-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
132 lines (132 loc) · 4.22 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# From dist/cloud-platform-v2/helm-chart/examples/eks-ssl-ingress-example.yaml
ingress-nginx:
Enabled: false
NetworkPolicy:
Enabled: true
OperationsCenter:
CasC:
Enabled: true
ExtraVolumes:
# - name: mc-casc-bundle
# configMap:
# name: mc-casc-bundle
- name: login
secret:
secretName: login
ExtraVolumeMounts:
# - name: mc-casc-bundle
# mountPath: /var/jenkins_home/jcasc-bundles-store/mc
# readOnly: true
- name: login
mountPath: /var/login
readOnly: true
License:
Evaluation:
Enabled: true
FirstName: Developer
LastName: of CloudBees
Email: [email protected]
Company: CloudBees
# end from tests/cloudbees-replication/demo/values.yaml
Platform: eks
Protocol: https # Added from values-https.yaml
Ingress:
Class: alb
Annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
# Added from values-https.yaml
alb.ingress.kubernetes.io/aws-load-balancer-backend-protocol: "http"
alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports: "https"
alb.ingress.kubernetes.io/aws-load-balancer-ssl-cert: "$ALB_ACM_CERTIFICATE_ARN"
alb.ingress.kubernetes.io/inbound-cidrs: 34.73.99.37/32,149.12.71.96/27,151.181.197.0/25,154.51.64.64/27,167.98.195.240/28,167.98.200.192/27,195.95.131.0/24,203.63.83.64/27,209.146.32.224/27,210.8.164.160/27,34.255.23.234/32,38.98.162.224/27,38.99.30.0/25,5.148.32.192/26,5.148.69.16/28,5.148.8.192/26,50.207.126.192/27,62.116.201.80/28,72.138.73.192/27,75.87.16.64/27
JavaOpts: >-
-Djenkins.security.SystemReadPermission=true
-Djenkins.security.ManagePermission=true
-Dcom.cloudbees.masterprovisioning.kubernetes.KubernetesMasterProvisioning.ingressClass=alb
Hibernation:
Enabled: true
SecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Agents:
SeparateNamespace:
Enabled: true
Create: true
ContainerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
SecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- all
# ### From tests/cloudbees-replication/demo/values.yaml
# cbci:
# OperationsCenter:
# CasC:
# Enabled: true
# JavaOpts: >-
# -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005
# -Dcom.cloudbees.jce.masterprovisioning.DockerImageDefinitionConfiguration.masterImageName=
# -Dcom.cloudbees.opscenter.clouds.kubernetes.KubernetesConfiguration.autoconfigure=false
# ExtraVolumes:
# - name: login
# secret:
# secretName: login
# ExtraVolumeMounts:
# - name: login
# mountPath: /var/login
# readOnly: true
# License:
# Evaluation:
# Enabled: true
# Hibernation:
# Enabled: true
# Protected: true
# Agents:
# SeparateNamespace:
# Enabled: true
# Create: true
# NetworkPolicy:
# Enabled: true
# gitDaemonImage: null
# rwxStorageClassName: null
# controllerJavaOpts: null
# replication:
# replicas: 2
# maxReplicas: 5
# targetCPUUtilizationPercentage: 50
# # optional preconfiguration of GitHub
# github:
# # if you want to define App credentials, set this and also create secrets/github-app with the field privateKey in PKCS #8 (hint: openssl pkcs8 -topk8 -nocrypt -in downloaded-key.pem)
# appID: null
# # if using GitHub Enterprise, set to e.g. https://github.mycompany.com/api/v3
# apiUri: null
# # if you want to preconfigure a Pipeline library, set this to e.g. https://github.mycompany.com/myorg/mylib
# library: null
# libraryBranch: master
# # Optional configuration of GCP to allow use of GCE VM agents.
# # Create the image: packer build -var project=… -var region=… -var zone=… gce
# # Grant roles/compute.instanceAdmin & roles/compute.networkAdmin to a GSA bound to the controller:
# # cbci:
# # rbac:
# # masterServiceAccountAnnotations:
# # iam.gke.io/gcp-service-account: …
# gcp:
# project: null
# region: null
# zone: null
# enableSolo: true
# # Set to true to avoid loading plugins from the update center.
# airgapped: false