|
||
# -- The scheme to use when connecting to the Jenkins configuration as code endpoint
|
||
scheme: http
|
||
# -- Skip TLS verification when connecting to the Jenkins configuration as code endpoint
|
||
skipTlsVerify: false
|
||
|
||
# -- How many connection-related errors to retry on
|
||
reqRetryConnect: 10
|
||
# -- How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar)
|
||
sleepTime:
|
||
|
||
# -- Environment variable sources for the Jenkins Config as Code auto-reload container
|
||
envFrom: []
|
||
# -- Environment variables for the Jenkins Config as Code auto-reload container
|
||
env: {}
|
||
# - name: REQ_TIMEOUT
|
||
# value: "30"
|
||
|
||
# SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random.
|
||
# This is only used to reload JCasC config from the sidecar container running in the Jenkins controller pod.
|
||
# This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be
|
||
# accessible via SSH from outside the pod. Note if you use non-root pod privileges (runAsUser & fsGroup),
|
||
# this must be > 1024:
|
||
sshTcpPort: 1044
|
||
# folder in the pod that should hold the collected dashboards:
|
||
folder: "/var/jenkins_home/casc_configs"
|
||
|
||
# If specified, the sidecar will search for JCasC config-maps inside this namespace.
|
||
# Otherwise, the namespace in which the sidecar is running will be used.
|
||
# It's also possible to specify ALL to search in all namespaces:
|
||
# searchNamespace:
|
||
# -- Enable container security context
|
||
containerSecurityContext:
|
||
readOnlyRootFilesystem: true
|
||
allowPrivilegeEscalation: false
|
||
|
||
# -- Configures additional sidecar container(s) for the Jenkins controller
|
||
additionalSidecarContainers: []
|
||
## The example below runs the client for https://smee.io as sidecar container next to Jenkins,
|
||
## that allows triggering build behind a secure firewall.
|
||
## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall
|
||
##
|
||
## Note: To use it you should go to https://smee.io/new and update the url to the generated one.
|
||
# - name: smee
|
||
# image: docker.io/twalter/smee-client:1.0.2
|
||
# args: ["--port", "{{ .Values.controller.servicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"]
|
||
# resources:
|
||
# limits:
|
||
# cpu: 50m
|
||
# memory: 128Mi
|
||
# requests:
|
||
# cpu: 10m
|
||
# memory: 32Mi
|
||
|
||
# -- Name of the Kubernetes scheduler to use
|
||
schedulerName: ""
|
||
|
||
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
||
# -- Node labels for pod assignment
|
||
nodeSelector: {}
|
||
|
||
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
|
||
# -- Toleration labels for pod assignment
|
||
tolerations: []
|
||
# -- Set TerminationGracePeriodSeconds
|
||
terminationGracePeriodSeconds:
|
||
# -- Set the termination message path
|
||
terminationMessagePath:
|
||
# -- Set the termination message policy
|
||
terminationMessagePolicy:
|
||
|
||
# -- Affinity settings
|
||
affinity: {}
|
||
|
||
# Leverage a priorityClass to ensure your pods survive resource shortages
|
||
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
||
# -- The name of a `priorityClass` to apply to the controller pod
|
||
priorityClassName:
|
||
|
||
# -- Annotations for controller pod
|
||
podAnnotations: {}
|
||
# -- Annotations for controller StatefulSet
|
||
statefulSetAnnotations: {}
|
||
|
||
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
||
# -- Update strategy for StatefulSet
|
||
updateStrategy: {}
|
||
|
||
# -- Topology spread constraints
|
||
topologySpreadConstraints: {}
|
||
|
||
ingress:
|
||
# -- Enables ingress
|
||
enabled: false
|
||
|
||
# Override for the default paths that map requests to the backend
|
||
# -- Override for the default Ingress paths
|
||
paths: []
|
||
# - backend:
|
||
# serviceName: ssl-redirect
|
||
# servicePort: use-annotation
|
||
# - backend:
|
||
# serviceName: >-
|
||
# {{ template "jenkins.fullname" . }}
|
||
# # Don't use string here, use only integer value!
|
||
# servicePort: 8080
|
||
|
||
# For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'
|
||
# For Kubernetes v1.19+, use 'networking.k8s.io/v1'
|
||
# -- Ingress API version
|
||
apiVersion: "extensions/v1beta1"
|
||
# -- Ingress labels
|
||
labels: {}
|
||
# -- Ingress annotations
|
||
annotations: {}
|
||
# kubernetes.io/ingress.class: nginx
|
||
# kubernetes.io/tls-acme: "true"
|
||
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
|
||
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
|
||
# ingressClassName: nginx
|
||
|
||
# Set this path to jenkinsUriPrefix above or use annotations to rewrite path
|
||
# -- Ingress path
|
||
path:
|
||
|
||
# configures the hostname e.g. jenkins.example.com
|
||
# -- Ingress hostname
|
||
hostName:
|
||
# -- Hostname to serve assets from
|
||
resourceRootUrl:
|
||
# -- Ingress TLS configuration
|
||
tls: []
|
||
# - secretName: jenkins.cluster.local
|
||
# hosts:
|
||
# - jenkins.cluster.local
|
||
|
||
# often you want to have your controller all locked down and private,
|
||
# but you still want to get webhooks from your SCM
|
||
# A secondary ingress will let you expose different urls
|
||
# with a different configuration
|
||
secondaryingress:
|
||
enabled: false
|
||
# paths you want forwarded to the backend
|
||
# ex /github-webhook
|
||
paths: []
|
||
# For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'
|
||
# For Kubernetes v1.19+, use 'networking.k8s.io/v1'
|
||
apiVersion: "extensions/v1beta1"
|
||
labels: {}
|
||
annotations: {}
|
||
# kubernetes.io/ingress.class: nginx
|
||
# kubernetes.io/tls-acme: "true"
|
||
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
|
||
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
|
||
# ingressClassName: nginx
|
||
# configures the hostname e.g., jenkins-external.example.com
|
||
hostName:
|
||
tls:
|
||
# - secretName: jenkins-external.example.com
|
||
# hosts:
|
||
# - jenkins-external.example.com
|
||
|
||
# If you're running on GKE and need to configure a backendconfig
|
||
# to finish ingress setup, use the following values.
|
||
# Docs: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig
|
||
backendconfig:
|
||
# -- Enables backendconfig
|
||
enabled: false
|
||
# -- backendconfig API version
|
||
apiVersion: "extensions/v1beta1"
|
||
# -- backendconfig name
|
||
name:
|
||
# -- backendconfig labels
|
||
labels: {}
|
||
# -- backendconfig annotations
|
||
annotations: {}
|
||
# -- backendconfig spec
|
||
spec: {}
|
||
|
||
# Openshift route
|
||
route:
|
||
# -- Enables openshift route
|
||
enabled: false
|
||
# -- Route labels
|
||
labels: {}
|
||
# -- Route annotations
|
||
annotations: {}
|
||
# -- Route path
|
||
path:
|
||
|
||
# -- Allows for adding entries to Pod /etc/hosts
|
||
hostAliases: []
|
||
# ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||
# hostAliases:
|
||
# - ip: 192.168.50.50
|
||
# hostnames:
|
||
# - something.local
|
||
# - ip: 10.0.50.50
|
||
# hostnames:
|
||
# - other.local
|
||
|
||
# Expose Prometheus metrics
|
||
prometheus:
|
||
# If enabled, add the prometheus plugin to the list of plugins to install
|
||
# https://plugins.jenkins.io/prometheus
|
||
|
||
# -- Enables prometheus service monitor
|
||
enabled: false
|
||
# -- Additional labels to add to the service monitor object
|
||
serviceMonitorAdditionalLabels: {}
|
||
# -- Set a custom namespace where to deploy ServiceMonitor resource
|
||
serviceMonitorNamespace:
|
||
# -- How often prometheus should scrape metrics
|
||
scrapeInterval: 60s
|
||
|
||
# Defaults to the default endpoint used by the prometheus plugin
|
||
# -- The endpoint prometheus should get metrics from
|
||
scrapeEndpoint: /prometheus
|
||
|
||
# See here: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
|
||
# The `groups` root object is added by default, add the rule entries
|
||
# -- Array of prometheus alerting rules
|
||
alertingrules: []
|
||
# -- Additional labels to add to the PrometheusRule object
|
||
alertingRulesAdditionalLabels: {}
|
||
# -- Set a custom namespace where to deploy PrometheusRule resource
|
||
prometheusRuleNamespace: ""
|
||
|
||
# RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds
|
||
# relabelings for a few standard Kubernetes fields. The original scrape job’s name
|
||
# is available via the __tmp_prometheus_job_name label.
|
||
# More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
|
||
relabelings: []
|
||
# MetricRelabelConfigs to apply to samples before ingestion.
|
||
metricRelabelings: []
|
||
|
||
googlePodMonitor:
|
||
# If enabled, It creates Google Managed Prometheus scraping config
|
||
enabled: false
|
||
# Set a custom namespace where to deploy PodMonitoring resource
|
||
# serviceMonitorNamespace: ""
|
||
scrapeInterval: 60s
|
||
# This is the default endpoint used by the prometheus plugin
|
||
scrapeEndpoint: /prometheus
|
||
|
||
# -- Can be used to disable rendering controller test resources when using helm template
|
||
testEnabled: true
|
||
|
||
httpsKeyStore:
|
||
# -- Enables HTTPS keystore on jenkins controller
|
||
enable: false
|
||
# -- Name of the secret that already has ssl keystore
|
||
jenkinsHttpsJksSecretName: ""
|
||
# -- Name of the key in the secret that already has ssl keystore
|
||
jenkinsHttpsJksSecretKey: "jenkins-jks-file"
|
||
# -- Name of the secret that contains the JKS password, if it is not in the same secret as the JKS file
|
||
jenkinsHttpsJksPasswordSecretName: ""
|
||
# -- Name of the key in the secret that contains the JKS password
|
||
jenkinsHttpsJksPasswordSecretKey: "https-jks-password"
|
||
disableSecretMount: false
|
||
|
||
# When HTTPS keystore is enabled, servicePort and targetPort will be used as HTTPS port
|
||
# -- HTTP Port that Jenkins should listen to along with HTTPS, it also serves as the liveness and readiness probes port.
|
||
httpPort: 8081
|
||
# -- Path of HTTPS keystore file
|
||
path: "/var/jenkins_keystore"
|
||
# -- Jenkins keystore filename which will appear under controller.httpsKeyStore.path
|
||
fileName: "keystore.jks"
|
||
# -- Jenkins keystore password
|
||
password: "password"
|
||
|
||
# -- Base64 encoded Keystore content. Keystore must be converted to base64 then being pasted here
|
||
jenkinsKeyStoreBase64Encoded:
|
||
# Convert keystore.jks files content to base64 > $ cat keystore.jks | base64
|
||
# /u3+7QAAAAIAAAABAAAAAQANamVua2luc2NpLmNvbQAAAW2r/b1ZAAAFATCCBP0wDgYKKwYBBAEq
|
||
# AhEBAQUABIIE6QbCqasvoHS0pSwYqSvdydMCB9t+VNfwhFIiiuAelJfO5sSe2SebJbtwHgLcRz1Z
|
||
# gMtWgOSFdl3bWSzA7vrW2LED52h+jXLYSWvZzuDuh8hYO85m10ikF6QR+dTi4jra0whIFDvq3pxe
|
||
# TnESxEsN+DvbZM3jA3qsjQJSeISNpDjO099dqQvHpnCn18lyk7J4TWJ8sOQQb1EM2zDAfAOSqA/x
|
||
# QuPEFl74DlY+5DIk6EBvpmWhaMSvXzWZACGA0sYqa157dq7O0AqmuLG/EI5EkHETO4CrtBW+yLcy
|
||
# 2dUCXOMA+j+NjM1BjrQkYE5vtSfNO6lFZcISyKo5pTFlcA7ut0Fx2nZ8GhHTn32CpeWwNcZBn1gR
|
||
# pZVt6DxVVkhTAkMLhR4rL2wGIi/1WRs23ZOLGKtyDNvDHnQyDiQEoJGy9nAthA8aNHa3cfdF10vB
|
||
# Drb19vtpFHmpvKEEhpk2EBRF4fTi644Fuhu2Ied6118AlaPvEea+n6G4vBz+8RWuVCmZjLU+7h8l
|
||
# Hy3/WdUPoIL5eW7Kz+hS+sRTFzfu9C48dMkQH3a6f3wSY+mufizNF9U298r98TnYy+PfDJK0bstG
|
||
# Ph6yPWx8DGXKQBwrhWJWXI6JwZDeC5Ny+l8p1SypTmAjpIaSW3ge+KgcL6Wtt1R5hUV1ajVwVSUi
|
||
# HF/FachKqPqyLJFZTGjNrxnmNYpt8P1d5JTvJfmfr55Su/P9n7kcyWp7zMcb2Q5nlXt4tWogOHLI
|
||
# OzEWKCacbFfVHE+PpdrcvCVZMDzFogIq5EqGTOZe2poPpBVE+1y9mf5+TXBegy5HToLWvmfmJNTO
|
||
# NCDuBjgLs2tdw2yMPm4YEr57PnMX5gGTC3f2ZihXCIJDCRCdQ9sVBOjIQbOCzxFXkVITo0BAZhCi
|
||
# Yz61wt3Ud8e//zhXWCkCsSV+IZCxxPzhEFd+RFVjW0Nm9hsb2FgAhkXCjsGROgoleYgaZJWvQaAg
|
||
# UyBzMmKDPKTllBHyE3Gy1ehBNGPgEBChf17/9M+j8pcm1OmlM434ctWQ4qW7RU56//yq1soFY0Te
|
||
# fu2ei03a6m68fYuW6s7XEEK58QisJWRAvEbpwu/eyqfs7PsQ+zSgJHyk2rO95IxdMtEESb2GRuoi
|
||
# Bs+AHNdYFTAi+GBWw9dvEgqQ0Mpv0//6bBE/Fb4d7b7f56uUNnnE7mFnjGmGQN+MvC62pfwfvJTT
|
||
# EkT1iZ9kjM9FprTFWXT4UmO3XTvesGeE50sV9YPm71X4DCQwc4KE8vyuwj0s6oMNAUACW2ClU9QQ
|
||
# y0tRpaF1tzs4N42Q5zl0TzWxbCCjAtC3u6xf+c8MCGrr7DzNhm42LOQiHTa4MwX4x96q7235oiAU
|
||
# iQqSI/hyF5yLpWw4etyUvsx2/0/0wkuTU1FozbLoCWJEWcPS7QadMrRRISxHf0YobIeQyz34regl
|
||
# t1qSQ3dCU9D6AHLgX6kqllx4X0fnFq7LtfN7fA2itW26v+kAT2QFZ3qZhINGfofCja/pITC1uNAZ
|
||
# gsJaTMcQ600krj/ynoxnjT+n1gmeqThac6/Mi3YlVeRtaxI2InL82ZuD+w/dfY9OpPssQjy3xiQa
|
||
# jPuaMWXRxz/sS9syOoGVH7XBwKrWpQcpchozWJt40QV5DslJkclcr8aC2AGlzuJMTdEgz1eqV0+H
|
||
# bAXG9HRHN/0eJTn1/QAAAAEABVguNTA5AAADjzCCA4swggJzAhRGqVxH4HTLYPGO4rzHcCPeGDKn
|
||
# xTANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCY2ExEDAOBgNVBAgMB29udGFyaW8xEDAOBgNV
|
||
# BAcMB3Rvcm9udG8xFDASBgNVBAoMC2plbmtpbnN0ZXN0MRkwFwYDVQQDDBBqZW5raW5zdGVzdC5p
|
||
# bmZvMR0wGwYJKoZIhvcNAQkBFg50ZXN0QHRlc3QuaW5mbzAeFw0xOTEwMDgxNTI5NTVaFw0xOTEx
|
||
# MDcxNTI5NTVaMIGBMQswCQYDVQQGEwJjYTEQMA4GA1UECAwHb250YXJpbzEQMA4GA1UEBwwHdG9y
|
||
# b250bzEUMBIGA1UECgwLamVua2luc3Rlc3QxGTAXBgNVBAMMEGplbmtpbnN0ZXN0LmluZm8xHTAb
|
||
# BgkqhkiG9w0BCQEWDnRlc3RAdGVzdC5pbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
||
# AQEA02q352JTHGvROMBhSHvSv+vnoOTDKSTz2aLQn0tYrIRqRo+8bfmMjXuhkwZPSnCpvUGNAJ+w
|
||
# Jrt/dqMoYUjCBkjylD/qHmnXN5EwS1cMg1Djh65gi5JJLFJ7eNcoSsr/0AJ+TweIal1jJSP3t3PF
|
||
# 9Uv21gm6xdm7HnNK66WpUUXLDTKaIs/jtagVY1bLOo9oEVeLN4nT2CYWztpMvdCyEDUzgEdDbmrP
|
||
# F5nKUPK5hrFqo1Dc5rUI4ZshL3Lpv398aMxv6n2adQvuL++URMEbXXBhxOrT6rCtYzbcR5fkwS9i
|
||
# d3Br45CoWOQro02JAepoU0MQKY5+xQ4Bq9Q7tB9BAwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAe
|
||
# 4xc+mSvKkrKBHg9/zpkWgZUiOp4ENJCi8H4tea/PCM439v6y/kfjT/okOokFvX8N5aa1OSz2Vsrl
|
||
# m8kjIc6hiA7bKzT6lb0EyjUShFFZ5jmGVP4S7/hviDvgB5yEQxOPpumkdRP513YnEGj/o9Pazi5h
|
||
# /MwpRxxazoda9r45kqQpyG+XoM4pB+Fd3JzMc4FUGxfVPxJU4jLawnJJiZ3vqiSyaB0YyUL+Er1Q
|
||
# 6NnqtR4gEBF0ZVlQmkycFvD4EC2boP943dLqNUvop+4R3SM1QMM6P5u8iTXtHd/VN4MwMyy1wtog
|
||
# hYAzODo1Jt59pcqqKJEas0C/lFJEB3frw4ImNx5fNlJYOpx+ijfQs9m39CevDq0=
|
||
|
||
agent:
|
||
# -- Enable Kubernetes plugin jnlp-agent podTemplate
|
||
enabled: true
|
||
# -- The name of the pod template to use for providing default values
|
||
defaultsProviderTemplate: ""
|
||
|
||
# Useful for not including a serviceAccount in the template if `false`
|
||
# -- Use `serviceAccountAgent.name` as the default value for defaults template `serviceAccount`
|
||
useDefaultServiceAccount: true
|
||
|
||
# -- Override the default service account
|
||
# @default -- `serviceAccountAgent.name` if `agent.useDefaultServiceAccount` is `true`
|
||
serviceAccount:
|
||
|
||
# For connecting to the Jenkins controller
|
||
# -- Overrides the Kubernetes Jenkins URL
|
||
jenkinsUrl:
|
||
|
||
# connects to the specified host and port, instead of connecting directly to the Jenkins controller
|
||
# -- Overrides the Kubernetes Jenkins tunnel
|
||
jenkinsTunnel:
|
||
# -- Disables the verification of the controller certificate on remote connection. This flag correspond to the "Disable https certificate check" flag in kubernetes plugin UI
|
||
skipTlsVerify: false
|
||
# -- Enable the possibility to restrict the usage of this agent to specific folder. This flag correspond to the "Restrict pipeline support to authorized folders" flag in kubernetes plugin UI
|
||
usageRestricted: false
|
||
# -- The connection timeout in seconds for connections to Kubernetes API. The minimum value is 5
|
||
kubernetesConnectTimeout: 5
|
||
# -- The read timeout in seconds for connections to Kubernetes API. The minimum value is 15
|
||
kubernetesReadTimeout: 15
|
||
# -- The maximum concurrent connections to Kubernetes API
|
||
maxRequestsPerHostStr: "32"
|
||
# -- Time in minutes after which the Kubernetes cloud plugin will clean up an idle worker that has not already terminated
|
||
retentionTimeout: 5
|
||
# -- Seconds to wait for pod to be running
|
||
waitForPodSec: 600
|
||
# -- Namespace in which the Kubernetes agents should be launched
|
||
namespace:
|
||
# -- Custom Pod labels (an object with `label-key: label-value` pairs)
|
||
podLabels: {}
|
||
# -- Custom registry used to pull the agent jnlp image from
|
||
jnlpregistry:
|
||
image:
|
||
# -- Repository to pull the agent jnlp image from
|
||
repository: "jenkins/inbound-agent"
|
||
# -- Tag of the image to pull
|
||
tag: "3273.v4cfe589b_fd83-1"
|
||
# -- Configure working directory for default agent
|
||
workingDir: "/home/jenkins/agent"
|
||
nodeUsageMode: "NORMAL"
|
||
# -- Append Jenkins labels to the agent
|
||
customJenkinsLabels: []
|
||
# -- Name of the secret to be used to pull the image
|
||
imagePullSecretName:
|
||
componentName: "jenkins-agent"
|
||
# -- Enables agent communication via websockets
|
||
websocket: false
|
||
directConnection: false
|
||
# -- Agent privileged container
|
||
privileged: false
|
||
# -- Configure container user
|
||
runAsUser:
|
||
# -- Configure container group
|
||
runAsGroup:
|
||
# -- Enables the agent to use the host network
|
||
hostNetworking: false
|
||
# -- Resources allocation (Requests and Limits)
|
||
resources:
|
||
requests:
|
||
cpu: "512m"
|
||
memory: "512Mi"
|
||
# ephemeralStorage:
|
||
limits:
|
||
cpu: "512m"
|
||
memory: "512Mi"
|
||
# ephemeralStorage:
|
||
livenessProbe: {}
|
||
# execArgs: "cat /tmp/healthy"
|
||
# failureThreshold: 3
|
||
# initialDelaySeconds: 0
|
||
# periodSeconds: 10
|
||
# successThreshold: 1
|
||
# timeoutSeconds: 1
|
||
|
||
# You may want to change this to true while testing a new image
|
||
# -- Always pull agent container image before build
|
||
alwaysPullImage: false
|
||
# When using Pod Security Admission in the Agents namespace with the restricted Pod Security Standard,
|
||
# the jnlp container cannot be scheduled without overriding its container definition with a securityContext.
|
||
# This option allows to automatically inject in the jnlp container a securityContext
|
||
# that is suitable for the use of the restricted Pod Security Standard.
|
||
# -- Set a restricted securityContext on jnlp containers
|
||
restrictedPssSecurityContext: false
|
||
# Controls how agent pods are retained after the Jenkins build completes
|
||
# Possible values: Always, Never, OnFailure
|
||
podRetention: "Never"
|
||
# Disable if you do not want the Yaml the agent pod template to show up
|
||
# in the job Console Output. This can be helpful for either security reasons
|
||
# or simply to clean up the output to make it easier to read.
|
||
showRawYaml: true
|
||
|
||
# You can define the volumes that you want to mount for this container
|
||
# Allowed types are: ConfigMap, EmptyDir, EphemeralVolume, HostPath, Nfs, PVC, Secret
|
||
# Configure the attributes as they appear in the corresponding Java class for that type
|
||
# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
|
||
# -- Additional volumes
|
||
volumes: []
|
||
# - type: ConfigMap
|
||
# configMapName: myconfigmap
|
||
# mountPath: /var/myapp/myconfigmap
|
||
# - type: EmptyDir
|
||
# mountPath: /var/myapp/myemptydir
|
||
# memory: false
|
||
# - type: EphemeralVolume
|
||
# mountPath: /var/myapp/myephemeralvolume
|
||
# accessModes: ReadWriteOnce
|
||
# requestsSize: 10Gi
|
||
# storageClassName: mystorageclass
|
||
# - type: HostPath
|
||
# hostPath: /var/lib/containers
|
||
# mountPath: /var/myapp/myhostpath
|
||
# - type: Nfs
|
||
# mountPath: /var/myapp/mynfs
|
||
# readOnly: false
|
||
# serverAddress: "192.0.2.0"
|
||
# serverPath: /var/lib/containers
|
||
# - type: PVC
|
||
# claimName: mypvc
|
||
# mountPath: /var/myapp/mypvc
|
||
# readOnly: false
|
||
# - type: Secret
|
||
# defaultMode: "600"
|
||
# mountPath: /var/myapp/mysecret
|
||
# secretName: mysecret
|
||
# Pod-wide environment, these vars are visible to any container in the agent pod
|
||
|
||
# You can define the workspaceVolume that you want to mount for this container
|
||
# Allowed types are: DynamicPVC, EmptyDir, EphemeralVolume, HostPath, Nfs, PVC
|
||
# Configure the attributes as they appear in the corresponding Java class for that type
|
||
# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes/workspace
|
||
# -- Workspace volume (defaults to EmptyDir)
|
||
workspaceVolume: {}
|
||
## DynamicPVC example
|
||
# - type: DynamicPVC
|
||
# configMapName: myconfigmap
|
||
## EmptyDir example
|
||
# - type: EmptyDir
|
||
# memory: false
|
||
## EphemeralVolume example
|
||
# - type: EphemeralVolume
|
||
# accessModes: ReadWriteOnce
|
||
# requestsSize: 10Gi
|
||
# storageClassName: mystorageclass
|
||
## HostPath example
|
||
# - type: HostPath
|
||
# hostPath: /var/lib/containers
|
||
## NFS example
|
||
# - type: Nfs
|
||
# readOnly: false
|
||
# serverAddress: "192.0.2.0"
|
||
# serverPath: /var/lib/containers
|
||
## PVC example
|
||
# - type: PVC
|
||
# claimName: mypvc
|
||
# readOnly: false
|
||
|
||
# Pod-wide environment, these vars are visible to any container in the agent pod
|
||
# -- Environment variables for the agent Pod
|
||
envVars: []
|
||
# - name: PATH
|
||
# value: /usr/local/bin
|
||
# -- Mount a secret as environment variable
|
||
secretEnvVars: []
|
||
# - key: PATH
|
||
# optional: false # default: false
|
||
# secretKey: MY-K8S-PATH
|
||
# secretName: my-k8s-secret
|
||
|
||
# -- Node labels for pod assignment
|
||
nodeSelector: {}
|
||
# Key Value selectors. Ex:
|
||
# nodeSelector
|
||
# jenkins-agent: v1
|
||
|
||
# -- Command to execute when side container starts
|
||
command:
|
||
# -- Arguments passed to command to execute
|
||
args: "${computer.jnlpmac} ${computer.name}"
|
||
# -- Side container name
|
||
sideContainerName: "jnlp"
|
||
|
||
# Doesn't allocate pseudo TTY by default
|
||
# -- Allocate pseudo tty to the side container
|
||
TTYEnabled: false
|
||
# -- Max number of agents to launch
|
||
containerCap: 10
|
||
# -- Agent Pod base name
|
||
podName: "default"
|
||
|
||
# Enables garbage collection of orphan pods for this Kubernetes cloud. (beta)
|
||
garbageCollection:
|
||
# -- When enabled, Jenkins will periodically check for orphan pods that have not been touched for the given timeout period and delete them.
|
||
enabled: false
|
||
# -- Namespaces to look at for garbage collection, in addition to the default namespace defined for the cloud. One namespace per line.
|
||
namespaces: ""
|
||
# namespaces: |-
|
||
# namespaceOne
|
||
# namespaceTwo
|
||
# -- Timeout value for orphaned pods
|
||
timeout: 300
|
||
|
||
# -- Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it
|
||
idleMinutes: 0
|
||
|
||
|
||
# The raw yaml of a Pod API Object, for example, this allows usage of toleration for agent pods.
|
||
# https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates
|
||
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||
# -- The raw yaml of a Pod API Object to merge into the agent spec
|
||
yamlTemplate: ""
|
||
# yamlTemplate: |-
|
||
# apiVersion: v1
|
||
# kind: Pod
|
||
# spec:
|
||
# tolerations:
|
||
# - key: "key"
|
||
# operator: "Equal"
|
||
# value: "value"
|
||
|
||
# -- Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates. Possible values: "merge" or "override"
|
||
yamlMergeStrategy: "override"
|
||
# -- Controls whether the defined yaml merge strategy will be inherited if another defined pod template is configured to inherit from the current one
|
||
inheritYamlMergeStrategy: false
|
||
# -- Timeout in seconds for an agent to be online
|
||
connectTimeout: 100
|
||
# -- Annotations to apply to the pod
|
||
annotations: {}
|
||
|
||
# Containers specified here are added to all agents. Set key empty to remove container from additional agents.
|
||
# -- Add additional containers to the agents
|
||
additionalContainers: []
|
||
# - sideContainerName: dind
|
||
# image:
|
||
# repository: docker
|
||
# tag: dind
|
||
# command: dockerd-entrypoint.sh
|
||
# args: ""
|
||
# privileged: true
|
||
# resources:
|
||
# requests:
|
||
# cpu: 500m
|
||
# memory: 1Gi
|
||
# limits:
|
||
# cpu: 1
|
||
# memory: 2Gi
|
||
|
||
# Useful when configuring agents only with the podTemplates value, since the default podTemplate populated by values mentioned above will be excluded in the rendered template.
|
||
# -- Disable the default Jenkins Agent configuration
|
||
disableDefaultAgent: false
|
||
|
||
# Below is the implementation of custom pod templates for the default configured kubernetes cloud.
|
||
# Add a key under podTemplates for each pod template. Each key (prior to | character) is just a label, and can be any value.
|
||
# Keys are only used to give the pod template a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label
|
||
# characters: lowercase letters, numbers, and hyphens. Each pod template can contain multiple containers.
|
||
# For this pod templates configuration to be loaded, the following values must be set:
|
||
# controller.JCasC.defaultConfig: true
|
||
# Best reference is https://<jenkins_url>/configuration-as-code/reference#Cloud-kubernetes. The example below creates a python pod template.
|
||
# -- Configures extra pod templates for the default kubernetes cloud
|
||
podTemplates: {}
|
||
# python: |
|
||
# - name: python
|
||
# label: jenkins-python
|
||
# serviceAccount: jenkins
|
||
# containers:
|
||
# - name: python
|
||
# image: python:3
|
||
# command: "/bin/sh -c"
|
||
# args: "cat"
|
||
# ttyEnabled: true
|
||
# privileged: true
|
||
# resourceRequestCpu: "400m"
|
||
# resourceRequestMemory: "512Mi"
|
||
# resourceLimitCpu: "1"
|
||
# resourceLimitMemory: "1024Mi"
|
||
|
||
# Inherits all values from `agent` so you only need to specify values which differ
|
||
# -- Configure additional
|
||
additionalAgents: {}
|
||
# maven:
|
||
# podName: maven
|
||
# customJenkinsLabels: maven
|
||
# # An example of overriding the jnlp container
|
||
# # sideContainerName: jnlp
|
||
# image:
|
||
# repository: jenkins/jnlp-agent-maven
|
||
# tag: latest
|
||
# python:
|
||
# podName: python
|
||
# customJenkinsLabels: python
|
||
# sideContainerName: python
|
||
# image:
|
||
# repository: python
|
||
# tag: "3"
|
||
# command: "/bin/sh -c"
|
||
# args: "cat"
|
||
# TTYEnabled: true
|
||
|
||
# Here you can add additional clouds
|
||
# They inherit all values from the default cloud (including the main agent), so
|
||
# you only need to specify values which differ. If you want to override
|
||
# default additionalAgents with the additionalClouds.additionalAgents set
|
||
# additionalAgentsOverride to `true`.
|
||
additionalClouds: {}
|
||
# remote-cloud-1:
|
||
# kubernetesURL: https://api.remote-cloud.com
|
||
# additionalAgentsOverride: true
|
||
# additionalAgents:
|
||
# maven-2:
|
||
# podName: maven-2
|
||
# customJenkinsLabels: maven
|
||
# # An example of overriding the jnlp container
|
||
# # sideContainerName: jnlp
|
||
# image:
|
||
# repository: jenkins/jnlp-agent-maven
|
||
# tag: latest
|
||
# namespace: my-other-maven-namespace
|
||
# remote-cloud-2:
|
||
# kubernetesURL: https://api.remote-cloud.com
|
||
|
||
persistence:
|
||
# -- Enable the use of a Jenkins PVC
|
||
enabled: true
|
||
|
||
# A manually managed Persistent Volume and Claim
|
||
# Requires persistence.enabled: true
|
||
# If defined, PVC must be created manually before volume will be bound
|
||
# -- Provide the name of a PVC
|
||
existingClaim:
|
||
|
||
# jenkins data Persistent Volume Storage Class
|
||
# If defined, storageClassName: <storageClass>
|
||
# If set to "-", storageClassName: "", which disables dynamic provisioning
|
||
# If undefined (the default) or set to null, no storageClassName spec is
|
||
# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS & OpenStack)
|
||
# -- Storage class for the PVC
|
||
storageClass:
|
||
# -- Annotations for the PVC
|
||
annotations: {}
|
||
# -- Labels for the PVC
|
||
labels: {}
|
||
# -- The PVC access mode
|
||
accessMode: "ReadWriteOnce"
|
||
# -- The size of the PVC
|
||
size: "8Gi"
|
||
|
||
# ref: https://kubernetes.io/docs/concepts/storage/volume-pvc-datasource/
|
||
# -- Existing data source to clone PVC from
|
||
dataSource: {}
|
||
# name: PVC-NAME
|
||
# kind: PersistentVolumeClaim
|
||
|
||
# -- SubPath for jenkins-home mount
|
||
subPath:
|
||
# -- Additional volumes
|
||
volumes: []
|
||
# - name: nothing
|
||
# emptyDir: {}
|
||
|
||
# -- Additional mounts
|
||
mounts: []
|
||
# - mountPath: /var/nothing
|
||
# name: nothing
|
||
# readOnly: true
|
||
|
||
networkPolicy:
|
||
# -- Enable the creation of NetworkPolicy resources
|
||
enabled: false
|
||
|
||
# For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1'
|
||
# For Kubernetes v1.7, use 'networking.k8s.io/v1'
|
||
# -- NetworkPolicy ApiVersion
|
||
apiVersion: networking.k8s.io/v1
|
||
# You can allow agents to connect from both within the cluster (from within specific/all namespaces) AND/OR from a given external IP range
|
||
internalAgents:
|
||
# -- Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels
|
||
allowed: true
|
||
# -- A map of labels (keys/values) that agent pods must have to be able to connect to controller
|
||
podLabels: {}
|
||
# -- A map of labels (keys/values) that agents namespaces must have to be able to connect to controller
|
||
namespaceLabels: {}
|
||
# project: myproject
|
||
externalAgents:
|
||
# -- The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16
|
||
ipCIDR:
|
||
# -- A list of IP sub-ranges to be excluded from the allowlisted IP range
|
||
except: []
|
||
# - 172.17.1.0/24
|
||
|
||
## Install Default RBAC roles and bindings
|
||
rbac:
|
||
# -- Whether RBAC resources are created
|
||
create: true
|
||
# -- Whether the Jenkins service account should be able to read Kubernetes secrets
|
||
readSecrets: false
|
||
# -- Whether the Jenkins service account should be able to use the OpenShift "nonroot" Security Context Constraints
|
||
useOpenShiftNonRootSCC: false
|
||
|
||
serviceAccount:
|
||
# -- Configures if a ServiceAccount with this name should be created
|
||
create: true
|
||
|
||
# The name of the ServiceAccount is autogenerated by default
|
||
# -- The name of the ServiceAccount to be used by access-controlled resources
|
||
name:
|
||
# -- Configures annotations for the ServiceAccount
|
||
annotations: {}
|
||
# -- Configures extra labels for the ServiceAccount
|
||
extraLabels: {}
|
||
# -- Controller ServiceAccount image pull secret
|
||
imagePullSecretName:
|
||
|
||
|
||
serviceAccountAgent:
|
||
# -- Configures if an agent ServiceAccount should be created
|
||
create: false
|
||
|
||
# If not set and create is true, a name is generated using the fullname template
|
||
# -- The name of the agent ServiceAccount to be used by access-controlled resources
|
||
name:
|
||
# -- Configures annotations for the agent ServiceAccount
|
||
annotations: {}
|
||
# -- Configures extra labels for the agent ServiceAccount
|
||
extraLabels: {}
|
||
# -- Agent ServiceAccount image pull secret
|
||
imagePullSecretName:
|
||
|
||
# -- Checks if any deprecated values are used
|
||
checkDeprecation: true
|
||
|
||
awsSecurityGroupPolicies:
|
||
enabled: false
|
||
policies:
|
||
- name: ""
|
||
securityGroupIds: []
|
||
podSelector: {}
|
||
|
||
# Here you can configure unit tests values when executing the helm unittest in the CONTRIBUTING.md
|
||
helmtest:
|
||
# A testing framework for bash
|
||
bats:
|
||
# Bash Automated Testing System (BATS)
|
||
image:
|
||
# -- Registry of the image used to test the framework
|
||
registry: "docker.io"
|
||
# -- Repository of the image used to test the framework
|
||
repository: "bats/bats"
|
||
# -- Tag of the image to test the framework
|
||
tag: "1.11.0"
|