gitea: enabled: false #image: #tag: 1.17.4 #rootless: true repliaCount: 1 # We use RWO persistence strategy: type: "Recreate" # Since V9 they default to RWX and deployment, we default to old existing RWO from statefulset persistence: enabled: true mount: true create: false #claimName: size: 4Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - SYS_CHROOT resources: requests: cpu: "150m" memory: "320Mi" limits: memory: "2048Mi" gitea: admin: existingSecret: gitea-admin-secret # Enable to install demo creds demo: false metrics: enabled: false serviceMonitor: enabled: true config: database: DB_TYPE: sqlite3 cache: ADAPTER: memory session: PROVIDER: memory queue: TYPE: level redis-cluster: enabled: false postgresql-ha: enabled: false postgresql: enabled: false istio: enabled: false gateway: istio-ingress/private-ingressgateway url: git.example.com jenkins: enabled: false controller: tag: alpine-jdk17 #tagLabel: alpine disableRememberMe: true prometheus: enabled: false testEnabled: false enableRawHtmlMarkupFormatter: true javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\"" jenkinsOpts: "--sessionTimeout=300 --sessionEviction=10800" resources: requests: cpu: "250m" memory: "1280Mi" limits: #cpu: "2000m" memory: "4096Mi" initContainerResources: requests: cpu: "50m" memory: "256Mi" limits: #cpu: "1000m" memory: "1024Mi" JCasC: configScripts: zdt-settings: | jenkins: noUsageStatistics: true disabledAdministrativeMonitors: - "jenkins.security.ResourceDomainRecommendation" appearance: themeManager: disableUserThemes: true theme: "dark" unclassified: buildDiscarders: configuredBuildDiscarders: - "jobBuildDiscarder" - defaultBuildDiscarder: discarder: logRotator: artifactDaysToKeepStr: "32" artifactNumToKeepStr: "10" daysToKeepStr: "100" numToKeepStr: "10" installPlugins: - kubernetes - kubernetes-credentials-provider - workflow-aggregator - git - basic-branch-build-strategies - pipeline-graph-view - pipeline-stage-view - configuration-as-code - antisamy-markup-formatter - prometheus - htmlpublisher - build-discarder - dark-theme - matrix-auth serviceAccountAgent: create: true name: jenkins-podman-aws # Preconfigure agents to use zdt podman requires fuse/overlayfs agent: image: public.ecr.aws/zero-downtime/jenkins-podman tag: v0.4.5 #alwaysPullImage: true podRetention: "Default" showRawYaml: false podName: "podman-aws" customJenkinsLabels: - podman-aws-trivy idleMinutes: 30 containerCap: 2 resources: requests: cpu: "" memory: "" limits: cpu: "" memory: "" # envVars: # - name: AWS_WEB_IDENTITY_TOKEN_FILE # value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" # - name: AWS_STS_REGIONAL_ENDPOINTS # value: regional # - name: AWS_ROLE_ARN # value: "" yamlMergeStrategy: "merge" yamlTemplate: |- apiVersion: v1 kind: Pod spec: securityContext: fsGroup: 1000 serviceAccountName: jenkins-podman-aws containers: - name: jnlp resources: requests: cpu: "512m" memory: "1024Mi" limits: cpu: "4" memory: "6144Mi" github.com/fuse: 1 volumeMounts: - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true - name: host-registries-conf mountPath: "/home/jenkins/.config/containers/registries.conf" readOnly: true volumes: - name: aws-token projected: sources: - serviceAccountToken: path: token expirationSeconds: 86400 audience: "sts.amazonaws.com" - name: host-registries-conf hostPath: path: /etc/containers/registries.conf type: File rbac: readSecrets: true persistence: size: "4Gi" istio: enabled: false gateway: istio-ingress/private-ingressgateway url: jenkins.example.com # Dedicated VirtualService for webhooks webhook: enabled: false gateway: istio-ingress/ingressgateway url: jenkins-webhook.example.com # Remote Agents agent: enabled: false gateway: istio-ingress/private-ingressgateway url: jenkins-agent.example.com trivy: enabled: false image: tag: 0.45.1 persistence: enabled: true size: 1Gi rbac: create: false renovate: enabled: false env: LOG_FORMAT: json cronjob: concurrencyPolicy: Forbid jobBackoffLimit: 3 schedule: "0 3 * * *" successfulJobsHistoryLimit: 1 securityContext: fsGroup: 1000