KubeZero/charts/kubezero-ci
2023-08-03 15:18:01 +00:00
..
templates feature: kubezero-ci drop GoCD, latest Gitea, add Renovate 2023-08-03 15:18:01 +00:00
Chart.yaml feature: kubezero-ci drop GoCD, latest Gitea, add Renovate 2023-08-03 15:18:01 +00:00
dashboard-gitea.yaml V1.24 beta, metrics updates, minor tweaks and fixes 2023-01-11 12:08:18 +00:00
dashboard-jenkins.yaml V1.24 beta, metrics updates, minor tweaks and fixes 2023-01-11 12:08:18 +00:00
README.md feat: remove legacy taint master 2023-07-04 15:28:12 +00:00
README.md.gotmpl Add some docs for verdaccio auth 2023-05-11 17:10:09 +01:00
update.sh V1.24 beta, metrics updates, minor tweaks and fixes 2023-01-11 12:08:18 +00:00
values.yaml feature: kubezero-ci drop GoCD, latest Gitea, add Renovate 2023-08-03 15:18:01 +00:00

kubezero-ci

Version: 0.6.3 Type: application

KubeZero umbrella chart for all things CI

Homepage: https://kubezero.com

Maintainers

Name Email Url
Stefan Reimer stefan@zero-downtime.net

Requirements

Kubernetes: >= 1.24.0

Repository Name Version
https://aquasecurity.github.io/helm-charts/ trivy 0.7.0
https://cdn.zero-downtime.net/charts/ kubezero-lib >= 0.1.6
https://charts.jenkins.io jenkins 4.3.24
https://dl.gitea.io/charts/ gitea 8.3.0
https://gocd.github.io/helm-chart gocd 1.40.8

Jenkins

  • default build retention 10 builds, 32days
  • memory request 1.25GB
  • dark theme
  • trivy scanner incl. HTML reporting and publisher

goCD

Gitea

Verdaccio

Authentication sealed-secret

htpasswd -n -b -B -C 4 <username> <password> | kubeseal --raw --namespace verdaccio --name verdaccio-htpasswd

Resources

JVM tuning in containers

Values

Key Type Default Description
gitea.enabled bool false
gitea.gitea.admin.existingSecret string "gitea-admin-secret"
gitea.gitea.config.cache.ADAPTER string "memory"
gitea.gitea.config.database.DB_TYPE string "sqlite3"
gitea.gitea.demo bool false
gitea.gitea.metrics.enabled bool false
gitea.gitea.metrics.serviceMonitor.enabled bool true
gitea.image.rootless bool true
gitea.istio.enabled bool false
gitea.istio.gateway string "istio-ingress/private-ingressgateway"
gitea.istio.url string "git.example.com"
gitea.mariadb.enabled bool false
gitea.memcached.enabled bool false
gitea.mysql.enabled bool false
gitea.persistence.enabled bool true
gitea.persistence.size string "4Gi"
gitea.postgresql.enabled bool false
gitea.resources.limits.memory string "2048Mi"
gitea.resources.requests.cpu string "150m"
gitea.resources.requests.memory string "320Mi"
gitea.securityContext.allowPrivilegeEscalation bool false
gitea.securityContext.capabilities.add[0] string "SYS_CHROOT"
gitea.securityContext.capabilities.drop[0] string "ALL"
gocd.enabled bool false
gocd.istio.enabled bool false
gocd.istio.gateway string "istio-ingress/private-ingressgateway"
gocd.istio.url string ""
gocd.server.ingress.enabled bool false
gocd.server.service.type string "ClusterIP"
jenkins.agent.annotations."container.apparmor.security.beta.kubernetes.io/jnlp" string "unconfined"
jenkins.agent.containerCap int 2
jenkins.agent.customJenkinsLabels[0] string "podman-aws-trivy"
jenkins.agent.idleMinutes int 15
jenkins.agent.image string "public.ecr.aws/zero-downtime/jenkins-podman"
jenkins.agent.podName string "podman-aws"
jenkins.agent.podRetention string "Default"
jenkins.agent.resources.limits.cpu string ""
jenkins.agent.resources.limits.memory string ""
jenkins.agent.resources.requests.cpu string ""
jenkins.agent.resources.requests.memory string ""
jenkins.agent.showRawYaml bool false
jenkins.agent.tag string "v0.4.2"
jenkins.agent.yamlMergeStrategy string "merge"
jenkins.agent.yamlTemplate string "apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n requests:\n cpu: \"512m\"\n memory: \"1024Mi\"\n limits:\n cpu: \"4\"\n memory: \"6144Mi\"\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"
jenkins.controller.JCasC.configScripts.zdt-settings string "jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"
jenkins.controller.disableRememberMe bool true
jenkins.controller.enableRawHtmlMarkupFormatter bool true
jenkins.controller.initContainerResources.limits.memory string "1024Mi"
jenkins.controller.initContainerResources.requests.cpu string "50m"
jenkins.controller.initContainerResources.requests.memory string "256Mi"
jenkins.controller.installPlugins[0] string "kubernetes:3937.vd7b_82db_e347b_"
jenkins.controller.installPlugins[10] string "build-discarder:139.v05696a_7fe240"
jenkins.controller.installPlugins[11] string "dark-theme:315.va_22e7d692ea_a"
jenkins.controller.installPlugins[1] string "workflow-aggregator:581.v0c46fa_697ffd"
jenkins.controller.installPlugins[2] string "git:5.1.0"
jenkins.controller.installPlugins[3] string "basic-branch-build-strategies:71.vc1421f89888e"
jenkins.controller.installPlugins[4] string "pipeline-graph-view:183.v9e27732d970f"
jenkins.controller.installPlugins[5] string "pipeline-stage-view:2.32"
jenkins.controller.installPlugins[6] string "configuration-as-code:1647.ve39ca_b_829b_42"
jenkins.controller.installPlugins[7] string "antisamy-markup-formatter:159.v25b_c67cd35fb_"
jenkins.controller.installPlugins[8] string "prometheus:2.2.3"
jenkins.controller.installPlugins[9] string "htmlpublisher:1.31"
jenkins.controller.javaOpts string "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
jenkins.controller.jenkinsOpts string "--sessionTimeout=300 --sessionEviction=10800"
jenkins.controller.prometheus.enabled bool false
jenkins.controller.resources.limits.memory string "4096Mi"
jenkins.controller.resources.requests.cpu string "250m"
jenkins.controller.resources.requests.memory string "1280Mi"
jenkins.controller.tag string "alpine-jdk17"
jenkins.controller.testEnabled bool false
jenkins.enabled bool false
jenkins.istio.agent.enabled bool false
jenkins.istio.agent.gateway string "istio-ingress/private-ingressgateway"
jenkins.istio.agent.url string "jenkins-agent.example.com"
jenkins.istio.enabled bool false
jenkins.istio.gateway string "istio-ingress/private-ingressgateway"
jenkins.istio.url string "jenkins.example.com"
jenkins.istio.webhook.enabled bool false
jenkins.istio.webhook.gateway string "istio-ingress/ingressgateway"
jenkins.istio.webhook.url string "jenkins-webhook.example.com"
jenkins.persistence.size string "4Gi"
jenkins.rbac.readSecrets bool true
jenkins.serviceAccountAgent.create bool true
jenkins.serviceAccountAgent.name string "jenkins-podman-aws"
trivy.enabled bool false
trivy.image.tag string "0.42.0"
trivy.persistence.enabled bool true
trivy.persistence.size string "1Gi"
trivy.rbac.create bool false