gocd: enabled: false server: service: type: "ClusterIP" ingress: enabled: false istio: enabled: false gateway: istio-ingress/private-ingressgateway url: "" # gocd.example.com gitea: enabled: false image: tag: 1.17.0 rootless: true securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - SYS_CHROOT persistence: enabled: true size: 4Gi gitea: admin: existingSecret: gitea-admin-secret # Enable to install demo creds demo: false metrics: enabled: false serviceMonitor: enabled: false config: database: DB_TYPE: sqlite3 cache: ADAPTER: memory memcached: enabled: false postgresql: enabled: false mysql: enabled: false mariadb: enabled: false istio: enabled: false gateway: istio-ingress/private-ingressgateway url: git.example.com jenkins: enabled: false controller: tag: 2.356-alpine-jdk17 #tagLabel: alpine disableRememberMe: true prometheus: enabled: false testEnabled: false enableRawHtmlMarkupFormatter: true javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\"" jenkinsOpts: "--sessionTimeout=180 --sessionEviction=3600" resources: requests: cpu: "250m" memory: "1280Mi" limits: cpu: "2000m" memory: "4096Mi" initContainerResources: requests: cpu: "50m" memory: "256Mi" limits: cpu: "1000m" memory: "1024Mi" JCasC: configScripts: zdt-settings: | jenkins: noUsageStatistics: true disabledAdministrativeMonitors: - "jenkins.security.ResourceDomainRecommendation" unclassified: buildDiscarders: configuredBuildDiscarders: - "jobBuildDiscarder" - defaultBuildDiscarder: discarder: logRotator: artifactDaysToKeepStr: "32" artifactNumToKeepStr: "10" daysToKeepStr: "100" numToKeepStr: "10" installPlugins: - kubernetes:3651.v908e7db_10d06 - workflow-aggregator:581.v0c46fa_697ffd - git:4.11.3 - configuration-as-code:1466.v2d4119502006 - antisamy-markup-formatter:2.7 - prometheus:2.0.11 - htmlpublisher:1.30 - build-discarder:60.v1747b0eb632a - dark-theme:185.v276b_5a_8966a_e serviceAccountAgent: create: true name: jenkins-podman-aws # Preconfigure agents to use zdt podman requires fuse/overlayfs agent: image: public.ecr.aws/zero-downtime/jenkins-podman tag: v0.3.2 resources: requests: cpu: "512m" memory: "1024Mi" limits: cpu: "4" memory: "6144Mi" #alwaysPullImage: true podRetention: "Default" showRawYaml: false podName: "podman-aws" customJenkinsLabels: - podman-aws-trivy idleMinutes: 10 containerCap: 2 annotations: container.apparmor.security.beta.kubernetes.io/jnlp: unconfined # envVars: # - name: AWS_WEB_IDENTITY_TOKEN_FILE # value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" # - name: AWS_STS_REGIONAL_ENDPOINTS # value: regional # - name: AWS_ROLE_ARN # value: "" yamlMergeStrategy: "merge" yamlTemplate: |- apiVersion: v1 kind: Pod spec: securityContext: fsGroup: 1000 serviceAccountName: jenkins-podman-aws containers: - name: jnlp resources: limits: github.com/fuse: 1 volumeMounts: - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true volumes: - name: aws-token projected: sources: - serviceAccountToken: path: token expirationSeconds: 86400 audience: "sts.amazonaws.com" persistence: size: "4Gi" istio: enabled: false gateway: istio-ingress/private-ingressgateway url: jenkins.example.com # Dedicated VirtualService for webhooks webhook: enabled: false gateway: istio-ingress/ingressgateway url: jenkins-webhook.example.com # Remote Agents agent: enabled: false gateway: istio-ingress/private-ingressgateway url: jenkins-agent.example.com trivy: enabled: false persistence: enabled: true size: 1Gi rbac: create: false pspEnabled: false