gitea: enabled: false #image: #tag: 1.17.4 #rootless: true repliaCount: 1 # We use RWO persistence strategy: type: "Recreate" # Since V9 they default to RWX and deployment, we default to old existing RWO from statefulset persistence: enabled: true mount: true create: false #claimName: size: 4Gi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - SYS_CHROOT resources: requests: cpu: "150m" memory: "320Mi" limits: memory: "2048Mi" gitea: admin: existingSecret: gitea-admin-secret # Enable to install demo creds demo: false metrics: enabled: false serviceMonitor: enabled: true config: database: DB_TYPE: sqlite3 cache: ADAPTER: memory session: PROVIDER: memory queue: TYPE: level redis-cluster: enabled: false postgresql-ha: enabled: false postgresql: enabled: false istio: enabled: false gateway: istio-ingress/private-ingressgateway url: git.example.com jenkins: enabled: false controller: tag: alpine-jdk17 #tagLabel: alpine disableRememberMe: true prometheus: enabled: false testEnabled: false enableRawHtmlMarkupFormatter: true javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\"" jenkinsOpts: "--sessionTimeout=300 --sessionEviction=10800" resources: requests: cpu: "250m" memory: "1280Mi" limits: #cpu: "2000m" memory: "4096Mi" initContainerResources: requests: cpu: "50m" memory: "256Mi" limits: #cpu: "1000m" memory: "1024Mi" JCasC: configScripts: zdt-settings: | jenkins: noUsageStatistics: true disabledAdministrativeMonitors: - "jenkins.security.ResourceDomainRecommendation" unclassified: buildDiscarders: configuredBuildDiscarders: - "jobBuildDiscarder" - defaultBuildDiscarder: discarder: logRotator: artifactDaysToKeepStr: "32" artifactNumToKeepStr: "10" daysToKeepStr: "100" numToKeepStr: "10" installPlugins: - kubernetes:3985.vd26d77b_2a_48a_ - kubernetes-credentials-provider:1.225.v14f9e6b_28f53 - workflow-aggregator:581.v0c46fa_697ffd - git:5.2.0 - basic-branch-build-strategies:81.v05e333931c7d - pipeline-graph-view:183.v9e27732d970f - pipeline-stage-view:2.33 - configuration-as-code:1670.v564dc8b_982d0 - antisamy-markup-formatter:162.v0e6ec0fcfcf6 - prometheus:2.2.3 - htmlpublisher:1.32 - build-discarder:139.v05696a_7fe240 - dark-theme:336.v02165cd8c2ee serviceAccountAgent: create: true name: jenkins-podman-aws # Preconfigure agents to use zdt podman requires fuse/overlayfs agent: image: public.ecr.aws/zero-downtime/jenkins-podman tag: v0.4.3 #alwaysPullImage: true podRetention: "Default" showRawYaml: false podName: "podman-aws" customJenkinsLabels: - podman-aws-trivy idleMinutes: 15 containerCap: 2 annotations: container.apparmor.security.beta.kubernetes.io/jnlp: unconfined resources: requests: cpu: "" memory: "" limits: cpu: "" memory: "" # envVars: # - name: AWS_WEB_IDENTITY_TOKEN_FILE # value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" # - name: AWS_STS_REGIONAL_ENDPOINTS # value: regional # - name: AWS_ROLE_ARN # value: "" yamlMergeStrategy: "merge" yamlTemplate: |- apiVersion: v1 kind: Pod spec: securityContext: fsGroup: 1000 serviceAccountName: jenkins-podman-aws containers: - name: jnlp resources: requests: cpu: "512m" memory: "1024Mi" limits: cpu: "4" memory: "6144Mi" github.com/fuse: 1 volumeMounts: - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true - name: host-registries-conf mountPath: "/home/jenkins/.config/containers/registries.conf" readOnly: true volumes: - name: aws-token projected: sources: - serviceAccountToken: path: token expirationSeconds: 86400 audience: "sts.amazonaws.com" - name: host-registries-conf hostPath: path: /etc/containers/registries.conf type: File rbac: readSecrets: true persistence: size: "4Gi" istio: enabled: false gateway: istio-ingress/private-ingressgateway url: jenkins.example.com # Dedicated VirtualService for webhooks webhook: enabled: false gateway: istio-ingress/ingressgateway url: jenkins-webhook.example.com # Remote Agents agent: enabled: false gateway: istio-ingress/private-ingressgateway url: jenkins-agent.example.com trivy: enabled: false image: tag: 0.42.0 persistence: enabled: true size: 1Gi rbac: create: false renovate: enabled: false env: LOG_FORMAT: json cronjob: concurrencyPolicy: Forbid jobBackoffLimit: 3 schedule: "0 3 * * *" successfulJobsHistoryLimit: 1 securityContext: fsGroup: 1000